Category: Malware Page 5 of 6

Why Website Malware Removal Just Got Even More Urgent

Website malware removal is probably not at the top of your daily “to do” list, and yet it’s something that no business can ignore, even for a day. And new tactics by ransomware authors might just push that task right to the top of your list.

Ransomware is one of the most dangerous types of malware to emerge in recent years. It works by encrypting all the files it finds on infected computers and then demanding a ransom be paid for this files. That ransom can be as high as $10,000 but even paying it might not result in a good outcome. If you’re a business owner, the impact on your business could catastrophic and chances are you’ll never see those files again.

Read More

PCI compliance

Protecting Your Business From A Data Breach

It’s been a good time for malware and its authors, but a very bad time for businesses and especially those that have suffered a data breach. A variety of point of sale (PoS) malware has run rampant through thousands of business and retailers in just the last few months, creating a massive haul of stolen credentials for hackers worldwide. And making consumers a very nervous bunch.

The Home Depot Data Breach

The latest victim is Home Depot, which only just announced that it had lost at least 56 million customer credit and debit cards to hackers who used a variant of PoS malware that’s growing in popularity amongst criminals — because it apparently works very well.

Read More

Blackshades RAT a Threat to Every Business

blackshades RATIn what we can only hope is a sign of things to come, law enforcement around the world showed unprecedented cooperation in shutting the shades on a gang responsible for creating and sharing a nasty piece of malware that was spreading rapidly around the world.

The malware is known as Blackshades, and was allegedly created by a 24-year-old Swedish man who ran his malware operation like a legitimate business. The entrepreneur was very committed to making his malware as popular as possible, hiring a marketing director, customer service representatives, and a customer service manager.

Read More

11 Things You Should Know About the Heartbleed Bug

heartbleed bugIt won’t actually make your heart bleed and you can’t catch it. But it has caused a lot of heartburn since it was announced and probably caused lots of websites to bleed valuable data. Here is a list of eleven things you should know about the Heartbleed bug.

  1. It’s an exploit in OpenSSL, a type of security that protects a user’s communications with a website (the s in https) and around half a million secure web servers may have been affected.
  2. “Open” means it’s open source and free for anyone to use. It also means all the code is freely available and has been since Open SSL was first introduced more than 15 years ago.
  3. It’s a very big deal. According to Bloomberg “Heartbleed appears to be one of the biggest flaws in the Internet’s history, affecting the basic security of as many as two-thirds of the world’s websites.”
  4. It was discovered just recently by a security firm. But it’s apparently been known to the criminal community for a couple of years, and they may have been quietly exploiting it all that time.
  5. Heartbleed is not actually a virus or malware or a hack but simply a mistake in software coding made, probably innocently, by one of the many contributors to the Open SSL project.
  6. It can steal user passwords and credit card numbers – things that are most often protected by SSL.
  7. Some of the biggest sites on the web have been affected, from Gmail and Yahoo, to Facebook, Instagram, Pinterest, Google, Amazon, Netflix, and YouTube. However, it’s unlikely your bank’s website has been affected because few banks actually use Open SSL.
  8. A number of news outlets say that criminal weren’t the only ones who knew about Heartbleed and were quietly exploiting it. Some are accusing the NSA of knowing about Heartbleed for nearly two years and using the flaw as a spying tool.
  9. If in doubt, change passwords for all your important websites, then change them again in a few weeks. Some websites are slow to fix the flaw, so it might be safer to change passwords more than once.
  10. If you want to check whether or not a website is still unpatched and vulnerable to Heartbleed, there are plenty of places to do so. Try https://filippo.io/Heartbleed/.
  11. If you host a website, make sure you apply the security update. You can get more information at http://www.openssl.org/.

To help keep your website protected, all SiteLock plans SecureSpeed and higher include daily vulnerability scanning that detect Heartbleed and similar issues. To learn more call 855-378-6200.

Malware

8 Malware Threats To Watch Out For

Malware threatsSo many malware threats, so little time. We’ve rounded up the eight most dangerous malware threats every business needs to be aware of.

