- FOR HOME
- FOR BUSINESS
- Sony got hacked (again!) – no Playstation this Christmas?
- Over 130,000 PCs infected by unimpressive Rovnix Trojan
- Don’t Download That Facebook Color Change App
- 4 month Malware Protection Marathon at AV-Comparatives
- Facebook Fights Malware, Calls Greek Police and Wins
- Cyprus Police Emergency Response Virus Removal
- Malware and viruses – What’s the difference?
- Will passwords become a thing of the past?
- Why you need anti-malware software
- Hacking Identity Theft: Tools and prevention
Emsisoft Anti-Malware received the highest possible ranking (Advanced+) in the four-month long Real-World Protection test marathon from AV-Comparatives. The test evaluates real-world protection capabilities of leading antivirus programs, mimicking the typical experience of your everyday PC use. The results summarize the performance of 23 antivirus programs in the second half of 2014.
Highlights of the report:
- Emsisoft’s Behavior Blocker showed an excellent performance again. Leaving only 6 out of 2360 malware samples through. That’s a total detection rate of 99.7%.
- This is the second best result across the entire test range of 23 of the best antivirus products available.
- As a comparison, the weakest 4 candidates were not able to block 251 to 389 of the samples tested.
- The lowest score in this comparative test was Microsoft’s Security Essentials. With only 83.5% of the samples blocked, it showed again that it’s very basic protection (as MS even states themselves) and that it is not ready to keep up with the vast amount of new threats every day.
The graph below shows the overall protection rate (all 2360 samples), including the minimum and maximum protection rate for the individual months August-November:
Advanced+ score in ALL tests in 2013 and 2014
AV-Comparatives performs the comprehensive, four-month Real-World protection tests twice a year. Emsisoft Anti-Malware received the highest possible ranking since it started participating in the test: we received Advanced+ scores in both the first and second half of 2013 and earlier this year in the first half of 2014. Only 3 out of the 23 participating antivirus programs received this score for all tests in both 2013 and 2014, and we were one of them!
About the AV-Comparatives test
AV-Comparatives uses default settings on all programs tested, and each program runs on its own test computer with its own external IP address. Every morning, any available security software updates are downloaded and installed, and a new image is made for that day. A total of over 120,000 test cases were executed in this test, that is 2,360 malicious test cases and 3,000 clean test cases for each of the 23 products tested.
AV-Comparatives recommends that all parts of a antivirus product should be as effective as possible, and that e.g. a URL blocker is ineffective against malware introduced to a PC via a USB flash drive or local area network. Therefore, all protection features can be used to prevent infection during the test – not just signatures of heuristic file scanning. An antivirus can step in at any time of the process to protect the PC: accessing the url, downloading the file, formation of the file on the local hard drive, file access, file execution. It also remains very important that the signature-based and heuristic detection abilities of antivirus programs continue to be tested. Even with all the protection features available, the growing frequency of zero-day attacks means that some computers will inevitably become infected. As signatures can be updated during the test, they provide the opportunity to recognize and remove malware that was initially missed. To learn more about AV-Comparatives, its testing methodology and the results, read the full report here.
You may already heard that around two weeks ago, the Sony Pictures Entertainment studio in Hollywood, California, got hacked. Why this hack is a little bit more extraordinary than others is because Sony Pictures has big movie-stars on its payroll, and pretty much everything else about the hack doesn’t just hurt Sony Pictures financially, it’s overall embarrassing for the company. Since the initial attack, a steady flow of documents and revelations have trickled into news reports and file-sharing sites this past week. To make matters worse, Sony got hacked again this week: this time its Playstation Network.
What got hacked?
Personal data such as social security numbers, home addresses, bonus plans and salaries of thousands of Sony Pictures’ employees have been disclosed online. Among the affected are Hollywood celebrities such as Sylvester Stallone, Rebel Wilson, and Anchorman director Judd Apatow. Some Hollywood stars took the opportunity to get out ahead of the leaks by sharing pictures and details of their private lives before they’re inevitably leaked across the web.
The World War II picture “Fury” starring Brad Pitt was stolen during the hack and circulated online, and downloaded millions of times already.Other movies such as “Still Alice”, “Mr. Turner”, and “To Write Love on Her Arms” were also stolen and are currently being circulated as well. Sony’s loss from the hack potentially will cost the company millions of dollars in lost revenue from theaters and Blu-Ray and DVD sales. Top-secret profitability information of movies in 2013 were leaked as well. It has been reported that over 100 terabytes of data was stolen from Sony. A group called ‘Guardians of Peace’ claims responsibility for this hack.
