Tag Archive for ESET

| February 23, 2017
Comments Off on What to Think About Before You Click

What to Think About Before You Click

What to Think About Before You ClickReaders of the Bach Seat know that the Internet can be a risky place. The typical advice to stay safe on the Intertubes is to think before you click. But why should you care and what should you think about before you click on a link in your email or on Facebook?  Email is the leading source of attacks at home and at work.

Kaspersky reports that over 2/3 of emails sent in 2014 were SPAM. Merely clicking on a SPAM link can lead to password and data theft, and even “drive-by” malware downloads. In order to stay safe at work and at home ESet wants you to ask yourself these questions before you click on any link:

1. Do you trust the person sending or posting the link?Do you trust the person sending or posting the link? People have gotten better at distinguishing good emails and links from bad. Nonetheless, you still need to be alert, so the first question to ask yourself is:

  • Do I trust the person sending or sharing this link? If you don’t recognize the name, the email account, or the content, delete it.

2. Do you trust the platform? Here’s what we mean by “platform”: A link shared on your company’s private Intranet is likely to be safe. But anybody can send you an email — so be skeptical.

many social media accounts are fake and pose a riskPay special attention to Twitter (TWTR) and Facebook (FB), as both social media sites have been hit by copious amounts of spam. Online security experts have found that many social media accounts are fake and pose a risk to anyone they come in contact with.

  • Researchers say that an average of 40% of Facebook and 20% of Twitter accounts claiming to represent a Fortune 100 brand are fake. 99% of malicious URLs posted on social media channels led to malware or phishing attacks.

3. Does this link coincide with a major world event? Cybercriminals seize any opportunity to get someone to click a link. They commonly use news events like natural disasters, Olympics, and World Cups to lure victims to identity theft or malware sites.

Do you trust the destination4. Do you trust the destination? Look at the link that has been shared. Does it go to a website you recognize? If you don’t trust or don’t know, the destination, don’t click the link.

5. Is it a shortened link? The rise of social media, especially Twitter, has prompted people to shorten links for convenience. Bad guys can easily shorten scam links, making them harder to spot.

  • With shortened links, the advice is clear; ask yourself the above four questions and if you’re unsure still, use LongURL and CheckShortURL, to restore the shortened link to its original length.

rb-

Even if you follow this advice, you still need to be alert. If for whatever reason, you’re unsure, you could pick up a phone and call them (Did you remember that you can talk to people on phones?) to verify that they did indeed send that information and maybe talk about something else too.

 

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| August 16, 2012
One comment

25 Most-Used Passwords Revealed

25 Most-Used Passwords RevealedRachel King at ZDNet’s Zero Day writes that the recent data breaches at LinkedIn, Last.fm, and eHarmony has put passwords back in the spotlight. Unfortunately, many people still rely on “password” to secure their digital identity. Antivirus software provider ESET noted some recent work by IT security consultant Mark Burnett who has compiled a list of the “top 500 worst (aka most common) passwords” based on a variety of methods he has detailed on his blog. The entire list is available here (ZIP).

25 Worst passwords

20122011
password
password
123456
123456
12345678
12345678
1234
qwerty
qwerty
abc123
12345
monkey
dragon
1234567
pussy
letmein
baseball
trustno1
football
dragon
letmein
baseball
monkey
111111
696969
iloveyou
abc123
master
mustang
sunshine
michael
ashley
shadow
bailey
master
passw0rd
jennifer
shadow
111111
123123
2000
654321
jordansuperman
supermanqazwsx
harleymichael
1234567football
2012 data from xato.net and 2011 data from SplashData.com

rb-
Why don't they listenApproximately 2/3’s of the worst passwords stayed the same between 2011 and 2012. Are your users’ passwords on this list? If so, it’s safe to say you should consider a password change policy to force them into using a stronger password.

I have written about passwords since at least 2010 – here, here, and here. When will they listen?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| April 12, 2012
2 comments

What is Malware?

