Threat Lab

Webroot DNS Protection: Now Leveraging the Google Cloud Platform

We are  excited to announce Webroot® DNS Protection now runs on Google Cloud Platform (GCP). Leveraging GCP in this way will provide Webroot customers with security, performance, and reliability.  Security Preventing denial of service (DoS) attacks is a core benefit...

What Defines a Machine Learning-Based Threat Intelligence Platform?

As technology continues to evolve, several trends are staying consistent. First, the volume of data is growing exponentially. Second, human analysts can’t hope to keep up—there just aren’t enough of them and they can’t work fast enough. Third, adversarial attacks that...

Global Privacy Concerns: The World’s Top Five Cities Using Invasive Technology

Cities are expanding their technological reach. Many of their efforts work to increase public protections, such as using GPS tracking to help first responders quickly locate the site of a car accident. But, in the rush for a more secure and technologically advanced...

A Chat with Kelvin Murray: Senior Threat Research Analyst

In a constantly evolving cyber landscape, it’s no simple task to keep up with every new threat that could potentially harm customers. Webroot Senior Threat Research Analyst Kelvin Murray highlighted the volume of threats he and his peers are faced with in our latest...

A Cybersecurity Guide for Digital Nomads

Technology has unlocked a new type of worker, unlike any we have seen before—the digital nomad. Digital nomads are people who use technologies like WiFi, smart devices, and cloud-based applications to work from wherever they please. For some digital nomads, this means...

Cloud Services in the Crosshairs of Cybercrime

It's a familiar story in tech: new technologies and shifting preferences raise new security challenges. One of the most pressing challenges today involves monitoring and securing all of the applications and data currently undergoing a mass migration to public and...

Protecting Against Emerging Ransomware

Reading Time: ~ 1 min.


While ransomware has become a buzzword for some, cyber criminals have made it a lucrative business and one which they are constantly evolving. Each day, the Webroot BrightCloud® Threat Intelligence Platform monitors, classifies and scores 95% of the internet to discover 6,000 phishing sites and 80,000 variants of malware and PUAs.

According to Webroot’s latest research, more than 97% of threats are unique to a single endpoint making traditional signature-based antivirus underprepared and ineffective in protecting businesses against today’s threat landscape. In this podcast, Tyler Moffitt, Senior Threat Research Analyst for Webroot, joins Ryan Morris, contributing editor for Penton Technology, to explain the newest and most challenging forms of ransomware, such as malvertising. In addition, they dive into the latest threat trends and arm MSPs with tested and actionable suggestions to help protect themselves and their customers from becoming another statistic.


Penton Technology Podcast with Tyler Moffitt – Ransomware – Part 1

Penton Technology Podcast with Tyler Moffitt – Ransomware – Part 2


A Conversation with Hal Lonas about Threat Intelligence and Machine Learning

Reading Time: ~ 4 min.

After sitting down with Hal Lonas to get a deeper look at the inner workings of Webroot, there was no questioning why he’s uniquely qualified to serve as the company’s CTO. And with machine learning getting thrown around as the hot new buzzword, it was refreshing to hear Hal’s down-to-earth perspective on motivations, ideas, solutions and what drives Webroot to continue innovating in the world of threat intelligence.


Tell me about your background. What led you to create BrightCloud?

I have been developing software products for years and got into the security software space as Director of Development with Websense in 2000. At the time, websites were being classified manually, even though the number of sites and security breaches were already increasing exponentially. It just seemed like the wrong way to solve the problem.

A few of us saw the trends of cloud computing, machine learning advances, and threat escalation as an opportunity to do things differently. So we dropped out of Websense and started BrightCloud, which was founded and architected on the belief that automated classification using machine learning and the scalability of the cloud was the only way to go.

BrightCloud technology does a great job in combatting today’s threats; dynamic ones that appear, damage, and disappear. Was it built with polymorphism in mind?

