Viruses as Cyberweapons for sale

It’s all about code—the building blocks of the Internet. Software code is full of unintentional defects. Governments are paying heavy prices to skilled hackers who can unearth these vulnerabilities, says an article at nytimes.com.

6DIn fact, the FBI director, James B. Comey, recommended that the FBI pay hackers a whopping $1.3 million to figure out how to circumvent Apple’s iPhone security.

So driven is this “bug-and-exploit trade market,” that a bug-and-exploit hacking company, Hacking Team, ended up being hacked last summer.

The software companies that create code don’t get to learn what the vulnerabilities are that the richly paid hackers discover. This has been going on for two decades-plus.

Here are some sizzling facts from nytimes.com:

  • Over a hundred governments have reported they have an offensive cyberwar program.
  • Iran boasts being in the No. 3 spot in the world for digital army size (trailing the U.S. and China), though this can’t be confirmed.
  • However, Iranian hackers have demonstrated their skill more than once, and it’s not pretty. For instance, they were responsible for the rash of U.S. bank hacking incidents in 2013.
  • Though Iran’s cyber power lags behind that of the U.S.’s, they’re steadily closing the big gap.
  • Most nations keep details of their cyberwar programs classified.

It has been surmised by many a security expert that WWIII will be largely digital. Imagine how crippling it would be if a nation’s grid was dismantled—affecting major networks across that country—such as healthcare, shipping and banking and other critical infrastructures such as food and water supply.

There’s not a whole ton you can do about this battle. However, you should, at a minimum, prepare your physical life for any digital disasters. Prepare the same way you would if you knew there was a severe storm coming. Store dry foods, water, extra climate appropriate clothing, and cash, preferably lots of small bills. This is just a short list. Seek out numerous resources on ready.gov to learn more.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Protect your small business against viruses with these tips

It is September and it’s National Preparedness Month—a great time to get involved in the safety of your community. Make plans to stay safe, and this includes maintaining ongoing communications. National Preparedness Month culminates September 30th with National PrepareAthon! Day.

6DI learned in high school biology class that one of the things that distinguishes life forms from inanimate objects is that living things replicate. Therefore, a computer virus is, well, alive; it replicates itself. It’s alive enough to cause billions of dollars of destruction from the time it attacks a computer network until the disaster is cleaned up.

But just what is a computer virus?

Not only does this nasty program file duplicate itself, but it can spread to other computers without human involvement.

Unlike a virus with DNA, a tech virus usually doesn’t produce symptoms to give you an early warning. But it’s hell-bent on harming your network for financial gain.

Though a virus is malicious, it may impersonate something harmless, which is why the user lets it in. One type of virus is spyware— which allows your computer to run smoothly as always, while the spyware enables criminals to watch your login activities.

Though viruses often corrupt in secret, others can produce symptoms including:

  • Computer programs and smartphone applications open and close spontaneously.
  • Computer runs very slowly for no apparent reason.
  • Someone you know emails you about the global email you recently sent out promoting a product you have nothing to do with.

You can protect yourself or your business from a virus in the following ways:

  • A malment is a common way to let a virus into your computer. This is a malicious attachment that, when clicked, downloads the virus. The email message tricks employees into clicking that attachment. Unless it’s been confirmed by the sender that you’ll be receiving an attachment shortly, never open attachments. Or at a minimum, scan them with antivirus software.
  • Never open an attachment sent out of the blue by the IRS, company bank, credit union, medical carrier, etc.
  • Apply the above rules to links inside emails. A “phishing” email is designed to look legitimate, like it came from the bank. Click on the link and a virus is released. Or, the link takes you to a site that convinces you to update some login credentials—letting the hacker know your personal information.
  • Never use public Wi-Fi unless you have a VPN (virtual private network) encryption software.
  • All devices should have continually updated security software including a firewall.
  • Browser and operating system as well should be updated with the latest versions.
  • Prevent unauthorized installations by setting up administrative rights.
  • Employees, from the ground to the top, should be aggressively trained in these measures as well as bring-your-own-device protocols.
  • Back up your data. Why? Because when all else fails and your data and devices have been destroyed by malware, a cloud backup allows you to not only recover all your data, but it helps you sleep at night.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained in how malware works and other tricks that cyber thieves use. To learn more about preparing your small business against viruses, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

What is a Virus?

