In Security Knowledge by Jareth on September 29, 2017

As part of National Cyber Security Awareness Month, we are featuring an article from Emsisoft that takes a detailed look at Trojan Horse infections. Last week, we looked at how Trojan Horses work and began to look at the different types. This week, we continue to examine types of Trojan Horses. In next week’s article, we’ll end this series by looking at ways you may encounter these infections and how to avoid them.
​

Exploit
Exploit trojans are usually concealed with programs. When executed, they exploit security weaknesses within your operating system or other software installed on your computer, giving hackers access to your data or control over your system. In 2012, the Blackhole exploit compromised a huge chunk of the internet and was widely regarded as the biggest threat at the time. Blackhole exploited vulnerabilities in commonly used browsers and plugins to deliver a malicious payload.

Rootkit
A rootkit is a particularly devious type of trojan that is designed to prevent both you and your antivirus solution from identifying the presence of other malicious software. This gives the malware a bigger window of opportunity to wreak havoc on the infected system. SmartService is a good example of a rootkit. The trojan is typically distributed via adware bundles that many users inadvertently install when acquiring free software. After installation, SmartService creates a Windows service that prevents you from running security software and can even stop you disabling certain processes and deleting particular files. This protective behavior makes it substantially more difficult to remove the other adware that was installed alongside SmartService.

DDoS
Distributed Denial of Service (DDoS) attacks have become increasingly common and disruptive in recent years, with some experts estimating that the average DDoS attack costs businesses around $2.5 million. DDoS Trojans enable cyber criminals to harness your computer’s resources to send requests to an address, flooding and eventually overwhelming the target network.

Downloader
Trojan downloaders are exceptionally common among home users, who may inadvertently install one after downloading a file from an unverified or disreputable source. The payload varies, but often takes the form of adware and potentially unwanted programs, which can drastically slow your computer down. Downloaders are often less complex than other types of trojans, but still pose a significant risk.
 
Dropper
Cybercriminals use droppers as a means of deploying additional trojans and other types of malware. Many droppers have a secondary goal of preventing your system from detecting malicious software.
Many of the new ransomware breeds make use of dropper Trojans to devastating effect. Spora uses a Jscript dropper component to execute a malicious file that encrypts data on the infected machine. A dropper Trojan also played a role in the WannaCry ransomware outbreak, which successfully infected 350,000 machines around the world in May 2017.
​
FakeAV
Perhaps the greatest example of malware camouflage, FakeAV Trojans are designed to simulate helpful antivirus software. The program creates fake alerts about suspicious files that don’t exist and demands money in order to remove the non-existent threat. ThinkPoint is a classic example of a FakeAV. Billed as an anti-spyware program that’s part of Microsoft Security Essentials, the program detects a fake infection, reboots your computer and prevents you from using your device until you pay for the full ThinkPoint program which, it promises, will restore your computer to its former state. (Hint: don’t buy it!).

The invention of Wi-Fi has been a science fiction dream come true. We can use our laptops anywhere in the house, our phones are using home internet instead of sucking down our cellular data, and our gadgets are all communicating. It’s essentially the backbone of the smart tech boom for home and business alike. Most networks are password-protected with an encryption called “WPA2” and this has been safe and secure, until now.

Recently, a security flaw called KRACK was discovered that allows hackers to break into Wi-Fi networks – even the secured ones. Your laptop, mobile phone, gaming console and even your smart fridge are possibly vulnerable as a result.

How KRACK works: The Key Reinstallation AttaCK isn’t a problem with your device or how it was set up. It’s a problem with the Wi-Fi technology itself. The attack gets between your device and the access point (eg router) to reset the encryption key so hackers can view all network traffic in plain text. Since we rely on Wi-Fi so much, this might mean hackers have a front row seat to your credit card numbers, passwords, chat messages, emails, photos and more.

NOTE: The hacker must be in physical range of your Wi-fi to exploit this flaw, it doesn’t work remotely like other attacks we’ve seen recently. Given most Wi-Fi ranges extend well past your own home/business, this is small comfort, but important to know.

How to Protect Yourself
​
Run Your Updates: Software updates are being released which fix the flaw. Microsoft has already released one for Windows, Apple has one coming in a few weeks. Take a few minutes to make sure you’re up to date with all your patches on any device that uses Wi-Fi (your smartphones, laptops, tablets, PCs, game consoles, etc). Unfortunately, some devices may be slow to get an update, or if they’re older, may not get an update to fix this issue at all. If possible, consider using a cabled connection on those older devices or upgrade to one with support.

