Posts

What is Browser Hijacking?

Imagine it. You sit down at your computer about to do your daily perusal of Buzzfeed  or check out The Financial Times but your homepage is now some weird search engine you’ve never seen before. Guess what? You’ve been hijacked.

IEBrowser hijacking is when your Internet browser (eg. Chrome, FireFox, Internet Explorer) settings are modified. Your default home or search page might get changed or you might get a lot of advertisements popping up on your computer. This is done through malicious software (malware) called hijackware. A browser hijacker is usually installed as a part of freeware, but it can also be installed on your computer if you click on an attachment in  an  email, visit an infected site (also known as a drive-by download), or download something from a file-sharing site.

Once your browser has been hijacked, the cybercriminal can do a lot of damage. The program can change your home page to a malicious website, crash your browser, or install spyware. Browser hijackers impede your ability to surf the web as you please.

Why do criminals use browser hijackers?
Like other malware and scams,  hijacked browsers can bring in a good chunk of money for the hacker. For example, one browser hijacker, CoolWebSearch, redirects your homepage to their search page and the  search results go  to links that the hijacker wants you to see. As you click on these links, the cybercriminal gets paid. They can also use information on your browsing habits to sell to third parties for marketing purposes.

Browser hijackers are annoying and sometimes they can be tough to get rid of. Here are some ways to prevent your browser from getting hijacked:

  • Carefully read end user license agreement (EULA)documents when installing software. Often times, mentions of browser hijackware are hidden in the EULA, so when you accept the user agreements, you might be unknowingly accepting malware.
  • Be cautious if you download software from free sites. As the old saying goes, free is not always free—you may be getting additional items with your free download.
  • Keep your browser software up-to-date.
  • Use comprehensive security software, like the McAfee LiveSafe™ service, to keep all your devices protected.

For other security tips and advice, follow McAfee_Consumer on Twitter or like the McAfee Facebook page.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

What’s Your Click IQ?

The recent celebrity photo hacks are an unfortunate reminder of how devastating or embarrassing it can be to have your data compromised.  But celebrities are not the only ones getting hacked. Cybercriminals aren’t choosy—they’ll send malicious texts, emails, and website links to Jennifer Lawrence and your grandma. And while the celebrity hacks are more publicized, the fact is, every day, hundreds of ordinary people are falling prey to phishing scams.

So how can you protect yourself from these cybercriminals? The best defense is actually you.

Many of these scams involve a similar thing—the click. So if you learn how to click wisely, 95% of cybercrime techniques—including phishing, bad URLs, fake text messages, infected pdfs, and more—are eliminated.

And that’s the idea behind Intel Security’s new campaign, #ClickSmart. Intel Security wants to empower you with the skills and sense to avoid those dastardly scams.

Here are some tips to get you started

  • Check URLs for misspellings or interesting suffixes. For example, if you see www.faceboook.ru, don’t click it.
  • Only open texts and emails from people you know. But even if you do know the sender, be wary for any suspicious subject lines or links. Hackers can try to lure you through your friends and family.
  • Beware of emails, texts, and search results offering anything for free. If it sounds too good to be true, then it probably isn’t true.

Print

Are you ready to take the #ClickSmart challenge? If so, go to digitalsecurity.intel.com/clicksmart and see if you’re a Click head or a Click wizard.

To learn more on how to #ClickSmart, join @IntelSecurity, @McAfeeConsumer, @cyber, @GetCyberSafe, @STOPTHNKCONNECT  for Twitter chat on October 14th at 12 PM PT. Use #ChatSTC to join in on the conversation. Click here for more information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

5 Reasons why You will get Hacked

Don’t be part of the “I’ll never get hacked” camp. Do you really think it won’t happen to you? If so, it’s:

4DBecause you think no phishing e-mail could get past your radar. Just because you can spot a Nigerian scam doesn’t mean you can’t be tricked. Phishing campaigns today are ingenious and sophisticated, and include information about the recipients, fooling them into thinking these e-mails are from their friends or associates. These messages will blend right in with all your other legit messages as far as content and appearance, which include good spelling and grammar.

Because you think you’re not a target. You think you’re too little a fish in a sea of gargantuans for a hacker to be interested in you. However, every fish in the sea, including the tiniest, is a potential target. Sometimes, all a hacker wants is someone else’s e-mail from which to send spam.

Because you think deleting your cookies will keep you from getting targeted. This is like saying your house can’t get broken into because the second story windows are locked. But what if the first floor windows, and the front door, are open? Intruders will find other ways to cyber track you than cookies. For example, your IP address can identify you, which is why it’s always good to run Hotspot Shield to mask your IP address and protect your data on free WiFi. Second, your computer and browser have your unique fingerprint.

