How To Tell If Your Website Has Been Attacked By Bots

Bots—software applications that run scripts over the internet—make up more than half of all internet traffic. This creates a major blind spot for IT security teams, as 79% of CISOs and other security leaders said they can’t tell for certain if web traffic comes from humans or bots, according to a recent Radware report.

It’s key to understand that there are good bots and bad bots, said Reid Tatoris, vice president of product outreach and marketing at Distil Networks. “‘Good bots enable search engines to index web content, price comparison services to save consumers money, and market researchers to gauge sentiment on social media, for example,” Tatoris said. These also include chatbots, and search engine and social media bots.

Meanwhile, “‘bad bots are used to conduct a variety of harmful activities, such as denial-of-service attacks, competitive data mining, online fraud, account hijacking, data theft, stealing of intellectual property, unauthorized vulnerability scans, spam, and digital ad fraud,” Tatoris said. These include impersonators, scrapers, hackers, and spambots.

Bad bots are used by many different groups, ranging from organized crime to state actors pushing a political agenda to people trying to make money. But there are ways to tell if your website has been visited by a bot and keep it safe.

Here are five ways to spot a bot.

1. Monitor login attempts

One of the most profitable uses of bots for an attacker is via credential stuffing, the mass-scale automated testing of username and password combinations across multiple websites, according to Patrick Sullivan, Akamai director of security technology and strategy. When successful matches are discovered, attackers use these logins to take over the account for fraud or to resell the confirmed credentials.

One simple step to detect bots is to monitor macro-level success and failure rates of login attempts, Sullivan said. “Regardless of how advanced the bots are and how difficult they are to identify, credential stuffing generates high levels of failed logins,” he added. “Even if fraudsters are careful enough not to trigger account lockouts, they will generate failed logins, which are early warning signs of bot activity.”

2. Check your server logs

Most bots will visit the same website regularly, even several times a day, he said. “If you keep seeing the same IP address pop up on your logs, then the chances are they could be a bot,” he added. You can check the IP addresses, location, and hostname manually, using a website like IPAvoid. If the IP is included on a blacklist or is not a residential address, there’s a strong chance that it’s a bot.

3. Check your email outbox

If your Sent messages folder contains messages that have been drafted, sent, or returned to you that you did not write, this is a tell-tale sign that you may have been visited by a bot, said Steve Pritchard, search content manager at giffgaff. “The bot is then intending to infiltrate the computers of your email contacts by sending them emails riddled with malware,” Pritchard said.

4. Watch if your website slows down or crashes

“Bots move fast across websites and do so in hoards, so you get a lot of server requests per second, which can overload the system and cause a major slowdown in loading times,” said Tatoris. “The result is that you end up spending more money on server costs for traffic that doesn’t translate into any benefit for your business. In addition, any humans who try to visit your site or make a purchase at a time when the site slows down will typically leave and take their business somewhere else.”

5. Check if your site content shows up elsewhere on the internet

Bots can sometimes copy website content and post it elsewhere without permission, Tatoris said. “The site Copyscape can help you to determine whether or not any of your site information has been posted elsewhere on the internet,” he added. “If you enter in the URL of a page from your website into their search field, they will return any pages that have high percentage matches to the content on the referenced page. While this isn’t a sure fire way of telling whether your content has been copied, it can potentially give you some idea.”

For more information on how to secure your Window 10 pc, click here.

Apple To Release New iPhones

Apple expert Jason Snell offers his take on what the next iPhones’ rumored features and changes could mean for business users.

Apple is set to introduce new iPhone models on Tuesday at a special event on its new campus in Cupertino, CA. Leaks suggest that the new iPhones will include a high-end model that’s dramatically different from any previous model. But what does that mean for the professionals who rely on the iPhone as a key part of their business life?

Let’s start with the most obvious features of any iPhone upgrade: All the new iPhones will presumably offer new versions of the Apple-designed A series chips, with faster processing and graphics power, as well as improved cameras.

