New Threat Appears on Web Pages

I’ve said it before and I will say it again, the Internet continues to become more dangerous as new web pages are infected at an ever increasing rate.

A recent blog written by Graham Cluley for SophoLabs reveals that a new web based threat is blowing previous web-based malware out of the water.  It is found six times more often than its nearest rival. 

Sophos Calls this malware Troj/JSRedir-R.  It accounts for 42% of all malicious infections found on web sites over the last week.

A Trojan can look like a legitimate computer program, however, it has been intentionally created to disrupt or damage your computer activity.   Trojans can take control of a computer and use it for various criminal activities including Spamming, Phishing, Designated Denial of Service Attacks, and more.  Most of the time Trojans operate behind the scenes without the computer user knowing the computer is infected. 

Generally, JSRedir-R can be found on legitimate sites.  The Trojan is mixed or hidden behind JavaScript.  When an infected web page is visited malicious content is loaded on the computer with the user’s knowledge.

Unfortunately, you can’t tell an infected web site from one that isn’t.  Even high traffic popular web sites can be infected. 

It is important that your computer is protected against this new threat.  Many over-the-counter, free ware and low grade protection products do not protect against this new malware. 

Everyone should understand that the Internet is becoming more dangerous as cybercriminals become more creative and devious in their ways.  SophosLabs most recent security threat report reveals that a new infected web page appears every 4.5 seconds.  This is three times more than the rate in 2007!  Unfortunately, it doesn’t look like things are going to get better in the future.

To protect yourself against new threats like this you need to have high grade computer protection.  I recommend locking your computer down with a new way of protecting computers… managed computer services.  This kind of service locks the computer down with high quality professional grade protection and includes unlimited tech support at no additional charge.  This is cutting edge protection for 21st century problems.

Who Is Going to Protect You From Cybercrime And Identity Theft?

You don’t have to look very long to find a cybecrime or identity theft story these days.  The two fastest crimes in the world today appear to be escalating at an ever faster rate. 

Cybercrime and identity theft articles are everywhere

Every day new cybercrime or identity theft articles are released in publications and on the Internet.  Lately, we are hearing how vulnerable our government is, how malware like Conficker is infecting computers around the world and how fast identity theft is growing and impacting millions of innocent people.  

The world is becoming a more dangerous place to live even when we are at home and have our doors and windows locked and the blinds pulled down.  The world is becoming a harder place to stay safe and away from the criminals who are after our personal information and our money.  

Unfortunately, our personal information is everywhere including our doctors and hospital, insurance agencies, credit card companies, banks, mortgage companies, utility companies, and a lot more. 

We are vulnerable to all forms of identity theft including medical fraud, drivers licenses, social security benefits fraud, Federal and State tax fraud, passports, 401k, bankruptcy and a whole lot more. 

 The 2009 Javelin Identity Fraud Report states that identity theft increased by 22 percent from 2007 to 2008.  One-point-eight million more Americans were impacted by identity theft in 2008 than a year earlier.  Total number impacted rose to nearly ten million Americans  costing them them $48 billion according to the report. 

Cybercrime and identity theft go hand in hand.  They are like best friends who work together to rob each of us of our good name and our money.   

So, I ask you, ”Who is going to protect your from cybercrime and identity theft?   

You can’t look to our government to protect you.  Heck, they are having enough trouble keeping the bad guys at bay and from stealing sensitive documents.  Personally, I wouldn’t count on our government to do much to protect you from cybercriminals and identity theft any time soon.  

The Identity Theft Resouce Centertells us only one in 700 identity thieves are ever caught.  So, identity theft, for the bad guys, is a pretty safe to commit a crime.  Unfortunately, the victim is left with the effects of the crime for many years to come.  And, even when a criminal is caught, most Federal and State identity theft and cybercrime laws are weak and don’t hand out much punishment compared to the damage done to the victim.

You can’t count on corporate America to protect you.  With your personal information spread all over the country from one corporation to a doctor’s office to a insuance agency to who knows where else it is, it is only a matter of time before a creative hacker get your personal information, too.

So, what is the answer to the question, Who is going to protect you from cybercrime and identity theft?”   The answer is it has to begin and end with you.  You have to take proactive measures to counter these attacks from these fraudsters. 

