Browser Maker Opera “Breached” by Malware

The makers of the Opera web browser announced recently that their internal network was “breached” earlier this month. The company says they have resolved the issue, and that it doesn’t appear that any user information was touched. However, the intruder was able to infect the browser update file, and some Windows users of Opera may have downloaded the infected update.

The intrusion was discovered by the Norwegian-based company on June 19. According to the official announcement of the breach posted on their website, “current evidence suggests a limited impact.” Once they gained access to the Opera internal network, the hackers used an expired certificate to put some malware on the system. Fortunately, the malware is easily detected by up-to-date anti-virus tools. If you are an Opera user on a Windows PC, make sure to update your anti-virus program and run it to make sure your system isn’t infected. (Better safe than sorry, right?)

Our friends at the Naked Security blog run by Sophos are doing a good job keeping track of this. If you are interested, check out their posts here.

If you would like a hand making sure your device is free of virus and malware, you can chat with a Geek Squad Agent here.

Agent Ron G. has been battling the forces of unruly technology run amok since 2001, prior to Geek Squad’s acquisition of Best Buy. When not busy creating video & technical training content for Geek Squad Agents in the field, Agent Ron enjoys home brewing, international travel, sketch writing, and learning how to cook new cuisines.

“Mac Defender” Doesn’t: Computer Users, Be On Guard

So what happens when a non-Windows OS gains traction? Well, the inevitable happens – and people using such systems without malware protection face a nasty wake-up call (yes, even systems with fruit-based logos adorning the front). Today’s example? Mac Defender.

Mac Defender first appeared in May 2011 as a browser pop-up screen, stating that the computer is infected – and that Mac Defender can remove the infections. The truth? It’s actually a false antivirus application with a built-in malware payload. It demands payment to work, so once users enter their credit card number… BAM! (They’ve got you.)

Malware like this is nothing new. Malware is constantly evolving, as hackers find new ways to wreak havoc on your computer, or to obtain your confidential information. And once you’ve been infected, removal can be complicated – often requiring Geek Squad Agents (or other experts) to get it cleaned up.

To protect yourself from malware, all computer users should follow these tips to help them stay safe:

Update your operating system often. People avoid updates because they seem like a hassle. System updates include fixes to vulnerabilities often exploited by malware. Updates are your first line of defense against infections.
Don’t download suspicious-looking programs. If it looks suspicious, it probably is so avoid it! Only download programs and updates that you are familiar with, and then only from official (safe) resources.
Email attachments and links: be cautious. Most people know better than to open attachments or links in email from unidentified sources. It’s common for many malware applications to harvest email address books on infected computers and send out copies of the infection on your behalf to your family and friends. Got an attachment from a friend or family member? Give them a call to verify whether they actually sent anything. When in doubt, toss it out – no matter how tempting it is to open.
Beware of pop-ups. Like Mac Defender, these pop-ups may look like legitimate warning messages from your operating system. They try to trick you into purchasing, downloading or installing some sort of application that can infect your computer. Clicking on them often loads malware onto your computer, and can lead to all sorts of headaches. Get to know what to look for to close pop-ups (tiny “X” or red dot for closing the window in the upper corner), and NEVER click anywhere else within it.
Avoid giving out personal or financial information. If you are prompted to provide credit card information and you are uncomfortable with where you are submitting it, walk away. (Only provide credit card information to authorized sources that you trust.)
Install protection software. To reduce threats to your computer, purchase and install protection software. Anti-virus software is a good start, and there are programs with internet security available that can help prevent hackers from getting into your computer and stealing your personal information.
Scan your computer for viruses or malware – especially if your computer is sluggish. Quite often, Internet slowdowns and general slow operation of the entire computer can be one of the symptoms of an infection. When in doubt, scan the computer for a malware infection to determine if this is the cause.

Malware – regardless of who’s behind it or what operating system it runs on – is a fact of life for computer users. Yesterday, it was only Windows-based PCs. Today, it’s fruit-labeled ones. Tomorrow? (Hey Linux, I’m looking at you.) By following these simple tips and making sure your operating system is up to date, you can avoid most of the headaches that come with a malware infection.

Removing Viruses/Spyware From Your Computer (2MM)

Security Alert: ThinkPoint or MSE FakeAV infection

Summary: Active Virtual Agents and Field Agents are reporting an increase in the occurrence of a FakeAV (Fake Anti-Virus Software) infection known as ThinkPoint.

This virus is contracted in a method similar to other FakeAV infections, and runs a “scan” alerting you to several “security threats” on your PC.  These threats are fake; the only real infection on the PC is the FakeAV itself. 

This virus is typically contracted in the following manner: While browsing websites, you suddenly see a pop-up alerting you to an infection on your computer.  The pop-up offers the ability to scan the computer for you with one simple click.  At this point your PC is not infected; however, when you click the ‘scan’ link on the pop-up, it downloads and installs a worm on the PC. 

