Ransomware for Thermostats
We all know that Internet of Things (IoT) is the future and that everything from your refrigerator to your toaster may eventually connect to the internet. With that being the case, it’s important to remember that these connected devices need to be designed with security in mind. On Saturday at the Def Con hacking conference in Las Vegas, Andrew Tierney and Ken Munro showcased a ‘smart’ thermostat hack, in which they were able to install encrypting ransomware onto the device, fortunately just as a proof of concept. Check it out:
The hacked thermostat (displayed in the screenshot above) runs a Linux operating system and has an SD card slot for owners to load custom settings and wallpapers. The researchers found that the thermostat didn’t check what files were being loaded or executed. Theoretically, this would allow hackers to hide malware into an application that looks just like a picture and fool users into transferring it onto their thermostat, which would then allow it to run automatically. At that point, hackers would have full control of the device and could lock the owner out. “It actually works, it locks the thermostat,” Munro said. This achieves the predictions of others in the security industry.
Despite the above tweet, Tierney and Munro declined to confirm the brand of this particular thermostat that they hacked. Because this test was so new, despite the vulnerability being showcased, the reserachers haven’t yet disclosed the vulnerability to the manufacturer, but the plan is to disclose the bug today. They also said that the fix should be easy to deploy. While this ransomware isn’t an immediate threat to anyone using smart devices in their homes today, the point has been proven that it’s very possible to create ransomware for these new and emerging IoT devices. “You’re not just buying [Internet of Things] gear,” Tierney warned, “You’re inviting people on your network and you have no idea what these things do.”
Threat Recap: Week of August 1st
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Banner Health Warns Patients Over Cyber Attack
Recently, Banner Health has begun notifying nearly 4 million of its patients about a possible data breach that occurred around the start of July. Along with patient information, the credit card processing systems were affected at refreshment outlets located in three Tucson facilities. Officials claim that not all of their 29 locations were targeted, however. Patients of the affected sites are being notified by mail.
Apple Uses Bug Patch To Cease Jailbreaking of iOS
With the most recent update of iOS (9.3.4), Apple resolved a vulnerability that could allow for unauthorized code execution. The bug was found by Team Pangu, a prominent figure in the jailbreaking community. The patch also means that current jailbreaking tools may no longer work in the new version of iOS, but this likely won’t slow down the developers that are updating their jailbreaking tools just as quickly.
http://arstechnica.com/apple/2016/08/apple-thwarts-jailbreakers-with-ios-9-3-4-update/
iPhone Phishing Emails Getting More Convincing
Attempts at email phishing are starting to look ever more convincing, and Apple users are the latest target. Recently, users have been seeing email order confirmations for new iPhones, but with incorrect shipping addresses and accompanied with a single clickable link for those wanting to ‘claim’ they didn’t authorize the purchase. By simply using a fake shipping address, many victims would likely look past the rest of the email in an effort to stop the transaction from occurring. Unfortunately for those who click the hyperlink, they are brought to a fake Apple Login page that requests payment information to “cancel” the order.
https://www.helpnetsecurity.com/2016/08/05/fake-iphone-order-dispatch/
Iris Scanning For Mobile Hits The Market
Samsung has recently announced its new Galaxy Note 7, which has a feature that is meant to replace passwords for mobile devices and PCs in the near future: iris scanning. With a simple infrared scanner located on the front of the device, users are able to scan their way into accessing their Galaxy phones. While Samsung is not the first company to offer iris scanning, it is projected to be soon available from other manufacturers, including Microsoft who will be looking to use it with their Windows 10 operating system.
Brazilians Target of Latest Zeus Variant
With the Rio 2016 Olympic games a mere day away, more bad news is plaguing Brazilians and visitors alike. A recent variant of the Zeus Trojan, labeled Panda Banker, has its sights set on many of the largest Brazilian banks and other local services. Like many others trojans, this particular variant is spread through spam email and exploit kits, but operates using account takeover in real-time by holding the victim in a loop of pop-up windows while the account is compromised.
https://www.helpnetsecurity.com/2016/08/05/zeus-panda-steals-everything/
Chimera Keys Leaked From Rival Ransomware Author
Encrypting ransomware is so popular now that competitors will sabotage one another to get the upper hand. This is refreshing for victims, however, as they reap the benefit of these potential clashes between cybercriminals. ‘Chimera Ransomware’ has just had its keys leaked to the public, which is fantastic news for anyone who has been a victim of this ransomware.
