Operation Pawn Storm targets out of date iOS users

There is a new attempt to compromise your iPhone or iPad.  It attempts to load a rogue application onto your phone using a method used by developers to test their software before it is approved by the Apple App Store Process.

There may be other methods of infection that are used to install this particular malware. One possible scenario is infecting an iPhone after connecting it to a compromised or infected Windows laptop via a USB cable.

However, in order to do this, you have to help the hackers.  The attempt will pop a number of dialog boxes asking for your confirmation to install an app.

What should I do?

Make sure you are running the most recent version of the operating system for your device.  If you have an older device that cannot run iOS8, be sure not to just click allow.

For more information see the Trend Micro Blog

Adobe Flash ZeroDay Exploit in the wild

Trend Micro has identified a new Flash ZeroDay exploit.

ZeroDay? Whatchootalkinaboutwillis?

A ZeroDay Exploit is when a new bug is found in an application like Adobe Flash that is discovered, but no protective or ameliorative patch is available yet.  This means “YOU ARE AT HIGH RISK OF BEING COMPROMISED”.  This one is a real problem, because the attack vector relies on infected ads on otherwise trusted sites.

What can you do?

Install the latest patch whenever Adobe releases it.  Limit your web browsing, and don’t think you are impervious to exploit.

You can read more about the exploit here on Trend-Micro’s blog

Computer Security is hard…unless you learn these rules.

Infoworld has an excellent article on computer security.

To summarize it for you:

1- Patch the popular software first – and do it as soon as the patch is announced

2 – Don’t fall prey to the scams (social engineering) You are more likely to get scammed from sites you “trust” than those you don’t.  Don’t EVER give information to unsolicited callers.  Know what programs you have installed and ignore threat warnings from software you don’t recognize.

3-Don’t use the same password in multiple locations.  If one site gets hacked, that password is added to the dictionary so it can be used to try to hack other locations.

4 – 2 Factor authentication has its benefits.  Sure it is a pain in the butt, but if you are concerned about the security of your information/accounts, then the additional inconvenience is worth it.

Malware and Spyware and Viruses…oh my!

I frequently get calls that go something like this:

“Hi I need you to come over to take a look at my computer, it seems like it is really slow, and I can’t do the things I used to on it.”  Whenever I hear this, I used to think that a hard drive needed to be defragmented….but that is rarely the problem these days.  Now it is malware, spyware, browser hjacks, host redirects, registry hijacks, crapware (I use this term for software that gets installed alongside something that you want, but you have no real use for).

The reality is that I get these calls mostly from people using windows, and I hear “I never go to any bad websites or anything”…

The reality is that you don’t need to go to bad websites to pick up malware.  Hackers infect popular servers in the hopes that they will be able to infect unsuspecting visitors.  These “drive-by” exploits are often discovered in a matter of hours and removed.  However, they rarely announce to their visitors that they were compromised and that they should inspect their systems …… so the people who visited early on never suspect that they are now carriers.

“But I have an antivirus program already installed”

That may be true, but no antivirus program is perfect.  They rely on various methods to detect “known and unknown” bits of code…the hackers are working hard to find ways around that detection.  Your antivirus may also not be designed to detect malware – they are usually designed specifically to prevent the spread of viruses.

“So what am I supposed to do?  Why is this so confusing?”

Get into a habit of checking your machine regularly.  There are plenty of free tools available that will allow you to do this for yourself for free – but like a gym membership – it does no good unless you use it.  If you rely on your computer for more than just entertainment, do it every week.  If all you do is surf the net and watch netflix or hulu, then every couple weeks to once a month should be fine.

“I don’t have time for that!”

Well, if that is the case you have 2 options –

1. Do nothing and wait til your machine can no longer function (kinda like a car when you don’t take time for an oil change) or…

2. Call someone to take care of it for you (kinda like going to the quick-change oil store)

This is where HelpMeClayton.com comes into help. I offer a subscription service that will do the routine maintenance for you, remotely if you like, on a regularly scheduled routine.  This cannot guarantee that you will never get any malware, spyware or crapware, but it is a good step into making sure your machine is cleaned regularly.

If you are interested in scheduling a regular maintenance send me an email at help@claytonrandall.com and I will get back to you.