Because you think you’re invulnerable with firewall and antivirus software. Did you know that in some cases the best anti-malware detection, especially for larger business networks, spot only 45 percent of attacks? Keeping in mind you have to have antivirus, antiphishing, antispyware and a firewall as necessary layers of protection.

Because you think that avoiding Internet back alleys will keep you protected. Just like a mugging can occur in broad daylight in a busy mall parking lot, so can deposition of malware in that this is many times more likely to occur as a result of visiting popular online shopping sites and search engines, when compared to phony software sites. And if you spend a lot of time on porn sites, consider yourself infected.

Don’t Be a Myth Head

A smart, sophisticated cyber criminal will go after smart, sophisticated users, not just the dumb ones. Don’t let your guard down for a second. There’s always someone out there who’s smarter than you—or, at least—smart enough to trick you, if you become lax.

One step forward is to just commit to never, ever clicking on any links inside of e-mails. And when you receive an e-mail with an empty subject line, even if the sender is apparently your mother…don’t open it. Instead, send her an e-mail and ask her if she sent you one with a blank subject line. And even then, don’t open it, because you just never know. Protecting yourself takes a little more time, but remember, a stitch in time saves nine. Which frankly, I really don’t know what that means, but it sounds good right here.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Tonight’s Special Guest: McAfee’s Most Dangerous Celebrity of 2014

After a long day of hard work, there’s nothing like coming home, throwing on some PJs, and watching some good old late night television. I love catching up on all the latest news and watching celebrities like Kaley Cuoco-Sweetin discuss the celebrity photo hack (what can I say? I’m a security junkie).

Dangerous Celebrity of 2014It seems like we’ve always had a fascination with the lives of the rich and famous. In the 1700s, people gathered to watch the every move of the King of France, from getting out of bed to changing his underwear. Page Six, the gossip column, used to be the must-read page in the New York Post. Now, in the age of social media, following our favorite celebrities’ comings and goings is even easier. All we have to do is go on Twitter to get the latest about Jayoncé.

Unfortunately, our obsession with celebrities can get us into trouble on the Web. Cybercriminals love to take advantage of our interest in celebrities for malicious means. They use hot celebrity news, like updates on Ryan Gosling and Eva Mendes’ baby, along with the offer of free content to lure you to malicious sites that could steal your money or personal information or install malware.

There are some celebrities who are more likely to lead you to bad stuff than others. Today McAfee announced that Jimmy Kimmel, the host of Jimmy Kimmel Live!, is the 2014 Most Dangerous Celebrity™. McAfee found that searching for the latest Jimmy Kimmel videos and downloads yields more than a 19.4% chance of landing on a website that tested positive for online threats.

Here are the rest of the celebrities that round out this year’s Top 10 Most Dangerous Celebrities list.

 

History tells us we probably aren’t going to get over our fascination with celebrities anytime soon. But there are some things you can do now to stay safe online while you’re reading about your favorite personalities.

  • Be suspicious. If a search turns up a link to free content or too-good-to-be-true offers, be wary
  • Check the web address. Look for misspellings or other clues that the site you are going to may not be safe (for more on this, read my blog on typosquatting)
  • Search safely.Use a Web safety advisor, such as McAfee® SiteAdvisor® that displays a red, yellow, or green ratings in search results, alerting you to potential risky sites before you click on them
  • Protect yourself. Use comprehensive security software on all your devices, like McAfee LiveSafe™ service, to protect yourself against the latest threats

Help Spread the Word!
In order to continue to promote safe celebrity searching, McAfee will be running a sharing sweepstakes. Help others stay educated about staying safe online by sharing Most Dangerous Celebrities content and you could  win a Red Carpet Swag Bag that includes a Dell Venue™ 7 tablet, Beats Solo 2.0 HD headphones, a subscription to McAfee LiveSafe service along with other goodies. You must be 18 or older and reside in the United States in order to participate. Learn more here.

While it’s fine to get your fix of celebrity gossip , remember to be safe when doing so.

To learn more about Most Dangerous Celebrities, click here or read the press release, use the hashtag #RiskyCeleb on Twitter, follow @McAfeeConsumer or like McAfee on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

USB Drives have serious Security Flaws

That little thing that you stick in your computer to store or transfer data can also mean very bad news.

3DThe USB device or “flash drive” can be reconfigured to work like a little thief, for instance, being made to mimic a keyboard and take instructions from the master thief to rip off data or install malware. It can be made to secrete a virus before the operating system boots up, or be programmed to alter the computer’s DNS setting to reroute traffic.

There’s no good defense for these kinds of attacks. The firmware on the USB devices can’t be detected by malware scanners. Biometrics are out because when the firmware changes, it simply passes as the user plugging in a new flash drive.

