Worried about WannaCrypt Ransomware? Update your Windows OS!

Home users and businesses should make sure their Windows Operating Systems and security software are updated in order to stop the spread of WannaCrypt. Make sure your copy of Windows is updated, click HERE to read Microsoft’s Customer Guidance post about this ransomware. Microsoft even took usual steps and released updates to unsupported Operating systems such as XP. From the article linked above:

Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.”

WannaCrypts ransom message

We at SUPERAntiSpyware stress that you also make sure you are using the latest edition of SUPERAntiSpyware, version 6.0.1240 as of this blog post with the most recent definitions AND make sure you have Real-Time Protection set to enabled.

If you have your Windows Firewall disabled, immediately enable it. If you have a third-party Firewall, make sure it is enabled and the software is current.

Our Top 5 Google Chrome Extension Picks For Better Web Security


Security and privacy are some of the major concerns when using the internet. One of the more popular internet browsers Google Chrome allows users to add extensions to the browser adding new functionality. Here are our picks for the top 5 Google Chrome security and privacy extensions that you should install for safer web browsing along side using your SUPERAntiSpyware software on your PC.

Click on each link and it will bring you to the Chrome Web Store where you can learn more about the extension and its creators. Most of these extensions are available on other popular browsers, such as Mozilla Firefox or Opera so do not feel limited to only Google Chrome!

1) uBlock Origin – A lightweight ad-blocker and anti-tracking extension that is efficient on memory and CPU footprint.

2) Privacy Badger – Developed by the Electronic Frontier Foundation (EFF).  Privacy Badger is an anti-tracking extension that stops advertisers and other third-party trackers from tracking where you go on the web. Privacy Badger Works great alongside uBlock Origin.

3) HTTPS Everywhere – Developed by the Electronic Frontier Foundation (EFF) and The Tor Project. HTTPS Everywhere ensures that you always connect to a website using a secure HTTPS connection if one is available. HTTPS is a form of encryption making your browsing much more secure.

4) DuckDuckGo for Chrome– DuckDuckGo is the search engine that doesn’t track you. This add-on makes DuckDuckGo your default search engine and includes some other useful features.

5) LastPass: Free Password Manager – “Only remember one password. Your LastPass master password. Save all your usernames and passwords to LastPass, and it will auto-login to your sites and sync your passwords everywhere you need them.”

Do you have any Google Chrome extension recommendations? Feel free to leave a comment below!

-SUPERAntiSpyware Team

Watch out for fake USPS delivery emails!

We at SUPERAntiSpyware have been alerted to scam emails hitting users claiming to be from the US Postal Service (USPS) that contains a link that will infect them with malware. One of the emails being used by this scam is notice@ussp(DOT)com

The subject line of the email will typically be titled “Delivery notification – Parcel delivery *NUMBER* failed” containing a message that the user please call the number on the shipping notice we left at your doorstep (which there will be none!) to arrange a new delivery, and a link which you can view the delivery notice online, on the USPS website.

This is a fake link to a malware infested website.

If you see a link in a suspicious email such as this do not click the links or open the attachments no matter how innocent they sound. If it claims to be from an official organization, call them and ask if the email is legit. Better safe than sorry!

How do I submit spyware samples to the SUPERAntiSpyware team?

If you wish to send our Spyware Research Team a sample, please use the SUPERSampleSubmit tool which may be downloaded HERE

 

SUPERAntiSpyware
Submit your spyware samples to our Spyware Research Team

Please ONLY submit files that you believe are threats. These samples will be placed into our queue for review and analysis.

“The HoeflerText Font Wasn’t Found” Google Chrome Malware Scam – What it is and how to avoid it!

You are browsing the web and accidentally land on a website with nonsensical characters instead of letters and you receive a prompt to download a missing font in order to read the website. You are told in order to fix the error and display the text, you have to update the “Chrome Font Pack”. Whatever you do, please do not click that blue Update button!

Fake Google Chrome Prompt asking you to install the malware

It is a scam designed to trick users into installing malware onto their systems. This malware is ranging from Ransomware, to Trojans, to various adware bundles.

How to avoid it

The fake dialogue box informing you that the “The HoeflerText Font Wasn’t Found” will claim you are using Chrome version 53 even if you are not using that version, which tells you something isn’t right and that the prompt you are seeing is fake.

