The Arlington Virginia Computer Repair Blog
Blogging about computer repair, data recovery, malware and open source

Posts Tagged ‘malware’

The impossibility of avoiding malware reactively

Friday, April 4th, 2014

Black lock

What if every day a new threat was on the horizon?  It would be seemingly overwhelming!  But what if every day tens of thousands of new threats were appearing, and the majority have yet to be identified?  Scary as that may seem we must face reality and realize that is the world we live in.  And for that reason there is no way to protect from malware by only using a reactive approach.

Always knocking on the door

Imagine your computer as a house, with your connection to the Internet as a door.  If you don’t secure your connection properly, then your door is effectively unlocked.  Automated malware is literally always knocking on that door.  If you don’t have any form of firewall, your system can be compromised very quickly.  Automated Internet-based attacks happen on an average of every 15 seconds.

The unlocked door may not be the only point of entry, though.  Sometimes we may willingly invite malware in to our house through infections through techniques like trojan horses, where the malware represents itself as something else (such as a compromised legitimate program download).  On other occasions malware could sneak in through an unlocked window in the form of an insecure Internet browser or outdated version of Windows.

Understand what neighborhood you’re in

This a metaphorical way to represent how safe your house (computer) is based off of several key factors:

1: Where do you go?  If you visit unsafe places, dangerous malware could follow you back to your house.

2: Who are your neighbors?  Other houses that could be compromised by malware that are local to you (or on the same network) could pose significant risks.

3: Do I have good perimeter security? Not having a firewall is the same as leaving your door unlocked. A good firewall can help to mitigate Internet-based attacks.

4: Do I have good locks? Anti-virus software can be helpful and is strongly recommended.  Other security applications can be helpful as well.  But what seems to be more important is keeping all of your applications up to date.  Think of this as keeping up the integrity of your home’s structure.

This is a good overview of how to visualize malware threats on a basic level.  The notions of having your computer as your virtual home and trying to secure that very home against attack.

What does malicious software do?

Overall, though, mitigating the threat of malware is more complex than these analogies allow me to articulate.  So let’s dive a little bit deeper down the rabbit hole that is malicious software.  I’m often asked how does malware work, what does it do and why?  These are all important questions.  First, let’s tackle the ins and outs of malware.

Malware functions by invading software on a computer and accomplishing a task.  This task may be to spread itself, saturate the computer user’s experience with advertising or put the computer under the control of others.  It is not purposeless software meant only to annoy the user.  There are grave risks that come with severe forms of malware.  Some may attempt to harvest sensitive information, such as social security numbers, bank accounts, credit card numbers or passwords by monitor keystrokes or searching the hard drive.  Others may actually encrypt your data and try to extort you for the password.

Long gone is the era of an adolescent in his or her parents’ basement writing self-replicating programs to fulfill their curiosity and to the frustration of those who become their victims.  Now we are dwelling on a playing field where the stakes are much higher and the groups are motivated by money instead of childlike wonder and mischief.

There is more to malware protection than reactive defense

One of the biggest mistakes I see my clients make is to assume that the best protection is to react as malware is exposed to your computer.  Unfortunately statistical probabilities dictate that the likelihood your anti-virus software catches the latest and greatest threats is quite low.  In fact, with tens of thousands of new malware variations and even new novel programs coming in to existence on a daily basis, there is no conceivable way that a reactive defense is sufficient.

Anti-virus software relies on accurate signatures to detect a threat.  Those signatures are based off of the analysis of the malware that has been captured by these anti-virus software programmers and maintainers.  If malware is different enough that it doesn’t match existing signatures or heuristic (pattern-based) analysis, then it will slip by unnoticed in to your computer.

This article is the first in a series about malware by Alexander G. Chamandy of Arlington Virginia Computer Repair.  He is a seasoned IT professional with 19 years of experience, and a focus on information security.  Stay tuned for more as we continue to dive deeper in to this increasingly important topic.

Emergency Adobe flash player update now available

Wednesday, February 5th, 2014

Black lock
Adobe recently released a critical Flash Player update to address a security vulnerability in the product.  This update is for multiple platforms, including Windows, Mac and Linux.  The reason for the update is a vulnerability that allows an attacker to use a carefully crafted flash animation to gain remote access to execute code on a victim’s computer.

These kinds of vulnerabilities are extremely serious and must be addressed right away to ensure you are not affected by what is known as a ‘drive by attack.’  Please take some time to visit the Adobe website and update Flash Player (or remove it entirely).

What is the Crypto Locker Virus and how can my PC avoid this malware?

