How Did I Become Infected? – Part Three

Posted on March 25, 2010 by khulen

– Anatomy of a Twitter attack

First, a few things/disclaimers/etc:

We’ve already reported @Computer_Aid_ to Twitter as a spammer, hopefully others have as well and they’re being shutdown or have already been shutdown.

We’ve blacked out the URL’s in these examples for your own protection. We don’t want you accidentally browsing to them and subsequently becoming infected.

We visited the URL’s in question on a computer that is of no importance to us, is not connected to our business network so none of our sensitive customer data was at risk, we don’t do any kind of finanacial record keeping on , etc. So whether or not our security software ended up protecting us, it didn’t really matter.

We do the aforementioned for the fun of it; we’re nerdy like that. To be honest, we do things like that to continue our education in the ever changing world of IT, but we DO NOT recommend you do the same.

Our goal is to give an example of what could happen to continue to answer the, “How did I become infected?” question.

Twitter is just the example in this case same could apply to any social networking website, and could even come from someone you know and trust if their account has been compromised (accessed and controlled by hackers).

In any event, the image below was a message sent directly to us via Twitter.

The URL was actually a shortened URL created by a service like Bit.ly or TinyURL ; very similar to the URL that may have directed you to this blog post if your visited us via Facebook or Twitter.

As you can see below, our corporate security software was able to protect us from the attempted attack and it did so in two ways:

First, we received a pop-up message from the installed (legitimate) security software itself.

Secondly, the corporate security software also completely blocked our web browser (Firefox) from accessing the website all together and we were instead presented with the following webpage:

You can visit our earlier blog post where we recommend how you can protect your home computer here. A good security software for your home computer would include a similar kind of URL blocking portion integrated in the software. This is something the free security software often lack.

So what would have happened had our security software NOT protected us?

In this case, we would have been directed to a webpage that employed “drive-by-download” techniques to automatically install a fake anti-virus software.

It happens that easily. Be careful!

Posted in Diverse Tech Services, internet security, security, Spam | Tagged , , , | Comments Off

Keep your real life safe from your “online life”!

Posted on March 25, 2010 by khulen

We wrote an earlier blog about how to keep your identity and financial data safe online, but what about your physical safety and your actual possessions?

Be careful what you Tweet, post on Facebook as a status update, share on Foursquare, etc.

Your updates with these services you share can tell would-be-thieves that you’re not at home!

Case in point: This morning’s “Good Morning America” broadcast. Read and watch here about a person who was victimized by one of her Facebook “friends” minutes after posting on Facebook that she would be attending a concert that night.

The story above isn’t an oddity. A Google search turns up tons of news casts from all over the world pertaining to the same exact thing.

Even worse than a burglary, a service like Foursquare that lets you update where you’re physically located using the GPS in your phone, and even shows a map could help people who wish to do you physical harm where you are.

Diverse Tech Services wants you to be careful! Think twice before you post.

Posted in Diverse Tech Services, identity protection, internet security, social media | Tagged , , | Comments Off

How Did I Become Infected? – Part Two

Posted on March 24, 2010 by khulen

These days, we’ll often hear clients with infected PCs say, “…well, I wasn’t browsing where I shouldn’t have been.”

Today, that doesn’t mean much.

Not too long ago, if someone was infected with a virus, we could safely say that they were visiting nefarious corners of the internet: pornography, online gambling, hacking/warez sites, etc.

All of these places are still known to continue to transmit malware, but even legitimate sites on the internet are continuously being compromised (taken over by hackers) and exploited to transmit malware.

Case in point, advertisers/advertisements.

You might be visiting whatever your favorite website is, and they haven’t necessarily been compromised, but perhaps, the advertisements on their website have been. Typically, the advertisements on the websites aren’t actually hosted by the website in question, they come via a “portal” , from a third party.

These exploited advertisements are using the same “drive-by-download” techniques we discussed in this earlier post.

It’s not just the small fry advertisers that are being exploited.

This CNET Article posted on 3/22/2010 calls out some rather big names as being implemented in spreading malware.

A snippet from that article:

“Viruses and other malware were found to be lurking in ads last year on high-profile sites like The New York Times and conservative news aggregator Drudge Report.com, and this year on Drudge, TechCrunch and WhitePages.com. “

It’s a bad neighborhood out there in Cyber-Space. Be careful!

Read our earlier blog post,  “How Do I Protect My Computer” for tips on avoiding malware infection.

