How to spot phishing emails and avoid malware infections

Security, ,
14
Jul 2015

Phishing

Do you know how to spot a phishing email? Phishing emails are not only a nuisance, but can also lead to theft. Our guide will show you how to spot them.

The term “phishing” is likened to the word fishing, which sounds almost the same and is used with the same notion to reel in some information such as a username/password or to hook you into taking some action via an unsolicited email. The aim of a phishing email is to “phish” a user by having them fall for the bait without initially realizing it.

Convincing phishing emails work well for the originator without raising too much suspicion to the end user.  So how does one avoid this? First, let’s understand the damage a phishing email can generate before we delve into how to spot one.

What harm can phishing emails cause?

There are two major risks that can result from opening up links or attachments from phishing emails.

  1. Many email authors aim to trick users into believing that they’ve been contacted by a legitimate company that may prompt them to visit a link which can lead to a fake website. This site may be a copy-cat site of a legitimate one, for instance a banking site, complete with a login screen. The spoof site then captures and records login credentials which can be used again by the originator of the dummy site.
  2. The email itself may pretend to pose as the legitimate company, such as a bank, prompting their targets to take action through their link. Usual email wording triggers the user to prompt some action such as “your account is suspended”, “update your information”, or even that an account has had “unauthorized access”. Anything which triggers panic or confusion is enough to get a user to follow through the phishing email’s instruction.

Such scams can lead users to give away their credentials, passwords, and private information, which can be used to steal their identity and money.

Many phishing emails also attempt to infect systems with malware. This is a common entry point for a large majority of infections at companies leading to infecting one’s computer system and network with nasty malware. The worst case scenario includes the malware holding a user’s data hostage in exchange for a ransom.

How to spot phishing scams

Below are usual signs of phishing email to watch out for.

  • Unrecognized sender. This is usually a big giveaway. If you don’t recognize the sender, treat it with suspicion. Even if the recipient appears with the same domain, always question this as clever phishing attacks can use the same company domain to trick users.
  • Unexpected emails. Unless you’re expecting an email from a company i.e. a delivery shipment notification, or a lottery win, treat this with suspicion. If unsure about a delivery shipment, contact the official company – acquiring their contact details through their official website.
  • Prompts to open up attachments. Avoid clicking any links or opening attachments.
  • Odd looking website addresses. Another clue to phishing emails are links in the email having suspicious website addresses, which can redirect you to a dodgy website.
  • Odd looking or out of place emails. If you’re able to look at the sender’s details, see what email address it displays. Most of the time their email domains will not match the company they claim to be from. For instance, an email claiming to be from your bank could have @yahoo.com domain. This is an obvious giveaway!
  • Impersonating institutions and companies. As mentioned earlier, be suspicious of so-called emails posing to be Banks, the IRS, Social Security Office and so forth. They rarely contact users through email. If in doubt, contact them directly and not through any telephone numbers given in the message.
  • Poorly written English and grammar. Many phishing emails contain poorly structured sentences and grammatical mistakes which sound like they’ve been written by a ten year old or a non-native English speaker.

Anatomy of Phishing-1

If ever you’re in doubt, don’t hesitate to notify your IT administrator who can help to block as many phishing emails as possible. Even if some manage to filter through, which does happen, put this guide into practice.

For more ways to secure your business systems and networks, contact your local IT professionals.

Read More

Summary of the NSA Malware Discovery

Security, ,
21
Jun 2015

nsa-malware-hard-drives-570

Security firm Kaspersky reveals malicious National Security Agency (NSA) malware hidden in drivers and firmware around the world. Read the summary here.

Kaspersky exposes NSA malware built into hard drives worldwide

Sitting on millions of hard drives across the globe lays a deep rooted NSA malware designed to spy on computer activity, which has also been noted to have done so for over a decade!  The NSA is responsible for gathering electronic intelligence on behalf of the U.S. government.

The majority of brands such as Seagate, Toshiba, Western Digital and many others, have had the tampered firmware built into their hard drives, according to the security software giant Kaspersky.

As many as 30 countries around the globe have the spyware infection implanted on their personal computers. Prime targets have been found to be military and government bodies, banks, energy companies, telecommunication firms and many others.

Most of the targets are from countries such as Afghanistan, Algeria, China, Mali, Mexico, Pakistan, Russia, Syria and Yemen; however it has been picked up in other western countries such as the UK, and parts of Europe.

The party behind all of this has been branded with the name “The equation Group”, who cleverly gained access to the various different firmware’s source code and cracked complex encryption algorithms. They’ve used their highly skilled ability to infect and access very specific targets.

Kaspersky has not named the firm responsible for all the spying operations. It’s believed to be strongly related to the Stuxnet attack which was led by the NSA. Stuxnet was a campaign designed to attack the uranium enrichment facility in Iran.

