SAN FRANCISCO (KCBS) – If you’re wondering what the top cyber-threats of the new year are likely to be, McAfee researchers have come out with their 2011 Threats Prediction report.

McAfee’s Director of Threat Management Sam Masiello said some very familiar names from social networking sites like Facebook, Twitter and Myspace are at the top of the list as well as some of the geo-location services like Gowalla, Foursquare and Facebook Places.

Also on the list are mobile phone platforms and application market places, which is no surprise according to KCBS Technology Analyst Larry Magid.

KCBS’ Jeff Bell Reports:

“We’re not only using our cell phones for email and web surfing, but for banking and in some cases, disclosing our locations. Naturally criminals are going to have a lot of interest in our phones,” said Magid.

The McAfee list also spells out a number of very specific expected threats including those posed by URL shortening services which don’t allow you to know where you’re going before it’s too late.

“You may be going to a perfect legitimate site like a YouTube video, or you may be going to a website that’s going to try to exploit zero-day vulnerability on your computer and get you infected with malware,” said Masiello.

Maciello and his McAfee Labs crew also expect to see an increase in politically- motivated “hacktivism” and warned that the Mac OS platform is likely to be a bigger attack target than it has been in the past.

(© 2010 CBS Broadcasting Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

SAN FRANCISCO (KCBS) – An old trick that’s beguiled Windows users for years has become a growing threat on Macintosh machines.

Calls have poured into Apple for several weeks about a piece of malware known as Mac Defender that poses as an antivirus warning in order to trick users into paying for software they don’t need.

KCBS technology analyst Larry Magid said what could be the first widespread malware attack in Apple’s history should earn the company an ironic congratulations.

“They’ve arrived. They now are a big enough platform that it is in the interest of malware writers to go after them,” Magid said.

KCBS Technology Analyst Larry Magid Comments:

Developers and users have debated for years whether Apple’s seeming imperviousness to malware and virus attacks stemmed from the skill of OS X programmers or the size of Apple’s user base. Apple’s website boasts about the security of its platform.

Now a piece of scareware like Mac Defender, designed just for Mac, has finally settled the debate, Magid said. “They still have a much smaller market share than Windows, but there are enough Mac users out there that they’re now a target.”

Since Mac Defender’s appearance, users have been grumbling on blogs and in other public forums about the company’s near silence on the issue. Several bloggers and columnists such as Vince Horiuchi at the Salt Lake Tribune, however, have posted how-to steps for getting rid of Mac Defender.

(Copyright 2011 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

SAN FRANCISCO (KCBS) – A new report by mobile security firm Lookout has found that the risk of encountering malware on an Android smartphone is 2.5 times more likely than six months ago.

KCBS Technology Analyst Larry Magid said the malware is downloaded to user’s phones.

KCBS Technology Analyst Larry Magid:

“You might go to the Android Marketplace, which is run by Google. Unlike Apple’s Marketplace for iPhones and iPads, Google doesn’t vet all of the applications on there,” Magid said. “If someone complains, they may take them down. But sometimes, an application will look like a legitimate app.”

Magid said that there are many dangerous Trojans out there, including one that records conversations and stores them on your phone’s SD card.

The report also found that there were 80 infected Android apps in January and more than 400 reported in June.

(Copyright 2011 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

WASHINGTON (CBS / AP) — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org, that will inform them whether they’re infected and explain how to fix the problem. After July 9, infected users won’t be able to connect to the Internet.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

DCWG – Check If Your Computer Is Infected

“We started to realize that we might have a little bit of a problem on our hands because … if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service,” said Tom Grasso, an FBI supervisory special agent. “The average user would open up Internet Explorer and get `page not found’ and think the Internet is broken.”

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn’t enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, “the full court press is on to get people to address this problem.” And it’s up to computer users to check their PCs.

This is what happened:

Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet’s domain name system.

The DNS system is a network of servers that translates a web address – such as http://www.ap.org – into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie’s clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won’t be the last.

