How To Tell If Your Website Has Been Attacked By Bots

Bots—software applications that run scripts over the internet—make up more than half of all internet traffic. This creates a major blind spot for IT security teams, as 79% of CISOs and other security leaders said they can’t tell for certain if web traffic comes from humans or bots, according to a recent Radware report.

It’s key to understand that there are good bots and bad bots, said Reid Tatoris, vice president of product outreach and marketing at Distil Networks. “‘Good bots enable search engines to index web content, price comparison services to save consumers money, and market researchers to gauge sentiment on social media, for example,” Tatoris said. These also include chatbots, and search engine and social media bots.

Meanwhile, “‘bad bots are used to conduct a variety of harmful activities, such as denial-of-service attacks, competitive data mining, online fraud, account hijacking, data theft, stealing of intellectual property, unauthorized vulnerability scans, spam, and digital ad fraud,” Tatoris said. These include impersonators, scrapers, hackers, and spambots.

Bad bots are used by many different groups, ranging from organized crime to state actors pushing a political agenda to people trying to make money. But there are ways to tell if your website has been visited by a bot and keep it safe.

Here are five ways to spot a bot.

1. Monitor login attempts

One of the most profitable uses of bots for an attacker is via credential stuffing, the mass-scale automated testing of username and password combinations across multiple websites, according to Patrick Sullivan, Akamai director of security technology and strategy. When successful matches are discovered, attackers use these logins to take over the account for fraud or to resell the confirmed credentials.

One simple step to detect bots is to monitor macro-level success and failure rates of login attempts, Sullivan said. “Regardless of how advanced the bots are and how difficult they are to identify, credential stuffing generates high levels of failed logins,” he added. “Even if fraudsters are careful enough not to trigger account lockouts, they will generate failed logins, which are early warning signs of bot activity.”

2. Check your server logs

Most bots will visit the same website regularly, even several times a day, he said. “If you keep seeing the same IP address pop up on your logs, then the chances are they could be a bot,” he added. You can check the IP addresses, location, and hostname manually, using a website like IPAvoid. If the IP is included on a blacklist or is not a residential address, there’s a strong chance that it’s a bot.

3. Check your email outbox

If your Sent messages folder contains messages that have been drafted, sent, or returned to you that you did not write, this is a tell-tale sign that you may have been visited by a bot, said Steve Pritchard, search content manager at giffgaff. “The bot is then intending to infiltrate the computers of your email contacts by sending them emails riddled with malware,” Pritchard said.

4. Watch if your website slows down or crashes

“Bots move fast across websites and do so in hoards, so you get a lot of server requests per second, which can overload the system and cause a major slowdown in loading times,” said Tatoris. “The result is that you end up spending more money on server costs for traffic that doesn’t translate into any benefit for your business. In addition, any humans who try to visit your site or make a purchase at a time when the site slows down will typically leave and take their business somewhere else.”

5. Check if your site content shows up elsewhere on the internet

Bots can sometimes copy website content and post it elsewhere without permission, Tatoris said. “The site Copyscape can help you to determine whether or not any of your site information has been posted elsewhere on the internet,” he added. “If you enter in the URL of a page from your website into their search field, they will return any pages that have high percentage matches to the content on the referenced page. While this isn’t a sure fire way of telling whether your content has been copied, it can potentially give you some idea.”

For more information on how to secure your Window 10 pc, click here.

Window Meltdown patch: No more security updates for your PC…

Microsoft has updated its support notice to say that Windows computers will not receive any security updates at all until their AV software is certified compatible with the Spectre and Meltdown patches.

Windows PCs running anti-virus software that is incompatible with the recent Meltdown and Spectre patches will no longer receive any security updates, Microsoft has warned.

Spectre and Meltdown are design flaws in modern processors that could allow hackers to bypass system protections on a wide range of devices, allowing attackers to read sensitive information, such as passwords, from memory.

Microsoft has rolled out a series of patches for the flaws since January 3rd, but last week said these patches would not be pushed to computers running incompatible third-party AV.

SEE: Incident response policy (Tech Pro Research)

Now Microsoft has updated its support notice to say that Windows computers will not receive any security updates at all until their AV software is certified compatible with the Spectre and Meltdown patches. Windows systems will not be certified as compatible until the AV vendor sets a specific key in the Windows registry.

“Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key,” says Microsoft.