What does North Korea have to do with all this?
Well, some social media outlets speculated that the attack originated from North Korea. They reasoned that the North Korean government found out about a new movie called The Interview, starring James Franco and Seth Rogen. In the movie, Franco and Rogen play a talk show host and producer who are recruited by the CIA to assassinate North Korean-leader Kim Jong Un. The North Korean government denied the country’s involvement but supposedly called the hack a “righteous deed” and said that there are North Korean sympathizers around the world who could have caused the attack instead.
A security firm called Mandiant, discovered that the exploit was caused by a zero-day malware attack. Although Sony is offering its employees identity protection in response to the hack, they’re learning quickly that the saying “an ounce of prevention is worth a pound of cure” is painfully true in this case. More juicy details of the hack include the fact that a file with workplace complaints got leaked, which provided very sensitive insider information – including that some employees are apparently tired of Adam Sandler and his movies and that management may not get along with each other. Ouch. Details like this are off course picked up and blown up by the media all over the world, making it even more embarrassing for the entertainment giant. And it got worse for Sony….
Hacked again: Sony Playstation
With the vulnerability being exploited at Sony, the hackers thought: “why stop here?” This past Sunday night, a group called Lizard Squad knocked the Sony Playstation Network offline with a Distributed Denial of Service attack (DDoS), causing millions of Sony customers not being able to play or use the network services. Visitors to the site were shown “Page Not Found! It’s not you. It’s the Internet’s fault.” Other then that message Sony has been pretty quiet, claiming that they are “investigating the root cause of the issue”.
So, how was this possible?
A DDoS is an attack where hackers make an attempt to starve the server of its resources such as memory, processing power, bandwidth or routing information. Here’s an example of what a DDoS attack may look like – The SYN-flood attack.
- This attack occurs when a hacker uses TCP/IP to establish a connection.
- When the requester initiates a connection request, it sends a TCP/SYN packet with a fake return address (the requester does not want its own address being discovered because they will be caught red-handed).
- When the computer receives the TCP/SYN packet from the requester, the computer will respond to the bogus address with a TCP/SYN-ACK packet. This packet is a “hey, I got your request, let’s start talking now”
- The computer will now wait for the TCP/ACK packet from the requester. No packet will ever arrive. Why? Because the original TCP/SYN packet was sent with a fake address. So the computer will just sit and wait because the TCP/SYN-ACK packet is now wandering in cyberspace. The attacker will repeat this process over and over until the computer freezes and crashes because of the processing and memory resources being completely exhausted.
- The hackers will have many more computers doing this attack, not just one. That is why the hackers are so successful. They will us all their resources and efforts on one server quickly and efficiently, just like a pack of lions that prey on only one zebra.
The Lizard Squad group (or individual) has made it clear that their early Christmas-gift to the world was a mass- DDoS attack on the Microsoft Xbox and Sony Playstation’s Network servers. The group also took things to Twitter and Tweeted that there was a bomb on a Sony executive’s plane which caused the FBI to step in. Lizard Squad claimed the hack was just “a small dose” of what was to come over the Christmas season:
Looks like Sony has quite some damage-control to do over the holidays. Otherwise, some children (and adults) may in fact be disappointed when they cannot play their games online on Christmas morning.
As of late, the info-sec headlines have been dominated by zero days, data breaches and ransomware – both PC-based and mobile. This doesn’t mean that more traditional threats have fallen to disuse, though, or that they are any less dangerous. In fact, recent reports have indicated a significant spike in Rovnix trojan infections, a malware about which there really isn’t anything special at all.
Independent researchers report that over the last few months, they’ve witnessed approximately 130,000 Rovnix infections on Windows-based PCs, in the UK, Germany, Italy, the US, and Iran. As a trojan spread by email spam, Rovnix is the type of malware that displays annoying/scary symptoms, in an attempt to steal credit card information from infected users. Symptoms can range from pay-per-click pop-up ads, to a faked blue screen of death, to the prototypical ‘Your Computer is Infected’ scareware window. The malware is also designed to offer a solution to all of these problems, in the form of – you guessed it – a fake security product. Users who enter payment information effectively share it with cybercriminals, receiving nothing in return, and participating in what’s pretty much the automated equivalent of the Tech Support Scam.