Cleaning up the aftermath is no picnic, either. Reinstalling the operating system doesn’t resolve the problem because the USB device, from which installation occurs, may already be infected. So may be other USB components inside one’s computer.

Whitelisting USB drives is pointless because not all have unique serial numbers. Plus, operating systems lack effective whitelisting mechanisms. Also, Malicious firmware can pass for legitimate firmware.

To prevent a bad USB from infesting a computer, the controller firmware must be locked down, unchangeable by an unauthorized user. USB storage devices must be able to prevent a cybercriminal from reading or altering the firmware. It must make sure that the firmware is digitally signed, so that in the event it does become altered, the device will not interface with the altered firmware.

  • Watch your USB drive – don’t set it down and make sure you keep track of it so it’s not lost or stolen.
  • Disable auto-run – Turn off auto-run on your computer so that if a USB drive has malware, then it won’t automatically be transferred to your machine.
  • Be careful who you share your USB drives with – Be careful what computers you place your USB drive in and who you let borrow your USB drive.
  • Use comprehensive security software – make sure your security software not only scans your computer for threats, but also any drives that are attached.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What to do in the Aftermath of an Attack

Can you hack cleaning up the mess a hacker makes after infiltrating your computer? Would you even know the first thing to do? And yes, YOU’RE computer CAN be hacked.

2DAfter the attack, locate the portal through which the crumb-bag entered. This could be the e-mail program or browser. This may be easier said than done. Give it a shot.

Next, this portal must be disconnected/uninstalled from the Internet to prevent it from getting into other systems. Look at your Task Manager or Activity Viewer for any suspicious activity. The CPU usage must be checked too. If it goes way up, you’ll have a better chance of detecting fraudulent activity. It helps to know how your computer runs so that you know what’s typical and what’s atypical.

Otherwise head over to Microsoft’s Malicious Software Removal Tool page here: http://www.microsoft.com/security/pc-security/malware-removal.aspx

After severing ties with the hacker or hackers, take inventory of their destruction.

  • Make sure that your anti-malware and antivirus systems are up to date, and enabled. Do a full system scan with both systems.
  • If something looks odd, get rid of it. Malware will continue downloading if there’s a browser extension or plugin. Inspect every downloaded item.
  • Change every password and make it unique and long.
  • Log out of all your accounts after changing the passwords.
  • Clear the cookies, cache and history in your browser.
  • Be on the alert for strange goings-on, and do not open suspicious e-mails, let alone click on links inside them.
  • If things are still acting strange, wipe your hard drive. Reinstall the operating system. But not before you back up all your data.

Preventing an Attack

  • Have a properly configured firewall.
  • As mentioned, never click links inside of e-mails, even if they seem to be from people you know. In fact, delete without opening any e-mails with melodramatic subject lines like “You Won!”
  • Have both anti-malware and antivirus systems, and keep them up to date.
  • Use long, unique passwords.
  • Never let your computer out of sight in public.
  • If, however, your device is stolen, it should have a remote wipe feature.
  • Give your data routine backups.
  • Be very cautious what you click on, since links promising you a spectacular video can actually be a trap to download a virus into your computer.
  • Use Hotspot Shield when you’re on public Wi-Fi to scramble your communications.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Malware and Phishing Warnings in Chrome Browser to be changed by Google

Google normally displays a malware and phishing warning in the Chrome browser. There are plans, though, to alter the display. Currently it’s a white warning against a red background. The new display will be an entirely red page, with a big X at the display’s top. These warnings tell the user that the site they’re about to visit may try to install malware or con you into giving up personal information.

13DThe new warning, like the current one, gives users the option to skip it and go to the website, but they must first acknowledge what they’re about to do.

Though a date for the changes hasn’t been set, they can be viewed on the Dev and Canary builds of Chrome.

The changes are designed to better indicate to users that an attack might happen, rather than make them think that one already has happened. After all, a malware warning should not scare you away, but instead, inform. Nevertheless, many malware warnings get ignored anyways.

A study showed that people were twice as likely to bypass a warning if the website was already part of their browsing history. This indicates that users are not so likely to believe that a previously visited, and especially popular, site could be threatening.

The study recommends that warnings should be formulated to let people know that even “high-reputation websites” can be malicious, poised to download a virus or deceive you into giving out your Social Security number.

The malware and phishing warnings on Chrome will perhaps always be in a state of further development.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Best Way to Destroy a Computer Virus

Computer viruses are here to stay, which means users need to know the best way to eradicate them the moment they attack. Like disease viruses, computer viruses evolve and get “smarter.” The many different kinds of computer viruses (such as worms, Trojans, spyware) are called malware: malicious software.

