Cryptolocker: Why Modern Computer Viruses Are More Dangerous Than Ever

crypt-messageToday’s computer viruses go beyond mere annoyance. How does holding your data for ransom sound? What about spying on you through your webcam, tracking your physical location, recording every keystroke you make? Welcome to the modern generation of computer threats, where infection means real-world consequences.

The latest virus making the rounds is Cryptolocker, a textbook example of all the truly nasty ways in which a modern computer virus can ruin your day. Cryptolocker encrypts your data with a one-way algorithm which mathematically cannot be reversed. If you don’t pay the ransom within the timeframe, the only key to your data is gone, kaput, goodbye.

You can’t restore your data by removing Cryptolocker, because removing the virus doesn’t decrypt the data. No tech support person in the world can decrypt it for you because it’s simply not possible without the key. Even police departments have paid the ransom, even as they recommend that consumers not do so.

Here are some resources on Cryptolocker so you can keep it from digging its sharp claws into your computer.

Cryptolocker started its initial spread via email attachments, which are fairly easy to avoid. But now it’s morphing into variants that can be transmitted via USB drive, and luring victims with fake software activation codes. Although it’s a Windows virus, like all viruses it can be transmitted via Macs and mobile devices. Following in the steps of other viruses, soon Cryptolocker will evolve into spreading via social media sites.

And this is just the start.

There are other viruses out there that can activate webcams – and yes, they can bypass the green light that tells you the webcam is on. They can listen through microphones. They can track your location via your mobile device. They can listen in on your conversations on social media.

Now, more than ever, it’s vital to protect yourself from computer viruses. Here are some Tech Tips resources to help:

Have you run into Cryptolocker or other similarly destructive viruses? Share in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

 

How To Avoid Keyloggers, Ransomware, And Rootkits

keyThe most advanced threats to your computer – keyloggers, ransomware, and rootkits – are also the most insidious. The best way to deal with them is to avoid them entirely.

Keyloggers come in hardware form, but are usually software viruses that secretly record everything you type. Ransomware holds your computer and its data hostage until you pay. Rootkits allow hackers to remote-control your computer, and are often used to introduce other types of malware.

Related article: Advanced Threats Target Your Computer (The Northwest Herald)

So why should you fear these threats?

  • They bypass your security.
  • They steal your money and your identity.
  • They force your computer to infect still more computers.
  • They turn your computer into a spam-generating cog in the hackers’ profit-driven machine.

In the tech industry we say you’re rooted or pwned (like owned with a p – “powned”). In other words, the hackers own you. They own your accounts, your passwords, your address, your finances… your life.

Related Tech Tips article: What To Do If You Get A Computer Virus

Fake Antivirus Software
In particular, watch out for fake software scams. I’ve spoken of these before. Fake antivirus software tricks you into installing it, then bypasses your protections and invites its malware friends in to play. It’s devilishly hard to get rid of, as anyone who’s been infected can tell you. Usually you’re looking at a reinstall. And the darn stuff actually makes you pay to be infected! Talk about a scam.

This is why you don’t want to do a web search for “Windows antivirus” and start clicking on random links – many of them are poisoned results that lead you straight to the lookalike fakes.

Related Tech Tips articles: Is Your Security Software Real Or Rogue?How To Spot Bad Web Links

Rootkits And Remote Admin
Concerning rootkits – those backdoor programs that allow hackers remote control of your computer – I’d like to point out that these are not the same as the built-in remote admin tools on your computer. A rootkit, by its nature, is designed to be stealthy. Remote admin programs are supposed to be used to maintain computers for legitimate purposes (say, if you are performing tech support on machines in a remote office). But it can also be exploited just like a rootkit if a hacker convinces you to turn it on. Check out this article on telephone tech support scams for an example.

Related articles: Tech Support Phone Scams Hit HomeHow To Kill Computer Keyloggers

Drive Imagers
Fortunately, you can make it easier to recover your computer if you do have to reinstall it – by imaging the drive while it’s still clean. This, combined with regular backups of your everyday data, will let you restore your computer quickly.

Windows Drive Imagers

Mac Drive Imagers

Have you encountered keyloggers, ransomware, or rootkits? Share in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

How To Remove A Virus From Your Mac

With the Flashback virus and its variants on the loose, there’s been a welcome focus on Mac security. But most of the instructions you’ll find for removing a virus are written for Windows. Here is how to remove a virus from a Mac.

