Spyware > Spyware News

Category Archives: Spyware News

Internet Users Still Careless On Password Security Despite Increasing Risks

July 21, 2011 Comments Off

Did you know that the passwords and usernames utilized over the internet are considered to be the key to your virtual identity and could mean a matter of you going broke at the hand of a hacker?

Hackers are busier than ever targeting any computer user over the internet that makes themselves vulnerable. Over the course of the past 10 years large portions of people’s lives have been shaped by the internet and everything that it has to offer, good and bad. Unfortunately, for a steadily rising number of internet users, they, have left themselves vulnerable to hackers by simply choosing to utilize a password that is too obvious or use the same one for multiple online accounts.

Do you ever feel that you have too many things to remember in life? You have a bank account, or several bank accounts, a smart phone lock code, house alarm code, social networks to log into, ATM pin numbers and a whole slew of other numbers to juggle. The last thing you probably want to do, adding additional complexity to your life, is remember multiple passwords for several online accounts. In reality, that is the wrong attitude to have because it could lead to you falling prey to an internet hacker.

Cybercrooks are always on the lookout for individuals who use weak passwords or use the same passwords for access to online accounts especially when those accounts could grant a hacker access to a bank account or credit card account. It is just as simple as a few guesses for clever hackers to obtain a password to an email account which may harbor pertinent data for access to a banking account. Basically, if you use a password that is easy to guess or the same weak password for all of your online accounts, it is only a matter of time before you end up getting a bank account statement reading zero.

Security Risks are very real and more prevalent than ever!

In a study conducted by the Ponemon Institute last month, it reveals that in the last year, 90 percent of businesses suffered at least one data breach. McAfee has confirmed that only 40% of US based companies disclose all security breaches while only 60% report the major ones. Not only has hacking become a force to be reckoned with over the past few years, but cybertheives thriving on individuals who fail to use safe passwords practices has allowed data breaches and theft of money from online banking accounts to happen.

How do you know if your password is strong enough?

Let’s face it, the password ‘123456′ is extremely weak and should never be used for any type online access or account. Some email providers have taken steps to disallow weak passwords prompting their users to be more creative with password creation when setting up a new account.

When forming a new password and ensuring that it cannot be easily guessed, try using a combination of letters, numbers and symbols if possible. It is also a great practice to change your password often every 90 days or less. Microsoft even has a site dedicated to checking your password to ensure that it is ’strong’ enough. View the video below to see how simple it can be to choose a good strong password.

What are your password practices? Will you be changing anything about your password usage over the internet?



How to Install SpyHunter When Malware Prevents Software Execution and Displays an ‘Open With’ Dialog Box

July 11, 2011 Comments Off

Several variations of rogue anti-spyware programs, such as XP Antivirus 2011, are known to prevent SpyHunter and other legitimate security applications from running on a PC. These malevolent programs may break the association with Windows .exe files, which will prevent executable programs from running. Basically, when a malicious program such as XP Antivirus 2011 is installed on a PC, Windows will no longer recognize the .exe file extension. In such a case, Windows will prompt a computer user to select a program that the computer user may want to use to open the file. An example would be when computer user attempts to open a .doc file, the association is normally linked with the Microsoft Word application. In the case that the association for the .doc file is broken, Windows will automatically prompt the user to select a program to open the file with.

Usually file extensions are assigned a specific program to open by default when a file with the extension is executed. In the event that Windows does not recognize the file extension, a dialog box called ‘Open With’ will ask the user to ‘Choose the program you want to use to open this file.’ Newer versions of rogue security programs, such XP Antivirus 2011, are designed to exploit this functionality leaving the computer user unable to install or run any executable application including trusted security programs.

Figure 1. – ‘Open With’ dialog box from attempting to execute the installation of an .exe file.
Open With dialog box

When a computer is infected with XP Antivirus 2011 or any of its variations and they attempt to open any program, including a legitimate spyware removal tool such as SpyHunter, they may be prompted with the ‘Open With’ dialog box. This happens because the association with .exe files have been manipulated by XP Antivirus 2011 or one of its aliases.

An alternative to installing SpyHunter for PC users has been implemented for users who may be experiencing the .exe association issue. Additionally, users may not be able to download the alternative SpyHunter installer normally. The special file named ‘SpyHunter-Installer.com’ (listed below) must be downloaded to fix the .exe association problem. Utilizing the download link below will allow computer users to successfully install SpyHunter on their system after the SpyHunter-Installer.com download has been executed.

Download SpyHunter-Installer.com to Install SpyHunter

Infostealer.Coinbit Trojan Hack Leads to Theft of Bitcoin Virtual Currency

July 8, 2011 Comments Off

Up until now the bitcoin p2p community was only well known by computer geeks and maybe a handful or two of curious investors.

Recently, after a well-documented $500,000 cyber heist, the virtual currency exchange has quickly gained world-wide notoriety after the hack plunged its value to pennies.