We actually didn’t build BrightCloud tech with polymorphic or transitory malware in mind. We built it to bring incredible speed, scale, and flexibility to finding threats. So when polymorphism came to the forefront several years ago and started overwhelming traditional signature-based solutions, we were at the right place at the right time. There are many other security problems that BrightCloud technology solves based on the architecture and platform we’ve built, for example finding phishing and fraudulent sites in real time.

You also have to credit Webroot’s vision in combining cloud-based endpoint security with Webroot threat intelligence. Webroot endpoint technology was designed from the ground up to be cloud-based and globally scalable, to minimize the time from threat detection to global protection. Additionally, Webroot had the guts to transform the product and the company from a traditional antivirus offering to a platform-based service approach. That’s a key aspect to the entire ecosystem we protect.

How is your approach to threat intelligence different from most?

Well for one thing, we don’t generate white lists, black lists, or static feeds of data. You could use our data in that way, but the threat landscape is way too big and dynamic for that, and we offer so much more. As soon as you publish a list, it’s out of date. Security professionals need a service where they can ask questions and get security advice at the moment of truth, which is just before you click on a website, before your firewall accepts a connection from an unknown IP, or before you run that downloaded file or mobile app. That’s what we do with the BrightCloud system at Webroot. And that’s what gives our products and partners protection no one else can provide.

The way our technology works, everything on the internet has a reputation score somewhere between totally trustworthy—so a score of 100—down to clear and present danger scores of single digits. That allows our customers to set a risk threshold for activity they want to allow or block, and decide when to warn users. That’s a very different approach than others in the field are taking. When we say ‘actionable threat intelligence’, that’s what we mean; we inform critical decisions at the moment of truth billions of times every day.

What approaches do you think cybercriminals will be using in the future?

Ransomware has been very successful, so I think we’re going to see more of that. The bad guys are going to find areas where we are lazy in protecting ourselves and they’re going to exploit those weaknesses. We might find things like demands of payments simply not to attack us, almost like extortion for so-called protection.

Besides security, we might also find other business areas where we’ll be forced to improve, like getting rid of passwords for authentication, and making data backups easier and testing them to see if they work.

Also, as legacy operating systems from Microsoft, Apple, and Google get more secure, attacking them will become less easy and profitable. That means the bad guys are going to look at other areas to attack, like newer home and business devices connected to the internet. We describe this as the new and expanding attack surface area.

As more new products and devices get added to networks, it seems as if those products are being rushed to market and that security is an afterthought. In a lot of cases, many times not in the product at all when it’s released.

We observed in our quarterly threat brief that malware attacks have actually gone down in the past few months. Does that mean that the overall threat level is decreasing?

There may be a number of contributing factors here. Based on what we’ve observed, our impression is that even if there are fewer attacks, they’re more impactful. For example, a single organization hit by ransomware may struggle for days or weeks trying to recover or decide whether they should pay. Additionally, cybercriminals are taking time to regroup as security solutions get smarter and as more threats are stopped earlier by machine learning and automation. As the bad guys figure out their next move, we’ll see threats take off again, most likely in new areas.

Can machine learning help combat the threats that are keeping you up at night?

Absolutely. Not only can it help, but we believe it’s the only way to solve the growing threat problem, which is why our next quarterly threat brief will focus specifically on machine learning. Of course you have to be smart about it, and threat researchers and analysts are still key parts of the puzzle, but we’ve figured out how to leverage and amplify their knowledge and productivity a thousand-fold. As threats become more transitory and harder to find, humans are going to be even more overwhelmed and won’t be able to keep up without automation.

Threat Recap: Week of September 5th

Reading Time: ~ 2 min. 

There’s a lot that happens in the cybersecurity world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

No Site is Immune to  User Information Exposure

In yet another example of poor cybersecurity, Brazzers has issued a statement regarding the unauthorized access to nearly 800,000 sets of usernames, passwords, and email addresses. The data itself lacked any encryption and was viewable in plaintext. Users of the Brazzers forums are being suggested to change their passwords for the site, as well as any sites they may have reused the password on.