In all, Rovnix is not particularly inventive, and yet it has still managed to infect a large number of users and prove profitable for the criminals who spread it. Why is this the case? Most likely because outside the world of info-sec headlines, most people do not even know that threats like Rovnix exist. Cybercriminals leverage this lack of knowledge to make large profits, with little effort, and though it may be blasé to those in the know, malware like Rovnix may actually be the greatest threat to everyday Internet users around the world.
With un-inventive threats like Rovnix, prevention doesn’t necessarily hinge on anti-malware being able to detect it – it hinges on user awareness. To help stop such threats, let your friends know: The Internet is a Dangerous Place! Once they realize what they are actually dealing with every time they go online, they may be interested to know that Emsisoft handles 300,000 new threats like Rovnix every single day, and that independent tests confirm that Emsisoft Anti-Malware is one of the few security products available that can block absolutely everything.
Have a great (malware-free) day!
For more on Rovnix, see this recent article from TechWorld.
Anyone who thinks they may be infected by Rovnix should contact Emsisoft Support.
The Virus Bulletin-testers specifically pointed out Emsisoft’s excellent detection rate and history of flawless detection of Windows comparatives. With no false positives and close to a 100% detection rate, Emisoft Anti-Malware left 20+ vendors behind in ranking.
Our newly revamped interface also received an honorable mention- we are very proud of our new sleek interface and are pleased our users enjoy it!
“… a very clean and attractive new look, with large, clear emblems and text, and nice use of color to indicate status. The layout is simple to navigate and a decent set of basic configuration options are provided.”
VB100: Independent anti-malware comparisons
In this comparison, the VB test team put 48 products through their paces on Windows 8.1. Over 900,000 files were included in the test, and thousands more proactive and reactive sections were added on the fly for this in-depth comparison round.
The full August 2014 VB100 Comparative Review on Windows 8.1 is available here.
So there was this nude celebrity photo leak over the weekend. If you’ve been on the Internet lately, you might have heard a thing or two about it. Right now, nobody is certain of how it happened.
Initial reports suggested that the leak was due to a security vulnerability in the Find My iPhone feature, dubbed iBrute, which could have allowed hackers to use automated brute force password guessing on the Find My iPhone sign-in page. Apple quickly dismissed this rumor, while patching the vulnerability in the very same breath. According to Apple, the celebrity account credentials were merely cracked by: “a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.” Likely, this means a group of hackers simply researched celebrities’ personal lives and guessed credentials until they got them right.
As a means of protection, Apple suggested the use of strong passwords and two-factor authentication (2FA).
Soon after, however, a report from Wired pointed to the existence of a software (and others like it) called Elcomsoft Phone Password Breaker. Elcomsoft et al. allow users to create full backups of iCloud data without a security token, even if 2FA is enabled. A report from The Register has now even published a quote from Elcomsoft stating that the software can access data without login credentials:
But now we have discovered a way to gain access to iCloud information without usually necessary login credentials. The new EPPB version suggests law enforcement and investigators an easy password-free access to iCloud accounts extracting essential information in real time without delay no matter if [a] password is available or not.
All of this points to a truth most everyone knew before this whole celebrity nude selfie scandal even took place: If you put it on the cloud, it might just float away.
How to get your self(ies) off the cloud
Cloud storage is convenient. It is also a profitable business. This is why you won’t find many cloud providers publishing instructions on how to disable cloud auto-sync. If you’re storing sensitive data, however, not storing it on the cloud is the simplest and most effective way to prevent a cloud data leak.
To disable photo uploads to iCloud from your iOS device:
Go to Settings > iCloud > Photos or Photo Stream, and then switch to Off.
To disable iCloud entirely, go to the bottom of the menu and select Delete Account.
To disable photo uploads to the Google+ cloud service from your Android device:
Go to the Photos app > General Settings, and then switch Auto-Backup to Off.
Additionally, Android sync settings can be managed and disabled through Settings > Accounts & sync.
And if you must take them, where to put them instead
Perhaps most importantly, it is crucial to remember that when you put something on the cloud – be it iCloud, Google Drive, Dropbox, or any other service provider – that means it can be accessed from anywhere. This can be extremely convenient for everyday file sharing purposes, but dangerous when sensitive data comes into play.