That’s always true to some degree, but this year that added power and improved camera feeds into a larger story: In June at its annual developer conference, Apple announced that the new version of iOS, which should arrive in the next few weeks, will feature an augmented-reality framework known as ARKit. With the release of iOS 11, Apple will become the world’s largest augmented-reality platform, and every iOS developer will have access to Apple’s state-of-the-art frameworks.

Augmented reality may sound frivolous, but it has tons of real-word uses. Microsoft has spent several of its recent media events showing off its HoloLens augmented-reality system not just as a way to play Minecraft in your living room but as a tool for businesses. The new iPhones will undoubtedly be optimized to run ARKit at a high level; imagine interior designers and contractors instantly previewing changes to someone’s home or office space, live, via an AR app. Preview that IKEA desk in your office before you order it.

That top-of-the-line iPhone is rumored to carry a large price tag—$999 or more, just to start. That’s a big expense for any businessperson to bear, though Apple has never been the low-price leader on smartphones, and it continues to sell phones and reap the profits. My guess is that with two-year contracts becoming less common in the US as carriers shift to other methods of financing phones, the buying cycle of the average smartphone will lengthen. Perhaps there’s a nice space for a high-end phone that costs a bit more, but lasts for three years. An ultra cutting-edge iPhone might take longer to feel outdated.

Another interesting thing about this rumor is that it suggests Apple is broadening its product line even more than before, from the small and low-cost iPhone SE all the way up to this rumored high-end model. More models at more price points gives businesses purchasing flexibility and gives users more options, and that’s all good.

A major concern about this new high-end iPhone is the rumor that it will do away with the Touch ID sensor found on recent models and instead use a camera system to verify users via their faces. Obviously your corporate IT director is going to be concerned about the security of that system, but biometric security is such a core part of Apple’s strategy—including being the foundation of its Apple Pay system—that it’s hard to believe Apple would ship facial ID technology in its flagship device if it weren’t just as solid and reliable as Touch ID has been.

My guess is that the new face scanner will prove to be the most secure and accurate ever shipped in a smartphone, if only because Apple has the most to lose if it fails. But if the introduction of Touch ID creeped out some people in your company, you might want to expect the same reception for Face ID (or whatever it’s called).

Finally, there’s the rumor that the new high-end model will do away with the home button that’s been on the face of every iPhone since the first one was released 10 years ago. If that’s the case, Apple will certainly replace that button’s functionality with some combination of gestures and haptic feedback. I suspect that this is a direction Apple will go with all of its iOS products in the future—if there’s anything Apple’s designers love, it’s being able to remove a button or port—and some of the interface changes we’ve already seen in prerelease versions of iOS 11 suggest that Apple is beginning to redefine how it handles launching apps and multitasking.

In the long run I don’t think such a change will be a big deal—in fact, you can always argue that reducing the number of moving parts on a device increases product reliability—but any change can lead to short-term productivity drops as people get up to speed. I’d imagine that it won’t take long for the user of a new iPhone to adjust to the lack of a proper home button on the front of the screen, but some adaptation will still be necessary.

In any event, we’ll know more about where Apple’s taking the iPhone product line on Tuesday.

You Are Creating Password The Wrong Way

Was it m@nk3yP@$$w01rd or m0nk3yp@ssw0!rd?

For 20 years, the standard advice for creating a “strong” password that is hard to crack has been to use a mix of letters, numbers and symbols.

It’s so ingrained that when you go to create a new email account you’ll frequently get praising or finger-wagging feedback from the computer on how well your secret code adheres to these guidelines.

And you’re supposed to change it every 90 days.

Now, the man who laid down these widely followed rules says he got it all wrong.

“Much of what I did I now regret,” Bill Burr, a 72-year-old retired former manager at the National Institute of Standards and Technology told the Wall Street Journal.

In 2003, the then-mid-level NIST manager was tasked with the job of setting rules for effective passwords. Without much to go on he sourced a whitepaper written in the 1980s. The rules his agency published ended up becoming the go-to guides for major institutions and large companies.

The result is that people create odd-looking passwords and then have to write them down, which is of course less secure than something you can memorize. Users also lean on common substitutions, like “zeroes” for the letter O, which a smart hacker could program their password cracker to look for. Or they pick one “base” password that they can memorize and only change a single number. That’s also not as safe.

