Is There a Script Kiddie Watching You?

Webcam

 

A recent article in Trascendit caught our eye. It was about webcams, or more specifically about people watching you through yours.

It’s not a sophisticated hack, but it’s rather unnerving because they’re not doing it for financial gain; instead, they’re doing it for fun.

The people behind it are known as Script Kiddies (or skiddies). They don’t write any complicated software or code to get into your machine; they rely on you to do the damage for them.
They use a simple phishing scam that’s sent directly to your email that’s made to look like any other email from an organisation. But once you click a link the malicious software installs without you realising.

This type of malware isn’t designed to steal your passwords or card details, (at least, not at first) but to give the sender remote access to your machine. It’s called a Remote Access Tool, or just a RAT – and it’s exactly as unpleasant as it sounds.

Once installed, the Script Kiddie has complete control of your machine. They can flip your screen, open your disk drive, open websites, browse your private documents and pictures and log your keystrokes to steal your information. Or, if they prefer, just turn on your webcam and microphone and start watching.
The scariest part of this hack is that it’s almost impossible to know whether you’re a victim.
There are things you can do to make sure that you don’t end up on one of these sites:

  • Learn how to identify phishing emails
  • Don’t use torrents
  • Install antivirus software, and do a full scan every month or so
  • Get yourself awebcam cover – just in case.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Security Advice For New Computer Owners

New PC

 

Security isn’t always the first thing you think of when you get your first computer.

The excitement of getting it out of the box and working your way through the setup procedure is much more fun.

You can’t wait to get on the internet and besides, all that security stuff is just hype to get you to spend more money, right?

Wrong.

Online security threats are real, and if you don’t take it seriously, you could end up losing your data and watch your beloved computer slowly curl up and die.

Here are our top 10 tips for new computer owners. None of them are complicated, but they’re all important.

  1. Your computer is a sturdy piece of kit, but it’s not indestructible. It does like to be cleaned (see your computer’s guide), and it doesn’t like liquid or food
  2. Even though you write a document on your computer, it doesn’t mean it’s there forever, even if you save it – back everything up
  3. The best policy is not to trust anything that comes from the internet until it’s proven safe
  4. Saving is not automatic. If in doubt save it again
  5. The internet is a public entity. Only post things you’re happy for everyone in the world to know
  6. Don’t attempt any DIY fixes. If in doubt don’t touch your machine and get someone who knows what they’re doing (it will be cheaper in the long run)
  7. If you get a call from “Microsoft” hang up, it’s not them
  8. Get paid antivirus
  9. Set a strong admin password and use a non-admin account for everyday use
  10. Above all, if it sounds too good to be true, it probably is

If you follow those tips as you start to get to know your computer, you won’t go too far wrong.

Above all, take care of it, and it will take care of you.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

New Computer? Here’s Our Security Advice

Don't fall for viruses

 

Getting a new computer is exciting.

Come on, admit it. It doesn’t matter how many you’ve owned in the past; you always get a buzz when unpacking a new one.

You look forward to a long and happy life together. However, the only way you can make sure that happens is to protect it from all the cyber nasties that are out there just waiting for their chance to bring your online world crashing down.

Whether you’re an old hand at owning computers, or this is your first foray into the world of the internet, here are a few gentle reminders to help you stay safe:

  • Your computer is sturdy but not indestructible
  • It likes to be clean
  • It doesn’t like liquids or food of any kind
  • Nothing is forever; just because you save a document doesn’t mean it’s there for posterity
  • Start off not trusting anything that comes from the internet until it’s proven safe
  • Saving is NOT automatic. If in doubt, save it again
  • The internet is public, and anything you put on it should be treated as though it were broadcast to the world
  • If in doubt, HANDS OFF and call someone who understands computer stuff
  • If “Microsoft” call you, hang up (it’s not them)
  • Get paid antivirus
  • Set a strong admin password (not ‘password’) and use a normal user (non-admin) account for everyday use
  • If it sounds too good to be true, it is
  • IF IN DOUBT ABOUT ANYTHING SPEAK TO SOMEONE BEFORE ACTING

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

 

Why We Recommend BullGuard Internet Security

BullGuard Internet Security

 

We always recommend BullGuard Internet Security to our clients, which inevitably means they ask why.

That’s why we decided to write this post so we could give you the low down on why we think it’s the best product on the market.

For starters, in January this year UK consumer champion Which? endorsed BullGuard Internet Security 2016 with a Which? ‘Best Buy’.

BullGuard Security

On top of that, it also offers you all of this:

It’s simple to install and easy to use.

