MyRST Blog

How to Prevent Spyware

Because there are so many different ways for spyware to enter a computer, it is almost impossible to avoid infection. Avoiding certain activities, such as downloading, can reduce the risk but there are still many ways for spyware to enter. That is why preventative and real-time counteractive measures need to be taken.

The first step to preventing spyware infections (and re-infections after spyware is removed) is to educate yourself. By understanding why spyware exists, you can start to identify possible threats while you are online. So, if you skipped the first five chapters of this eBook, now would be a good time to go back and read them before continuing on.

Research Before You Download

Even though downloading any sort of free file or software is one of the biggest risks when it comes to getting spyware or other computer infections, most people are not going to stop downloading. There are simply too many desirable free programs and files out there. However, you can greatly reduce the risk of an infection by researching the freebie first.

Whenever downloading free software, type its name into a reputable search engine along with the word spyware. Chances are, if that program comes bundled with spyware, you won’t be the first to get it. If you type in “Kazaa spyware” into Google, for example, the first several pages of results all mention the infamous spyware as well as how to remove it.

Change Your Settings

Some of the preventative steps against spyware are very simple to take. For example, you can use Mozilla Firefox instead of Microsoft’s browsers which have several security holes which are easy for spyware programs to enter through. Also, switching to a Mac or Linux operating system will greatly reduce your risk of various computer infections because most are targeted at Windows. However, this is not such an easy change to make.If working on Windows Explorer, you will want to install Windows XP Service Pack 2.

This service pack solves many of the security holes in Internet Explorer and it also has a built-in pop-up blocker. There are also features like the add-on manager which will allow you monitor which programs are running with Internet Explorer.You will also want to change your Security Zone settings on Internet Explorer to block harmful sites. The settings have the options of listing sites as Trusted, Restricted, Local Internet, or Internet.

If you list a site as restricted, you are still able to visit that site but the security settings will prevent the site from harming your computer. Some antispyware tools like Spyware Blaster and Spybot Search and Destroy will add automatically add harmful sites to the restricted setting. If your computer internet is connected to a dial-up modem, you will want to unplug the modem when you aren’t using it. This will prevent spyware from committing dial fraud by calling premium numbers.

Choosing Antispyware Software

Yesterday we looked at Free Antispyware Applications, but which one is right for you?

There are a lot of antispyware software programs out there and all of them offer different levels of security. Before you antispyware software, you should at least take a few minutes to do some research and find out more about the software. You can easily get lists of the “best” antispyware software from blogs and websites. Then, use these lists for further investigation.
Here is what you should be finding out about the antispyware before downloading:

• Who makes the antispyware: There are a lot of well-known companies which make antispyware, such as Microsoft. However, this doesn’t mean that the big brand names are offering the best products. What is important is that the company has a good reputation for antispyware software. Some of the best companies have been around for a long time. Since they have been dealing with spyware issues for so long, they may be adept at fighting against the threat.

• Are there any complaints about the company: Generally, you can easily uncover any complaints about an antispyware company simply by typing its name into a search engine. You may also want to try searching for the company’s name followed by “complaints.” If there are more negative comments than positive ones, you can be sure that there are major issues with that software program. To really be sure about the company’s reputation, you can visit the website for the Better Business Bureau. There, you will find out if there are any unresolved complaints against the company.

How are its reviews: There are countless blogs and other websites which have reviews of antispyware software. Some of these are left by users while others are by professionals in the field. To make sure that the reviews are accurate, you might want to check out reviews at sites like CNET.com which specialize in tech news. :
Keep in mind that there is no one best antispyware software program. Rather, it matters which antispyware is best suited for your needs. Here are some other factors you should take into consideration:

  •  How easy is the antispyware to use?
  •  Does the antispyware come with customer support?
  •  Will the antispyware slow down your computer?
  •  Is the antispyware effective in prevention?
  • Is there real time prevention?
  •  How effective is the software in spyware removal?
  •  Do you need to update and, if so, are updates free?
  •  What scanning options are there?
  •  Does the antispyware include antivirus as well?
  •  How much does the antispyware cost?

Almost all antispyware software today comes with a free trial period. It is highly recommended that you take advantage of this option in order to see how you like the antispyware before you decide to buy it.

Free Antispyware Software

One of the reasons that spyware is spread so quickly is because of all the free downloads which have spyware software bundled in with them. Obviously, many people are not willing to pay for software- especially antispyware software. Luckily, there is now a lot of free antispyware software available.
One of the ways to get free antispyware software is simply to download it from the internet. However, it is very common that the free antispyware software actually comes with spyware bundled in with it. You can read the next chapter to find out about this risk. Here is a list of some of the best antispyware software programs available for free online.

