Are Hackers Using Your Webcam to Watch You?

webcam-hacking

 

 

Here is an interesting article about how a hacker can take control of your PC or Laptop web-cam.

 

 

By Kim Boatman

Steven Fox, an IT security expert, was chatting with friends on his webcam one night when he started receiving some strange emails. Imagine his surprise when he opened one and found images of himself chatting.

His webcam had been hacked by a “script kiddie,” a person who uses malware written by someone else to show off their skills at accessing other computer systems, says Fox. He quickly detached the webcam, but he had to reinstall his operating system after he found malware installed on his computer. “It was painful, but it was a learning experience,” says Fox, who writes a column for the journal of the Information Systems Security Association.

The Risks of Web-cams
Webcams may let you stay in touch with friends and family, but they also pose risks of people hacking into them and spying on you. A Pennsylvania lawsuit accused a school district of using webcams on school-issued laptops to spy on students and their families. And in 2009 in China, a sophisticated network of hackers known as GhostNet cracked 1,295 webcams in 103 countries.

Since most laptops now come with a built-in webcam, it’s critical to understand the risks, says Richard Stiennon, a malware expert with IT-Harvest, a research firm that specializes in Internet security. “We all have to become aware that our every action could be watched,” says Stiennon.

How Hackers Attack Web-cams
Most hackers utilize so-called Trojan horse attacks, says Stiennon. You click on an attachment or download a piece of music or video infected with malware, and a hacker is able to remotely control your PC’s functions.

Fortunately, you can take steps to secure your webcam. Experts offer these do’s and dont’s:

  • Don’t click on suspicious attachments. You’ve heard it before, but too often we click without thinking. Email attachments remain a prime source for malware. Be wary of those supposedly funny emails forwarded by friends and family. You should also avoid suspicious sites offering free downloads of music, TV shows or videos.
  • Do use a firewall. “Firewalls provide a measure of protection against unwanted traffic,” explains Fox. Your computer comes with a firewall, but you need to make sure it’s turned on. If you use a Windows operating system, click on the Windows symbol in the lower-left corner of your screen, search for Windows Firewall, and you’ll be able to check the firewall settings. If you use a Mac OS, open System Preferences, click on the Sharing icon, select the Firewall tab and click Start.
  • Do use strong antivirus software. Install a security suite that offers malware and spyware protection, then make sure you keep the protection up-to-date.
  • Don’t keep PCs with web-cams in bedrooms. Limit webcam use to high-traffic areas, and remind family members not to do anything in front of a webcam they wouldn’t want the world to see.
  • Do secure your wireless connection. Make sure your wireless connection is protected with a unique password (not the default one that came with the router).
  • Don’t talk to strangers. Avoid IM conversations with people you don’t know, and advise your kids to do the same.
  • Do be cautious about accepting tech help. Would-be hackers have been known to ingratiate themselves with acquaintances by offering computer help. But that gives them the chance to rig web-cams so they can spy on the computer user.
  • Do look for the indicator light. On external web-cams, you’ll usually see a red light indicating the camera is on. Laptops with internal webcams usually have an LED indicator too. If you use an external webcam, simply detach it from the USB port when it’s not in use.

In the end, your best bet is to use a decidedly low-tech solution, say the experts. “The ultimate security control is to cover the lens,’’ says Fox. If your webcam doesn’t come with a lens cover, use an adhesive bandage or even a yellow sticky note to cover it up. (Just make sure nothing sticky is touching the lens itself, so you don’t damage it.) “It sounds silly, but it gives you positive feedback that no one is spying on you,” says Stiennon.

Kim Boatman is a Silicon Valley, Calif., journalist who writes about security and technology. She spent more than 15 years writing about a variety of topics for the San Jose Mercury News.

Internet Crime and Taxes are two of life’s certainties

AVG (AU/NZ) reminds consumers and small businesses to be alert to the latest online scams and phishing attacks targeting this tax return season.