@JanusSecretary (presumed author of Mischa and Petya) was quick to tweet the news:
The keys are linked here which is a zip of the text file with over 3,500 keys. Below is a summary of the leak, where it is explained that Mischa used Chimera sourcecode. While the authors of Mischa and Chimera are not affiliated, they did get access to big parts of Chimera’s development system.
This allowed access to the decryption keys that have now been released. With these keys now released, it shouldn’t be too much longer before a decryption tool is created for all the victims of Chimera.
Also included is a shameless plug for his RaaS (Ransomware As A Service) portal, where anyone can create new ransomware payloads.
For any successful ransoms that result in payment, a cut will be taken by Janus based on how successful the ransoms are. For a complete rundown on RaaS variants check our our blogs on Ransom32 and Encryptor RaaS samples.
Threat Recap: Week of July 25th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Wireless Keyboards Found To Be Vulnerable To Radio Hack
In a recent study, it was shown that a large number of wireless keyboards use no encryption when sending data to a corresponding computer, leaving the keystrokes of users accessible to anyone with the right equipment. Among the offenders, the biggest vulnerability was a lack of Bluetooth functionality for connecting to the computer. Instead, the keyboards are using more generic methods, which don’t offer the same security measures.
https://www.wired.com/2016/07/radio-hack-steals-keystrokes-millions-wireless-keyboards/
Researchers Net $22,000 From Pornhub’s Bug Bounty Program
The adult site, which averages over 60 million daily views and nearly 4 million registered accounts, is a lucrative target for cyber criminals. With the offer of a large monetary reward, two researchers set out to break into Pornhub’s main site with the goal of performing remote code execution. By exploiting several vulnerabilities in PHP, they gained the capability to dump the entire Pornhub database to a remote server, which earned them the bounties offered by Hackerone and Pornhub itself.
http://www.infosecurity-magazine.com/news/pornhub-hacked-to-access-billions/
CryptXXX Thriving With Neutrino Exploit Kit
After the widely-used Angler exploit kit died off back in June, many believed that CryptXXX would also see a decline in use (as it utilized Angler), though the opposite has come to be true instead. By making the switch to the Neutrino exploit kit, CryptXXX has been able to extend it’s reach even further to allow WordPress exploitation as well as the typical Flash Player and Java vulnerabilities. After clicking the infected link, the ransomware payload is dropped and a ransom note with instructions for payment are displayed to the users, along with a warning that the ransom amount will double after 5 days.
https://www.webroot.com/blog/2016/07/22/cryptxxx-utilizes-new-exploit-kit/
Windows 10 Vulnerability Allows for Bypass of User Account Control
Recently, researchers have discovered a method for allowing malicious DLLs on a Windows 10 machine, while bypassing the User Account Control pop-up warning about the heightened privilege access. By replacing one of the DLLs that is launched by the ‘diskcleanup’ application with a malicious version of the same name, the malicious code was executed with administrator privileges and no user input or verification was needed.
https://www.helpnetsecurity.com/2016/07/26/user-account-control-bypass/
Turkish Gas Provider Targetted by Anonymous
In their latest hacktivist attack, OpTurkey, Anonymous has taken aim at a Turkish gas company’s website in protest of local government officials activities as well as their relationship with the company’s top executives. The attackers were able to access the personal and financial records of nearly 500 individuals, the contents of which were subsequently posted online.
http://www.scmagazineuk.com/anonymous-breaches-turkish-natural-gas-company/article/512101/
Threat Recap: Week of July 18th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Rio Olympics: A Cyberthreat Goldmine
With the 2016 Olympic games right around the corner, it’s already being anticipated as a highly targeted event for cyber criminals. With lax cyber-crime laws in Brazil coupled with hackers that are well versed in banking data theft, visitors to Rio should be cautious of any suspicious emails they might receive and of the many ATMs and card-reading machines that could contain malware. Additionally, mobile users should be wary of accessing unsecured WiFi networks as there is no way to tell who else may be monitoring the traffic being sent through.
