The holidays are here, and the news media is all a flutter about Amazon.com. Cyber Monday has of course beat Black Friday once again, and since this has been old news for at least the past 5 years someone decided it was time to change the subject to something else.
Enter: Amazon Delivery Drones
This past week, Bezos and Co. set the media aflare with the hot new topic of drones. The general idea has been around in science fiction for nearly a century, but now the Amazon CEO is insisting that specialized delivery drones are an imminent reality. Pundits the world around have responded with the usual slew of criticism, asking aloud how the government will regulate it, if it is technologically feasible, and, most importantly, whether it is safe.
No one can answer any of these questions with certainty, and in fact no one but Bezos himself actually knows whether Amazon has actually begun to develop this drone-technology or not. In fact, for all we know, it’s just an ingenious PR stunt, engineered to bolster holiday sales. Despite of all this, however, we here at Emsisoft have one important question that remains as yet unasked:
What will a future with drones mean for the future of antivirus software?
Naturally, any conversation about drones involves the topic of air safety. A drone that can deliver a package to your doorstep could just as easily deliver a bomb. Or it could monitor you from an unobservable height and give its operator all the behavioral details they would ever need to know to steal your identity.
If drones become a reality, they will be heavily regulated. This will necessarily include regulation of their software and measures to prevent it from being hacked. Even the most benign of drones could become malicious if hijacked by a programmer with malintent. Drones of the future will therefore require some sort antivirus software, just as personal computers do today.
Which of course brings us to a second consideration:
Will drones become personalized?
As far as we can tell, the answer is yes. That is, i.f.f. drones are developed commercially. If drones are developed commercially, it will only be a matter of time before they are developed for personal use. That’s how it went with computers, and that’s usually how it goes with anything else consumer tech.
Perhaps even more than commercial delivery drones, personal drones will require quality antivirus software. Large corporations like Amazon will stand to loose quite a bit if their delivery drones malfunction, and you can be sure that if they are developed they will likely be impenetrable. But personalized drones won’t be nearly as robust, and if they are to be legalized they will likely require an antivirus software and perhaps also an operating license.
Which brings us to a third consideration: ^ Shouldn’t those be requirements to operate a PC? ;)
…In any event, we’re excited about the future of antimalware, and already dreaming of Emsisoft 2023: Fully Optimized for a Secure PD (Personal Drone) Experience.
Emsisoft Anti-Malware 126.96.36.199 is a maintenance update for improved malware cleaning and stability.
- Improved behavior blocking rule processing.
- Improved handling of objects infected by multiple malware.
- Fixed an issue with repeated downloads of specific updates.
- Fixed a problem with removal of specific cookies.
- Fixed a wrong behavior of the licensing system.
- Fixed bug “A major problem has prevented the application from starting”.
- Fixed a bug that prevented resetting of certain registry value names under HKU.
- Surf Protection host list loading bug fixed.
- Incorrectly alerted hosts for disabled categories fixed.
- Crash on quarantine rescan after online update fixed.
Christmas is the season of joy and happiness. It is the most awaited time of the year by both children and grown-ups. So, don’t let any viruses, trojans and malware to ruin your holidays!
Now, you can prevent malware from entering your PC with our Christmas Special offer: you get a license of Emsisoft Anti-Malware for 3 computers for the price of only 1 license. So with only $39.95 you can protect all your family’s computers at once.
Note: This is a time limited offer, only available for new purchases of Emsisoft Anti-Malware (1 year).
As recently discussed in our post about Hacking Identity Theft, there are number of ways that malware can work its way onto your computer. One of the most common modes of entry is through a Trojan Horse program that fools you into installation by presenting itself as a useful plug-in or application.
Rogue security software is a type of Trojan that presents itself as antivirus software, and right now there is a very pesky type of rogue circulating the Internet that is very similar to what was called The Protector Rogue, in 2012.
The Protector Rogue took its namesake from the file-name protector-xxx.exe (where x’s were random letters). This malware was very common until it was for the most part eradicated in September of last year. This new version of the Protector Rogue has the file-name guard-xxx.exe and the registry run value GuardSoftware.
Because hackers are generally lazy, they usually base new malware of off older versions, and GuardSoftware has many of the same components that Protector did. In fact, despite the name change, even the Graphical User Interface (GUI) is still setup for Windows XP.