“It just drives people bananas and they don’t pick good passwords no matter what you do,” Burr said.

The new password guidelines are both easier to remember, and harder to guess. The NIST’s revised tips say users should pick a string of simple English words — and only be forced to change them if there’s been evidence of a security break-in.

Image: File picture illustration of the word 'password' pictured on a computer screen taken in Berlin© File picture illustration of the word ‘password’ pictured on a computer screen. Image: File picture illustration of the word ‘password’ pictured on a computer screen taken in Berlin

Not only did the old password format frustrate users, it wasn’t even the best way to keep hackers at bay.

For instance, “Tr0ub4dor&3” could take just three days to crack, according to one viral comic whose assertions have been verified by security researchers, while “CorrectHorseBatteryStaple” could take 550 years.

For some excellent information on Creating Strong Passwords from Cloudwards Click Here

Do Macs Need Malware Protection

On the popular Discovery Channel program “Mythbusters,” hosts Adam Savage and Jamie Hyneman take a legend and deconstruct it to see whether its long-held beliefs are legitimate. They’ve busted all kinds of myths, from Jimmy Hoffa being buried under Giants Stadium (not true) to the ability to kill someone without a trace using an ice bullet (the bullet vaporizes as soon as the trigger’s pulled).

One tall tale they haven’t tackled is that Macs are impervious to malware, so you needn’t worry about cybersecurity solutions. Antivirus and anti-malware protection is for the PCs.

We’re here to bust that myth.

Growing trend

Out the gate we can tell you that it’s true, Macs don’t have the same problem with malware as PCs do. One of the main reasons: sheer numbers. Cybercriminals look at the market and see that the vast majority of folks are on PCs, so they concentrate their efforts on creating malware that will result in the largest return on investment.

But the tide is turning. Macs are now responsible for 7.5 percent of global personal computer sales. In the U.S., Apple is one of the top three PC vendors, just behind HP and Dell. And as creative departments grow in corporate environments (from design and content to programming and testing), more and more businesses are adding larger numbers of Macs to their environments.

The popularity of Macs leads to more cybercriminals wanting to write malicious code for OS X. Although still much lower than PCs, the number of threats targeting Apple operating systems has grown steadily, with a spike in Mac infections observed over the last 18 months. A recent study by Bit9 + Carbon Black found that the number of Mac OS X malware samples detected in 2015 was five times greater than in the previous five years combined.

Forms of malware on Macs

Apple security is fairly tight—OS X has a basic built-in anti-malware feature, and if the machine detects a malicious program, it gets added to the signature database. From that point on, that piece of malware can’t be opened on any Mac, unless the user has explicitly disabled security updates. But clearly some malware is getting through. Which forms?

The worst offender is adware. “There are many different adware programs infecting the Mac right now, and they’re in a constant state of flux,” says Thomas Reed, Director of Mac Offerings at Malwarebytes. “Adware-riddled installers are everywhere, and it’s becoming harder and harder to tell where a safe place is to download software.”

Other forms of malware have given Apple the slip, including Potentially Unwanted Programs (PUPs), Info stealers, Trojans, and even ransomware (KeRanger). While these forms of malware are less prevalent, they can still be quite dangerous. KeRanger was downloaded by around 6,500 people within the 12-hour period that it was available. Some of those users had their data completely destroyed.

How are they getting through?

The main way that adware and malware is getting through on Macs these days is through codesigned apps, using a certificate obtained from Apple. The certificate is either stolen or bought and simply treated as disposable, since it costs only $99. Apple can revoke these certificates if they see them being abused, and they do so quickly when they find a new signed malware. However, Apple doesn’t take a particularly hard stand against most adware, which can persist for a long time with the same certificate.

In addition, video and audio streaming sites and piracy sites often dole out adware. Software download sites distribute installers containing adware that has been added without the permission of the developers. Worse, even some developers’ own sites are guilty of bundling adware. For example, the popular Filezilla FTP client installs adware even when downloaded directly from the official site, and the free version of Avast had (and may still have) an ad-injecting feature in its browser extension.

What happens to your Mac after an infection?