I recommend two solutions:

1. Whole identity theft protection – this is a new form of identity theft protection that goes beyond the credit protection you see advertised on radio and TV.  It proactively protects your whole identity regularly checking for all forms of identity theft in thousands of locations including secret Internet trading places the bad guys hang out in.  The service also includes full identity restoration back to pre-theft status. 
2. Managed personal computer service – Again, this is a relatively new form of compter protection.  It includes professional grade protection on your computer and unlimited tech support at no addtional charge to make sure your computer is free of malware and runs like new.

You need 21st century protection to fight against 21st Century crimes! 

You have to take proactive steps to guard against today’s cybercriminals.   They are more creative and inovative that ever before.  It takes a 21st Century form of protection to counteract these bad guys and protect your personal information.  You must take action.  Don’t count on anyone else to do it for you.

New Conficker Article Released

Earlier today I published an expanded ezine article from an earlier blog post “Lessons Learned from Conficker.”  It seems like there is a new news story every day regarding this worm.  My article, “A Lesson We Should Learn from Conficker,” expands my ideas about this worm being just the tip of the iceberg. 

Cyber crime is continuing to grow as hackers become more sophisticated.  I encourage you to read the article and look for ways to educate and protect those you know.

Twitter Attacks Remind Us of Internet Dangers

This past weekend’s phishing and spam attacks on Twitter users is a harsh reminder of how dangerous the Internet can be. 

A phishing campaign that circulated through Twitter sent direct messages from on line users encouraging them to visit a phishing web site that attempted to steal user names and passwords.

Users received messages like this:  “Hey i found a website with your pic on it  LOL  check it out here (URL not listed).”  Then the link sent the unsuspecting victim to a web site that posed to be the normal log in page, but instead attempted to steal user names and passwords.

The stolen information apparently was used to send the message to other Twitter users.

Even though Twitter was impacted by several attacks over the weekend all social networks are vulnerable to attacks like this.  Everyone who participates on social networks should always be on guard.  For example, make sure the URL for the sign up page is correct.  Always look at the URL to make sure it looks like the regular sign up page you use.  If the URL doesn’t look right leave the web site and contact the social network for assistance.

In this day and age you must be aware of your Internet environment.  If something doesn’t look right it is best to leave the web page and contact the providers.

Lessons Learned from Conficker

There’s no question the world has learned a lot about bots and botnets over the last few weeks because of the Conficker Worm.   There are far more people aware of this malware than, perhaps, any other worm distributed by cybercriminals.

Conficker is still out there

The challenge is understanding that even though nothing happened on April first that Conficker is still out there waiting for it’s leaders to tell it what to do.  In fact, in just the last few days many experts say Conficker has been updated.  What are these cybercriminals up to?

Conficker is just the tip of the iceberg when it comes to dangerous worms, trojan horses and other malware.  There are thousands of large and small botnets.  A bot (remotely controlled computer), once under the control of a hacker can be used for all kinds of criminal activities including:  Spam and phishing attacks, designated denial of service attacks, theft of personal or business information, infect more computers, and a whole lot more. 

Malware is being produced at an incredible rate

Cybercriminals are creating new malware at an incredible rate.  According to the Sophos annual report every month over 30,000 new forms of malware are distributed.  Computers are infected more and more through web sites rather than by e-mail.  Innocent looking web sites are infecting unsuspecting computers and turning them into zombies or bots and then included into a botnet. 

We are in a Cyber War

The big lesson we should all learn from Conficker is that we are in the middle of a giant Cyber War.  The battle is being raged by many groups large and small.  Involved are individuals, small groups of criminals, larger groups that operate much like the mafia,  terrorist groups like the Taliban and Al-Quida, and countries like China, Russia and Iran who are using unknowing individual and business computers to wage war on the Internet.

So, what can we do to help win the Cyber War? 

There are two things we can do to help win the Cyber War against cyber crime. 

1. Make sure your computers are locked down with a professional grade of anti-virus, anti-spyware and bi-directional firewall and keep it up to date. 
2. Educate others.  Take the story to your friends, family, and neighbors.  Make sure they understand the situation and how vulnerable they are in these trying times and lock their computers down, too. 