Free Spyware Protection

  •  Windows Defender: Before any software can be installed, it has to pass a Windows Genuine Advantage test. This antispyware software works in real time. It takes up little running space and can be put on a schedule for scanning a computer system. However, it is not the best choice of software for stopping all spyware.
  •  Spybot Search & Destroy: This is one of the most well-known antispyware software programs. It has been around since 2000 and is regularly updated. It has an immunization feature which will add malicious sites to your Restricted Sites list to protect you in case your computer is hijacked and taken to a harmful site.
  •  Ad-Aware: Ad-Aware is another one of the most popular free antispyware software. It can be downloaded for free. However, there is also a commercial version of Ad-Aware which offers even higher levels of protection. It also includes antivirus.
  •  AVG Anti-Spyware Free Edition: AVG is popular became popular as antivirus software and now has created antispyware software as well. There is a commercial and a free version available. AVG is one of strongest in terms of overall computer protection. However, like all free antispyware software, it does not contain a built-in firewall.
  •  Avast! antivirus Home Edition: This software is a combination of antivirus, antispyware and anti-rootkit. It is made for Windows and is free for home use.
  •  Panda Cloud Antivirus: This program also includes antispyware
  •  Microsoft Malicious Software Removal Tool: Called MSRT for shot, this software is available for free so long as your Windows is genuine. There are free monthly updates of MSRT available for users on the first Tuesday of each month.
  •  Comodo Internet Security: The Comodo company makes several software programs including antispyware, antivirus, and a firewall. You can download each of these separately for maximum protection. There is also a paid version called Comodo Internet Security Pro. Comodo is one of the strongest when it comes to battling computer infections. However, the software may be a bit difficult for beginners to operate and the free version doesn’t have any customer support.
  •  Spyware Blaster: This software does not remove spyware infections. Its goal is to prevent spyware infection and has a list of thousands of malicious sites which can be added to your Restricted Sites list. It also has a feature which will allow you to lock your Internet Explorer homepage so it can’t be altered. 

Free Spyware Removal Tools

  •  SuperAntiSpyware: If you already have a spyware infection, this software has been reported as effective in removing the spyware.
  •  HijackThis: This freeware utility works a bit differently than most spyware removal tools because it doesn’t just perform a simple scan based on a list of spyware. Instead, it scans the computer and looks for all suspicious items. Then, HijackThis will ask the user what to do with those items. Users should be very careful while using HijackThis to not delete any useful or essential items.
  •  Removal Restrictions Tool: Also known as RRT, this tool is used to restore permissions in situations where spyware has locked users from the Control Panel, Task Manager or Regedit.

There are a lot more free antispyware programs available with new ones constantly becoming available. However, it is important to note that many of these are not completely effective in preventing or removing spyware. Usually, they each have a few loopholes which spyware makers are aware of and exploit.

One way to get around the loopholes is to use multiple free antispyware software programs at once. What one program misses will generally be picked up by another program. The only real downside to this method is that using multiple antispyware programs can make your computer run slower.

Also, it needs to be pointed out that many of the free antispyware which is advertised online is actually rogue antispyware. This software actually contains spyware which will infect your computer.

How does Spyware Get onto Your Computer?

In most cases, spyware gets onto your computer because you have installed it unknowingly. This is how it works: when you find some sort of free program or file online, you download it and it comes bundled together with spyware. This is also the case with shareware. For spyware creators like Claria, which is the largest spyware company, this method of spyware transmission is very profitable. Claria had revenues of $35 million just last year.

Spyware as a profitable business really began to surge when free internet applications became available online. Since applications such as Web browser, email, and instant messaging were free, it didn’t take long before users expected free software as well. Software makers were having a hard time selling software for even low prices and they had trouble battling against illegal file sharing as well. Instead of trying to increase sales, the software makers decided to offer free software but include spyware bundled with it.

A spyware company will pay a software company for every time the software is installed. Then, the spyware uses targeted ads on the user. When a user clicks on the ad or makes a purchase through the ad, the spyware company profits. An example of this is the free file sharing application Kazaa which comes bundled with spyware from the company Claria. Kazaa gets paid by Claria every time its program is installed.

Then, the Claria spyware creates targeted pop-up ads for users and profits each time one of those ads is clicked on. If you visit the Dish Network homepage, a pop-up ad for DirecTV will appear. This method of spyware distribution occurs with all sorts of free downloads including software and file sharing. Often, the terms and conditions for downloading a free application will mention that spyware is included with the download.

However, not many people take the time to read through the terms and conditions. It is also common for the information about spyware to be deceptively hidden in a very long and confusing terms and conditions statement. The downloader simply clicks “Accept” and gets the spyware.

Fake Windows Security Boxes

To start downloading spyware, sometimes all it takes is a click of a link. One of the most common ways that spyware makers get users to click on their links is by disguising them as Windows security boxes. The boxes look just like a normal Windows security box. However, when you click on them, the link causes your security settings to change and spyware to be installed on your computer without your knowledge. For example, a box might read, “Optimize your internet access.” Even if you hit the “No” button, you will still trigger the spyware.

