The University of Massachusetts Amherst
Categories
Operating System Security Virus/Malware

Free is Never Free: Protect Yourself and Ensure You Never Pay

The Virtual market place is one unlike any other in the world. Never before has there been such vast and widespread access to the goods and services found online. Before, answering questions meant buying books. Listening to music meant purchasing albums.  Contacting friends and family meant paying for paper and postage, or putting coins in a payphone. You get the point. Limitless abilities and possibilities are immediately accessible by anyone with an internet connection, and most of the time, its free. Or is it?

Currency 2.0

This vast access to free services on the internet is one many our age take for granted. But what is not immediately obvious is that free is rarely free; Information is the new currency. Companies big and small, righteous or malicious, will pay big bucks for user data. Has a free game or app ever asked for you to sign in using your FaceBook Account? When you agree to this, you are providing the company with information about your age, likes, friends, etc, so that they can serve targeted ads and track usage and spending habits.  What’s nice is that large companies, will ask for permission to trade this information for your use of their service. But what about when they don’t?

Malware, Spyware, PUP, Oh My: How Your Own Computer Can Be Used Against You.

Lets conduct an experiment. We are the typical internet user, and we are interested in streaming tonight’s Hockey Game. So we google it: Free live Hockey Stream. We click the first link we find!
scrot2
scrot1
We can stream totally for free if we just install what the huge LIVE HD STREAM button takes us to! Or not. Lets read the permission we are about to give software we’ve never used before:

  • Read and change all your data on the websites you visit.
  • Change your search settings to sports.searchalgo.com
  • Change your privacy related settings.
  • Stream your favorite team’s game for free!

What will this extension do? Redirect your searches through their own advert riddled search engine, create their own advertisements on the sites you try to visit, and finally, collect and sell your usage data, and for free at that.

Using Protection and Getting Checked: Mom Would Be Proud

So free isn’t always free, and not every where on the internet is friendly. How do we navigate this treacherous virtual world safely? Common sense, Careful reading, and Curated content.

Common Sense:

  • Never install something if you did not set out to install it.  For example, while trying to install a free music player to replace iTunes, I found this:
    scrot3
    “Add and Start Download” could seem right, but that is not the installer for the Audio Player. That is the installer for another malicious Chrome Extension
  • Do not provide personal information to an unknown source. A company will not ever contact you first. Microsoft will never tell you they’ve detected a virus, but malicious scammers will tell you that they are Microsoft, and make away with credit card numbers, email addresses, and more. Can you believe people would just go on the internet and lie?!

Careful Reading:

  • Always read the permissions given when installing, and disable unwanted or unneeded ones. Installing an application on any platform, phone or desktop, will request your permission when making a change to your system, when downloading an unknown software, or when collecting information about your friends, your location, or your personal data.  Many times, these functions can be disabled or these permissions denied.
  • Always be sure the installer is installing what you expect. Many times, an installer for a free program can be packaged with unwanted or malicious software.  Always read what you are agreeing to before clicking “Agree” ,”Next”, or “Finish” when installing.
  • Check out reviews and guides. On the internet you are never alone, and as creepy as that may sound, there is safety in numbers. “Is MacKeeper a virus?” or “Is (new website) safe?” are great searches to see if people have been able to use services successfully

Curated Content

  • Find trusted routes to free services.  There are many non-malicious free services and programs out there, and there are many places where people have done the work to ensure that they are safe. http://www.umass.edu/it/software has a list of programs that can be obtained for free or at a discount. Another powerful tool is https://ninite.com/. An all in one free to use installer for a wide variety of programs. Pick and choose what you need.
  • Use a content blocker, check your security settings, and use an anti-virus software. Be sure pop-ups are disabled, get an ad-blocker (but whitelist the sites you want to help fund like your favorite Youtube channel), and get Malwarebytes, or McAfee from the UMass IT software page above.
Categories
Operating System Security Virus/Malware Windows

How to get rid of Superfish

Superfish
Superfish

As you may be aware, it was recently revealed that many Lenovo computers shipped between October 2014 and December 2014 were pre-loaded with a piece of AdWare called “Superfish.” In addition to being annoying, Superfish introduces a serious security hole in the way your computer uses HTTPS on the internet. It’s gotten bad enough that the Department of Homeland Security had to advise people to remove the software. Lenovo has since gone on full damage-control, and is no longer shipping computers with Superfish pre-installed. The following is everything you need to know about this piece of AdWare.

