Vaporizers (AKA E-cigarettes) have been gaining some serious traction and widespread use over the past few years. The sudden surge of popularity isn’t too surprising considering the fact that the health implications of nicotine consumption are vastly more favorable with vaporizers when compared to traditional cigarettes.

Most Vaporizers charge through a propriety connection to USB that looks something like this:

Should be harmless, right?

In a recent reddit post, the poster reported that an executive at a large corporation had a data security breach on his system from malware, the source of which could not be determined initially. The machine was patched up to date, had updated anti-virus protection, and Weblogs were evaluated. “Finally after all traditional means of infection were covered; IT started looking into other possibilities…” The made in china USB charger had malware on it that, when plugged into a computer’s USB port, would phone home and infect the system.

Now for those of you scratching your head going - hang on a minute… Windows hasn’t auto-executed anything from USB in YEARS. USB drivers are loaded from the library on the PC and I would know when it was plugged in and I would have to click and run a file in that folder - this whole story sounds fishy… Let me introduce you to BadUSB. Essentially this USB control chip would be reprogrammed to act as a keyboard + mass storage device. Once plugged in, it sends key-commands to open command prompt and then executes files from the storage. It’s not as if this vector of attack is brand new either – at least conceptually. According to @th3j35t3r (the Jester), a well known cyberwarrior in an article titled ‘What would I do if I was Chinese PLA’, USB charger attacks such as this are “theoretical but entirely possible, if not probable”.

My personal suggestion to those concerned is to only charge USB devices through a wall adapter (they charge faster anyway). If you REALLY need to charge through USB then I suggest getting one of these, dubbed “USB Condoms”, which will make sure that only power is drawn and no data is exchanged.

What kind of defenses exist for this type of attack? Basically not much. Malware scanners cannot access the firmware running on USB devices and USB firewalls that block certain devices do not exist yet. Behavioral detection is unlikely since the device’s behavior is just going to appear as though a user has simply plugged in a new device. It’s very unsettling and the threat is there however unlikely we think it is. While I doubt this is widespread or even remotely common, I did make sure to take apart my charger and made sure that there were no data pins and that it was only drawing power through USB.

The post Vaporizer chargers can contain malware appeared first on Webroot Threat Blog.

The threat landscape has been accustomed to rogues for a while now. They’ve been rampant for the past few years and there likely isn’t any end in sight to this scam. These aren’t complex pieces of malware by any means and typically don’t fool the average experienced user, but that’s because they’re aimed at the inexperienced user. We’re going to take a look at some of the improvements seen recently in the latest round of FakeAVs that lead to their success. While the images shown may have different names of A-Secure, Zorton, and AVbytes, they are identical in execution, appearance and are likely from the same author(s). Webroot users are protected from all variants of these encountered.

This is what the GUI looks like and it’s pretty standard. Well polished and full functionality of all buttons. Those “scanned files” don’t actually exist, but those directories do so this simple indexing can add some form of legitimacy of unsuspecting users.

This is probably the biggest improvement to the veil of legitimacy. These brands of FakeAV now come with an action center window that is almost identical to the real one. Right where you would normally see your legitimate security software’s status via windows they have theirs listed in all the same fashion. This is just a fake action center and the malware will prevent you from opening the real action center and will just redirect you to this window. I can see this tactic fooling even the average user at times. These rogues wouldn’t be complete without a payment “website” and these probably have the best developed so far. Here is the payment page and the home page.

Not only do these pages contain fake awards from legitimate testing companies, but they also have phony reviews and even a simulated news feed with product updates, blogs and press releases. This really is the icing on the scam cake as depending on the limited interaction you’ve had with the rogue, it could be enough to convince you that this program will actually help you and may be worth the money. Now skeptics will notice that there are some flaws like “VMworld 2011 Europe” - how would a 2015 product make it to that expo? And the image used at the top of the home page shows Win XP security when the product is for Win 7. These are all minor mistakes and could have easily been fixed. I suspect that we’re only going to see more innovation in the future and eventually might find rogues that will blur the lines between legitimate and fraudulent so well that they’ll be almost indistinguishable.

The post Social Engineering improvements keep Rogues/FakeAV a viable scam appeared first on Webroot Threat Blog.

Whether it be iPhones with bigger screens, major video game releases to make next-gen systems finally worth it, or wearables that are actually appealing to consumers, it’s safe to say any technological ‘advancement’ of this year was overshadowed by the seemingly endless wave of breaches that plagued companies and consumers alike.

With the New Year only a couple weeks and change away, let’s look back at 2014, aka the ‘Year of the Breach’, and revisit 10 companies who want nothing more than to forget their breach nightmares and start fresh in 2015:

Michaels

Going back almost a full year to January, and you have what was one of the first post-Target breach breaches to come to light. According to numerous sources (and reported by the ever-informed Brian Krebs), all signs were pointing to a potential Michaels breach. That same day (January 14), the US Secret Service said it was investigating further.

Fast-forward to April and we get the confirmation, with Michaels Stores Inc. announcing that 3 million customer credit and debit cards were stolen in Michaels and Aaron Brothers stores as a result of two eight-month long security breaches.

Goodwill

On July 21st, news of another breach started coming in. This time, the victim was Goodwill Industries. Or more specifically, the systems of a third-party vendor that processes payments for some Goodwill members (20 to be exact, which represents ~10% of all stores).

This breach, which was determined to be caused by a piece of malware called ‘Rawpos’, resulted in exposed information of 868,000 customer credit cards. Goodwill released details of the breach in September on their site.

The Home Depot

Speaking of September, that was a rough month for The Home Depot, which began when the company said it was “investigating some unusual activity with regards to its customer data.”

That ‘unusual activity’ ended up being a massive breach that involved pretty much every Home Depot location in the country.

Sure enough, six days after the initial reports started filing in, the company admitted that its payment systems were in fact breached, and that the attack was going on for months.  What was not yet known was the scope of the attacks.

That announcement came 10 days later, with The Home Depot saying that the malware was contained, 56 impacted debit and credit cards later. The disclosure made the incident the largest retail card breach…ever recorded.

Japan Airlines

On October 1st, with The Home Depot breach still fresh on peoples’ minds, Japan Airlines said that it was the latest breach victim and that 750,000 frequent flyer club members’ information may have been stolen after hackers breached JAL’s Customer Information Management System and installed malware on computers that had access to the system.

The potentially stolen data included everything from customer names to membership numbers and home addresses.

JP Morgan

And then, just one day later, JP Morgan confirmed an absolutely giant breach that affected 76 million households and 7 millions small businesses. Affected were customers who used Chase.com and JPMorganOnline websites, and the Chase and JP Morgan online apps.

Stolen information included names, email addresses, phone numbers, and home addresses, but more potentially-devastating information such as account numbers, passwords, and Social Security numbers were not believed to be impacted.

Fox Business also came out with a report saying that the nation’s largest bank was also bracing for a mass-scale spear-phishing campaign right after the breach was exposed, and that the stolen info was the ‘first wave’ that would help the cybercriminals steal the aforementioned ‘good stuff’, which they could do with legitimate-looking emails targeting those customers who’s data they already nabbed.