4HIn general, security software comes with instructions for getting rid of or containing malware.

For Windows users, Microsoft provides tools that get rid of malware. Between your operating system and antivirus software, you will have the basic tools for fighting off most viruses.

Tips for Protecting Your Computer

  • Every day, run a quick scan of all of your devices. But in addition, run a weekly deep scan. Either type of scan can be manually set up or set on an automatic timer (which is actually a lot better since you wont have to remember to do it).
  • Your e-mail program should be set to alert you before you download any graphics or executable files. If you can, set your e-mail to display only text, and to alert you before loading any graphics or links.
  • If you don’t recognize an e-mail sender, and the message includes a link, never click on the link. If the link has you curious, then visit the associated website via outside the e-mail, or, manually type the link’s web address into your browser. In fact, don’t even click on links in e-mails that are supposedly from a familiar sender. Fraudsters can make it look as though the sender is someone you know. Never mind how they do this; it happens.

You can outwit cybercriminals. You just have to be a little smarter than they are and never think, “It can’t happen to MY computer.” There’s nothing special about your computer that makes it intrinsically immune to cyber threats. You must be proactive and take measures to prevent malware attacks.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

How to tell if your Computer has a Virus

Your computer probably has a virus if you can answer “Yes” to any of the questions below:

Is your computer running quite slowly?

A virus often causes a computer to run slowly. But realize that this symptom can also mean that a computer needs more memory, or that the hard disk needs defragmenting. It can also mean spyware or adware is present.

Are programs automatically starting?8D

A virus may damage some programs. And in some cases programs might not start at all.

Are unexpected messages occurring?

A viral infection can make messages appear unexpectedly.

Does your Windows program suddenly shut down?

A virus can do this, too.

Is your hard disk or modem working overtime?

Ane-mail virus sends many duplicates of itself by e-mail. You can tell this might be happening if the activity light on your external modem or broadband is constantly lit. Another clue is that you can hear your computer’s hard disk constantly working.

These situations don’t always mean a virus, but they shouldn’t be ignored, especially if there are other problems occurring.

If you already have the latest version of a solid antivirus program, it should spot a virus that’s already in your computer and even a virus that’s about to be downloaded.

Antivirus software works best when it’s programmed to scan your computer at regularly timed intervals (this way you won’t have to remember to manually do it). The software should also automatically download updates to your computer for antivirus definitions.

A reputable antivirus software system should be able to detect a virus trying to get into your computer or one that’s already present. As viruses are always evolving, there may be an invader that your software does not yet recognize, but probably soon will, once an update occurs of a new virus definition.

When a reliable antivirus program spots a virus it will quarantine it. You’ll then be asked if you want to promptly delete it or set it aside. This is because there may be times when the antivirus software thinks that a legitimate program or file is a virus. You then get the opportunity to restore the program or file.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The Role of Antivirus Software

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

The purpose of antivirus (AV) software is to detect, neutralize or eradicate malware (malicious software).

6DAV software not only will identify and destroy the computer virus, but it’s also designed to fight off other kinds of threats such as phishing attacks, worms, Trojan horses, rootkits and more.

How does AV software work?

  • It will first scan (either on automatic timer that the user selects or manual) the computer’s files to seek out any viruses that fit the description that’s in a virus dictionary.
  • Using a method called heuristic analysis, it will also try to detect suspicious activity from any program that might seem to be infected.

Antivirus programs come in different flavors, but the common denominator is that they seek out viruses and other malware, and neutralize them.

The computer’s hard drive and external drives are also included in the scanning process.

What’s really important is that you make sure that your AV software is set for automatic updates—and on a daily basis at that—so that any new viruses or malware can be quickly pounced upon and rendered disabled.

Cybercrimes are more prevalent than ever, says the McAfee Threat Report. Check out some findings:

  • Fairly recently (first quarter of 2013) was a time that was the most active, ever, for the entire gamut of malicious software generation.
  • More than 14 million new samples were identified by McAfee.
  • Malware is evolving, becoming savvier. An example is the Zeus malware that gets spread when the user unintentionally downloads it (from being tricked into doing so), or, when the user opens an attachment in an e-mail, not knowing it’s poised to infect his computer. This malware is smart because it evades anti-spam software by presenting as graphics instead of text in the e-mails.
  • Every month means about six million new botnet infections.
  • Between the first and second halves of 2013, new phishing websites doubled in number.
  • Sixty percent of the leading Google search terms returned malicious sites just in the first 100 search results alone.

The key is simply to have antivirus installed, let it run its updates automatically and pay for the annual license. As long as you have it, it will prevent most infections.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.