Because nothing is ever 100% guaranteed, you could benefit from our Remote Malware Removal service. We hope it never happens to you, but we’re here if it does!

Posted in Diverse Tech Services, internet security, malware, security | Tagged , , , | Comments Off

Tips for Keeping Your Identity and Financial Information Safe

Posted on March 17, 2010 by khulen

I like to try to compare the Internet to the “Wild West”. Yes, there are some loose laws that govern it, but for the most part it’s un-governable. So have fun out there, but BE CAREFUL!

I also like to stress that nothing is ever guaranteed, but if you follow these steps you’re doing a great deal to avoid problems.

This is definitely the age of convenience, and who doesn’t like convenience? The truth is, when we take the easy route in the World Wide Web, we’re playing with fire.

Identity theft is not exclusive to the Internet, and these steps focus on the Internet, but they could very well protect you in other aspects as well.

Avoid banking online
• Lots of banking institutions give you the ability to check your balance and things of that nature via an automated telephone system. Go to the bank teller, use the ATM, or just keep good track using your check book or accounting software.

• If you use accounting software like TurboTax/Quickbooks/etc., use it to simply track balances and other financial data, but do not import sensitive information like checking account numbers, usernames/passwords for financial institutions, etc. Convenience can get you into hot water!

• If you must bank online, do not do it from a computer that you do not know or trust. A “trusted” computer is typically your personal computer.

• This means avoid libraries, Internet cafés, Internet kiosks , work computer, school computer, friend’s computer, etc. They could be riddled with malware, but more on that later.

Avoid making purchases online
• If you must make a purchase online, do not do it from a computer that do you do not know or trust, also be careful when making your purchases from your personal computer.

• A great deal of identity theft and financial information theft occurs due to virus and spyware infections. The personal information is not stolen from the vendor you’re purchasing from, but rather straight from the keystrokes you type on your computer.

• Routinely scan your personal computer for malware.

• Do not trust the word of your security suite software alone.

• Supplement your security suite software with a product like the full version of Malwarebytes Anti-Malware or SuperAntiSpyware, but DO NOT install more than one anti-virus software, this can cause serious headaches.

• If something looks suspect, or you even suspect a malware infection, don’t risk it.

• Read some of our earlier blogs for avoiding malware infections.

Online vendor’s databases do get hacked!
• Hacking a vendor’s database is harder for the bad guys than installing malware
onto your computer, but it’s not unheard of. So if you’re going to be purchasing items online, avoid using your debit card.

• Debit cards often have little to no fraud protection and are a direct line to your checking account.

• If you’re going to use a credit card, use some of the “one-shot” credit cards

• Check with your credit card company online — they may offer an option to create one-shot credit card numbers. When you exercise this option to make a purchase online, the number received by the merchant will be valid for just that transaction. If this number in the vendor’s database were to be compromised, it couldn’t be used to wipe you clean since it was a “one shot”.

• Businesses that receive and store credit card information electronically are required to be PCI compliant by law. Check online for third party reports on whether or not they are before doing business.

Look for the lock
• The lock symbol in your browser’s Status Bar and “https” in the Address Bar show that you’ve got a secure connection. Look for it any time you’re about to engage in a financial transaction. The lock isn’t a guarantee of security, but its absence is a guarantee of NO security.

Only check your personal email from trusted computers
• The same way malware can collect your financial information, they can also collect your credentials. Compromising your personal email username and password might be the only door the bad guys need into completely hijacking your identity.

• Keep your personal “online life” completely separate from your work email.

• If you depart from your employer and have all of your personal “online life” emails (facebook/myspace/banking/etc.) sent to your work email, your employer DOES NOT have to provide you with access to your email when it comes time to change that.

• Your employer has every legal right to monitor your work email.

• Though they don’t have the right to access your personal information, why give anyone the chance?

Avoid being “phished”
• “In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”

• That’s a mouthful!

• Basically, don’t click on any links to financial institutions, social networks, etc. that you receive via email. Always type the web address directly into the address bar of your web browser.

• The only exception would be: online websites will sometimes require you to click links sent to you via email to “confirm” certain processes. Only click these links if you’re actually expecting the email, and these confirmation emails are typically sent within minutes of going through the process in question.

• Security suite software that offer a full line of protection will sometimes have anti-phishing portions wrapped up with them that can help protect you.

• Modern web browsers like Mozilla Firefox and the like also have some sort of phishing protection built in.