The worm then begins the process of installing the FakeAV and running a basic ‘scan’.  It hijacks several main system files the next time your PC is rebooted, allowing it core access to the system.  This allows the infection to run in an elevated mode, overriding the user when they try to stop the processes associated with the infection.  The ThinkPoint or MSE variant is of special concern because it is able to operate in Safe Mode also, providing a special challenge to even tech-savvy users who can typically clean their own PCs.

Tell Me More  Because these infections rely on the user allowing the pop-up to run the scan, it can by-pass most virus protection software.  These pop-ups almost exclusively come from a website but can sometimes look like a very convincing Windows or Microsoft Security alert.  If you see the pop-up, you can avoid the infection by pressing Alt+F4 to close the browser window, preventing the installation of the worm.  Immediately after closing the window, run a full virus scan on your computer.

Should I Be Worried?  While this infection is common online, with some basic best-practices you can avoid contracting the infection.  If you do receive an alert from a virus program that is not one you installed on your system; be suspicious.  Typically these infections profit by convincing people to ‘purchase’ the software; when in reality they are stealing your credit card information.  If you are browsing the web and receive a pop-up that tells you you’re infected; you probably aren’t yet.  Be sure to close the window immediately, ignoring any pop-ups that may warn you your system is infected.

What Do I Need to Do?  As always, ensure your virus protection is up to date and running scans on a regular basis.  Keeping an eye out for suspicious alerts will go a long way with this infection, as it requires you to install it.  If the alert isn’t from your virus protection software; it is fake and should be ignored.

Geek Squad Final Word  As FakeAV rapidly becomes the most popular way of infecting computers for profit, they have almost exclusively relied on the end-user to install the software themselves.  Be suspicious of any strange alerts you see on your computer; no matter how much they look like they may have come from Windows itself or legitimate virus protection software.  As always; if you have any concerns you can consult with us 24 hours a day, 7 days a week, 365 days a year. 

Virtual Agent Patrick B.

Geek Squad 2MM: Protect Your Computer Against Malware

Geek Squad Agents Mohammad Shahabuddin and Juan Campos discuss ways to protect your computer against malware.

Bad Catch of the Day: Phishing

In order to protect yourself it’s important to understand how a phishing attack occurs. Phishing basically comes down to this: An identity thief composes an email that looks official and sends it out to a huge lists of emails that may be either generated by a computer or obtained by other sources. This official looking email ends up in your inbox and usually prompts you to do something like re-verify personal information, like your email address and password. There may be a link in the email that appears to take you to a legitimate website.
So how do you know if an email is a potential phishing attack? Most legitimate institutions that contain sensitive information will never send you an email and ask you personal questions. This includes banks, email services, internet service providers and stock traders. As a matter of fact, many times you’ll notice legitimate businesses attach a clause at the end of them email which reads: “we will never ask for your personal information.”
When in doubt, pick up a phone. Don’t call a phone number listed in the email, either. Use the good old yellow pages or as a last resort hit up a search engine for contact information. There is no substitute for a live human being on the other end of the line!
One of the most popular questions I receive in the field from the usually upset customer who has been affected by this is “why??” Well honestly it usually comes down to monetary gain. Eventually someone somewhere is getting money in the end. The persons responsible for the attack may want to use your email address to spread a remote-control virus. Or perhaps they want to launch an attack from your email address, thus protecting themselves from authorities behind your identity. Maybe they are going straight for the jugular, your online banking information.
There are several things to keep in mind in order to protect yourself. First, it’s important to know that these phishing attacks may not involve a virus or spyware infecting your computer and therefore will usually NOT be blocked by your antivirus software. Second, if you see a suspicious email asking for information or stating that your information has been compromised, thus asking you to “do something” via the internet to fix it…DON’T. Contact your institution directly from a phone number not obtained in the email. Do not delete the email until after you contact them, they may want you to send a copy to them for further investigation.
Lastly, make sure your password is strong. Do not use birthdays, common phrases (like “admin,” “password,” “1234,” etc) for the password. Instead try something crazy that mixes up letters, capitals, and numbers. Example: g0AwayM1ne! Change your passwords every once in a while too.
If you suspect you have fallen victim to a phishing attack, contact your institution and/or your email address provider and let them know what has happened. This should help you from falling victim to this dangerous social engineering scam.

Conficker Looks to Cash in On Infections

As we mentioned previously, the Conficker worm made news headlines upon the discovery that the C variant of the worm would start seeking updates to its malicious instructions on April 1st. While the world feared the worst, the day came and went with little visible activity.

However, news is coming in that the worm has been spotted using its ability to pass new instructions from machine to machine in what’s called a “peer-to-peer network”. This allows new orders from the worm’s masters to be sent to a number of infected systems, and have those systems pass those orders on in a big, electronic version of the “telephone” game we played as kids. This helps the worm avoid both detection and avoid getting blocked from getting new orders directly by the good guys.

Continue reading “Conficker Looks to Cash in On Infections”

March Madness – Infecting Your Computer?

Geeks and sports don’t normally mix together. However, according to a recent USA Today’s Technology Live blog, sports fans and geeks alike are being targeted in a new SEO/malware scheme. Sports fans searching Google for “March Madness” related sites could have troubles ahead.

Continue reading “March Madness – Infecting Your Computer?”