BullGuard installs in minutes. Its intuitive layout makes it simple for you to run a quick scan, adjust protection levels, back up your files, customise your settings and more. Everything is just one click from the main BullGuard home screen.

Malware and Spyware Protection

The latest version of Antivirus includes Behavioural Detection, which spots new viruses by how they act on your computer. Together with Signature-based Detection, which deals with known malware, they make up a multi-layered defence system for PC that’s virtually impenetrable.

Safe Browsing

Some websites have malicious code hidden in them. Or they are used to launch phishing attacks. The BullGuard protection software checks the websites that come up in your searches and lets you know which ones are safe.

Stop unwanted applications take control

Some programmes contain adware, they install toolbars and modify your system settings. They’re not malicious like trojans or worms but they can change your browser settings, alter your home page and direct you to another search engine by default. BullGuard’s unwanted app tool flags up these programmes and stops them from changing your settings.

Advanced Backup

There is a whopping 5GB of FREE online storage included so you can keep your important data, photos, music and more safe. You can choose what you want to back up and how often, or just set the feature to auto backup. You can even back up content directly from folders with one click. Plus your back-up data is easily accessible whenever you want to view it or restore it to another computer or even your smart phone.

Firewall

This is your first line of defence against unwanted hackers and identity thieves. The firewall protects you against network attacks and prevents cyber crooks from entering your system.

Spam filter

BullGuard Spamfilter keeps out junk mail and email scams, like phishing attempts, virus spreading and foreign language spam. You can also customize filters to block emails you don’t want to receive.

PC Tune Up

You’ll never have to wait again to get your computer up and running. BullGuard’s PC Tune Up removes unnecessary files and frees up memory so your computer runs faster

Vulnerability Scanner

Checks your computer for out-dated software that hackers and viruses can exploit to gain access to your system, damage it or steal personal information. Once this software is flagged up it can then be removed.

Free 24/7 support

The BullGuard support team is there for you 24/7, providing expert advice and quick answers to your questions.

 

As you can see, it’s a pretty comprehensive internet security package. If you want to learn more give us a call. 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: BullGuard

How to Protect Yourself Against Cryptowall 4.0

Crypto wall 4.0

 

Crytpowall 4.0 is the newest version of Cryptowall ransomware – one of the most destructive computer viruses of all time.

It can be spread by malicious emails. Once on your machine, it scans the entire system to find your personal files, and locks them using an encryption algorithm that’s almost impossible to crack.

Then it leaves ransom notes on several folders informing you what needs to be done in order to recover the encrypted data.

Not very nice.

Prevention is always better and we found this comment on a thread on the Spiceworks.com community forum about the security measures you should take to avoid such attacks.

In no particular order of importance, do ALL of them…

  • Make some real firewall rules – DON’T just leave the default allow-any-outbound rules – ONLY allow traffic outbound on ports that you actually use/need – Example for DCs: 53,80,123,443,3544  Example for End-Users: 80,443,1935,3544
  • CryptoPrevent: https://www.foolishit.com/cryptoprevent-malware-prevention/ or some other Group Policy based software run restrictions – don’t let any executable run from a temp location.
  • An end-user should never be a local admin.  Admit it, you did this once-upon-a-time only cause you were tired/lazy and didn’t take the time to set the permissions right on something.
  • Automatically remove all shares if/when the encryption starts to happen: http://jpelectron.com/sample/Info%20and%20Documents/Stop%20crypto%20badware%20before%20it%20ruins%20… This can also be setup to email you the moment it happens, the filename, and the user who did it.
  • Use an Internet filter to block all the ccTLD’s and IDN’s your company doesn’t really need – also block the known bad/malware domains – better yet also block advertisements (the source of much badware) – we use DNS Redirector: http://dnsredirector.com it’s great and it doesn’t cost a fortune.
  • Prevent access to any URL with an IP in it – only bad guys do links like http://93.184.216.34 – everything else should be a DNS name like http://example.com and therefore a DNS lookup (which is filtered) before getting out to the Internet.
  • User training: re-enforce that users should not click on things that look phishy, are spelled wrong, or they were not expecting – even if the email looks like it’s someone they know.  
  • Implement spam/email message filtering, if your users can’t get to a bad link, then they can’t click on a bad link.
  • Do backups, check that they are actually working.  Make a “compliance game” if someone else (in your IT department) can delete a file (they should make their own backup first) and you can’t restore it – then you owe them lunch.  Shit get’s solved real fast.
  • Try executable whitelisting, the idea being only software you know about can run, I think this is extreme and haven’t resorted to doing it myself.