Dridex Adds Crypto-Currency Wallets to Attack Vector List

While Dridex, a prolific banking trojan, has been laying low for the past several months, its authors have made significant changes. The first noticeable change is the addition of several crypto-currency wallet managers to its list of keyword searches done when infecting a new computer. By capturing and analyzing data from the infected computer, the command-and-control servers are able to make decisions on how to proceed based on the criteria that is met.

Russian Instant Messaging Service Breached

It was recently announced that over 33 million user accounts from, a Russian instant messaging service, had been illegally accessed and posted publicly. Unfortunately for users of the service, all of their information was unencrypted, leaving it accessible to anyone. After further analysis of the stolen data, it has again been proven that users pick amazingly simple passwords that are also used by thousands of other individuals.

Google to Begin Marking HTTP Sites As Unsafe

In a push to get all website owners to use HTTPS, Google has announced that starting in January of 2017, Google Chrome will begin flagging sites that transmit passwords or credit card information over HTTP. With this effort, Google hopes to make Internet transactions safer. Already they have had a significantly positive response with many of their top 100 sites switching to HTTPS as default.

Cybersecurity Lacking for High-Demand Devices

As we expand further into internet-connected, wearable devices, one commonality has become glaringly obvious–cybersecurity has been a low priority for many companies. As they rush to push these devices to market, there is a lack of significant testing done to ensure customers’ private information is safe. Even more worrying is this security void when it comes to connected systems in homes, as physical security for clients can be breached wirelessly if the connected system is simply shut off.

Threat Recap: Week of August 29th

Reading Time: ~ 2 min. 

There’s a lot that happens in the cybersecurity world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

European Company Loses Millions in Targeted Phishing Scam

In the last couple weeks, Leoni AG, one of the largest electrical wiring companies in Europe fell victim to a Business Email Compromise (BEC) scam involving the CFO transferring a significant sum of money to a non-verified bank account. This location was likely the main target due to it being the only one of four factories that has the authorization to transfer money, and did so by spoofing an email to the companies CFO with very specific details about their internal transfer protocol, and “sent” from one of the company’s higher ranking executives.

Hotel & Restaurant Chain Warns of Jeopardized Payment Terminals

Recently, Kimpton Hotels has issued a statement that verifies the presence of malware on payment processing devices in over 60 of their locations across the country. It is believed that credit cards used at these locations in the first half of 2016 may be compromised and should be monitored for illicit transactions taking place. While the incident is still under investigation as yet another victim in a long line of large-profile targets, Kimpton officials are still unclear on the source of the breach.

Blizzard and EA Face DDoS Attacks during Releases

With the launch of the latest World of Warcraft expansion, Legion, occurring in the same week as the online-beta release of Battlefield 1, it comes as no surprise that both companies were in a prime position for a cyberattack. Unfortunately, that’s just what happened, as both companies were hit with DDoS attacks that brought several servers down for a period, and affected latency for many gamers trying to access the games upon availability.

NHS Hospitals Hit with Ransomware, Not Paying Up

In a recent study done of nearly 60 NHS institutions in the UK, over half had been the victims of at least one ransomware attack in the last year, though none had resulted in the ransom being paid. Of the hospitals that were affected, the vast majority were able to recover their encrypted data by restoring from backups that are created and stored internally. While ransomware is continuing its spread across the globe in search of easy targets, the best defense is still to have full backups of sensitive information and be prepared for what has become an inevitability for many organizations.

Hacker Exposes Poor IT Security of Kuwait Auto Import Company

While many hackers are on the lookout for a quick payday, or simply to prove they have the capabilities, one hacker has made his mission to teach poor IT admins a lesson. By breaching the Kuwait Automotive Import Company’s main site and obtaining sensitive details on over 10,000 customers, the hacker has definitely sent a message on the importance of strong cybersecurity. After the breach took place, the entire data dump was posted to pastebin, where it remains readily available to the general public.

Nemucod Ransomware Analysis

Reading Time: ~ 4 min.Today, we’ll look at yet another variant in the massive crop of malware that takes users’ files hostage: Nemucod ransomware.