First, you’ll want to read this article I wrote on What To Do If Your Computer Is Hacked, because much of the same advice applies here. Then…

Step 0: Install Mac Antivirus
The best protection is prevention, and antivirus software is as mandatory for Macs as it is for PCs. Apple’s built-in defenses are not enough. Here are my recommendations on Mac antivirus. My two favorites are Sophos and Intego. The freebies are fine but honestly, a solid security software suite is one of the best investments you can make for your computer.

Freebies:

Paid:

Step 1: Scan For Viruses
Use your antivirus program to scan your Mac for viruses. Be sure to include any external hard drives or other volumes. If you are sharing drives from other Macs, it’s much faster to scan on the local Mac than scanning across the network.

Remember, it’s not just Mac viruses you’re worried about. Macs can’t be infected by PC viruses, but they can and will transmit them, to the displeasure of your Windows friends. Please be a kind neighbor and make sure your own house is tidy.

Step 2: Do A Second Scan
It’s always a good idea to get a second opinion by scanning with a different program. Select an alternate from above, but don’t try to run both at the same time or they’ll step on each other’s toes.

Step 3: Remove Viruses
In What To Do If Your Computer Is Hacked I wrote:

Your computer could have been infiltrated by a virus, a worm, a Trojan horse, a keylogger, a rootkit, scareware, malware, adware… These are all different types of attacks with different purposes, meaning there are greater and lesser degrees of infection.

Same thing applies to your Mac. Some viruses are just junky adware and easily removed. Others are nefarious keyloggers that embed themselves deep down in your system where no one will find them. Of course you don’t want any viruses on your computer, but some are worse than others.

Use your antivirus tool(s) for removal. Macs tend to clean up quite a bit better than PCs after infection, so in my experience reinstall isn’t required nearly as often. But be careful if you do a Web search for removal tools for specific viruses. Thanks to poisoned search engine results, a search for “Flashback removal tool” returns links to the virus itself!

Step 4: Secure Your Mac
If you’ve gotten this far, in all likelihood the viruses are gone. However, there’s no way to guarantee that. As I wrote in the same article

There is no way to confirm if a computer is free of viruses. I don’t care what any virus removal tool says. You can be 99% confident, but not 100%. When in doubt, reformat. It’s a pain but better than having a computer that keeps reinfecting itself. Remember, a virus can regenerate if even the tiniest portion of itself is left behind.

Assuming you’d rather not go through all that again, go back to Step 0 and make sure your Mac has proper antivirus installed. Then move on to Step 5…

Step 5: Follow Good Security Rules
The best software in the world won’t protect you if a wily cybercriminal can trick you into clicking something you shouldn’t. All that good advice about Windows security applies just as much to you, so watch out for Facebook scams, phishing emails, phony login pages and all the rest of it. If the idea of that daunts you, don’t worry. Just follow Tech Tips via email, Web and Twitter, and I’ll keep you in the know.

Some related Tech Tips articles you might find useful:

Questions about Mac security? Ask in the comments!

What To Do If Your Computer Is Hacked

A hacked computer is an IT nightmare come to life. What would you do if your computer was hacked? What should you do?

Step 0: Is Your Computer Really Hacked?
This article describes what to do if your computer is hacked – infiltrated by a virus or overcome by scam software. But it might not be your computer that was hacked.

  • If people are getting weird emails from you, then your email is hacked. Here’s what to do if your email account is hijacked.
  • If you can’t get into a certain account (email, Facebook, Twitter) then either there’s something wrong with your password, or possibly that account has been hacked – see above.
  • If your computer is misbehaving, it may simply be having a temper tantrum. (They do. Trust me.) That’s not a hack attempt, it’s a tech support problem. Here are some suggestions.

Let’s assume it really is your computer that’s been hacked. Now what?

Step 1: How Badly Were You Hacked?
Define “hacked.” Your computer could have been infiltrated by a virus, a worm, a Trojan horse, a keylogger, a rootkit, scareware, malware, adware… These are all different types of attacks with different purposes, meaning there are greater and lesser degrees of infection.

When I see a computer that has a couple of pieces of adware on it, I don’t worry. I clean it up, make sure there’s decent antivirus installed and all the software is current, and call it a good day.

When I see a computer infected by a program that is monitoring every single keystroke, I back up the data, reformat the computer, and start from scratch. I don’t like keyloggers. I don’t like viruses that stealth around in the background. I don’t like unwanted programs that call home with MY data.

