Popular website hacked – dished out password stealing Trojan

Here is how you get malware/viruses on your computer and have your passwords stolen(excerpt from malwarebytes.org):


Just For Men website serves malware

Posted September 20, 2016 by Jérôme Segura

“The website for Just For Men, a company that sells various products for men as its name implies, was serving malware to its visitors. Our automated systems detected the drive-by download attack pushing the RIG exploit kit, eventually distributing a password stealing Trojan.”


So which anti-virus should you use?  Well, there is no such things as the perfect anti-virus but my favorite is Malwarebytes AntiMalware. You can get your copy here.  This is part of what I use to clean up customers virus/trojan/malware infected computers.

My favorite Anti-Malware / Anti-Virus program

Just a quick note on what my favorite Anti-Malware / Anti-Virus program is and how to get it.

MalwareBytes AntiMalware has been my Go-To for many years and still ranks #1 in my opinion. No other well advertised anti-virus program cleans things up and finds the garbage that needs to go as well as MBAM. Grab your copy here – MalwareBytes Download.

They also have a ‘Back to School’ special combo right now –

Anti-Malware + Anti-Spyware for free. 1 User 3 PC’s for $39.95.

Wabash Valley Cyber Security Report 2015

Mission: To determine the current level of cyber security in the Wabash Valley between Terre Haute and Vincennes Indiana.

So when I began planning to investigate the state of cyber security in the Wabash Valley I thought that a few small businesses may have an insecure wireless router and possibly a small town government office or two. To my astonishment that was not the case. As my investigation continued I found so many insecure wireless routers that I decided to make that my main focus for this report. This wireless survey was done with a simple drive-by wireless security scan using freely available tools on my android smartphone. This was a safe scan that simply listed broadcasting WIFI routers. It does not connect to or hack into them. I drove from Terre Haute to Vincennes Indiana and found multiple businesses in each of the following categories and even some government offices that had old easily hackable wireless encryption settings. Actual locations will not be disclosed for obvious reasons.

Insurance Agencies

Law Offices

Certified Public Accountants (CPA’s)

Medical Clinics

Wealth Management Offices

Dentist Offices

City/County Government Offices

Probation Offices

Tax Advisors

Chiropractors

Fire Departments

Ambulance Services

Pharmacies

Newspaper Offices

New Car Dealerships

Technology Support Companies

And the list goes on…

So what? What’s the big deal?

Identity theft. That’s the big deal. Personally Identifiable Information exposed. Your customers bank accounts drained and their credit destroyed. And that is only one of the ‘big deals’. Consider company secrets, client lists, manipulated data, deleted data, even YOUR identity.

How are these businesses vulnerable? What is it about their wireless routers that leaves them exposed?

In a nutshell, not keeping pace with current cyber security best practices and ignoring the threats that we don’t see. Technically speaking, those routers are using old forms of encryption. Those old encryption algorithms have been easily hackable for years. Then there is WPS (WIFI Protected Setup). About half of all off the shelf wireless routers that have WPS enabled are also hackable. Some may take longer than others but the end result is the same. All of the business categories I listed above were using old encryption algorithms. Simple to hack. The list would be much longer if I included those using newer much more secure encryption – yet still have WPS enabled. Here is a link to a short article I wrote earlier about dealing with WPS: http://www.npgcomputers.com/how-to-keep-your-data-safe-from-wireless-hackers/

The results from approaching several of these businesses to let them know of the dangerous situation is equally stunning. Of the ten businesses and government offices that I spoke with in person, none of them had any idea of the problem. What’s more is few made any changes to secure their wireless routers. Many of them said they would correct it or knew of the issue and were in the process of securing them. I checked a few days later. No change. Maybe the person(s) in charge of those routers simply don’t understand the issue or choose to ignore it. At your peril.

Another disturbing fact to consider: since they are using a form of wireless encryption that has been easily hackable for years, how many have been hacked already and don’t even know it? How long has a black hat hacker been stealing customer information – your personal information and using it for nefarious purposes? Thieves don’t leave their calling card and say “Hey I broke in and stole your data”. They want to keep the dirty deed a secret so they can come back later and do it all over again.