If you are using a smartphone – or any Internet connected device, for that matter – it is important to find out what exactly is being placed on the cloud when you hit Save. You may actually be sharing much more than you want. Once you figure out what is being stored where, you can then implement alternative storage options, such as an encrypted external hard drive.
As navigating each cloud service is different, we recommend that anyone who needs help check out our Malware and Computer Security forum for assistance. There, you can consult an expert for free, even if you are not an Emsisoft customer yet. For enhanced mobile security, you can also consider adding Emsisoft Mobile Security to your repertoire. It can remotely lock or wipe a lost or stolen phone full of… “sensitive data” in just one swipe.
Have a great ( clothing-free 😉 day!
– See more at: http://blog.emsisoft.com/2014/09/03/no-more-nude-selfies-at-least-not-on-the-cloud/#sthash.qjHZX9af.dpuf
Facebookers beware. Research has confirmed that malware comes in every color, and that an old trick has struck again. It’s called the Facebook color changer, and it is downright malicious.
Like many an app, the color changer entices with a simple ad that appears on the side panel of your Facebook. Rather than leading you to a legitimate downloader, though, clicking on the ad brings you to a malicious website. According to reports, this website can steal Facebook access tokens (allowing attackers to connect to your friends) and infect both PC and Android devices with malware, if users decide to download the app.
As yet, a reported 10,000 Facebook users have been affected by this latest incarnation of the Facebook color changer, which has intermittently reappeared over the last 2 years.
Anyone who has downloaded the app is urged to uninstall immediately under Facebook’s app settings and change their Facebook password to something strong and unique as soon as possible. Anyone who sees advertisements for the app on their Facebook should not click. Finally, those who require malware removal assistance are encouraged to contact our experts at Emsisoft Support. Don’t worry, we won’t tell any of your friends 😉
Have a great (and-colorful) day!
– See more at: http://blog.emsisoft.com/2014/08/08/dont-download-that-facebook-color-change-app-its-malware/#sthash.aL6dzGcr.dpuf
It’s that time of year again – AV-Comparatives has published the results of its 4 month long anti-malware comparative marathon: the Whole Product Dynamic Real World Protection Test, which is the most signficant comparative in their testing series.
What does that mean for Emsisoft users?
More proof that Emsisoft Anti-Malware provides the highest possible level of anti-malware protection and performance.
An Advanced+ Challenge
AVC’s “Real World” protection test is meant to emulate real world conditions. Accordingly, tested products can use any and all of their protection features to prevent malware infection from a daily stream of the most recent threats, over the course of 4 full months. In all, each product was exposed to 4,003 malware samples – roughly 1,000 a month. At the end of testing, prevention-infection rates were tallied and compared.
An Advanced+ Performance
* Emsisoft Anti-Malware received Advanced+ Certification. Only 7 others from a group of 22 can say the same.
* Emsisoft Anti-Malware properly blocked 3,998 out of 4,003 test cases. Only 5 malware samples were not properly blocked. At 99.9%, this was the best detection rate amongst all participants.
* In 17 test cases, Emsisoft Anti-Malware showed an alert window that let the user decide whether to block or allow (while the recommended action was always block). AVC deducts points in cases where user interaction is required, and it is for this reason alone that we ranked #4 in the total results – even with the highest malware detection rate in the testing.
* Emsisoft Anti-Malware competed as one of the only non-Internet Security Suite offerings. That means we provided some of the best protection in testing with the fewest computing resources at our disposal.
AV-Comparatives is an independent not-for-profit organization offering systematic testing that checks whether security software, such as PC/Mac/Android-based antivirus products and mobile security solutions, lives up to its promises. Using one of the largest sample collections worldwide, it creates a real-world environment for truly accurate testing. AV-Comparatives offers freely accessible results to individuals, news organizations and scientific institutions. Certification by AV-Comparatives provides an official seal of approval for software performance which is globally recognized.
Full March-June 2014 Whole Product Dynamic Real World Protection Test results available for download here.
– See more at: http://blog.emsisoft.com/2014/07/31/emsisoft-runs-4-month-malware-protection-marathon-at-av-comparatives-finishes-first/?ref=news140805&utm_source=newsletter&utm_medium=newsletter&utm_content=onlineversion&utm_campaign=news140805#sthash.EGw452PV.dpuf
For the last seven months, Facebook has been duking it out with an elusive pair of malware authors who’ve been using the social media platform to spread a cryptocurrency mining botnet through spam. Dubbed Lecpetex, the botnet spread from friend to friend through private message spam containing malicious executables and scripts.