Pokémon Go Spawn Locations Revealed
In the weeks since Pokémon Go’s release, the game has brought a sweeping wave of change over the world, providing players the incentive to explore the world around them and to interact with others also playing the game. However, some users have taken the hunt for Pokémon a step further – by monitoring the data traffic being sent to and from the Pokémon Go servers and producing a Google Maps layout showing all local Pokémon that are currently spawned. While this does breach Niatic’s terms of service, the users in question believe it to be more of a service to other players, rather than for personal gain.
Two-Factor Authenticated Calls Exploited for Major Profits
Many service providers offer VoIP calls, but one researcher found a method to make hundreds of calls to a premium-rate number that he owned at a profit nearing $750,000 before the process would be terminated. By exploiting this bug from Google, Microsoft, and Instagram, the researcher could have turned an annual profit well into the millions. Fortunately, he was able to contact the bug bounty programs for each company and ensure the vulnerabilities were patched before any hacker exploited them.
Ransomware ‘Customer Service’ Willing to Haggle
Thousands of users become the victims of ransomware annually, and while law enforcement agencies argue both for and against paying the ransom, the fact is that customer support for these criminals has improved immensely. This increase likely stems from the malware authors knowing they can still make money, although the amount may be less than their initial ransom, if they are willing to work with their victims to pay it. In a recent study, 3 out of 5 ransomware variants’ ‘customer support’ agents (aka employed cybercriminals) were willing to negotiate a lower ransom if the victim remained firm against paying a high amount in order to get something rather than nothing.
Oracle Patches Record Number of Bugs
In what might be their biggest patch update ever, Oracle has pushed a critical patch that covers 276 different bugs found across hundreds of their products. Many of the vulnerabilities were remotely exploitable and could have been extremely damaging had they been discovered in the wild. While some of the updates are based around non-network connected applications, Oracle still advises to push the updates quickly to ensure against any unauthorized access.
https://www.helpnetsecurity.com/2016/07/20/oracle-squashes-276-bugs/
CryptXXX now looking to Neutrino for exploit support
When it comes to drive-by attacks, CryptXXX is king. In fact, out of all the exploit kits dropping payloads on victims, 80% result in CryptXXX. The creators attacked vulnerabilities in Flash Player, Java and Silver Light through using the Angler exploit kit, with malvertising helping boost their success. The malware authors were able to generate $3 Million per month almost exclusively from ransomware.
But how exactly does malingering work? In a nutshell, cyber criminals submit booby trapped advertisements to ad networks for a real-time bidding process. Malicious ads then rotate in with normal ads on legitimate, highly reputable sites. Users then visit these site and click on an infected ad. An invisible iframe injection then redirects the user to the exploit landing page, where a payload is then dropped. Here’s an example:
Since Angler was shut down earlier last month, CryptXXX was presumed to also die with it. However, it’s taken new life with the Neutrino exploit kit, and can now exploit out of plugins like WordPress. Here’s how this looks:
Once a user is unlucky enough to click an infected ad, a ransomware payload is dropped and they become the victim. Here are the instructions that are presented to victims. Pictured below, they are presented the form of a desktop background:
Once a user’s files are encrypted, the steps are the same as most ransomware – install a layered tor browser, then pay the ransom using bitcoins. This variant specifically only asks for 1.2 bitcoins ($800), which is the most ‘mild’ demand of recent ransomware variants, but the amount will double after 5 days if the ransom isn’t paid. It is worth noting that other sites have offered free decryptors for this malware, but they seldom last longer than a few days before the malware authors change it up yet again.
Webroot will catch this specific variant in real time before any encryption takes place. We’re always on the lookout for new and updated ransomware threats, but just in case of new zero-day variants, remember that with encrypting ransomware, the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into our consumer product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero-day variant of encrypting ransomware, you can just restore your files back as we save a snapshot history for each of your files up to ten previous copies. Please see our community post on best practices for securing your environment against encrypting ransomware.
MD5 analyzed
75EF6891AE7214AD17679CB88DC3B795
7BB58C27B807D0DE43DE40178CA30154
05825F3C10CE814CE5ED4AE8A74E91A2
Cerber Ransomware: The Facts
Cerber is yet another newer ransomware that has been gaining some traction over the past couple months, so we’re providing a breakdown of this new variant. First, here is how it looks:
Unlike some other ransomware variants, Cerber is certainly not going for aesthetics. It also lacks any type of GUI. However, it does change your background to an awful pixelated image of static that’s not comfortable to look at, but it achieves its goal of getting the victims’ attention.