While no such campaign has yet happened, it has not yet been determined for sure who was responsible for the breach and the investigation is still ongoing.

You can find more detailed descriptions of The Home Depot, Japan Airlines, and JP Morgan breaches in a previous blog I wrote.

Kmart

Later in October, Sears Holdings Corporation announced that it discovered a breach at its Kmart stores that was due to malware on their POS  (Point-of-Sale) machines. At that time, Sears also announced that the malware was removed and that there was an ongoing investigation.

The investigation went on to reveal that the attack started in early September, which means that the breach was going on for a full month. Despite that, Kmart said that no personal customer information was stolen as a result of the breach.

Staples

Just over a week after the Kmart breach, Brian Krebs reported that he got information from multiple banks who said they were seeing a patter of credit card fraud linking back to a series of Staples stores in the Northeastern part of the country. At that time, Staples said it was investigating the issue.

According to a Bloomberg update from last month, Staples said that it believed the malware that caused was identified and eliminated, but that the investigation was still in its early stages and that they could not yet estimate the scope of the breach or how much data was stolen.

Last month, it was also reported that a link was found connecting the Staples and Michaels breaches.

USPS

On November 10th, numerous reports came out saying that the United States Postal Service was breached back in September, and that Chinese hackers were responsible.

This breach impacted both employees and customers, compromising data of 800,000 workers and 2.9 million customers.

Bebe

Earlier this month, security researcher Brian Krebs got word from banks about fraudulent charges on credit cards that were recently used at Bebe women’s clothing stores across the nation.

Sure enough, just a day later, Bebe Stores Inc. confirmed the breach, saying that the hackers got hold of customer information that may include customer names, account numbers, card expiration dates, and verification codes.

Sony

(Source: IB Times UK)

The latest, and perhaps most devastating (for the company affected, at least) of all 2014 breaches, the attack on Sony continues to make headlines daily as new details emerge and new information is leaked.

This breach has all the ingredients for a Hollywood flick (a mysterious enemy, global threats, massive exposure, a potential inside job, etc), which is ironic, considering that The Interview, a Hollywood comedy about two accidental ‘agents’ assigned to assassinate North Korea’s leader Kim Jong-un, may be what started the breach to begin with.

So far, the attack has crippled Sony’s corporate network, exposed personal employee information such as executives’ salaries, social security numbers and medical records, and leaked email conversations that have landed some top execs in hot water. And new details are continuing to emerge.

This list highlights only 10 of some of the most prominent companies that experienced a breach this year. As you can see, no industry is safe and no two breaches are exactly the same. The one constant? All 10 of these companies will have ‘Don’t get breached!’ as one of their New Year’s Resolutions.

The post Breach Therapy: 10 Companies Who Can’t Wait For 2014 To Be Over appeared first on Webroot Threat Blog.

Several cyber take downs occurred this year when hackers infiltrated Home Depot, Michaels, iCloud, JP Morgan and the list just goes on. And while consumers and companies have been hit hard in 2014, our 2015 security predictions show that this will be the year of the cloud attack.

According to a recent IDC report, almost 90 percent of Internet spending (including mobile apps, big data and social media) will be on cloud-based technologies over the next six years.

While many companies are making the leap to the cloud, securing the cloud remains an ongoing challenge for IT departments. Smart cyber criminals know where the holes reside and view this space as a big target.

In 2015, a major cloud provider will be breached, compromising many of their customers’ data and in turn leaving hundreds of thousands of individuals vulnerable to follow-on threats. Following the breach, I predict the following will occur:

1. U.S. Congress will step up efforts to legislate better security protection in public clouds.
2. Consumer and shareholder outrage will lead to the sacking of several CEO’s and CISO’s and force the creation of internal cybersecurity task forces.
3. Enterprises will recognize the benefits of cloud-based malware protection as well as cloud-based cyber attacks.
4. Enterprises, government agencies and security vendors will begin to develop more effective collaboration and cooperation to combat the wave of cyber crime and cyber warfare.

With our 2015 security predictions in mind, what other theories do you have for this year’s security landscape?  Share your ideas in the comment box below.

The post Why 2015 will be the year of cloud attacks appeared first on Webroot Threat Blog.

It’s generally understood that Hollywood will always put their own spin on actions in order to help tell a story.  That’s part of the movie and TV magic, or artistic license, that directors take when they are producing these pieces of entertainment.  But sometimes, the artistic license itself is more entertaining for how far off they are representing said actions.

With “BlackHat” coming to theaters tomorrow, we decided to look back at some of the most ridiculous forms of ‘hacking’ displayed on the big (and small) screen.  Here are our 7 favorite misrepresentations of hacking from Hollywood.

Hackers:

This 1995 classic really took hacking to mainstream, introducing the idea of gangs of hackers to the world.  While it is true there are groups out there dedicated to hacking, that is where the similarities end.  As you can see in the clip, the hackers and the target are in a long, drawn out command-based attack against each other, all supported by 3D navigation of operating system code.

Jurassic Park:

2nd Clip: https://www.youtube.com/watch?v=RfiQYRn7fBg​

Jurassic Park has two ‘great’ examples of Hollywood hacking.  The first is the overly simplistic, “hacker crap”, stemming from simple commands.  The second being that just because the girl knows “Unix” she’s now able to control everything by clicking files?  We know that control is about commands, and hacking doesn’t occur via a GUI.

Goldeneye:

“BORIS IS INVINCIBLE”.  Need we say any more about this?  Boris, the self-described geek of Goldeneye, shows simplistic forms of hacking while breaking into the US Government computers as well as those around him.  In around 10 words, Boris is able to access everything he needs in any situation form any target.

Independence Day:

We don’t have an individual clip of this one, but chances are we have all seen this movie and the scene (pictured above) where Jeff Goldblum’s character uploads a virus using human technology (like a USB drive, etc) to an alien spaceship, and then proceeds to use a regular PC to complete the process.  Lots of scroll-y windows and a big, red “VIRUS UPLOADED” for the viewer’s pleasure.

Live Free or Die Hard:

From the very start of this film, we are shown that hackers, and the viruses they produce, can control C4 and other items.  While technologically that is possible with command lines, specific transmitters, and such, the representation that hackers are deadly mercenaries is beyond crazy.  Beyond that, we again see the GUI supported hacker/virus delivery programs that have become common place in these style representations.

Swordfish:

Probably the biggest offender of the GUI supported hacking alongside some amazing keyboard work.  While the clip won’t be linked here, the displays of hacking are amazing, with what seems to be a random pressing of keys in random orders, with no real commands, alongside encrypted files being decrypted, again, by command.  Super computers would struggle with the work, but our star can do it all in 60 seconds.

NCIS:

The crown goes to NCIS, hands down.  While the other examples are laughable at most, still linking back to a little (sometimes very little) reality, this clip shows one of the most ridiculous forms of “counter hacking” ever seen on the screen.  With 2 NCIS agents on one keyboard, almost a homage to “Hackers”, they attempt to defend off a hack of a mainframe by typing faster.  That’s all they do.  And it’s hysterical.

