Archive for the ‘Security Threat Alert’ Category
“Macs don’t get viruses.” A common thing we hear around the Geek Squad – and a common misconception. One that is playing out at this very moment, as a large portion of Mac users in the United States are at risk of being infected with the Mac Bot-Net infection.
Originally started off as a fake Adobe Flash Player plug-in installer, in recent months this infection has grown to exploit Java vulnerabilities on Mac computers.
How does it happen? By simply visiting a malicious site, users run the risk of their Mac computer being infected by the “Flashback” infection, and unknowingly becoming part of a bot-net network. When accessing a compromised site, the malware will install itself via a Java exploit.
It happens one of two ways. One: It either asks you to enter in an administrator password, and promptly installs the malware code into the Applications folder. Two: if a password isn’t required, the malware simply installs to the user accounts on the machine, where it can be run in a more global manner. Once installed, the infection injects code into web browsers and other applications (such as Skype) to gather passwords and other personal information from those program’s users.
“How can I prevent this from happening?”, you may be asking. Answer: by making sure you regularly install all critical Apple updates on your Mac. Apple released a patch that fixes this issue and removes the vulnerability. As of April 3rd 2012, all you need to do is perform an Apple Software Update to prevent this issue. With this patch Apple has been able to fully addressed any vulnerability and prevent it from spreading.
As always, it is good practice to update all of your software — not only to keep up with changes in functionality of the operating system, but to also help with bug fixes and vulnerabilities such as the one experienced in the above infection. Should you require assistance, Geek Squad Agents are standing by 24/7/365 online, by phone at 1-800-GEEK-SQUAD, or at Geek Squad Precincts in a Best Buy store near you.
-Agent David S.
In recent weeks, we’ve seen an uptick in reports of phone scammers, some claiming to be Microsoft technicians or in a few cases, even claiming to be associated with Geek Squad.
During these phone calls, consumers are told that their computers are out-of-date and need upgrading. The caller then attempts to remote into the consumer’s computer to “fix” the issues. Under the guise of a faux service, the caller asks for a credit card number and attempts to destroy the PC via remote connection before finishing the call.
For years, we’ve advised clients to avoid cyber attacks by following these relatively simple steps:
While these cyber protection rules still apply, scammers are creating new ways to get into your computer and take the information they want – including contacting you by phone instead pursuing you by computer. Here’s updated guidance for helping you identify and avoid these scammers:
Remember, Geek Squad will never reach out to you unsolicited in an attempt to perform service. If you are in doubt about a contact, you can reach an actual Geek Squad Agent directly by calling 1-800-Geek-Squad.
For help with all your technology needs, call 1.800 GEEK SQUAD to set up an onsite consultation, find a location near you at www.geeksquad.com, or visit the Geek Squad Precinct at Best Buy or freestanding locations to speak with an Agent directly. We provide our services wherever and whenever you need them – 24 hours a day, 7 days a week.
You may have seen pcAnywhere, Norton, and Symantec mentioned in the news lately. It appears that a group of hackers had stolen code from Symantec dating back to 2006 and the code in question was used on a couple of the company’s popular software titles.. We’re here to explain what all of this means to you.
Since January 23rd, Symantec has been working with law enforcement agencies to find out exactly what a group of hackers was attempting to do with source code from 2006. The good news for Norton/Symantec users is the code being used by the hackers is older code. Users of older versions of the Symatec software won’t be vulnerable to possible hijacking/malware attempts from hackers.
Currently, only code from Norton Utilities and pcAnywhere have been released, so we’re urging users of these products (pcAnywhere especially) to make sure their software is up to date. pcAnywhere version 12.5 is the most up-to-date version of that product available. Symantec has been working fervently to patch their products so that the old code being leaked doesn’t put any of its users at risk. Because of the constant updates they make to their Norton Antivirus and Internet Security packages, leaks of that 2006 source code won’t be very useful for hackers. So if you’re using Antivirus/Internet Security from Symantec, don’t worry – you’re at very little risk.