Thursday, November 14th, 2013

Black lock

In recent years malware has begun to use tactics resembling extortion in order to gain access to financial information.  These techniques initially started as hiding the user’s data and demanding a ransom for an alleged crime.  The malware application would generate a frightening banner and demand several hundred dollars claiming the user had been caught doing something illegal.  Some malware would go as far as to hide the user’s data and demand money to restore it.  CryptoLocker has changed the malware dynamic, however, as its ability to fully encrypt your data is not a joke.

CryptoLocker emerged recently in late 2013, often arriving in the form of an e-mail attachment to the victim’s computer.  Once installed it would demand the user paid several hundred dollars to decrypt their data and the offer would expire in 72 hours.  There is absolutely no guarantee that paying this ransom will decrypt the data that has been hijacked, let alone remove the malware.  After the 72 hours passed the amount owed would leap to $2,000.00 in order to decrypt the data.

What makes CryptoLocker unique is its ability to essentially hold your data hostage.  Other malware that made this claim in the past simply hid your data or used very weak encryption that was easily broken.  In addition, CryptoLocker takes this practice a step further and will attempt to encrypt all accessible storage devices connected to the computer.  That includes flash drives, internal and external hard drives (or SSDs), network attached storage (i.e. file servers) and some cloud storage services that stay attached to the computer.

Because CryptoLocker uses 2048-bit encryption there is no easy way to break it.  Instead the best safe guards are going to be exercising extreme caution with all e-mail attachments, web links and PDF documents.  Ensure you use up to date anti-virus software and scan all e-mail attachments, web downloads, PDF files, zip files, executable files that you have not accessed before as well as routinely scanning your PC.  In addition, try to disconnect any storage devices when not backing up your PC or otherwise accessing them.  This can ensure that in the event of a CryptoLocker infection, your backup stays intact.

Arlington Virginia Computer Repair has over 18 years of experience with computer security, malware analysis and removal.  We provide the most comprehensive solutions available to our clients to ensure thorough clean-up and a better security configuration to fend off future attacks.  If you need professional help with virus removal please contact Arlington Virginia Computer Repair.

Review: Microsoft Security Essentials

Tuesday, May 1st, 2012

Microsoft Security Essentials (MSE) is free, powerful and stable anti-virus software that works on PCs running Windows XP through Windows 7.  It’s even going to be integral to Windows 8 as a built-in security solution.  I’ve been recommending MSE to clients for their home and small business PCs as a robust alternative to the expensive and often times inefficient commercial alternatives.

Without naming any names, many users deal with products that have significant resource utilization, so they end up slowing down the computer — and on top of that, many of the popular anti-virus programs don’t detect a lot of the malware that’s out there.  Why pay for a slower, less efficient solution?  Because about 45,000 new malware programs come out every day, it’s difficult for any single solution to keep up with all of it, but MSE does a pretty good job and its update system is integrated with Windows updates, so you don’t have to worry about getting the latest definitions.

It also has pretty advanced functionality for a free product.  Some of the more sophisticated features include network intrusion detection, removable device scanning for flash drives and external hard drives, as well as exclusion of trusted programs and scaling CPU utilization — so you can ensure that your scans don’t slow down performance.

If you aren’t running anti-virus software, or you are unhappy with your current solution*, check out MSE.  I think it will impress you.

Arlington Virginia Computer Repair has cleaned up thousands of virus infections for our clients and constantly reviews the best anti-virus software and other security-related products for home users and small businesses.  After many trials with other anti-virus software, MSE came out on top in every objective test performed.  If you’re having trouble with your Mac or PC, give us a call or an e-mail.  We can help!

* If you are running anti-virus software and decide to replace it, be sure to completely remove the old software before installing any new anti-virus programs.

Don’t believe the hype! Macs can get malware, too.

Wednesday, April 25th, 2012

For many years Apple advertisements and sales people would boast that Macs were invulnerable to malware.  Unfortunately for Mac users, we’re finding out that’s simply not the case.  For every operating system, there are vulnerabilities that can be exploited in order to install malware.  OS X is no exception to this rule.

Lately there’s been a good deal of media attention regarding the FlashBack Trojan hitting Mac users, which at one point had compromised about 700,000 machines.  I feel that this is most likely the beginning of a larger wave of malware that will be specifically targeting the Mac platform.  The reason I posit this theory is that as Apple’s sphere of influence and market share in the world of computing grows, so does the attraction to target the platform by malicious software creators.  In addition, in OS X Apple has not adequately addressed many security vulnerabilities, but instead glossed over them.

For example, even in OS X Lion the current release of Apple’s operating system, the firewall is disabled by default, security updates are not mandated, bluetooth is set to discoverable, many file permissions are more open than they should be and often security patches take some time to be deployed from Apple after a new vulnerability is publicly disclosed.