Facebook reports that the highest concentration of infection was in Greece, and that Lecpetex infected a total of 250,000 accounts – with an additional 50,000 accounts affected by the botnet’s spam. Lecpetex was capable of the following commands:
- fbspread (spread via Facebook)
- fbusernames (use browser cookies to collect Facebook usernames and passwords)
- ltc (turn Litecoin mining on or off for a group or all)
- hwinfo (collect CPU, RAM, GPU info from each victim)
- payload install (arbitrary executable)
- restart system
- CoreUpdate (update core module)
Lecpetex’s authors were also capable of the following humor ;):
Hello people.. 🙂 <!– Designed by the SkyNet Team –> but am not the f***ing zeus bot/skynet bot or whatever piece of sh*t.. no fraud here.. only a bit of mining. Stop breaking my ballz..
The above was a message FB security researchers retrieved from the bot’s C&C servers, after their counter efforts were launched. Playful though it may be, it wasn’t enough to keep the cybercrooks from being terminated. Soon after Facebook discovered the bot’s concentration in Greece, they contacted local authorities and established a collaborative effort. Today, both malware authors are sitting in jail. Among the confiscated goods, Greek police found evidence that the authors were working on a cryptocurrency “mixer,” the intent of which would have been to launder stolen coins. Additionally, reports indicate that Lecpetex managed to steal an email password connected to the Greek Ministry of Mercantile Marine.
At present, Lecpetex is no longer an active threat, however anyone who thinks they may have been infected by the botnet is encouraged to contact Emsisoft Support as soon as possible. Have a great (bot-free) day!
– See more at: http://blog.emsisoft.com/2014/07/09/facebook-fights-malware-calls-greek-police-and-wins/#sthash.xCbkOyt4.dpuf
If your computer is locked, and you are seeing a “ΠΡΟΣΟΧΗ! Ο υπολογιστής σας έχει μπλοκαριστεί” notification from Αστυνομία Κύπρου, then your computer is infected with a piece of malware known as Trojan Urausy.
This threat is distributed through several means. Malicious websites, or legitimate websites that have been compromised, may drop this trojan onto a compromised computer. This drive-by-download often happens surreptitiously. Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software.
The Αστυνομία Κύπρου virus is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.
Once installed on your computer, the Αστυνομία Κύπρου virus will display a bogus notification that pretends to be from the Αστυνομία Κύπρου (Cyprus Police), and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The Αστυνομία Κύπρου virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay a non-existing fine of €100 in the form of a Ukash or Paysafecard code.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam, so that the bogus Αστυνομία Κύπρου notification shows what is happening in the room.
The Αστυνομία Κύπρου virus locks the computer and, depending on the user’s current location, displays a localized webpage that covers the entire desktop of the infected computer and demands payment for the supposed possession of illicit material.
Cyber criminals often updated the design of this lock screen, however you should always keep in mind that the Cyprus police will never lock down your computer or monitor your online activities.
The message displayed by the threat can be localized depending on the user’s location, with text written in the appropriate language.
The Αστυνομία Κύπρου lock screen is a scam, and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you send any Ukash or Paysafecard code to these cyber criminals, and if you have, you can should request a refund, stating that you are the victim of a computer virus and scam.
Αστυνομία Κύπρου lock screen – Virus Removal Guide
STEP 1: Remove Αστυνομία Κύπρου lock screen from your computer
Αστυνομία Κύπρου Paysafecard Ransom has modified your Windows registry and added its malicious files to run at start-up, so whenever you’re trying to boot your computer it will launch instead its bogus notification.To remove these malicious changes, we can use any of the below methods :
Method 1: Start your computer in Safe Mode with Networking and scan for malware
Some variants of Αστυνομία Κύπρου virus will allow the users to start the infected computer in Safe Mode with Networking without displaying the bogus lock screen. In this first method, we will try to start the computer in Safe Mode with Networking and then scan for malware to remove the malicious files.
- Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
- Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen.
- On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
- If your computer has started in Safe Mode with Networking, you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
IF the Αστυνομία Κύπρου virus didn’t allow you to start the computer in Safe Mode with Networking,you’ll need to follow Method 2 to get rid of its lock screen.