Have you ever had the chicken pox? This common childhood illness has another name—the varicella zoster virus. Like all viruses, varicella replicates itself, spreading though the body, and eventually appearing as itchy red blisters all over the body. But the virus doesn’t stop there; it can spread to other people through physical contact and through the air when an infected person coughs or sneezes. It’s not a very fun illness to have.

6DViruses don’t just affect humans; there are viruses that can affect your tech devices. A tech virus is a malicious program file that can also replicate itself and infect other devices through techniques like malicious links and sketchy downloads. But unlike the chicken pox where the virus eventually appears on your skin, a virus could be wreaking havoc on your device and you might not even know it!

Computer and mobile viruses can take many different form factors, but all are usually intended to do harm to your device, steal your personal info or money or both. Some examples of viruses include a Trojan Horse, which masquerades as something neutral or benevolent, but is programmed to infect the hard drive or even crash it. Spyware is a virus that observes your activities like logging into your bank account, collects this data (e.g., password, answer to secret question, username) and sends it to the hacker. And a worm, like other viruses, can corrupt files, steal sensitive information, or modify system settings to make your machine more vulnerable, but it’s different in that it can replicate and send copies of itself to other computers in a network without any human interaction.

There are several clues that could mean that your device has a virus. For example, if you notice your device is suddenly running at a snail’s pace. Another example is programs or apps opening and closing on their own. Or a major sign would be if you receive an email from a friend responding to a mass email you supposedly sent promoting some great deal on a pharmaceutical (that you never actually sent).

Just like there are things you can do to prevent the chicken pox, like wash your hands and stay away from infected people, there are ways to prevent a virus from getting on your device.

  • Be wary. Don’t open attachments from people you don’t know.
  • Think before you click. Don’t click blindly. Check the link URL to make sure you are being directed to a legitimate site.
  • Keep your OS and browser updated. Make sure that you install the latest updates for your operating system and browser as well as any hardware updates that are available for your device as these often close up security holes.
  • Install security software. Use comprehensive security software that protects all your devices, like McAfee LiveSafe™.

Here’s to keeping all your devices nice and healthy!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

What is Ransomware?

Imagine that you want to pull up a certain file on your computer. You click on the file and suddenly a notice flashes on your screen saying your computer has been compromised and in order to get your files back, you need to pay up some money. This, ladies and gentlemen, is ransomware, a nasty type of malware that, unfortunately, hackers love to use.

4DRansomware is malicious software created by a hacker to restrict access to your device and demand a fee to be paid to the hacker in order to give you back access to your device. It can prevent you from using your computer or mobile device, opening your files, or running certain applications like your browser. Or it could lock down your photos, documents, videos on your mobile phone or PC and hold them hostage until you pay the ransom.

Users unknowingly download ransomware from malicious by clicking on email attachments or visiting infected websites, also known as drive-by downloads . There are several ways hackers use ransomware to extort money from users. One, the hackers pretend they are a law enforcement agency and claim that you have downloaded illegal content and demand a fine to pay for this violation. Another popular trick is a message that claims your Windows installation is counterfeit and requires activation or that your security software is out of date or not working.

If you download ransomware, you must remove it before you can access your device again. You can use security software or clean out your disk drive. If you have an Android phone, you can reboot your phone in Safe Mode. Whatever you do, don’t pay the ransom, as it doesn’t always guarantee you will get access to your device again.

It’s always better to prepare than repair. Here are a few tips for preventing ransomware from getting on your digital devices.

