Top 10 Signs of a Malware Infection on Your Computer

Not all viruses that find their way onto your computer dramatically crash your machine. Instead, there are viruses that can run in the background without you even realizing it. As they creep around, they make messes, steal, and much worse.

Malware today spies on your every move. It sees the websites you visit, and the usernames and passwords you type in. If you login to online banking, a criminal can watch what you do and after you log off and go to bed, he can log right back and start transferring money out of your account.

Here are some signs that your device might already be infected with malware:

  1. Programs shut down or start up automatically
  2. Windows suddenly shuts down without prompting
  3. Programs won’t start when you want them to
  4. The hard drive is constantly working
  5. Your machine is working slower than usual
  6. Messages appear spontaneously
  7. Instead of flickering, your external modem light is constantly lit
  8. Your mouse pointer moves by itself
  9. Applications are running that are unfamiliar
  10. Your identity gets stolen

If you notice any of these, first, don’t panic. It’s not 100% that you have a virus. However, you should check things out. Make sure your antivirus program is scanning your computer regularly and set to automatically download software updates. This is one of the best lines of defense you have against malware.

Though we won’t ever eliminate malware, as it is always being created and evolving, by using antivirus software and other layers of protection, you can be one step ahead. Here are some tips:

  • Run an automatic antivirus scan of your computer every day. You can choose the quick scan option for this. However, each week, run a deep scan of your system. You can run them manually, or you can schedule them.
  • Even if you have purchased the best antivirus software on the market, if you aren’t updating it, you are not protected.
  • Don’t click on any attachment in an email, even if you think you know who it is from. Instead, before you open it, confirm that the application was sent by who you think sent it, and scan it with your antivirus program.
  • Do not click on any link seen in an email, unless it is from someone who often sends them. Even then, be on alert as hackers are quite skilled at making fake emails look remarkably real. If you question it, make sure to open a new email and ask the person. Don’t just reply to the one you are questioning. Also, never click on any link that is supposedly from your bank, the IRS, a retailer, etc. These are often fake.
  • If your bank sends e-statements, ignore the links and login directly to the banks website using either a password manager or your bookmarks.
  • Set your email software to “display text only.” This way, you are alerted before graphics or links load.

When a device ends up being infected, it’s either because of hardware or software vulnerabilities.  And while there are virus removal tools to clean up any infections, there still may be breadcrumbs of infection that can creep back in. It’s generally a good idea to reinstall the devices operating system to completely clear out the infection and remove any residual malware .

As an added bonus, a reinstall will remove bloatware and speed up your devices too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Don’t pick up that USB Drive!

What a very interesting experiment: Researches randomly deposited 297 USB drives (aka USB stick, flash drive, thumb drive) around the University of Illinois Urbana-Champaign campus. They wanted to see just how many, and how soon after dropping them off, they’d be collected by people.

2DTurns out that 48 percent of the drives were taken and inserted into computers. The report at theregister.co.uk says that in some cases, this was done minutes after the drives were left in the public spots.

Picking up a USB drive off the streets and plugging it into your computer is akin to picking up discarded food off a sidewalk and eating it. You just never know what kind of infection you’re going to get.

And what you might get is a virus crashing your computer or stealing your data. That USB stick could contain malware—either left in public as a prank, or innocently lost or discarded without the original owner knowing it’s infected.

Or…it might have been left in a public spot by a hacker with full intent of gaining control of your computer to collect your personal data and committing fraud, such as opening lines of credit in your name or emptying out your bank account.

The USB sticks for the study contained HTML files with embedded img tags. The tags allowed the researchers to track the USB activity, which is how they new that, for instance, one of them was plugged into a computer only six minutes after it was left to be “found.”

Only 16 percent of the people who picked up the sticks actually scanned them to check for viruses before plugging them into their computers. And 68 percent simply inserted them without any regards to what they could get transferred into their computers.