Let’s suppose that the data at risk is nothing of value and no personal information is accessible. As a business owner, what is the value of customer perception? If the public were to become aware of your lax security practices how might that affect your bottom line? Security breaches are detrimental to any business. And not just the immediate financial costs. A tarnished reputation is hard to overcome. Regaining customer trust is certainly tough once personal information has been compromised.

Ok. As a small business owner myself, I know it’s hard to stay on top of all the latest technological changes and cyber security issues. Who has time, right? Most small business owners believe they are not a target because maybe they don’t have many valuable assets, but what that really means is they are easy targets since network security is probably not on the daily priority list.

If I can find out this level of information from simply driving by, then what other more in depth private information could the serious hackers already have?

Quoted from and article on Examiner.com:

…Wireless computer hacking of identity theft and payroll thefts totalling more than $3 million dollars in Seattle has landed the last defendant in federal prison.

Joshuah Allen Witt, 35, was found guilty with two other defendants for hacking into 50 businesses software using a wi-fi receiver that detects business wireless networks. They hacked into the security codes and accessed company computers, according to the Seattle Times online edition.

Termed “wardriving”, the defendants used a device that picked up wireless transmissions and were able to crack security codes that they had in a car. The defendant’s also broke into businesses to install malware on company computers.

Witt was sentenced to eight years on charges “that included conspiracy, aggravated identity theft and access-device fraud”, according to the Seattle Times report. Also reported was that the U.S. Secret Service’s Electronic Crimes Task Force broke the case after 2-1/2 years.

Wireless hacking has been going on for years. Not only do criminals use “wardriving” methods while driving around in cars with wi-fi hacking technology, but utilize “warparking”, another term to describe someone with laptop sitting in a car of a parking lot or street curb.” – http://www.examiner.com/article/wi-fi-hacking-seattle-cost-businesses-3-million

How many readers have the same password for almost everything? Exactly. Let’s assume the business is secure, what about the owners wireless router at home? A dedicated hacker could simply hack the home router waiting for a password to be captured. Once done, your world is his.

* Image excerpt from: http://mercatus.org/publication/information-sharing-no-panacea-american-cybersecurity-challenges

What about hospitals, medical clinics and the devices they use? They must be really secure, right?

Quoting a report posted on Kim Komando’s website concerning health care security:

…That sounds like a terrible movie plot. But, sadly, it’s a reality. We’ve been telling you that hospitals and all that lifesaving medical equipment they use, like pacemakers for your heart and blood gas analyzers (BPA), are vulnerable to hacker attacks. But, even we couldn’t guess how bad it really is.

Hospitals and their network-connected devices are so poorly protected that, in July, the Food and Drug Administration issued its first-ever cybersecurity advisory about a medical device.

Specifically, the Hospira Symbiq infusion pump, because it’s vulnerable to unauthorized users controlling the device. In other words, hacking it. It’s “precedent setting,” according to the FDA’s Center for Devices and Radiological Health…” – http://www.komando.com/happening-now/334445/hospitals-are-tragically-open-to-hacking

This report mostly covers the easy low hanging fruit that any hacker can pick from right outside your business. For example, once the router password is hacked the perpetrator can modify the router settings and redirect your internet browsing to malicious sites that try to install malware of all sorts on the computers including the infamous CryptoLocker Ransomware virus that holds your data hostage until you pay the ransom fee. Many other more complex, in depth wireless hacks exist and defeating them requires vigilance. More on these in the next report.

Malware is actually the most common threat I find on client computers. When I say most common, I mean 90% of every single computer I cleanup! But you have an antivirus like Norton or McAfee, so your safe right? Probably not. Most of those 90% that I check have Norton or McAfee – AND have multiple forms of malware / spyware / trojans / viruses that haven’t been caught. Some of that malware is just advertising junk. But some of it designed to steal your usernames, email addresses and passwords – or secretly give a hacker remote access into your computer. These threats can be even more dangerous than insecure wireless routers since it doesn’t require a hacker to be anywhere near your computer or business. Just clicking on the wrong email attachment or website link can infect your computer. These malware programs lay in wait, then capture your data and send it off to hackers unknown anywhere in the world. If you want to spend some time checking your own computers, I wrote an article outlining many of the in-depth steps used every day to detect and remove the sneakiest malware: http://www.npgcomputers.com/malware-removal-secrets-revealed-page-1/

So far we’ve only discussed business and government cyber security. There are far more home wireless routers that are using the same insecure wireless settings and have untold amounts of malware doing dubious things with sensitive personal data.