Adware is a serious hassle. Injected ads are intrusive and can contain offensive content. They can also slow down your computer’s performance and result in browser destabilization. Malicious ads can even direct you to tech support scams where you can be scammed out of your money or into installing other harmful software.

But that’s not all, Bob! What else have you won? Info stealers can, obviously, steal your info. And in the case of ransomware, data can be totally destroyed with no shot of getting it back.

Final verdict

Myth: Macs are impervious to malware.

Fact: Macs, while less vulnerable than PCs, are assailable. Their security can be penetrated, especially by cybercriminals looking to deliver adware.

So do you really need a security solution for your Mac? “Although the primary threat right now is adware, it’s still a problem of epidemic proportions,” says Reed. “Even knowledgeable Mac users have been known to fall victim to some kind of adware, so it’s no longer true that you can avoid threats by simply being careful what you download.”

With increases in Mac popularity making OS X more appealing for crooks, plus the already considerable onslaught of adware, it makes sense to install an anti-malware program for your Mac. It should catch what OS X misses and restore your Mac’s performance to the high caliber you expect.

Now what other myths can we bust? Can tooth fillings really receive radio waves?

802.11ac Is Here, 5 Things You Need To Know

Gigabit Wi-Fi, 802.11ac, is officially here, but what does that really mean? Here’s my list of the five things you need to know before you invest in this new wireless technology.

1) 802.11ac is not going to give you a Gigabit of throughput

True, 802.11ac access points working with 802.11ac devices will give you faster data transmission feeds than 802.11n. The Wi-Fi Alliance claims that Wi-Fi Certified 802.11ac can deliver data rates up to more than double those of a typical 802.11n network. Practically speaking the Alliance claims that “this means a network can support simultaneously streaming multiple HD-quality videos to multiple devices.”

Fair enough, but in practice you’re not likely to see an 802.11ac reach its theoretical maximum of 1.3 Gigabit per second (Gbps). That’s because the conditions you need to reach that speed requires a laboratory not your office.

To reach the highest speeds you need three data-streams, each of which can run up to 433 Megabits per second (Mbps). A typical 802.11ac access point can support up to eight data streams. Client devices must only support one.

For example, the Samsung Galaxy S4 supports 802.11ac with the Broadcom BCM4335 Wi-Fi chipset. This chipset only supports a single stream so, even in the best of all possible worlds, you’ll only see 433Mbps.

The “unofficial” 802.11ac devices that have been shipping for the last few months, and the first generation of the standard 802.11ac devices aren’t likely to hit these speeds even on a testbed. The fastest speeds here in CNeET/ZDNet land we’ve seen to date came from the NetGear R6300 WiFi Router, which hit a high of 331Mbps.

That’s great, but it’s not gigabit great. It is, however, a lot faster than you’ll see then with any combination of 802.11n gear.

2) Working out the range

802.11ac only supports the 5GHz frequency. The good news about that is that there’s far more room in that frequency spread than there is in the over-used 2.4GHz . The bad news is that a 5GHz signal has less range.

At the same time, 802.11ac has another feature, beam-forming, that gets around the general 5Ghz range problem. For the Wi-Fi access point in your office today, the signal is omni-directional—it forms a communications sphere around the device. With 802.11ac the signal is broadcast directly from the access point (AP) to a specific device and back again.

While no one seems to have published much on what this means, I expect it means that if you’re in an environment with few 802.11ac devices, say eight, you’ll actually see excellent range. But, if you’re in at a convention center with hundreds of 802.11ac devices I suspect you’ll need to be much closer to an AP to get a signal. That said, life is always miserable for Wi-Fi users in hotels and large meetings rooms.

3) Backwards Compatibility

All 802.11ac devices will support older Wi-Fi technologies such as your 802.11n-equipped laptop or even your old 802.11g network bridge. 802.11ac can’t do magic though. For example, if you buy an 802.11ac AP you’ll still be limited to your older devices’ maximum speeds.

Soon, there will be a lot of new gear that supports 802.11ac as clients. If you buy an 802.11ac AP now you’re really buying for future use. It’s not going to do you much good today.

