Whilst traversing The Tubes yesterday doing some research on credit card processing across a host of different sites, I was hit with an old school malware installer technique with a couple of new twists at one of them. (That's what it looks like above.)
What's old school about it, is it's using an old social engineering ruse to trick people into installing it. Make no mistake: it's fake software. Well, it might play media files, but I guarantee there's some sort of unwanted malware / adware payload along with it.
As you can tell from the Finder icon in the top left, and the "Accept and Install" button in the lower right, it's obviously geared for people on a Mac, and here are some telltale signs it's fake.
- Every media type that matters is playable out of the box on a Mac.
- "Media Player" is Windows-only software, and it's built into Windows, i.e. no need to install it like this.
- The Accept and Install button and the Finder icon are the (now very) old Mac interface style.
- Powered by "MediaDownloader," yet the software is called, "Media Player"?
- What the heck is the Finder icon even doing on a an installer for a third-party product?
Curiously, both Bitdefender and Webroot for Mac missed identifying the serving URL as malicious:
(Whether it has a trojan or some other malicious payload or if it's "just" adware, I don't know, and honestly, does it really matter? Its goal is to trick people into installing it.)
So, if you come across this bugger (or something similar in the wild), get the heck out of Dodge and for cryin' out loud, keep your mouse away from the "Accept and Install" button, will ya?
THREE short days ago, I promised you we were working on something big.
(If you missed that blog / email, here's a one sentence recap: My dear friend Mike's recent, sudden passing gave me the impetus to help our subscribers more than we are.)
HERE'S WHERE WE ARE NOW...
We want to do better by you.
There are a TON of subscribers like you who have questions about their PC and NEED answers who end up not getting things fixed (or end up with lousy solutions) because they don't think to ask us because we're "just" antivirus guys (which just isn't true.)
We're not just talking about PC security or optimization. We're talking about getting your PC to finally work for you the way it's supposed to. We’re talking complete PC mastery.
...AND THIS IS WHERE YOU COME IN.
Now that we're putting rubber to the road to solve these vexing problems, your insight means everything.
Do us a favor: Tell us what would make the biggest difference for you.
To make it easy, we've chopped everything down to JUST THREE QUESTIONS and should only take you about one minute.
Go here to give us your take: https://www.surveymonkey.com/r/RT5Y8FF
On Feb 18, the entire computer system at Hollywood Presbyterian Medical Center was locked and held for ransom.
The hackers who easily infiltrated the hospital's system locked and encrypted all of the hospital's medical files and computers making it impossible to work and help patients. The hackers demanded $17,000 to unlock the hospital's computer system. The hospital staff had to resort to pen and paper to get anything done, and many critical patients had to be diverted to other hospitals for care.
And if you think you're not vulnerable to ransomware attacks, think again:
The Lockie ransomeware malware can be targeted at anyone, anytime. Whether you're a big company or a single person, Lockie makes it incredibly easy to infect and hold your PC... or many PCs... for ransom. Local resident Brandi C. was hit by Lockie at home.
Brandi had to pay $300 to the hackers so they would unlock and release her computer back to her.
How Does This Happen?
The Lockie ransomware is spread primarily through emails. Proofpoint CEO Gary Steele says their security firm saw 10 million messages go out in one day that contained the Lockie ransomware.
Lockie is typically delivered via email as an attachment. By clicking open a simple Word document attached to your email, you could instantly infect your system with Lockie. Your entire computer would then be locked and encrypted with a demand from the hackers to pay hundreds or even thousands of dollars to unlock your computer.
How To Avoid Lockie and Other Ransomware
- Don't click on suspicious links or attachments in your emails. If you get an email from someone you don't know that has an attachment, you have two options:
- Delete the email immediately without opening. This is your best and safest option.
- Use your antivirus software to scan the file before opening it (most antivirus software has a feature that lets you right click a file and scan it. Caution: be extremely careful that you don't actually double click to open it. If you do, you could instantly infect your PC. If you do get infected with Lockie or any ransomware, try The FixMeStick to get rid of it.
- Delete the email immediately without opening. This is your best and safest option.
