Posts Tagged ‘Security’
So what happens when a non-Windows OS gains traction? Well, the inevitable happens – and people using such systems without malware protection face a nasty wake-up call (yes, even systems with fruit-based logos adorning the front). Today’s example? Mac Defender.
Mac Defender first appeared in May 2011 as a browser pop-up screen, stating that the computer is infected – and that Mac Defender can remove the infections. The truth? It’s actually a false antivirus application with a built-in malware payload. It demands payment to work, so once users enter their credit card number… BAM! (They’ve got you.)
Malware like this is nothing new. Malware is constantly evolving, as hackers find new ways to wreak havoc on your computer, or to obtain your confidential information. And once you’ve been infected, removal can be complicated – often requiring Geek Squad Agents (or other experts) to get it cleaned up.
To protect yourself from malware, all computer users should follow these tips to help them stay safe:
- Update your operating system often. People avoid updates because they seem like a hassle. System updates include fixes to vulnerabilities often exploited by malware. Updates are your first line of defense against infections.
- Don’t download suspicious-looking programs. If it looks suspicious, it probably is so avoid it! Only download programs and updates that you are familiar with, and then only from official (safe) resources.
- Email attachments and links: be cautious. Most people know better than to open attachments or links in email from unidentified sources. It’s common for many malware applications to harvest email address books on infected computers and send out copies of the infection on your behalf to your family and friends. Got an attachment from a friend or family member? Give them a call to verify whether they actually sent anything. When in doubt, toss it out – no matter how tempting it is to open.
- Beware of pop-ups. Like Mac Defender, these pop-ups may look like legitimate warning messages from your operating system. They try to trick you into purchasing, downloading or installing some sort of application that can infect your computer. Clicking on them often loads malware onto your computer, and can lead to all sorts of headaches. Get to know what to look for to close pop-ups (tiny “X” or red dot for closing the window in the upper corner), and NEVER click anywhere else within it.
- Avoid giving out personal or financial information. If you are prompted to provide credit card information and you are uncomfortable with where you are submitting it, walk away. (Only provide credit card information to authorized sources that you trust.)
- Install protection software. To reduce threats to your computer, purchase and install protection software. Anti-virus software is a good start, and there are programs with internet security available that can help prevent hackers from getting into your computer and stealing your personal information.
- Scan your computer for viruses or malware – especially if your computer is sluggish. Quite often, Internet slowdowns and general slow operation of the entire computer can be one of the symptoms of an infection. When in doubt, scan the computer for a malware infection to determine if this is the cause.
Malware – regardless of who’s behind it or what operating system it runs on – is a fact of life for computer users. Yesterday, it was only Windows-based PCs. Today, it’s fruit-labeled ones. Tomorrow? (Hey Linux, I’m looking at you.) By following these simple tips and making sure your operating system is up to date, you can avoid most of the headaches that come with a malware infection.
As the effects of natural disasters bring us together to help those in need, Geek Squad wanted to take a moment to share some lessons on how social media and mobile devices can play a role in that assistance.
Products from shoes to bathroom scales have built-in tweeting, and at least one innovator has created an app that tweets everything that he watches around the house via TiVo. It may make your head spin to think that the same microblogging service helped serve as the groundwork for revolution in the Middle East as well as a key tool for finding loved ones after the tsunami in Japan. Obviously, not all tweets are created equal. It should come as no surprise, then, that scammers are always waiting to exploit the next big tragedy via these networks.
Here are a few tips to help you stay safe while assisting others:
- If you are being solicited by a stranger for donations, consider who they may be and what their credentials are. You can never be too careful with your financial information.
- Use reliable and reputable sites to research any charities to which you are considering contributing.
- If you have trouble finding a relief effort that you can verify as legitimate, turn to major organizations such as the American Red Cross. (Best Buy recently donated $100,000 to this group for storm relief efforts)
- If you do not want to donate via credit card, consider a text message donation. (More on this below)
- If you live near an area affected by a natural disaster, such as the recent wave of tornadoes in the south, search Facebook for groups that are organizing volunteer efforts.