The Factors behind the Malware’s success

  • The malware, reported as a  dll file, is able to resist computer reformats and hard disk wipes in a ploy to reinfect the host.
  • Ironically, this has impressed Kaspersky Labs in the sense of a piece of hardware having the ability to cause re-infection to a pc. They described it as “ground-breaking technology”.
  • The malware was coded into the hard drive’s firmware, which is the software that allows it (the hardware) to run. For instance, when a computer is switched on it’ll access the firmware to talk to hard drives and other system hardware.
  • In the case of the dll file, a computer will end up getting re-infected as the firmware is needed to use the hard drives.
  • The spy program could work on any hard disk currently sold on the market.

How did it get there in the first place?

NSA-Listens-Shirtmock

It begs the question as to how such malware could have been embedded into the firmware of so many hard drives and to the majority of hard drive companies in the first place?
According to Kaspersky’s director, Costin Raiu, the makers of the spyware must have been able to have had access to the actual source code of each and every infected hard drive. The source code holds the structure, and when in the hands of a third party programmer, this can permit vulnerabilities to be identified and used to harbor malware within it and used for attack.

Raiu continued to add, that’s there’s little chance for the hard drive firmware to be rewritten by just anyone with the use of public information.

Most hard drive companies would not officially disclose whether or not they’ve allowed any such NSA agency officials to access the source code. However Western Digital, Seagate and Micron spokesmen have stated that they have not allowed their source code to be tampered with and take security very seriously.

Despite this, it is still possible for undercover NSA coders to have been employed by any given hard drive manufacturer over a decade ago or disguised as software developers to acquire the source code. It is also likely for hard disk code evaluations to have been requested on behalf of the Pentagon. All are theories of how social engineering could have been part of “the equation”.

This has now made many corporate giants, like Google and others in the US, rethink who could have attacked them back in 2009, which was originally pinned on China.

Evidence exists of hackers having reached the source code from various large American technology and defense corporations, according to reports from investigators.

For more ways to secure your data and systems, contact your local IT professionals.

Read More

CryptoWall: Advanced Ransom Malware

Security, ,
04
May 2015

ransomware-161113CryptoWall 3.0, a new variant of the Cryptolocker ransom-ware virus is out causing problems to many businesses. Learn how it works and how to prevent it.

Discovered in late February 2015, CryptoWall 3.0 works very much like the previous versions of this virus, however its strategy to infect systems is somewhat different..

How CryptoWall 3.0 works

  • When the infected file containing CryptoWall 3.0 is opened, the malicious program encrypts all files that it finds mapped over the network.
  • Files become encrypted and unreadable.
  • Only the perpetrator can unlock the code to make it readable again.
  • Once it finishes encrypting all files, it asks for a ransom of around $500USD.
  • This amount is expected to be paid in Bitcoin currency, which is a universal currency used around the world.

Point of entry and identification

CryptoWall 3.0 employs social engineering tactics via phishing emails. These come through with attachments disguised as an “incoming fax report” displaying the same domain as the one the user is on creating a false sense of trust by making them believe it is a legitimate document. Once opened, Cryptowall picks up all mapped drives identified from the host machine it infects and encrypts all of the contents on it as well as the data on the mapped drives.

CryptoWall 3.0 uses .chm attachments, which is a type of compressed file used for user manuals within software applications. Since .chm is an extension of HTML, this allows the files to be very interactive with different types of media such as images, hyperlinked table of contents and so forth. It also uses JavaScript to allow the attack to send users to any website on the Internet, which occurs when a user opens up the malicious .chm file.
Once the file is opened, the attack automatically runs its course.

CryptoWall: More than meets the eye

rouge

Ransom Malware bas been evolving since the first wave of Cryptolocker attacks back in September 2013, which had netted the virus writers over $27,000,000 from claiming ransom money within only a few months of the Cryptolocker operation. Attacks are happening all over the world with detections in Europe, the UK, the US and in Australia.
The sophisticated Cryptolocker and CryptoWall attacks also use botnets, which is a wide network of compromised machines, to be the originators of the attack. Aside from speeding up distribution of the virus, it allows anonymity for the virus writers.

How to prevent CryptoWall 3.0

For more ways to stay protected and safeguard your network, contact your local IT professionals.

Read More

Microsoft Security Essentials Has Little Effect

Security, Uncategorized, ,
26
Mar 2015

microsoft-security-essentials

Microsoft Security Essentials is not as effective as you may think. Here’s a summary of the last two AV testing evaluations carried out by AV-Test.org.

There mare any anti-virus programs available to install, some are free, like Microsoft Security Essentials (MSE) and others, like Trend Micro, Kaspersky and the like are paid with free versions available providing less features such as real time scanning.