Security researcher Kevin Beaumont has put together a list of antivirus products that are compatible with Microsoft’s Spectre and Meltdown updates, and which have set the Windows registry key.

Compatible anti-virus products include those from Avast, AVG, Avira, Bitdefender, ESET, F-Secure, Kaspersky, Malwarebytes, Sophos, and Symantec. Systems running McAfee, TrendMicro, and Webroot software are also expected to be eligible to receive the updates soon.

Various other security providers, including CrowdStrike, Cylance, FireEye and Palo Alto Networks, have not yet set the registry key, but claim their products are compatible.

Beaumont says that companies whose AV products are designed to be used alongside other security software say they are loathe to set the key, in case other software on the system clashes with the fix.

System admins can manually set the registry key, however, Microsoft warns that doing so may cause serious problems that “require you to reinstall your operating system”. To manually update the registry, follow this guide.

You Are Creating Password The Wrong Way

Was it m@nk3yP@$$w01rd or m0nk3yp@ssw0!rd?

For 20 years, the standard advice for creating a “strong” password that is hard to crack has been to use a mix of letters, numbers and symbols.

It’s so ingrained that when you go to create a new email account you’ll frequently get praising or finger-wagging feedback from the computer on how well your secret code adheres to these guidelines.

And you’re supposed to change it every 90 days.

Now, the man who laid down these widely followed rules says he got it all wrong.

“Much of what I did I now regret,” Bill Burr, a 72-year-old retired former manager at the National Institute of Standards and Technology told the Wall Street Journal.

In 2003, the then-mid-level NIST manager was tasked with the job of setting rules for effective passwords. Without much to go on he sourced a whitepaper written in the 1980s. The rules his agency published ended up becoming the go-to guides for major institutions and large companies.

The result is that people create odd-looking passwords and then have to write them down, which is of course less secure than something you can memorize. Users also lean on common substitutions, like “zeroes” for the letter O, which a smart hacker could program their password cracker to look for. Or they pick one “base” password that they can memorize and only change a single number. That’s also not as safe.

“It just drives people bananas and they don’t pick good passwords no matter what you do,” Burr said.

The new password guidelines are both easier to remember, and harder to guess. The NIST’s revised tips say users should pick a string of simple English words — and only be forced to change them if there’s been evidence of a security break-in.

Image: File picture illustration of the word 'password' pictured on a computer screen taken in Berlin© File picture illustration of the word ‘password’ pictured on a computer screen. Image: File picture illustration of the word ‘password’ pictured on a computer screen taken in Berlin

Not only did the old password format frustrate users, it wasn’t even the best way to keep hackers at bay.

For instance, “Tr0ub4dor&3” could take just three days to crack, according to one viral comic whose assertions have been verified by security researchers, while “CorrectHorseBatteryStaple” could take 550 years.

For some excellent information on Creating Strong Passwords from Cloudwards Click Here

Autoruns by SysInternal

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond other autostart utilities.

Autoruns‘ Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.

You’ll probably be surprised at how many executables are launched automatically!




Simply run Autoruns and it shows you the currently configured auto-start applications as well as the full list of Registry and file system locations available for auto-start configuration. Autostart locations displayed by Autoruns include logon entries, Explorer add-ons, Internet Explorer add-ons including Browser Helper Objects (BHOs), Appinit DLLs, image hijacks, boot execute images, Winlogon notification DLLs, Windows Services and Winsock Layered Service Providers, media codecs, and more. Switch tabs to view autostarts from different categories.

To view the properties of an executable configured to run automatically, select it and use the Properties menu item or toolbar button. If Process Explorer is running and there is an active process executing the selected executable then the Process Explorer menu item in the Entry menu will open the process properties dialog box for the process executing the selected image.

Navigate to the Registry or file system location displayed or the configuration of an auto-start item by selecting the item and using the Jump to Entry menu item or toolbar button, and navigate to the location of an autostart image.

To disable an auto-start entry uncheck its check box. To delete an auto-start configuration entry use the Delete menu item or toolbar button.

The Options menu includes several display filtering options, such as only showing non-Windows entries, as well as access to a scan options dialog from where you can enable signature verification and Virus Total hash and file submission.

Select entries in the User menu to view auto-starting images for different user accounts.

More information on display options and additional information is available in the on-line help.