Most tweets and Facebook posts soliciting donations no longer redirect you to a website where you enter a lot of personal information, or even to a PayPal link to donate directly through that method. Many of these solicitations now take the form of “Send ‘KEYWORD’ to 12345 to donate $5 to the relief efforts.” The phone number is a “short code,” which is a shortened phone number specifically designed for receiving text messages. This donation method sounds so easy… so how does it work?
Text message donations have been around for several years, but only recently came into the mainstream after the Haiti earthquake. The way these work is simple. First, you send a specific word to a specific phone number. Then, the donation will appear on your cell phone statement. This is an easy way to donate from the road if you can’t get in front of a computer, and most major charities and disaster relief funds have this capability. As always, make sure you check the legitimacy of the campaign before donating! We’ve included two resources below to help you get started.
RESOURCES:
http://www.bbb.org/us/charity/ – The Better Business Bureau’s U.S. charity division, a repository of information about legitimate and illegitimate charity efforts .
http://blog.charitynavigator.org/2011/04/us-tornado-disaster-relief.html – A list of some charities and what they are doing to help with the storm relief efforts.
Tell Me More: Ransomware is a type of malware that gives hackers access to your personal data. Once your computer is compromised, the hackers claim they will return your data once you send them money. Consumers unknowingly receive the virus from somewhere on the internet and it then encrypts your files and holds them hostage. With this particular form of ransomware, once the files are compromised consumers receive a ransom letter which appears on their desktop demanding $120 in order to receive their files back.
Should I Be Worried? We haven’t completed our investigation of this newest malware ransom issue; however, based on our initial research we have discovered the virus encrypts the computer’s original files, making any recovery efforts virtually impossible. Because of this, consumers should be extra careful about links they click on while surfing the internet.
What Do I Need to Do? Here’s what you should know about ransomware:
• If you have received the virus and the ransom note pops up on your desktop, consumers should immediately shutdown the computer. The malware is still infecting your computer and by shutting the system down, there is a chance you might be able to save some of the data that has not been corrupted yet.
• As a side note, please remember your data should always be backed up on a regular basis. If your files are saved, you can simply remove the virus from the compromised system and restore the data from your backup.
Geek Squad Final Word: As always, if you experience any undesired computer symptoms, seek help from a computer professional as soon as possible.
For more information, check out the Geek Squad home page at www.geeksquad.com or contact your nearest Geek Squad Agent. Whether it’s online, via 1-800-GEEKSQUAD, or in any Best Buy store, we’re here to help 24/7/365!
“Warning !!!!!!!!!!! Don’t use the Christmas Tree App. Be advised it will crash your computer. Geek Squad says it’s one of the Worst Trojan Viruses there is and it is spreading quickly. Please repost to friends & let them know !!!”
Tell Me More: In actuality, Geek Squad has not officially investigated this particular application, nor have we identified it as the source of any infections in any cases we have supported. However, that doesn’t automatically mean that it’s ok to use.
Should I Be Worried? We haven’t completed our investigation of the “Christmas Tree” application and cannot guarantee that it’s completely safe. As a general rule, if it’s not 100% necessary for you to use an application and you can’t verify that the developer is trustworthy, you may want to do some research before installing it to your profile.
What Do I Need to Do? Here’s what you should know about Facebook applications before you install them:
• Any Facebook application that you install or use on your profile has access to your personal information and friends list, so make sure you’re only interacting with applications and people you trust with your personal info.
• Facebook developers are bound by a contract with Facebook, which requires them to respect the privacy settings you’ve chosen for your account information. Occasionally Facebook identifies developers who break these rules and use personal information for less-than-friendly purposes. The end result of this misuse of personal information is identity theft — yet another reason to be extra careful with the information you’re sharing via applications.
• Facebook applications cannot directly interact with your computer or infect your computer with viruses. However, if a rogue application gains unauthorized access to your personal information, hackers could potentially use that information to infect your computer through other means, or trick you into downloading an infection using a pop-up or “scareware” tactics. Be careful about what you click on inside applications, because the pages and information inside them are not provided by Facebook and could potentially be used by companies or individuals to steal personal information — or infect your computer.
Geek Squad Final Word: As always, if you experience any undesired computer symptoms, seek help from a computer professional as soon as possible. If you notice any signs of your Facebook account being compromised or sending out messages you didn’t intend to send, it could be a signal that your computer may be infected, and you should seek professional assistance.