MalwareMost users I talk to about malware seem to use the following terms interchangeably; malware, virus, trojan, keylogger, worm, backdoor, bot, rootkit, ransomware, adware, spyware, and dialer. Raymond.cc offers some standard definitions to clarify the conversations.

MalwareMalware is short for Malicious Software where all the terms above fall into this category because they are all malicious. The different term being used instead of just plain virus is to categorize what the malicious software is capable of doing.

Virus spreads on its own by smuggling its code into application software. The name is in analogy to its biological archetype. Not only does a computer virus spread many times and make the host software unusable, but also runs malicious routines.

Trojan horseTrojan horse/Trojan is a type of malware disguised as useful software. The aim is that the user executes the Trojan, which gives it full control of your PC and the possibility to use it for its own purposes. Most of the time, more malware will be installed in your system, such as backdoors or key loggers.

Worms are malicious software that aims at spreading as fast as possible once your PC has been infected. Unlike viruses, it is not other programs that are used to spread the worms, but storage devices such as USB sticks, communication media such as e-mail, or vulnerabilities in your OS. Their propagation slows down the performance of PCs and networks, or direct malicious routines will be implemented.

Key loggerKey loggers log any keyboard input without you even noticing, which enables pirates to get their hands on passwords or other important data such as online banking details.

Dialers are relics from a time when modems or ISDN were still used to go online. They dialed expensive premium-rates numbers and thus caused your telephone bill to reach astronomic amounts. Dialers have no effect on ADSL or cable connections, but they are making a comeback with mobile devices and QR codes (I covered Attaging here).

BotnetBackdoor / Bots is usually a piece of software implemented by the authors themselves that enable access to your PC or any kind of protected function of a computer program. Backdoors are often installed once Trojans have been executed, so whoever attacks your PC will gain direct access to your PC. The infected PC, also called “bot”, will become part of a botnet.

Exploits are used to systematically exploit vulnerabilities of a computer program. Whoever attacks your PC will gain control of your PC or at least parts of it.

Spyware is software that spies on you, i.e. collect different user data from your PC without you even noticing.

AdwareAdware is derived from “advertisement”. Besides the actual function of the software, the user will see advertisements. Adware itself is not dangerous, but tons of displayed adverts are considered a nuisance and thus are detected by good anti-malware solutions.

Rootkit mostly consists of several parts that will grant unauthorized access to your PC. Plus, processes and program parts will be hidden. They can be installed, for instance, through an exploit or a Trojan.

Rogues / Scareware are also know as “Rogue Anti-Spyware” or “Rogue Anti-Virus”, rogues pretend to be security software. Often, fake warnings are used to make you buy the security software, which the pirates profit from.

RansomwareRansomware “Ransom” is just what you think it is. Ransomware will encrypt personal user data or block your entire PC. Once you have paid the “ransom” through an anonymous service, your PC will be unblocked.

There are different categories of malware the author says that most of the malware today combines different kinds of malware to achieve a higher rate of infection and giving more control to the hacker. Most malware is invisible that runs silently without your knowledge to avoid detection except for ransomware and adware.

Using “virus” as a catch-all phrase to include all types of malware is no longer right. The correct word to use should be malware. However, don’t expect the big anti-virus companies to rebrand their products to Kaspersky Anti-Malware or Bitdefender Anti-Malware because doing that may risk losing their brand identity even if they do offer a complete anti-malware solution.

The blog says it doesn’t mean that you’re safe if you don’t see it so it is important to run an anti-virus software from reputable brands such as Kaspersky, ESET, Avast, Avira, AVG (at one time AVG was installing a Yahoo toolbar without notice) MSE together with a second opinion anti-malware such as HitmanPro, Malwarebytes Anti-Malware, and SUPERAntiSpyware. As for Emsisoft Anti-Malware, it comes with its own Anti-Malware engine and Ikarus Anti-Virus Engine.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,