Want more information? For any users of Symantec products, please visit: http://www.symantec.com/theme.jsp?themeid=anonymous-code-claims&inid=us_ghp_banner1_anonymous
For users of pcAnywhere, please make sure you’re patches are up to date by visiting: http://www.symantec.com/business/support/index?page=content&id=TECH180472
-Agent William G.
TRENDNet, maker of several IP Cameras, recently discovered a vulnerability in several of their SecurView cameras that allowed for online access in real-time by hackers. Fortunately the company released a quick firmware update to resolve the issue.
Was that just the sound of your jaw dropping? Yes, even digital cameras aren’t safe online. This should serve as a handy wake-up call that — in our Web-connected world — it’s not just your computer and phone that need security updates!
Almost every device that connects to your network, from your TV and DVD player to your security system, run on basic software called “Firmware”. This software controls all functionality of the device – kind of like an operating system, like Windows or MAC OS. In the case of networked devices, it controls how your devices communicate with the network and can allow you to access the device remotely.
As technology changes, this firmware sometimes needs to be updated. Occasionally a security threat is found that makes your device (and the network it is connected to) vulnerable to a hacker attack or manipulation. Manufacturers usually take care of this problem by releasing a free firmware update for your device, and making it available through their websites. It is important to check for these updates on a regular basis to ensure you always have the latest firmware.
If you own a TRENDNet IP Camera, TRENDnet has released the following information on their website on how to update the camera’s firmware, where to obtain the update, and how to get in touch with them if needed:
TRENDnet’s security team understands that video from some TRENDnet IP SecurView cameras may be accessed online in real time. Upon awareness of the issue, TRENDnet initiated immediate actions to quantify the scope of the issue, initiate corrective actions, and publish updated firmware which resolves the issue.
Only select cameras purchased between April of 2010 and the present may be affected and require a firmware update. Eighteen camera models have been identified. A list of the identified products is available on TRENDnet’s homepage: http://www.trendnet.com
How can Consumers Upload new Firmware?
Updating firmware takes a few minutes. New firmware for all of the listed models is available at the following link:http://www.trendnet.com/downloads
How can Consumers Contact TRENDnet?
TRENDnet has created the following dedicated email for all inquires related to this reported issue. Customers with any questions related to this issue such as how to update your camera’s firmware are invited to contact TRENDnet at the following email: ipcam@trendnet.com
For more than 20 years, TRENDnet has built a reputation for offering trusted, security IP camera solutions to consumers worldwide. We have worked hard to create a brand delivering network solutions that people trust. TRENDnet extends its deepest apologies to consumers which may be impacted by this issue.
To find updated drivers for major brands, check out our driver Do-It-Yourself page. For a quick tutorial on how to update firmware, check out our 2 Minute Miracle at http://gslink.us/KcM0E1. For assistance in updating firmware, or additional questions, chat with an Agent at http://www.geeksquad.com, call 1-800-GEEK-SQUAD, or visit a Geek Squad Precinct at Best Buy store near you for a consultation.
-Agent Patrick B.
Agent Patrick B. has been an Agent with the Geek Squad since 2005. When he isn’t overseeing the Geek Squad Intelligence Blog or the Geek Squad’s Social Media presence, he can be found wandering the streets of Minneapolis for a fresh new source of caffeine to fuel his all night gaming sessions.
This holiday season Best Buy is launching a Holiday Gift Card Sweepstakes. Unfortunately, some nefarious people see this as an opportunity to attempt to commandeer personal information from you.
As Geek Squad Agents it is our duty to protect and serve. In an effort to keep your accounts and your personal information safe, we are providing information on how to identify and avoid phishing scams. This helpful guide will not only protect you as you participate in the Sweepstakes hosted by Best Buy, but will prepare you to keep an eye out for many phishing scams that are commonly found online every day.
Phishing sites are an Internet-wide problem. These sham websites or links may come to your attention by email, tweets or social network “posts” that look authentic. These little links will take you to a website that will look identical to a legitimate site. It could be your favorite social networking site, a website you regularly use for shopping, or even your bank’s website. However, these are fake sites designed by criminals to steal personal and account information. The fake site will commonly encourage you to login using your credentials or perhaps update your credit card. If you were to provide that information it goes straight into the scammer’s pocket.