For more information, visit Facebook’s Safety Center (http://www.facebook.com/safety), check out the Geek Squad home page at www.geeksquad.com, or contact your nearest Geek Squad Agent. Whether it’s online, via 1-800-GEEKSQUAD, or in any Best Buy store, we’re here to help 24/7/365!
This virus is contracted in a method similar to other FakeAV infections, and runs a “scan” alerting you to several “security threats” on your PC. These threats are fake; the only real infection on the PC is the FakeAV itself.
This virus is typically contracted in the following manner: While browsing websites, you suddenly see a pop-up alerting you to an infection on your computer. The pop-up offers the ability to scan the computer for you with one simple click. At this point your PC is not infected; however, when you click the ‘scan’ link on the pop-up, it downloads and installs a worm on the PC.
The worm then begins the process of installing the FakeAV and running a basic ‘scan’. It hijacks several main system files the next time your PC is rebooted, allowing it core access to the system. This allows the infection to run in an elevated mode, overriding the user when they try to stop the processes associated with the infection. The ThinkPoint or MSE variant is of special concern because it is able to operate in Safe Mode also, providing a special challenge to even tech-savvy users who can typically clean their own PCs.
Tell Me More Because these infections rely on the user allowing the pop-up to run the scan, it can by-pass most virus protection software. These pop-ups almost exclusively come from a website but can sometimes look like a very convincing Windows or Microsoft Security alert. If you see the pop-up, you can avoid the infection by pressing Alt+F4 to close the browser window, preventing the installation of the worm. Immediately after closing the window, run a full virus scan on your computer.
Should I Be Worried? While this infection is common online, with some basic best-practices you can avoid contracting the infection. If you do receive an alert from a virus program that is not one you installed on your system; be suspicious. Typically these infections profit by convincing people to ‘purchase’ the software; when in reality they are stealing your credit card information. If you are browsing the web and receive a pop-up that tells you you’re infected; you probably aren’t yet. Be sure to close the window immediately, ignoring any pop-ups that may warn you your system is infected.
What Do I Need to Do? As always, ensure your virus protection is up to date and running scans on a regular basis. Keeping an eye out for suspicious alerts will go a long way with this infection, as it requires you to install it. If the alert isn’t from your virus protection software; it is fake and should be ignored.
Geek Squad Final Word As FakeAV rapidly becomes the most popular way of infecting computers for profit, they have almost exclusively relied on the end-user to install the software themselves. Be suspicious of any strange alerts you see on your computer; no matter how much they look like they may have come from Windows itself or legitimate virus protection software. As always; if you have any concerns you can consult with us 24 hours a day, 7 days a week, 365 days a year.
Social networking websites are one of the fastest growing website genres on the internet. Facebook, Myspace, Twitter, etc. Connect, chat, and let people know what you are doing with just a click of the mouse or punch of the cell phone button. This is “the thing” to do nowadays, the way we keep in touch. With this easy of communication comes the possibility of exploitation. Today we are going to talk about the possible safety hazards of letting your guard down when socially networking via the internet.
There are a couple of set-in-stone ground rules that everyone needs to know about social networking websites. Let me share with you the same information I tell most of my clients:
• Social networking websites themselves are generally safe; The content people put on them, however, may not be. It is the human element you need to worry about.
• Always remember that any content you post on the internet will be there forever, for anyone to read, store, and republish
• Just because the screen says your friend John has sent you information doesn’t mean John is actually the person who did
• If it doesn’t “seem right” it probably is not right
• Things free or too good to be true, are. Just like in the “real world.”
Now that we are armed with those rules, let us run through a few possible scenarios. For instance, you hop onto a popular networking site to update your status and you see you have a message from your friend. We are talking about someone you know but does not frequently message you. You open the message and there is a link to what is described as a ‘cool video’ or some super-duper product that you should “check out.” The link doesn’t work, or for whatever reason it doesn’t seem to work. Or perhaps it is such as stupid thing you are wondering why your friend was even wasting your time. “No biggie” you may think. A week later, however, you find that you are getting popup ads left and right and your computer is slowing down.