What is Superfish?

Superfish is your typical piece of AdWare. It runs in the background on your computer and when you go to a webpage Superfish injects pop-up ads in to the page you’re looking at. It does this on all pages, regardless of whether they use HTTPS.

Why is it bad?

First of all, no one likes ads. If you happen to be someone who does enjoy pop-up ads you may want to remove Superfish anyway, and here’s why: in order to make sure that it can show you ads even on encrypted secure webpages, Superfish has to break your computer’s encryption. It does this by installing its own “root certificate.” The way that HTTPS works is that each website needs a certificate to verify its identity. If you’re interested, Wikipedia explains the details behind HTTPS and certificates fairly well. These certificates must be signed by a trusted authority such as VeriSign or InCommon. Because Superfish installs its own certificate on your computer it can pretend to be one of these trusted authorities and thus it can pretend to be any website it wants. This is what is called a “man-in-the-middle attack.”
In addition to being annoying and malicious, this was also poorly done. Superfish installed all of its root certificates using the same password, which this man figured out in 3 hours. That means that if your computer has Superfish installed, you could be vulnerable to a phishing attack or anything similar since anyone can take Superfish’s certificate and pretend to be a website they aren’t.

How do I fix this?

First of all, let’s find out whether you have Superfish or not. A nice, white-hat citizen of the internet built this website to help you figure it out. If you do have Superfish installed, Lenovo was nice enough to put out a handy uninstall guide, along with a nice automatic tool. The steps are written for Windows 8, but they should be similar if you are on Windows 7. Here’s the synopsis:

1. First, open up Control Panel and go to “Uninstall a program.” Then find Superfish in the list, select it and hit “Uninstall”
2. Go to Window’s search function and look for “Manage Computer Certificates.” Go into Trusted Root Certification Authorities, and delete the Superfish cert.
3. Finally, Firefox and Thunderbird also need to have the certificate removed manually. See the Lenovo article for instructions on how to do this.

You’re done! Remember to keep all your software up to date, and always feel free to come to UMass IT for help with security or anything else you might need.

Categories
Virus/Malware

Savings Bull, the malware that keeps trying to save you money, but just goes a little too far!

Pop-ups, advertisements, new home screens,  and more come  for free when you obtain a browser targeted virus.  If you are experiencing any of these, or any other issues that are browser related, this article is for you!  There are multiple viruses that will make changes to your browser’s settings for advertising purposes so that every time you want to surf the web, you have to surf through numerous popups and ads.  These are a little different from your normal computer maleware or adware because after infecting your computer, they make permanent changes to your browser, that need to be manually changed back.  They can find their way in and make their home in your browser’s Add-ons or Plugins/Extensions.  This means that when you run your normal virus scans, they might be overlooked.  To remove these, you must do it manually.  An example of this type of virus is Savings Bull…

Categories
Android Apps iOS Operating System Security Virus/Malware

Mobile Malware

Modern smartphones are becoming more and more like portable computers, which has advantages and disadvantages. The advantage is obvious; having the functionality of a computer at your fingertips. The disadvantage is less obvious; there are some security compromises involved.

Categories
Operating System Security Virus/Malware Windows

Help! I think I have a Virus (Windows)

First it’s important to verify that your computer is infected. The general sign for malicious software is that your computer stopped working as expected. The obvious problem with this is that there are a whole lot of reasons your computer can stop working correctly that are not caused by viruses. For example software updates can often cause unexpected side effects, hardware can stop working, and users can change settings without truly understanding the effect of the change they made. The most general way to determine that you actually have malware is to ask yourself could somebody be making money off of what is happening to my computer. The fact is that almost every piece of malicious software in existence was created with the intent of making money. That being said here are some common signs that your computer may be infected:

Categories
Security Virus/Malware

Avoid Adware to Keep Browsers Running Like New

As a Help Center Consultant, I have seen countless computers come into our office with persistent advertisements, unintentional redirects, and other annoyances within web browsers. In addition to being an annoyance, the software that is generating these ads can also be harmful to your computer, and is often prohibitive when attempting to access websites. These symptoms are caused by software known as “adware”.