So what are some solutions?

For wireless, you can make things a little more difficult for the casual hacker by:

  • Enabling Proper Wireless Encryption
  • Disabling WPS
  • Making the SSID’s hidden
  • Changing the SSID’s
  • Using strong complex passwords
  • Changing the default admin password on the router
  • Educating employees about wireless hacker methods
  • Engaging a 24×7 cyber security remote monitoring service to keep an eye on router and computer security logs and alerts, and keep everything updated.

For malware:

  • Keeping Windows, Flash and Java patched and updated. That plugs many security holes.
  • NEVER run your machine as an administrator. Set up a standard user account and make it prompt you when it needs administrator privileges. This will keep you from getting infected by MANY malicious websites.
  • Having your computers put through an in-depth scan every 6 months by experts in malware detection and removal. Today’s malware is very invasive and requires advanced techniques to thoroughly find and remove.
  • Engaging a remote security monitoring company that can keep an eye on new infections in real time, taking action as needed.

For web based email, Facebook, Twitter and other online accounts:

  • Be sure to enable 2 step authentication. This really puts a dent in a hackers ability to take over your online accounts.
  • Use complex passwords.
  • Don’t use an open hotspot to check the accounts. Open hotspots make it much easier for hackers to listen in and capture passwords.
  • Use different passwords for each account.

These are just a few of the things needed to increase your protection level against so many ever present cyber threats. The list is long and ever evolving as the technology changes and hackers develop new ways to steal.

I hope this report sheds some light on many of the current cyber security issues that threaten our livelihood and how to deal with them. Do you have a security incident that has affected you or your company? If you can share it with us we will remove the confidential details and include it in our next article. It might prove very insightful to others. Send me an email at david@npgcomputers.com.

In the next cyber security article we’ll talk about:

  • The dangerous Evil Twin router
  • The infamous CryptoLocker ransomware
  • Phishing Attacks that con you into divulging private information
  • Keyloggers that steal passwords
  • How your company website may not be secure
  • Smartphones – Protecting them from Malware
  • And a recommended list of security minded, high performance wireless routers

Do you have concerns about your companies state of cyber security? Our security team helps organizations small and large stay safe from today’s nastiest hackers and avoid disaster.

What we do:

  • Make your Wireless Routers more secure
  • Cleanup and Secure Malware Infected Computers
  • Reduce the installation rate of new Malware threats
  • Provide a “2nd Set Of Security Eyes” to compliment your I.T. department
  • Train your employees to spot potential security issues
  • Perform external and internal penetration testing to search for new and unknown ways that Hackers/Data thieves might get into your network – then secure them and lock the door.
  • Work daily on the digital front line protecting clients from new threats, malware and data thieves

Questions or concerns? Contact me anytime:

Email: david@npgcomputers.com

Connect with me on LinkedIn: www.linkedin.com/in/daviddubree

Follow me on Twitter: @daviddubree

NPG Computers – Find us on Facebook and Twitter

How To Keep Your Data Safe From Wireless Hackers

In the world of small business, the thought of Cyber Security, protecting customer data and monitoring log files for hacker activity usually takes a backseat to the daily grind of selling more product, the next advertising piece, making payroll, tax issues, employee problems, etc.  Who has time for it, right?

One group does have time for it – Data Thieves. And a lot of them.

There are many facets to cyber security and protecting your data including operating system updates, spyware detection, good passwords and the human factor.

In this post I will focus on how they steal your data through a very common device – your wireless router.

‘But my WIFI router uses a password so it’s safe, right?’ No…Not Necessarily.