The post Hacking in Hollywood appeared first on Webroot Threat Blog.

(Yes, he’s Thor in other movies, but that doesn’t mean he can’t hack in Blackhat)

Blackhat is out today in theaters, and we were lucky enough to have an advanced screening of the film alongside our very own threat security team.

As seen in our previous post on Hollywood and hacking, the majority of the time it feels like producers in Tinsel Town don’t have a full grasp on how hacking works or how to accurately present it to the viewers, and instead come up with ridiculous uses of the computer that make little to no sense to the tech-savvy.

Blackhat felt like the opposite of that.  And that is the biggest surprise for us.  In all honesty, we headed into the movie, expecting it to have major misrepresentations and to tear it apart.  But as we sat around discussing the flick, we concluded that the team behind the movie really did their research.  Dare we say that Blackhat might be one of the best Hollywood representations of hacking and cybercrime, especially focusing on the darker side of criminal activities?

Yes, we do dare.

To say the movie is truly authentic would be a stretch, but the fact is that Michael Mann avoids the major stereotypes that have become all too commonplace in other films. He also does a good job traversing the social-political game of relations between US Government agencies as well as US-China relations. As a result, the story carries itself through very well to the end.

The movie actually presented many different methods that criminals will attempt to breach security, including social engineering, direct breach, cyber espionage, and computer hacking itself.  While hacking was a central topic throughout, ‘Blackhat’ was more than just about hacking, and focused more on cyber-terrorism, a broader yet more relevant topic that has been in the news quite a bit lately.  Each of these methods of breach are an everyday threat to organizations big and small.  If anything, the movie stands as a representation of the complexity of today’s security environment, showing how security alone will do little to keep a network safe.

While there was a bit too much Hollywood sexiness and bravado when it comes to just how talented the characters were, this inclusion surely added to the entertainment value.  We wish we could go from evaluating code to globetrotting, chasing down the bad guys, but sadly that is not how it works these days.

Overall, Blackhat was a well told story, and from a security team’s perspective, it maintains a solid grasp on reality in most of its hacking scenes.  The entertainment value was there, alongside fairly accurate representations of security infiltration, leading us to walk out pleasantly surprised.  And we think you might be as well.

The post Did Blackhat just break the hacker movie stereotype? appeared first on Webroot Threat Blog.

In possible retaliation to the Superfish MITM software installed on Lenovo consumer machines, hackers looking to be representing Lizard Squad have hacked Lenovo’s support page through DNS hijack.  Currently, if you head to http://support.lenovo.com/us/en/product_security/superfish, a whole new site appears rotating through images hosted on IMGUR and playing a song hosted on YouTube.  Meta data in the code shows “The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey”, who have been implicated as members of Lizard Squad in the past.  We have pulled the source code for reference. We will update as we find out more information.

[UPDATE] Lenovo has restored the page back to the proper website. No official word from their team on what happened or how many affected in this DNS hijack.

<html>

<head>

<title>@LizardCircle</title>

<link href=’//fonts.googleapis.com/css?family=Roboto’ rel=’stylesheet’ type=’text/css’>

<meta name=”description” content=”The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey”>

<style>body{background-color:black;color:white;font-family:’Roboto’,sans-serif;}a{color:cyan;}#slides{display:none;}.container{width:100%;height:100%;}.slidesjs-navigation{display:none;}iframe{display:none}</style>

</head>

<body>

<center>

<a href=”https://twitter.com/LizardCircle”>

<div class=”container”>

<div id=”slides”>

<img src=”http://i.imgur.com/UPVwGSb.png”/>

<img src=”http://i.imgur.com/pRvR6jj.png”/>

<img src=”http://i.imgur.com/zTydDfv.png”/>

<img src=”http://i.imgur.com/InvkIDg.png”/>

<img src=”http://i.imgur.com/yr19vvc.png”/>

<img src=”http://i.imgur.com/7wKXhr8.png”/>

<img src=”http://i.imgur.com/SMy9P4g.png”/>

<img src=”http://i.imgur.com/tBSSz1M.png”/>

<img src=”http://i.imgur.com/IWpV3nR.png”/>

<img src=”http://i.imgur.com/QzhXFor.png”/>

<img src=”http://i.imgur.com/ny9IAhQ.png”/>

<img src=”http://i.imgur.com/lsUMIiw.png”/>

<img src=”http://i.imgur.com/dnQGUS1.png”/>

<img src=”http://i.imgur.com/IQbF2nB.png”/>

<img src=”http://i.imgur.com/dGrve6S.png”/>

<img src=”http://i.imgur.com/PhEKut7.png”/>

</div>

</div>

</a>

</center>

<iframe width=”0″ height=”0″ src=”https://www.youtube.com/embed/ZLa__49Ltv4?autoplay=1&loop=1″ frameborder=”0″></iframe>

<iframe src=”https://neko.li/haha/everybody/laughing/at/you” width=”0″ height=”0″></iframe>

<iframe src=”http://dev.neko.li/haha/everybody/laughing/at/you” width=”0″ height=”0″></iframe>

<iframe src=”http://cf0.pw/haha/everybody/laughing/at/you” width=”0″ height=”0″></iframe>

<script src=”http://code.jquery.com/jquery-1.9.1.min.js”></script>

<script src=”http://www.slidesjs.com/js/jquery.slides.min.js”></script>

<script>

$(function() {

$(‘#slides’).slidesjs({

width: 940,

height: 528,

navigation: false,

pagination: false,

effect: {

slide: {

speed: 200

},

fade: {

speed: 300,

crossfade: true

}

},

play: {

active: true,

auto: true,

interval: 2000,

swap: false,

pauseOnHover: false,

restartDelay: 2000

}

});

});

</script>

</body>

</html>

The post Lenovo Support Page Hacked appeared first on Webroot Threat Blog.

This blog is syndicated from the LabTech Software Blog: http://www.labtechsoftware.com/blog/antivirus-and-anti-malware-tips/

Think your clients are covered? Think again.

This year’s epic flu season isn’t relegated to humans alone. The burgeoning threat landscape is better equipped than ever before to take your clients down—or at the very least lighten their wallets.

Oftentimes, clients are satisfied to keep running on last year’s version of an antivirus solution. It saves money and is more or less the same thing, right? Wrong. The landscape is evolving, and last year’s solution won’t defend against this year’s threats.

Take phishing, for instance. It’s a lucrative activity. Millions of people collectively lose $1.5 billionper year by falling victim to phishing scams.

It’s the hope of getting a piece of that growing pie that keeps hordes of hackers working around the clock to develop the next big scam. As threats evolve, your solutions have to evolve with them.

Every antivirus solution has an expiration date. Like spoiled milk, last year’s solution isn’t going to deliver the results you’re looking for. You must routinely update and refresh your solutions if you want to keep clients safe.