MELBOURNE, 13 June 2012 — Ahead of this year’s tax return season, AVG (AU/NZ) Pty Ltd, distributor of AVG Technologies’ award-winning AVG Internet and mobile security software in Australia, New Zealand and South Pacific, alerts consumers and small businesses to the latest attempts by cyber criminals to gain access to lucrative identity and financial information. With upwards of 2.5 million individuals using the Australian Tax Office’s e-Tax electronic tax return service, cyber criminals have a huge, potentially receptive audience for their activities. Security Advisor at AVG (AU/NZ), Michael McKinnon, said: “Internet crime and taxes are now two of life’s certainties. Cyber criminals are starting to release this year’s crop of end of financial year scams to trick taxpayers into revealing highly valuable personal and financial information. As younger members of the community join the workforce and others shift from paper-based to online tax return processes, there is always a new audience for inventive tax season scams.” There’s a certain inevitability about June 30: it will bring new ways to scam the unwary and new phishing frauds asking for your credit card details including:

  • Offers of government grants needing to make payments prior to the end of the financial year.
  • Prompts for baby bonus applications.
  • Assistance to find lost superannuation funds.
  • Notification that your company tax rate has changed.

The Government’s SCAMWatch website is currently alerting Australians to be aware of Carbon Price scams seeking your personal banking details to pay carbon tax compensation into your bank account or offering to sell you fake carbon credits. Many of us now communicate directly with tax advisors via email so other tricks include sending phishing emails that ask you to open what appear to be legitimate attachments to fill out personal details. The simple act of clicking on that attachment could redirect you to a malicious website, or deliver to your computer an infection that could launch an attack on your accounts and extract financial details. McKinnon said: “When you consider all the information included in your return – your tax file number, details of investments, retirement accounts, employment, the property you own – in the hands of cyber criminals, your identity and more could be at risk. And if you see an offer that looks too good to be true – avoid it. Any offer of an online refund will absolutely be a scam because that’s not how the ATO or any other Australian government agency operates.”

Some top tips to help you safely file your tax return this year:

  • Use the end of financial year to review your personal or business online security systems to ensure your protection is fully and automatically up to date – on all computers, phones, other mobile technologies, plus USB and other memory devices from which you will gather, store and send your financial information.
  • Do your homework by reviewing the ATO and SCAMWatch online security pages.
  • In communicating with your tax advisor, consider creating a password protected Zip file of your financial data.
  • Always open your e-Tax filing directly from the ATO’s site (www.ato.gov.au); never click through to the site from an email invitation. The filing of tax returns directly via the ATO’s e-Tax service is secure.
  • Always use a trusted WiFi or Ethernet connection from your home or office to file your tax return – never use a public WiFi without a firewall in place and Internet security installed.
  • Be cautious of anything that you haven’t directly requested and only respond to those communications you’ve initiated.
  • Delete all related emails from your server once you’ve filed your return.
  • While the ATO uses emails and SMS for service alerts, it will never request the confirmation, update or disclosure of confidential personal details. If you receive suspect communication from ‘the ATO’ or any other ‘government department’, do not click on any links in an email or answer phone questions. Report it immediately to the ATO.

Tax Time Cyber Crime Assistance

  • Examples of current Tax Refund scams: http://www.ato.gov.au/onlinesecurity
  • The Australian Government’s cybersecurity website, Stay Smart Online, provides information for Australian Internet users on the simple steps they can take to protect their personal and financial information online.
  • Australian Competition and Consumer Commission (ACCC)’s SCAMWatch provides information to consumers and small businesses about how to recognise, avoid and report scams.
Norton Security Standard

What Antivirus software do we recommend?

Norton Security StandardUp until about 2012, I was of the opinion that AVG Free was as good as any Antivirus software, on the proviso that you didn’t do stupid things online like visiting porn websites, clicking on links in emails that were obvious phishing scams and making sure you kept Windows up to date along with Java, Adobe Flash and Adobe Reader.

Well all that still stands, except that I now recommend Avast Antivirus as a free alternative. But I have found there is an increasing number of really nasty viruses out there that are just getting past the Free Products, and as such, I have now changed my thinking and moved to the Norton Security suite of products by Symantec, and now recommend this as my preferred Security solution.

I had an experience a number of years back that taught me a valuable lesson.  Being in the industry that I am in, I should have known better, but like all of us I got complacent.