“This is the future of what we will be doing,” said Eric Strom, a unit chief in the FBI’s Cyber Division. “Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations.”

Now, he said, every time the agency gets near the end of a cyber case, “we get to the point where we say, how are we going to do this, how are we going to clean the system” without creating a bigger mess than before.

(Copyright 2012 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

SAN FRANCISCO (CBS / AP) — Despite repeated alerts, tens of thousands of Americans may still lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.

The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.

According to the FBI, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April. About 64,000 still-infected computers are probably in the United States.

Related Link:
www.dcwg.org – Check If Your Computer Is Affected

The Canadian Internet Registration Authority said about 25,000 of the computers initially affected by the malware were in Canada, but now only about 7,000 machines remain infected there, according to Canadian Internet Registration Authority spokesman Mark Buell.

He said his organization, together with Public Safety Canada and the Canadian Radio-television Telecommunications Commission, has developed an online site where computer users can check their computers for the malware.

KCBS’ Matt Bigler Reports:

People whose computers are still infected Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

KCBS Tech Report:

And while it was the first time they’d done something like that, FBI officials acknowledged that it may not be the last, since authorities are taking on more of these types of investigations.

The temporary Internet system they set up, however, will be shut down at 12:01 a.m. EDT Monday, July 9.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their online surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

But popular social networking sites and Internet providers have gotten more involved, reaching out to computer users to warn of the problem.

KCBS’ Matt Bigler Reports:

According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers. Some, such as Comcast, already have reached out.

The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer’s Internet server, Comcast sent an email, letter or Internet notice to customers whose computers appeared to be affected.

Grasso said other Internet providers may come up with technical solutions that they will put in place Monday that will either correct the problem or provide information to customers when they call to say their Internet isn’t working. If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims’ computers and could pose future problems.

In addition to individual computer owners, about 50 Fortune 500 companies are still infected, Grasso said.

Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, “Your computer or network might be infected,” along with a link that users can click for more information.

Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.

To check whether a computer is infected, users can visit a website run by the group brought in by the FBI: http://www.dcwg.org.

The site includes links to respected commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.

(Copyright 2012 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

CUPERTINO (CBS/AP) – Apple says a small number of Mac computers at its offices were infected by malicious software, in an attack similar to the one Facebook acknowledged last week.

In both cases, computers were infected through software downloaded from a site for software developers. The attacks took advantage of flaws in the Java plug-in for Web browsers.

Neither company said that there was any evidence that the attackers gleaned any data from their attacks.

The Java vulnerability is well known, and Apple has taken measures to disable the plug-in on all Macs. It says it would release an update malware removal tool to remove infections.

In January, the U.S. Department of Homeland Security recommended disabling Java in Web browsers to avoid hacking attacks.

(Copyright 2013 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

SAN FRANCISCO (KCBS)— This week marks the last day that Microsoft will offer support for its popular XP operating system. The company followed up XP with Vista, which got a fair share of bad reviews when it was introduced.

Tuesday, April 8th is the important date. If you have XP, you need to move on. Normally I don’t buy into hype, but this is not hype. Once Microsoft stops supporting XP, it becomes a sitting duck for all the malware and viruses.

Unless you intend on taking your computer offline, I definitely would not run Windows XP after this date.

Larry Magid: Windows Ending Support for XP, Upgrade Suggested

KCBS Radio

playpause

There’s not only individuals who haven’t upgraded, but companies as well. They don’t want the hassle of re-training staff and they don’t want to go to Windows 8, which also got a negative response when it was introduced.

The good news is you may be able to go to Windows 7 on the same machine. Some people are really going to have to buy a new computer because their current computer may not have the horsepower for even Windows 7, let alone 8.1.

I think version 7 is as good as, if not, better than XP. As far as 8 goes, I’ve had my qualms and reservations.

REDMOND, Wash. (AP) — Microsoft ends support for the persistently popular Windows XP on Tuesday, and the move could put everything from the operations of heavy industry to the identities of everyday people in danger.