  • Backup your files. Then, if a ransomware attack occurs, you can wipe your disk drive clean and restore the data from the backup.
  • Think twice. Don’t open links or attachments from people you don’t know.
  • Use a web advisor. Hackers use malicious websites to spread ransomware. A web advisor, like McAfee® SiteAdvisor® will let you know what links are malicious or not.
  • Install comprehensive security software.  McAfee LiveSafe™ service includes a firewall and anti-spam filter to protect your computers, mobile phones and tablets from ransomware. If you already have your computers covered, make sure you still protect your mobile devices with our free McAfee® Mobile Security for Android or iOS.

Have a happy holiday!

 Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

How your Webcam may be spying on You

Remember that song from 1984, “Somebody’s watching me?” It was a great foreshadowing of things to come: These days, people really CAN watch you while you go about your business at home…through your computer. So if someone confides in you that “they’re spying on me through my computer,” don’t be too quick to assume your friend went off his meds.

2WWebcam technology can enable a hacker to view you via your computer. The technology is called RAT: remote access Trojans. It can record keystrokes and obtain all of your files. And you’ll probably not know someone’s watching you. And how does a computer become a portal through which someone can spy on you? Numerous ways, including installing a “lost” thumb drive you found and clicking on links in e-mails or pop-up ads.

Just think of what all this can mean:

  • Nobody will have to imagine what you look like in your underwear.
  • The government may be spying on you. Your boss may be, too.
  • Your face, captured via your Webcam, can be compared to a face in a crowd. Doesn’t sound like a big deal unless you don’t want anyone to know you were in that crowd, such as a war protest.
  • Your headshot may end up on a selling list—like your phone number and home address surely already have—and these lists can get sold all over the place.
  • Will you ever be truly alone when getting intimate with your partner?
  • Criminals are hacking webcams and holding the footage for ransom.
  • Do you want anyone to know about that secret, disgusting habit you have?
  • Put a piece of masking tape over the Webcam camera.
  • Equip your device with the latest antivirus, antiphishing, antispyware and a firewall.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What Is a Trojan Horse?

One of history’s great literary classics is Homer’s Iliad, which tells the story of the Trojan horse—the wooden horse that the Greeks hid in to enter the city of Troy and take it over. Two thousand and some odd years later, hackers use a digital Trojan horse to hide malicious files in seemingly harmless files with the intent to attack or take over your device. A Trojan horse (or Trojan) is one of the most common and dangerous types of threats that can infect your computer or mobile device. Trojans are usually disguised as benign or useful software that you download from the Internet, but they actually carry malicious code designed to do harm—thus their name.

6DThere are a variety of types of Trojans, many of which can launch sophisticated and clever attacks. Here are some types to be aware of:

  • Password-stealing Trojans—These look for saved passwords on your computer and email them to the hackers. Some can even steal passwords cached in your browser history.
  • Remote access Trojans—These are quite common, allowing the attacker to take control of your computer and access all of your files. The hacker could potentially even access your online banking and credit card sites if you have your password stored in your browser memory or on your computer.
  • Destructive Trojans—These Trojans destroy and delete files from your computer
  • Antivirus killers—These Trojans detect and kill your antivirus and firewall programs to give the attacker easier access to your computer

A Trojan can have one or multiple destructive uses—that is what makes them so dangerous. It’s also important to realize that unlike viruses, Trojans are not self-replicating and are only spread by users who mistakenly download them, usually from an email attachment or by visiting an infected site.

Here are some steps you can take to avoid downloading a Trojan horse:

  • Beware of suspicious emails. Don’t open an email attachment if you don’t recognize the sender of the email
  • Use comprehensive security software. Protect all your devices with McAfee LiveSafe™ service as well as stay protected from spam, sketchy files, and viruses
  • Separate the good from the bad. Use an email program with a built-in spam filter to decrease the chance of a malicious email getting into your inbox
  • Know the threats. Keep current on the latest threats so you know what to look for when you receive suspicious emails

Remember that Trojans are common because they are so successful. Hackers use social engineering techniques, such as mentioning a current news topic or popular celebrity, to get you to click on their email. Just being aware of what they are and how they work can prevent you from having to deal with financial loss, identity theft, damage to your computer, and significant downtime.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

How to tell if your Computer has a Virus

Your computer probably has a virus if you can answer “Yes” to any of the questions below:

Is your computer running quite slowly?