Autorunsc Usage

Autorunsc is the command-line version of Autoruns. Its usage syntax is:

Usage: autorunsc [-a <*|bdeghiklmoprsw>] [-c|-ct] [-h] [-m] [-s] [-u] [-vt] [[-z ] | [user]]]

-a Autostart entry selection:
   * All.
   b Boot execute.
   d Appinit DLLs.
   e Explorer addons.
   g Sidebar gadgets (Vista and higher)
   h Image hijacks.
   i Internet Explorer addons.
   k Known DLLs.
   l Logon startups (this is the default).
   m WMI entries.
   n Winsock protocol and network providers.
   o Codecs.
   p Printer monitor DLLs.
   r LSA security providers.
   s Autostart services and non-disabled drivers.
   t Scheduled tasks.
   w Winlogon entries.
-c Print output as CSV.
-c Print output as tab-delimited values.
-h Show file hashes.
-m Hide Microsoft entries (signed entries if used with -v).
-s Verify digital signatures.
-t Show timestamps in normalized UTC (YYYYMMDD-hhmmss).
-u If VirusTotal check is enabled, show files that are unknown by VirusTotal or have non-zero detection, otherwise show only unsigned files.
-x Print output as XML.
-v[rs] Query VirusTotal ( for malware based on file hash. Add ‘r’ to open reports for files with non-zero detection. Files reported as not previously scanned will be uploaded to VirusTotal if the ‘s’ option is specified. Note scan results may not be available for five or more minutes.
-vt Before using VirusTotal features, you must accept VirusTotal terms of service. See: If you haven’t accepted the terms and you omit this option, you will be interactively prompted.
-z Specifies the offline Windows system to scan.
user Specifies the name of the user account for which autorun items will be shown. Specify ‘*’ to scan all user profiles.

Related Links

  • Windows Internals Book
    The official updates and errata page for the definitive book on Windows internals, by Mark Russinovich and David Solomon.
  • Windows Sysinternals Administrator’s Reference
    The official guide to the Sysinternals utilities by Mark Russinovich and Aaron Margosis, including descriptions of all the tools, their features, how to use them for troubleshooting, and example real-world cases of their use.

Do Macs Need Malware Protection

On the popular Discovery Channel program “Mythbusters,” hosts Adam Savage and Jamie Hyneman take a legend and deconstruct it to see whether its long-held beliefs are legitimate. They’ve busted all kinds of myths, from Jimmy Hoffa being buried under Giants Stadium (not true) to the ability to kill someone without a trace using an ice bullet (the bullet vaporizes as soon as the trigger’s pulled).

One tall tale they haven’t tackled is that Macs are impervious to malware, so you needn’t worry about cybersecurity solutions. Antivirus and anti-malware protection is for the PCs.

We’re here to bust that myth.

Growing trend

Out the gate we can tell you that it’s true, Macs don’t have the same problem with malware as PCs do. One of the main reasons: sheer numbers. Cybercriminals look at the market and see that the vast majority of folks are on PCs, so they concentrate their efforts on creating malware that will result in the largest return on investment.

But the tide is turning. Macs are now responsible for 7.5 percent of global personal computer sales. In the U.S., Apple is one of the top three PC vendors, just behind HP and Dell. And as creative departments grow in corporate environments (from design and content to programming and testing), more and more businesses are adding larger numbers of Macs to their environments.

The popularity of Macs leads to more cybercriminals wanting to write malicious code for OS X. Although still much lower than PCs, the number of threats targeting Apple operating systems has grown steadily, with a spike in Mac infections observed over the last 18 months. A recent study by Bit9 + Carbon Black found that the number of Mac OS X malware samples detected in 2015 was five times greater than in the previous five years combined.

Forms of malware on Macs

Apple security is fairly tight—OS X has a basic built-in anti-malware feature, and if the machine detects a malicious program, it gets added to the signature database. From that point on, that piece of malware can’t be opened on any Mac, unless the user has explicitly disabled security updates. But clearly some malware is getting through. Which forms?

The worst offender is adware. “There are many different adware programs infecting the Mac right now, and they’re in a constant state of flux,” says Thomas Reed, Director of Mac Offerings at Malwarebytes. “Adware-riddled installers are everywhere, and it’s becoming harder and harder to tell where a safe place is to download software.”