The ransom text is quite extensive and attempts to answer as many questions as the victims might have. The end goal is to get the user to follow directions to install a layered tor browser so they can access the dark net and pay the ransom with Bitcoins. This is what the ransom portal looks like:
This Cerber variant specifically wants 2 BTC, which is a huge sum of money (around $1,300) compared to variants seen in the past. As with older types, there is a ‘late fee’ that doubles the ransom if it isn’t paid in the original time frame. It appears that this trend of charging more money is new and is continuing to catch on. Also included with Cerber are “freebies”, which means that you get one free decrypt of a file. This was introduced by coinvault in 2014 to great success, so now almost all ransomware types include it.
Webroot will catch this specific variant in real time before any encryption takes place. We’re always on the lookout for new threats, but just in case of new zero-day variants, remember that with encrypting ransomware, the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into our consumer product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero-day variant of encrypting ransomware, you can just restore your files back as we save a snapshot history for each of your files up to ten previous copies. Please see our community post on best practices for securing your environment against encrypting ransomware.
MD5 Analyzed:
c3cd90c3e406981bece559a43fe64414
383803a90293408e36063809319f5982
065033243f30b1e54241a932c5e706fd
CryptoMix Ransomware: What You Should Know
CrytpoMix has been gaining some traction over the past few months, so it’s a good idea that we provide a rundown of this variant in the ransomware family.
This is ‘barebones ransomware’, so victims aren’t presented with a GUI or a desktop background change. All that is presented is a text file and webpage showing the same text.
This is one of the FEW ransomware variant that doesn’t have some payment portal in the darknet. There is no need to download any tor browser, as they don’t provide any onion links.
With this variant, victims literally have to email and wait around 12 hours for a response and those responses are encrypted and password protected (to protect the bitcoin wallet address the cybercriminals want payment to be made to).
Example response:
While CryptoMix isn’t fancy, it’s price sure is. 5 BTC (Bitcoin) is an insane amount of money (>$3000), and it wasn’t a few months ago that ransom increases to $700 were all the rage. Also, these criminals even claim that you’ll receive free tech support and all your ransom money goes to a child charity. Please do not be fooled.
Registry Entries added
» HKLM\Software\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider
» HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward
» HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader UpdateSoftWare
» HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Adobe Reader Update32
» HKCU\Software\Microsoft\Windows\CurrentVersion\Run\AdobeFlashPlayerSoftWare
» HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\*AdobeFlashPlayers32
» HKCU\Software\Adobe Reader LicensionSoftWare\AdobeFirstVersionSoftWare
» HKCU\Software\Adobe Reader LicensionSoftWare\AdobeLicensionSoftWare
MD5 hashes analyzed :
b778bda5b97228c6e362c9c4ae004a19
a0fed8de59e6f6ce77da7788faef5489
Webroot will catch this specific ransomware in real time before any encryption takes place. We’re always on the lookout for more types of threats, but just in case of new zero-day variants, remember that with encrypting ransomware, the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into our consumer product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero-day variant of encrypting ransomware, you can just restore your files back as we save a snapshot history for each of your files (up to ten previous copies). Please see our community post on best practices for securing your environment against encrypting ransomware.
What is Anti-Virus Software?
Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove viruses, and other forms of malware such as worms, trojans, adware, and more.
As our world continues to become ever more connected, anti-virus remains critical for users seeking to keep their devices protected. However, it’s vital that the security one chooses is always up-to-date with automatic updates, as a device without proper security software may be infected within minutes of connecting to the internet.
Unfortunately, because today’s threats are so sophisticated and are constantly being updated, traditional cybersecurity companies are incapable of updating their detection tools fast enough to handle many of these threats, particularly the ones that are not yet ‘known’ by the anti-virus software.
Pretty much all of today’s anti-virus solutions offer a host of features and are able to perform the following task:
- Scan specific files or directories for any malware or known malicious patterns
- Allow you to schedule scans to automatically run for you
- Allow you to initiate a scan of a specific file or of your computer, or of a CD or flash drive at any time
- Remove any malicious code detected – sometimes you will be notified of an infection and asked if you want to clean the file, other programs will automatically do this behind the scenes
- Show you the ‘health’ of your computer
However, while these tactics were enough to keep a device safe two or three years ago, malware has evolved at too rapid a pace for these features to remain the only thing a user needs to stay protected.