An estimated 30 percent of computers being used by businesses and consumers around the world are still running the 12-year-old operating system.

“What once was considered low-hanging fruit by hackers now has a big neon bull’s eye on it,” says Patrick Thomas, a security consultant at the San Jose-based firm Neohapsis.

• ATMs Vulnerable To Hackers After Windows XP Deadline

Microsoft has released a handful of Windows operating systems since 2001, but XP’s popularity and the durability of the computers it was installed on kept it around longer than expected. Analysts say that if a PC is more than five years old, chances are it’s running XP.

While users can still run XP after Tuesday, Microsoft says it will no longer provide security updates, issue fixes to non-security related problems or offer online technical content updates. The company is discontinuing XP to focus on maintaining its newer operating systems, the core programs that run personal computers.

The Redmond, Wash.-based company says it will provide anti-malware-related updates through July 14, 2015, but warns that the tweaks could be of limited help on an outdated operating system.

Most industry experts say they recognize that the time for Microsoft to end support for such a dated system has come, but the move poses both security and operational risks for the remaining users. In addition to home computers, XP is used to run everything from water treatment facilities and power plants to small businesses like doctor’s offices.

Thomas says XP appealed to a wide variety of people and businesses that saw it as a reliable workhorse and many chose to stick with it instead of upgrading to Windows Vista, Windows 7 or 8.

Thomas notes that companies generally resist change because they don’t like risk. As a result, businesses most likely to still be using XP include banks and financial services companies, along with health care providers. He also pointed to schools from the university level down, saying that they often don’t have enough money to fund equipment upgrades.

Marcin Kleczynski, CEO of Malwarebytes, says that without patches to fix bugs in the software XP PCs will be prone to freezing up and crashing, while the absence of updated security related protections make the computers susceptible to hackers.

He added that future security patches released for Microsoft’s newer systems will serve as a way for hackers to reverse engineer ways to breach now-unprotected Windows XP computers.

“It’s going to be interesting to say the least,” he says. “There are plenty of black hats out there that are looking for the first vulnerability and will be looking at Windows 7 and 8 to find those vulnerabilities. And if you’re able to find a vulnerability in XP, it’s pretty much a silver key.”

Those weaknesses can affect businesses both large and small.

Mark Bernardo, general manager of automation software at General Electric Co.’s Intelligent Platforms division, says moving to a new operating system can be extremely complicated and expensive for industrial companies. Bernardo, whose GE division offers advisory services for upgrading from XP, says many of the unit’s customers fall into the fields of water and waste water, along with oil and gas.

“Even if their sole network is completely sealed off from attack, there are still operational issues to deal with,” he says.

Meanwhile, many small businesses are put off by the hefty cost of upgrading or just aren’t focused on their IT needs. Although a consumer can buy an entry-level PC for a few hundred dollars, a computer powerful enough for business use may run $1,000 or more after adding the necessary software.

Barry Maher, a salesperson trainer and motivational speaker based in Corona, Calif., says his IT consultant warned him about the end of XP support last year. But he was so busy with other things that he didn’t start actively looking for a new computer until a few weeks ago.

“This probably hasn’t been as high a priority as it should have been,” he says.

He got his current PC just before Microsoft released Vista in 2007. He never bought another PC because, “As long as the machine is doing what I want it to do, and running the software I need to run, I would never change it.”

Mark McCreary, a Philadelphia-based attorney with the firm Fox Rothschild LLP, says small businesses could be among the most effected by the end of support, because they don’t have the same kinds of firewalls and in-house IT departments that larger companies possess. And if they don’t upgrade and something bad happens, they could face lawsuits from customers.

But he says he doesn’t expect the wide-spread malware attacks and disasters that others are predicting — at least for a while.

“It’s not that you blow it off and wait another seven years, but it’s not like everything is going to explode on April 8 either,” he says.

McCreary points to Microsoft’s plans to keep providing malware-related updates for well over a year, adding that he doubts hackers are actually saving up their malware attacks for the day support ends.