Be Very Careful With Public Wi-Fi: While your local business center, library or school campus has expert IT professionals keeping guard over your security, it’s a very different matter at your local coffee shop. It’s unlikely small locations such as this will be on top of security patches. Remember, a hacker exploiting this flaw only needs to be in the same Wi-Fi area as you, so be careful you don’t give them a dollop of private information with their coffee.

Check your browser security: Before sending anything secure over the internet, check you’re using a HTTPS site. You’ll know these by the little padlock you see next to the URL, and the address specifically begins with HTTPS. Major sites like Facebook, Gmail and financial institutions already use HTTPS. 

If you need help updating your devices, give us a call at 715-255-0325.

It's amazing to think that the ThinkPad line of laptops has been in production since 1992. There have been many innovations since that time, and yet you can still immediately recognize them as ThinkPads. To celebrate, Lenov has released a limited-edition, retro-ThinkPad. Here's a video overview of ThinkPad's evolution through the years.

In Security Knowledge by Jareth on September 29, 2017

As part of National Cyber Security Awareness Month, we are featuring an article from Emsisoft that takes a detailed look at Trojan Horse infections.

After a ten-year siege against the seemingly impenetrable city of Troy, the Greeks decided to try something a little more crafty than brute force. Concealing themselves within a trophy offering in the shape of a giant wooden horse, Greek soldiers were able to breach the city walls, capture Troy and win the entire war.
Modern Trojan horses are similarly deceptive. In computer terms, a Trojan horse is any malicious software that disguises itself in order to deceive users of its true intent. Trojans can take the form of just about anything: an innocuous download link, an email attachment sent from a work colleague or an image sent via social media.

Despite being one of the oldest forms of malware, Trojans have proven to be persistent pests and remain the leading cause of malware infection. In fact, they account for about 8 in 10 of all new malware infections.
Nevertheless, it is possible to defend your system against this type of cybercrime. In this article, we’re going to show you exactly how the different types of Trojans work and what you can do to reduce your risk of infection.

How do Trojan Horses Work?
Even often referred to as trojan horse virus, there are some subtle but important differences between Trojans, viruses and worms. In contrast to the latter two, Trojans are not able to replicate themselves, nor are they able to autonomously infect other files or spread to other devices. Instead, they require input from an external source: you.

Why Would You Ever Interact With a Trojan?
Well, as we touched on earlier, Trojans are deceptive creatures that can disguise themselves as regular, everyday, benign files – the types of files you click on without even thinking about it. Whether it’s an email attachment sent from a trusted source or a program you’ve downloaded from an ordinarily reputable website, malware authors go to great lengths to ensure their Trojan looks like the real deal.
The most recent and widely publicized Trojan example is that of Piriform’s CCleaner, a highly popular utility that was recently acquired by Avast. The cyber criminals managed to compromise the update infrastructure and injected malicious code into the installer, which was available for almost a month with a valid security certificate from Symantec until it was discovered by security researchers.
Opening a Trojan is the equivalent of opening the gate and wheeling a large wooden horse into your city. When you double click that seemingly innocent and legit file, you’re effectively allowing the attackers to bypass your defenses – in fact, you’re actually triggering the malware yourself!
 
 The Different Types of Trojan Horses
Trojans come in all shapes and sizes and can affect your system in a variety of ways ranging from ‘annoying’ all the way through to ‘financially crippling’. We’ve rounded up the most common types of Trojans you’re likely to encounter:

Backdoor Trojan
Backdoor Trojans create a hidden link through which hackers can remotely access and control the infected device. In many cases, the criminals can gain almost full control of the computer and use it to do more or less anything they want. In the past, this might have involved random disruption such as deleting files, messing with settings and collecting personal information, but increasingly hackers are using backdoor Trojans to recruit devices into a botnet, which can, in turn, be used to carry out powerful cyber attacks. Backdoor.Nitol is one example of a backdoor trojan that has gained a lot of attention in recent months. The trojan makes use of the same NSA exploit as WannaCry, ransomware that infected more than 350,000 computers around the world earlier this year.

Banker Trojan
This particular type is incredibly common and can have dire financial consequences for businesses and users alike. As the name implies, the primary objective of a banker trojan is to obtain banking data stored on your system that will give the hackers access to your bank accounts, credit and debit cards and e-payment systems. Zeus, otherwise known as Zbot, continues to be the most prolific banking Trojan of 2017. After the author of the original Trojan released the source code back in 2011, a number of variants built on the original Zbot code have sprung up (including Atmos, Citadel and more), though none have proven to be as profitable as the original. The Trojan spreads mostly through phishing and drive-by-downloads.