Make sure you are using the latest version of Google Chrome which you can download by clicking here

Make sure you are also using the latest version of SUPERAntiSpyware with Real-Time Protection enabled, a feature only available for SUPERAntiSpyware Professional users.

Tax Season is here – Watch out for Identity Stealing Spyware!

Keep your personal information safe this tax season by doing a Free scan with SUPERAntiSpyware Free Edition

We want to remind everyone that tax season is the time of increased attacks in the forms of spyware, various methods of phishing , and scams. Spyware and Malware authors significantly increase their activity during the tax season in order to try to steal data and withdraw money from bank accounts, steal credit cards, passwords, and other malicious acts.

During this tax season its important to do a few things to help protect yourself online:

1) Make sure your Operating System and software applications such as web browsers and email clients are up to date.

2) Run a Complete Scan with SUPERAntiSpyware regularly with the latest updates, at least twice a week during this period of increased activity.

3) Be cautious before visiting strange websites, or opening strange email attachments. Think before you click!

4) Manually erase, or use privacy software, to delete sensitive data from you PC. Spyware cannot steal what isn’t there!

5) Lookout for spam phishing email impersonating government, bank, or tax company officials asking for sensitive information.

Do you have any security recommendations that help you stay safe during the tax season? Feel free to leave a comment below!

-SUPERAntiSpyware Team

How to deal with Tech Support Scams

You get a pop-up message that says you’re infected and for you to call “Microsoft” Tech Support with the provided number, a voice may come from your speaker instructs you that your data is in harm’s way and you should not shut off your PC. In a panic, PC users call this number and long story short, end up paying hundreds of dollars to a scam artist that claimed to fix something that was never an issue to begin with. This story is common today if you read the news.

A tech support scam artist claims to be an employee (or work with) of a major software company offering technical support to the victim. This can range from someone claiming to be your ISP, your cable provider, or even a Apple or Microsoft. The scam artist will claim the “company” has received notifications of errors, viruses, or issues from the victim’s PC. Scam artists are also claiming to work on behalf of the government to fight computer viruses and threats from enemy nations, hackers and terrorist organizations.

How they get you

Tech Support scam artists have a few tricks to try to extort you or scare you into paying them:

Cold Call. You’ll get a random call from the scammer who claims your PC is infected or has a serious error.

Pop-Up or Rogue Website. This is the more popular tactic where the victim will accidentally stumble upon a rogue website or receive a pop-up claiming you have a Windows OS Blue Screen Error, a massive data error, or a serious infection. Sometimes, it will lock your screen up and freeze your internet browser, or play a sound or voice over the speaker in an attempt to scare the victim. The pop-up or rogue website will always include the scam phone number for the victim to call.

Once you are speaking to them and letting them in

They will attempt to scare you further and instruct you to allow them to remote access your PC or devices to “fix” them. One they are in, they will claim they found the “errors” or “viruses” and ask you to pay for them to be removed, this usually amounts to hundreds of dollars. The money is collected from the victim usually by debit/credit card, wire transfer, or even prepaid gift carts!

If the tech support scammers are remotely accessing your devices, they can use this as a way to hold your information hostage and ransom you. They can intentionally install malware onto your PC, or steal your sensitive data on your PC such as passwords, financial accounts, and other data. There have been reports of the scammers becoming so agitated they have threatened to destroy the computer and all its data unless the victim pays on spot.

What can you do to stop them?

We at SUPERAntiSpyware recommend a few different forms of defense and mitigation against the plague of tech support scams:

Do NOT give out credit card or bank information.

Recognizing what is occurring and ending the call immediately if you are speaking to a tech support scammer.

Do not allow unknown and unverified organizations remote access your devices such as your phone or PC.

Make sure you are using the latest version of SUPERAntiSpyware and it is up to date.

If you see a pop-up or you stumble upon a rogue website that is claiming you are infected, have an error, or a Blue Screen of Death go ahead and close your web browser, if needed force it down via the Process Manager. If you cannot do that, reboot your machine.

If you are a victim

File a fraud report with your Bank or Card issuer immediately and stop payment, or see if you can dispute the payment if it has already been made.

File a Complaint with the FBI Internet Crime Complaint Center

Change your passwords to the services the tech support scam artists may have uncovered when they remote accessed your PC.

Remove any remote access software the scam artist may have had you install on your PC.