Nemucod is a ransomware which changes file names to *.crypted. While it’s not a brand new variant, a lot has changed in the last few months, and different methods have been used, but one constant has remained the same – it is deployed via bogus shipping invoice spam email. The Javascript initially received in a spam email downloads malware and encryption components stored on compromised websites. Because this ransomware is written in a scripting language, it’s easily to modify and re-deploy. This has, for a majority, bypassed antivirus protection and spam email protection. However, a flaw was found in the encryption routine,which allows victims to recover their files.

  • January 2016: Nemucod changes file names to “.crypted” but does not actually encrypt them
  • March 2016: Adds XOR encryption using a 255 byte key contained in a downloaded executable. This downloaded executable encrypts the first 2048 bytes of a file
  • April 2016: 7-Zip used instead which created an archive to password protect files
  • April 2016: Instead of a hardcoded key, the Javascript generates a key and passes it as an argument to the downloaded executable and performs the encryption of the first 1024 bytes of each targeted file
  • May 2016: A small change is added to the previous build, which encrypts 2048 bytes instead of 1024 bytes
  • June – August 2016: A PHP script is used along with a PHP interpreter to encrypt the first 1024 bytes of a file

Email Example:









After opening the spam email attachment, you can see that the file located inside is a Javascript file cleverly disguised as a “.doc”. The file appears to be a .doc for users with the folder option setting “hide extensions for known file types” enabled.

Javascript Analysis:

Upon first opening the sample, it is heavily obfuscated; this is by design to thwart AV analysis and static detection

Nemucod Java

After de-obfuscating the script, I found that several compromised domains are used to store multiple files to be used later on in the execution routine. Of the downloaded files, we can see that two (a1.exe and a2.exe) are designed as a backdoor on the system. a1.exe is usually W32.Kovter and a2.exe is usually W32.Boaxxe. Since PHP is not installed natively on the Windows OS, the 3rd and 4th files downloaded (a.exe and php4ts.dll) are part of a portable PHP interpreter which allows the ransomware (a.php – 5th file downloaded) the ability to run.

Nemucod Java 2

Nemucod Java 3

Analysis of a.php:

We at first saw several samples of a.php written in plain text without obfuscation, but the developers changed this quickly to thwart static detection techniques. The obfuscation techniques below use chr() to encode each as a number specified in ASCII, while also using array() to store the php script in a list of array values.

Examples of Obfuscated ransomware variants:


Nemucod chr

To de-obfuscate, I converted all of the chr values to ascii characters and finally decoded base 64 stored to get the original script.


Nemucod Array

To de-obfuscate, I echoed the output of implode for all of the arrays (and removed eval) using the following at the end of the script:

;echo implode($f,”); ?>


Nemucod php

The PHP script first uses “set_time_limit(0);” to keep the interpreter running.

A recursive Tree function is used with preg_match to match folders:


If a match is found, the script opens the directory and checks for more directories using is_dir; if a directory is found, it runs TREE again, which continues the loop to check if the object is a folder or a file.

Once a file is found, it uses preg_match again to match its file extension:


Once a file matching the file extensions above is found, it stores that file name and path as the variable “$fp” and a new variable is made “$x” which uses the function fread.

fread() reads up to length bytes from the file pointer referenced by handle.

After reading the first 1024 bytes of a file, a for loop is used with strlen and the variable $k (a base 64 string) to encrypt the files.


If you have found yourself a victim of this ransomware, please submit a support ticket.

Ransomware for Thermostats

Reading Time: ~ 2 min. 