Step 2: Damage Control
Run scans, starting with your usual antivirus program. Windows users also want to run free Malwarebytes which can catch anything your antivirus misses. Mac users, give the free Sophos Mac Antivirus a try.

What you do in Step 4 will depend on what your scans find. In the meantime…

Step 3: Find Your Backups
I didn’t say make a backup. It’s too late for that; the backup will be infected. Don’t bother unless you have live data on the infected computer that you absolutely can’t afford to lose. (And if you’re in this unfortunate position, you’ll never fail to have a current backup again.)

Step 4: Removal
By now your scans from Step 2 are done and you have an idea what’s happening. From a UNinfected device, do a Web search on some of the viruses that have been identified. This will tell you where they rank on a scale from minor inconvenience to major calamity.

There is no way to confirm if a computer is free of viruses. I don’t care what any virus removal tool says. You can be 99% confident, but not 100%. When in doubt, reformat. It’s a pain but better than having a computer that keeps reinfecting itself. Remember, a virus can regenerate if even the tiniest portion of itself is left behind.

You can do a Web search if you need a removal tool for a particular virus – but remember, viruses often hide behind malicious links to fake removal tools for those same viruses. Sneaky, huh?

Step 5: Keep Watch
By now you should be relatively confident that your computer isn’t hacked anymore – but you have to keep watch to make sure.

Sometimes computers have problems after being infected, even if the viruses have been removed. Viruses can cause legitimate programs on your computer to crash – after all, it’s not like the virus-writers care if their software is compatible. Viruses often corrupt your system software, another reason why reformatting is often the best option.

If you didn’t reformat but your computer won’t behave, you may have to go through with the refomat after all. It’s the only way to get a clean copy of your operating system.

This same process applies to any hacked device, from servers to iPads: assess the threat, then either choose cleanup or start from scratch.

Ever had your computer hacked? What’s the one thing you wish you had known? Share in the comments!

 

Why The Flashback Virus Doesn’t Worry Me – But Every Other Mac Virus Does

By now you’ve heard of the Flashback virus, which has infiltrated hundreds of thousands of Macs worldwide. There’s a lot of talk about whether the Mac’s reputation for invulnerability is shot and what Flashback might mean for Apple’s business.

I have some news for you. Don’t worry about Flashback.

This happens every few years – a major virus outbreak combined with widespread media coverage. That’s why Flashback doesn’t worry me. It’s gotten enough coverage that there are ample removal tools and instructions on what to do if you’re infected:

It’s all the other Mac viruses out there that worry me.

I’ve been in Mac security a long time – over twenty years. And I see the furor rise now and then over one Mac virus or another. The truth is we need to be thinking about Mac security continuously and not just when one particular virus runs rampant.

Macs have never been invulnerable. They don’t suffer the same problems as Windows, but they definitely have their own issues. One, unfortunately, is user complacency. Most people don’t even run antivirus on their Macs. Look through my Tech Tips archives and see how many times I’ve begged folks to do that. It’s a blind spot in the Macintosh mentality, one that needs to change.

Apple tends to encourage rather than counter this complacency, probably because it works to their marketing advantage. Not that they ignore security, but it typically takes a back seat. In that respect Flashback is helping by bringing the problem to the foreground.

Mac users need to take matters into their own hands. Here are my best recommendations on Mac security:

(Like this? Subscribe to my Tech Tips email list to get my latest Mac security news and more – no spam, no jargon, just a little computer help from yours truly.)

How To Kill Computer Keyloggers

Computer infections go by many names: viruses, Trojan horses, malware. But there is a particular class of infections that is not only malicious but nearly invisible in nature.

Keyloggers are virus-like programs that capture everything you type on your computer. Because they sit between your applications and the software than drives your keyboard, they are difficult to detect and harder to remove. They are often invited by viruses that have already infected your computer. There are even hardware keyloggers that can be secretly installed between the keyboard cable and your computer.

Keyloggers are seen in conjunction with rootkits, software designed to capture control of your computer. Anti-rootkit tools can help keep keyloggers at bay. Although these tools are not yet part of standard security suites, in the future I anticipate we’ll see more commercial protections against keyloggers and rootkits.

In the meantime, how do you protect yourself? The usual recommendations apply: run a strong security program, avoid clicking on links, and make sure all of your software is up to date. It’s far easier to avoid keyloggers and rootkits than it is to remove them.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.