Remove identifying information from your social media profiles. (Myspace/Facebook/Etc.)
• Don’t display your date of birth, your mother’s maiden name, your pet’s name, or other personal details that an identity thief could piece together to get access to sensitive accounts.

Posted in Diverse Tech Services, identity protection, internet security, security | Tagged , , , , | Comments Off

How Do I Protect My Computer?

Posted on February 24, 2010 by khulen

A common question we have from users is “How can I protect my computer?”

Like anything else, it’s a loaded question. Securing your home computer is a multi-tiered approach. Securing your business network is another beast altogether that we will not touch on in this blog.

Let’s touch on an often forgotten subject, hardware firewalls. A hardware firewall is an actual piece of equipment. If your home computer is connected directly to your DSL or Cable modem, chances are you are not behind a hardware firewall at all. However, some DSL and Cable modems have firewall capabilities built-in, but your best bet is to contact your Internet Service Provider and ask them.

If you find that you are plugged straight into the internet via DSL/Cable modem, you need to run out to the electronics store and purchase a router. We recommend a brand like Netgear or Linksys.

If you’re already utilizing a home network, wireless network, etc., then you’re in good shape.

Basically, your computer is your castle, and your hardware firewall is the first draw bridge to your castle; it can dictate what goes in and out of your network as a whole.

It should go without saying that you need an anti-virus solution, but it doesn’t always. We find people who tell us “I never use anti-virus because I’ve never been infected.” We know two things for sure. In these economic times, it does hurt the wallet a little bit to spend money on something that is not guaranteed to protect you, as there is NO anti-virus that is 100% effective. However, we can say for certain that if you don’t have an anti-virus there’s a good chance you’ll never know you’re infected.

We wrote an earlier article about the most common types of malware infections. Those types of infections are very “in your face”. So yes, regardless if you have security software or not, you’ll know you’ve been infected. However, there are still countless, very sneaky, very stealth like malware infections that you would never be the wiser about unless your security software warned you.

We recommend a full, paid for, security suite software product. The free anti-virus software available on the web often lack a software firewall, which is the next key component in computer security. A software firewall is the second “draw bridge to your castle”. It’s a piece of software installed into the OS that dictates what can communicate in and out with the internet.

I personally recommend (I, being the author of the this blog, not an official recommendation from Diverse Tech Services) the latest version of ESET’s security suite , currently known as “Smart Security” http://www.eset.com. It’s effective, it has anti-virus/anti-spyware/firewall/heuristic capabilities all wrapped up into one piece of software, and it runs much lighter than a lot of the bigger named security suites like Mcafee or Norton.

Another great tool to supplement your security suite is MalwareBytes’ Anti-Malware program. It’s available at www.malwarebytes.org . I recommend the full paid version. The free version doesn’t automatically update or protect your computer.

Updating your Windows operating system is key in keeping your computer secure. The second Tuesday every month is known as “Patch Tuesday” , it’s the day on which Microsoft releases security patches.

In addition to updating the Windows operating system, you need to make sure that your third party software is updated as well. Things like Java, Adobe Reader/Acrobat, Adobe flash, etc. etc. also have security vulnerabilities and the individual vendors will often release security patches for those as well.

Stay away from peer-to-peer file sharing. Aside from the legality of it, you’re playing with fire. Even with all proper security measures in place, if you’re pirating music, movies, software, you’re more or less inviting malware into your computer. Is that free Britney Spears song worth a $100+ computer repair bill? I think we’ll all agree, NO!

Use your head on social networking sites like Myspace, Facebook, Twitter, etc. Just because your friend sent you a “crazy video” link doesn’t mean you have to watch it.

Even with all these steps in place, there’s nothing that’s 100% effective.

If you end up getting infected, call us, we can help.

Be safe out there!

Posted in Diverse Tech Services, firewall, PC infection, security | Tagged , , , | Comments Off

Why Didn’t My Security Software Work?

Posted on February 5, 2010 by khulen

Another one of the most common questions we receive from people who have had problems with malware infections is “Why didn’t my security software protect me?”

We’ll try to clear things up regarding that question.

First, we think it’s important to point out that there is no security software that is 100% effective, or that will detect every single piece of malware out on the internet. It’s just impossible, considering there are thousands of new malware variants released on a daily basis.

To an extent, modern security products are still heavily reliant on what is called “signature based detection”. What that means is first a new variant of a piece of malware first has to be discovered, researched, etc. before it is added to your security products database of items to protect against.