Other forms of malware have given Apple the slip, including Potentially Unwanted Programs (PUPs), Info stealers, Trojans, and even ransomware (KeRanger). While these forms of malware are less prevalent, they can still be quite dangerous. KeRanger was downloaded by around 6,500 people within the 12-hour period that it was available. Some of those users had their data completely destroyed.

How are they getting through?

The main way that adware and malware is getting through on Macs these days is through codesigned apps, using a certificate obtained from Apple. The certificate is either stolen or bought and simply treated as disposable, since it costs only $99. Apple can revoke these certificates if they see them being abused, and they do so quickly when they find a new signed malware. However, Apple doesn’t take a particularly hard stand against most adware, which can persist for a long time with the same certificate.

In addition, video and audio streaming sites and piracy sites often dole out adware. Software download sites distribute installers containing adware that has been added without the permission of the developers. Worse, even some developers’ own sites are guilty of bundling adware. For example, the popular Filezilla FTP client installs adware even when downloaded directly from the official site, and the free version of Avast had (and may still have) an ad-injecting feature in its browser extension.

What happens to your Mac after an infection?

Adware is a serious hassle. Injected ads are intrusive and can contain offensive content. They can also slow down your computer’s performance and result in browser destabilization. Malicious ads can even direct you to tech support scams where you can be scammed out of your money or into installing other harmful software.

But that’s not all, Bob! What else have you won? Info stealers can, obviously, steal your info. And in the case of ransomware, data can be totally destroyed with no shot of getting it back.

Final verdict

Myth: Macs are impervious to malware.

Fact: Macs, while less vulnerable than PCs, are assailable. Their security can be penetrated, especially by cybercriminals looking to deliver adware.

So do you really need a security solution for your Mac? “Although the primary threat right now is adware, it’s still a problem of epidemic proportions,” says Reed. “Even knowledgeable Mac users have been known to fall victim to some kind of adware, so it’s no longer true that you can avoid threats by simply being careful what you download.”

With increases in Mac popularity making OS X more appealing for crooks, plus the already considerable onslaught of adware, it makes sense to install an anti-malware program for your Mac. It should catch what OS X misses and restore your Mac’s performance to the high caliber you expect.

Now what other myths can we bust? Can tooth fillings really receive radio waves?

Is A Mac PC More Secure Than A Windows One?

No it is not.

May proponents of Apple would like you to believe a Mac is more secure. The truth is because there are so many more IBM based computers than there are Macs, the bad guys target them more readily. For example, there are (and I don’t know what the actual numbers are) 10 million pc’s and 2 million mac’s, and a virus maker gets a 4% return on their ransom ware, the probability of getting paid is much higher on the pc’s.

So you ask, why not then purchase a Mac? Well, here are my personal reasons.

A Mac is approximately 3 times as expensive as a PC…and they do the same thing. They work the same way. They use the same hardware…it just takes 3 times the resources (hardware) to run the Mac. All computers have two basic ‘parts’, hardware and software.

If the hardware is the same, then what’s the difference?

It’s getting better, but much of the software available as of this writing will not work on Mac.

Mac’s are pretty proprietary, that is, it is difficult to get parts for them and therefore difficult to get service on them, which means they often times need to be sent to an official Apple Repair Facility.

I’m just sayin’…

How To Protect Your Mac From Ransomware

Mac users worried about what could be the first full-fledged ransomware attack on Apple (AAPL)’s desktop operating system can take certain steps to protect themselves.
First off, users should avoid downloading Transmission BitTorrent version 2.90, the file-sharing software that delivered the ransomware — a form of malware that encrypts certain files and data until users submit a bitcoin payment.
Mac users can also make sure Apple’s own malware protection feature, XProtect, is enabled. That feature blocks known malicious software from being installed on the tech giant’s computers.
The ransomware, dubbed KeRanger, was detected by security company Palo Alto Networks on March 4, specifically on computers with Transmission BitTorrent installed, Palo Alto said Sunday.
In this instance, the ransomware authors asked victims to pay one bitcoin (or about $414 as of Monday) in exchange for their data.
In an email to CNBC, an Apple spokesperson said the company has updated XProtect and pulled Transmission BitTorrent’s developer certificate, so that no one can install the infected app.

Crooks Launch ‘Customer Service’ Website For Victims

By Herb Weisbaum

Now here’s a first — crooks who realize the importance of customer service.