Why Your Clients Are Saying ‘Yes’ To Malware

Malware is cleverly disguising itself as routine software updates, so more often than not, clients opt in to infections without even knowing it. These silent threats masquerade as Adobe Reader updates, virus scans, and seemingly harmless error messages.

As if that weren’t bad enough, these menaces are getting more complex. Advanced social engineering methods are spawning additive infection vectors. This means that multiple pieces of malware work in tandem to ensure the client’s end point is fully compromised and exploited.

What You Need to Know to Offer the Best Protection

We will walk through four of the latest and most notorious infectors used by malware authors to gain access to the endpoint. We’ll wrap up with key features of a winning antivirus/anti-malware solution so you’re prepared to defend against even the most cunning of tactics.

1) Advanced Keylogging Crushers. We’re all familiar with keyloggers. And while they might sound old school, they’re still evolving and sneaking through firewalls undetected.

• Culprit: Zeus Malware. This keylogging troublemaker is a Trojan that runs on Microsoft operating systems. It sneaks past users in the form of a familiar Adobe Reader or Flash upgrade, and it captures everything the client types until it’s removed.

• Must-Have: To keep keyloggers at bay, look for a dynamic antivirus/anti-malware solution that can penetrate and neutralize multi-layer attacks. Threats aren’t one-dimensional anymore, and your client’s virtual protection shouldn’t be either.

2) Rogue Anti-Malware Slayers. Also known as ‘rogues’ or ‘FakeAV,’ these threats target inexperienced users. As the names imply, these scams masquerade as antivirus solutions.

• Culprits: Countless Fake Antivirus Popups. While the names vary, the effects are the same. These threats have evolved by developing more realistic graphical user interfaces (GUIs) and ‘action center windows’ that are completely interactive and look legit to the untrained eye. If clients click through, they’re asked to submit payment information, which is then sold to the highest bidder on sites like CVV2s.in and crackhackforum.com.

• Must-Have: Since this is a long-standing scam, you’ll want an antivirus solution that updates its FakeAV index as frequently as possible. There will always be new ones popping up, so you’ll want to partner with a vendor who is committed to keeping their code current.

3) Powelik Pluggers. These threats hide in registries and silently pilfer client information. They can’t easily be caught by scanners because they don’t register as files.

• Culprit: Any Number of Vicious Malwares. This type of attack is probably the worst because it keeps coming back. The malware embeds itself so deeply in the system and evolves and updates the way it exploits so quickly that anything but the latest anti-malware solution will leave your clients out in the cold.

• Must-Have: The best defense here is a good offense. Once infected, it’s extremely challenging to completely remove the threat. By having a solid anti-malware solution in place that prevents the infection in the first place, your clients will be much better off in the long run.

Wondering where the fourth threat is? The Malware and the Modern Threat Landscape eBook holds the answer. Download it below!

The post The Threat Landscape is Expanding. Are You Ready for it? appeared first on Webroot Threat Blog.

Mobile World Congress is the biggest tech show focusing on, wait for it, mobile technology in the world. With many of the big announcements having occurred at the beginning it’s time for us to look and see all the amazing technology that came out of vendors new and old.  While this is not the end all, be all of the highlights, and one more day left to the show, we can expect the biggest reveals have occurred.

Google Goes Mobile

It has been no secret that Google has been taking over not only what we access on the web, but how we access, and announced that they will be starting to experiment with the ‘Nexus’ of mobile providers for US cell service.  What does this mean?  Well, if we take Google Fiber as any sort of baseline in service, we will see amazing pricing and high speeds on reliable mobile networks if they decide to go full scale.  Utilizing existing infrastructure, Google is hoping to drive the wireless network towards the future with innovation and competition.  Full details have not been released, but the experiment is expected to start providing this year.

New Phones. Everywhere.

While Sony did not launch their new flagship phone, catching many by surprise, HTC, Silent Circle, and Samsung took the opportunities to announce their newest, top of the line phones.  The HTC M9 packs in more technology to their familiar M8 phone design, including a new 20MP camera and Dolby Audio surround sound.  The Blackphone 2 from Silent Circle is the newest security-focused smartphone with better speed, battery, and Enterprise level integration possible.  And then there is the Samsung Galaxy S6, which is featuring a full range of top-of-the-line technology, a sleek new metal design, but surprisingly lacking the removable battery and SD card slot that set the Galaxy line apart in the past.

Wearables Get Style

Smart watches are cool, and with the Apple Watch coming soon alongside the already available Samsung, LG, and Motorola devices, but style has not always been the selling point.  Huawei stepped up the standard though with a gorgeous smart watch, running on the Android Wear OS.  Less bulky than the Moto 360 and the Gear S, it looks like a watch for every day wear and use.  Other companies, such as LG, released their updates to the smart watches, bringing more functionality to the line and hopefully taking the usefulness to the next level.

Light As Air Tablets

While Sony did not release a new flagship phone, they did surprise everyone with the Xpreia Z4 Tablet, a slim, fast Android 5.0 powered entertainment device.  Clearly going after the iPad devices, it packs in awesome performance surrounding a waterproof device and great battery, and even includes a keyboard attachment for the business crowd.

So while the show hasn’t been security focused, with the release of the new smartphones such as the Blackphone 2, as well as other devices, we know that mobile connectivity is still growing.  And with that growth will come the unique security challenges that will keep users safe worldwide.

The post Mobile World Congress 2015 – The Big Launches appeared first on Webroot Threat Blog.

The encrypting ransomware business model is hugely successful and isn’t going away any time soon (possibly ever). This latest variant not only encrypts the normal scope of valued files, but it now encrypts files required for your games – saves, mods, and profiles (like Day Z). It even even encrypts game software components from the like of Valve, Bethesda, Unreal engine, and RPG Maker. This means many of the major games that users play will be rendered useless unless they pay the ransom if hit by the malware. For a full list of the scope of files encrypted see here.

Here is what the GUI looks like

The last thing anyone wants to see

Notice how it says “CryptoLocker-V3″ on the window and has a uncanny resemblance. However, this is very different from the original cryptolocker so don’t be fooled. Tools like decryptolocker.com are NOT going to work on this variant. It also mentions “Click to Free Decryption on site”. When we first saw this we thought maybe it offered a free decryption similar to what we observed on an older ransomware variant, but it’s just a lie. Here is what you are presented with when you go to the decryption site and enter the bitcoin address it assigns you.

That’s a lot of money…

Bitcoin is the preferred method of payment as it is a untraceable secure method of receiving payment from you so they give you a better price of only $415. If you wish to use payment systems like PayPal My Cash Card, then the price increases to $1000 (this is because they lose a percentage through the middleman). The choice is very clear that they want the hefty discount to sway you into using bitcoin as payment.

Webroot will catch this specific variant in real time and heuristically before any encryption takes place. We’re always on the look out for more, but just in case of new zero day variants, remember that with encrypting ransomware the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into our product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero day variant of encrypting ransomware you can just restore your files back as we save a snapshot history for each of your files up to ten previous copies. Please see our community post on best practices for securing your environment against encrypting ransomware

The post TeslaCrypt – Encrypting ransomware that now grabs your games appeared first on Webroot Threat Blog.