We all know that Internet of Things (IoT) is the future and that everything from your refrigerator to your toaster may eventually connect to the internet. With that being the case, it’s important to remember that these connected devices need to be designed with security in mind. On Saturday at the Def Con hacking conference in Las Vegas, Andrew Tierney and Ken Munro showcased a ‘smart’ thermostat hack, in which they were able to install encrypting ransomware onto the device, fortunately just as a proof of concept. Check it out:


The hacked thermostat (displayed in the screenshot above) runs a Linux operating system and has an SD card slot for owners to load custom settings and wallpapers. The researchers found that the thermostat didn’t check what files were being loaded or executed. Theoretically, this would allow hackers to hide malware into an application that looks just like a picture and fool users into transferring it onto their thermostat, which would then allow it to run automatically. At that point, hackers would have full control of the device and could lock the owner out. “It actually works, it locks the thermostat,” Munro said. This achieves the predictions of others in the security industry.


Despite the above tweet, Tierney and Munro declined to confirm the brand of this particular thermostat that they hacked. Because this test was so new, despite the vulnerability being showcased, the reserachers haven’t yet disclosed the vulnerability to the manufacturer, but the plan is to disclose the bug today. They also said that the fix should be easy to deploy. While this ransomware isn’t an immediate threat to anyone using smart devices in their homes today, the point has been proven that it’s very possible to create ransomware for these new and emerging IoT devices. “You’re not just buying [Internet of Things] gear,” Tierney warned, “You’re inviting people on your network and you have no idea what these things do.”



Chimera Keys Leaked From Rival Ransomware Author

Reading Time: ~ 2 min. 

Encrypting ransomware is so popular now that competitors will sabotage one another to get the upper hand. This is refreshing for victims, however, as they reap the benefit of these potential clashes between cybercriminals. ‘Chimera Ransomware’ has just had its keys leaked to the public, which is fantastic news for anyone who has been a victim of this ransomware.

Chimera Ransomware

@JanusSecretary  (presumed author of Mischa and Petya) was quick to tweet the news:



The keys are linked here which is a zip of the text file with over 3,500 keys. Below is a summary of the leak, where it is explained that Mischa used Chimera sourcecode. While the authors of Mischa and Chimera are not affiliated, they did get access to big parts of Chimera’s development system.


This allowed access to the decryption keys that have now been released. With these keys now released, it shouldn’t be too much longer before a decryption tool is created for all the victims of Chimera.

Also included is a shameless plug for his RaaS (Ransomware As A Service) portal, where anyone can create new ransomware payloads.


For any successful ransoms that result in payment, a cut will be taken by Janus based on how successful the ransoms are. For a complete rundown on RaaS variants check our our blogs on Ransom32 and Encryptor RaaS samples.


CryptXXX now looking to Neutrino for exploit support

Reading Time: ~ 3 min.When it comes to drive-by attacks, CryptXXX is king. In fact, out of all the exploit kits dropping payloads on victims, 80% result in CryptXXX. The creators attacked vulnerabilities in Flash Player, Java and Silver Light through using the Angler exploit kit, with malvertising helping boost their success. The malware authors were able to generate $3 Million per month almost exclusively from ransomware.

But how exactly does malingering work? In a nutshell, cyber criminals submit booby trapped advertisements to ad networks for a real-time bidding process. Malicious ads then rotate in with normal ads on legitimate, highly reputable sites. Users then visit these site and click on an infected ad. An invisible iframe injection then redirects the user to the exploit landing page, where a payload is then dropped. Here’s an example:


Since Angler was shut down earlier last month, CryptXXX was presumed to also die with it. However, it’s taken new life with the Neutrino exploit kit, and can now exploit out of plugins like WordPress. Here’s how this looks:


Once a user is unlucky enough to click an infected ad, a ransomware payload is dropped and they become the victim. Here are the instructions that are presented to victims. Pictured below, they are presented the form of a desktop background:


Once a user’s files are encrypted, the steps are the same as most ransomware – install a layered tor browser, then pay the ransom using bitcoins. This variant specifically only asks for 1.2 bitcoins ($800), which is the most ‘mild’ demand of recent ransomware variants, but the amount will double after 5 days if the ransom isn’t paid. It is worth noting that other sites have offered free decryptors for this malware, but they seldom last longer than a few days before the malware authors change it up yet again.