Thanks to the influx of more sophisticated phishing attacks and polymorphic malware capable of replicating and altering itself enough to not be caught by ‘traditional’ security solutions, many threats slip by, undetected. Today, an effective security solution is one that can stay ahead of these threats by automatically updating, monitoring unknown files to ensure they’re not making changes to your devices, protecting against phishing attacks and other online threats, and having the ability to roll-back any changes a file makes on a user’s device. In other words, users need to use smarter cybersecurity.
Computer Hackers and Predators
How are they a security threat?
People, not computers, create computer threats. Computer predators victimize others for their own gain. Give them access to the internet — and to your PC — and the threat they pose to your security increases exponentially. Computer hackers are unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without your knowledge or consent. Their clever tactics and detailed technical knowledge help them access information you really don’t want them to have.
How do they find me?
Anyone who uses a computer connected to the internet is susceptible to the threats that these cybercriminals pose. These online villains typically use phishing scams, spam email or fake websites to deliver dangerous malware to your computer and compromise your computer security. Computer hackers can also try to access your computer and private information directly if you are not protected with a firewall. They may also monitor your chat room conversations or peruse your personal webpage. Usually disguised with a fake identity, online predators can lure you into revealing sensitive personal and financial information, or much worse.
What can they do to me?
While your computer is connected to the internet, the malware a hacker has installed on your PC quietly transmits your personal and financial information without your knowledge or consent. Or, an online crook may pounce on the private information you unwittingly revealed. In either case, they may:
- Hijack your usernames and passwords
- Steal your money and open credit card and bank accounts in your name
- Ruin your credit
- Request new account Personal Identification Numbers (PINs) or additional credit cards
- Make purchases
- Add themselves or an alias that they control as an authorized user so it’s easier to use your credit
- Obtain cash advances
- Use and abuse your Social Security number
- Sell your information to other parties who will use it for illicit or illegal purposes
In addition to the above dangers, an online stalker can pose a serious physical threat. Use extreme caution when agreeing to meet an online “friend” or acquaintance in person.
How will I know?
Check the accuracy of your personal accounts, credit cards and documents. Are there unexplained transactions? Questionable or unauthorized changes? If so, dangerous malware installed by these cyber criminals may already be lurking.
What can I do to protect myself?
When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to threat tactics. Both online predators and hackers pose equally serious and but very different threats.
To protect your computer against the former:
- Continually check the accuracy of personal accounts and deal with any discrepancies right away
- Use extreme caution when entering chat rooms or posting personal webpages
- Limit the personal information you post on personal webpages
- Carefully monitor requests by online “friends” or acquaintances for predatory behavior
- Keep personal and financial information out of online conversations
- Use extreme caution when agreeing to meet an online “friend” or acquaintance in person
To protect your computer against the latter:
- Use a two-way firewall
- Be diligent about updating your browsers and operating systems
- Avoid questionable websites
- Only download software from sites you trust and carefully evaluate free software and file-sharing applications before downloading them
- Practice safe email protocol
- Don’t open messages from unknown senders
- Immediately delete messages you suspect to be spam
- Make sure that you have the best cybersecurity installed on your computers and mobile devices
An unprotected computer presents an open door for these cyber crooks. Make sure that you’re keeping all your devices protected with security that actually works, preventing attacks and keeping the threats they pose at bay.
Threat Recap: Week of July 11th
HSBC Sites Downed Briefly After Cyber Attack
Earlier this week, it was reported that HSBC had been the victim of a cyber attack and both it’s US and UK sites had been taken offline. The messages remaining on both sites announced that an organization called OurMine had found a vulnerability and would only stop the attack once an HSBC employee contacted them. Seemingly as promised, the attack ceased and the sites were brought back online early Wednesday morning.
Malicious Pokemon Go Look-alike Apps On the Rise
With the recent popularity of the Pokemon Go app, it comes as no surprise that a massive influx of third-party apps claiming to be related have hit the appstore. While many of these are seemingly harmless, some offer cheats and other Pokemon-related info to attract users and then require permission to view personal information stored on the phones. With nearly 200 unofficial apps found so far, it is likely that more will replace the ones that are being removed.
