Posted on

Typosquatting: Another front of malware attacks

Typosquatting is a type of internet scam that relies on end users making mistakes, such as spelling errors or entering the wrong domain name when entering a websites URL. It is also commonly known as URL Hijacking. There are many motivations for a hijacker to take the Typosquatting approach to deceiving unsuspecting victims:

1) To redirect web traffic to their own or a competitor’s product.

2) Installing malware to infect the user’s machine, typically with ad-hosting pieces of malware.

3) Freeze the web browser for a fake Tech Support scam, scaring the user into calling a fake tech support number claiming the user has a virus infection. These scams potentially cost the users hundreds of dollars.

4) To steal user information by running a phishing scheme to mimic legitimate website.

5) Making revenue from the user clicking on advertisements (either in plain site or disguised as legitimate search links) on the Typosquat website.

6) To blackmail or strong-arm payment from the company they’re Typosquatting in order to force a purchase of the website from the Typosquatter.

A scammer who runs a Typosquat scam typically registers a website address with spelling close to the legitimate websites address. This is typically something simple like omitting a letter, adding a letter, or using a different Top Level Domain. For example if a user wants to go to our website, they may end up typing superaantispyware[dot]com with double a’s. This will end up showing a user a Typosquatting website such as this:

Another type of Typosquat scam would be due to the person improperly typing out the full URL, typing something like google [dot] om , rather than typing google [dot] com. In this instance, the person typing the .om domain would actually be viewing a page hosted on Oman’s Top Level Domain, rather than the basic .com domain. In some instances, large corporations will buy up as many associated domains as they can in order to prevent this type of mistake (Google, for example, has variants of their site containing multiple o’s and different Top Level Domains); however, not all companies have the foresight and/or money to do this.

It is easy to avoid falling prey to a Typosquatting scam. Here are a few easy things you can do to prevent this.

1) Never open links in emails from unexpected senders, and exercise caution when visiting sites you’re not familiar with.

2) Bookmark your favorite websites so you can easily access them.

3) Use a search engine like Google, Bing, or Yahoo when looking for a specific website if you are unsure about the spelling or if the business’ website is the same as their name. Some car dealerships, for example, use dealer names or slogans as their website.

4) Double check the URL you are typing before loading the page

5) Make sure Real-Time Protection is turned on in SUPERAntiSpyware Professional

6) If you are starting a web-based business, consider buying multiple domains that are similar to your primary site to preemptively stop Typosquatters. Most domain registrars will offer bulk rates when you purchase more than one domain at a time.

While this type of attack is somewhat uncommon by today’s standards, it still happens every once in a while. By practicing safe browsing habits, keeping your web browsers up-to-date, and running regular scans of your machine, you should not be impacted by most of these types of attacks.

Posted on

Macros and You: An old attack becomes chic again

Macros and You ?

Some of the earliest computer viruses and malware were created using macros in Microsoft Office documents. These pieces of malicious code would run once the document was opened, and the infection would happen without the user even being aware that their machine had been compromised. While these types of attacks had fallen out of favor over the years, they’ve come back in style and are more popular than ever before.

What exactly is a macro?

While you’ve probably heard the term thrown around before, most people don’t actually know what they are, or what they’re capable of. In short, macros are little snippets of code that run through your office software. Many people use macros to speed up a repetitive processes, like formatting items. Unfortunately, the same type of code that is used to perform the mundane can also be used to perform the malicious.

Due to the ease of abuse, Microsoft removed the automatic enabling of macros many years ago. This is ultimately what lead to the majority of these types of attacks going by the wayside. Because there was no longer a way to abuse this on most machines, would-be attackers changed their methods to more traditional programs, which are far easier to detect with a normal malware scanner.

With the recent surge in ransomware, new methods of delivery were needed by would-be attackers. The anti-malware engines had been able to detect many variants, and it was only getting easier. This meant that stealth was needed. What better way to do that than to bring back a tried-and-true method in Office Macros. Few people expected it due to the fact that these infection types hadn’t really been seen in years.

The basic attack is carried out like this:

1) An infected person sends you an email with the subject similar to “ATTN: Invoice Attached” that has a Word document attached.

2) The person downloads and opens the file, only to see a garbled mess of characters with a notice that says “Enable macro if the data encoding is incorrect” in big bold red letters at the top of the window

3) The unknowing victim enables macros, thereby initiating the malicious code

4) The code runs, sending out an email to your Outlook contacts (attempting to infect them), downloads whatever payload(s) it wants, then runs the ransomware (locking your files)

Because of the sharp increase in these types of attacks, Microsoft, SUPERAntiSpyware, and many other security vendors recommend that all users disable macros if they do not need to use them. While Macros should be disabled by default, it is worth double-checking your preferences in order to ensure that you are protected as best as possible.