Our Top 5 Mozilla Firefox Extension Picks For Better Web Security

Security and privacy are some of the major concerns when using the internet. One of the more popular Open Source internet browsers Mozilla Firefox allows users to add extensions to the browser adding new functionality. Here are our picks for the top 5 Firefox security and privacy extensions that you should install for safer browsing along side using your SUPERAntiSpyware software on your PC.

Click on each link and it will bring you to the Firefox Extension website where you can learn more about the extension and its creators. Most of these extensions are available on other popular browsers, such as Google Chrome or Opera so do not feel limited to only Mozilla Firefox!

1) uBlock Origin – A lightweight ad-blocker and anti-tracking extension that is efficient on memory and CPU footprint.

2) Privacy Badger – Developed by the Electronic Frontier Foundation (EFF).  Privacy Badger is an anti-tracking extension that stops advertisers and other third-party trackers from tracking where you go on the web. Privacy Badger Works great alongside uBlock Origin.

3) HTTPS Everywhere – Developed by the Electronic Frontier Foundation (EFF) and The Tor Project. HTTPS Everywhere ensures that you always connect to a website using a secure HTTPS connection if one is available. HTTPS is a form of encryption making your browsing much more secure.

4) DuckDuckGo Plus – DuckDuckGo is the search engine that doesn’t track you. This add-on makes DuckDuckGo your default search engine and includes some other useful features.

5) NoScript Security Suite – Preemptive approach to prevent security vulnerabilities out on the web. It allows JavaScript, Java and other executable content to run only from sites you trust, guarding your trusted sites against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts.

Do you have any Mozilla Firefox extension recommendations? Feel free to leave a comment below!

-SUPERAntiSpyware Team

Facebook Malware Attack

We’re receiving reports that Facebook is being used as a new vector for executing malware attacks, specifically as a means to distribute the Locky ransomware. While the ransomware variant is not being hosted directly on Facebook, this new version is being hosted in a peculiar way.

The attack starts by a presumably infected machine sending out a message to people in your friends list. This message is actually a SVG (Scalable Vector Graphics) file that is being masqueraded as an image for you to download to view. Once the file has been downloaded and opened, the payload is delivered. Because of the way SVG files work, JavaScript can be embedded into those files and opened with a modern web browser. That JavaScript will then execute and direct the user to a website that mimics YouTube, but with a completely different URL.

Once on that site, a popup is pushed to the user asking them to download a certain extension on your machine in order to view the video. After the extension has been installed, the attackers have the ability to view and alter data regarding the websites you visit, as well as access your Facebook account in order to message all of your friends with the same SVG file.

The payload is delivered through the Nemucod downloader Trojan, which has been known to download copies of Locky on victim’s PCs.

While Google and Facebook have been made aware of this attack, it is possible that proper remediation could take time. The best course of action if you receive such a message is to ignore it, clear your conversation history with that person, and report them to Facebook as having a compromised account.

If you have already been infected by this attack, there’s not much you can do outside of removing the offending extension in Chrome by going to Menu > More Tools > Extensions and check to see if either Ubo or One extensions are listed. This is also a good time to remove any unknown extensions that are installed as well.

Remember, once you have been locked out of your system by a piece of ransomware, your options for recovery are only as good as the backups you have made. Keep your backups up-to-date, and save your data on an outside drive as frequently as possible. Once a ransomware infection has taken place, any attached drives to your network are at risk. Never keep your backup drives attached to your machine when they are not in use.

Prevention is Best!

Prevention is the best way to ensure you are never infected with spyware and your data is never lost or stolen. It is possible to clean up an infected machine and remove spyware but sometimes the damage from certain spyware, such as ransomware, cannot be fixed as files become encrypted or otherwise corrupted.

While no single solution available is a silver bullet, the following list outlines some of the best practices in lessening the risks of losing data after an infection:

1) Backup your files and software! Having backup copies of your photos, documents, software, and other files can make sure you never lose them to a malware infection such as ransomware encryption. Many people choose to use external drives or the cloud for their backups, but keep in mind that if you use external drives, the data can still be at risk if you leave your backup drives connected to your machine at all times.