Method 2: Restore Windows to a previous state using System Restore
System Restore can return your computer system files and programs to a time when everything was working fine, so we will try to use this Windows feature to get rid of Αστυνομία Κύπρου lock screen.
- Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen.
- Use the arrow keys to select the Safe mode with a Command prompt option.
- At the command prompt, type cd restore, and then press ENTER.
Next,we will type rstrui.exe , and then press ENTER.Alternatively, if you are using Windows Vista, 7 and 8, you can just type : C:\windows\system32\rstrui.exe , and press ENTER.
If you are using Windows XP, you will need to type C:\windows\system32\restore\rstrui.exe, and then press ENTER.
- The System Restore utility will start, and you’ll need to select a restore point previous to this infection.
- After System Restore has completed its task, you should be able to boot in Windows normal mode, and perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
IF the Αστυνομία Κύπρου virus didn’t allow you to restore your computer to a previous point, you’ll need to follow Method 3 to get rid of its screen lock.
Method 3: Remove Αστυνομία Κύπρου lock screen with msconfig utility
When your computer was infected with the Αστυνομία Κύπρου virus, this trojan has set a its malicious files to start whenever your computer is booting. IF you didn’t have a restore point, we can use msconfig to remove it’s malicious start-up entry.
- While your computer is in Safe Mode with Command Prompt, type msconfig to start the Windows System Configuration utility.
- Click on the Startup tab, then search for any suspicious or unknonw entries (random numbers or letters, ctfmon.exe, and other suspicious or unknown entries), and unckech them from startup, then click on OK.
This will stop the Αστυνομία Κύπρου virus from starting with Windows, however it won’t remove the malicous files from your computer.
- Type shutdown /r in the command prompt to restart your computer, then perform a scan with Malwarebytes Anti-Malware and HitmanPro as seen on STEP 2.
IF the Αστυνομία Κύπρου virus didn’t allow you to start the computer in Safe Mode with Command Prompt you’ll need to follow Method 4 to get rid of its screen lock.
Method 4: Remove Αστυνομία Κύπρου lock screen with EMSISOFT Anti Malware
Download the Emsisoft Anti-Malware setup program to your desktop.
- Once the installation package has been downloaded, double-click on the EmsisoftAntiMalwareSetup.exe icon to install Emsisoft Anti-Malware.
- If the setup program displays an alert about safe mode if you try to install Emsisoft Anti-Malware in safe mode, please click on the Yes button to continue.
- You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button.
- In the next screen accept the License Agreement by checking the option “I accept the agreement” and click on the install button.
- After the necessary files are copied, you will get to a screen asking the mode that you wish to use Emsisoft Anti-Malware.
- If you want to use the freeware mode whitout protection choose this option, we recommend to use the 30 days free trial (within this option you can get the full version of Emsisoft Anti-Malware for free, click here for more information about the Emsisoft Referral Rewards Program.
- You will now be at a screen asking if you wish to join Emsisoft’s Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button.
- Next Emsisoft Anti-Malware will begin to update it’s virus defenitions.
- When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform.
- Please select the Deep Scan option and then click on the Scan button. The Deep Scan option will take the longest time to scan your computer, but will also be the most thorough. As you are here to clean infections, it is worth the wait to make sure your computer is properly scanned.
- Emsisoft Anti-Malware will now start to scan your computer for rootkits and malware.
- Please be patient while Emsisoft Anti-Malware scans your computer.
- When the scan has finished, the program will display the scan results that shows what infections where found.
- Now click on the Quarantine Selected Objects button, which will remove the infections and place them in the program’s quarantine.
- If you see a messag like “Not all Malware objects have been quarantined, Do you want to place them in quarantine now?” click on “Yes“
- You will now be at the last screen of the Emsisoft Anti-Malware setup program, click on the button Close setup wizzard.
- If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.
- Please reboot directly your computer when Emsisoft Ant-Malware is finished to complete the installation process.
Read more at:
Have you ever been surprised to receive an email from a well known company like DHL, Amazon or a particular financial institution from time to time? If not, you should be, especially if you have never done business with them before. Often, these emails are not sent by the aforementioned corporations, but instead by criminal scammers. In this article we will share some current examples of phishing emails and explain how to recognize them and protect yourself against them.
How phishing works
Scammers favor using well-known company names for two reasons; first, these names appear trustworthy and second, the odds are quite high that the recipient is an actual customer of theirs. The objectives of these fake emails vary; from “only” attempting to spy on the recipient by collecting data, to trying to infect your PC with malware or even defraud you of your money using various methods.