In addition to “signature based detection”, a good security product will also utilize what is known as “heuristic based detection”. A heuristic based detection helps the anti-virus software look for infection types that might not be part of the detection database itself, but display attributes and characteristics of how malware behaves.

Let’s say your security product employs both signature based detection and heuristic based detection, that’s definitely a product that should suffice as protection by modern standards. However, there’s still the issue that no security product can detect 100% of available infection types. As an example, Norton might detect certain types of malware that Mcafee can’t detect, and vice versa. (we use Norton and Mcafee as examples as they’re the two most well known security products, we don’t endorse either or).

The bad guys behind the malware are perfecting their craft day in and day out. With the prevalence of the bad guys using rootkit technology to now infect users, your typical security software doesn’t stand a chance, and more often than not can only alert you of an infection that’s already taken place.

No security software is going to change human behavior. It’s not going to stop humans from falling for various social engineering attacks, it’s not going to stop humans from clicking the wrong link or visiting questionable websites, it’s not going to stop humans from clicking the fake “You’re in a crazy video” facebook scams, etc. etc.

Still, you need security software without a doubt!

If you do get infected, we can help! Call us 317-524-5700

Good luck out there in cyberspace!

Posted in Diverse Tech Services, malware, security | Tagged , , , , , , , | Comments Off

How Did I Become Infected? – Part One

Posted on January 28, 2010 by khulen

Honestly, there are countless ways a computer can be infected with malware. There are way too many to list in one blog posting, and they change almost daily. So from time to time we’re going to talk to you about how computers become infected, in the hopes that you’ll be educated on how to avoid becoming infected.

Without further ado, here is “How Did I Become Infected?” – Part One

We’re going to focus on the most prevelant type of infection vector right now known as “drive-by-downloading” , but first we should start off by talking about “classic” ways computers became infected with malware.

Once upon a time, a user had to be tricked into literally downloading and running a program. The programs that contained the viruses would often parade themselves as being something useful or have a desirable function for the user, but instead gives a hacker unauthorized access to the user’s computer. This is how these kinds of infections got the name “trojan” or “trojan horse”. The term is derived from the Trojan Horse story in Greek Mythology. The ways the bad guys tricked you into running such programs varied (and some old tricks still exist today), but for the most part they actually required user intervention.

These kinds of attacks still exist. In fact just last week there was a trojan spreading through email parading itself as a legitimate UPS or DHL email; claiming that the recipients had packages for pickup, etc.

These days the majority of users are actually educated on these kinds of attacks. Often people are weary of strange emails with strange attachments, unsolicited or not, and are careful about what they intentionally download (for the most part) from the internet, Et Cetera.

So here’s where the question comes in:

“I didn’t download or run anything out of the ordinary. How did I become infected?”

Well, the bad guys got smarter and more vicious when the average user got smarter. The answer is:

Drive-By-Downloading

Drive-By-Downloading is when a user indirectly authorized and download without understanding the consequences. Or, any download that happens without the knowledge of the user or without any intervention from the user.

Simply stated, you visit the wrong website and you’re automatically infected. Today it’s more or less luck of the draw when it comes to visiting the wrong website.

This can happen by either visiting a website that was intentionally setup to distribute malware or by visiting a legitimate website that was compromised and is being used to distribute malware.

Reagarding legtimate websites that were compromised, here’s a couple of examples:

One of our clients who manufactured doors had a vendor that they did legitimate business with. Well, that vendor’s website was compromised by hackers and used to distribute computer viruses via “drive-by-downloading”.

We had a remote malware removal customer who had more or less the same story. She visited the website of her daughter’s highs school. Then, BAM!! Another victim of drive-by-downloading.

Advertising portals on legitimate websites get compromised and malware is indirectly delivered to you , and the list goes on and on.

So, how do the bad guys get you to visit websites that are not legitimate and intentionally created to distribute malware?? They employ a technique in the computer world know as “black hat SEO” , or “black hat search engine optimization (SEO) “. (black hat being a cutesy term for bad hackers). Search Engine Optimization is the process of improving the volume of traffic to a website. The “black hat SEO” would be trickery used to increase traffic to a website intended to distribute malware.

Recent Example:

Hackers used “Black Hat SEO” techniques to poison Google search results regarding the recent special election that occurred in Massachusetts .

