Scam of the day – January 6, 2014 – The threat to you of Yahoo hacking

Fox IT, an Internet security firm has just uncovered a hacking of Yahoo’s ad network that appears to have started on December 30th, but may well have begun earlier.  Estimates are that about 27,000 people had their computers and other electronic devices infected each and every hour since the hacking began.  The vulnerability exploited by the hackers involves flaws in the security of Java software used in the online advertisements and by many individual computer users.  As I have warned you for more than a year, Java is a dangerous software program.  Java software which is popular software program made by Oracle has been a particularly successful target of hackers and identity thieves.  According to Kaspersky Lab, flaws in Java software was responsible for about half of all the cyber attacks by hackers in 2012.    Much of the recent wave of attacks against American companies by the hundreds involved Java software vulnerabilities.  The Department of Homeland Security earlier this year identified new and dangerous vulnerabilities in Java software that can lead to your identity being stolen and your computer being compromised by hackers.  The Department of Homeland Security even advised that people disable Java or prevent Java apps from running in their browsers.A recent study from Palo Alto Networks, a software security company found that only 6% of malware infections are coming from tainted email while 90% came from malware unwittingly downloaded when people went to legitimate websites that you had reason to trust, but had been infiltrated by hackers.  This type of identity theft has come to be known as a “drive by” identity theft.  To make things worse it usually takes as long as three weeks for anti-malware software makers to identify the latest malware threats.  Java software which is used on many legitimate websites has proven to be a rich target for identity thieves because of its continuing vulnerabilities to hackers.  It is for this reason that the Department of Homeland Security advised people to consider uninstalling Java software.The Yahoo hacking, which the company says has now been fixed enabled the hackers, while the hacking was active, to install various malware programs called ZeuS, Andromeda, Dorkbot, Tinb and Necurs, which enabled the hackers to steal personal information from people who unwittingly installed the malware by clicking on infected ads unless the computer user was protected by proper anti-malware security programs or was not using Java.  You can find out if your computer was infected by going to Microsoft’s safety scanner at http://www.microsoft.com/security/scanner/en-us/default.aspx

TIPS

Along with avoiding obvious scam emails, the best thing you can do is to make sure that your security software and anti-malware software are constantly kept up to date with the latest revisions, updates and patches.  You also may want to uninstall software programs, such as Java which have proven to be an Achilles heel for many legitimate websites.  Finally, if you want to be extra careful, you may even want to consider having a separate computer for your financial dealings and purchases while using a separate computer for surfing the Internet so that if you do go to a tainted website, there would be nothing of value on that computer for an identity thief to use.

I strongly advise people who do not need to use Java that they disable it.  Here is an important link from the Department of Homeland Security with information as to how to disable Java or to otherwise deal with its vulnerabilities: http://www.us-cert.gov/ncas/alerts/TA13-064A

Scam of the day – July 3, 2103 – Tainted website danger

As I often tell you, things are not as bad as you think.  Unfortunately, they are worse.  Many of us think we are completely avoiding the danger of identity theft by never providing personal information in response to emails asking for such information knowing that such emails are a prime method for identity thieves to obtain the information necessary to make us a victim of identity theft when we trust emails that appear to be from legitimate companies or governmental agencies.  This scam is called phishing and it is extremely dangerous.  Additionally, these identity thieves will sometimes lure you into clicking on a link in a tainted email or in a message on your Facebook page that instead of providing the information or video that it promised, instead causes a keystroke logging malware program to be downloaded and installed on to your computer or portable device that steals the information from your computer or portable device and leads to your becoming a victim of identity theft.   Again, you may be too smart to fall for these scams, however, you still should not be too confident that you are avoiding danger because a recent study from Palo Alto Networks, a software security company has found that only 6% of malware infections are coming from tainted email while 90% came from malware unwittingly downloaded when people went to legitimate websites that you had reason to trust that had been infiltrated by hackers.  This type of identity theft has come to be known as a “drive by” identity theft.    To make things worse it usually takes as long as three weeks for anti malware software makers to identify the latest malware threats.  Java software which is used on many legitimate websites has proven to be a rich target for identity thieves because of  its continuing vulnerabilities to hackers.  It is for this reason that the Department of Homeland Security has advised people to consider uninstalling Java software.  For more information about this go to the Scamicide archives and type in “Java.”

TIPS

Along with avoiding obvious scam emails, the best thing you can do is to make sure that your security software and anti-malware software are constantly kept up to date with the latest revisions, updates and patches.  You also may want to uninstall software programs, such as Java which have proven to be an Achilles heel for many legitimate websites.  Finally, if you want to be extra careful, you may even want to consider having a separate computer for your financial dealings and purchases while using a separate computer for surfing the Internet so that if you do go to a tainted website, there would be nothing of value on that computer for an identity thief to use.