What happened? Well your friend probably had a virus or spyware infection that spreads itself via sending messages to everyone who his is ‘friend,’ telling them to click on the link. When the link is clicked the spyware is installed. (Please remember that antivirus and antispyware programs are not always 100% effective) The spyware has been watching what you are typing, trying to steal credit card numbers, or otherwise is up to no good. Bam, you’ve been socially hacked.
Another scenario popping up lately involves micro-blogging websites. One of the most popular is Twitter. (Micro-blogging is posting status updates or information in only one to two sentences). There are several excellent micro-blogger humans out there reporting everything from celebrity updates, news hot off the press, and even your latest television show character developments.
However, there are also those micro-blogging accounts where it seems that some “person” is following the status updates of 5,000 people yet only 10 or 20 people are following them. This seems odd…who has the time to follow 5,000 people yet is not popular enough to warrant anybody ‘following’ what they are doing? Yet this random person just ‘followed’ or ‘added’ you to the list of people they listen in on? Weird! So what in the world is going on?
Well, it is completely feasible that this person is waiting for you, and the 5,000 other people, to post something that could be personally identifying. Maybe you don’t post revealing information all at once. Perhaps without realizing it you do it over the course of months. Like pieces of a puzzle to be assembled into a greater picture at a later time. Maybe you uploaded a photo revealing your address or house number in the background of your family picnic? Did you post something with your name on it, or tied to your name like the picture of the new car you bought? Did you just update your status about the burger joint on the corner of Main St and how you are eating there?
Believe it or not just with that simple information above a person can cause you a big headache. For example: With that house number, nearby the burger joint address, the make/model of your car or license plate number in a picture (and personal information tied to this plate number), or anything else you posted, someone could do something as simple as fill out a credit card application in your name. With the free credit card application they stole out of your mailbox. Or perhaps they could use this information to impersonate you in other ways. Ick, who the heck needs that sort of trouble!
That whole scenario seems like a lot of trouble for someone to go through, but it really is not that hard. There are freely available programs on the internet that can scour social networking websites for certain keywords multiple times per hour. When they hit upon this keyword, the program marks that post for future review by human eyes. That person who was following you now has all the information they need from your three months of blogging posts to paint an excellent picture of you. They could possibly step into your shoes if they wanted to.
So what can you do to protect yourself? Remember the set-in-stone rules I mentioned above. What appears to be, may not be true. Ask your friend you do not speak to often if they really sent you a funny video about a cat climbing the Christmas Tree before you open the message and follow the link.
Do not post anything on the internet you wouldn’t want someone to see no matter how innocuous it seems to be. Personally identifying information such as license plate numbers, house numbers or other addresses, specific names, how you went to Johnny’s High school and still live in the same town…things like that. Remember that this information is stored somewhere, likely in multiple places, for almost all eternity. Information can be used like pieces in a puzzle to paint a bigger picture of you.
Do not accept “friend requests” from people you do not know. Do not allow people to “follow” you if you do not know who they are. If you are unsure as to the authenticity of the person on the other end, ask them a piece or two of personal information that only the true person would know. Watch your children and make sure when they are on these social sites that they adhere to your rules and guidelines.
Trust your gut feeling. When a scenario seems odd it could mean someone is up to no good. In addition, remember when you cannot see the person on the other end of the internet connection you have no proof they are who they say they are.
I truly hope this information helps steer you towards trouble-free social waters. The internet is certainly an awesome way to connect and stay in touch at the speed of light. We need not be afraid of the web, but we do need to respect the power it can have over us if used incorrectly.
Now I think I will go post on Twitter that I have finished writing this blog…
With WiFi hotspots popping up in all kinds of places, Geek Squad returned to the lab for a “next-gen” holiday gift. Now “Secret Agent Santas” will take WiFi technology to the next level, releasing WiFi hotspots from the electrical outlet through the use of high-speed USB modems and battery-powered routers.
Beginning today, select Agents in Atlanta, Chicago, Los Angeles, New York, and San Francisco will become “Secret Agent Santas,” providing free Internet access wherever they are. “Secret Agent Santas” will help people stay connected on the final leg of this holiday season on trains, in parks and at a multitude of other locations. WiFi’d Agents will be easily recognizable by their non-uniform holiday headgear – a light-up red and white Santa hat with LEDs around the brim.