One would assume searching about the special election would be harmless, but they poisoned Google search results regarding the special election so that search results to websites distributing malware would appear at the top of Google searches, regarding the election. You can read more about this here

The same kind of techniques have been uncovered regarding the 2010 Super Bowl, and the list goes on and on.

These websites in the poisoned search results no doubt contained drive-by-download techniques.

The internet is the Wild Wild West. So be careful!! If you do become a victim, we can help!

The best way I’ve found to protect against these drive-by-download attachs is to use the Mozilla Firefox Web Browser along side a special add-on for the Firefox web browser known as NoScript . There’s one major problem with this protection is that it’s not very user friendly for the average computer user.

The talk about protection against drive-by-downloading brings up another common question, and a good question for that matter.

“Why didn’t my anti-virus protection work?”

Stay tuned for that answer!!

Posted in Diverse Tech Services, malware, PC infection, trojan, virus | Tagged , , , , | Comments Off

Frequently Asked Questions

Posted on January 26, 2010 by khulen

This blog is going to be centered around some FAQs that we’ve either already received, or anticipate receiving. Specifically referring to our Remote PC Services.

What is “remote computer support” ?

“Remote computer support” refers to the ability of our technicians to remotely access your computer via process of having you download and run a file from our remote support device known as Bomgar. As long as you have a high speed internet connection, you can allow our techs a connection to your computer and we can remotely view/control your screen. It’s like watching your computer fix itself.

Can you get back into my computer after my session is over?

No. When we initially connect to your computer it is via a temporary desktop sharing application. When we disconnect from your computer that temporary desktop sharing application is automatically deleted. For more information visit our remote support tool’s creator Bomgar.

How long does an average support session last?

The average remote support session lasts anywhere from 45-65 minutes, on average. However, depending on the type of problems you’re experiencing, a session may be shorter or much longer. In some cases where the computer problems are severe (for instance: major malware infection) these times could greatly increase.

Is it secure?

Yes. When you run the aforementioned temporary desktop sharing application, your are initiating a 128-bit encrypted connection between your computer and the technician’s computer. In this way, you have set up a unique one-to-one session that no one else can view or access during the session. That ensures your security and privacy.

Why is remote computer support better than more traditional support options?

Traditional computer support options have been to wait on hold with a PC or software vendor, take your computer to a local repair shop and wait for days for your PC to be repaired (costly) or to wait for a technician to visit your home (also, very costly). Remote computer support allows us to interact directly with your computer so you don’t have to perform often complicated telephone instructions on how to fix your computer yourself. In this way our technicians can identify and resolve problems faster, which costs you less.

Is your work guaranteed?

Our computer services are guaranteed for five (5) days. If there is a problem with any service we provide, customers must notify us within five days and we will work to remedy any issues quickly and professionally.

Can you support older computers?

All of our services are available for PCs that have Windows XP and Windows Vista. A select list of services are available for PCs that have Windows 98 and Windows 2000. If your PC is older than 5 years, or has Windows 98 or Windows 2000, it may be worth considering the purchase of a new computer.

Posted in Diverse Tech Services, FAQ, remote support | Tagged , , , | Comments Off

Remote PC Tune Up and Malware Removal

Posted on January 18, 2010 by khulen

Has your computer been running extremely slow lately? Are you getting a lot of strange pop-ups and things of that nature?

You may be infected with malware !!

Malware is a catch-all term for virus, trojan, and spyware infections.

Rootkit infections are the nastiest kind of infections, and are becoming increasingly common everyday. Unfortunately, the days of installing a simple scanning tool to clean your computer are long gone. These malware infections are increasingly becoming more advanced, and require special tools and techniques to remove them.

We here at Diverse Tech Services are up to date on the latest tools and techniques to remove all types of malware infections, including rootkit infections!

Diverse Tech Services is offering the same quality and service we’ve been offering for small businesses to home users!

Nothing to unplug! Nothing to lug! As long as you have high speed internet connection we can connect to your computer and help you with your technology needs. You could be anywhere in the world.

Is the malware infection blocking your ability to connect to the internet? No problem!! Call us and our techs may be able to talk you through working around the internet blocking so that we may connect to you and remove these problems for you!!

Don’t trust your computer to just anyone. When you need stress-free IT, call Diverse Tech!!

317-524-5700

http://www.diversetechservices.com/

Posted in Diverse Tech Services, malware, rootkit, trojan, virus, virus removal | Tagged , , , | Comments Off