Webroot is excited to be returning as sponsor and briefing presenter of the 2015 RSA Conference in San Francisco, California. From April 20th to the 24th, the Bay Area will host one of the largest security-focused conferences in the world, with thousands of industry players – from researchers to practitioners, network administrators to CEOs – the Moscone Center will be the heart of the security conversation. We invite you to join us as we showcase the latest in Webroot cloud-based security solutions.

Webroot will showcase a self-learning platform that is the most accurate threat intelligence network ever created to protect the Internet of Everything. Webroot® security thought leaders will also provide an in-depth look at big data analytics and predictive threat intelligence during several speaking engagements at the conference. To keep up to date socially with all Webroot happenings during the conference, be sure to follow and engage with #GetSmarter on Twitter and Instagram, as well as follow our main pages on Facebook and Linkedin.

Speaking Session: Smarter Intelligence: Real Time, Contextual, and Predictive

On Wednesday, April 22, at 12:50 p.m. in the North Hall Briefing Center, Webroot chief technology officer, Hal Lonas, will host a session on methods of harnessing the cloud to provide a better understanding of threats.

Speaking Session: Understanding Threats Using Big Data and Contextual Analytics

On Friday, April 24 at 10:10 a.m. in Moscone West, Room 3006, David Dufour, Webroot senior director of security architecture, will explain how to use big data analytics and deep data correlation to better identify malicious threats, and measures to prevent future occurrences.

Be sure to drop by booth 4114 in the North Hall of the Mascone Center to see all that Webroot is offering at RSA Conference 2015!

The post Webroot at RSA Conference 2015 appeared first on Webroot Threat Blog.

New Year, Similar Scams

In 2013,  I wrote an article talking about the popular Fake Microsoft Security Scams that were doing the rounds. As expected, these type of scams have continued to grow in popularity as a way for nefarious people to get money from users. Unfortunately, today these scams are more popular than ever. While the premise remains the same, some new versions of these blur the lines between what is a scam and what isn’t.

Recap:

It’s worth having a quick look back at what exactly one of those aforementioned scams entails. The classic Microsoft scam goes something like this: the user gets a pop-up in their browser that tells them that they are infected and says to call a number (toll free of course) to get said infection removed. Once the user calls this number they will be directed to a website that allows the scammers (*agents*) to connect to the PC.

Figure 1: Typical Scam Message

Depending on the version the webpage (see screenshot above), the scam may try to set itself as the homepage, which means that even if the user restarts their PC, they will continue to see this warning message. This can help back up these scammers’ claims that the PC is infected.

Once the scammers get connected they will show the user all the “infections” that are located in the Windows Event Logs. Windows Event logs are extremely useful to diagnose Windows issues. We would commonly use them to look for hard disk issues as any time Windows has an issue writing to a hard disk it will create a warning/error in the event logs.

After the scammers get connected, they will often install other programs that will show more errors messages. This will either be fake antivirus programs or trial versions of well-known programs that will show cookies that they will use as evidence of an infection.

In the example below, I have shown a snapshot of the warnings and errors from a test PC.

It’s worth mentioning that even on a brand new PC there will be warnings or alerts in the Windows event logs.

Figure 2: Windows Event Logs

Another version of this type of scam is the version that locks the browser and uses quite intimidating language (as seen in the case below). Apparently, this user has a potentially FATAL Virus! Thankfully, we are a bit away from computer malware being able to cross the organic barrier to kill users but it’s the type of message that can catch less technical users off-guard. In certain cases the alert pop-up will keep re-appearing this locking the browser session.

Figure 3: It’s not fatal

So what’s new for 2015?

The biggest change compared to when we discussed this topic in 2013 is that these scams have now spread to other platforms, with Mac versions of these scams becoming increasingly popular. And they follow the exact same process as the PC versions.

*Remember that Macs do get malware and it highly advised that you install an Anti-Virus product on your Mac.

Since these scams use a website, any device that has a browser can fall victim to this type of scam. They’re not OS dependent so if your internet enabled-toaster has a screen and a web browser it could get this type of alert! Joking aside, since it’s a browser-based scam, it’s advisable to have a backup browser installed just in case you have issues with your primary browser.

Figure 4: The Mac version

The Mac versions of this scam are pretty much identical to their PC counterparts. The only difference is that they won’t use the Windows Event Log viewer as it doesn’t exist on the Mac platform but they will use other tricks to try to fool users. In theory you could have a version that targets the Linux platform (since it’s browser based) but that platform (generally speaking) is used by more technical users and thus isn’t the target platform for these scammers.

The “Legitimate” Scam:

The most disappointing of the new trends in Fake Security Scams, is the emergence of the “Legitimate” version.  What do we mean by this?That well-known and respected multinational companies are using malware as a reason to charge users a fee to fix a device or service. Talk to anybody who works in IT and probably the most common reason why users suspect hardware isn’t working is due to a virus. It’s rarely (if ever) actually due to a virus, although there are of course exceptions to this.

Remember the majority of malware these days is designed with the end goal of financial benefit to the person/group pushing the malware.

There is no real advantage for a scammer to stop your printer from working. The days of malware being made just to cause annoyance is long gone (although occasional cases still exist).

So now let’s take a look at some of the common “legitimate” Scam types:

Your PC is part of a Botnet (an ISP favourite)

The botnet is a scam that has grown in popularity. An ISP (Internet Service Provider) will claim that a user is part of a botnet (Zeus being a favourite) and that for a flat fee they can clean out this botnet. Since the call has come from a legitimate source, the user will let their guard down and let the ISP “help” them out.

I have been connected to a number of these cases where the user has a PC that is supposedly part of a botnet. After running through the system with a fine tooth-comb and capturing network events, I was unable to find any evidence of botnet traffic. In these cases I advise the customer to contact the ISP and ask for the evidence used to determine the initial diagnosis. I have yet to hear back from any of these cases with some hard evidence of botnet traffic.

Printer (or other device) is not working because of a virus

This is by far and away the most popular type of “legitimate” scam that we encounter. A user is unable to get their printer working and they contact the hardware manufacturer. After going through a number of basic tests. it is determined that a virus is causing the issue and that they can remove the malware and setup the printer for a flat fee (notice the trend?).

I am picking on printers but it can be for any type of connected hardware. I have been connected to customers’ PC and have installed the printer for them after doing a full check for malware on the PC. In every case, it was just a matter of running through the steps and verifying that the device is installed.

What to do in the cases above:

If you suspect that you have a virus that is causing a system issue, DO NOT give any credit card information to a 3^rd party. Tell them you will contact them back, get the phone number directly from there Website (not the one they may give you over the phone). Contact Webroot and we can determine if there is a malware issue.

Pretending to be from an ISP or an official company is a popular technique used by these scammers.

How to protect yourself from these scams:

The tips that I discussed in 2013 are still valid. The first step is simply being aware that these scams exist!