But Sam Glines, CEO of Norse, a threat-detection firm with major offices in St. Louis and Silicon Valley, disagrees. He believes hackers have been watching potential targets for some time now.

“There’s a gearing up on the part of the dark side to take advantage of this end of support,” Glines says.

He worries most about doctors like his father and others the health care industry, who may be very smart people, but just aren’t focused on technology. He notes that health care-related information is 10 to 20 times more valuable on the black market than financial information, because it can be used to create fraudulent medical claims and illegally obtain prescription drugs, making doctor’s offices tempting targets.

Meanwhile, without updates from Microsoft, regular people who currently use XP at home need to be extra careful.

Mike Eldridge, 39, of Spring Lake, Mich., says that since his computer is currently on its last legs, he’s going to cross his fingers and hope for the best until it finally dies.

“I am worried about security threats, but I’d rather have my identity stolen than put up with Windows 8,” he says.

© Copyright 2014 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

SAN FRANCISCO (CBS/AP) — More than a half-million computers in over 100 countries were infected by sophisticated malware that lets cybercriminals remotely hijack a computer and its webcam, authorities said as charges were announced Monday against nearly 100 people worldwide.

Authorities said 97 people suspected of using or distributing the malicious software called BlackShades have been arrested in 16 countries, including the software’s owner, a 24-year-old Swedish man.

“This case is a strong reminder that no one is safe while using the Internet,” said Koen Hermans, a Netherlands official in Eurojust, the European Union’s criminal investigation coordination unit. “It should serve as a warning and deterrent to those involved in the manufacture and use of this software.”

U.S. Attorney Preet Bharara called BlackShades a “frightening form of cybercrime,” saying a cybercriminal could buy a $40 malicious program whose capabilities were “sophisticated and its invasiveness breathtaking.” FBI Agent Leo Taddeo said people suspecting they are BlackShades victims should visit FBI.gov to learn how to check computers.

Authorities said the BlackShades Remote Access Tool or “RAT” has been sold since 2010 to several thousand users, generating sales of more than $350,000. The agency said one of the program’s co-creators is cooperating and had provided extensive information.

BlackShades owner, Alex Yucel, arrested in Moldova last November, is facing extradition to the United States. Michael Hogue, 23, of Maricopa, Arizona—the program’s co-creator—had pleaded guilty in New York after his June 2012 arrest and is cooperating, Bharara said.

The malware lets hackers steal personal information, intercept keystrokes and hijack webcams to secretly record computer users. BlackShades also can be used to encrypt and lock computer data files, forcing people to pay a ransom to regain access.

The hacking tool’s low cost has boosted its popularity across the hacker underground, where variants have long circulated online.

Last year, security firm Symantec said use of BlackShades was rising, with program licenses costing $40 to $100.

French officials said raids last week followed the FBI’s arrest of two BlackShades developers and its distribution of a list of the malware’s customers.

Law enforcement coordination agencies Europol and Eurojust, based in The Hague, Netherlands, said Monday that police in 13 European countries—Austria, Belgium, Britain, Croatia, Denmark, Estonia, Finland, France, Germany, Italy, Moldova, the Netherlands and Switzerland—as well as in the United States, Canada and Chile raided 359 properties and seized cash, firearms, drugs and more than 1,000 data storage devices.

In Paris, the state prosecutor’s office said more than two dozen people were arrested during May 13 raids. It said those arrested were identified by the FBI as French “citizens who had acquired or used this software.”

In a previous BlackShades-related investigation, Dutch police this year arrested an 18-year-old man for using the malware to take pictures of women and girls within view of webcams on about 2,000 computers.

A Southern California man who was sentenced in March to prison for hacking the computers of a future Miss Teen USA and other young women was not part of the case. Authorities say that he had BlackShades on his computer, but that it wasn’t clear whether he used it or another program.

© Copyright 2014 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

PALO ALTO (CBS/AP) – Palo Alto Networks has discovered a new form of malware that may have affected hundreds of thousands of Apple mobile device users, largely in China.

