Protect your PC from malware

Are your Google search results being redirected to annoying ad sites?

Did you know there are plenty of free software programs that will identify and remove malware hiding in Microsoft Windows?

Google’s Chrome browser has been seeing issues with ‘chrome-navigation-error.inof redirect’.  It is suspected of being botnet related.

I use the Firefox web browser with Adblock, and I run AVG anti-virus. Frequently, but not always, when I click on a link in a Google search result, it takes me to a page advertising something instead of going to the page indicated. If I go back to the search results and click the same link, it usually goes to the correct site. I thought this might be malware, but I have scanned with AVG and Malwarebytes, including anti-rootkit, and there is no indication of anything wrong. Researching the problem, I came across concerns that the Chrome browser could have this behaviour, and the suggestion was to disable extensions. I’m not very happy to do this because my various Firefox extensions add functionality I value. Geoff from Google

Apple Mac OS X and Linus users are also seeing this, although, no Firefox users have reported the issue.
When there is malware on your computer, the best way to take care of the situation is to identify it.

Malware is dangerous to your computer because an attacker can use a small security hole to install more malicious software.

Before trying to get rid of malware, make sure you have all your programs and data backed up.

 

Malware Removal

1. Run Malwarebytes Anti-Malware in Safe Mode for faster removal of malware.
2. Reboot your PC and keep pressing F8 before Windows loads.
3. When in the Boot Menu, run Malwarebytes again
4. Keep rebooting and re-running Malwarebytes until there are no longer issues

Using Microsoft’s SmartScreen filter is helpful in keeping your system protected.  The SmartScreen filter creates an SHA-256 hash of executable code and sends it to a Microsoft server.

The bad code or websites is blocked and a message saying “Windows protected your PC,” will appear.
Most malware usually targets the ‘low hanging fruit’ that hundreds of millions of users who never install patches.  Also users who run pirated copies of software with a built-in back door are attacked.

For help with malware removal or information on computer security call us at 619-325-0990.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

References:
How can I remove redirection malware from my PC? – The Guardian
http://www.theguardian.com/technology/askjack/2014/mar/13/how-can-i-remove-redirection-malware-from-my-pc

Yahoo malvertising is linked to a larger malware scheme

With a look into Cisco Systems, the cyberattack that infected Yahoo users with malware is showing a link between the attack and a suspicious affiliate with Ukraine, in a traffic scheme.

Yahoo said on Sunday that European users have seen malicious advertisements, or “malvertisements,” between December 31st to January 11th.

If the advertisement is clicked, the user is directed to a website with the intention to install malicious software.
Cisco has seen malicious website victims linked to hundreds of ongoing cyberattacks.

The malicious domains all start with a series of numbers, they contain anywhere from two to six cryptic sub-domain labels and end with two random words in the second-level domain.

 

Hosted domains with a large IP block that researchers observed, shows Yahoo victims were redirected to finding 393 others that matched a pattern.

The domains seem to be a part of a scheme designed to direct people to malware.  The group behind the scam infects legitimate websites with code that redirects people to malicious sites.

Most of these malicious domains redirect to two other domains that scans data to a partner program called Paid-To-Promote.net.  People who sign up for the program are paid fees to push traffic to other websites.
It is still not clear whether the program is directly linked to the Yahoo attack.



Research has shown that the traffic traced by the affiliate program, shows the domains are used for suspicious purposes ever since November 28th.  Some of these domains are hosted in Ukraine and Canada.
These malvertisements have been put into Yahoo’s advertising network successfully.

With Yahoo’s high traffic, more people have seen the malicious advertisements, in turn a higher rate of infection.

Online advertising networks screen advertisements to ensure they are not malicious, but bad ones do sneak in occasionally.


References:

Yahoo malvertising attack linked to larger malware scheme – ComputerWorld
http://www.computerworld.com/s/article/9245325/Yahoo_malvertising_attack_linked_to_larger_malware_scheme

Malware advertising on Yahoo?

http://www.hyphenet.com/blog/2014/01/09/malware-advertising-on-yahoo/

Malware advertising on Yahoo.com has infected thousands of website visitors through desktops and mobile devices.

This is done through an iframe Web attack throughout online communities.

The Internet security firm Fox-IT broadcast the malware infection on Jan. 3rd, which entailed malicious ads being served by ads.yahoo.com using cross-site scripting.  The iframes from the ads were directed to infect files on non-Yahoo servers.

Visitors were redirected to an exploit kit called “Magnitude.”

For the malware ads to be downloaded, the visitors did not have to click on the specific malware ad.  The iframe-based attack also shows Web ad servers need not be compromised.  So just by seeing the ad you are at risk of being infected!

Oscar Marquex, the chief product officer at Redwood City, California based cloud security provider Total Defense, has predicted larger attacks as a way of infecting as many systems as possible.

Marquez believes the party involved with the Yahoo.com attack was just “testing the water”.  It is forecasted more intricate exploits will be seen as hackers seek to establish a “distribution model” based on effective iframe attacks.




China-based hackers are copying security breaches like the Yahoo malware ad attack to develop new exploits.

The enterprise customers will seek every possible security angle to see what advantage hackers have on vulnerabilities.

After detecting the malicious ads on Yahoo.com, Fox-IT said it investigated the infection of its clients’ systems that visited the website.  Based on the traffic, Fox-IT estimated the number of visits to the malicious site is about 300,00 per hour.  That is an infection rate of 9%, and is projected to have about 27,000 infections an hour.

The Yahoo attack raises concerns about third-party security, especially with ad networks.  The attack displays a “thriving marketplace” for malware atacks and security threat.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

References:
Malvertising attacks via Yahoo ads may precede broader iframe attacks – Search Security
http://searchsecurity.techtarget.com/news/2240212218/Malvertising-attacks-via-Yahoo-ads-may-precede-broader-iframe-attacks