This is a browser infected with adware, notice the toolbars and homepage ads.
This is a browser infected with adware, notice the toolbars and homepage ads.
Categories
Security Virus/Malware

Cyber Security Awareness: What is Malware?

What is Malware?

Malware is any type of malicious software that can infect your computer and slow performance, monitor usage, steal sensitive information, or gain access to privileged areas on your computer.  These can be harmful to your computer and your files. This post will discuss the different types of malware, how to tell if your computer is infected, prevention, and removal. For more detailed information about computer security resources, check out the IT Help Services Security Center online or stop into the IT Help Center for a free Security Check-up.

Categories
Android Apps Operating System Security Software Virus/Malware

Mobile Malware: In the Wild

Introduction:

According to a recent study conducted by the networking company Juniper, mobile malware is on the rise, and malware found in the wild is targeted almost exclusively toward Android devices.

“Theoretical exploits for [Apple] iOS have been demonstrated, as well as methods for sneaking malicious applications onto the [Apple] iOS App Store,” the report says, but criminals have tended to favor Android as their target, because there is less oversight on the process of releasing applications into the wild” [1].

Running older versions of Android with a lack of consistent update support can significantly increase the risk of a device becoming infected. Users are encouraged to update to a newer version of Android if possible (through each device’s update utility).

Categories
Adobe Microsoft Operating System Security Software Virus/Malware Web Windows

The 5 Most Important Things to Take Away From OIT’s NSO Presentation

Categories
Hotfix Security Virus/Malware

McAfee AntiVirus 8.7i Patch 4, Hotfix

Some potential issues have been identified with the current patched version of McAfee, which, among other things, can cause problems with sending mail via Thunderbird.

Here’s the Hotfix (Link at bottom)

Some discussion (McAfee Forum)

Categories
Security Virus/Malware

Operation “Aurora”: Zero Day Exploit

Users of Microsoft Internet Explorer should be aware of a new zero-day exploit dubbed “Operation ‘Aurora'”. This exploit, which has been demonstrated effective in Internet Explorer 6, 7, and 8, allows a remote attacker to gain full control over a target computer.

Users who fall victim to this attack are usually the targets of “spear phishing” (a phishing attacked directed to a specific person or group of people.) They receive a link from someone (e.g. over IM, e-mail) and are directed to a website with specially crafted Javascript code. At this point, if the person being attacked is using Internet Explorer, the code causes a moment of confusion that allows the attacker to inject arbitrary code into the target system. In the worst case, this allows the attacker to take full control over the exploited computer. The entire process can be viewed below thanks to the crew at the security blog Praetorian Prefect. They have a great explanation of the exploit here and a video here.

OIT Software Support recommends that users of Internet Explorer switch to another web browser for the time being. A list of supported browsers can be found here on our website. Follow the link for your operating system.

As always, make sure to update your operating system often. Directions for that process can be found here.

Categories
Operating System Security Software Virus/Malware

Virus Prevention

As a general rule of thumb, there are some things that are good to do to keep your computer running its best.

  1. Keep everything up to date!
  2. Don’t click links you’re unsure about.
  3. Don’t visit questionable websites.
  4. Run an anti-virus program.
  5. Scan with an anti-virus program and an anti-spyware program at least once a month.

Keeping programs up to date is one of the easiest ways to prevent a Virus or Spyware infection. Windows XP, Vista, and Mac OS X will all prompt you to install updates if you have it configured to do so. It is configured as such by default.

As for updating all the other programs installed, we use a program called Secunia PSI. It scans your computer for all the programs installed that it has in its database. It then checks it against the current versions of those programs and provides you with links to where to download updates. You can download it here. It’s an amazing tool to know what to update.

As a general rule, you should keep your Operating System (XP, Vista, OSX) as well as Java and Adobe Flash Player up to date. Those are the most common ways viruses and spyware can gain access to your computer.

