Antivirus Blog

A common question asked by computer users is, ‘If I have antivirus and antispyware software installed, and I keep my Windows OS up to date, and I also use a firewall, how come I still get computer infections?‘
This question has riddled both computer users and antivirus software developers alike since the widespread use of high-speed internet first occurred. In this article, we’re going to take a look at the two main methods used by hackers to infect a home PC.

First, we’ll discuss the two main factors that contribute to this problem that security software has the greatest time dealing with: reverse engineering and social engineering.

Reverse engineering is the process of picking apart software by studying its means of detection in an effort to find a security flaw or to create a way around it. This method of bypassing antivirus security has been used by hackers for quite some time and is particularly effective against computers that are running outdated antivirus software. Therefore, the best way to protect yourself from reverse engineering tactics is to keep your antivirus software up to date.
An even easier way for hackers to bypass your antivirus security is by using social engineering, a process that exploits the human element to access the computer.

The most typical methods of social engineering are:

• Fraudulent emails
• Email attachments that claim to be very important
• Free offers that contain hidden programs
• Web sites discretely load software onto your machine when you click on a link

Of all the different types of computers that are online, the average household computer with a high-speed internet connection is by far the most targeted for attack. Teenagers are a very high risk group, since they are known to visit just about any website without hesitating. Teenagers are also the biggest users of file sharing software such as Limewire, KaZaa, and torrent clients, where infected files are constantly being distributed.

Additionally, teenagers spend a great deal of time on social networking sites like MySpace and Facebook, which are notorious for being targeted by hackers. ‘Phishing’ is the method of tricking the user into revealing personal information such as usernames and passwords. One popular phishing method is to direct unsuspecting users to an imposter site designed to look like a trusted site where they may already have an account and prompting them to enter their username and password. The information is then collected and relayed to hackers who may have several malicious uses for it. This is a particularly significant threat for those who do banking online or use sites that deal with currency exchange such as PayPal.

Residential computers, in general, tend to have a higher level of virus as well as spyware infections, primarily to do the way that they are used.
If you are running up to date antivirus software and your system still manages to contract infections, it may be due to a ‘liveware’ problem, which means someone that has access to your computer is using it for high-risk activity that may be allowing viruses to bypass basic antivirus detection. Educating everyone in your household about the dangers of using the internet and explaining to them how to go about their business online safely may likely prevent any future infections from occurring.

Most people know that viruses can damage their computer. The extent of the damage may range from just an inconvenience to completely destroying your hard drive. Other types of malware such as spyware or adware can infiltrate machines and use them to collect information and tie up system resources. But have you heard about viruses that can infect your computer and then attempt to actually extort you?

It’s called ransomware. Essentially, it works by holding your data hostage and requiring you to make a payment to regain access to it. Unlike traditional viruses that just wipe out data, ransomware makes encrypted copies of your data and then erases the original data. In order for your computer to be able to access these files, it needs the encryption code. If you try to access such data on your computer, you’ll be prompted with a message reading something like the following:

Your files have been fully encrypted with a sophisticated algorithm. To gain access to these files, you’ll need to purchase our decrypting too, which you can buy at xxx

In some cases you are directed to pay directly for this decryption software, but in others you have to make several purchases at other websites. No matter what the details, the fact remains that you will be asked to pay money for access to your own files. So, what should you do in this situation? Well, you have two options.

1. Agree to the terms and pay the ransom.
2. Find a way around the ransomware and recover as much data as possible.

Paying the Ransom
Aside from having to admit defeat to the criminals, there are several possible problems associated with deciding to pay to get your files back. First of all, you’ll have to reveal your payment information to these criminals. Whoís to say they won’t use it to further steal from you? Second, what guarantee do you have that you will actually be given access to your files if you do choose to pay?

Try to Crack the Code
Obviously the more desirable solution, getting around the ransomware and decoding the encryption code might be difficult but it is not impossible. The first versions of ransomware that came came out had very weak encryptions, making the codes fairly easy to break. Gaps in their programming made them vulnerable to reverse engineering which could decipher the code. The latest version of ransomware uses the RSA-1024 encryption algorithm, which is very advanced and difficult to crack, even for the most skilled programmers.

Reformatting
If all else fails, you can always reformat your computer. The obvious downside to this is that you will lose all of your data, and you computer will be restored to how it was the first day you booted it up. The upside is that you will also effectively delete the ransomware that is holding your computer hostage.

Try to Find the Code
Although the very latest version of this malware has yet to be hacked, that doesn’t necessarily mean that previous versions haven’t had their encryption codes available online. You should definitely do a Google search of the name of your particular virus and see what comes up. You might just find instructions on how to unlock your data yourself.

Restore from a Back-up
Depending on how long it has been since your last data backup, you might be able to use the backed up data to restore your computer and rid it of the annoying ransomware. However, any data created since the last backup will be lost. Also, even if a restore is successful, it’s important to remember that your computer is back to being as vulnerable as it was before it received the infection, so you should consider enhancing your systems security.

The enhanced technology of the internet has brought with it several new conveniences. Nowadays, people can shop online, get in touch with old friends, pay bills, and more. However, criminals have been evolving right along the side the internet, constantly engineering new ways to try to rip people off. Obviously this poses a risk to people that shop or transfer personal information online - especially those that use the internet to do their banking. If you don’t know how to protect yourself, you may be putting your money and credit in serious jeopardy by doing your banking online. So how do you avoid getting robbed in cyberspace?

Protect Your Password
Your online banking password is the key to your bank account. Therefore, crooks spend a great deal of time coming up with clever new ways to get that very piece of information from you. To prevent anyone from guessing your password, it is highly recommended that you use a random combination of letters and numbers. If your online banking platform supports case-sensitive passwords, it also helps to include a capital letter or two. The longer your password is, the better (although there are usually limits). To further protect your password, you should change it periodically.

Do Not Open Suspicious Emails
‘Phishing’ is the practice of tricking the consumer into revealing personal information (such as passwords, account numbers, PINs, etc) by posing as legitimate companies that claim to need the information. These emails may contain the logo of the company they are claiming to represent, but do not be mislead. No legitimate banking institution will ever email you asking for your personal information. If you have an account with them, they already have that information. These emails usually contain a link to a site that is designed to look identical to the institution they are impersonating. If you were to enter your banking information on this fake site, it would be immediately relayed to the criminals. If you’re ever unsure about a website, check the address bar to make sure that the URL of the website matches the official site of the company.

The most obvious indications that such an email is fraudulent and should be discarded are failed attempts at correctly addressing you by name, grammatical errors, or links within the email directing you to domains that you have never heard of. If anything about the format of the email deviates from how emails from your financial institutions usually look, then you should be suspicious. If you are still uncertain of whether or not an email is authentic or if it is fraudulent, contact your banking institution’s customer service to have them verify.

AntiVirus Software and Firewalls

It is imperative that your computer is protected with a high quality antivirus utility. There are tons of antivirus review sites online that can help you make an informed decision as to which antivirus software is best for you.
Communicate with your Bank
Don’t hesitate to contact your financial institution at the first sign of trouble. They deal with identity theft and fraudulent activity all the time and they will be able to advise you in your particular situation. If you accidentally submit your information to a fraudulent website, contact them right away and let them know about it. This will help minimize or even prevent trouble from occurring. Keep your contact information up to date with your bank so that they can get in touch with you quickly if they see any suspicious activity in your account.