US Banking on Alert for the “Hacker-in-Law”
- Comments: 0
- Written on: December 18th, 2012
There is a black-hat cyber hacker threatening widespread bank account theft against US victims on a level never before achieved and there are some things you need to do to make sure your computer (and you bank account) stay out of what could be a record-setting cyber-heist.
A Russian hacker using an online handle that roughly translates to “Thief-in-Law” intends to steal a whole lot more than the silverware your Aunt Betty tried to steal after dinner last Christmas.
New Private Malware Testing
This hacker has developed his own malware and has successfully conducted several “trial-runs” infecting more than 500 computers with minimal effort. The latest trial concluded at the end of November 2012.
Thief-in-Law publicly claims that he is in Russia, that no one in the US can touch him and that he is going to steal millions of dollars from US banks sometime between now and the spring.
Banks have been alerted by Anti-Virus giant McAfee has issues warnings to banks and provided new signature files that they claim can detect the viruses malware.
Confusion About Attack Target
While McAfee is providing definitions to protect banks, Thief-in-Law is infecting individual peoples computers with malware.
My best educated guess is that the Russian hacker is infecting individual machines looking for online banking passwords. His software reportedly can even answer your challenge question if it knows the answer. To get that information he needs access to your personal computer.
With that information the hacker may be planning on using a list of established account numbers with verified balances. With this list he knows who to target when (or if) he successfully breeches bank security.
What you Can Do to Protect Yourself
There are some specific steps you can take to protect yourself, your computer, and your bank account from this attack.
- Update your Antivirus – If you are not running Norton 360, I strongly recommend you obtain a copy as soon as possible.
- Download all Required and Recommended Windows Updates – Many people allow Windows to install automatic updates, but they never click on Start and then All Programs and select Windows Update to see the recommended updates. Some of these are just as important and they should be installed.
- Install Secure Updater from www.secureupdater.com – Secure Updater is free for the first 14 days. That gets you through the Holiday season with one less thing to worry about. This program updates all of the third party applications on your computer that cyber criminals exploit to gain access to your data.
- Change your online banking password and challenge question – Of course it is recommended you do this often, but if you haven’t rotated your online banking passwords, challenge questions, and challenge images, this is a great reason to do so.
Think You Won a Gift Card From Best Buy? SMS Text Message Scam Hits
- Comments: 0
- Written on: May 7th, 2012
Have you received a text message telling you that you are the lucky winner of a Best Buy, Wal-mart, or Starbucks gift card? If so, you are not alone! One of the newest types of identity theft scam lures unsuspecting victims by sending mass text messages to randomly generated phone numbers. The batches SMS messages […]
A Leak in Microsoft’s Patching (Security) Division
- Comments: 0
- Written on: March 19th, 2012
How to Keep all of your Third Party Programs up to Date and Defeat Cybercriminals
- Comments: 0
- Written on: January 11th, 2012
The world we live in is getting more and more dangerous every day (as evidenced by Monday’s post about the latest banking crimeware) so it is important that you take the measures necessary to keep your technology safe. There are always the basics like keeping your Windows Operating System updated and running good anti-virus software […]
New Crimeware Infection Defeats Common Bank Security Measures
- Comments: 0
- Written on: January 9th, 2012
ZDNet.com is reporting today that a new variant of malware has been detected that infects your computer and steals your online banking credentials. This new infection can even defeat the image verification schemes that banks have put in place to prevent such intrusions from happening.
The latest strain of the ID-theft malware, called Gameover, begins as a phishing scheme with spam e-mails — purportedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC) — that leads to malware infection and eventual access to the victim’s bank account.
The FBI said the phishing lures typically includes a link in the e-mail that goes to a phony website. ”Once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information,” it warned.
The FBI said recent investigations have shown that some of the funds stolen from bank accounts go towards the purchase of precious stones and expensive watches from high-end jewelry stores.
Please make sure you are running Symantec’s Norton 360 software and you are using the Secure Updater to keep all of your third party applications up to date with the latest security patches.