The cybersecurity provider has named the malware WireLurker and said it monitors devices connected by a USB cable to an infected computer and installs malicious applications onto the device. The malware steals a variety of information from mobile devices, but the goal of its creator isn’t clear yet.

Palo Alto Networks said that while the malware allows an attacker to collect “significant amounts of information from a large number of Chinese iOS and Mac OS systems,” none of it points to a particular motive.

The malware is “unlike anything we’ve ever seen” in terms of malware targeting Apple’s iOS and OS X systems, said Ryan Olson, a Palo Alto Networks intelligence director.

“The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms,” Olson said in a statement from the company.

Palo Alto Networks said late Wednesday that the malware is spreading through applications downloaded from Maiyadi App Store, a third-party Mac applications store in China. A total of 467 infected applications were downloaded more than 356,000 times over the past six months.

An Apple spokesman said the company is aware of the malicious software, and it has blocked the apps to prevent them from launching.

“As always, we recommend that users download and install software from trusted sources,” the spokesman said in an email.

Shares of Apple Inc. fell 45 cents to $108.41 in morning trading Thursday, while Palo Alto Networks Inc. jumped 2 percent, or $2.06, to $104.58.

© Copyright 2014 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

SAN FRANCISCO (AP) — Staples Inc. says nearly 1.2 million customer payment cards may have been exposed during a security breach earlier this year.

The office supply retailer said in October that it was looking into a potential credit card breach, adding to a long list of retailers recently hit by cyberattacks.

Staples said Friday that an investigation shows that the criminals used malware that may have allowed access to information for transactions at 115 of its U.S. stores. That includes cardholder names, payment card numbers, expiration dates and card verification codes.

The Framingham, Massachusetts-based company is offering free identity protection services, including credit monitoring, to customers who might be at risk.

The security breach affected different stores at different times between July and September.

NEW YORK (AP) — The next phishing email you get could be from your boss. Especially if you work for Twitter.

With high-profile security breaches on the rise, from Sony Pictures to Anthem, companies are on the defensive. And they want to make sure their employees are not a hack waiting to happen.

Data show phishing emails are more and more common as entry points for hackers. Unwittingly clicking on a link in a scam email could unleash malware into a network or provide other access to cyberthieves.

So a growing number of companies, including Twitter Inc., are giving their workers a pop quiz, testing security savvy by sending spoof phishing emails to see who bites.

“New employees fall for it all the time,” said Josh Aberant, postmaster at Twitter, during a data privacy town hall meeting recently in New York City.

Falling for the fake scam offers a teachable moment that businesses hope will ensure employees won’t succumb to a real threat. It’s even a niche industry: companies like Wombat Security and PhishMe offer the service for a fee.

Phishing is very effective, according to Verizon’s 2014 data breach investigations report, one of the most comprehensive in the industry. Eighteen percent of users will visit a link in a phishing email which could compromise their data, the report found.

Not only is phishing on the rise, the phish are getting smarter. Criminals are “getting clever about social engineering,” said Patrick Peterson, CEO of email security company Agari. As more people wise up to age-old PayPal and bank scams, for example, phishing emails are evolving. You might see a Walgreens gift card offer or a notice about President Barack Obama warning you about Ebola.

SAN FRANCISCO (CBS/AP) — Get ready to see more red warning signs online as Google adds ammunition to its technological artillery for targeting devious schemes lurking on websites.

The latest weapon is aimed at websites riddled with “unwanted software” — a term that Google uses to describe secretly installed programs that can change a browser’s settings without a user’s permission. Those revisions can unleash a siege of aggravating ads or redirect a browser’s users to search engines or other sites that they didn’t intend to visit.

Google had already deployed the warning system to alert users of its Chrome browser that they were about to enter a site distributing unwanted software. The Mountain View, California, company just recently began to feed the security information into a broader “safe browsing” application that also works in Apple’s Safari and Mozilla’s Firefox browsers.