1. Banking Trojans

From Citadel to Zeus, banking Trojans have proven to be some of the most potent and profitable malware tools. This malware focuses on stealing bank account logins, which in turn can be used to steal whatever is in those accounts. It is believed that Zeus alone has been used to steal more than $120 million from compromised accounts.

2. Backdoor Trojans

Backdoor Trojans are designed to give hackers the very same access and rights to a computer or network as the administrator in charge of managing them. Which means hackers can do a lot of damage over an extended period – from stealing information and deleting files to changing passwords and modifying security settings.

3. Keyloggers

Keyloggers have once again become a favored tool of cybercrooks. They’re designed to steal anything that’s typed on a keyboard and even on a touch screen. In recent tests, only one of 44 of the most popular antivirus software products in current use was able to detect even the simplest keylogger.

4. Ransomware

Ransomware like Cryptolocker is also on the rise, and researchers claim that the malware has been so successful in making money for its creators that it’s likely to spawn lots of copycats. Ransomware makes money by encrypting all the data on an infected computer and then charging a fee or ransom to release that data back into the custody of its owners. One small cyber gang is believed to have made more than $27 million using Cryptolocker.

5. Exploit Kits

Exploit kits can include Trojan downloaders and droppers and are really the road crew of the malware industry. Their job is not so much to commit the crimes but set them up. Once installed on a victim computer or network, they give the criminals the options of what kind of malware they want to upload. In 2013, the Blackhole Exploit Kit was most commonly used to deliver the Zeus banking Trojan.

6. Bots

Bots are tiny pieces of malware, at least compared to their malware cousins described above. And unlike their cousins, they’re not specifically designed to attack the host computers they infect. Instead, bots take control of the infected computers, sometimes millions of infected computers at a time, to assist in other crimes. Those crimes could be to share or hide stolen information, distribute child pornography, or attack other computers.

7. Drive-by Downloads

Drive-by downloads, like APTs, are not really malware but attacks designed to help malware. They don’t necessarily break into the bank, just cut the hole in the roof for others to climb through.  Vulnerable websites are infected with malware that’s not designed to attack the website itself, but to spread the malware to visitors to that site. Once recent report found that crooks now prefer to spread malware through websites versus email by a ratio of 5-1 because it’s much more effective.

8. Advanced Persistent Threats

Advanced Persistent Threats, or APTs, may not really be a type of malware either but a type of attack that usually involves malware. And usually the most sophisticated kind. APTs have been growing in popularity because they work, and get their name because the attackers will often pick very specific targets and attack them relentlessly over a long period and using some very sophisticated attack tools. Some companies and even individuals targeted by APTs have been attacked as often as thirty times in thirty days.

Constant vigilance and layers of security are your best defense against malware. It’s much more cost-effective to put security in place proactively rather than react after an attack. SiteLock’s website security solutions can find and even automatically remove malware, as well as block malicious traffic from accessing your website in the first place. Call our security experts today at 877.563.6200. We are available 24/7 to help.

 

SiteLock Website Security

Hacked.gif: The Hidden Dangers of Malware in Website Images

For your company’s brand, sometimes image is everything. And how better to establish the your brand’s image than through the images on your website? The images you use on your website and social media accounts have to be chosen carefully.

You need to choose images that support the content you’re publishing and the message you’re promoting. You need to choose images that are appropriate for your audiences because you don’t want to offend anyone. And of course you need to choose images that you have permission to use. Using unlicensed images can cost you thousands of dollars in fines, even if they were put on your website years ago by a third-party web designer.

Read More

POS Malware

Big Brands Defenseless Against POS Malware

2014 could go down as one of the most significant years in the world of cybersecurity, and malware in particular. It wasn’t just the small window that revealed data breaches at Target, Neiman Marcus, Michaels Craft Stores and potentially dozens of other retailers. Nor was it the fact that this explosion in data breaches could all be the work of a seventeen-year-old.

Read More

Businesses Defenseless Against Keyloggers

keyloggersWhen news broke last week that security researchers had found more than 2 million stolen passwords hidden on a hacker’s website, it didn’t take long for media around the world to get on the case. It appears the passwords were stolen over many months, and from users of Facebook, Twitter, Google, LinkedIn and many other sites.

The story that seemed to get the most attention from the media and from security experts was what these 2 million passwords told us about the password habits of users. That they were awful. Not that that’s really news, but still, once again we discovered that the most common passwords included in the haul were 123456, 111111, and perhaps worst of all, password.

However, we noticed something else, something that other security experts seemed to miss completely. The initial suspect in the heist was a keylogger, a tiny piece of malware that will infect computers, steal things like logins and passwords, and pass them back to the hackers.

On the very same day the media frenzy started, we noticed that a security firm OPSWAT revealed some very scary test results. When they planted a basic keylogger on one of their test computers, and ran scans with more than 40 of the most popular consumer and business antivirus products over two weeks, only one product caught the keylogger. Which probably means most consumers and even small businesses probably won’t be able to detect it either.

While the better antivirus brands are generally good at catching the most common malware, a study by the University of Alabama found that those same products only catch around 25% of the more advanced malware. And that’s the stuff that can do the most harm.

Keyloggers are typically in search of logins and passwords, but they don’t just log what you type. They can also capture screenshots of what’s on your computer, screenshots of the websites you visit and the folders you open, and even what you search for. And software isn’t the only variety. There’s a growing trend towards hardware keyloggers – keyloggers designed to look identical to a plug or connector you’d expect to find at the back of a computer or even a cash register. One such hardware keylogger was recently found plugged into the back of a cash register at a Nordstrom store in Florida.

If keyloggers make their way on to computers in your business, the hackers may be able to steal logins and passwords to your website or bank account. They might also be able to steal payroll and customer information. They might even be able to hop from your computers to your website, and from there infect visitors to your site. Which could end up with your business being blacklisted by the search engines until you solve the problem.

So what can you do cripple this menace?

  • Start by talking to your employees, explain what a keylogger is, how it can threaten your workplace, and how you can all work together to protect against them.
  • Require all your employees to use anti-keylogger software, like Key Scrambler (free). They won’t protect your business against every type of keylogging but are a good defense against the more common software based. Some work by instantly encrypting or scrambling all your keystrokes so that they’re unusable to hackers.
  • Make sure you and your employees use one of the many safe surfing tools or plugins, like Web of Trust (WoT). As users become more wary of malware hidden in email attachments, hackers are turning to websites instead. Known as watering holes, hackers will find vulnerable websites, load them with keylogging malware, and simply lie in wait for visitors to those sites. SiteLock is finding as many as 5,000 small business web sites every single day already compromised and requiring malware removal. Safe surfing tools will help alert you of suspicious or dangerous websites before you click on them.
  • Always have good antivirus software on every computer and device you use in your business and at home. And encourage your employees to do the same. Some of the best is free, including for your smartphone and tablet. And scan often — at least once a week is recommended.
  • All employees should change their passwords often and think about passphrases instead.
  • Be careful what you allow employees to download and install. Poor security habits and hygiene are a leading contributor to malware infections. Slow down, guard up, verify first, and only download if you’re really sure and you really need to.

For more information on protecting your business from cybersecurity threats call SiteLock at 855.378.6200.

Is Your Website a Malware Watering Hole?

A watering hole, or water hole, is a website with vulnerabilities that hackers take advantage of to plant malware. The idea is that the malware simply lies in wait until someone visits your website, and if that someone is not using protection, he or she will find their computer or smartphone infected with that malware.

Read More

PC vs. Website Malware removal

When you purchase a new PC, you wouldn’t dream of connecting to the Internet without having an antivirus tool in place. Because it’s fairly common knowledge that the pace of growth and infection of viruses and attacks that affect personal computers is increasing rapidly and they can do serious damage. PC viruses and malware are often looking for personal information, like credit card data, that can be used for criminal and fraudulent activities.

malwareTo counteract the PC infection and theft that viruses and malware can cause, anti-virus tools have a sophisticated knowledge base of active threats. And they continuously look out for computers that have out-of-date antivirus software so they can update it automatically to protect PC owners and their computers from new threats as they are discovered.

Read More

Page 5 of 6

Powered by WordPress & Theme by Anders Norén