I used a USB Flash Drive with some Virus Removal tools on an infected PC.  The PC had a nasty Rootkit Virus among other things, and it transferred the virus to my USB Drive.  When I got back to the office I wanted to retrieve a log report off the USB Drive and plugged it into my PC which was protected by AVG.  Well it turns out it wasn’t very well protected at all because the virus was instantly transferred to my PC without so much as a peep out of AVG or indeed any other sign.

The first I knew about it was when I started receiving 100’s of returned emails with the usual spam topics and a phone call from my web host telling me they had disabled my email accounts.  What followed was a time consuming effort to remove the virus and it was at this time I changed my recommendation from AVG to the Norton suite of products.

Traditionally I haven’t been a fan of Security Suites, and I’m still not, but Norton these days is minimal in it’s intrusiveness and uses fewer system resources than some of the others, and more importantly it detects those nasty viruses that AVG didn’t and still doesn’t.

FYI we sell Norton Standard for $29.  This will cover 1 PC’s for 12 mths.

How Can You Find Out If Someone Is Hacking Your Computer?

Computer-Hacker

 

Here is an interesting article about what signs to look for to determine whether you may be infected with viruses/malware that allow a hacker to take control of your PC.

 

 

 

How Can You Find Out If Someone Is Hacking Your Computer?

by Gaurav Srivastava

Many of you become innocent victims of hackers who break in your computers and steal all they can from the credit card details, bank information, emails, passwords, to professional documents among other critical things. You cannot really avoid hackers, their viruses and malware software when you are online but yes you can certainly avoid being a victim. This free virus removal support guide discusses how you can find out if someone is hacking your computer.

Step 1

When you reboot your computer, it reboots twice instead of once. It happens because the hacker has to boot his server in order to keep accessing your Windows or Mac computer. Thus, your computer quickly reboots after you reboot it and the startup screen appears twice. Another symptom of being hacked or virus-infected is when your computer reboots or shuts down on its own time and again. It means it doesn’t seek for your mouse or keyboard prompts to be shut down or restarted. When you attempt to access a program on your computer, you are not able to do it. You cannot access Task Manager, the Start menu or anything on your computer.

Step 2

When you open your web browser, some other website loads up but not your regular home page. When you search for something in your search engine, you are being redirected to websites that you have never browsed or even heard of. These can be adult or malicious websites prompting you to download adult materials or fake virus removal tools. If your web browser has a new toolbar, add-in, or plug-in that you did not install, it indicates that your browser and computer has been hacked. You do not see your usually plug-ins, add-ins, or toolbars when the browser is hacked. Besides, if your internet speed is really slow, it indicates your computer has a virus.

Step 3

If your CD- or DVD-ROM drive opens up without your action. Your computer has missing icons like Network Places, antivirus, or Outlook etc. However, you see new programs like virus removal tool (that you didn’t even download), music file etc. showing up on your desktop. If you see that your computer clock shows a different date & time, time zone settings, and daylight savings etc. (unless you have changed them), it has a stubborn, dangerous malware.

Step 4

If you have a firewall program like ZoneAlarm installed on your computer, it can tell you if someone has tried hacking it. Open ZoneAlarm or the firewall program you have and check if it has logged any malicious program entry that was attempting a server setup on your computer. If your firewall or antivirus program takes forever to scan your computer, it indicates that it has been compromised. If your antivirus icon is missing from your computer and it does not even open once you have found it, it has a virus that has disabled it to prevent itself from being removed.

Step 5

If you run a virus scan from your antivirus software, it shows multiple infected files and programs that you never even downloaded to your computer. All of a sudden you have multiple files with weird names like mslove.exe, abcd1234.exe, or giaehi45.jpg etc. in your computer. all of a sudden your computer starts taking forever to open a small program like Run or Command Prompt etc. The CPU usage shows 100% (maximum) for a small process like explorer.exe.

Step 6

When your friends tell you about the new links or posts you have shared (that you have never actually shared) on your Facebook, Instagram, or Twitter profile. When your friends or relatives receive bogus emails containing adult or objectionable materials, link etc. from your email address. When your credit card or online banking does not accept your password despite that you have it correctly and have not changed it in the recent past.