This unchanged GUI is a dead giveaway to anyone running anything past XP. The makers of GuardSoftware have implemented a few new tricks, however, and it’s for this reason that the malware is starting to work. GuardSoftware’s installer, or dropper, has a valid digital signature, which makes it more trustworthy to the human eye at glance and which will bypass certain forms of heuristic detection.
At the same time, GuardSoftware utilizes hijacking techniques not previously observed in comparable rogue programs. After installation, GuardSoftware restarts your computer and then essentially locks your desktop with a “Scanning In Progress” screen.
This screen is meant to fool users into trusting GuardSoftware, and it even goes as far as allowing you to “disable” the scan through an “Options” feature. This faux-disable will unlock your desktop, but it will not stop the scan. Instead, the supposed scan will continue to run in the background, with constant pop-up reminders that your computer is infected, all aimed at persuading you to purchase the full version of GuardSoftware, by entering your credit card information into a screen like this:
GuardSoftware is one of the first rogue programs to utilize such screen locking, which in the past has typically only been observed in ransomware. In the past, Protector Rogues would instead just scare users with frightening messages, such as YOUR COMPUTER IS INFECTED or PROTECTOR FOUND 136 VIRUSES ON YOUR COMPUTER!!! It would seem that whoever developed GuardSoftware has realized that most computer users are no longer so gullible, and that a more forceful approach is necessary.
This rogue family uses a variety of names, some examples are Windows Expert Console, Windows Cleaning Toolkit and Windows Active Hotspot. Below are some sha1 hashes listed for these variants:
Fortunately, anyone running the full version of Emsisoft Anti-Malware is protected from the GuardSoftware rogue. Emsisoft Anti-Malware features a Behavior Blocker which is designed to recognize rogue behavior where the human eye and other antimalware programs that rely on heuristic detection cannot. Emsisoft users who come across GuardSoftware can expect a prompt warning from a screen like this:
Our recommendation is to block the program immediately and to identify exactly where GuardSoftware was encountered so that the point of contact can be avoided and that you can warn your friends. In the meantime, we here at Emsisoft will continue to monitor GuardSoftware as it inevitably evolves and develops. If it is anything like its predecessor, it will be around for some time…but it will also eventually be defeated ;)
Emsisoft Anti-Malware defeated 35 other Internet Security Suites in the recent AVLab Performance Test and received the “Best+++” award for its outstanding performance.
The official test results are available in Polish only at the AVLab.pl Website. An English summary can be found at www.anti-malware-reviews.com!
We have prepared a special Black Friday deal. For a limited time only, you can take advantage of 30% discount on each of our products* and receive a bonus 3 extra months for FREE. Please remember that this deal is available only on 29th of November!
Having doubts about ordering Emsisoft Anti-Malware? Here are some reasons that are sure to convince you. Virus infections are simply no match for Emsisoft Anti-Malware because:
- It cleans your computer using dual Anti-Malware & Anti-Virus scanners, without slowing it down, even in deep scan mode.
- It contains 3 layers of protection: Surf Protection + File Guard + Behavior Blocker.
- It monitors your computer, websites, downloads and emails for malware and virus content and protects you against new threats.
- It provides the highest detection and protection rates on the market, backed by multiple AV-Comparatives, MRG Effitas and VB100 assessments.
Get the deal for Emsisoft Anti-Malware, Emsisoft Online Armor Firewall or Emsisoft Internet Security Pack now!
*Note: This promotion is valid for the following products: 1-3 year licenses of Emsisoft Anti-Malware, Internet Security Pack and Online Armor
Identity theft has been around as long as there has been identity. Long before the age of computers, people specialized in the art of forgery, to pose as others and to use their assets to their advantage.
Identity Theft: Ways and means
Before computers and before what has become the ubiquitous connectivity of modern day life, information was much scarcer. Identify thieves had to work a lot harder to uncover their victim’s details; however, once they found what they wanted it was often much easier than it is today to get away with the crime.
The emergence of large scale credit bureaus in 1970s marked a new era in identity theft. These bureaus specialized in the collection of individuals’ financial information, and they quickly became targets for maleficent con-men looking for an easy score. Primitive identify theft consisted of cold-calling such credit bureaus and conning customer service reps into giving away the essentials, like a person’s DOB and SSN. Identity thieves could then use these credentials to log onto government databases and access financial activity records.