Civilians are encouraged to take advantage of the free internet service and speak with the Agents about any technology problems or questions they might have. Select Geekmobile® vehicles in Atlanta and San Francisco also will be set up to provide service.
“Free WiFi has made staying connected easier and increased the usefulness of laptops, smartphones and other hand-held devices,” said Geek Squad Agent Ismael Matos. “By creating these roving hotspots, we’re providing an even greater level of service. Need WiFi on an ‘L’ train in Chicago? We can help. Want us to park six Geekmobiles at an Atlanta football game so you can tailgate and stay connected? We can do that too.
“To serve the greatest number of people, these hotspots will not be password protected,” continued Matos. “We recommend that civilians not conduct any particularly sensitive work as a result. Check sports scores but not bank accounts.”
WiFi’d Agents are a gift that keeps on giving; rolling out this holiday season, the service will continue indefinitely. Keep an eye out for specially marked Geek Squad Agents and open hotspots named “Geek Squad.” And if you have any WiFi location requests, please visit Geek Squad Intelligence (http://www.geeksquad.com/intelligence/) and leave us a comment.
Language was shortened long ago for ease of Instant Messaging. So when text messaging became popular, people were already armed with ‘c u l8r’, ‘IDK’, and ‘BRT’ (or “see you later”, “I don’t know”, and “be right there” for proponents of the Queen’s English). This computer lingo comes in handy now that social networking sites, like Twitter, are designed for short and succinct updates.
But what if you wanted to Twitter a link to my epic blog about using secure passwords? As you may know, Twitter updates are capped at 140 characters. The full address of my post is:
http://www.geeksquad.com/intelligence/blog/use-halibut-to-protect-your-identity/#more-474.
Not only is that hard to type, but it weighs in at 89 characters. This only leaves you 51 characters for the remainder of your tweet. When it comes to Twitter updates, space is at a premium.
Enter the URL shortening services. After TinyURL.com was launched in 2002, there have been numerous other sites with a similar spin, such as snipurl.com, is.gd, and bit.ly. By using their services, the large unwieldy URL above is rendered as http://tinyurl.com/yjclqts . Much easier on the thumbs, and it gives you more space to write glowing praise about the link in question.
The problem is, as with anything on the Internet, you find people with malicious intent looking to use URL shorteners to their advantage. Firewalls, anti-virus software, anti-spyware software, and phishing scanners are great, but if you click a link that goes directly to a malicious site, often there isn’t anything security software can do about it. You may think you’re following a friend’s link to a story about the release of Windows 7, and end up at a site with adult content or a site with the intent to infect your computer with a virus.
Some of the shortening services have instituted a preview system; for example, if you were to enter http://preview.tinyurl.com/yjclqts, the tinyurl site will tell you what the link points to. But for those sites that don’t have a preview system, or if you don’t want to retype all of them, there are a few ways to make sure you don’t end up someplace you’d rather not be.
There are add-ons, which are programs you can download for Firefox and Internet Explorer, which check the shortening site and report back to you the expanded URL, and then giving you the option of clicking on it or not. Longurl.org is a website that you can go to where you can copy and paste the shortened URL, and it will report back the full link.
So while sometimes your friends may just be trying to hit you with the most viral Internet prank of all time, other times you may find something far worse than Rick Astley on the other end of that link.
If you’re looking for some of these add-ons, go to http://snipurl.com/sikhj for Firefox or http://bit.ly/3RD3sP for Internet Explorer.
Note: Comments are moderated and will be handled as per our privacy policy. Please keep your comments on-topic and free of profanity. For more information, please view our Blogging Terms of Use.
anti-virus Apple Blu-ray Cell Phones CES cnet computer Dancing With the Stars Digital Television DIY (Do It Yourself) projects DTV facebook Firmware Geek Squad Global Positioning System Google Maps GPS HDTV Home Alone Home Theater internet laptops malware Microsoft Microsoft OS netbooks PC Security skype Smartphone Spyware Star Trek Technology twitter Two Minute Miracle United States Update Video video game console WiFi Windows 7 Windows XP wireless networking Wireless Networking XBOX360
WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.
Geek Squad