The Author of this article is associated with V tech-squad Inc, V tech-squad Inc. is a cloud based technical support provider to consumers and small businesses. if you have any problem while performing the above steps and need technical assistance for online virus removal, You can reach V tech-squad online technical support at their Toll Free No +1-877-452-9201.

About V tech-squad Inc.

V tech-squad Inc. is a cloud based online technical support provider to consumers and small businesses. V tech-squad provides support to users for issues with their PCs, Mac’s, Tablets, Phones such as iPhone and Blackberry and devices such as MP3 players, Printers, Scanners, Fax, Wireless networking gear, Netflix, Roku boxes and TVs. With an obsessive focus on quality and building technical expertise, V tech-squad continues to maintain an issue resolution rate of more than 90%. V tech-squad’s credibility has been tested by more than 10,000 customers. Currently V tech-squad provides support services to consumers and small businesses in United States. For more information on V tech-squad, Inc. visit vtechsquad.com.

Article Source: EzineArticles.com

Online scam artist tactics exposed

This video specifically talks about Craig’s List, but equally applies to Ebay, Gumtree and every other online selling and buying service.

Given that so many people fall for these scams, it’s worth taking a look.

The original YouTube video is shown below.

Viruses and Malware

Why You Get Viruses

Viruses and MalwareThere is an interesting study by a Danish security firm that found the main reason people get viruses is because they don’t update their software.

The main reasons for getting infected are through old versions of Adobe Flash, Adobe PDF Reader, Java and Microsoft Internet Explorer. So if you use these, make sure you keep them up to date!

The conclusion of this study is that as much as 99.8 % of all virus/malware infections are caused by exploit kits and are a direct result of the lack of updating these five specific software packages.

As I always say, prevention is better than a cure, and as annoying as it is, it’s safer to keep your software up to date (and less annoying than getting a virus).

Microsoft recently published a similar study where they found about 90% of virus infections were through unpatched software.

Great Security Myth: I Don’t Need Anti-Virus Protection because I Bought an Apple Mac!

virus-detectedMelbourne, 28 May 2010 – AVG (AU/NZ) Pty Ltd warns that Apple Macs running the OS X operating system, or some flavour of Linux distribution, are not immune to viruses, malware and other forms of Internet-carried spambots, Trojans, hacking and phishing.

That’s right, Apple Macs running the OS X operating system, or some flavour of Linux distribution, are open to attack from cyber criminals.

Now of course hackers and spammers are not stupid and they know that Windows users represent the ‘low hanging fruit’ in terms of potential targets. The sheer weight of numbers that the Windows’ user base carries with it makes it the primary target for malware attacks – and it’s going to stay that way for the foreseeable future.

“But,” Lloyd Borrett, Marketing Manager, AVG (AU/NZ), says: “The web changes everything. More specifically, web services, social media and online applications change everything.

“Suddenly you are operating one step further away from your Mac’s desktop and you are at the mercy of live real-time contact from third parties and the World Wide Web in general. This levels the playing field in some senses, so that suddenly your Mac is not a Mac for a moment – instead it’s just a computer.”

With the growing popularity of web services from Twitter and Facebook and so on, the opportunity to spread malware hidden in a simple link has, arguably, never been greater.

So Mac’s do have vulnerabilities and people should be increasingly aware of browser security concerns. Without identifying specific security holes in Safari or Opera (or Firefox for that matter), the operating system is no longer the primary target for Internet-driven user attacks by cyber criminals. The target is the application itself and the user’s behaviour within it.

Apple’s popularity is growing all the time even if its market share is still somewhere around less than 10 percent globally. Just this year security researchers found eight fresh zero-day vulnerabilities in Apple’s Safari browser.

“What matters most is that viral attacks are constantly evolving and looking for fresh blood,” Borrett continued. “So, everyone needs to think about Internet security protection. It’s as simple as that.”

Technical Facts

Looking objectively at the Mac operating system and tools, there is arguably a larger total surface area of code open to potential attack.

Combining rich use of Flash and Java with support for multiple file formats does not exactly put up extra barriers. Digging deeper, Address Space Layout Randomisation (ASLR) has been around since Windows Vista as an anti-exploitation technology, yet it is only present in Mac OS X 10.5 in some library offsets and therefore does not offer complete protection in the way that the technology was designed.

Conclusion: Apple Mac, Windows or Linux, the fact is that regardless of the operating system each of us is using, we’re all in this together. Everyone needs to be aware of what they are clicking on and use their commonsense – if something doesn’t look quite right, it probably isn’t!

.

Scareware Part 2

Malware/Scareware Threatens to Sue BitTorrent Downloaders.

 

A new malware scam is trying to trick BitTorrent users into paying for illegally downloading copyrighted material.

The malware displays a box with the message “Warning! Piracy detected!” and opens up a web page supposedly run by a Swiss company which states thet are “committed to promoting the cultural and economic benefits of copyright.”

The fake company, the ICCP Foundation, claims to be sponsored by the Recording Industry Association of America, the Motion Picture Association of America and others. TorrentFreak, which was the first to discover the malware, wrote that, “It appears to scan the user’s hard drive for .torrent files and displays these as ’evidence’ of an earlier infringement”.

Victims are warned of possible imprisonment and fines, and given the option of “settling” the “case” for a one-time payment of $400, by credit card.

Obviously you would be crazy to hand over your Credit Card details, but it only takes a small percentage of victims to fall for the scam to make some serious cash, which is why the scammers go to the trouble.

Scareware Part 1

So here’s a new term, “Scareware”.

Someone has coined this new term to describe fake antivirus and antispyware software.
Makers of fake antivirus and antispyware software are exploiting search engines and driving people to sites selling fake security products.

By slightly mis-spelling the name of popular security products, they trick you into visiting their malicious site, and bombard you with messages and pop-ups about how badly you are infected and how many viruses you have and “scaring” you into buying their product. This is fooling tens of thousands of people into purchasing this fake software, which in fact infects them further. I have seen figures that show these cyber-criminals may be making upwards of $10,000 per day.

Popular mis-spellings are Ad-Ware instead of Ad-Aware, Spywarebot instead of Spybot, and Spyware Blaster instead of SpywareBlaster.

There are a multitude of fake products out there. A couple that spring to mind, in addition to those above, are WinXP Antivirus, Antivirus 2009, but there are 1000’s more.

The golden rule is DO NOT just search the internet for a security product. Contact a reputable company for advice, or better yet, just read this Blog!!!!!

Antivirus/Antispyware Software

I am often asked, “what is the best antivirus product to use”. I usually reply with a smart arse response like, “how long is a piece of string?”, quickly followed by, “It matters not what protection you have on your computer. If you do the wrong thing on the internet, you are stuffed”. Or words to that effect.

It amazes me how many people think that just because they have antivirus and/or antispyware software, they are somehow invincibly protected and can do what they like on the internet with impunity.

The fact is that literally thousands of new viruses/spyware/malware are being released every week, and whilst antivirus and antispyware software can detect virus like activity, they cannot possibly know about all the different infections and variants. They are really only as good as the database of known bugs.

So, if you like going to porn sites, crack/cheat/pirated software sites, installing free screensavers willy nilly, surfing for gimmicky add-ons and smiley faces for email and MSN, using peer-2-peer programs like Limewire, then I can almost guarantee it will end in tears.

Having said all that, you MUST have antivirus and antispyware software installed on your computer. I am no fan of Internet Security Suites because invariably they use a lot of system resources and can cause more problems than they prevent. Particularly their firewalls. Usually you will get asked, “do you want to block this thing or allow it?” And you would know the answer to that question how?

I recommend you use AVG Free. It is as good as any other antivirus program and now incorporates a little bit of antispyware as well. You can download it from http://free.avg.com/

****EDIT****

We no longer recommend AVG.

Our recommendation is now Norton Internet Security.

For a more detailed look at what Viruses and Spyware are and the do’s and don’ts, download my virus and spyware notes. Remember Prevention is better than cure. Once you are infected the bugs can be very difficult to remove.