Before the Internet became what it is today, these records were about all identity thieves had to work with. Such records were usually just a simple list of where a person held financial accounts, and nothing more. Identity thieves had to use these records as leads, and contact the places where their victim banked directly, over the phone. They’d then have to swindle their way past yet another customer service rep, and hope to get an account number – the prized payoff and score.
Today, all of this has changed. Smooth talking con-men who could charm their way past yesterday’s customer service reps have been replaced by the modern day hacker, who instead manipulates the encrypted data of 1s and 0s.
Identity Theft: Today
Today, everything from your checking account to that party you went to last Friday night is located somewhere on the web. It’s no longer just one governmentally controlled database accessible only to those who know your SSN. If you spend any significant amount of time online, just about anyone who knows how to use Google can probably find out where you live and what you do for a living in a matter of minutes. And for a motivated hacker, this is more than enough of a lead.
Modern day identity theft works on the premise that “the thing” one wants to steal is located on the target’s personal computer. This “thing” is usually a collection of passwords and records that will allow further access to personal financial accounts.
Technical details aside, what modern day identity theft boils down to is placing a malicious program onto a victim’s computer that will allow the hacker free reign to all of their files. For even moderately competent hackers, creation of such a program is quite simple.
Identity Theft: Tools
There are a number of programs a hacker can use to get what they want from your computer, and while identity theft protection is far from dependent on a technical understanding of these tools, it can useful to be acquainted with them.
A log keystrokes program is exactly what it sounds like – a program that records what you’re typing and shows it to the hacker. Log keystrokes programs are usually used to discover passwords to financial accounts, but they can also be leveraged to monitor a target’s online communications.
Brute Force password hacking
Many hackers have the formulation of passwords down to a science and can simply figure out your password through a series of educated guesses or through the use of an algorithm. The unfortunate reality of password security is that it usually isn’t that secure. Most people reuse their passwords, and most of these passwords are relatively easy to guess.
Let’s say for example that you were born in 1960 and that you have a pet dog named Sarge, so you decide to make your password Sarge1960. Let’s say that you also have a Facebook account that lists your birthday and features tagged photos of you and Sarge. Any hacker with a pulse and the inclination is going to figure you out.
If a hacker wants to get into your computer to steal passwords or files or to remotely monitor your activity, they can install a “backdoor” entryway. Backdoor programs exploit weaknesses in your network security and allow the hacker to come and go as they please, without your knowledge or permission.
Many backdoor entryways are created when unsuspecting computer users download “Trojan Horses,” which are programs designed to look like useful software that actually establish backdoor entries behind the scenes. Trojans are just one of multiple ways a hacker can get into your system, though. As we will see, there are actually numerous routes of access, many of which are easy to overlook, and all of which would make the con-men of yesterday proud.
Identity Theft: Infiltration
Today’s identity thieves are armed with many forms of software and computerized tools, but these tools are absolutely useless unless they are installed on your computer. Accordingly, determined hackers have been known to go to great lengths to get their malware on their victims’ computers.
Though not the most creative method, physical implantation is tried and true and extremely effective. If a hacker really wants to establish a backdoor entry or a log keystrokes program on your computer, they can simply break into your home and install the file while you are away.
Attacking your wireless network
Hackers can camp outside your home and attempt to identify your wireless network. If you have a Wireless Protected Setup (WPS), breaking in is surprisingly easy. Once inside your network, hackers can pretty much do whatever they want. This includes stealing your sensitive information right then and there, establishing a backdoor entryway, or simply implanting any other type of virus they’d like.
Fooling you onto their network
Hackers often fool their targets into logging onto wireless networks in public places. For example, a hacker could wait for their target at a coffee shop, set up a network called “Coffee Shop’s Free Wi-Fi,” and thereby dupe the target into logging on. Once the connection is made, the hacker may be able to monitor what you are doing online, view your computer’s files, or implant a virus.
In I challenged hackers to investigate me and what they found out is chilling, gonzo journalist Adam Penenberg challenges 3 white hat hackers to steal his digital life. The hackers ultimately succeeded, and they did so through means of malicious email.