A virus often causes a computer to run slowly. But realize that this symptom can also mean that a computer needs more memory, or that the hard disk needs defragmenting. It can also mean spyware or adware is present.

Are programs automatically starting?8D

A virus may damage some programs. And in some cases programs might not start at all.

Are unexpected messages occurring?

A viral infection can make messages appear unexpectedly.

Does your Windows program suddenly shut down?

A virus can do this, too.

Is your hard disk or modem working overtime?

Ane-mail virus sends many duplicates of itself by e-mail. You can tell this might be happening if the activity light on your external modem or broadband is constantly lit. Another clue is that you can hear your computer’s hard disk constantly working.

These situations don’t always mean a virus, but they shouldn’t be ignored, especially if there are other problems occurring.

If you already have the latest version of a solid antivirus program, it should spot a virus that’s already in your computer and even a virus that’s about to be downloaded.

Antivirus software works best when it’s programmed to scan your computer at regularly timed intervals (this way you won’t have to remember to manually do it). The software should also automatically download updates to your computer for antivirus definitions.

A reputable antivirus software system should be able to detect a virus trying to get into your computer or one that’s already present. As viruses are always evolving, there may be an invader that your software does not yet recognize, but probably soon will, once an update occurs of a new virus definition.

When a reliable antivirus program spots a virus it will quarantine it. You’ll then be asked if you want to promptly delete it or set it aside. This is because there may be times when the antivirus software thinks that a legitimate program or file is a virus. You then get the opportunity to restore the program or file.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Are You Protected From Zeus?

In Greek mythology, Zeus is the father of all gods and men. Today in the tech world, Zeus is the father of all computer viruses. The Zeus Trojan virus, which has been around since 2007, has been described as one of the most powerful, sophisticated, and evasive viruses ever. Many antivirus programs have had difficulty defeating it. Experts believe that millions of computers may have the virus without users having noticed.

Zeus behaves like many other viruses in that it may lure the PC user into clicking an infected link in the body of an email, then instantly downloads the virus, which quietly installs itself in the background. Sometimes that link may point to an infected website, which injects the virus in the form of a “drive-by download.” Once Zeus has been installed, it works as spyware, recording keystrokes as the user types.

Last month, the FBI broke up a hacking ring that had used the Zeus virus to steal more than $70 million. More than 100 people were charged or detained, including code writers in the Ukraine and “mule-network operators” throughout the United States, the United Kingdom, and Ukraine. The ring primarily targeted U.S. bank accounts, as well as some in the U.K., the Netherlands, and Mexico.

Zeus is designed to steal bank account login credentials. It has traditionally targeted PCs, but has now been updated to attack cell phones as well, with one version of the malware apparently “intercepting SMS confirmations sent by banks to customers, and defeating the fund transfer authorization codes.”

Protect yourself from this and other viruses by running free operating system updates from Microsoft. Click “Start,” then “All Programs,” and then scroll up the menu and select “Windows Update” or “Microsoft Update.”

You should also install antivirus software. Most PCs come bundled with antivirus software that is free for the first year or six months. Just renew the license whenever it expires. Most antivirus software categorizes spyware as a virus now, but it’s also a good idea to run a spyware removal program daily. You should also install a firewall. Microsoft’s operating system has one built in, but it is not sufficient. Use a third party firewall that comes prepackaged with antivirus software.

And don’t be a fool. Scammers consider you, the target, “simple minded.” They’ll use 1001 different techniques to trick you into divulging your data. They attempt to gain your trust by lying, sending misleading emails, or planting pop-up ads that try to convince you to download software for your own protection. Just hit delete.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses phishing on NBC Boston. (Disclosures)