Of equal concern is the fact that Apple does not support operating systems when they are beyond two releases behind.  What that means is that Leopard, Snow Leopard and Lion are currently supported for security updates.  All previous versions of Mac OS X have essentially been abandoned.  Because Apple comes out with a new operating system about once a year, that means that they typically only support ‘legacy’ versions of OS X that are about two or three years old.  Because of this limited support for OS X the entire PowerPC platform will not be getting any patches, nor will older releases of OS X, such as Tiger.

Should one run anti-virus software on their Mac?  It’s not a bad idea.  There are several freeware anti-virus programs available, such as ClamXav.  A broader approach is more important, though, as reactive anti-virus is only one layer of defense one should employ.

If your Mac is acting up or may have a virus, you’re welcome to contact Arlington Virginia Computer Repair.  We have expertise dealing with Macs, OS X as well as information security and have been helping customers since 1999.

Five online behaviors that increase the risk of a virus infection

Thursday, March 15th, 2012

Sometimes simple missteps can result in devastating malware problems. Here are the top five ways that virus infections can spread online.

1) Downloading pirated content, such as music, movies and software.  Not only is it illegal, but it also poses great risk to your computer as a lot of this content comes bundled with hidden malware that can ravage your privacy and security.

2) Opening e-mail attachments from suspicious senders.  Did Amazon, UPS or the IRS claim they have a very important message that you have to open the attachment for?  Don’t do it.  Legitimate institutions will not send you important updates as an attached PDF, zip or exe file.  Opening these attachments can unleash a Pandora’s box of problems on to your computer.  If you feel compelled to open an attachment, scan it with your anti-virus software first.

3) Clicking on ads.  Many ads are innocent, but some contain or link to malicious content that can attack your web browser and infect your computer.  It’s best not to click on ads and even use ad blocking plugins such as AdBlock Plus for your browser.  Over a million malware ridden ads were delivered in 2011, and we expect even more this year.

4) Opening links on social networking web sites and e-mails.  Many times peoples’ accounts are compromised without their knowledge and they may end up putting links out to their contacts that have malicious content.  Warning signs include something that is too funny or too gross to miss out on or an offer for something that is too good to be true, such as a free iPad.

5) Compromised PDF files.  Believe it or not, PDF files have become one of the top ten vectors for spreading viruses in to personal and business computers.  The reason is that new functionality, such as Javascript, introduced new security problems to the PDF format.  In addition, most installations of Adobe Acrobat are not kept up to date, and malicious hackers prey on that outdated version of your PDF reader to inject malicious code in to your computer.  Always download the PDF to your computer before you open it, scan it with your anti-virus software and ensure you have the latest version of your PDF reader installed.

On-site vs. drop-off computer repair services

Thursday, October 27th, 2011

Often times on-site computer repair services seem more convenient and expedient than dropping of one’s PC or Mac.  However, dropping off a computer with a professional can allow for a much more comprehensive job to be performed.

There are certain jobs where having your computer diagnosed, repaired and tested in a lab before releasing it is quite helpful.  For example, if you are looking for a data recovery, virus removal, replacement of hardware or anything other than a quick solution to a simple problem, drop-off services offer a lot of advantages.  For your benefit I’ll go through and review my opinion on the more popular services customers request, and why I feel many of them are best addressed outside of a customer’s premises.

Data recovery: When your hard drive begins to act up, it’s best to stop use immediately and have it diagnosed and (hopefully) recovered in at a professional facility.  Performing data recovery on-site limits the capabilities of a technician significantly.  Many data recoveries require special attention to the drive to check its condition and find the best method to attempt to recover your valuable information.   For example, if your drive has physical damage and someone attempts to copy data without special precautions (such as determining the location and extent of damage and the best way to work around it) the copy process could literally destroy the drive.  A professional with a properly equipped data recovery lab will be able to determine how to approach this problem in a measured manner that ensures if recovery is possible it is handled appropriately.

Virus removal: Malware has evolved in to a significant headache for computer users on PCs and lately Macs as well.  Many viruses will hide themselves in the registry, drivers or even the OS kernel, making conventional removal processes impossible — even if it seems as though the infection has been isolated.  The same infection could come right back if it is not removed with the proper precautions.  At the same time, if one is too aggressive, without ensuring that system files are not damaged, the computer could be left unusable without a re-install of the OS.  A common misnomer is that there is no way to remove a virus without a complete OS re-install, but that’s not true.  A properly trained professional will be able to neutralize most infections without taking such destructive measures.  On-site services simply do not allow enough time and attention for a proper removal of most infections.  Conventional anti-virus software is also not enough to fend off malware on its own.