- Backup all your data regularly. If you're not already backing up your files... you should be. A good backup software is a critical piece of online security that many people overlook. Backup always and often.
- Be sure you have a good antivirus or Internet Security software installed. We say it over and over, but people still get hit with ransomware and other malware all the time because they have poor antivirus software. A good antivirus program will scan attachments before they can do any damage.
In the end, the hospital paid the $17,000 ransom to get their files back. They panicked because they felt they had no other choice. They should've trained their staff to better identify suspicious email attachments, and they should've had better antivirus software running.
And Brandi, and thousands more like her, was an innocent bystander who got hit with this devious malware... and you could too. Be alert when you're online just like you would in a bad part of town. Keep your eyes and ears open and don't be too quick to click.
Since we began the site in 2006 the marketshare of the Mac / OS X has grown steadily.
In terms of both competition and reducing the amount of homogeneity in the computing ecosystem. This is a good thing.
In contrast, if every computer in the world were the same, it would be easier to find "The Flaw," that will make everything grind to a halt. Increase diversity (i.e. reducing homogeneity) means it's harder to find one flaw that affects everyone.
In a round about way, you could even say the success of the Mac and OSX actually makes PC's safer.
Which leads us to:
What's the Best Mac Antivirus Software?
Even though we've been testing PC antivirus software for nearly ten years and we have an embarrassingly large database of viruses, rootkits, bootkits, trojans, worms, adware, keyloggers, spyware, and every other kind of malware imaginable, for a long time it has been primarily for the PC.
That doesn't mean the need hasn't been there (or that our readers haven't been asking for it for some time now.)
So, without further ado, here's our first list of best Apple / Mac OS X antivirus software.
Although it may seem strange to some people, to others the very thought of using a credit card online seems pretty crazy.
In fact, we talk to someone by phone at least once a week with this concern.
Pam, a New Hampshire resident, called this week asking,
"I want to buy one of the antivirus programs you review, but I'm uncomfortable buying online.
"I just don't like putting my credit card information in some website. I'd rather do it in person or by phone.
"Is there a way I can buy the software in a store, instead?"
In my view buying software online (and in fact all transactions online) are actually safer than those you do in a store.
(As the former CTO of a sizable credit card processing company, I can answer this question with some authority.)
Read on for the answer...
Why online transactions are actually safer
First, let's take a look at what really happens when you buy something in a store.
The fact is almost all credit card transactions, even those done in a store, happen entirely on the Internet. (We'll cover this more in a second.)
Second, when you buy software in a store, you have the huge hassle of going back to the store and dealing with that store's return policy for software.
Since nearly all stores prohibit customers from returning software once it's opened, your only recourse is to go back to the manufacturer and wait for them to issue a refund. (Oh, joy!)
In contrast, if you buy software online, the license key and a link to download are emailed to you. If you need a refund, you just get in touch with the company directly since they're the ones that sold you the software. Schlepping to the store involved? Zero.
Third, when you buy antivirus software in a box, what you're getting is weeks—maybe even months—old. Yes, the software will update itself automatically, but a heck of a lot of new viruses are developed between when the software was boxed up and when you bought it.
On the other hand, antivirus software purchased online is often the manufacturer's latest, greatest release.
Before we get back to buying software in a store, let's talk about buying by phone. The problem with phone purchases is you're trusting the person to be honest on the other end of the line.
For the most part, they are. Other times, not so much.
The fact is, you're giving that person all your card details, even the security code from the back, so they've got everything--even your billing address. If they want to go on a seven state shopping spree or sell your info on the black market, you couldn't make it any easier.
OK, let's get back to what happens when you buy something in a store.
What Really Happens?
The super simple version of what happens goes something like this:
- Your card is swiped in a credit card terminal or cash register, and then
- The credit card number is immediately encrypted, and then
- Shot to a "front end" processor, who then
- Talks the store's bank, who then
- Talks to your bank to get authorization to charge your card.
Later, a "back end" processor enters the picture, too, who also gets handed your card number via the Internet. [This is a simplified version of what happens, too.]
Any guess were all this happens? Online.
All of it.
What's all this mean?