As always you should remember that any network is only as fast as its slowest link. For instance, if you’re buying 802.11ac to improve your Netflix viewing experience and your Internet connect is 10Mbps, it won’t do you a darn bit of good. 802.11n, or even 802.11g, is all you’ll need.

4) AP Channel Conflict Ahoy

Anyone who does any Wi-Fi network management knows that the 2.4GHz range is as crowded as a Best Buy store on Black Friday morning. In theory, you can use up to 14 channels. In practice, to avoid interference, you can only use three or four channels. If you have conflicting channels, you’ll see your network performance go down the toilet. The advantage of 802.11a and 802.11n’s 5Ghz range is that was so much room that you didn’t need to worry about interference. Get worried again.

One of the big ways that 802.11ac gains its speed is by using 80MHz wide channels. In 802.11ac wave two devices–the next generation of 802.11ac, which will start showing up in 2014–the channels will take up 160MHz of frequency. What that means exactly depends on your country, since there are a wide variety of rules on how the 5GHz range can be used. But, in the United States that means 802.11ac will have at most five available channel selections. When 802.11ac second-wave appears it will go down to one or two.

80211acChannels
The 5GHz frequency range is messy, and using it is only going to get a lot messier as 802.11ac continues to evolve. (Credit: Cisco)

In other words, network administrators should start working out now where they’ll be placing 802.11ac APs, because once more you’ll need to be wary of fouling up performance because of AP interference. And, let’s not talk about that business on the floor below you that’s always munging up your network.

5) 802.11ac requires additional infrastructure

I know, you thought 802.11ac would let you get rid of some of your Gigabit wiring. Nope. Not going to happen. First, as I already explained you’re not really going to get Gigabit speeds out of 802.11ac.

Second, and what many people don’t know, is that second-wave 802.11ac APs will require two, not one, Gigabit Ethernet ports. That just doubled your need for switch ports and cable runs. Oh boy!

Sure, you can get by with one port for now, but remember you’re not really going to have that many 802.11ac clients in 2013. Next year is when they’ll start showing up in large numbers and that’s when the second wave 802.11ac APs will be appearing.

So, you can forget about doing a drop and replace for your existing 802.11g/n network APs. You won’t be able to do it. Look on the bright side: Even with the next generation of 802.11ac you probably won’t need to back them up with 10Gbps up-links.

What all this means is that Gigabit Wi-Fi isn’t really here. Faster Wi-Fi is but it’s not really going to take off until 2014 and when it does come deploying it is going to be expensive. I foresee all of us using 802.11n Wi-Fi for years still to come. 802.11ac is not going to roll out quickly.