I continually ask those people I talk to about cyber crime whether they think this problem is going to get better or worse over the coming years.  Everyone agrees it will get worse. 

You can help in the battle

When I ask what people I talk to what they plan to do about it?   Most of them don’t have an answer.   Frankly, they feel helpless and like this problem is out of their control.

What I tell them is that they can join me in the fight against the scurge who are carrying out this Cyber War by doing the two things I suggested.  Education and protection are our two biggest weapons against cyber crime. 

The recent Conficker news was great in educating the public.  However, since nothing seemed to happened most people will go back to their everyday activities and not give this worm or threats another thought.  Simply for most of us, “out of sight is out of mind.”   Cybercriminals know this and you can bet that they will take advantage of it. 

Join me in the fight against cyber crime

It is up to all of us to take a stand against cyber crime.  Join me in the fight.   First, lock your computer down so it can be hacked into and used as a tool by hacker and second educate as many people as possible.  Every time we do we may be taking one more computer out of the hands of the bad guys.

Tips to Protect Against Identity Fraud and Cybercrime

Every day we see and hear stories about identity fraud and cybercrime.  Thousands of innocent victims are impacted by vicious criminals who are only interested in stealing personal information and money.

There are a four basic steps you can take to protect yourself against identity fraud and cybercrime.   Those steps include good quality computer protection, keeping up with Window’s patches, quality passwords and a good dose of common sense. 

Quality Computer Protection

It’s no secret, I am not a fan of free-ware or over-the-counter products.  For quality computer protection you need to have a professional grade solution on your computer along with a tech service that will take care of your needs when you need it.  I recommend a managed pc security service that handles the your security and computer problems for you at an affordable price.  This is a new form of computer repair that is just now starting to catch on.

Windows Patches

Microsoft is constantly working to keep up with the bad guys who find holes in their products and are taking advantage of them to commit Identity Fraud and other forms of cybercrime.  Make sure you computer is up to date with the latest Windows patches.

Quality Passwords

There has been much written about the importance of quality passwords.  Experts tell us we should include capitol letters, numbers and symbols in our password.  They also tell us we should make it rather long further complicating how long it takes a cybercriminal to break your login and password.  Today, these bad guys have tools that constantly work on decoding passwords.  Simple passwords can be solved in a short period of time while it could take days or longer with more complicated ones. 

Also, make sure you don’t use the same password or passwords in various locations.  Once a thief discovers a password he will try it everywhere he thinks you may have applied it.  You could be vulnerable to a major theft when you use the same passwords everywhere.

The Rule of Common Sense

Simply stated we live in a rough and tough world with a lot of bad guys who are hiding out on the Internet.  It’s just like they are hiding in the alley ways and dark spots in your town.  You can’t see them, but they are there.  When you walk around town you avoid the places you think there are bad guys lurking.  You need to do the same thing on the Internet, too. 

Always be care and wary of anyone who asks for personal information.  My rule of thumb is if you aren’t sure about the situation don’t give any information out. 

Today’s cybercriminal is so clever and creative that you never know when or where they may pop up.  They have been know to be lurking in even the safest places on the Internet.  So, always, make sure you don’t give out any personal information unless you are 100% sure you are on a secure site and you are dealing with the right people.

No Surprise! Internet Fraud Continues to Grow!

It shouldn’t be a surprise to anyone that Internet scams and their financial toll continued to grow in 2008 according to information released by Internet Crime Complaint Center.  The organization collects and refers complaints about Internet fraud through its web site.   The Internet Crime Complaint Center works in conjunction with the Federal Bureau of Investigation and the National White Collar Crime Center.

The report states that last year more than $264 million was lost in 275,284 complaints.  The average cost per compliant was $931.  These figures represent a 33 percent increase in complaints and a $25 million increase in losses over 2007.

The biggest source of the complaints were from non-delivery of merchandise purchased on line – auction fraud. 

The report takes a look at scams prompting the most complaints along with the average amount of money lost per complaint.

Internet fraud and cyber crime as a whole continue to grow.  Cyber criminals are becoming more sophisticated in the way the attack and steal money from innocent victims.

You must be careful on the the computer and watchful for Internet fraud.  

