Monday, October 13, 2014

What is Malware?

fake-antivirus-scam


Malware, is a portmanteau of the words malicious and software. Often times Malware is associated with spyware and viruses, but can also be used as a means of transporting spyware or viruses onto a computer. Malware is usually installed onto a computer unknowingly to the “end user”, or person using the computer, through security vulnerabilities in a web browser. Other times the malicious software is designed to look and feel like regular software (a Trojan horse), like Antivirus, but then attacks the computer when ready. Here are a few ways that attackers use malware to their advantage.

Keyloggers: Malware can be used to hide a program that records all the keys pressed on your keyboard and then transmit the data to the attacker unknowingly to the end user. Attackers use this to get credit card information, usernames, passwords, and anything else that you can imagine that you type on a computer.

Botnets: A botnet is an infected computer that can be utilized by an attacker how and when they choose. Attackers use botnets to use computer resources, CPU power, memory or bandwidth, for attacking other computers. With a chain of computer resources at their power, attackers can shut down a website by flooding it with requests, called denial of service attack, or to use CPU power for cracking passwords or other malicious intent. The end user in these scenarios are usually not aware that their computer is infected or being used for malicious purposes, but they may notice a slowdown of internet speed or processing power.

Scareware: Some attackers use malware as annoyances to force an end user to pay the attacker to stop the annoyance, or to steal the end users information. This is probably the most commonly seen type of malware, because it is most notably found by having pop ups or system sluggishness all the time. Attackers like to disguise this type of malware as antivirus programs (antivirus 2009, crytolocker, etc…) or spyware programs to deceive the end user into believing that their computer is infected with a virus so that they will purchase the program to remove it. Once purchased, the malware then silently sits and either collects data or waits until the key expires to pop up again. The attackers then gain the credit card information that they can sell or use, plus your money for the purchase.

The two most common ways to get malware is by security vulnerabilities on the computer or by accidental acceptance by the end user. Microsoft, and most third party vendors, send out security patches to fix security holes regularly. Not installing these patches in a timely manner may allow an attacker to bypass security permissions and install applications without the consent of the user. The accidental acceptance usually comes in the form of a browser pop up that deceives the end user (i.e. Your computer is infected, click here to scan now) by mimicking common antivirus software, windows explorer, or that looks like a legitimate program.

Preventive measures for not acquiring malware is to be sure to keep your operating system and browsers up to date with automatic updates and by understanding ways that attackers use to deceive the end user. Be sure to have up to date antivirus software that is not expired.

Most antivirus software will not detect malware until it has already infected the system and does a poor job of removing it. In my IT experience, I have found a program that does a really good job at detecting and removing malware programs, and that is Malware Bytes. The program is free for detection and removal, and they offer a paid version (Subscription based, used to be a one-time lifetime license that you may still be able to get off Amazon) for doing real time detection and updating so that it is hands free for the end user. I recommend installing it on any computer running Microsoft Windows and doing regular scans as malware today has infected over one in four U.S. computers. (Statistic according to the Organization for Economic Co-operation and Development)

 

Information derived from multiple sources:

Monday, October 6, 2014

Backing up Important Data

During my first few months working as an IT Professional I really started to see the need for backing up files. I never realized how easily years of pictures could be lost because of a hard drive failure. That really got me thinking about backup solutions and what would be best for us as a family. We currently keep digitally pictures, some term papers from school, and most importantly all my work data. I thought about how devastating it would be to lose that data, and what I would have to tell the customers or even my kids when they grew up about their childhood pictures growing up. So now that I realized I had a need for a backup solution, I started trying to figure out what I wanted.There are two different types of backup solutions that I’d like to cover for the home user. The first one is backing up to a second hard drive. The other is an online (cloud) backup that is usually done with a third party backup provider or a hosting account. I will try to go over the benefits and downfalls of each, and give a few recommendations.














wpid-211-rFEAasL._SL500_SS100_-2014-10-6-21-00.jpgwpid-31XwhHrJsSL._AA160_-2014-10-6-21-00.jpg
(Apple Time Capsule, 2TB)(External Hard Drives ranging from $60+)

Backing up to a second hard drive within the home has many benefits. First is the security aspect, you know at all times where the hard drive is, whether internal to the computer or external. The internal gives you the ability to save your PC from hard drive crashes and your files will be there for restoration. However, if someone steals your PC or your house burns down or is water damaged, you have the potential of losing all your data. The external gives you the same ability to save your data but you get extra security or safe measures because you can lock them up in fireproof safes or a safe deposit box between backups. This is one of the most secure methods, and is recommended if you do not have high speed internet, worried about privacy, or just have a large amount of files (10gb+) that need to be backed up and regularly changed.