It’s tons of fun getting a new device. Whether it’s a new desktop, laptop or phone: the thrill of getting it home and opening the box is great. We know, we love tech too. It even has its own version of new car smell! Once you get it home though, there are a number of things that need to be done before it’s really usable – beyond snazzing it up with a new case or mousepad.

The sellers like to say it’s ready to use straight from the box – and it is – except not quite the way you need it to work. They’ll all turn on, look for wifi, and sure, you can type…but rather like when you buy a new fridge, simply turning it on isn’t enough – it’s still empty and you’re still hungry.  A few minutes now to prep your new device will save you time, stress, and quite possibly money.
Today, we’re talking vital tech prep for new devices:

Security Updates and Fixes
From the factory to your hands, that device has been in the box for at least a month. In the world of security, that’s an eternity. During that time on the shelf, new viruses have come out and new software weaknesses have been discovered. Fortunately, new updates to combat these problems were also created, they just haven’t been downloaded to your device yet. We can make sure your essential software is up-to-date and set to stay that way. That way, you know your device is safe to go online.

Data Transfer From Old to New
Some people want to transfer everything from one device to another, others like to have a fresh start and keep the old device as a backup. We can either transfer your data entirely or just the things you use. For computers, we can even turn your old hard drive into an external drive that you can plug into your new computer and grab files as required.

Setting up Hardware
If your new device is a computer, you’ll need to hook it up to extra tech like a printer or webcam. These tasks that should be plug-and-play can sometimes send you loopy, especially when you’ve got a plug mismatch or incompatible drivers. We can help get you set up, with everything tested and working.

Setting up Email and Software
This is one people commonly forget and then struggle with. Email clients in particular, need special configuration to connect properly. Quite often, we find people are stuck only able to receive, with overflowing unsent mail that won’t go anywhere! We’ll get all your personal software and accounts up and going.

Setting up the Network
While tapping in a wifi password is easy enough, it doesn’t mean your browsing is secure, or even as fast as it could possibly be. We can quickly determine which connectivity method will be best for your device and your needs, and hook you up with fast, robust security measures.
​
Lockdown Privacy & Permissions
Whether you have children and are looking to provide a safe online experience, files you’d prefer to keep private, or simply want to set up ‘profiles’ for each user to have their own login, we can quickly get your new device configured to meet your needs.

Our tech is something we use every day, but did you know it’s also the most disgusting? Your screen may look clean, but studies show that a mobile phone can be 18x dirtier than a public restroom – ew! It gets worse (sorry)…that keyboard you tap at while eating your morning toast? It’s probably the biggest bacterial threat in your house, with about 20,000 times more germs than a toilet seat, more if you share it with children. It’s not just sickness we’re up against, because as dust builds up inside gadgets, they also slow down, malfunction or overheat. Your device essentially chokes on ick, as vents and filters are clogged by sucking in pet hair and floating debris. Here’s how to clean your essential tech items without damaging them:

1. Skip the household cleaners: Most cleaning products are too harsh for our technology and can end up causing permanent damage. You want something that can kill germs and remove everyday grime, without scratching or leaving behind a scented residue. Your best bet is Isopropyl (Rubbing) Alcohol. You’ll find it in the first aid section of supermarkets and pharmacies, or at the hardware store.

2. Power down completely: Turn your tech off all the way, not just sleeping, and unplug from any power sources. Switch wireless keyboards, mice, etc. off underneath or remove the batteries.

3. Remove any cases or covers: Undress your device as much as you can, but leave screen protectors on (unless there’s grime underneath). If your screen protector needs replacing, have a new one ready to apply.

4. Grab a microfiber cloth: Dampen the cloth with Isopropyl Alcohol and wipe screens and external surfaces gently. Older build-up may require extra effort.

5. Go deep: You can use a toothbrush or cotton tip to clean between most crevices, but some areas will need a bit more ‘oomph’ to clear. You’ve probably seen people use vacuum cleaners on their keyboard, but these are often TOO powerful and may suck keys or internal parts loose. They also generate damaging static electricity. Another option is to use a tech-specific vacuum, but these are usually underpowered.

Insider tip: Use a can of compressed air to blow the dust out. You can get these from many stores and they come with a long nozzle so you can really get in and direct the pressure. You’ll be surprised what flies out, so it’s best to do this outside! We don’t recommend using compressed air on your computer’s internal fans though, as this can make them spin too fast and damage them.

How often you clean your tech is up to you and your lifestyle. But it’s a good idea to blow out computer internal dust at least twice a year and wiping your tech down 1-2 times per week will definitely reduce germs and grime.