  • Some users trusted that there was no harm.
  • Some plugged in the drive to seek out the owner.
  • Some intended to keep the stick.
  • Conclusion: A cybercriminal could easily take control of a business’s system by leaving a rigged USB drive in the parking lot, let alone get control of a personal computer by leaving the stick in any public place frequented by lots of people.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Hotel PCs serve up Infections

You can legally purchase spyware and install it on your computer, but it’s against the law to do so on someone else’s device. Spyware records e-mails, chats, browser history, passwords, usernames, etc.

4DYou’d buy it for your computer if you wanted to know what your tween was up to on it or how much your employees are goofing off.

This same kind of software can infect your computer after you click on a link in a strange e-mail or visit a malicious website that downloads a virus. Spyware can also be in the form of a flash drive-like tool that a snoop or crook could connect to someone’s PC and obtain private information.

Not surprisingly, this technology has made it possible to infect PCs at hotels. In Dallas recently, computers were infected at several major hotels. The crooks used hotel computers to access Gmail accounts, then downloaded and installed the flash drive-like tool to track keystrokes of unsuspecting innocent guest users as they typed in passwords and usernames to access their bank and other online services.

This is why you should use a public computer only for website browsing for the latest news or entertainment. Even if the PC is within visual range of hotel staff, a crook could still easily connect a keylogger. This is just too easy to do once the criminal sits down at a computer.

If you absolutely must print something out from your e-mail account, at least use a throwaway e-mail address like 10minutemail.com or yopmail.com. Use your smartphone to forward e-mails to the throwaway address. Next, access the temporary address from the hotel PC.

Lock down BIOS settings, then secure them with a solid password. This way, people can’t boot up a computer with a flash drive or CD. But not all operating systems support these protective measures. Your best bet, again, is to use hotel PCs only for entertainment or checking on the weather.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Best Way to Destroy a Computer Virus

Computer viruses are here to stay, which means users need to know the best way to eradicate them the moment they attack. Like disease viruses, computer viruses evolve and get “smarter.” The many different kinds of computer viruses (such as worms, Trojans, spyware) are called malware: malicious software.

4HIn general, security software comes with instructions for getting rid of or containing malware.

For Windows users, Microsoft provides tools that get rid of malware. Between your operating system and antivirus software, you will have the basic tools for fighting off most viruses.

Tips for Protecting Your Computer

  • Every day, run a quick scan of all of your devices. But in addition, run a weekly deep scan. Either type of scan can be manually set up or set on an automatic timer (which is actually a lot better since you wont have to remember to do it).
  • Your e-mail program should be set to alert you before you download any graphics or executable files. If you can, set your e-mail to display only text, and to alert you before loading any graphics or links.
  • If you don’t recognize an e-mail sender, and the message includes a link, never click on the link. If the link has you curious, then visit the associated website via outside the e-mail, or, manually type the link’s web address into your browser. In fact, don’t even click on links in e-mails that are supposedly from a familiar sender. Fraudsters can make it look as though the sender is someone you know. Never mind how they do this; it happens.

You can outwit cybercriminals. You just have to be a little smarter than they are and never think, “It can’t happen to MY computer.” There’s nothing special about your computer that makes it intrinsically immune to cyber threats. You must be proactive and take measures to prevent malware attacks.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Ransomware Attacks Small Businesses

The rate of malware (ransomware) attacks on small businesses climbs at an alarming rate. The security firm McAfee warns that soon, attacks that come through social platforms will be “ubiquitous.” Small businesses are typically not able to subsidize the internal security placements to fend off these attacks, which mostly come from abroad.

6DRansomware blocks your access to data, and the DoS (denial of service) attack threatens to crash your website unless you pay an extortion fee. It’s more organized, it’s more efficient, it’s more automated, it’s more stealthy.

While some businesses give in to DoS extortion demands, others won’t have it. Attacks usually start with relatively small demands, such as $300, to see who’s game. The demands will get pumped up into the thousands quickly once a businessperson pays the initial demand: Pay once, and it’s never over.

If you get a DoS, roll with it; have the extortionist think you need time to prepare payment. Then collect all relevant e-mails and other information for your defense—but not for the police (who lack tech savvy) or the FBI (unless the loss exceeds $5,000), but for your website hosting provider.

The hosting company can collect traffic logs and often can activate DoS defenses or link you to a provider of advanced DoS resolution.