On Friday I will post several tips on protecting yourself against Internet fraud and cyber crime.  Meanwhile, beware of anything on the Internet that looks suspicious.  Make sure you are dealing with reputable people.   Anytime your instincts tell you something might be wrong leave the website and don’t give out any personal information.  It is far better to be safe than sorry when it comes to protecting yourself against Internet fraud.

The Holidays are a time to be watchful

Identity theft is a huge threat to each of us.  Our privacy and financial security are at risk.  Identity thieves are opportunity seekers!  They spend their time looking for every opportunity and a way to take advantage of every one of them.  It is important to make sure you are proactively protecting every identity in your family.  This includes children as well as parents. 

The holidays are a time where the risk level rises.  Cyber criminals are constantly creating too good to be true offers, threatening impending doom and in any other way tricking people to give their personal information. 

The best advice is to be aware and on guard for anything that doesn’t look or feel right.  Never give out personal information to anyone you suspect under any circumstance.   Anytime you are in doubt, stop what you are doing and verify you are dealing with a trusted source even if that means nothing happens for a day or two.

Watch out for e-mails offering too good to be true prices for popular gifts.  Be aware of scams that claim you credit card number has been stolen and you need to verify personal information on the phone or in an e-mail.  Don’t allow a fraudster to ruin the holidays for you.

I have put together a pamphlet in PDF form called, “21 Ways to Protect Your Identity During the Holidays.”  You are welcome to request a copy by e-mailing me at moreinfo@completeinternetprotection.com.

We wish you and your family a happy and safe Thanksgiving.

Are You a Victim of a Virtual Heist?

A recent article by Brian Krebs of the Washington Post, “Virtual Heist Nets 500,000+ Credit Accounts”states that researchers at the RSA’s FraudAction Research lab have discovered one of the largest stolen data caches ever recovered.  A cyber crime group stole over a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in the world. 

The RSA detected more than 270,000 online banking account credentials, and about 240,000 credit and deb it account numbers and associated personal information on Web servers the cyber crime group was using were using for their attacks. 

The attacks have been going on for nearly three years.  That’s a very long time according to Seau Brady, manager of identity protection for RSA, the security division for EMC.  He said that only rarely do they come across crime ware that has been continually stealing and collecting personal information and payment card data, compromising bank accounts as far back as 2006.

The crooks are using Sinowal, also called “Torpig” and “Mebroot” by other anti-virus companies.  The Sinowal constantly morphs its appearance to slip past security software.  Researches have discovered that new variants are occuring at a rate jof 60 to 80 per month.

Sinowal is unique in another way, too.  It hides id the deepest recesses of the host computer, the “Master Boot Record.”  This location that loads even before the operating system boots up.  Experts say many anti-virus programs will not detect such a fundamental compromise.  Once discovered, removing the Trojan from the computer is almost impossible often requiring a reformatting of the system and wiping any data stored on it.

Here’s how the Sinowal Trojan works:  It lies in wait until the victim visits one of more than 2700 bank and e-commerce sites hard-coded into the malware, at which point it injects new Web pages or information fields into the victim’s web browser.

When an unsuspecting Windows user visits one of the sites, the code left on the site tries to install the Trojan using one of several know Web browser security holes.

According to the RSA more that 100,000 bank account credentials were stolen by the Trojan in the six months alone.

News Sources Point Out We Are All Vulnerable to Identity Theft

Conduct a word search for “identity theft” on Google or Yahoo News and you will find new stories being released every day.  Stories about the latest identity theft statistics, you will read about an identity thief that was caught and the terrible harm caused and you’ll see stories on how aggressive these thieves are becoming.

However, the one thing that stands out throughout all of these stories is identity theft impacts all of us.  It doesn’t matter where you live, how much you protect your personal information or how careful you are identity theft is an equal opportunity crime with the ability to impact everyone it attacks. 

The problem is our personal information is every where.  You can’t control what happens when a thief steals your identity from a corporation across the country or from a local office in your community.   

All you can do is be proactive in how you protect your identity should the unthinkable happen.  Proactive means you have purchased whole identity protection to cover all of your identity including complete identity recovery back to pretheft status. 

As I have stated in prior entries, popular credit protection companies don’t protect your whole identity.  Credit protection is just one-third of your identity.