All told, the safe browsing application protects about 1.1 billion browser users, according to a Thursday blog post that Google Inc. timed to coincide with the 26th anniversary of the date when Tim Berners-Lee is widely credited for inventing the World Wide Web.

Microsoft’s Internet Explorer doesn’t tap into Google’s free safe browsing application. Instead, Explorer depends on a similar warning system, the SmartScreen Filter.

Google’s alerts about unwanted software build upon the warnings that the safe browsing system has already been delivering for years about sites infected with malware, programs carrying viruses and other sinister coding, and phishing sites that try to dupe people into sharing passwords or credit card information.

Whenever a potential threat is detected by the safe browsing system, it displays a red warning sign advising a user to stay away. Google also is demoting the nettlesome sites in the rankings of its dominant Internet search engine so people are less likely to come across them in the first place. Google disclosed Thursday that the safe browsing application has been generating about 5 million warnings a day, a number likely to rise now that unwanted software is now part of the detection system.

As it is, Google says it discovers more than 50,000 malware-infected sites and more than 90,000 phishing sites per month.

The safe browsing application had gotten so effective at flagging malware and phishing that shysters are increasingly creating unwanted software in an attempt to hoodwink people, said Stephan Somogyi, Google’s product manager of safe browsing.

“The folks trying to make a buck off people are having to come up with new stuff and that puts us in a position where we have to innovate to keep pace with these guys,” Somogyi said in an interview. “You are now going to see a crescendo in our enforcement on sites that meet our standard of having unwanted software.”

© Copyright 2015 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

SAN FRANCISCO (CBS SF) — A recent report from a team of U.S. cybersecurity experts says 2016 will be the year ransomware holds America hostage.

That’s a scary prediction. Ransomware has been around for decades, and whether this is fact or hyperbole, there has definitely been a recent spike in attacks. And it’s not just data at big companies being taken hostage. Individuals are getting hit more and more. Hackers usually demand about $500 or less, but ransoms can go much higher, even into the thousands of dollars, in some cases. Last year the FBI estimated ransonware hackers extorted more than $24 million — and got away with it.

Basically, there are two types of ransomware: Locker ransomware locks your computer but leaves the files intact; Crypto ransomware encrypts data and filesystems on your computer making them impossible to access, although you can still use the computer.

Arm yourself with knowledge. Learn to spot ransomware and protect your computer before you become a victim. Here are a few tips to help keep you from getting taken hostage.
 

2. Resist clicking on ads. Even on trusted sites, adware may be infected with malicious software. Understand that certain heavily trafficked websites are more prone to malicious adware – porn, horoscopes, celebrity gossip sites and the like are often teeming with malicious spyware masquerading as ads that will infect your computer.

(Thinkstock)

(Wikimedia Commons)

ALSO READ: 2016 WILL BE THE YEAR RANSOMWARE HOLDS AMERICA HOSTAGE, ICIT

CBSSF.com writer, producer Jan Mabry is also executive producer and host of The Bronze Report. She lives in Northern California. Follow her on Twitter @janmabr.

SAUSALITO (CBS SF) — A Florida man was arrested Saturday in connection with a computer scam in which he allegedly stole over $100,000 from a Sausalito resident since last year, police said.

According to police, a 64-year-old woman reported that in 2015 her computer got a virus after downloading a free Windows 10 upgrade.

The woman told police shortly after the download her computer started to improperly function, and several ads for a virus repair began to pop up with recommended “computer repair companies”.

Police said the woman paid one of the companies to attempt to repair her computer but instead her bank accounts were accessed unlawfully, and cash was moved from her retirement account to her checking account.

The company alleged the woman had overpaid them and demanded the money be paid back via a cashiers check made out to Robert Ratkovcic.

Police said Ratkovcic, 49, traveled from Orlando to Sausalito on two occasions during June and July to receive the checks from the woman’s home.

On Wednesday, police learned that an individual from the computer repair company contacted the woman stating they needed an additional cashier’s check and that Ratkovcic would be traveling again to retrieve it.

Investigators set up an undercover surveillance operation and arrested Ratkovcic once he arrived at the victim’s home, according to police.

