By

Let’s be careful out there

If you’ve read anything online, undoubtedly there have been headlines about exploits, vulnerabilities, identities stolen and other compromises.

Are you one of the 9.3% using Internet Explorer 10 (IE10)? Hopefully, you keep your software updated, as Microsoft did squeak in a patch last Tuesday. However, if you haven’t, please stop reading this and update it and all other Microsoft patches immediately.

FireEye recently found a combination of watering-hole attack and drive-by download that utilizes the exploit in IE10.

You don’t know what a watering-hole attack is?

Let’s say the hackers find an exploit in a particular browser and they want to use that to infect the computers of people most likely to use that browser. They will find one or more websites that focus on that particular group of people. The hackers will then try to infect those websites with some drive-by download code. This means that anyone visiting those websites will be subject to the download which will infect their computer.

After the websites have been infected with the drive-by download code, hackers will blast out a series of SPAM emails that include a link to one of their infectious sites. The SPAM will be targeted to people in the targeted industry. This is called a watering-hole attack.

Just so you don’t think I’m focusing on Microsoft, these same types of attacks happen on FireFox, Chrome and yes, even on Macs.

Your best defense against these and other attacks is to keep your software updated – constantly. This doesn’t mean just your browser, but all Adobe products, your operating system and all other software programs installed on your computer.

April of 2014 will see the end of support for Windows XP and Office 2003. If you haven’t upgraded these yet, you should make plans. Without support from Microsoft, you will no longer get updates to that software. Hackers know there will be many people refusing to upgrade so not upgrading will make you the “low hanging fruit” for hackers.

In addition to keeping your software updated, please let everyone you know to use strong passwords. This cannot be emphasized enough. About 30% of the websites we clean are the result of compromised passwords. Make it at least 9 characters long and DO NOT use common, related words.

A recent informal survey we conducted shows that many passwords end with either the year, 123 or the exclamation mark (!). If this sounds familiar, please change your passwords immediately.

One other key point that we’ve been “pushing” for some time now is to schedule daily full system scans with your anti-virus software.

Here’s why.

If the anti-virus company finds a new virus “in the wild” on Monday, they will analyze it and create a rule to detect that virus. Then on Tuesday, you update your anti-virus software – either automatically or manually, this means your computer is protected from getting infected by that virus from Tuesday moving forward. However, if your computer was infected by that virus on Monday, your anti-virus program won’t remove it until you run a full system scan.

That’s why it’s critical that you run full system scans – EVERY DAY!

If you have any questions, please either email me at: traef@wewatchyourwebsite.com or post a comment.

Let’s be careful out there, huh?

Thank you for reading.

By

FTP Password Stealing Malware

For years now, I’ve been writing about how often websites are infected by hackers stealing their CMS (WordPress, Joomla, etc.), FTP or hosting account login credentials.

I know that some of our competitors roll their eyes whenever we help someone in a forum seeking help with an infected website and we determine that their site was compromised due to stolen login credentials. However, our experience shows this to be a widely used method by today’s cybercriminals.

Here is a link to an article about how this malware works: http://vinsula.com/hunting-down-ftp-password-stealer-malware-with-vinsula-execution-engine/

In the article you’ll see how this malware works. It seeks certain files on your local computer and sends them to the hackers CnC server (Command ‘n Control server). You’ll see in that article that it also seeks out certain anti-virus programs and either disables them or reconfigures them.

One other interesting point of this article is how they obtained the malware – via an infected email. You have to be suspicious of all emails. We constantly see one that looks like it’s from LinkedIn, but if you hover over the link to see their profile before accepting their invitation to connect, you’ll see it does not go to www.linkedin.com. This is a very cleverly crafted email designed to infect the unsuspecting recipient.

Please share this others. The more knowledge shared about how hackers (cybercriminals) work the better and safer we’ll all be. Have any incidents like this to share? Let me know…

Thank you for reading.