Bitcoin (BTC), a digital currency, was introduced in 2009 and is considered the first decentralized digital currency to gain steady momentum in both use and value. Similar to the dollar, bitcoin’s value fluctuates based on demand. However, unlike the dollar, bitcoin is based on a controlled supply that maxes out at 21 million coins and this supply is managed by peer-to-peer networks instead of a centralized bank.

bitcoin currency theft

Bitcoin is most attractive to persons wanting to hide their transactions from big brother’s (aka government) prying eyes or those seeking to live in a libertarian financial world. One can either buy bitcoins through designated exchanges such as Mt. Gox, the virtual exchange that apparently was hacked, or they can become a miner. Miners or p2p networks generate blocks to verify each and every bitcoin transaction and for this ‘work’ and use of their system resources, they earn and generate bitcoins. All transactions are recorded and made public and this process plus the imposed $1,000 daily cash out (US dollar conversion) may have salvaged the bitcoins industry from an otherwise plummeting existence.

Suspicious trading on Sunday at Mt. Gox preceded an outcry that following Monday from a bitcoin forum member named ‘allinvain’ that his wallet full of 25,000 bitcoins (current exchange rate valued them at $500,000) had been stolen. The unnamed trader first sold the coins before repurchasing them again and attempting to cash them out. Thankfully the daily cash out limit of $1,000 was enforced, leaving many to wonder where the remaining bitcoins where being stored and how the heist was made possible.

Mt. Gox subsequently confirmed the user account had been compromised through the use of a Trojan horse and that hackers also infiltrated their system, manipulating the price and stealing vital account data. Upon discovery of the breach, Mt. Gox suspended all transactions and secured all accounts, although it could not keep the price from plunging from $17.50 USD down to $.01 USD. Reports indicate that the remaining coins are being secured by Mt. Gox, which I’m sure is a relief for supposed owner and victim Allinvain.

Allinvain’s bitcoin wallet was stored on a Windows OS, known to be targeted by malware attacks because of known vulnerabilities. Doubly risky was Allinvain had not encrypted his .dat file.

Cybercriminals look for holes in hardware and software and depend on human behavior and ignorance to Internet safety to help them steal unwary PC users’ data, cheat them out of money and compromise their PCs. In this case the Trojan identified as Infostealer.Coinbit was used to infiltrate a system.

Source code for Trojan.Infostealer.Coinbit, malware designed to locate bitcoin wallet.dat files and upload to a remote server, was reported posted on underground forums. Due to the increased value and interest in the virtual currency and its untraceable expenditures, you can be certain cybercrooks will target more bitcoin wallet holders.

If you use bitcoins or are considering joining its community, you may want to use one of the many secured third-party systems to store your wallet. Otherwise, you should ensure you are using good Internet practices that include the following:

  1. Keeping your wallet on an encrypted partition.
  2. Keeping the ‘passphrase’ separate from wallet and in an offsite location.
  3. Keeping encrypted back-ups in an off-site location.
  4. Instead of saving your wallet to a network, just manually copy the address each time.
  5. If your wallet is compromised, do not erase but send all the coins to a different wallet instead.

Once malware infiltrates your system, you can count on other malicious programs to follow and continual attacks. In addition to your vital data being stolen, you might incur:

  1. Spoofing of your email account and a spammer spamming all your friends and family.
  2. Exploitation of a remote assistance tool so a hacker can malicious use your PC to:
    a. Distribute a DNS attack
    b. Mass spam other unsuspecting PC users
    c. Download more malicious programs or upgrade malware to counter combative efforts by the Internet security community
  3. A slick interface of some rogue security program simulating a security breach by assaulting you with fake alerts and warnings, so you can blindly hand over your credit card and buy its useless software.

Other ways to ensure your data and PC are protected is by practicing good Internet safety as follows:

  1. Keep an up-to-date antimalware solution installed and active.
  2. Stay atop of software upgrades that patch known vulnerabilities.
  3. Never trust or click on links or download files from unknown sources.
  4. Do not pirate, it is illegal and these files are known to be laced in germs.
  5. Surf the Internet with caution and stay away from questionable sites (i.e. porn and free gaming sites).
  6. Do not open spam and just delete altogether.
  7. Spammers are hijacking and spoofing accounts so verify before ‘clicking’ or responding.

Verizon’s ‘Data Breach Investigations Report’ Emphasizes Massive Risk Increases for Everyone

July 7, 2011 Comments Off

If you read some of the highlights of Verizon’s 2010 Data Breach Investigations Report, one could easily accuse them of talking loud enough that you can actually ‘hear them now’.

Verizon can you hear me nowAccording to a recent study of nearly 800 breaches, as compiled by Verizon, the Secret Service and the National High Tech Crime Unit of the Netherlands, there was a mouth-dropping decrease in data records stolen, 144 million in 2009 down to only 4 million last year. But wait! The same study ‘quintuples’ data breaches for the same time frame, 141 in 2009 and a whopping 760 in 2010! Why the disparity? And should we jump up and down to celebrate, or pull out our hair from worry?