• Microsoft will never call you telling you that your PC is infected
• Never allow strangers to connect to your PC
• Do not give any credit card info to somebody claiming to be from Microsoft
• If in doubt, shut down your PC and callWebroot

Tips to best protect yourself:

• Use Webroot Secure Anywhere
• Keep Windows updates turned on and set them to automatically update
• Use a modern secure browser like Firefox or Chrome
• Update any 3^rd party plugins (Java/Adobe Reader/Flash player)
• Use an ad-blocker add-on in Firefox/Chrome

Looking Forward:

I would like to think in two years’ time I won’t be writing another one of these but it’s a popular method to get money so I don’t see it vanishing any time soon. With Windows 10 fast approaching and with it being used on multiple platforms we may see these types of scams on all sorts of devices (perhaps even the Xbox one!). We have already seen CryptoLocker style apps on the Android platform and due to the popularity it’s only a matter of time before we start seeing mobile versions.

My advice would be to let people that aren’t technical know about these types of scams. The advanced user isn’t the target group for these scams so if you have less tech-saavy friends or family, let them know.

Remember that as a Webroot customer, we can check your PC for malware free of charge. Please contact us if you have any questions or issues. Click on the “Get customer Support” button or you can contact us over the phone.

Links:

http://www.microsoft.com/security/online-privacy/msname.aspx

https://support.apple.com/en-us/HT202225

www.webroot.com

www.webroot.com/us/en/support/

www.webroot.com/blog/2013/04/30/fake-microsoft-security-scam/

The post Fake Security Scams – 2015 Edition appeared first on Webroot Threat Blog.

Last week marked one of the largest security conferences in the world, and with RSA 2015 now to a close, it is time to look back at what we shared, learned, and shown to the over 30,000 attendees of the San Francisco conference.

Released: Webroot’s 2015 Threat Brief

This report contains insights, analysis, and information on how collective threat intelligence can protect organizations from sophisticated attacks.

• Press Release: http://bit.ly/1EfgHvc
• Download Your Copy: http://bit.ly/1A7cHsz

Shared: Webroot Threat Brief Infographic

Behind the 2015 Threat Brief are some amazing statistics that we thought readers would love to see as an infographic. Produced to help deliverthe state of internet security beyond the readers of the report, the infographic serves as a perfect vessel to share with friends the importance on online security.

• Check It Out Here: http://bit.ly/1Jvv6aX

Our Booth: Bigger and Better Than Ever

“It’s been an amazing week at RSA Conference. With many lessons learned by corporations, the security industry has responded quickly and made great strides this week to battle against the onslaught of cyber threats. Conference attendees responded overwhelmingly positively to our collective threat intelligence, smarter cybersecurity approach, speaking sessions and demos. In fact, our booth traffic has been higher this year than ever before, and we’re definitely looking forward to continuing these conversations at RSA Conference 2016.”
– Dick Williams, CEO, Webroot

Interested in seeing more? We have a full gallery below of our time at RSA Conference 2015, highlighting the Webroot team hard at work showing off the power of Collective Threat Intelligence from Webroot.

The post A Recap of RSA 2015 appeared first on Webroot Threat Blog.

Yesterday, Google announced the release of their newest Chrome extension, Password Alert. The new free tool is designed to warn users of the popular browser when they are entering their Google passwords on non-Google websites, helping to protect their Google accounts from phishing attacks. The application also prevents users from using the same password for their Google account on other sites. While this secondary feature may seem overzealous, it is a necessity if one of these accounts are breached, then a hacker would have a higher chance of accessing the victim’s Google account with the same credentials.

As our Threat Brief revealed, Google is by far the number one target of phishing attacks. Developing a Chrome extension that protects users accessing their Google accounts will certainly help defend against the onslaught of phishing attacks targeting Google. It would be great to see this same technology extended to other browsers and also to protect other major targets of phishing. The Threat Brief includes the top targets for phishing, and while each company uses a different login technique, there is something to be learned from what Google has done with respect to protecting customers as they access their accounts.

This is a good time to remind everyone of very simple and effective strategies to keeping online accounts secure. To start, make sure your primary email password is different from all other passwords. As I mentioned, there is a domino effect if you can break into this account. We all hate remembering different passwords, but this one is a must for proper online security. Secondly, hard to break passwords are very easy to create, and the key is length. My tip is to think of a phrase that is unique to you. For example, I love cheese and skiing -> !Lovech33s3andsk!!ng*. A password like this is very easy to remember and very difficult to crack.

Technology like this is not the end all to password security, but adding this to your tools for everyday use will only help to enhance your protection online.

Download the Password Alert for Chrome here: https://chrome.google.com/webstore/detail/password-alert/noondiphcddnnabmjcihcjfbhfklnnep

The post Google’s new Chrome extension is worth downloading appeared first on Webroot Threat Blog.

We’ve encountered yet another encrypting ransomware variant and at this point it’s expected since the scam has exploaded in popularity since it’s inception in late 2013. This one has a GUI that is almost identical to TeslaCrypt.

While this may look identical to TeslaCrypt it does have some improvements like deleting the VSS to make sure you aren’t saved by your shadow volume. Take a look at the below strings from an unpacked memory dump.

We can very clearly see that it opens up a command prompt and runs the command “vssadmin.exe delete shadows /all /Quiet” This will ensure that all shadow copies are deleted and the /Quiet will make sure that the command does not display messages to the user while its running.

Payment is similar to recent variants – bitcoin through layered tor browsing. Not using a money mule like ukash or moneypak allows the authors to maximize thier earning power and anonymity. They can just take the full ransom amount and put through a bitcoin mixer that will use sophisticated algorithms to scramble it through millions of addresses and completely “clean” the money.

A more convenient feature this variant of encrypting ransomware has is that you are not immediately forced to use install the tor browser and will instead try and use URLs that use public gates to the secret server through your current installed browser. However, these don’t always work so the backup option is to install Tor like we’ve seen previously. See the entire ransom notice below.

The volatitlity of this variant is quite high since it creates new instances of common windows processes to do the encryption routine to try and be as covert as possible and is extremely similar to how Cryptowall 3.0 opertates. Below is the final bit of unpacking, where it sets the child process context and resumes the thread.

MD5 analysed: 1C71D29BEDE55F34C9B17E24BD6A2A31
Aditional MD5 seen: 6B19E4AE0FA5B90C7F0620219131A12D

Webroot will catch this specific variant in real time and heuristically before any encryption takes place. We’re always on the look out for more, but just in case of new zero day variants, remember that with encrypting ransomware the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into our product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero day variant of encrypting ransomware you can just restore your files back as we save a snapshot history for each of your files up to ten previous copies. Please see our community post on best practices for securing your environment against encrypting ransomware.

The post AlphaCrypt appeared first on Webroot Threat Blog.

Yesterday in the news we saw a huge spike in the interest of the Rombertik malware. Rombertik infiltrates the computer through email phishing attacks that drop as a .scr screen saver executable that contains the malware that will inject code into your browsers to spy on you and threaten your MBR or Encrypt documents if it detects that it’s being analyzed or sandboxed. We’ve been catching these variants since January 13th, but only now has it become so popular with the media coverage.