Phishing sites also present themselves as seasonal or one-of-a-kind offers that require registration. Unfortunately, the Best Buy sweepstakes is exactly the kind of high-profile offer these scammers like to imitate.
Geek Squad has compiled some useful information on the most effective ways to safeguard your online identity:
The s indicates the site is encrypted.
We hope that you find this information useful in safeguarding yourself against phishing scams.
As a reminder, the Best Buy Gift Card giveaway will be conducted only on Best Buy’s Facebook page. As part of your entry Best Buy will only collect your email address, and will not ask for any additional information. This holiday season, if you receive information regarding the Best Buy Holiday Gift Card Sweepstakes and you would like to verify its authenticity, feel free to tweet to us @Twelpforce or by posting the information for verification on the Best Buy Community Forums.
So what happens when a non-Windows OS gains traction? Well, the inevitable happens – and people using such systems without malware protection face a nasty wake-up call (yes, even systems with fruit-based logos adorning the front). Today’s example? Mac Defender.
Mac Defender first appeared in May 2011 as a browser pop-up screen, stating that the computer is infected – and that Mac Defender can remove the infections. The truth? It’s actually a false antivirus application with a built-in malware payload. It demands payment to work, so once users enter their credit card number… BAM! (They’ve got you.)
Malware like this is nothing new. Malware is constantly evolving, as hackers find new ways to wreak havoc on your computer, or to obtain your confidential information. And once you’ve been infected, removal can be complicated – often requiring Geek Squad Agents (or other experts) to get it cleaned up.
To protect yourself from malware, all computer users should follow these tips to help them stay safe:
- Update your operating system often. People avoid updates because they seem like a hassle. System updates include fixes to vulnerabilities often exploited by malware. Updates are your first line of defense against infections.
- Don’t download suspicious-looking programs. If it looks suspicious, it probably is so avoid it! Only download programs and updates that you are familiar with, and then only from official (safe) resources.
- Email attachments and links: be cautious. Most people know better than to open attachments or links in email from unidentified sources. It’s common for many malware applications to harvest email address books on infected computers and send out copies of the infection on your behalf to your family and friends. Got an attachment from a friend or family member? Give them a call to verify whether they actually sent anything. When in doubt, toss it out – no matter how tempting it is to open.
- Beware of pop-ups. Like Mac Defender, these pop-ups may look like legitimate warning messages from your operating system. They try to trick you into purchasing, downloading or installing some sort of application that can infect your computer. Clicking on them often loads malware onto your computer, and can lead to all sorts of headaches. Get to know what to look for to close pop-ups (tiny “X” or red dot for closing the window in the upper corner), and NEVER click anywhere else within it.
- Avoid giving out personal or financial information. If you are prompted to provide credit card information and you are uncomfortable with where you are submitting it, walk away. (Only provide credit card information to authorized sources that you trust.)
- Install protection software. To reduce threats to your computer, purchase and install protection software. Anti-virus software is a good start, and there are programs with internet security available that can help prevent hackers from getting into your computer and stealing your personal information.
- Scan your computer for viruses or malware – especially if your computer is sluggish. Quite often, Internet slowdowns and general slow operation of the entire computer can be one of the symptoms of an infection. When in doubt, scan the computer for a malware infection to determine if this is the cause.
Malware – regardless of who’s behind it or what operating system it runs on – is a fact of life for computer users. Yesterday, it was only Windows-based PCs. Today, it’s fruit-labeled ones. Tomorrow? (Hey Linux, I’m looking at you.) By following these simple tips and making sure your operating system is up to date, you can avoid most of the headaches that come with a malware infection.
Tell Me More: Ransomware is a type of malware that gives hackers access to your personal data. Once your computer is compromised, the hackers claim they will return your data once you send them money. Consumers unknowingly receive the virus from somewhere on the internet and it then encrypts your files and holds them hostage. With this particular form of ransomware, once the files are compromised consumers receive a ransom letter which appears on their desktop demanding $120 in order to receive their files back.