Security Holes

If you do not have high security on your computer, you run the risk of spyware finding its way inside. Some of the newer spyware programs have even learned to find their way through holes in firewall and antispyware software. Spyware is often distributed with a virus. First, a virus is sent to a computer. Instead of replicating and possibly destroying a computer’s system like a normal virus, its job is instead to create a hole for the spyware to enter.

There are several other illicit ways in which spyware can enter a computer. For example, there are spyware programs which are spread through emails. Even if the email gets tagged as potentially dangerous and the user doesn’t read it, the spyware can still be spread just by having it displayed in a preview pane.

Ransomware Attacks through September 2019

As of the end of September 2019 there have been 621 entities that have seen Ransomware attacks.  Entities that have been affected by these attacks include: hospitals, health care centers, school districts and cities.(1)

According to a recent Coveware analysis,  ransomware causes on average nearly 10 days of downtime, and organizations can lose about 8 percent of data. (2)

In order to help our customers recover from such an attack we MyRemoteSupportTech.com now sales and supports Macrium Reflect Backup software.   Using “Macrium Image Guardian” technology Macrium Reflect can prevent Ransomware from encrypting critical backup files.  With Log monitoring warnings of potentially malicious attacks can be flagged and brought to a technicians attention in a timely manner.

If your interested in protecting your business data contact MyRemoteSupportTech.com today in order to arrange a on-site evaluation. 

Additional Sources/Resources:

(1) https://www.cbsnews.com/news/ransomware-attack-621-hospitals-cities-and-schools-hit-so-far-in-2019/

(2) https://healthitsecurity.com/news/fbi-alerts-to-rise-in-ransomware-attacks-urges-victims-not-to-pay

June 20th Cyber-security News

Don’t let a breach bankrupt your company.

Data Breach Forces AMCA’s Parent Firm to File Chapter 11 Bankruptcy

The medical bill collection firm Retrieval-Masters Creditors Bureau Inc. has filed for Chapter 11 bankruptcy protection citing the fallout from a massive data breach that exposed the information of millions of patients.

Retrieval-Masters Creditors Bureau Inc., which collects debts from medical labs under the name American Medical Collection Agency (AMCA) filed in the Southern District of New York with the aim of liquidating the company, court documents stated.

Company founder and CEO Russell H. Fuchs told the court the Chapter 11 filing is the direct result of a data breach it became aware of in March 2019 that exposed the PHI of millions of patients, many belonging to Quest Diagnostics and LabCorp – AMCA’s largest customers. A subsequent investigation showed the breach may have been opened in August 2018.

Weekly Security News – June 6, 2019

Please follow the Title Links to read the full stories

From Bleeping Computer

Billing Details of 11.9M Quest Diagnostics Clients Exposed

Quest Diagnostics Incorporated, a Fortune 500 diagnostic services provider, says that approximately 12 million of its clients may have been impacted by a data breach reported by one of its billing providers.

The company reported to the U.S. Securities and Exchange Commission (SEC) that it received a notification from its billing collection provider American Medical Collection Agency (AMCA) that their web payment page was breached.

From Hacker News

103 Checkers and Rally’s Restaurants in 20 States have payment data swiped from Point-of-Sale (POS) payment card readers

If you have swiped your payment card at the popular Checkers and Rally’s drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction.

Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an unknown number of customers at 103 of its Checkers and Rally’s locations—nearly 15% of its restaurants.

The impacted restaurants [name, addresses and exposure dates] reside in 20 states, including Florida, California, Michigan, New York, Nevada, New Jersey, Florida, Georgia, Ohio, Illinois, Indiana, Delaware, Kentucky, Louisiana, Alabama, North Carolina, Pennsylvania, Tennessee, West Virginia and Virginia.

From Ars Technica

Hackers Actively use WordPress Plugin Flaw to send vistors to Bad Websites

Hackers have been actively exploiting a recently patched vulnerability in some websites that causes the sites to redirect to malicious sites or display misleading popups, security researchers warned on Wednesday.

The vulnerability was fixed two weeks ago in WP Live Chat Support, a plugin for the WordPress content management system that has 50,000 active installations. The persistent cross-site scripting vulnerability allows attackers to inject malicious JavaScript into sites that use the plugin, which provides an interface for visitors to have live chats with site representatives.

From Talos Intelligence

Hackers cobble together Frankenstein Malware

The campaign used components of:

  • An article to detect when your sample is being run in a VM
  • A GitHub project that leverages MSbuild to execute a PowerShell command
  • A component of GitHub project called “Fruityc2” to build a stager
  • A GitHub project called “PowerShell Empire” for their agents

We believe that the threat actors behind the Frankenstein campaign are moderately sophisticated and highly resourceful. The actors’ preference for open-source solutions appears to be part of a broader trend in which adversaries are increasingly using publicly available solutions, possibly to improve operational security.