He was booked into the Marin County Jail on suspicion of theft by false pretenses, grand theft, and conspiracy, police said.

In total the woman had nearly $120,000 stolen from her, according to police.

© Copyright 2016 by CBS San Francisco and Bay City News Service. All rights reserved. This material may not be published, broadcast, rewritten or redistributed

SAN FRANCISCO (KPIX 5) — What your kids do on their gadgets  when they’re out of the house can have an effect on your devices at home.

As kids head back to school, a majority of parents surveyed say their kids will spend more time on devices this year, and AVG Security warns, kids are far more likely to jump on public WiFi networks and take other security risk.

“For this generation of children, the internet is like breathing, but they should be cautious,” Tony Anscombe of AVG said.

Anscombe points out that kids are often quick to jump on any WiFi network they can find to help save their precious data which is often limited on family plans.  However, he warns that hackers can eaisly access whatever kids are doing on public WiFi. They may be unknowingly providing valuable information to potential ID thieves or other predators.

“Think about the info our kids are sharing,” he pointed out.  “They’re on social media, email, and suddenly on public WiFi somebody is sitting there sniffing that.”

Anscombe explains that hackers can also download malware onto your kids device via un-encrypted networks. Once the malware is on a kid’s device, it can follow them home, and infect their parents devices when kids plug into a home computer or network.

“That malware could replicate onto other devices in the home,” Anscombe said.

So, how do you protect your kids when they’re out, and your own devices when they come home?

• First, Tony recommends anti-virus software on every device to protect the family from malware.
• Next, education is key. Make sure kids know not to click on email or text links, and warn them about the risks associated with public WiFi.

While AVG sells anti-virus software, security experts commonly recommend anti-virus protection on your devices.

You may also consider a VPN – virtual private network – which will encrypt the data on public networks. VPN’s are often recommended for people who use public WiFi on planes or in hotels.

However, while adding a VPN to your child’s device may help hide their activity from bad guys, AVG warns that a VPN can also prevent parents from motoring  their kid’s online activity.

LOS ANGELES (CBS SF/AP) – Amy Schumer is the most dangerous celebrity on the internet — and not just because of her no-holds-barred personality.

Intel Security announced Wednesday that the actress-comedian topped its 10th annual list of the most dangerous celebrities online. A search for the “Trainwreck” and “Inside Amy Schumer” star carries over a 16 percent chance of connecting with a site that carries viruses or malware.

Schumer was followed on Intel’s list by Justin Bieber, Carson Daly, Will Smith, Rihanna and Miley Cyrus.

Schumer wasn’t the only funny person to make the cut. Other comedians included Chris Hardwick (No. 7), Daniel Tosh (No. 8), Nikki Glaser (No. 15), Kevin Hart (No. 25), Mindy Kaling (No. 30) and Kristen Wig (No. 52).

Intel used its own site ratings to compile the celebrity list.

TM and © Copyright 2016 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2016 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten. The Associated Press contributed to this report.

PARIS (CBS / AP) — European police agency Europol says the threat from ransomware has now eclipsed other forms of online theft, a sign of how quickly the computer-scrambling software has found favor in the electronic underworld.

Ransomware typically works by taking computers hostage, encrypting the files on victims’ hard drives until they cough up the money demanded to unscramble the data. Criminals often demand payment in the electronic currency Bitcoin.

Hospitals, government agencies and even police forces the world over have fallen victim to the scam, which is usually spread through booby trapped links or attachments. More recently, researchers are warning of a new, self-propagating strain of ransomware that can spread without human interaction.

In a report released Wednesday, Europol said ransomware was “overshadowing traditional malware threats.”

© Copyright 2016 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

WASHINGTON (AP) — U.S. authorities announced Monday they are working to dismantle a global computer network that sent hundreds of millions of spam emails worldwide each year. The Russian man alleged to be at the head of the scheme was arrested Friday in Spain.

