Over the last few weeks, we have spent hours cleaning up systems infected with malware. While we are always happy to help our customers, this has created some tense moments for some of you. Let’s take a minute this morning and talk about these malware attacks.
There are multiple ways of getting malware on your machine but today, I want to focus on phishing attacks. Phishing is when the bad guys send out thousands of emails that spoof a legitimate company. Their goal is to get a few people to click on a link embedded in the email. This link will either run a program or take you to their site. Once there, you might find that their site is an exact duplicate of another, legitimate, site.
These emails come in a variety of types like:
- Emails from a known company that you may use regularly.
- Ads for merchandise at very good prices
- Ads with social or political messages
- Emails from friends suggesting that you CLICK HERE.
Our definition of malware is any software that is malicious. Unfortunately, many of these look exactly like the real thing, but clicking on them can lead to installing malware on your machine. The results can vary greatly and include:
- Toolbars installed without your permission designed to hijack your browser and serve their ads.
- Software that is designed to be “destructive to trade” and breaks your computer.
- Software that kidnaps your machine and demands a ransom for its return.
- Software that gives control of your machine to a bad guy for nefarious uses.
- Software designed to steal from you.
Phishing emails that you may see!
Remember that phishing emails are designed to get you to click on them. They are hoping that you are not paying attention to them. The best defense is to train yourself to look for the obvious signs that this is fake. Luckily for us, many of these attacks originate out of the country and the creators may not fully grasp the English language. One dead giveaway is when you see obvious grammatical errors, misspelled words, or improper punctuation. Here is an actual phishing email that I received earlier this week.
Here you see that AT&T (now email@example.com) will be conducting a “removal exercise” of both “used and unused” accounts. This one is fairly obvious. The capitalization errors with “Accounts” and “you” are also giveaways.
If you click on this link, it would take you to a page asking you to log into your account. The minute they capture your login, their software will use your account to start bulk mailing out emails to their lists. This might be simply bulk spam like the infamous Viagra ads or more phishing emails like this one. Although this one doesn’t hurt your computer, you probably don’t want thousands of people getting emails from your account advertising Viagra.
Legitimate companies will always give you the option of logging in independently and checking on your account! If you
are truly concerned about your Bellsouth account, then go log into it and see if there is an issue. Do not use this link!
This one is designed to steal!
Here is a sample of a letter being sent to thousands of people across the country appearing to be from Dunn and Bradstreet. D&B is a well known US brand that maintains credibility files on companies throughout the US. Their rating can impact the financial position of a company. Banks and investors often look up a company here before investing their money or offering loans. Customers and potential customers can also look here for information about the companies they choose as corporate partners.
As you can see, this one is much better than the first. The email looks correct and the letter appears to be copied from a D & B letter. One giveaway, however, is in the first paragraph when it references the reverse side. This probably came from a real letter instead of an email. The real giveaway here is the sheer number of people that are also getting complaint number 2306179. Also, legitimate companies rarely send attachments and even more rarely zip them. Clicking on the attachment will install a particularly nasty version of malware that logs your key strokes and tries to steal banking information from you. It also notifies the hacker in real time that it is on your machine and available, allowing him to invisibly log into your machine without your knowledge.
This email has been very effective in infecting user’s machines. There is a warning on the REAL Dunn and Bradstreet website warning about it and hundreds of people have commented. Many, many more will never comment. Some only discovered this issue after it was too late! This is a very easy trap to fall into and the items I point out are not obvious at first look.
Why isn’t this caught by my antivirus software?
Windows 8 is 20 times less likely to be infected with malware than Windows XP
In order to answer that question, we have to think about how antivirus software works. Every day, security researchers discover new threats to your computer. These are carefully tracked in the wild and a number of firms cooperate to develop fixes. This is not an easy thing to do. Even the most basic user has literally hundreds of programs on their machine. It is rare that two people have the same combination of software installed. This is made worse by the fact that we expect to be able to run older software on our machines. It can be hard to determine what is malware and what is a program that you installed on purpose. Having said that, Microsoft has made solid progress in hardening the operating system. Windows 8 is 20 times less likely to get malware as Windows XP!
Every time a new exploit is developed, the security firms create a fix and get those out to their customers. They work hard to get these out quickly, but there is always some amount of time between the detection of the threat and its fix. Then you have to get the fix onto the machines to protect them. Most people have to download these updates and that can take weeks.
Our customers never have to update their security software. We use an enterprise model where you get updates as they are released via the internet
User behavior is critical
Although your security software is constantly being updated, it can never be perfect. Malware creators are as skilled and smart as the security researchers and often are as well funded. Each time a fix is developed, a new variant is created and released that bypasses the fix. We are caught in a cat and mouse game between the good guys and the bad and the game changes often. As soon as one exploit is fully patched, another is found. In many ways it is like dealing with crime. We have all learned to avoid behaviors that put us in danger. We need to learn similar skills online.
We can’t eliminate all malware by being careful. Some of it is cleverly embedded in websites and emails to run in the background without our knowledge. We can, however, avoid the types of places where this software typically resides. This would include most sites that skirt the copyright laws. I am not talking about the legitimate sites like Pandora, Netflix, Rhapsody, Spotify, etc. On those sites and many others, you pay a fee to get material. There are sites, however, that offer “free” Hollywood movies, music, games, and other software. Many of these are havens for malware. In addition, all of us get email and lots of it! It is easy to click a wrong link when you aren’t really paying attention and that’s what malware authors are hoping for. It is so important that we all recognize the early warning signs of a phishing attack. Please share this information. Informed users are less likely to make mistakes that lead to malware infested systems. And that is good for all of us!