By now, even the most inexperienced of computer users knows full well not to open phishy sounding email from a mysterious stranger with an offer that’s just too good to be true – but hackers know this, and have creative ways of working around it.
In Penenberg’s case, the hackers leveraged the fact that the journalist’s wife ran her own Pilates studio. They then posed as a young woman applying for a job as an instructor. They went as far as finding a real woman online and using linkage to her social media profiles to craft a convincing ruse. In their “email application,” they included a “video resume” attachment. Penenberg’s wife ended up opening this attachment on her laptop, and from there the hackers had a field day.
Hackers can also get what they want from you by creating malicious websites. Links to such websites can be supplied to their targets in any number of ways. For example, a hacker could pose as person with interests similar to your own, and post a friendly invitation to visit their “blog” on your social media profile. The “blog” would actually be a phishing site or a means of getting you to download malware.
A malicious website could also use the Trojan horse technique, and pose as a site that’s offering free software. The software could be advertised as anything useful, such as a PC tuner or even an antivirus system. While running, the software would indeed appear to be what it had been advertised as, however, in reality, this appearance would actually be masking some sort of virus, such as a key logger or backdoor.
Believe it or not, one of the most creative and seemingly innocuous approaches to identity theft infiltration is through malicious hardware, such as an infected flash drive. This method is mostly used when identity thieves have a specific target in mind. If a hacker has done their research and found out where you live or work, they can simply load their malware onto a flash drive and drop it somewhere where you are likely to find it, in the hope that curiosity will kill the cat and you’ll plug the drive into your computer. If that doesn’t work, they could simply go to where you work, and wait for the right opportunity to “borrow your printer” on the pretense that they need to “print out a resume” for a job interview.
Depending on the type of job you have, this may or may not work, but a determined identity thief seeking a means of infiltration is limited only by the nefariousness of their imagination.
Identity theft: Prevention
While the means of identity theft have most certainly changed, the essence of approach is fundamentally the same and probably will be forever. Silver-tongued con men and maleficent hackers both rely on establishing a pretense and fooling their targets into giving away their personal information.
The truth is that if a hacker wants into your life bad enough, they will probably find a way in. Hackers are highly intelligent, and sometimes a bit crazy. Fortunately, however, most individuals don’t have enemies of this nature. More often, hackers target corporations over individuals, because the larger size allows for more modes of entry and a greater degree of anonymity.
No one is completely immune to identity theft, though, and in addition to well-designed antivirus software there are many common sense measures that all basic computer users should put into place.
Familiarity with the tools and means of modern day identity theft outlined above is a great start, but even those who know nothing about the world of hacking can protect themselves from identity theft with a healthy dose of skepticism. If you’ve been around for a while, you can probably spot a con-man or a scam when you see one, and in the world of computers the warning signs and acts of pretense are in many ways the same.
As in day-to-day life, anything you’re unfamiliar with should be put under the strictest review before you open it with your computer. Unfamiliar file extensions and phishy emails from strangers are best ignored. Remember that Public Wi-Fi usage is Public. And whatever you do, don’t create an excel sheet of all your passwords ever. That’s just asking for identity theft, from just about anyone who can open a file and read.
Spam and malware from the view of a marketing professional.
Why does spam have to be ugly?
When was the last time you received a really good looking, sophisticated, unsolicited email? Actually, I’d have to dig really deep in my spam folder in order to find an example of interesting, engaging or (haha) well designed spam content. You know, the kind of email you only unmasked as spam because you received the exact same message in all of your accounts that day, not only the one that you actually used to register somewhere like Facebook, Amazon or your online banking site.
To be honest, I have so many email accounts that sometimes I have to think twice to remember exactly which one was used to register where. Others may use their one and only email address for everything. In the end, we are all profitable targets it seems. Or are we? I mean, honestly, how many of you would be tempted to click on one of these beautiful call to actions?
Spam pays off
There are two possibilities here: either many of us follow the invitation and actually buy something, or, so little revenue is generated from these spam mailings that the spammer simply decides to increase the volume of spam they send. As a marketeer, I think it has to scale at some point, right? Let’s take a look at some statistics that were recently published by Eleven Research for the third quarter of 2013:
Trust your gut
As a side note, I’ve never really understood how some spam campaigns could ever have become successful in the first place. A few examples from everyday life:
The first thing an average intelligent person would do, is to call their bank (or send a tweet) and ask “What’s going on?”. Not to mention that receiving multiple emails with similar subject lines and senders within the space of a couple of hours, is hardly convincing at all.