It’s the latest twist in the global CryptoLocker ransomware attack. This diabolically nasty malware locks up all of the victim’s personal files — and in some cases, backup files, too — with state-of-the-art encryption. The bad guys have the only decryption key and they demand $300 or two Bitcoins to get it.

“It’s been a disaster for many of the people hit with it,” said Lawrence Abrams who has been tracking the spread of this infection on

Within the past few days, the criminal gang behind CryptoLocker created a site for victims who need help making their required extortion payments.

“These guys have some big cojones,” said security expert Brian Krebs, who writes the blog KrebsOnSecurity.

The CryptoLocker Decryption Service allows victims to check the status of their “order” (the ransom payment) and complete the transaction. I am not making this up!

Those who paid the ransom (with either Green Dot cards or Bitcoins), but did not get the decryption key — or got one that didn’t work — can download it again.

Those who missed the 72-hour deadline can also get their key, but the price jumps from two Bitcoins to 10. At today’s market value, that’s nearly $4,000. And Green Dot is not accepted with this extended-deadline service.

Why are the CryptoLocker crooks doing this?

“They were leaving money on the table,” Abrams told me. “They created this site to capture all of the money they were losing because people couldn’t figure out how to make the ransom payment or missed the deadline.”

The bad guys also ran into some technical problems after they launched their attack. It turns out that when antivirus software removes CryptoLocker from an infected computer, the victim can no longer pay the ransom and decrypt their files. To do that, they had to re-install the CryptoLocker malware, something that was not only weird, but cumbersome.

By using the customer service site, victims can get a key that will unscramble their files without the need to re-infect their computers.

Is this the new reality?

Law enforcement and cyber security experts always advise victims of ransomware attacks not to pay the ransom. After all, that extortion money goes to fund a criminal operation, and there’s no guarantee the files will be released.

But when you’re the victim, when all of your data has been encrypted and you don’t have a suitable backup, you’re faced with two choices: pay up or have those files frozen forever. That’s why so many people are paying and why security experts fear more of this nasty malware is on the way.

“Anytime you see an underground business that is doing well, you will always see more people copying it,” said Krebs. “Unfortunately, I think these destructive attacks are here to stay and they’re only going to get worse and more intense.”

Sean Sullivan, security advisor at F-Secure, agrees.

Until now, ransomware attacks have been limited by the lack of a global payment method. It took a lot of work to get paid in different parts of the world. Bitcoin, the new digital currency, solves that problem.

“CryptoLocker, using Bitcoin, might finally have reduced the overhead of not having a global form of payment,” Sullivan said. “We’re getting to the tipping point where ransomware will become epidemic because it’s not that hard to get paid anymore.”

New zip file being send
The new CryptoBlocker delivery vehicle is a Zip file that requires a password to open. This is designed to fool antivirus software that can now detect the malware hidden in a regular zip file. Open that file and your files are toast.

CryptoLocker: A new method of attack

There are various ways for malware to infect your computer. Security experts tell me CryptoLocker is delivered in a Zip file attachment. Open that attachment and the malware is loaded onto your machine.

Some antivirus software can now detect CryptoLocker hidden in a Zip file and prevent the infection. So, a couple of days ago, the bad guys modified their attack.

According to Lawrence Abrams at Bleeping Computer, the Zip files containing CryptoLocker are now password protected. That little trick gets them past the security software.

Abrams said it appears the password “PaSdIaoQ” is the same for everyone. Open that attachment and your files are toast.

How do you protect yourself?

It’s the same advice you’re heard before: Don’t open attachments from an unknown sender, have up-to-date security software and back-up your files religiously. And because CryptoLocker can compromise files already backed-up, you need to reassess how you do your backups.

Network drives (whether physical or in the cloud) that are always connected to your computer are often vulnerable. Krebs suggests doing a manual backup and then disconnecting the drive when you’re done. It’s a lot more work, but much safer.

Krebs warns that we are now dealing with a new generation of malware. Once it’s done its damage, you cannot undo it yourself.

“This is scary stuff,” he said. “People need to rethink how they protect their important files.”

In a new article on his blog, Krebs recommends two tools that can block CryptoLocker infections: CryptoPrevent from Foolish IT for individual windows users and the CryptoLocker Prevention Kit from Third Tier for small business administrators.

More Info:

Herb Weisbaum is The ConsumerMan