Another comment provided a 20 Step Security Defence in Depth Strategy:

  1. Two anti-malware email filters (separate services).
  2. Anti-malware at perimeter and at endpoints (separate services).
  3. Firewall at perimeter and endpoints blocking inbound and outbound (separate services).
  4. Content filtering at endpoints and perimeter (separate services).
  5. Geo-IP filtering at perimeter.
  6. End-user security training.
  7. Quarterly phishing tests.
  8. Block malicious attachments (bat, scr, exe, etc).
  9. Require admin review of all ZIP attachments.
  10. Software restriction policy white listing.
  11. Windows shadow copies.
  12. Block-level snapshot’s of shared drives.
  13. Daily backups that are secured from end users.
  14. Offsite replication of critical storage and backups.
  15. Regular patching of apps and operating systems.
  16. Firmware updates of firewalls, storage and servers.
  17. Restricted admin rights.
  18. Restrict RDP and VPN access using AD permissions and IP blocking by valid login attempts.
  19. Strict password policies.
  20. Test, test and re-test.

The most important thing is to always remain vigilant, never open a suspicious email and be wary about the websites you visit.

Hopefully these user tips will prove useful to you. If you have any other tips you’d like to share, please leave a comment below.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Don’t Get Caught Out By The Phone Scammers

Have you ever received a call from someone who claims to be from Microsoft Windows Security?

They tell you your computer has been infected by a virus that’s about to take over the world! OK, not the world, but definitely your other devices. They make it sound like Armageddon, but really it’s a con. All they want is to gain access to your computer so they can steal your data.

More often than not, these calls happen during the day when the scammers hope to catch people unawares at home, thinking they are more likely to be elderly and therefore not very tech or security savvy.

I want to draw you attention to an article written by Jane McCallon in PcPro.co.uk. It’s a fantastic read. Jane talks about her experience of such a call and how, after adopting the Scam Gran persona, she wound up the bogus caller so much he threatened to kill her!

Jane’s article ends with 3 top tips for thwarting the phone scammers. Here there are:

1) Don’t click that link!

“Dear sir or madam, we’ve noticed some unusual activity on your account. Please follow this link to reset your password.”

No matter how legitimate an email may look, never click a link like this. Your bank, email provider, or internet provider will never ask you for this kind of information. Many banks have a section on their website – which you should navigate to directly – where you can report scams like this, usually referred to as “phishing” attacks.

2) Microsoft Windows (in)Security

As with Scam Gran’s experience, there are ruses that will try to frighten you into giving control of your computer to a scammer, handing over sensitive information, or directing you to a malicious link.

“Microsoft Windows Security” won’t call you about a virus or malware on your computer – Microsoft doesn’t monitor for that kind of thing. Anyone claiming to be from this organisation is a liar.

3) Phone phishing 

Another common phone scam is a caller pretending to be from your bank. As with phishing emails, they will often say they’ve seen unusual activity on your account and then encourage you to hand over your sort code, account number and secret answer, or perhaps your credit card number and signature strip security code.

These scams can, in some cases, be extremely sophisticated, fooling victims into thinking they have hung up and called back a legitimate number, whereas in reality the scammer has just held the line and played a dial tone.

Remember, you bank won’t call you and ask for your full account and security details. If you are unsure who’s on the phone, make an excuse to hang up and then call someone else you know to check your line really is clear.

It’s so important you remain vigilant at all time. OK, I’m not suggesting that you should also adopt the Scam Gran persona, but if you know of anyone who may be vulnerable to such calls, perhaps it’s worth sending the link to this blog post so they can read up on how to stop the scammers.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Windows Defender: Uninstall, Disable, Remove and Switch Off

Being the safety conscious type, I’m sure you’ve made sure your PC is protected with the latest all singing all dancing anti-malware software.

Good for you.

But did you realise that Windows Defender is already installed with Windows and is probably wasting precious resources on your machine because?

No?

Well, you’ll probably be interested in hearing how to get shot of it, after all what’s the point in having two pieces of software feverishly working away doing the same job when you only need one?

So here’s how to disable Windows Defender.

Why disable and not uninstall? Simply because its built into Windows so you can’t uninstall it. So here’s how you can disable it.

Open Windows Defender by going to Tools on the top menu and clicking Options.

Disable windows defender

 

 

 

 

 

Then click on Administrator on the left-hand pane, uncheck the box for “Use this program” and click Save.

Disable windows defender

 

 

 

 

 

 

 

 

You will then be told the program us turned off.