Webroot will catch this specific variant in real time before any encryption takes place. We’re always on the lookout for new and updated ransomware threats, but just in case of new zero-day variants, remember that with encrypting ransomware, the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into our consumer product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero-day variant of encrypting ransomware, you can just restore your files back as we save a snapshot history for each of your files up to ten previous copies. Please see our community post on best practices for securing your environment against encrypting ransomware.

MD5 analyzed





Cerber Ransomware: The Facts

Reading Time: ~ 2 min.Cerber is yet another newer ransomware that has been gaining some traction over the past couple months, so we’re providing a breakdown of this new variant. First, here is how it looks:


Unlike some other ransomware variants, Cerber is certainly not going for aesthetics. It also lacks any type of GUI. However, it does change your background to an awful pixelated image of static that’s not comfortable to look at, but it achieves its goal of getting the victims’ attention.

ransom text

The ransom text is quite extensive and attempts to answer as many questions as the victims might have. The end goal is to get the user to follow directions to install a layered tor browser so they can access the dark net and pay the ransom with Bitcoins. This is what the ransom portal looks like:


This Cerber variant specifically wants 2 BTC, which is a huge sum of money (around $1,300) compared to variants seen in the past. As with older types, there is a ‘late fee’ that doubles the ransom if it isn’t paid in the original time frame. It appears that this trend of charging more money is new and is continuing to catch on. Also included with Cerber are “freebies”, which means that you get one free decrypt of a file. This was introduced by coinvault in 2014 to great success, so now almost all ransomware types include it.

Webroot will catch this specific variant in real time before any encryption takes place. We’re always on the lookout for new threats, but just in case of new zero-day variants, remember that with encrypting ransomware, the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into our consumer product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero-day variant of encrypting ransomware, you can just restore your files back as we save a snapshot history for each of your files up to ten previous copies. Please see our community post on best practices for securing your environment against encrypting ransomware.

MD5 Analyzed:





CryptoMix Ransomware: What You Should Know

Reading Time: ~ 2 min.CrytpoMix has been gaining some traction over the past few months, so it’s a good idea that we provide a rundown of this variant in the ransomware family.

This is ‘barebones ransomware’, so victims aren’t presented with a GUI or a desktop background change. All that is presented is a text file and webpage showing the same text.


This is one of the FEW ransomware variant that doesn’t have some payment portal in the darknet. There is no need to download any tor browser, as they don’t provide any onion links.

email back

With this variant, victims literally have to email and wait around 12 hours for a response and those responses are encrypted and password protected (to protect the bitcoin wallet address the cybercriminals want payment to be made to).

Example response:

email back

While CryptoMix isn’t fancy, it’s price sure is. 5 BTC (Bitcoin) is an insane amount of money (>$3000), and it wasn’t a few months ago that ransom increases to $700 were all the rage. Also, these criminals even claim that you’ll receive free tech support and all your ransom money goes to a child charity. Please do not be fooled.

Registry Entries added

» HKLM\Software\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider
» HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward
» HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader UpdateSoftWare
» HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Adobe Reader Update32
» HKCU\Software\Microsoft\Windows\CurrentVersion\Run\AdobeFlashPlayerSoftWare
» HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\*AdobeFlashPlayers32
» HKCU\Software\Adobe Reader LicensionSoftWare\AdobeFirstVersionSoftWare
» HKCU\Software\Adobe Reader LicensionSoftWare\AdobeLicensionSoftWare

MD5 hashes analyzed :



Webroot will catch this specific ransomware in real time before any encryption takes place. We’re always on the lookout for more types of threats, but just in case of new zero-day variants, remember that with encrypting ransomware, the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into our consumer product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero-day variant of encrypting ransomware, you can just restore your files back as we save a snapshot history for each of your files (up to ten previous copies). Please see our community post on best practices for securing your environment against encrypting ransomware.




Computer Security Threats

Reading Time: ~ 1 min.Computer security threats are relentlessly inventive. Masters of disguise and manipulation, these threats constantly evolve to find new ways to annoy, steal and harm. Arm yourself with information and resources to safeguard against complex and growing computer security threats and stay safe online.

