Tag Archives: malware

12.15.16
by

How the Massive Yahoo Breach Could Affect You.

On December 14, 2016 Yahoo revealed that 1,000,000,000 (that’s 1 billion) user accounts had been compromised in 2013, a year before they reported another breach that affected 500 million user accounts.

That’s 1.5 billion accounts that were hacked.  A company that employs 13,600 people in their IT department was hacked and user accounts from enough people to equal the population of North America, South America, Central America, Australia, Russia, Germany, and a few smaller nations, were compromised.

Yahoo engineer in server farm.

Why would hackers be so interested in the e-mail accounts of all these people?  They’re not.  Just like they are not interested in the Chicken Stamp accounts that were breached recently at KFC.

So what are they after?  Lax password security by those Yahoo and KFC account users.  If you’re like many people, you’ll use your e-mail account as a user name for most, if not all, of the web sites you frequent.  And if you’re like most users, you also use the same password for most of these sites.

By the way, Yahoo and KFC aren’t the only companies that have been hacked.  Our sister site, DontBecomeAnotherTarget.com keeps track of all major breaches.

So suddenly those Chicken Stamp accounts and those e-mail accounts begin to have more value, especially if those same user names and passwords are used at financial sites.

Some security sites are recommending that if you have a Yahoo account, it’s time to close it, including if you have an account that Yahoo administers (@att.net, @bellsouth.net).  You also need to change all of your passwords that are similar to your Yahoo/.att.net/.bellsouth.net. Now.  And you need to begin to practice safe online behavior.

What’s safe online behavior?  It’s

  • not using the same password at all web sites
  • using complex passwords that include upper and lower case characters, numbers and symbols
  • changing your password a few times per year (it’s recommended every six weeks, but a few times per year is better than not at all)
  • not writing your passwords down on a Post-It and sticking it to your monitor.  Use a password manager, like LastPass, Dashlane, eWallet
  • not clicking the little box that says “stay logged in” at sensitive sites
  • not going to dangerous web sites (adult content, gaming sites)
  • not opening attachments from people you don’t know
  • making sure your computer is patched with the latest updates
  • making sure you have a good anti-virus program.  And keep it current.

If you own a business and you’re doing your own IT support and security, you’re doing a disservice to not only your clients, but also your clients security, and your own security.  Studies show that 61% of people will not go back to shop at any business that’s been breached.  Contact us today to see how affordable expert IT support can be.

If you take credit cards, you’re required to be PCI Compliant, and that doesn’t mean checking all of the Yes boxes on the Self Assessment Questionnaire (SAQ), even if the answer is No.  It’s actually being compliant by making sure all of the items meet requirements.  Most businesses we visit to do our free PCI Compliance assessment are not even close to being compliant.  Most fail in every one of the 12 PCI DSS categories.  Contact us today if you would like to see if you’re compliant.  It costs you nothing to find out.

Regardless of whether you’re a business or a home user, this Yahoo breach should not be taken lightly.  You need to act on it today.

Contact us today if you need help.  Our engineers are the some of the most experienced in the Southeast when it comes to not only cybersecurity and SMB (Small Medium Business) IT support – it’s what we specialize in.  And PCMDX is one of the top PCI Compliance firms in the country.  If you’re a home user, we can help you as well by making sure your network is protected (yes, if you have a broadband router and multiple devices, you have a network), and all of your devices are protected.

Updated 12/15/16 10:56am CST to update link.

 

08.05.16
by

The Art of the Trojan

“Hi, I think my computer has been hacked.  Can you help me?”

This is probably the most common call we receive from PC clients on a weekly basis.  The correct term is most likely not “hacked”, but “infected” with some sort of malware, or malicious software.

Malware comes in many different varieties, including viruses, worms, and Trojans.  The main difference between these is that a Trojan needs your help in doing its job.  Without you doing something, like clicking on a link or opening an e-mail, the Trojan is completely harmless.

Here’s a great article detailing what a Trojan is, and how it works.

Now, how do you stop a Trojan?  The easiest way is to NOT DO WHAT IT WANTS YOU TO DO.  Over the past few days a Google Chrome Trojan has been making the rounds.  If you’re using Chrome, you’ll go to a web site and a second window will open displaying the Chrome logo along with “Urgent Chrome Update”, and a download button.

Chrome_scam_8-1-2016 1-43-21 PM_half

Chrome won’t update this way, however, the bad guys are hoping you don’t know that and will simply click on the blue button.  Before clicking on any link, look at the address bar, or hover over the link to see where it takes you.  If you’ll look at the red arrow, you’ll see that it’s on a site called ahtaeeredidit (dot) org.  Does that sound like Chrome or Google (owners of Chrome)?  So what do you do?  First, don’t click on it.  Second, close the window or tab.

If you do click on it, the result will be that you’ll get infected with the Trojan, which can be something that you won’t even realize is happening (your computer becomes a surrogate sender of Spam), to all of your important files becoming encrypted and, unless you pay a ransom to the sender of the Trojan, losing your files.  This is called Ransomware.  As always, we recommend a good backup of your system.

Remember, by hovering over a link you can see where it wants to take you before you click on it.  If it looks garbled, confusing, or simply suspicious, DON’T CLICK ON IT!

PCMDX specializes in both malware removal or, even better, malware prevention.  Using the right software, we can prevent most malware from even happening, including Trojans.  We say “most” because there are new attacks being developed daily, so the second thing we highly recommend is doing a good backup.

We recommend two types of backup.  First, an image backup, and second a off-site cloud backup of your files.  Ask yourself this question:  “Is there anything on your computer that you absolutely, positively cannot live without?”  If the answer is yes and you don’t have a backup plan, contact us today.  It’s cheaper than you think and far less costly than if you lose your files to computer failure or malware attack.