If you are really concerned about your weight, please stop ordering some placebo or maybe even harmful pills from some obviously untrustworthy source. Instead, get moving and take a walk or swim or whatever comes to mind. Or maybe consider changing your diet. If you took a walk around the house every time you felt like eating sweets or high fat snacks instead, how many kilometers would you be able to count in a week? As this is a highly controversial topic, I prefer to back it up a little with some findings of the World Health Organization on the influence of physical activities in our everyday life.
While it might be interesting to see a topless celebrity, I would rather not follow the invitation to check out a “hot babe” or the “huge manhood” of some stranger. There is youporn for those “urges”, guys and gals. And with the anonymous modes that are available in most browsers today, you won’t even leave many traces; while infecting your computer with some nasty trojan, on the other hand, could ruin your digital life completely.
Similar concerns to diet pills, but probably more efficient from a sales perspective, as lack of libido is still taboo amongst many people.
If you want a cheap knock-off watch, go to the guy down the street. At least he won’t ask you for any of your personal information.
Who clicks on a headline that doesn’t make sense or speak to any inner desire at all, really?
We could continue on, ad infinitum. The fact is, that regardless of the type of product you buy online (pills, cars, spouses…) from a non-verifiable seller, you risk being scammed in the process. And if these offers are only half as poorly designed as my examples above, then please reconsider even opening them at all.
As a creative person and one that usually likes ads (comes with the job, I suppose), I would love to see these annoying spams become just a little more attractive or even interesting to read. Of course, that is never going to happen, as quantity overrules quality per definition of the word ‘spam’.
My wish for Christmas this year: Dear spammers out there, try to clean up your probably illegally obtained database every once in a while, so I won’t receive that same lovely spam multiple times a day to the same account. You have to realize that this really hurts your conversion rate, right? While on the other hand, removing duplicate email addresses takes only one line of code:
$ sort yourlist.txt | uniq >cleanedlist.txt
Maybe then I’d actually end up opening one of your messages that coincidentally slips past my spam filter in the future, because it wouldn’t obviously be the 12th copy within the mailing cue. But with spam filters getting more and more thorough as well, it is no surprise that at some point someone had the bright idea of trying something new: malware.
The frightening way: Malware
Let’s not send users ugly looking spam anymore, let’s just take their personal information and/or money directly. Good idea!
I was surprised to hear at a security conference this year, how little money is necessary to obtain your own handcrafted malware, distributed by a botnet with better customer service than any other industry could ever accomplish.
Malware also seems to be maturing. While some of you might still remember funny virus attacks skewing your screen display or rebooting your system every 10 minutes, today we are faced with truly sophisticated malware that continues to evolve at an amazing speed. If you take a look at recent statistics, you’ll see that this number continues to rise at a daunting rate every year. Here at Emsisoft alone, our malware analysts collect more than 200 000 malware samples every day!
My advice: Don’t take any chances with the security of your digital life. Just as you fasten your seat belt to protect yourself in the event of an accident, you should take precautions to guard your digital goods. Remember, it only takes one incident to destroy all your data, your digital footprint or your credibility. But it could take a life-time to rebuild your reputation.
Author: Monika, Emsisoft Marketing Team
File-sharing sites and torrents are dangerous places by definition, as one can easily become infected with a nasty virus.
It is rare for the so-called warez scene to expose its users to malware directly; usually it’s added later by third parties. Unfortunately not all groups seem to play by these rules:
As of Saturday, all releases by a group called MeGaHeRTZ were officially nuked by the warez community for embedding malware in scene releases and harvesting information from host machines. Ironically, the first user to report unusual activity had just installed a MeGaHeRTZ release of Malwarebytes Anti-Malware Pro.
Since February, dozens of infected MeGaHeRTZ “crack” patches have been extracting data from host machines including username, computer name, drive serial obtained via the Windows API, and IP address.
As there is no way to delete every single copy of these “tainted” releases that are now spread all over the World Wide Web, avoidance of such releases is strongly recommended.
Posted in General