Verizon’s RISK team contributes the shift to smaller targets with an increase in frequency. Industry pundits somewhat agree and feel prosecution of insiders or high-profile hackers like Albert Gonzalez may have deterred many who simply are choosing lesser exploits carrying lesser sentences. Attacks on small businesses are attractive in such the spotlight is dimmer and because of lax security practices mainly due to budget restraints, such open targets simply offer greater opportunities.

Verizon’s report and the recent Epsilon attack clearly confirm data security breaches are on the rise. However, without disclosure of records stolen makes it difficult to assess the true threat level, which Epsilon, one of the world’s largest database managers, remains mum.

Data Breach: Quality versus Quantity

Maybe it is not how much is being stolen but rather what is being stolen. David Ostertag, global investigations manager for Verizon, points out the shift in the type of data being sought by criminals. Apparently, payment cards are no longer the big attraction but rather intellectual property, such as business policies, practices, deals or source codes. Such an infringement threat has many a big businesses losing sleep with worry.

The well-crafted, spear phishing attack and ultimate theft of unknown Epsilon data records, is clear proof no one is exempt. Cybercriminals are employing sophisticated techniques and stealth malware tools to rip off their victims, whether Mr. Big Corporation, Ms. Small Business, or even you, little ole PC user. And whether it is a battle of choice or opportunity, scammers and hackers are knocking on your door early morning, mid-afternoon or late at night, and you need to be prepared to quickly turn off the lights and ensure your doors and windows are locked tight.

Bryan Sartin, Director of Investigative Response at Verizon and author of the report, was quoted as contributing 96% of the security breaches in 2010 to lack of preventable measures. Intermediate or simple controls such as updating default credentials, restricting use, security remote access, monitoring network logs and regularly review and patching of source code vulnerabilities might have greatly reduced the chances of an attack.

The same could be said for the everyday PC user. By instituting a few basic security measures, most intrusions and system security breaches could be blocked and could save persons the frustration of becoming victim to another greedy scam.

  1. Install and keep an up-to-date antimalware solution on your PC.
  2. Stay atop of software upgrades that patch known vulnerabilities.
  3. Do not blindly open files or click on dubious links without consideration of Internet safety.
  4. Protect your security authentication and never share it with ‘anyone’.
  5. Pirating is breaking the law and these illegal freebies are laced in germs.
  6. Be careful when you surf since malicious websites are on the rise.

Hacker Steals 70 Million Sony PlayStation Network Users’ Personal Info

July 7, 2011 Comments Off

Sony confirmed that a hacker stole personal information from upwards of 70 million account holders and subscribers of the PlayStation Network.

Sony Computer Entertainment and Sony Network Entertainment, part of the world’s fifth largest media conglomerate, is the creator of the Sony PlayStation 3 (PS3) gaming console which offers an online network (PlayStation Network) for account holders and subscribers to play games online or download media content (movies, TV shows, ect.). A recent attack, that reportedly took place a week ago just before April 20th, has compromised 70 million PlayStation Network subscribers’ personal data, ending up in Sony shutting down the PlayStation Network. During the attack, Sony says that there is no evidence currently to suggest that credit card data was taken. However, data including email addresses, passwords, birthdates, home addresses and users’ names were obtained by the perpetrator.

sony-playstation-network-hacked

There is a major uproar among PlayStation Network subscribers due to the fact that Sony has waited almost a week later to notify members of the attack especially when the data stolen consists of such pertinent user information. Some of the subscribers reacted with the following statement:

“You waited a WEEK to tell us our (personal) information was compromised?” one PlayStation user wrote on a Sony blog. “That should have been said last Thursday”

Reportedly, the intrusion to the Sony PlayStation Network occurred between April 17 and April 19. The network was taken down by Sony on April 20, which at the time, subscribers were left in the dark not knowing what had taken place. The network was said to be restored within two days but remained to be down for a longer period of time.

At this time no one has 100% ruled out the idea of credit card data being stolen. It is already bad enough that Sony has said other personal data may have been compromised, which could easily lead to identity theft.

In lieu of the recent PlayStation Network hacking incident, Sony is urging customers “to protect against possible identity theft or other financial loss” by reviewing credit-card statements and suggesting placing “fraud alerts” with credit bureaus.

If we look back into other data breaches just this year, you will notice some of them resulted spam campaigns and malware scams. Researchers and security experts fear that this could happen in the recent PlayStation Network hack, or even worse, have the stolen data posted online somewhere. What if just a portion of the 70 million effected PlayStation users and subscribers’ data was posted online? Virtually anyone with the know-how could break into other online accounts belonging to a victim. Better yet, a hacker armed with this data could clean out the online banking accounts of thousands of PlayStation Network users. They don’t need your credit card information to do this. A simple email username/password may do just the trick.

Are you a subscriber or user of the PlayStation Network? If so, have you changed your email password that you may have used on the PlayStation Network yet? We strongly suggest any subscriber to the PlayStation Network to change their online passwords now rather than later. Right now you have to ask yourself, would you trust anyone with the information that you may have used to access the PlayStation Network even if it is not a full credit card number?

Page 1 of 86123456789101112131415Last »

Switch to our mobile site