It means in-person purchases are ultimately no different than those that happen entirely online.
What's the real risk?
First, in most countries for there to be any liability, the bank has to prove you were at fault for the theft. If you're not at fault, the liability is usually $0.
What's more if you're in the U.S. your maximum liability is $50. (It's the law.)
And, in Canada, Australia, and most countries in Europe, liability is legally limited there, too. Usually, it's between $0 and $50/£50/€50.
The bottom line:
- All credit card transactions ultimately end up online
- Your credit card number and other info about the purchase is encrypted as it moves across the Internet
- Laws in most countries limit your liability to between $0 and $50/£50/€50.
Lastly, because of the encryption in use and the layer upon layer of security in place, in many ways it's MUCH safer to use your card online than it is to use a card in person in person in a lot of places.
Consider: a restaurant.
When you're done with dinner, a waiter or waitress takes your card and disappears with it. For minutes at a time they're out of sight.
Sure, they return with your bill, and that* much you can make sure is correct, but what else they did with your card while they had it is anyone's guess.
So, if you're reluctant to use your credit card online, knock it off. Save the trip to the store and buy online. And, if you don't like the software, make the refund process easier on yourself.
We've been getting such tremendous feedback from this story from our newsletter subscribers, I've decided to turn it into a blog, too.
This "Ask the Experts" deals with a personal story from my college days and situational awareness.
It's a short story. Every word is true.
I hope it helps keep you safe online, too.
The story goes like this, I put myself through college managing car washes.
It was a lot of fun, and unlike a lot of my friends, I got to work outside and got priceless experience in ways you'd never imagine: scheduling, managing staff, handling customers, negotiating with vendors, bookkeeping, even welding.
One night after locking up the safe, I'd just turned out the lights inside and as I was walking down the long hallway, ready to head out for the evening, out of the corner of my eye I spotted movement in the bushes outside.
Because of the one remaining light outside, I could see outside, but you couldn't easily see inside the completely dark building.
I was sure someone was there.
At 11:00PM, no one had any business being on a dark car wash parking lot, much less skulking around in the bushes.
As stealthily as I could, I dialed 911 and as quietly as possible explained the situation.
In no time, an officer showed up; we immediately recognized one another as his department routinely brought their cars in.
As he stepped out, he reiterated the situation as I'd explained it to the 911 operator.
Seeing the situation for what it was and my (extreme) concern, and knowing me pretty well personally, he unholstered his weapon. Together we walked the perimeter of the lot.
We found nothing.
I felt silly, but I know what I saw, so I chalked it up to, "Oh well..."
Still shaken, I thanked the officer, and apologized for the wild goose chase.
His words, "Better to feel silly than to be dead."
The words stuck with me.
I nodded, got into my car, and went home.
The next day...
The next day when I came in for my shift, the morning manager said, "Hey, Kevin... did you hear about the Shell station down the street last night?!"
"They got robbed. Shot and killed the night manager. Just after 11 o'clock. You're lucky they didn't come here instead."
I got lucky.
I got lucky that night. Very lucky. But I was also aware of my surroundings and willing to look stupid.
Online, it's harder.
The bad guys are smarter than ever, and like the crooks at the car wash that night, they want your money.
Today's bad guys online make phony bank sites and phishing emails. They make 'em seem so legit it's nearly impossible to tell they're not real.
Even professionals have a hard time telling good from bad.
And, while antivirus and Internet security software can be a big help, your own situational awareness is just as important.
If you get an email, no matter who it's from, if it's got a link: be wary of it.
If you click the link, do not, under any circumstance fill out any kind of form on the site. No usernames. No passwords. Nothing.
If it's legit, you can always go back to the site by typing the _real_ website name into your web browser by hand.
The bottom line...
Be aware of your surroundings online just like you are in the real world.
Keep in mind, too, it's not just bank websites being phished. Be wary of any email claiming to be from anywhere where you use a username and password.
If you think you've got something in the bushes of your PC, feel free to contact Josh and me.
We may not be peace officers, but we do know a thing or two about online safety and security.
After all, it's better to feel a little silly asking for help than the alternative.