This is a classic phishing attempt, though fortunately a very bad one. What is most striking is the poor grammar and the absence of the company’s return address. Not only is it unclear which company Mr. Shaw even works for, but the dubious email address should also leave you suspicious.
You may also have noticed that the email doesn’t address you personally. Now let’s take a closer look at the link we are invited to click on. The screen shot clearly shows a suspicious URL hidden behind the link. You just need to hover your mouse over the link to see the resulting address. If despite these warning signs you nevertheless click on the link, you will be asked to enter your credit card details on a questionable looking website. If you proceed to enter your data then you can expect to discover unauthorized transactions on your next credit card bill.
This is a slightly better attempt and is aimed at recipients using the online payment service PayPal. They claim that there were failed login attempts and the recipient should therefore open the file attached to the email. The recipient will then be asked to enter their account details and if they do, the scammer gains full access to their Paypal account.
As customers usually have a positive PayPal balance or at least have their bank or credit card details saved within PayPal, the goal is obvious – the victim’s money will quickly be transferred to other Paypal accounts and thus into the criminal’s pockets. Furthermore, opening the attachment is also likely to infect the victim’s PC with malware.
Again, the fact that the email isn’t personally addressed to the customer stands out. Official emails from PayPal always start by personally addressing you. In addition, neither PayPal nor any other company will send you emails asking you to enter your login data, or open attachments, with the exception of PDF files in rare cases.
This scam counts on the fact that people will be curious by nature. After all, it obviously involves a bank transfer, and the email includes an attachment. Unfortunately a lot of recipients of such emails overlook the fact that the email doesn’t address them personally and that they probably don’t even have a transfer pending. The layout of email doesn’t look very professional either.
What’s interesting here is the scammer’s intention: they want you to open the attached ZIP file which is disguised as a PDF file. Once you open the ZIP file, it will contain the executable file report485770.pdf.exe which is also disguised as a PDF file.
The scammer has even gone to the trouble of providing an Adobe Acrobat icon for the file. Anyone who falls for this trick opens their PC’s door to malware – as the seemingly innocuous file is actually a worm recognized by Emsisoft Anti-Malware as Win32.Garnarue.
How to protect yourself
All these examples are genuine and weren’t recognized by the spam filters in common email programs like Microsoft Outlook or Thunderbird. Therefore the risk to you is very high and not to be taken lightly, considering that it’s primarily your wallet or the security of your PC and data that are under threat.
Incoming mails should always be analyzed before opening any attachments or links. Please keep the following points in mind:
- What email address is present in the “To” field? If the mail isn’t addressed to your exact address, it is highly likely to be a scam.
- The email address of the sender should also be logical. Most companies use formats such as Name@company.com or at least general addresses such as firstname.lastname@example.org or email@example.com.
- Are you addressed by name? Mail-order companies, friends and family members usually know your name and will therefore send you personalized emails.
- Is the layout professional and does it reflect the company’s identity? Legitimate senders pay attention to style and visual appearance whereas scammers generally don’t. Emails containing many spelling errors are particularly likely to be phishing attempts.
- Do the included links really take you to the company’s website? When moving your mouse over a link, you can clearly see the target address. If the address looks suspicious: Stay away!
- What type of file is attached to the email? You will usually receive PDF or DOC files, as there is no need to compress them into ZIP files. Never run any exe files! Please always pay attention to file extensions.
The more of these points that don’t add up, the more likely it is that the email is a scam. You can also actively protect yourself by following these three rules:
- Choose to display emails as “plain text” rather than HTML. This will make a few emails display oddly, but will enable you to immediately recognize fake links.
- If an email asks you to log into your account or contact a certain company, don’t click on any links or open any attached files. Instead, enter the address of the corresponding company into your browser manually. If in doubt, just get in touch with a customer service representative, as they can enlighten you on the authenticity of an email.
- Use anti-virus software with real-time protection.
Emsisoft Anti-Malware, for example, protects you in three ways by blocking malware before it can be executed using the powerful dual-engine scanner and behavioral analysis. In addition, the surf protection blocks access to many phishing sites when you try to access them.
– See more at: http://blog.emsisoft.com/2011/11/18/tec111118/#sthash.KaF6s2ho.dpuf