The U.S. Justice Department said it was working to take down the sprawling Kelihos botnet, which at times was made up of more than 100,000 compromised computers that sent phony emails advertising counterfeit drugs and work-at-home scams, harvested users’ logins and installed malware that intercepted their bank account passwords.

Controlling the vast network since 2010 was Pyotr Levashov, a 36-year-old described in U.S. court documents made public Monday as “one of the world’s most notorious criminal spammers.”

Levashov’s arrest in Barcelona on Friday, following a joint U.S.-Spanish operation, set cybersecurity circles abuzz after his wife told Russia’s RT broadcaster that he was being linked to America’s 2016 election hacking. Justice Department officials said Monday there was no such connection but declined to elaborate. Details of a pending criminal case against Levashov in the United States remain sealed.

Authorities and cybercrime watchers say Levashov also went by the name Peter Severa, who had long been mentioned in relation to the Kelihos botnet. Court documents filed Monday paint Levashov as a longtime spam kingpin who has been indicted more than once stemming from his sending of unwanted emails to promote various scams. In 2009, he was charged in the U.S. with operating the “Storm” botnet that was Kelihos’ predecessor, the documents say.

He is a fixture on the World’s Ten Worst Spammers list, currently coming in at No. 6, according to Spamhaus, an anti-spam organization.

With the Kelihos botnet, authorities say Levashov’s cluster of infected computers targeted Microsoft Windows users and operated undetected. The malware would search files known to contain usernames and passwords and send those back to the network’s mastermind, and would intercept real-time communications.

Authorities said they were able to derail the botnet in part because an infected computer secretly sends requests for further instructions back to the network’s operator. The FBI said it essentially rerouted those requests to an FBI-controlled substitute server and blocked the botnet’s efforts to regain control of the infected computers.

Investigators were able to disrupt the network because of new changes to federal rules that allow a judge to issue one warrant for computers or devices in multiple districts at once. Lawmakers late last year were concerned the rule change would make it too easy for the government to hack into computers during investigations.

The work in the Kelihos case was a “disruption technique” and not a way for investigators to search the hard drives of personal computers, a Justice Department official said Monday, speaking to reporters on condition of anonymity in order to discuss the ongoing case. The official said investigators’ efforts are showing early signs of success in disrupting the botnet.

Levashov himself couldn’t immediately be reached for comment, and officials did not say whether he had a lawyer.

Vasily Nioradze, a spokesman for the Russian Embassy in Madrid, confirmed the arrest, but wouldn’t say whether Levashov was a programmer. Nioradze wouldn’t comment on reports of a U.S. extradition order. “As it is routine in these cases, we offer consular support to our citizen,” he said.

© Copyright 2017 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

PARIS (CBS/AP) — Up-to-date Microsoft customers are safe from the purported National Security Agency spying tools dumped online, the software company said Saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet .

RELATED: Hackers Release NSA Tools, Could Compromise Millions Of PCs

In a blog post, Microsoft Corp. security manager Phillip Misner said that the software giant had already built defenses against nine of the 12 tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published NSA code. The three others affected old, unsupported products.

“Most of the exploits are already patched,” Misner said.

The post tamped down fears expressed by some researchers that the digital espionage toolkit made public by TheShadowBrokers took advantage of undisclosed vulnerabilities in Microsoft’s code. That would have been a potentially damaging development because such tools could swiftly be repurposed to strike across the company’s massive customer base.

Those fears appear to have been prompted by experts using even slightly out-of-date versions of Windows in their labs. One of Microsoft’s fixes, also called a patch, was only released last month .

“I missed the patch,” said British security architect Kevin Beaumont, jokingly adding, “I’m thinking about going to live in the woods now.”

Beaumont wasn’t alone. Matthew Hickey, of cybersecurity firm Hacker House, also ran the code against earlier versions of Windows on Friday. But he noted that many organizations put patches off, meaning “many servers will still be affected by these flaws.”

Everyone involved recommended keeping up with software updates.

“We encourage customers to ensure their computers are up-to-date,” Misner said.

© Copyright 2017 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed