Posts Tagged: ‘botnets’

Scam of the day – December 4, 2016 – International law enforcement thwarts cybercrime ring

December 4, 2016 Posted by Steven Weisman, Esq.

After four years of intense investigation a group of international law enforcement agencies from thirty countries led by the German prosecutors have broken a huge cybercriminal network known as “Avalanche,”  arresting five people, seizing five servers and more than 800,000 Internet domains. Avalanche had been in existence since 2009 during which time it leased its services to other cybercriminals to enable them to create botnets of hacked computers to distribute  a variety of malware including ransomware as well as malware used to access victims’ bank accounts.    Millions of dollars were stolen through the Avalanche network.  Prior to its operations being stopped, Avalanche networks sent out more than a million malware infected emails every week and infected new computers at a rate of 500,000 every day.  If you did not lose money as a direct result of being a victim of the Avalanche network, your computer still may have been hacked and made a part of the botnets used by the cybercriminals using the Avalanche network.

TIPS

Perhaps the best aspect of the breaking of the Avalanche network is the fact that international law enforcement from thirty countries were able to work together in a concerted effort to apprehend the cybercriminals and break down their criminal enterprise.  The defeat of cybercrime will require continued international cooperation in order to be successful.

But what does Avalanche specifically mean to you?

With so many millions of infected computers around the world, there is a good chance that your computer could have been infected and made a part of the botnets created and used by Avalanche.  Federal authorities are recommending that you immediately perform security scans of your computers and other electronic devices to determine if your devices were infected and to remove any infections found.  The Department of Homeland Security suggested, without endorsing any particular company, the following free software security programs that you can use to determine if your computer is safe or not.  It is also important to note that Avalanche only infected computers using the Windows Operating System.

Here are links to security programs you can use:

https://www.eset.com/us/online-scanner/

https://www.f-secure.com/en/web/home_global/online-scanner

http://www.mcafee.com/us/downloads/free-tools/index.aspx

https://www.microsoft.com/security/scanner/en-us/default.aspx

https://security.symantec.com/nbrt/npe.aspx?&OpenDocument&src=npe&type=npe

http://housecall.trendmicro.com/

Scam of the day – August 5, 2016 – Amazon phishing scam

August 5, 2016 Posted by Steven Weisman, Esq.

Using Amazon as a hook for a phishing scam is not surprising since so many people shop through Amazon.  Reproduced below is an Amazon themed email phishing scam that is presently circulating.  DO NOT CLICK ON THE LINK.  As with so many phishing scams, this one appears legitimate as it lures you into clicking on a link in order to provide information purportedly to process your refund. However, the real purpose of the phony email is to persuade you to either provide information that will be used to make you a victim of identity theft or to click on the link which can download keystroke logging malware that will lead to your becoming a victim of identity theft or to download ransomware that will encrypt all of the data on your computer which the hacker will threaten to destroy if you do not pay a ransom.

TIPS
There are a number of indications that phishing emails, such as this, are not legitimate.  Sometimes the address from which it is sent has nothing to do with the company, which is an indication that the email was sent through a botnet of computers hacked into for the purposes of sending out large numbers of such phishing emails while hiding the real source of the email.  However, even if the address of the sender looks correct, it still can be a phishing email.  Grammar and spelling also apparently are not great strengths of many scammers.  Often such messages will contain such errors as in this one the misspelling of the word “system” as “sytem.”  In any event, even if you think when you get such an email that it might be legitimate, the risk of identity theft or ransomware is too great to trust it. Instead, call the company at a telephone number that you know is accurate to confirm whether or not the email is legitimate.  Finally, make sure that you have up to date security software on all of your devices, recognizing, however, that such security software will not protect you from the latest strains of malware.

Scam of the day – January 30, 2014 – Beware of the Internet of things

January 30, 2014 Posted by Steven Weisman, Esq.

As if we all didn’t have enough to worry about now we have the Internet of things about which to be concerned.  As more and more of the things we use become connected to the Internet including but certainly not limited to cars, refrigerators, coffee makers and thermostats, it becomes tremendously convenient, for example, for us to use our smart phones to program our thermostats from afar so that our homes will have the proper temperature when we return from a day at work.  But every technological advance regardless of how constructive it may seem has the potential to be exploited by scammers, hackers and identity thieves.  I have already told you about the very real concerns about cars being able to be hacked and controlled from afar.  Check out the archives of Scamicide for more information about that particular issue. Now, however, a new problem has surfaced.  The Internet security company Proofpoint has recently found that a botnet of more than 100,000 was made up of not only computers that had been hacked but 25% of the botnet was made up of Internet connected  devices including televisions and refrigerators.  Botnets, as I have informed you previously is a network of hacked electronic devices used by scammers and identity thieves to spread malware while avoiding detection.  You can find more about botnets in the archives of Scamicide and in my book, “50 Ways to Protect your Identity in a Digital Age.”

TIPS

The danger posed by botnets of devices part of the new Internet of things is quite real and very chilling.  Although many of us would not think of neglecting to provide proper security software for our computers, laptops, tablets and smartphones, many people do not consider what they need to do to maintain the privacy and security of their refrigerator, car and other devices used that are a part of the new Internet of things.  Unfortunately, among the people not giving enough attention to security in the Internet of things are the very companies developing these products.  The most effective place to find a helping hand is at the end of your own arm so whenever you are considering purchasing a convenient device with Internet capabilities, make sure you inquire as to the necessary security steps to take to make your use of the device safe.