Hardware repair: Every time a computer has a hardware problem, whether it is from physical damage, wear and tear, overheating or otherwise, a full diagnostic must be performed to isolate the extent of the damage and ensure that the repair addresses it.  Consider the following scenario — you accidentally drop your laptop and the screen breaks.   Having a system that just sustained physical damage only have the immediately obvious problems addressed may leave other problems hidden and lurking.  The fall could have damaged the computer’s hard drive and your data could be in jeopardy.  A full diagnostic would reveal this, but without it you could be throwing good money at a system that may not be cost effective to repair.  In addition, the process to replace a screen can disrupt other functionality that is contained in the screen enclosure, like wireless, web cameras, etc.  A computer repair firm with a proper lab can diagnose and address these issues without leaving out important details.

While on-site service is ideal for very simple jobs, such as setting up a wireless network, configuring a home backup system or a home theater, for many jobs it is simply not the level of attention necessary to ensure that a high quality job is performed.  The next time you have a computer problem, carefully weigh your options and if you do choose on-site service, be sure the firm is licensed, bonded, insured, has been in business for several years and has a good reputation online from Yelp, BBB and other appropriate rating metrics.

If you need drop-off computer repair service in the greater Washington, DC metropolitan area, consider Arlington Virginia Computer Repair.  We are a small, home-based business that has been in operation since 1999 and has served over 10,000 satisfied clients in that time.

What is malware and why is it attacking my PC?

Thursday, October 20th, 2011

Malware is a broad term used to describe a variety of malicious software, ranging from trojans, spyware and worms to conventional viruses.  Today’s modern malware is much more dangerous than the similar programs of yesteryear.  It used to be that malware was more of a nuisance, slowing down performance, spreading to other computers, but relatively easy to control and remove.

Today’s malware is a different kind of beast.  The latest infections pose as anti-virus software or other legitimate applications to gain the user’s trust.  They may change permissions on files so users can’t find their data.  Often times you’ll find that anti-virus software is disabled and you can’t download other security programs or execute them.

Artistic rendering of a computer virus

A bug inside your PC can be costly

The crux of the problem is that this phenomenon has become increasingly threatening, strengthening  from a relatively disorganized endeavor of lone wolves to a for profit criminal enterprise.  A large amount of resources are devoted to writing malicious code, finding security flaws in operating systems and anti-virus software as well as creating convincing graphics.

In addition, many modern malware infections are now leveraging each computer infected, adding them to what’s called a ‘bot net’, meaning that each computer becomes a node of a larger network of infected computers that can be used to harvest information, attack other computers and even launch large scale organized denial of service attacks.

The diversity and amount of malware is growing exponentially, with 45,000 new infections emerging on a daily basis with ever growing sophistication.  Infections are becoming more difficult to remove and are causing users more trouble with identify theft, information leakage and computer slowdowns.  In addition, anti-virus companies are having a difficult time keeping pace with the tsunami of malware that is emerging on a regular basis.

The reason that PCs are so actively targeted is because of the market share they represent.  Windows PCs still account for over 90% of the computers being used, and home users’ PCs tend to be less secure than those in well managed corporate environments.  To malware distributors, home users on a Windows PC seem like an easy target with near limitless resources.

For more information on how to stay safe, please see the links below for related articles.  If you’re suffering from a virus infection and need help, please contact Arlington Virginia Computer Repair for help.

Updating software is important for security

Wednesday, September 28th, 2011

How often do you see an application update for Flash or Java and ignore it?  It’s easy to pass off these update notifications as an annoyance, but the truth is that many application developers release updates to address security problems.  In the past year, Adobe Acrobat, Adobe Flash, Oracle Java, Microsoft .Net and Silverlight have all had serious vulnerabilities — and they’re not alone.

Computer software

Artistic rendering of PC downloading software over the Internet

Next time you see an update notification search for the application online and download the latest version from the vendor’s website.  This way you can be sure you’re getting the application directly and minimize the chance that the update notification was a rogue pop-up.  Also always remember to run updates from the operating system vendor (Windows, Mac OS X, Linux, etc) as they are crucial for your operating system’s security.

Updates are integral to a secure and stable user experience.  Installing them is usually pretty straightforward, but if you need a hand we’re happy to help.

Using Ubuntu Linux to improve security for online activities

Wednesday, May 26th, 2010

There has been a lot of concern about information security lately as attacks and leaks have been more publicized.  One step that can help to secure your online experience is using a secure operating system like Ubuntu Linux for online banking, purchases and surfing.

(more…)