We at SUPERAntiSpyware offer an Online Backup Solution as an optional service when purchasing SUPERAntiSpyware at $6.95 a month. This subscription allows you to back up and protect your important files and documents onto a cloud-like server so you always have copies of your important files.  You can read more about our backup services here: https://www.backup.support.com

2) Keep SUPERAntiSpyware up to date and run regular scans. We update our definition list twice a day to make sure our users catch the latest threats, as well as periodically release software updates. It is imperative users keep up to date so their software continues finding the latest threats. In order to make sure that nothing creeps in between scans, we recommend regular scanning at least once a week, if not every day.

3) Update your Windows Operating System and Software you use. Make sure you always are using the latest version of Windows with the latest updates and security fixes. Most Windows updates are patches for existing and/or potential vulnerabilities, so keeping these holes filled is crucial in stopping the spread of malware. Additionally, using unsupported operating systems (anything older than Windows 7 as of right now) can leave you just as unprotected. If you are using web browsers such as Firefox, Chrome, or others, always make sure you are using the latest versions, and don’t forget to update any add-ons, plugins, or extensions you use to the latest editions.

4) Double Check Emails before opening them. Check the sender of every email you receive. If you do not know them, or the email looks suspicious, do not open it! Delete it! Do the suspicious emails include links to click or strange attachments? Do not click the links or open the attachments no matter how innocent they sound. If it claims to be from an official organization, call them and ask if the email is legit. Better safe than sorry!

5) Use strong passwords and/or multi-factor authentication. Good passwords are long. Good passwords also contain capital and lower case letters, numbers, and special characters. Do not use an easily accessable password that contains personal information like your birthday or the name of your pet, and do not use the same password for every website! This makes it harder for hackers to gain access to your personal information, especially when you use different passwords for every site. It might be a bit more to remember, but it diminishes the risk and the headache of sorting everything out after your information is stolen.

Many sites, such as banks, often will have multi-factor authentication available. With these systems, you not only need a password, but you also will need a special code that is often randomized on a dongle or smart phone app. These types of systems are more secure than just a typical password, as the extra step is incredibly difficult to hack into.

6) Use an Ad blocking Extension. Software such as Adblock Plus and uBlock Origin for your internet browsers are free, cross-platform browser extensions that filter unwanted content such as ads, pop-ups, rogue scripts, and even IP leaks. Using an ad blocking extension on your web browser will greatly lessen the impact of “Malvertising”, website ads that drop rogue programs onto your PC without your knowledge. While these programs might not block every ad you encounter, the chances of you running into something particularly malicious will be reduced dramatically.

7) Remove unsupported software. Many software programs, such as Flash or QuickTime, are no longer supported by their publishers, or are no longer supported by modern web browsers. This means that existing versions can have massive security flaws, despite their being many users who still have the software installed on their computers. It is recommended that users uninstall software that has been abandoned by their creators, especially if it is something that deals with content on the web.

At the same time, many newer pieces of software cannot run on older operating systems such as Windows 98, Windows ME, and even Windows XP. Keep your operating system up to date! When Microsoft stops supporting an old operating system, they stop all updates, which can lead to vulnerabilities being exploited.

8) Don’t talk to tech support scammers. If you’re on the internet and suddenly get a pop-up or email claiming your PC is infected with a virus, and that you need to call a listed number immediately, do not do it! A real security company wouldn’t sell their services from sketchy pop-ups or emails. These companies typically list a 1-800 number for you to call so they can try to lure you into spending potentially hundreds of dollars and giving them remote access to your PC.  More likely than not, they will try to infect you or steal personal information during their remote access “work”.

9) Make sure you are on secure connection when purchasing products online or entering in personal information. You can tell you are on a secure website when the URL reads “https” and not just “http.” This is also referred to as HTTP over SSL which is encrypted. This protects against eavesdropping and tampering. Often, the address bar will change color or display a lock icon next to the URL you are visiting if you are connected through a secure HTTPS connection.

10) Use a firewall. Since Windows XP, every Microsoft operating system has come with a firewall. It is recommended you make sure this is always enabled. If you use a third-party firewall, it is also recommended you always keep it up and running. Firewalls use rules and examine network traffic as it passes in and out of your PC. If a connection does not follow the firewalls rules, it will be blocked. This also allows you to monitor activity on your network from intrusion attempts or if rogue software on your PC is trying to reach out to a hacker.

Even the most cautious of people can get infected; however, by following these tips your risk of getting infected or being unable to recover from an infection will go down dramatically. Remember to stay safe, exercise caution, scan regularly, keep everything up to date, and backup your data often.