For more information on how to disable macros in Office files, please visit this Microsoft Support article.

NOTE: This is a recommendation specifically for home users, if you are in a work environment please contact your IT department first before making any changes!

Posted on

Holiday scams

Holiday Season Scams !

The holiday season can be a very busy time for many people, but it is also a busy time for cyber criminals. There are a lot of online scams going around this time of year, looking to take advantage of increased shopping activity and people’s generosity. We’ve listed some tips and warnings about some of the most common scams.

Fake Retailer Websites

A counterfeit website which mimics the site of a real retailer using similar layouts, color schemes, graphics and logos. Sites like these have been known to send low quality merchandise that doesn’t work or falls apart, or simply send nothing at all and just simply steal the personal and financial information you provide them.

Deceptive Advertising

We’ve all heard the old adage “If it’s too good to be true, then it probably is.” This certainly applies to online advertising. If I saw an ad offering a Rolex watch for $100, for example, I would be very suspicious. Even if you didn’t end up buying anything from the site, simply clicking the link could install malware onto your system.

Point-Of-Sale Malware

Over this past year there have been several data breaches from some major retailers. Many of these breaches were due to malware inside the Point-Of-Sale devices. When a card is swiped through, the malware will send a copy of your card information to the malware creators. The best way to protect yourself is to be diligent in checking the transaction history of your accounts. If you notice any unintended purchases, contact your financial institution immediately.

New Devices

Many people will buy or receive new phones, tablets, USB drives, or other devices this holiday season. Devices like these can get infected with malware. Connecting your device to your work computer (even just to charge the battery) could wreak havoc on your company’s servers and systems. Make sure to check with your IT department about BYOD (Bring Your Own Device) policies.

ATM Skimming

Holiday shopping may mean hitting up the ATM. Before inserting your card, double-check to make sure that the ATM hasn’t been compromised. If the keypad, card slot, or cover look different or loose, a device (or malware) may have been installed to steal your banking information. Another ATM tip is to cover the keypad with one hand while entering your PIN with the other. Criminals have been known to install tiny cameras in ATMs in order to find out your PIN.

Public Wi-Fi

While it may be convenient to sit down at your local coffee shop and use their internet connection, you should be very cautious of what information you send over their free Wi-Fi. Systems like this are usually not very secure, and someone could steal your information with little effort. Never do banking or online shopping on public Wi-Fi.

Shop only on secure websites

A lot of holiday shopping is done online – make sure that the site you are shopping on is secure. Look at the website address at the top of your web browser. If the URL begins with ‘https://’ then you know that they are encrypting your sensitive information. If the URL begins with ‘https://’ then the website is not using encryption. Additionally, most major browsers will display a lock icon in the address bar. You can click this lock to get more detailed information about the website.

Fake charities

Make sure to do your homework on any charitable organization before donating. Their name and website may seem legitimate, but it could be someone trying to take advantage of your generosity and scam you out of money.

Social Media

Some things to be wary of on social media sites such as Facebook and Twitter:

·         Phony Profiles

A random person sends you a friend request. Even if their profile looks legitimate, you shouldn’t click that ‘Accept’ button quite yet. That new ‘friend’ could be a criminal after your data, and accepting their friend request gives them access to your personal info, posts, and your list of friends. Make sure that you only accept friend requests from people you actually know; otherwise you’re opening yourself up for an attack.

·         Hacked Profiles

You see that one of your friends posted a link claiming that they got a free XBox for filling out a survey. In reality, someone has hacked their account and posted this malicious link. Contact your friend immediately and have them change their password.

Email

Email is a very popular way for criminals to try to infect your system. Here are some of the more common email scams:

·         Malicious e-cards
Looks like a simple greeting card, but downloads malware when you open it.

·         Grandparent scams
Scammers target the elderly with an email from a “stranded” grandchild claiming to need money wired to them.

·         Letters from Santa
An offer to send your child a personal letter from Santa Claus may be a phishing scheme to collect personal information.

·         Bank Account scam
An email seemingly coming from your financial institution which informs you that your bank account has been compromised. You are given a link to follow or a phone number to call in order to verify your account information.

·         Shipping notification/Order confirmation
You receive an email claiming to be an order confirmation or package tracking number. Make sure that the email is actually from a retailer you have ordered from before clicking any links within.

·         Golden rules of Email
Do not follow unsolicited links
Do not open unsolicited attachments
NEVER send any financial information through email