As a rule of thumb, don’t click on links to suspicious websites. In many programs, you can mouse over the link to see the HTTP address. Just remember to air on the side of caution.

Don’t go to suspicious sites.  If you’re not sure about the site, try searching Google for it.  If a lot of hits come up like “Spyware, removal of spyware, virus related” etc, don’t go to that site.  Also, if you had gotten a virus in the past from a questionable website, don’t go to that website again.

Run an anti-virus program.  This should be really easy for people affiliated with UMass.  UMass has a site license for McAfee Enterprise Virus Scan.  You can get it on the OIT website here.  If you have an older version of McAfee Enterprise Virus Scan installed, uninstall it first.  It might cause weird errors to occur if installing just over the older version.  Also, if you have any other anti-virus programs installed, you should only have one installed.  You shouldn’t have more that one anti-virus program installed, as they tend to fight each other and slow everything down.  Uninstall all but one anti-virus program.

The last way to protect yourself is to run full scans with your anti-virus and anti-spyware software once per month, whether you think you need it or not.  Think of it like an oil change for your car.  It cleans out all the sludge that may build up, whether you see it or not.  If you have the version of McAfee Enterprise Virus Scan distributed from the OIT site mentioned above, McAfee will update itself every day, and run a full scan in the background once a week.  You should also run a full scan once a month with your anti-spyware software of your choice.  We use Spybot Search and Destroy, which can be found here.

Categories
Hotfix Security Software Virus/Malware

PDF Threat!

According to a recent Tech-news-media-blits, Adobe has pushed out a highly critical security update to its Adobe Reader and Acrobat software. The update fixes a highly critical flaw in which code imbedded into a PDF file will be automatically executed.

I have never been a huge fan of Adobe Reader’s excessively long load times and browser instabilities. I have been a longtime user of Foxit Software’s Foxit Reader. Foxit Reader is a much smaller and lighter PDF reader but it does not support all of the latest functionality that is implemented in the newest versions by Adobe. Furthermore, it was also vulnerable to the same recent threats, although Foxit Software was much faster to respond to the threat.

Disclaimer: Foxit Reader is 3rd party software and although it is recommended by this consultant, it is not supported by OIT.

However, this is not the first time that Adobe has needed to fix it’s code, which is another reason to use Foxit Reader.

We recommend to all our users to upgrade to the latest version of Adobe Reader and/or Foxit Reader immediately.

But as of now there is no evidence that any malicious code or trojan has been written to take advantage of the security hole.

Details about the vulnerability and proof-of-concept videos can be found here for the inquiring minds.

Categories
Security Virus/Malware

Arrrr! Piracy be Dangerous!

Its a trap!
Admiral Ackbar is wary of pirated copies of software.

I was reading my RSS feed for Slashdot and I came across this article. This is a great example for why piracy is dangerous. Mac users who get copies of iWork ’09 from the Internet can get a trojan virus. That’s right! While Mac OS X is generally safe against viruses, most programs require that you type in your username and password to install them. As soon as you do this, you are granting the program administrative access to your system! If the program contains a virus, you are giving it free reign.

It’s important to trust the place that you get your software. Make sure that you download software from the maker’s official website or an authorized mirror. That is to say, if you want to get a program like Firefox, you should go to http://www.mozilla.com or http://www.getfirefox.com — not some random website from Google.

Arrr! Be wary, mateys! Sometimes the booty be trapped! If you believe that you have a virus on your computer, contact OIT Help Services for assistance.

(Neither the Office of Information Technologies nor the University of Massachusetts Amherst condone the piracy of copyrighted material. For more information on copyright infringement, please visit this link.)

Instructions for removing the infected iWork package (from MacRumors):

Solution 1: This is the easiest and safest way for users to remove this Trojan. It is a small utility that has been created by the makers of MacScan AntiVirus software for Mac users. Please note that this is not officially supported by OIT Help Services and we cannot guarantee its effectiveness.

http://macscan.securemac.com/files/iWorkServicesTrojanRemovalTool.dmg

Solution 2:

Note: BE VERY, VERY CAREFUL. Typing in these commands incorrectly can delete large swaths of information from your hard drive. Use the following solution at your own risk. We recommend that you try Solution 1 first!