In my former life as an owner/operator of a wireless internet service provider (WISP), I dealt with home, business and carrier grade wireless routers daily. Every router has it’s weakness. Especially the consumer grade routers you can buy off the shelf at any big box store.

One of the most common flawed features found on the majority of consumer grade routers is called WIFI Protected Setup (WPS). There are numerous websites describing in great detail how to hack WPS to gain access to the encryption password used by everyone connecting to the router. Once the hackers have the password they can easily use a wireless data ‘sniffing’ program to steal confidential data, usernames and passwords. The sky is the limit once they have your username and password to things like online banking, business servers, email, Facebook, etc.

So what can you do? Login in to your WIFI router and disable WPS asap! No option to disable WPS? Then it’s time for a new router. Consumer grade routers have no place in business, but if you must use one in your business make sure it has the option to disable WPS.

‘My WIFI router is inside the office. Isn’t that safe?’ Definitely not.

Most routers have a range of about 600 feet depending on how many obstructions there are. The building walls can certainly reduce that range to maybe 100 feet. The problem is that with the right directional antenna a hacker could be 2000 or more feet away and still sniff the wireless data. If your router is close to a window that distance could greatly increase.

There are many more security issues with WIFI routers including cracking the WPA2 encryption keys without using the WPS hack, which again exposes your data to the ‘sniffing’ programs. It seems the hackers are always one step ahead of the wireless designers and manufacturers. I’ll cover many of those issues and practical ways to deal with them in future posts.

I always welcome your comments and suggestions. Need help securing your business from data thieves? Just give me a shout and I’ll be glad to give a hand. Thanks for listening!

Email: D a v i d  a t npgcomputers D o t  C o m.

Twitter:@DavidDubree

 

Quick Bio: My tech life has involved small to large data networks, server installation and administration, virus / spyware removal, data backup and recovery, wired / wireless security, programming and other tech things since 1987.

Malware Removal Secrets Revealed – Page 1

If you’re like me you want to know all the FREE ways to make things work better BEFORE paying anyone to fix it, right?  Well now I want to share the best FREE tools AND correct processes I’ve found and have used for years to get the job done when removing viruses / malware and cleaning up customers computers, whether it’s a Windows laptop, tower, desktop or tablet.

Most Windows computers require 10 to 12 steps to PROPERLY clean them up. Anyone who claims to be a guru and can clean your computer up in a few minutes or even an hour probably has limited experience and knowledge in virus removal and protection. Proper cleanup means using ALL of the proper tools. Today’s viruses / malware / spyware / trojans are VERY sneaky and VERY good at hiding. A few minutes WILL NOT get the job done right.

By the way, 90% of every computer I have ever checked has some form of malware on it. So just because you don’t see any popups or your Anti-Virus says everything is good doesn’t mean your computer is not infected. Chances are it is.

Anyone can have tools to fix anything. But knowing how and when to use those tools separates the pros from the wannabe’s.

I suggest using a known clean thumb drive (flash drive) to download the tools on from a clean computer before starting the virus / malware removal process.

So I’ll start with the first tool I use on everyone’s computer as soon as they bring it in. It’s called RKILL. This tool will TRY to stop ANY bad process / virus that is already running. It won’t remove it, but by stopping the process / virus it’s MUCH easier to run the other tools that will actually remove it from your computer. You can download RKILL from bleepingcomputer.com. Just do a Google search like ‘RKILL Bleepingcomputer‘. It is usually the first or second result. ONLY click on the Blue ‘Download Now’ button. Sometimes there will be an Ad with a green download button, but it is only an Ad for something else. Fair warning.

To begin with, booting the computer into Safemode is highly recommended – if the virus will allow it. So how do you do that? The trick(for Windows XP thru 7) is to press F8 at the right time a few seconds after turning on the computer. It can take some practice for the first timer. So power up and start pressing F8 continuously. It may beep at you as the keyboard buffer fills up, but that’s OK. Soon you should see a text menu come up with several choices. Choose ‘Safemode With Networking’ and press Enter.  For Windows 8 or 10 use this link:  Windows 8 & 10 Safe Mode.   The computer will boot but all the icons will look big and maybe out of place. That’s OK. Now plug in your thumbdrive with the downloaded tools and give it a few seconds to recognize it and assign a drive letter to it. Click on ‘Computer’ or ‘My Computer’ depending your version of Windows. Two or more drive letters will be listed. One of those should be your system drive (usually C:) and one should be the thumbdrive (could be F: or any other letter). Double click on the thumbdrive to open it and display the tools you downloaded.