Computer Virus Threats

Perhaps the most well known computer security threat, a computer virus is a program written to alter the way a computer operates, without the permission or knowledge of the user. A virus replicates and executes itself, usually doing damage to your computer in the process. Learn how to combat computer virus threats and stay safe online.

Spyware Threats

A serious computer security threat, spyware is any program that monitors your online activities or installs programs without your consent for profit or to capture personal information. We’ve amassed a wealth of knowledge that will help you combat spyware threats and stay safe online.

Hackers & Predators

People, not computers, create computer security threats and malware. Hackers and predators are programmers who victimize others for their own gain by breaking into computer systems to steal, change or destroy information as a form of cyber-terrorism. What scams are they using lately? Learn how to combat dangerous malware and stay safe online.

Phishing Threats

Masquerading as a trustworthy person or business, phishers attempt to steal sensitive financial or personal information through fraudulent email or instant messages. How can you tell the difference between a legitimate message and a phishing scam? Educate yourself on the latest tricks and scams.

Computer Virus 101

Reading Time: ~ 2 min.

What is a computer virus?

Think of a biological virus – the kind that makes you sick. It’s persistently nasty, keeps you from functioning normally and often requires something powerful to get rid of it. A computer virus is very similar. Designed to relentlessly replicate, these threats infect your programs and files, alter the way your computer operates or stop it from working altogether. It’s estimated that the ‘Conficker’ malware infected more than 10 million computers in 2009, which was a massive amount back then.

The amount of viruses and their capability to inflict damage have only increased since then. Today, hundreds of thousands of them operate over the internet, and new variants are discovered every day. When you couple this with the discoveries of mass-scale security flaws/vulnerabilities (such as ‘Heartbleed’ and ‘Bash’ in 2014), the cyber-world really starts to look like a scary place. It is. But that doesn’t mean there’s nothing you can do to protect yourself and your devices.

How does it find me?

Even if you’re careful, you can pick one up through normal online activities like:

  • Sharing music, files or photos with other users
  • Visiting an infected website
  • Opening spam email or an email attachment
  • Downloading free games, toolbars, media players and other system utilities
  • Installing mainstream software applications without fully reading license agreements

What does it do?

Some computer viruses are programmed to harm your computer by damaging programs, deleting files, or reformatting the hard drive. Others simply replicate themselves or flood a network with traffic, making it impossible to perform any internet activity. Even less harmful versions can significantly disrupt your system’s performance, sapping computer memory and causing frequent computer crashes.

What are the symptoms?

Your computer may be infected if you recognize any of these malware symptoms:

  • Slow computer performance
  • Erratic computer behavior
  • Unexplained data loss
  • Frequent computer crashes

Arming yourself with the best protection

When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to threat tactics. Take these steps to safeguard your PC with the best protection:

Make sure that you have the best security software products installed on your computer:

  • Use anti-virus protection and a firewall
  • Get anti-spyware software
  • Always keep your anti-virus protection and anti-spyware software up-to-date (Webroot SecureAnywhere updates automatically)
  • Update your operating system regularly (most update automatically)
  • Increase your browser security settings
  • Avoid questionable websites
  • Only download software from sites you trust and carefully evaluate free software and file-sharing applications before downloading them

Practice safe email protocol:

  • Don’t open messages from unknown senders
  • Immediately delete messages you suspect to be spam

An unprotected computer is like an open door for malware. Firewalls monitor Internet traffic in and out of your computer and hide your PC from online scammers looking for easy targets. Products like Webroot SecureAnywhere Complete provide total protection from the most dangerous threats out there, thwarting them before they can enter your PC, and standing guard at every possible entrance of your computer to fend off any malware that tries to enter, even the most damaging and devious strains.

While free anti-virus software is available, it simply can’t offer the consistent protection that you need to keep up with the continuous onslaught of new strains. Previously undetected forms of can often do the most damage, so it’s critical to have up-to-the-minute protection that won’t take a break to update and miss the oncoming threat.