Are paid ones any better than free AVs? A better option is to run Malwarebytes. We’ll conclude a little later.

AV-Test Results

AV-Test.org is an is an independent test center based in Germany  where they  carry out tests to evaluate which anti viruses can withstand a variety of malware. This particular test involved approximately 12,327 different malware, along with 153 emulated zero-day attacks, on Windows 7 machines.

Out of the 28 tested AV programs tested, Microsoft fared poorly by failing to protect its own operating system. In fact it came in last compared to all their 27 competitors.  These tests were carried out in December 2014 and they measured usability, performance and protection, which resulted in classifications.

This is not the first time Microsoft came last here.  They’ve also come last in the previous run of tests in 2013. They had gained top marks for MSE usability and were above averaged in performance but scored a big fat zero in the most critical part, to protect against malware!

Microsoft’s Perspective

In defense of Microsoft’s AV-test results, Joe Blackbird, representing Microsoft, wrote in a blog about it. He spoke out against the malware attacks tested by AV-Test, and stated that they’re unlikely to occur in the wild to pose a major risk to users. To support his statement, he mentioned that 94% of the samples carried out in the test were not picked up by MSE and didn’t even end up infecting their systems, hence not posing a serious risk.

Overall, Microsoft has made it clear that the AV-test results in the past does things differently as opposed to prioritizing their protection based on actual real malware threats.

Are paid anti-virus programs any better than the free ones?antivirus

Based on AV-test results, it seems like it’s highly likely. However, not all paid solutions offer the best protection. For instance, McAfee Internet Security is a paid solution and it was not far off from being the worst in protecting from the list of Malware threats. They were next to last on the list, with being only slightly better than MSE.

The highest rated AV from the test results to offer the best protection against malware attacks is Kaspersky, which happens to be a paid solution.

You do not need to necessarily go out and spend money on an AV. However, if you do run MSE, a better option is to run Malwarebytes, which is effective and free.

For more ways to secure your data and systems, contact your local IT professionals.

Read More

What is browser hijacking and why is it so common?

Security, ,
22
Mar 2015

Major-Browsers

Browser hijacking is very common nowadays. Whilst it may not seem like a trivial issue at first, it can turn into a big nightmare!  Read on to find out why.

What is browser hijacking?

Browser hijacking occurs when a web browser is taken over by an unauthorized program, which runs without the user’s permission. We’ll outline three factors as to why it’s common.

  1. Homepage is taken over
    Automated changes are made to the browser’s settings, which usually leads it to replace the current homepage settings with its own designated search page.
  2. Tracks browsing habits
    The aim of such hijacking is to spy on your browser activity and record your personal information.  This information is then sold to advertisers.
  3. Forces users to search through a specific search engine
    Searching through an unknown search page will allow your data to be tracked. Web page redirection may also happen over to a website in order to make money from visitors by presenting search results from paid advertisers.

Some web browser hijacking can be easily cleared, whilst others can persistently remain on your system and reappear even after any attempts at clearing it.

How does browser hijacking happen?

 

No ads when browsing the internet

Many such hijacking programs present themselves as an offer on a website or are commonly bundled with free software. They are designed to trick people into installing browser hijacking programs. This strategy can also invite additional malware to become installed onto the system, creating further problems, to only end up with a heavily infected computer.

Some examples of hijacking browsers, from hundreds and thousands out there, include:

  • Astromenda Search
  • TV Wizard
  • Onewebsearch
  • CoolWebSearch
  • Conduit Search
  • Coupon server

A truly infected computer will open the doors to a barrage of undesirable hacker activity, which is why this problem should be addressed ASAP.

How to prevent browser hijacking

The main causes of browser hijacks to originate from free software download sites and from advertising. These downloads and malicious ads bundle spyware and, what we like to state as, “pretend-ware” – useless programs.

Even “trusted” vendors who offer free software may include unwanted software to be installed by default. Therefore we suggest being extra vigilant and follow our advice, which we’ll disclose later on.

Examples of added software may include, for instance, search tool bars, pc cleaners, registry fixers, and even nastier programs such as other Trojans and viruses.
What is deemed as “free” will eventually come at the cost of the user, who contrary to what most people think, is the desired product! To elaborate further on this, it’s actually people and their information that are worth a lot more than free software. The ones who fair the best are the companies behind it all, and that’s why freeware is free- it’s the incentive to attract people.

There seems to be a fine line between what is considered acceptable and what is, to put it in other words, criminal activity.

If downloading Freeware is a must …

hijack1-e1269202797108-670x670

For more ways to secure your data and systems, contact your local IT professionals.

Read More
1 26 27 28 29 30 31