Once the files are displayed, right click on RKILL and choose ‘Run as Administrator’. If that is not an option then just choose ‘Open’. Click yes on any Windows security prompts that come up and allow it to continue. RKILL can take anywhere from a minute to twenty minutes or more to complete depending on how old the computer is and how badly infected it is. Once complete it will open a Log file to show you the results.

If RKILL completes and presents the log file (sometimes the log file is partially hidden behind some other window), then your ready to run the next tool – RogueKiller. We’ll discuss Step 2 in the next ‘How To’ post – Page 2.

If you have any questions feel free to comment on this post and I will do my best to help you out. Thanks!

We’re at 22 N. Main St. in Sullivan, IN. 812-268-0656. Just north of the courthouse square. Or email me: d a v i d  at  npgcomputers  d o t com.

Malware Removal Secrets Revealed – Page 2

Now that you have went through this initial process, the rest of the tools will be a piece of cake so I won’t bore you with the exact how-to’s. Just keep in mind that for many of the tools listed you may have to manually add a check to some of the ‘issues’ or malware they find, then click Remove (or Delete, etc.).

So here is the list, in order, of the required tools you should download and then Run as Administrator in SafeMode. Most if not all can be found on bleepingcomputer.com:

Rkill
RogueKiller (Check all tabs and select everything)
TDSSKiller
MBAR (MalwareBytes Anti-Rootkit)
ADWCleaner (allow it to reboot normally, then reboot into Safemode)
JRT (always reboot normally, then reboot into safemode after it runs)
MBAM (MalwareBytes Anti-Malware)
ComboFix (only for XP, Vista and 7)
WISE Registry Cleaner (Choose fix everything that it finds)

Then open a command prompt as administrator and run ‘SFC / Scannow‘.
Then run Windows Update. Install all updates.
Open each internet browser (Internet Explorer, Chrome, Firefox, etc.) and check for any odd add-ons or extensions. Check the default home page. Check for odd search providers.

Now open Control Panel and go to Add/Remove Programs or Programs and Features depending on your version of windows. Scroll through the list of installed programs and check for anything that looks like a coupon/ad/bargain type of program. Most of those are garbage and most will get removed by ADWCleaner or JRT, but not always.

Once that is done, run ADWCleaner again.

Now check your Anti-Virus. Is it expired? If so uninstall it and download Avast Free Antivirus from avast.com or AVG Free Antivirus at avg.com. Now run a complete scan.

Open each web browser again and enable the antivirus extension when it asks you.

You should be good to go unless it’s royally fouled up. There are so many other issues that can come up it would be impractical to try and cover them all here. But the majority of malware/virus issues can be resolved by taking the steps outlined in this article.

Well, there it is. The skinny on a proper cleanup using nothing but freely available tools and your own blood, sweat and tears.

If you have any questions feel free to comment on this post and I will do my best to help you out. You can also reach me by email at: d a v i d  at  npgcomputers  d o t com. Have a great day!

Expert Cyber Security Services & Support

Welcome to NPG Computers.

Need Help? Call us at 812-268-0656


What our experts do:

  • Make Sure Your Business Computers Are Properly Protected from Hackers
  • Provide 24×7 Cyber Security Services To Keep Your Data Safe
  • Test, Update and Verify Wireless Router & Network Security
  • Remove All Malware, Spyware, Viruses And Trojans
  • Correct Windows Corruption
  • Recover Important Data Like Photos and Documents
  • Make Sure Windows, Anti-Virus and Servers are Up-To-Date
  • Fix Slow Internet Problems

Stop by at 22 N. Main St. in Sullivan Indiana.

Computer Repair & Malware Removal Experts