Should I Be Worried? We haven’t completed our investigation of this newest malware ransom issue; however, based on our initial research we have discovered the virus encrypts the computer’s original files, making any recovery efforts virtually impossible. Because of this, consumers should be extra careful about links they click on while surfing the internet.
What Do I Need to Do? Here’s what you should know about ransomware:
• If you have received the virus and the ransom note pops up on your desktop, consumers should immediately shutdown the computer. The malware is still infecting your computer and by shutting the system down, there is a chance you might be able to save some of the data that has not been corrupted yet.
• As a side note, please remember your data should always be backed up on a regular basis. If your files are saved, you can simply remove the virus from the compromised system and restore the data from your backup.
Geek Squad Final Word: As always, if you experience any undesired computer symptoms, seek help from a computer professional as soon as possible.
For more information, check out the Geek Squad home page at www.geeksquad.com or contact your nearest Geek Squad Agent. Whether it’s online, via 1-800-GEEKSQUAD, or in any Best Buy store, we’re here to help 24/7/365!
“Warning !!!!!!!!!!! Don’t use the Christmas Tree App. Be advised it will crash your computer. Geek Squad says it’s one of the Worst Trojan Viruses there is and it is spreading quickly. Please repost to friends & let them know !!!”
Tell Me More: In actuality, Geek Squad has not officially investigated this particular application, nor have we identified it as the source of any infections in any cases we have supported. However, that doesn’t automatically mean that it’s ok to use.
Should I Be Worried? We haven’t completed our investigation of the “Christmas Tree” application and cannot guarantee that it’s completely safe. As a general rule, if it’s not 100% necessary for you to use an application and you can’t verify that the developer is trustworthy, you may want to do some research before installing it to your profile.
What Do I Need to Do? Here’s what you should know about Facebook applications before you install them:
• Any Facebook application that you install or use on your profile has access to your personal information and friends list, so make sure you’re only interacting with applications and people you trust with your personal info.
• Facebook developers are bound by a contract with Facebook, which requires them to respect the privacy settings you’ve chosen for your account information. Occasionally Facebook identifies developers who break these rules and use personal information for less-than-friendly purposes. The end result of this misuse of personal information is identity theft — yet another reason to be extra careful with the information you’re sharing via applications.
• Facebook applications cannot directly interact with your computer or infect your computer with viruses. However, if a rogue application gains unauthorized access to your personal information, hackers could potentially use that information to infect your computer through other means, or trick you into downloading an infection using a pop-up or “scareware” tactics. Be careful about what you click on inside applications, because the pages and information inside them are not provided by Facebook and could potentially be used by companies or individuals to steal personal information — or infect your computer.
Geek Squad Final Word: As always, if you experience any undesired computer symptoms, seek help from a computer professional as soon as possible. If you notice any signs of your Facebook account being compromised or sending out messages you didn’t intend to send, it could be a signal that your computer may be infected, and you should seek professional assistance.
For more information, visit Facebook’s Safety Center (http://www.facebook.com/safety), check out the Geek Squad home page at www.geeksquad.com, or contact your nearest Geek Squad Agent. Whether it’s online, via 1-800-GEEKSQUAD, or in any Best Buy store, we’re here to help 24/7/365!
This virus is contracted in a method similar to other FakeAV infections, and runs a “scan” alerting you to several “security threats” on your PC. These threats are fake; the only real infection on the PC is the FakeAV itself.
This virus is typically contracted in the following manner: While browsing websites, you suddenly see a pop-up alerting you to an infection on your computer. The pop-up offers the ability to scan the computer for you with one simple click. At this point your PC is not infected; however, when you click the ‘scan’ link on the pop-up, it downloads and installs a worm on the PC.
The worm then begins the process of installing the FakeAV and running a basic ‘scan’. It hijacks several main system files the next time your PC is rebooted, allowing it core access to the system. This allows the infection to run in an elevated mode, overriding the user when they try to stop the processes associated with the infection. The ThinkPoint or MSE variant is of special concern because it is able to operate in Safe Mode also, providing a special challenge to even tech-savvy users who can typically clean their own PCs.