wpid-header-mozy-logo-2014-10-6-21-00.png
Online backups are awesome, if you have high speed internet, for three reasons. One, if something happens to your PC (fire, water, damage) your files are still accessible using any computer usually via a website. Two, your data is also backed up on someone else’s server so it’s potentially like having three backups. Three, usually it requires little to no intervention from the user and happens behind the scenes. Also for personal users, most of these backup hosting companies offer a small amount of space (usually around 2 GB) free of charge. They do this hoping to wrap you into backing up more files to purchase better plans.The down sides are that even with high speed internet, it can take a good amount of time and bandwidth to send the initial backup. Also, after a major crash, it could take hours to completely download your entire backup again. On the up side to this one, most backup companies now offer an overnight or 2-3 day shipping on DVD’s of your backup files. The most important downside is one that needs to be researched intensely beforehand, and that is, who is going to have access to the data while it is at the storage center.

For me, I used to use Mozy’s paid online backup, but due to my growing family and looking for ways to cut expenditures, I have recently changed to using an Apple Time Capsule for most of my documents, and Mozy with their free offering. I bought a previous version back to save money on my purchase. It doubles as my home wireless router and a network attached Storage so it doesn’t have to be shared from any single computer. My Mac computers backup to the device seamlessly using Time Machine and my Windows computers are mapped via a network drive and syncs files across. Mozy’s free service still provides all the same security aspects, and I highly recommend setting your own personal encryption key so that if someone hacks into your data, they can’t decrypt your files unless they are able to guess your key.

Monday, September 29, 2014

Help! My Email Account Was Hacked

I have had numerous friends, family, and coworkers asking me what they should do when their email account is suspected to be compromised. I sat down and started thinking about this, and while there are numerous things to look at depending on who your email provider is, they all share some features that should definitely be looked over. In this post, I am trying to create a checklist that any user could follow if their email account was hacked.
Stage 1

  1. Scan your computer for viruses or switch to another computer that you know is not infected.

    1. This is a precaution, as there are several different ways attackers can guess or retrieve your password, one of them is through viruses or keyloggers so it's always best to scan your computer before changing your password and giving the attacker your new password as well



  2. Change your email address password

  3. Change your security questions on your account

  4. Check any forwarding settings to verify that no emails are being forwarded that you have not set up

  5. Check any filters or rules that may interfere with certain types of emails

  6. Check your email signature and verify that no additional content has been added to it

  7. Verify there are no modifications to any automatic vacation responses

  8. Look through any additional settings that may be specific to your service provider not listed here

  9. Look through your deleted items and sent items and find any messages that may have been sent by the attacker or forwarded from your account to the attackers email address (highly unlikely but you never know)

  10. Send an email to everyone in your contact list, (most likely all were affected) notifying them that your account has been hacked and not to follow any links or instructions that was previously sent out

  11. Search your mail account for any emails that say "password" in it. You will need this in the next stage


 

Stage 2

  1. Write down all your accounts that used the same password as your email address above

    1. Include in this list the above emails that contained passwords to other accounts from above



  2. Every one of these passwords need to be changed and looked thoroughly through to verify that no security settings have been changed or modified

  3. It is best to use a different password for every account, and this can be easily tracked using third party software like 1Password. However, if you must remember every password, I would segregate into groups and separate passwords into the following three groups. This way, you only have to remember three passwords and if one of them gets hacked you are still safe from the other areas. Again, I do not recommend the grouping, but some people find it necessary to do it this way.

    1. Email Accounts

    2. Bank or Finance Accounts

    3. Other accounts (discussion boards, etc...)



  4. Start changing all your passwords and notify any vendors if you suspect suspicious activity with your account on their site. Especially any banking sites, like Paypal, or your Financial Institution.


 

Stage 3

  1. Email is not like what it used to be in the past, there are numerous other tools associated with it from the same company that uses your email address as its tool to access those. For instance, Google has a whole list of applications, like Picasa, Google Docs, Google Voice, etc…, and Live Mail has Skydrive, Mesh, Windows Live ID associated with EVERYTHING. This part is tedious, but the last step is to go through all these applications provided by your provider to see if anything looks like it might have been tampered with. For instance, if you have never used Picasa before, check to see that there are no pictures in there. If you use Google Docs or Office Web Apps, verify that there are no "sensitive data" that may have been compromised.