Scam of the day – January 7, 2013 – Most dangerous websites

January 7, 2013 Posted by Steven Weisman, Esq.

Phishing is the name of the scam whereby you are lured to a phony website that appears to be legitimate, however when you click on links in these phony websites, download material from these websites or provide information to these websites, you put yourself in danger of identity theft or of downloading dangerous keystroke logging malware that can steal all of the information on your computer including credit card numbers, your Social Security number, passwords and various account information.  In addition, you may unwittingly have your computer taken over as a part of a botnet (for more information about botnets, check out other postings on scamicide.com or in “50 Ways to Protect Your Identity in a Digital Age”) whereby your computer is made part of the botnet circulating scams around the world.

TIPS

Recently Trend Micro issued a list of the most common websites that were the subjects of phony phishing websites during the past month.  The top ten websites of which you should be particularly wary of to make sure that you are dealing with the legitimate company are:  PayPal, Wells Fargo, Visa, Citibank, Bank of America, Aol, Yahoo, Hotmail, Gmail and Mastercard.  Things to look out for to avoid phishing websites are when you are directed to a website through an email that does not refer to you by name or if the email contains spelling errors or poor grammar that may indicate the email is coming from a foreign scammer (or a poorly educated American scammer).  A good rule to follow is to not click on links in emails or text messages to go to a website.  If you consider the email or message worth following up on, go to the website of the legitimate company by typing the URL that you know is correct into your browser.

Scam of the day – December 31, 2012 – Scams to watch for in the new year

December 31, 2012 Posted by Steven Weisman, Esq.

Rather than look back on this, the last day of 2012, I think it is more productive to look ahead to what scams and identity theft schemes you should be wary of in the new year.  More and more identity theft schemes will be aimed at your smart phones and portable devices.  As we all use our smart phones and portable devices for so many activities, they have become attractive targets for identity thieves who are looking to steal information from your portable devices and smart phones to make you a victim of identity theft and even though many of us would never think about leaving our computers unprotected, many of us do not sufficiently protect our smart phones and portable devices.  Check out my new book “50 Ways to Protect Your Identity in a Digital Age” for specific advice on how to protect your smart phones and portable devices.  Also, as I warned you a few days ago, there will be major hackings by botnets into American banks.  Protect your computer from being a part of a botnet and make sure that you continually follow your bank accounts to make sure that you promptly identify any breaches of security.

Every season is scam season and you can count on February bringing Super Bowl scams and Valentine Day scams.  Prior to April there will be many scams involved with filing income tax returns.  Summer will bring many vacation scams.  The early Fall will bring scams related to hurricanes and other natural disasters.  December will bring the usual holiday shopping scams and charity scams.

TIPS

Information is power.  Read “50 Ways to Protect Your Identity in a Digital Age” and “The Truth About Avoiding Scams” to arm yourself with specific information you can use to protect yourself from scams and identity theft schemes.  Also, read this blog each and every day so that you stay current with the latest scams and identity theft schemes.  And trust me, you can’t trust anyone.

Scam of the day – December 28, 2012 – Security threat to major American banks

December 28, 2012 Posted by Steven Weisman, Esq.

Cassandra, was a figure from mythology who has been called the prophet of doom.  Even today, someone who predicts disasters that may or may not occur is often referred to as a “Cassandra.”  However, while the term is often used in mistrusting scorn, it is important to remember that although Cassandra often predicted doom such as the fall of Troy, she was always correct.  I mention Cassandra because over the coming weeks I will be warning you about a major threat to major American banks that has been in the works since 2008 by an organized crime group operating out of Russia.  This group has already stolen an estimated five million dollars from American banks, but this figure pales next to what they have planned for 2013.  Recent attacks against Bank of America and JPMorgan Chase which caused them to temporarily crash may be a harbinger of more major attacks in the near future.  These attacks, as often done in the past are primariily done through botnets where, as I have described previously in www.scamicide.com the hacker remotely takes over your computer and uses it to deliver the malware to banks and other institutions.  I will be updating this particular threat a lot in the upcoming months.

TIPS

Be a part of the solution, not part of the problem.  You can find information about avoiding becoming a part of a botnet in my book “50 Ways to Protect Your Identity in a Digital Age” as well as in postings here on scamicide.com.  The best thing you can do is to prevent your computer from becoming a part of a botnet.  The key to doing this is to make sure that your Firewall and security software are up to date and that future updates are done automatically.  As security patches are issued by your operating system, make sure that you install them.  Be particularly wary of opening attachments or clicking on links contained in emails or found on websites that you may not be sure of.  Make sure family members are not downloading free games or music without being sure that the downloads are clean.  Such free downloads are often carriers of the malware that will turn your computer into a part of a botnet.

Scam of the day – March 25, 2012 – Botnets

March 25, 2012 Posted by Steven Weisman, Esq.

Recently the Federal Trade Commission announced a new effort to combat botnets.  Botnets occur when a scammer is able to install malware on your computer turning it into a robot that can steal your information or use your computer to send out spam emails or spread viruses and other malware.  The malware that turns your computer into a botnet is installed on your computer when you unwittingly download the malware.

TIP

Never click on links for “free” music or games from a source that you are not absolutely sure is secure.  This is a common source of the malware that turns your computer into a botnet.  Keep your security software up to date, use strong passwords, never turn off your firewall and be very cautious when using thumbdrives.  This is another area where infections occur.