New Schrock Data Center Deployment Critical to Future Expansion Plans
- Comments: 3
- Written on: September 20th, 2011
Scaling from one computer repair service center at Schrock Innovations to two was a logistical challenge, but for the most part it involved duplicating systems we already had in place. Now that Schrock is adding a third Service Center in Papillion, NE we are finding that simply doing what has worked in the past will […]
Your Computer is Vulnerable to the Latest Hack Attack – Unless you Have Norton 360
- Comments: 18
- Written on: February 1st, 2011
Most computer users try to be safe when they are online. Many people won’t open emails from people they don’t know. Some only go to websites they know they can trust.
But if you think you are safe online because you are careful, think again.
Microsoft has announced a new security vulnerability was discovered that allows hackers to install malware on any computer from Windows XP up through Windows 7 and all you have to do is visit a website to infect yourself.
This means that you (and 900 million other people) just became a target and all the hackers have to do is get you tto visit an infected website, deliver an infected ad to your computer, or just wait for you to make one fatal typo in your browser’s address bar.
How Can my Computer be Attacked?
With this specific vulnerability an attacker needs to get your browser to load something from an infected website. Some possible ways your computer could be infected include:
- You click on a link in an email taking your to the infected website
- A trusted website displays an advertisement from an infected website
- You mistakenly type an incorrect URL in your address bar
- Your visiting crazy Uncle stupidly just goes to the site an infects your computer
Once your computer is attacked it can sit for hours, days or even weeks before exhibiting signs of infection.
What Do I Need to Do to Stay Safe?
It is always a good idea to employ the safe computing practices I listed at the beginning of this article.
The only security software that Schrock Innovations recommends for its customers is Norton 360 because it is literally the only software program that we have installed for our customers that keeps them safe.
In fact, if you are running Norton 360 you don’t have to worry about the vulnerability discussed in this article at all because Norton has already covered it for you.
If you are not running Norton and want to switch to keep your computer safe, Schrock Innovations has Norton 360 on sale through February 6, 2011.
For only $79.99 Schrock will log into your computer over the Schrock Desk remote support service, clean any infections in your computer, install Norton 360 and configure it for only $79.99!
Contact Schrock Innovations to take advantage of this special offer before it runs out!
Thor Schrock Talks Internet Safety With Channel 8 News
- Comments: 5
- Written on: July 16th, 2010
Yesterday Channel 8 News stopped by Schrock Innovations‘ Lincoln Service Center to talk about the Amber Alert that was issued yesterday for a 15 year old girl.
It seems she was playing Second Life and met a 30-year old man from New York. He was nice enough to drive from New York to Nebraska to have “coffee” with her.
Luckily, the two were found in Arkansas. It seems they had made plans to run away together.
Here are some tips for parents who are concerned about their kids on the Internet:
Migrating Away from Gmail and Google – A Pain but Worth the Effort
- Comments: 36
- Written on: May 27th, 2010
I love Google. I like Google’s innovation, their easy-to-use technology and the competition they bring to the marketplace.
But I don’t love Google sticking their nose into every corner of my life, recording every website I visit, every email and attachment I send, and tracking my GPS location through my cell phone.
I have been growing more protective of my privacy over the past few months, and Google’s recent WiFi spying revaluation has made me even more concerned.
While Google claims the spying was inadvertent I find it hard to believe that a whole team of data engineers looked at the raw amount of data that was collected and said, oh yeah… that is just a bunch of WiFi locations.
Coming from a guy who was one mouse click away from buying a Nexus One phone from Google’s store, you might understand that I try to give Google the benefit of the doubt. but no longer. It is time for rash actions.
The biggest intrusion into my life by far is Gmail. Like hundreds of thousands of others I eagerly agreed to let Google read my email, archive my attachments in Google Docs, and display relevant ads on which I have never clicked. It seemed like a great deal.
By itself, it probably is. However, if you have ever sent an email and regretted it, if you have ever attached the wrong document to an email, or if you have foolishly included credit card numbers or other personal it is all archived for eternity at Google – even if you delete your Google Account. I am not ok with that.
For about $10 a month I got a private IMAP account from Rackspace.com and now all of my email moves through that IMAP in the same way it did before with Google. My phone, desktop, and webmail are all synchronized in beautiful, silent privacy. I love it.
Goodbye Google Toolbar
The next step it to uninstall the Google Toolbar and remove the Google Gears extension from my Firefox browser.