1) (open Terminal.app)
2) sudo -i (enter password)
3) rm -rf /System/Library/StartupItems/iWorkServices
4) rm -f /private/tmp/.iWorkServices
5) rm -f /usr/bin/iWorkServices
6) rm -rf /Library/Receipts/iWorkServices.pkg
7) killall -9 iWorkServices

Categories
Hotfix Operating System Security Software Virus/Malware

“Conficker Worm Could Create World’s Biggest Botnet”

I saw this article on Slashdot today and wanted to warn everyone out there. Nine million infected computers running Microsoft systems is an incredible amount of machines compromised.

Make sure your McAfee Enterprise is up to date and your Windows machine has installed all the latest updates!

As the article states, the worm propagates through un-patched Windows systems and through USB thumb-drives. This means that having a secure system or up-to-date virus protection is NOT ENOUGH! You need a combination of both. This is good computer usage in practice anyway, but we see an incredible amount of un-patched XP and Vista systems come in with virus infections.

What you see when an infected USB-drive is plugged-in
What you see when an infected USB-drive is plugged-in
The above image shows what happens when you plug-in an infected USB-stick into a machine. Notice the “Publisher not Specified,” text in gray under the open option? That should be your first clue right there. Do NOT click on this, as this will launch the virus and infect your computer.

It’s just that little yellow icon in your system tray, that little place with icons by the time in the bottom left. Click – Express Install – Done. It’s really that simple.

For those that are interested, the Microsoft Security Bulletin can be read here.

Categories
Operating System Virus/Malware Windows

How to delete the Windows Antivirus virus

If you have seen this screen then you know what virus I am referring to.

Here in Software Support, we use a program called ComboFix that you can download yourself by clicking here. This software will clean up most instances of this known type of virus called “Smitfraud,” and will generally leave your system much more operable than before. Recently, the number of outbreaks of this virus and ones like it have become staggering.

This software changes daily and must be downloaded every time it is run! The best way to do this is to download it on a computer that is clean and copy it over onto a USB pen drive.

Usually at Software Support there is a lull in the middle of the semester, but last fall the amount of traffic into SWS was something that I have never seen in my four years of working here.

If you feel that your computer is not running correctly, or if you think that the error messages that are popping up are not from your normally installed anti-virus or anti-spyware software, this should be your first step in alleviating the problem.

Of course, if you are having issues running the software or are not comfortable doing this, you can bring the computer in and we will run it for you.

Categories
Virus/Malware

AIM Viruses

Many users are curious as to how their systems are infected with viruses. While there are many different ways that this can happen, one common method is via something called an AIM virus. Sent as messages over AIM or other instant messaging clients (e.g. MSN Messenger, AIM, GTalk), users receive an instant message saying something like, “Check out these pictures of you I found on Facebook (Myspace, Flickr, etc.)” When a user clicks on the link, their computer is infected with a virus which subsequently sends similar messages to all the buddies on their contact list. Currently, only Windows users are affected by AIM viruses, but all users should be wary of links that they receive.

It is important to double check with friends who send you links over AIM. You can always send a message back saying, “Hey! Did you just send me a link about pictures on Facebook? I know that viruses can look like links from people on my buddy list.” If you are unsure, it’s best to discard the link.

Getting an AIM virus can slow down your computer dramatically. Additionally, if OIT detects that your computer is trying to infect others, you may lose your Internet connection until the virus is removed. Depending on the virus that infects your computer, it is possible to get other infections.

To remove an AIM virus, you can try a fantastic little program called AIMFix, a tool developed by Jay Loden. However, in some cases, the infection may have advanced to such a point where AIMFix will not be able to remove all the viruses. Members of the UMass community can download and install McAfee Virusscan Enterprise for free from the OIT website. Just make sure that you uninstall any other antivirus programs that you have (e.g. Norton Internet Security, McAfee Security Center, AVG, Trend Micro); multiple antivirus programs can conflict and slow down your computer. If this doesn’t help or you have other questions, you can always call OIT for more assistance.