If you want to make sure it never comes back on, open up the Services panel through Control Panel or by typing services.msc into the Start Menu search or run boxes. Find Windows Defender in  the list and double click it.

disable windows defender

 

 

 

Then change Startup to Disabled:

disable windows defender

 

 

 

 

 

 

 

 

 

Just remember, if you do disable Windows Defender make sure you have protected yourself from malware with another product.

If you have any queries or want to know how to do something else with your Windows machine, leave a comment below and we’ll see what we can do to help.

Is Today’s Generation Unsecured?

Everyone understands the need to be secure online, don’t they? Online security

You would have thought so, but a recent report published by Check Point (the company behind ZoneAlarm) suggests otherwise.

According to a recent article in PCPro, their report showed that although the younger generation (18 to 25 year olds) were surer of themselves when it came to IT security than the ‘baby boomers’ (56 to 65 year olds), they actually experienced more security problems.

In fact, the research shows that 78% of the younger users didn’t follow best practice when it came to computer security systems. And yet, ‘baby boomers’ were twice as likely to install and use security software.

So what makes them so laid-back about online security?

Well, it could be as simple as priorities: they value entertainment and online social interaction more than security. Couple that with the fact that 45% of the younger generation think security software is too expensive and so are less likely to use it, and  you’re asking for trouble.

How to convert the unsecured generation

Changing their mindset isn’t an easy task; perhaps once they’ve been stung a few times by online nasties, they’ll be more likely to take precautions.

Of course, the other tact is to appeal to their (usually empty) wallets because there are free security suits available, such as Microsoft Security Essentials and Windows Defender. Using those and making sure your software is up-to-date, should provide protection against most threats.

Education is undoubtedly the key, but it’s good to know that there are free solutions that can be adopted when you’re budget will only stretch so far.

But there is no substitute for good quality security software.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Protecting Your Computer From Viruses

Let’s face it, computer viruses are a menace. They cause untold damage to your files, Protecting yourself from computer virusesbusiness and even your reputation. So how can you protect yourself from them?

There are a number of steps you can take, but here are our top tips.

1. Education

Learning about viruses and keeping up to date with the latest threats, protections and industry news will help you stay safe from the nasty little suckers.

If you understand what you’re dealing with, the easier it will be to not only identify when you’ve been hit by one, but it may also prevent that from happening in the first place.

2. Anti virus

Prevention is always better than cure, so arm yourself with effective anti virus software. If you don’t, your PC will become a target for viruses as soon as you start to surf the net.

3. Updates

Keeping both your Windows operating system and virus software up to date is essential, so make sure you regularly download the updates.

Virus creators are always refining them and coming  up with new ways to bypass security systems, so if your software isn’t up to date, it could offer the opportunity a new virus strain needs to slip in unnoticed.

4. Downloads

Whenever you download something from the web, make sure it comes from a trusted source.

5. Be vigilant about emails

How many spam emails do you get in a day? And how many of those have attachments?

Many are easy to spot, but there could be one or two that aren’t. Never be tempted to open an attachment from an email if you don’t know the sender, or if it doesn’t quite ring true. If in doubt, get in touch with them – it’s better to be safe than sorry.

Over to you

Do you have any other tips you’d like to add?

If so, leave a comment below.

Beware of the Trojan

“A Trojan horse, or Trojan, is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan horses can make copies of themselves, steal information, or harm their host computer systems.” (Wikipedia)

Trojans represent the biggest threat to home and business computer users. Not only because of how many there are in circulation, but because of their sophistication and the threat they pose.

With the ability to steal information and passwords, the Trojan allows the hacker to take complete control of your system. Which is why it always pays to be vigilant when it comes to opening emails and attachments or downloading files from unknown sources.

In this post, we want to draw your attention to one particular type of Trojan…

Ransomware – The Police Virus

This particular type of nasty ‘kidnaps’ or holds your computer files or system captive and then demands a ransom for a fix.

If your computer is infected, you will get messages displayed on your screen with logos of international law enforcement agencies. The effect is to trick the user into believing that their computer has been locked by the authorities for visiting inappropriate websites or making illegal downloads.

You will then be told that to unlock your computer you have to pay a fine, usually £100 (euros or dollars).

These messages actually come from the Trojan itself, which is hidden within your computer.

What should you do if your get this or indeed any Trojan or virus on your computer?

Go to someone that knows what they’re doing. Find your local IT specialist and invest in some quality virus protection software.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders
and small businesses in Ipswich. Bury St Edmunds and surrounding villages.