The initial drop is a zipped attachment and once unzipped it’s a .scr screensaver executable file. The first stage of the malware is checks to make sure it’s not being debugged or sandboxed where if it fails these checks will attempt to overwrite your MBR (Master Boot Record).

Here we can see the code “\\\\.\\PhysicalDrive0″ in the first image where it is attempting to obtain the handle to the MBR. If it can get access to the MBR then it will perform the second image where it writes 200 hex bytes to the MBR with buffer to display the below message after the BIOS when starting your computer – forcing a bootloop until the operating system is reinstalled.

However, you will need to give this administrator rights in order for the MBR or encrpyting routine to complete. So unless you’re an XP user, you’ll see that familar user account control pop up asking if you wish to give “yfoye.exe” permission. I don’t know how many users are blindly giving permission to random executables that are originally expected to be documents from attachments (many group policies in businesses are also set to not give admin rights to email attachments), but I would suspect that the scare hype of this malware is limited to XP users.

After all the checks for sandboxing and debugging are cleared the malware will then perform it’s normal operation of hooking into your browser. Below in the first image is Rombertik searching for handles to the Firefox process (it does this with other browsers like Chrome as well).

Then the second images shows it will connect to home and ensure that it can securely transmit the data it intercepts. Below, the malware injects a thread into the browser process to intercept and monitor network traffic API calls

For Rombertik specifically it drops through email phishing and Webroot has multiple layers of protection. First is going to be through the zip – we actually detect this exact drop as a zip once it writes to disk. If that doesn’t trigger, then next layer is once it’s extracted and will be blocked in real time right as the .scr executable inside the zip it’s written to disk. If that fails, then next layer of protection is through heuristics if an action by the file is picked up. Since after the sandbox checks it launches a second copy of itself and overwrites the second copy with remaining thread process it’s very suspicious and a common tactic used by encrypting ransomware as well so our heuristics look out for actions like this.

MD5 Analyzed:

F504EF6E9A269E354DE802872DC5E209 (W32.Rombertik.Gen)

Aditional MD5s:

9FA5CE4CD6323C40247E78B80955218A (W32.Rombertik.Gen)

21A728FCD1A45642490EE0DAF17ED73A (W32.Rombertik.Gen)

FAADD08912BADEF2AB855D0C488B9193 (W32.Rombertik.Gen)

AC94549FAF48D11778265F08535A55B7 (W32.Rombertik.Gen)

D95495728DB1D257C78BCC19B43E94FF (W32.Rombertik.Gen)

3733DD9DF99C08953216B3DA5A885EFD (W32.Rombertik.Gen)

B5AFBB36D9E3EC3BC4A9445627C23E4F (W32.Rombertik.Gen)

38F5191DE5B8C266746006E9766B2F9D (W32.Rombertik.Gen)

The post Rombertik appeared first on Webroot Threat Blog.

In 2013 we shared a series of blog posts about several WhatsApp scams making the rounds redirecting people to pharmaceutical sites and malware.

In recent weeks we have seen that these scams have made a comeback and are evading modern spam filters.

Sample Spam Email:

Using the email above as an example, by pressing the ‘Play’ button on a Desktop or Mobile browser the user is taken to a site masquerading as an article from the BBC titled:

SPECIAL REPORT: We expose how to lose 23 lbs of Belly Fat in 1 Month With This Diet Cleanse That Celebrities Use

Instead of taking the user directly to the scam site, they try to dupe the would-be victim into thinking that the deal is legitimate by impersonating the above article. All other links lead to the real BBC site, however attempting to leave the page will also launch a pop-up window to the fake shop which can be confused for a legitimate advertisement.

Pop-up window loads when leaving the site:

If the user chooses to learn more about the ‘celebrity cleanse’ they are then taken to a site where they are prompted to enter personal information including personal email, postal address, and phone number.

Sample screenshot of the landing scam page:

Remember, always buy from a legitimate, trusted site. If something seems too good to be true, it usually is.

The post WhatsApp Spam Emails Making a Comeback appeared first on Webroot Threat Blog.

Breaches big and small have been in the news, from small organizations losing banking files to global groups like Sony losing seemingly everything to hackers. But with the recent Office of Personnel Management (OPM) hack that was revealed recently, with anywhere between 18 and 32 billion individual records stolen by digital infiltrators, we have not seen a breach to this scale.

The scary, and somewhat disappointing aspect, is that the breach was probably inevitable.

Encryption Not Present

While OPM Director Katherine Archuleta had noted the need for an upgrade in the technology and implementation of encryption on all the data 18 months prior, the need was dismissed due to the age of the networks. During testimony today with the House Oversight and Government Reform Committee, she said “It is not feasible to implement on networks that are too old.”

Contractors Credentials

On the other side, would encryption had helped as the breach all started with compromised contractors credentials? Dr. Andy Ozment, assistant secretary, Office of Cybersecurity and Communications stated during the same hearing that encryption would “not have helped in this case” as the attackers would have had the data encrypted once they accessed the machine.

Previously Breached

In July of 2014, the OPM had a breach of its networks, apparently with the breach being traced back to China. OPM downplayed the breach stating that no personal data was stolen but provided credit monitoring to employees. Following this breach, the Office of the Inspector General completed an audit of the whole department, finding significant failures in the security layers. The full investigation also found that there was no inventory of the endpoints, devices, databases, and investigators were not able to see if OPM was scanning for breach and vulnerabilities.

Two-Factor Authentication

During the same audit “We believe that the volume and sensitivity of OPM systems that are operating without an active Authorization represents a material weakness in the internal control structure of the agency’s IT security program,” the report concluded. In a day and age when two-factor has become a standard recommendation from the local IT friend to even the CIO of the US Department of Energy (http://energy.gov/cio/two-factor-authentication), this is one of the biggest failures within the OPM’s security layer. Lacking a physical CAC card or even phone authentication for login into the local machines and thus into the network could have saved the data from falling into the wrong hands.

These are just four of the issues leading up to this breach, areas often and exhaustively preached by security companies and professionals worldwide as the biggest and most vulnerable areas of attack. Beyond this, the audit itself not only highlighted the areas in need of immense improvement and increased security, but essentially laid the groundwork for the hackers, exposing all the weaknesses that have since been exploited, resulting in this breach.

For the full Inspector General report cited above from 2014, please click here: https://www.opm.gov/our-inspector-general/reports/2014/federal-information-security-management-act-audit-fy-2014-4a-ci-00-14-016.pdf

The post The OPM data breach was probably inevitable appeared first on Webroot Threat Blog.

Webroot would like to wish our fellow gamers a happy Video Game Day! To celebrate this epic game playing day, we want to help keep you safe and highlight the top motivation for PC gaming attacks.