Facebook Is Tracking You More Than You Realize

Whenever you’re on Facebook, do you ever get the feeling that you’re being watched? An ad pops up that’s right up your alley, or three new articles show up in your feed that  similar to something you’ve just clicked on.
Sometimes it seems like Facebook knows you personally, and that’s because it does. It has algorithms that track what you like, watch and click on. That information is then passed along to Facebook advertisers.
Facebook itself isn’t the only culprit. Tons of companies use Facebook’s platform as a way to track you. In fact, right now there a probably dozens of companies that are watching your posts, storing your profile information and more, without you even realizing it. Today, I’m going to tell you how to stop it.
How did this happen in the first place?
When Facebook first started out, people rushed to the platform because of the many perks that it offered. One of those perks, and probably the most appealing, was the fact that Facebook was entirely ad-free. You could use the platform to connect with family and friends without being bothered by someone trying to sell you something.
Well, like they say, “All good things must come to an end.” Eventually, Facebook began selling ads like everyone else. And that’s when everything changed.
People realized that Facebook provided a treasure trove of information for advertisers. By clicking “like” users were telling companies exactly what they wanted — more of this, less of that, please. This led to the big data tracking we now see.
Three sneaky ways companies are tracking you:
Most people understand that Facebook is tracking their preferences whenever they use the app. But, few realize they’re being tracked in other ways too. And, that’s what these third-party companies are banking on. If you don’t know you’re being tracked, then you won’t ask them to stop. So, here are three things to watch out for.
Facebook apps: This is when you receive a request to play a Facebook game your friends are obsessed with, and you decide to sign up. If you’ve ever done this before, then you’ve allowed that app developer  you. These third-party apps integrate with your Facebook profile and generally have permission to pull whatever information they want. And although you can edit what information they can access, very few people do.
Facebook logins: This is when you visit a site and it says “Log in with Facebook,” and you do, then you’re letting that company track you.
Friends’ apps monitoring you: Even if you didn’t download an app, Facebook’s default settings allow apps your friends have installed to also see YOU. It’s pretty scary.
How to stop it from happening:
You might be wondering why this even matters, and how it really impacts you personally. The easiest way to answer those questions is to point out all of those big data breaches you hear about almost daily. Hackers rarely waste time on individuals these days. They’ve got much bigger fish to fry. Large retailers, for example – or the databases where these third-party companies store the information they’ve gathered. That’s why everyone should take these steps to protect their private information.
Review and edit installed apps: To see what apps you’ve installed over the years, open Facebook in your browser, click the down arrow in the upper right corner and select “Settings.” Then click on the “Apps” header in the left column.
To see what information an app is accessing, click the pencil icon next to any of the apps to see and edit the settings. The first setting lets you set who can see that you use the app. It defaults to “Only Me,” so it isn’t a big deal. Below it, however, is another story.
In the case of Skype, for example, it pulls your public profile information along with your list of friends, email address,  and hometown.
Remember that this information is being stored on a third-party server. Not every app developer is going to have Microsoft-level security, and hackers are good at turning tiny pieces of stolen information into big gains.
If you want to keep using the app, you can deselect certain items, such as your email address. Be aware that won’t remove the information from the app developer’s servers, however. If you change your email address in the future, however, the developer won’t get the new one.
Remove apps you don’t use: If you don’t want to use the app anymore, you can click the “Remove app” link at the bottom of the page. Just remember that this won’t automatically remove your information from the app developer’s servers. For  you’ll need to contact the app developer directly. Facebook has a link for more information on this under the “Remove info collected by the app” section in the app’s settings.
Turn off apps completely: If you’ve deleted all the apps, and you’re not keen on accidentally installing more in the future, you can turn off the app platform completely. Just note you won’t be able to install apps or log in to third-party sites using Facebook until you turn this back on.
To turn off the app platform, go back to the App Settings page. Under “Apps, Websites and Plugins,” click the “Edit” button. At first, this just looks like a way to disable app notifications and invites from other people, which is a big help on its own. However, you’ll want to click the “Disable Platform” link in the bottom left corner.
Facebook gives you the standard warning about what disabling the platform does. If you’re OK with it, click the “Disable Platform” button. Again, this won’t remove information that app developers might have collected about you already.
Stop logging into sites using Facebook: In the future, when you’re adding an app or logging into a website try to avoid logging in with Facebook. But, if you must use Facebook to log in, then look for the “Log in Anonymously” or “Guest” option so it won’t share your information.
Stop friends’ apps from seeing your info: Apps can still get your information through your friends. By default as your friends install apps, those apps have permission to grab whatever info about  friends can see.
To put a stop to this, go back to the App Settings page. Then under “Apps Others Use” click the “Edit” button.
You’ll see everything that your friends’ apps can see about you. Go through and uncheck every option listed on the page, and then click “Save.” Now companies can’t track new information about you.
Apps aren’t the only worry you’ll run into on Facebook. Recently I told you how scammers use Facebook like-farming can put your privacy at risk. Find out how like-farming works and how you can avoid it.
If you want to like something safe that will also bring you the latest news and updates to stay ahead of the game in your digital life, head over to my Facebook page at Facebook.com/KimKomando and click the like button.

Article From USA Today

Crooks Launch ‘Customer Service’ Website For Victims

By Herb Weisbaum

Now here’s a first — crooks who realize the importance of customer service.

It’s the latest twist in the global CryptoLocker ransomware attack. This diabolically nasty malware locks up all of the victim’s personal files — and in some cases, backup files, too — with state-of-the-art encryption. The bad guys have the only decryption key and they demand $300 or two Bitcoins to get it.