Ransomware’s Latest Scam Skips Encryption
Recently, researchers have discovered a new variant of ransomware that operates with significantly less sophistication than normally seen. Ranscam, the variant in question, lives up to it’s name by simply deleting the files once the ransom message is displayed, while stating the usual encryption and bitcoin payment instructions. Regardless of the victims payment status, the files are completely removed, leaving nothing to decrypt if/when a payment is made.
https://threatpost.com/ranscam-ransomware-deletes-victims-files-outright/119197/
Omni Hotels Face Data Breach
This week, Omni Hotels & Resorts made a statement that they had suffered a security breach over the past 6 months on it’s point-of-sale systems. The attack follows the long string of hotel security infractions that have occurred in the last year, as they make for highly profitable targets in an industry with out-of-date cyber protection. Fortunately for Omni, their recently appointed CIO has already begun implementing new solutions to protect against similar attacks in the future.
Stampado Ransomware Available On Dark Web For Low Price
In an unusual move by malware authors, the creators of the Stampado ransomware variant have released a lifetime license for a measly $39 USD. The variant itself is similar to Cryptolocker, but with the additional function of not requiring administrator privileges when launching. While it’s currently not widespread, the price point removes a major barrier for cyber criminals who may be deterred by a high upfront cost.
http://www.infosecurity-magazine.com/news/brand-new-stampado-ransomware/
Computer Virus 101
What is a computer virus?
Think of a biological virus – the kind that makes you sick. It’s persistently nasty, keeps you from functioning normally and often requires something powerful to get rid of it. A computer virus is very similar. Designed to relentlessly replicate, these threats infect your programs and files, alter the way your computer operates or stop it from working altogether. It’s estimated that the ‘Conficker’ malware infected more than 10 million computers in 2009, which was a massive amount back then.
The amount of viruses and their capability to inflict damage have only increased since then. Today, hundreds of thousands of them operate over the internet, and new variants are discovered every day. When you couple this with the discoveries of mass-scale security flaws/vulnerabilities (such as ‘Heartbleed’ and ‘Bash’ in 2014), the cyber-world really starts to look like a scary place. It is. But that doesn’t mean there’s nothing you can do to protect yourself and your devices.
How does it find me?
Even if you’re careful, you can pick one up through normal online activities like:
- Sharing music, files or photos with other users
- Visiting an infected website
- Opening spam email or an email attachment
- Downloading free games, toolbars, media players and other system utilities
- Installing mainstream software applications without fully reading license agreements
What does it do?
Some computer viruses are programmed to harm your computer by damaging programs, deleting files, or reformatting the hard drive. Others simply replicate themselves or flood a network with traffic, making it impossible to perform any internet activity. Even less harmful versions can significantly disrupt your system’s performance, sapping computer memory and causing frequent computer crashes.
What are the symptoms?
Your computer may be infected if you recognize any of these malware symptoms:
- Slow computer performance
- Erratic computer behavior
- Unexplained data loss
- Frequent computer crashes
Arming yourself with the best protection
When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to threat tactics. Take these steps to safeguard your PC with the best protection:
Make sure that you have the best security software products installed on your computer:
- Use anti-virus protection and a firewall
- Get anti-spyware software
- Always keep your anti-virus protection and anti-spyware software up-to-date (Webroot SecureAnywhere updates automatically)
- Update your operating system regularly (most update automatically)
- Increase your browser security settings
- Avoid questionable websites
- Only download software from sites you trust and carefully evaluate free software and file-sharing applications before downloading them
Practice safe email protocol:
- Don’t open messages from unknown senders
- Immediately delete messages you suspect to be spam
An unprotected computer is like an open door for malware. Firewalls monitor Internet traffic in and out of your computer and hide your PC from online scammers looking for easy targets. Products like Webroot SecureAnywhere Complete provide total protection from the most dangerous threats out there, thwarting them before they can enter your PC, and standing guard at every possible entrance of your computer to fend off any malware that tries to enter, even the most damaging and devious strains.
While free anti-virus software is available, it simply can’t offer the consistent protection that you need to keep up with the continuous onslaught of new strains. Previously undetected forms of can often do the most damage, so it’s critical to have up-to-the-minute protection that won’t take a break to update and miss the oncoming threat.