Tell Me More Because these infections rely on the user allowing the pop-up to run the scan, it can by-pass most virus protection software. These pop-ups almost exclusively come from a website but can sometimes look like a very convincing Windows or Microsoft Security alert. If you see the pop-up, you can avoid the infection by pressing Alt+F4 to close the browser window, preventing the installation of the worm. Immediately after closing the window, run a full virus scan on your computer.
Should I Be Worried? While this infection is common online, with some basic best-practices you can avoid contracting the infection. If you do receive an alert from a virus program that is not one you installed on your system; be suspicious. Typically these infections profit by convincing people to ‘purchase’ the software; when in reality they are stealing your credit card information. If you are browsing the web and receive a pop-up that tells you you’re infected; you probably aren’t yet. Be sure to close the window immediately, ignoring any pop-ups that may warn you your system is infected.
What Do I Need to Do? As always, ensure your virus protection is up to date and running scans on a regular basis. Keeping an eye out for suspicious alerts will go a long way with this infection, as it requires you to install it. If the alert isn’t from your virus protection software; it is fake and should be ignored.
Geek Squad Final Word As FakeAV rapidly becomes the most popular way of infecting computers for profit, they have almost exclusively relied on the end-user to install the software themselves. Be suspicious of any strange alerts you see on your computer; no matter how much they look like they may have come from Windows itself or legitimate virus protection software. As always; if you have any concerns you can consult with us 24 hours a day, 7 days a week, 365 days a year.
Threat Level – Guarded
Summary – For the past week, security companies have been tracking an email worm known as “VBMania.” This infection spreads the same way that email-based infections typically do – by sending emails from a computer that is already infected. The messages start with the subject line “Here you have” and contain a link that exposes your computer to the worm if clicked. Geek Squad’s Remote Support capability has seen a marked uptick in cases of the worm, spiking on Sunday, 9/12, with cases more than double the average for other days in the month. Once the infection is on a machine, it can spread by sending email to others and by infecting network shares and removable drives. It also checks for running antivirus programs and attempts to disable them, potentially making the situation worse.
Tell Me More – If the “Here you have” subject line sounds familiar, it’s probably because it’s the same subject line that was used by the infamous “Anna Kournikova” virus in 2001. Both infections rely on people forgetting the most basic email security guidelines. Kaspersky offers this reminder on its website: “As a rule…if you receive an unexpected/unsolicited email containing an attachment or a link…don’t open the contents of the message! Even if the message comes from someone you know, take a second and ask the sender to confirm the message. And obviously, any email that contains bad grammar or irregular spelling should be a red-flag.”
Should I Be Worried? – The worm can affect anyone, but corporations are the most vulnerable. Comcast, ABC/Disney and Google are among those that have been impacted. Leading antivirus software providers (Symantec, McAfee, and Kaspersky, among others) have all updated their products to protect you against this infection, so if you have up-to-date protection and use a bit of caution, your chances of infection are comparatively low. Computers running without antivirus protection or with outdated virus definitions are, of course, still at risk.
What Do I Need to Do? – Keep your antivirus protection up to date, and exercise common sense when dealing with unsolicited email.
Geek Squad Final Word – Although it has spread rapidly since September 7, this type of attack is relatively primitive. It ultimately relies on a person’s lack of discretion, just like the email worms that preceded it. Antivirus protection is important, but cannot replace good security habits. A bit of vigilance goes a long way and will help protect you against future infections of this type.
Dustin S. is a Geek Squad Remote Support Agent.
Note: Comments are moderated and will be handled as per our privacy policy. Please keep your comments on-topic and free of profanity. For more information, please view our Blogging Terms of Use.
anti-virus Apple Blu-ray Cell Phones CES cnet computer Dancing With the Stars Digital Television DIY (Do It Yourself) projects DTV facebook Firmware Geek Squad Global Positioning System Google Maps GPS HDTV Home Alone Home Theater internet laptops malware Microsoft Microsoft OS netbooks PC Robert Stephens Security skype Smartphone Spyware Technology tech savvy gifts twitter Two Minute Miracle Update Video video game console WiFi Windows 7 Windows XP wireless networking Wireless Networking XBOX360
WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.
Geek Squad