A virus, however, is a different story. Once the virus gets in there and attacks your information, it’s pretty much game over.

Bottom line: Don’t pay the ransom unless you want escalating demands or the strong possibility the extortionist won’t unlock your data after taking your money. A DoS attack will render your site down for days and can permanently lose data and upset visitors.

To avoid a DoS, go anti: virus, spyware, phishing, and use a firewall and run backups. Train your employees well. You have to be conscious of where you’re going and what you’re clicking on.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

The “Heartbleed” Bug has not been exterminated

Though the breaking news of the Heartbleed vulnerability is a month old, this doesn’t mean that this “bug” has been squashed.

heartbleedThere still remain about 318,000 servers that are vulnerable to this OpenSSL bug, according to security researchers, though this figure is about half of what it was a month ago.

The Errata Security blog announced they calculated the 318,000 via a recent global Internet scan, which also revealed that more than 1.5 million servers still remain supportive of this “heartbeat” thing.

And there may actually be a lot more servers “bugged” because the count applies only to verified cases. Nevertheless, why are there over 318,000 still affected a month after aggressive Heartbleed mitigation went into effect?

Fraudsters can use this bug to attack those 318,000 systems. This flaw in encryption leaves private data like credit card numbers and passwords open for the kill.

Though many of the giant services fixed this problem within a prompt timeline, the smaller services are still struggling with it, and hackers know this. A crook can identify the compromised server and then exploit the bug and steal the private data that’s in the server’s memory or take control of an online session.

So how can you protect your private information?

  • Go to http://tif.mcafee.com/heartbleedtest, which is McAfee’s Heartbleed Checker tool. Enter the URL of a website to see if it’s vulnerable.
  • If no vulnerability is detected, change your password for that site. After all, if a site has already been bugged, changing your password at that point is useless.
  • If vulnerability has been detected, then keep an eye on your account activity for signs of unauthorized activity.
  • After a site has been patched up, then change your password.
  • And this time (if you already didn’t originally), create a strong, long password. This means use a mix of characters (letters, numbers, symbols) and use more than eight. And don’t include a word that can be found in the dictionary unless your password is super long, such as “I eat Martians for breakfast.” (The spaces count.) This would be a nearly uncrackable password due to its length and nonsensicality. But so would the more difficult to remember Y48#dpkup3.
  • Consider a password manager for creating strong passwords and remembering them, such as McAfee SafeKey.
  • For better security use two-factor authentication. This involves a one-time code for each time someone tries to log into an account.
  • As ongoing protection consider a credit freeze and identity theft protection to prevent new account fraud.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Killer Computer Viruses

When most people think about a virus, they think of a fever, chills, and maybe a potential pandemic. But when they think about a computer virus, they think of a headache, or worse, identity theft.

Unusually, one report claims that a computer virus played a role in the deadliest air disaster in Spanish history. Others refute this claim, arguing that a virus was not the cause.

USA Today reports, “Spanish newspaper El Pais cites a 12,000-page investigative report that outlines how a computer infection, spread via an infected USB thumb drive, may have been a contributing factor. The report says a malicious program precipitated failures in a fail-safe monitoring system at the airline’s headquarters in Palma de Mallorca.”

Whether or not a virus contributed to the delay or cancellation of the flight’s departure, which led to the crash, this type of scenario is possible. Now and in the future, incidents like this may involve malicious technology.

Technology plays a role in many aspects of our lives, and when that technology is corrupted, the results can be disastrous. Consider the extent to which hospitals, banks, water treatment facilities, electrical grids, airports, gas stations, and even roads rely on technology.

Steve Stasiukonis, a penetration tester, describes how USB thumb drives can turn external threats into internal ones in two easy steps. After being hired to penetrate a network, he says, “We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.”

In this scenario, the USBs were dropped in a bank parking lot, then picked up by the employees and used to compromise the network. Fortunately for the bank, this was only a test of the network’s security.

Bad guys will use every possible mechanism to accomplish their goals. Do your best to increase your security intelligence. Regardless of your job description, security is everyone’s responsibility.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Good Morning America. (Disclosures)