“It’s been a disaster for many of the people hit with it,” said Lawrence Abrams who has been tracking the spread of this infection on BleepingComputer.com

Within the past few days, the criminal gang behind CryptoLocker created a site for victims who need help making their required extortion payments.

“These guys have some big cojones,” said security expert Brian Krebs, who writes the blog KrebsOnSecurity.

The CryptoLocker Decryption Service allows victims to check the status of their “order” (the ransom payment) and complete the transaction. I am not making this up!

Those who paid the ransom (with either Green Dot cards or Bitcoins), but did not get the decryption key — or got one that didn’t work — can download it again.

Those who missed the 72-hour deadline can also get their key, but the price jumps from two Bitcoins to 10. At today’s market value, that’s nearly $4,000. And Green Dot is not accepted with this extended-deadline service.

Why are the CryptoLocker crooks doing this?

“They were leaving money on the table,” Abrams told me. “They created this site to capture all of the money they were losing because people couldn’t figure out how to make the ransom payment or missed the deadline.”

The bad guys also ran into some technical problems after they launched their attack. It turns out that when antivirus software removes CryptoLocker from an infected computer, the victim can no longer pay the ransom and decrypt their files. To do that, they had to re-install the CryptoLocker malware, something that was not only weird, but cumbersome.

By using the customer service site, victims can get a key that will unscramble their files without the need to re-infect their computers.

Is this the new reality?

Law enforcement and cyber security experts always advise victims of ransomware attacks not to pay the ransom. After all, that extortion money goes to fund a criminal operation, and there’s no guarantee the files will be released.

But when you’re the victim, when all of your data has been encrypted and you don’t have a suitable backup, you’re faced with two choices: pay up or have those files frozen forever. That’s why so many people are paying and why security experts fear more of this nasty malware is on the way.

“Anytime you see an underground business that is doing well, you will always see more people copying it,” said Krebs. “Unfortunately, I think these destructive attacks are here to stay and they’re only going to get worse and more intense.”

Sean Sullivan, security advisor at F-Secure, agrees.

Until now, ransomware attacks have been limited by the lack of a global payment method. It took a lot of work to get paid in different parts of the world. Bitcoin, the new digital currency, solves that problem.

“CryptoLocker, using Bitcoin, might finally have reduced the overhead of not having a global form of payment,” Sullivan said. “We’re getting to the tipping point where ransomware will become epidemic because it’s not that hard to get paid anymore.”

New zip file being send

BleepingComputer.com
The new CryptoBlocker delivery vehicle is a Zip file that requires a password to open. This is designed to fool antivirus software that can now detect the malware hidden in a regular zip file. Open that file and your files are toast.

CryptoLocker: A new method of attack

There are various ways for malware to infect your computer. Security experts tell me CryptoLocker is delivered in a Zip file attachment. Open that attachment and the malware is loaded onto your machine.

Some antivirus software can now detect CryptoLocker hidden in a Zip file and prevent the infection. So, a couple of days ago, the bad guys modified their attack.

According to Lawrence Abrams at Bleeping Computer, the Zip files containing CryptoLocker are now password protected. That little trick gets them past the security software.

Abrams said it appears the password “PaSdIaoQ” is the same for everyone. Open that attachment and your files are toast.

How do you protect yourself?

It’s the same advice you’re heard before: Don’t open attachments from an unknown sender, have up-to-date security software and back-up your files religiously. And because CryptoLocker can compromise files already backed-up, you need to reassess how you do your backups.

Network drives (whether physical or in the cloud) that are always connected to your computer are often vulnerable. Krebs suggests doing a manual backup and then disconnecting the drive when you’re done. It’s a lot more work, but much safer.

Krebs warns that we are now dealing with a new generation of malware. Once it’s done its damage, you cannot undo it yourself.

“This is scary stuff,” he said. “People need to rethink how they protect their important files.”

In a new article on his blog, Krebs recommends two tools that can block CryptoLocker infections: CryptoPrevent from Foolish IT for individual windows users and the CryptoLocker Prevention Kit from Third Tier for small business administrators.

More Info:

Herb Weisbaum is The ConsumerMan