Gamers are being targeted more and more by malware, trojans, and keyloggers, especially those that participate in pay-to-play games and MMORPGs (Massively Multiplayer Online Role-Playing Game). Your accounts, personal identity, banking information and even credit card numbers can be stolen if you are playing without a cyber-security solution. The PC gaming market is increasing rapidly and is expected to reach $30.9 Billion in 2016, and with that, the targets are getting bigger and more lucrative.

Top Motivations for PC Gaming Attacks:

1. Financial Gain: To obtain records of your secure data
2. Digital Assets: Take control of your account to sell or trade
3. Social Hacking: Damage to user reputation and identity theft
4. Free Gaming: Access to your user account for free gameplay

So the motivation is there, but some people might insist that the threats do not exist. But already this year, we have seen a large variety of attacks targeting gamers through a variety of methods. Some are simple, others more advanced, but the threats against gamers and their accounts do exist.

Top Threats in 2015:

1. Spear Phishing: Targeted attacks via email and game chat to steal login information
2. Keylogging: Captures keystroke information and sends it to the attacker
3. Chat Attack: Hacking attempts where the attacker embeds the attack via chat systems on Skype, TeamSpeak, Steam, League of Legends, etc.
4. Ransomware: Malware that restricts access to a system until the ransom is paid
5. Trojans: The attacker sends the system instructions to install malicious software or remote execution of system commands and other data intrusion

Some gamers defend the idea of installing no antivirus security one their machines, citing claims of slowed performance and interruptions. While traditional security solutions often have gamer modes, they still impact security, and others will turn off security layers during game play, rendering machines less secure.

Top Reasons Why Gamers Don’t Use a Security Program:

1. They rely on free diagnostic and clean-up tools
2. There are too many alerts and interruptions during gameplay
3. It slows down their gameplay
4. They aren’t concerned about infections
5. It requires switching to a gamer mode

But new technologies do exist that are designed to keep gamers safe while playing online, even in this ever increasing threat world. Webroot SecureAnywhere for Gamers will not scan or update during your game and does not require a gamer mode.

Using real-time protection without sacrificing performance be using the cloud, Webroot SecureAnywhere ® Antivirus for PC Gamers reduces maintains a small  footprint the PC increasing drive space, decreasing hard drive read/writes, and improving overall performance. No longer do gamers need to make the sacrifice of turning off security software to increase their speeds. One of a gamer’s worst nightmares is being milliseconds away from a kill shot or reaching a checkpoint when their screen minimizes for a Windows Update or a system scan from their antivirus solution. That’s why Webroot’s gamer security will not alert you or minimize your screen during gameplay. We understand the importance of lightning fast internet connections and zero slowdowns during gameplay.

To learn more about Webroot SecureAnywhere ® Antivirus for PC Gamers, click here.

The post Happy Video Game Day 2015 appeared first on Webroot Threat Blog.

Malware has come a long way in 30 years. Back in the 70s, the idea of malicious software was an interesting thought experiment. What if computer programs could take control of a computer? What if they could create gigantic data-harvesting networks of thousands… or even millions of computers? What if someone could control that network and use it for illegal activities?

Today, the early days of malware seem like a simpler, more innocent time—a time before botnets, worms, and ransomware. It was a time when you could browse any old website with impunity, and you didn’t see every night on the news that another major retailer had a few million credit cards stolen (including yours). Let’s take a quick look back at the last 30 years, and see how we got to where we are today: the age of malware.

The Good Old Days

Let’s set the stage: It’s 1986. Madonna is everywhere. The word “virus” being applied to computer programs was uttered only in the dark corners of the tech companies of the day. New microchips are making home computers more affordable (but not too affordable). And in Pakistan, a 19-year-old boy and his brother release one of the earliest boot sector viruses.

The program, called Brain, is considered to be the first IBM compatible virus and was responsible for one of the first “real” virus epidemics. Spread via floppy disks, the virus replaced the boot sector of the disk with a copy of the virus. And what was the outcome of this epidemic? Well, not much besides a little bit of lost memory and some annoying messages. It turns out the authors had intended the program to protect their medical software from piracy (the virus displayed a message with their phone number and copyright information) and had no intention of spreading it across the entire world.

But, what started as harmless thought experiments and programmer hijinks quickly morphed into something much more serious.

Escalation

Fast forward to the early 90s. It’s time for viruses to go mainstream. Somewhere along the line in 1992, the news media got ahold of a story about a computer virus named Michelangelo that, supposedly, was going to pretty much blow up the entire business world on March 6th, the birthday of the Renaissance artist.

The story went like this: an unknown number of computers in the world were infected with the virus, which few people realized because the virus was dormant for 364 days of the year. On March 6th, the virus would spring to life, and any infected computers booted on that day were kaput. Since no one knew how many computers were infected, or where those computers were, there was wild speculation in media sources about how much damage it would cause, with some would-be experts citing millions and millions of computers.

What happened on March 6th, 1992? Not much, really. Somewhere between 10 and 20 thousand computers reported data loss, and the media realized, once again, that computers and viruses are boring. All the while, malware writers are getting more and more sophisticated, and they’re getting closer and closer to real breakthroughs that are going to shape the cybercrime industry we know in 2015.

Things Start Looking Scary

In the early 2000s, we start to see the dramatic escalation and explosive growth of malware. In short, it was the beginning of the modern malware era. Although they had been around for a while, autonomous malicious programs called worms were just starting to make a big impact via personal email, reaching thousands or millions of home users.

Cybercriminals had gotten more and more savvy at utilizing exploits on a massive scale, instigating drive-by downloads, buffer overflows, and all manner of mayhem. As the number of threat vectors, malware varieties, and popularization of web-based exploits increased, so too did the number of infections, and cybercriminals started using massive networks of infected computers in concert called botnets.

Cybercriminals use these to create gigantic spam bots or display advertisement revenue machines. Or, they use these to initiate denial of service attacks—when they tell their millions of zombie computers to repeatedly ping or query servers or websites, crashing them in the process.

Today

Malware growth since the early 2000s has been explosive, and exponential. Today, cybercrime is its own industry, with pay-2-hack services, pre-made, easy-to-use kits for consumers, and completely automated malware design (viruses making viruses?!!).

Cybercriminals are getting professional. For example, encrypting ransomware, a popular form of malware that locks personal or sensitive files and demands a payment to unlock them, has been making money for cybercriminals for years. But, recently, cybercriminals released variants that have very specific targets, like infecting PC gamers with ransomware that encrypts save files and crucial game files. That’s some highly targeted marketing.

It’s kind of wild to think that in the course of 30 years—less than half of the average human lifespan—that malware has evolved from silly jokes that programmers played on one another into a worldwide, thriving, multi-billion dollar industry with the equivalent of CEOs, managers, and frontline employees.

Malware isn’t the only thing that’s invading this summer. Webroot has teamed up with Pixels to feature a totally different kind of invasion. Find out what’s going on and fight back against all your favorite 8-bit arcade nemeses (and a few heroes) that are invading the cities of the world in Pixels!

How are you going to protect yourself from the invaders?

Get Protected!

The post A Brief History of Malware appeared first on Webroot Threat Blog.