The Google Toolbar tracks every website your browser visits, and when cross-referenced with the pervasive cookie that is present on your computer when you log into any Google Service, the G-Master knows what web pages you look at, what you search for, what videos you prefer on YouTube, and even the data you place in certain forms on websites.
It is time for me to close that door of information as well. I don’t plan on using many Google Services anyway, so Gears won’t be too much of a problem.
AdWords and AdSense
I am not ditching AdWords and AdSense and its not just the great money I make as an AdSense publisher or the customers I can attract to Schrock Innovations using AdWords.
AdSense and AdWords have a clear revenue model. Google is buying and selling advertising. It’s a marketplace where money is exchanged for advertising.
When you use Google’s free products you are trading your privacy for the use for the free product. I am no longer willing to pay that price – especially when I can get similar services for such a small amount of money.
So Am I Paranoid or Just Realistic?
People I have talked to either think I am nuts that Google gives a damn about what I am doing in my computing time and others see the potential for privacy abuse in the future.
I am afraid of so much personal information being stored about me in one place because history has shown that in times of economic and political strife, private companies do things they would not ordinarily do.
Take it a step further… Lets say a state or the Federal government decides they want to charge you retroactive sales taxes on everything you have bought using Google Checkout. They can use the courts to FORCE Google to hand over their treasure trove of your personal information.
If you thinks that scenario is nuts, watch out – its already happening right now to Amazon in South Carolina. See below from the Charlotte Observer:
Unable to get Amazon.com to collect the taxes, the state recently began an audit of online businesses, trying to track down what it assumes are millions of dollars in uncollected taxes. The state has told Amazon that it wants buyers’ names and the amounts they spent. That state also needs to know the general categories of spending, like books or movies or food, because some items are tax exempt. Amazon has refused to comply, claiming in federal court that North Carolina may be able to learn the titles of books and movies that its customers have bought, imperiling privacy and free speech. North Carolina officials have said they are not seeking those details. Now it is up to the court to decide whether Amazon will have to reveal the names of customers, without titles.
So would Google go to bat for you? Who knows.
You can’t trust Google implicitly because they are a business created to generate profits. In most cases protecting privacy is key to generating profits, but if governments demand a fat check from the G-Master OR the names of others to collect from, what do you think they would hand over?
Are Web Advertisements Infecting Your Computer?
- Comments: 24
- Written on: May 19th, 2010
ZDNet is reporting today that new research released by Dasient shows that as many as 1.3 million malicious ads are displayed to web surfers daily. The bad ads break down into two categories – 59% percent of them are drive-by downloads and 41% were fake-alert security software scams.
This new method of infecting PCs is called malvertising, and it is on the increase. Malicious attackers trick an ad network into running an ad that contains viruses or malware. The ad is then displayed on legitimate websites like Fox News, CNN, and others. Visitors get infected and if there is any blowback, it gets thrown at the website because most surfers don’t understand that its was the advertisement that nipped them
The research also indicated:
- The chances of getting infected from a malvertisement is 2x more likely on a weekend, and infected ads go undetected for up to 8 days on average
- 97% of Fortune 500 web sites are at a high risk of getting infected with malware through third party software providers like Java or Flash
How Do The Bad Guys Trick Fortune 500 Companies?
The bad guys are posing as a legitimate company and tricking the advertising departments of legitimate media outlets to run the malvertisements. That is why they run the ads on the weekend when no one at the big companies is paying attention. For example, in September of 2009 the New Your Times got duped:
The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings. Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place.
It Won’t Happen to Me, Right? WRONG
If you plan on keeping safe by avoiding weekend surfing, don’t get too comfortable.
In another report recently released by Google’s Security Team, they stated that the fake-alert malware infections are now making up 50 percent of all malware delivered via ads.
In this month’s issue, Consumer Reports ranked security software. The ONLY product that was able to protect your PC against malvertisements (malware infections) was Symantec’s Norton Internet Security and Norton 360 software.
NONE of the free security products protect your computer and MOST of the paid ones (including McAfee, Webroot, and Computer Associates) don’t get the job done either. Overall, Symantec was ranked above all others.
What are you doing to keep your computer safe? Have you been stung by one of these ads?