SAN FRANCISCO (KCBS) – If you’re wondering what the top cyber-threats of the new year are likely to be, McAfee researchers have come out with their 2011 Threats Prediction report.

McAfee’s Director of Threat Management Sam Masiello said some very familiar names from social networking sites like Facebook, Twitter and Myspace are at the top of the list as well as some of the geo-location services like Gowalla, Foursquare and Facebook Places.

Also on the list are mobile phone platforms and application market places, which is no surprise according to KCBS Technology Analyst Larry Magid.

KCBS’ Jeff Bell Reports:

“We’re not only using our cell phones for email and web surfing, but for banking and in some cases, disclosing our locations. Naturally criminals are going to have a lot of interest in our phones,” said Magid.

The McAfee list also spells out a number of very specific expected threats including those posed by URL shortening services which don’t allow you to know where you’re going before it’s too late.

“You may be going to a perfect legitimate site like a YouTube video, or you may be going to a website that’s going to try to exploit zero-day vulnerability on your computer and get you infected with malware,” said Masiello.

Maciello and his McAfee Labs crew also expect to see an increase in politically- motivated “hacktivism” and warned that the Mac OS platform is likely to be a bigger attack target than it has been in the past.

(© 2010 CBS Broadcasting Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

SAN FRANCISCO (KCBS) – An old trick that’s beguiled Windows users for years has become a growing threat on Macintosh machines.

Calls have poured into Apple for several weeks about a piece of malware known as Mac Defender that poses as an antivirus warning in order to trick users into paying for software they don’t need.

KCBS technology analyst Larry Magid said what could be the first widespread malware attack in Apple’s history should earn the company an ironic congratulations.

“They’ve arrived. They now are a big enough platform that it is in the interest of malware writers to go after them,” Magid said.

KCBS Technology Analyst Larry Magid Comments:

Developers and users have debated for years whether Apple’s seeming imperviousness to malware and virus attacks stemmed from the skill of OS X programmers or the size of Apple’s user base. Apple’s website boasts about the security of its platform.

Now a piece of scareware like Mac Defender, designed just for Mac, has finally settled the debate, Magid said. “They still have a much smaller market share than Windows, but there are enough Mac users out there that they’re now a target.”

Since Mac Defender’s appearance, users have been grumbling on blogs and in other public forums about the company’s near silence on the issue. Several bloggers and columnists such as Vince Horiuchi at the Salt Lake Tribune, however, have posted how-to steps for getting rid of Mac Defender.

(Copyright 2011 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

SAN FRANCISCO (KCBS) – A new report by mobile security firm Lookout has found that the risk of encountering malware on an Android smartphone is 2.5 times more likely than six months ago.

KCBS Technology Analyst Larry Magid said the malware is downloaded to user’s phones.

KCBS Technology Analyst Larry Magid:

“You might go to the Android Marketplace, which is run by Google. Unlike Apple’s Marketplace for iPhones and iPads, Google doesn’t vet all of the applications on there,” Magid said. “If someone complains, they may take them down. But sometimes, an application will look like a legitimate app.”

Magid said that there are many dangerous Trojans out there, including one that records conversations and stores them on your phone’s SD card.

The report also found that there were 80 infected Android apps in January and more than 400 reported in June.

(Copyright 2011 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

WASHINGTON (CBS / AP) — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org, that will inform them whether they’re infected and explain how to fix the problem. After July 9, infected users won’t be able to connect to the Internet.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

DCWG – Check If Your Computer Is Infected

“We started to realize that we might have a little bit of a problem on our hands because … if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service,” said Tom Grasso, an FBI supervisory special agent. “The average user would open up Internet Explorer and get `page not found’ and think the Internet is broken.”

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn’t enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, “the full court press is on to get people to address this problem.” And it’s up to computer users to check their PCs.

This is what happened:

Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet’s domain name system.

The DNS system is a network of servers that translates a web address – such as http://www.ap.org – into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie’s clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won’t be the last.

“This is the future of what we will be doing,” said Eric Strom, a unit chief in the FBI’s Cyber Division. “Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations.”

Now, he said, every time the agency gets near the end of a cyber case, “we get to the point where we say, how are we going to do this, how are we going to clean the system” without creating a bigger mess than before.

(Copyright 2012 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

SAN FRANCISCO (CBS / AP) — Despite repeated alerts, tens of thousands of Americans may still lose their Internet service Monday unless they do a quick check of their computers for malware that could have taken over their machines more than a year ago.

The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.

According to the FBI, the number of computers that probably are infected is more than 277,000 worldwide, down from about 360,000 in April. About 64,000 still-infected computers are probably in the United States.

Related Link:
www.dcwg.org – Check If Your Computer Is Affected

The Canadian Internet Registration Authority said about 25,000 of the computers initially affected by the malware were in Canada, but now only about 7,000 machines remain infected there, according to Canadian Internet Registration Authority spokesman Mark Buell.

He said his organization, together with Public Safety Canada and the Canadian Radio-television Telecommunications Commission, has developed an online site where computer users can check their computers for the malware.

KCBS’ Matt Bigler Reports:

People whose computers are still infected Monday will lose their ability to go online, and they will have to call their service providers for help deleting the malware and reconnecting to the Internet.

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up a safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

KCBS Tech Report:

And while it was the first time they’d done something like that, FBI officials acknowledged that it may not be the last, since authorities are taking on more of these types of investigations.

The temporary Internet system they set up, however, will be shut down at 12:01 a.m. EDT Monday, July 9.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their online surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

But popular social networking sites and Internet providers have gotten more involved, reaching out to computer users to warn of the problem.

KCBS’ Matt Bigler Reports:

According to Tom Grasso, an FBI supervisory special agent, many Internet providers are ready for the problem and have plans to try to help their customers. Some, such as Comcast, already have reached out.

The company sent out notices and posted information on its website. Because the company can tell whether there is a problem with a customer’s Internet server, Comcast sent an email, letter or Internet notice to customers whose computers appeared to be affected.

Grasso said other Internet providers may come up with technical solutions that they will put in place Monday that will either correct the problem or provide information to customers when they call to say their Internet isn’t working. If the Internet providers correct the server problem, the Internet will work, but the malware will remain on victims’ computers and could pose future problems.

In addition to individual computer owners, about 50 Fortune 500 companies are still infected, Grasso said.

Both Facebook and Google created their own warning messages that showed up if someone using either site appeared to have an infected computer. Facebook users would get a message that says, “Your computer or network might be infected,” along with a link that users can click for more information.

Google users got a similar message, displayed at the top of a Google search results page. It also provides information on correcting the problem.

To check whether a computer is infected, users can visit a website run by the group brought in by the FBI: http://www.dcwg.org.

The site includes links to respected commercial sites that will run a quick check on the computer, and it also lays out detailed instructions if users want to actually check the computer themselves.

(Copyright 2012 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

CUPERTINO (CBS/AP) – Apple says a small number of Mac computers at its offices were infected by malicious software, in an attack similar to the one Facebook acknowledged last week.

In both cases, computers were infected through software downloaded from a site for software developers. The attacks took advantage of flaws in the Java plug-in for Web browsers.

Neither company said that there was any evidence that the attackers gleaned any data from their attacks.

The Java vulnerability is well known, and Apple has taken measures to disable the plug-in on all Macs. It says it would release an update malware removal tool to remove infections.

In January, the U.S. Department of Homeland Security recommended disabling Java in Web browsers to avoid hacking attacks.

(Copyright 2013 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

SAN FRANCISCO (KCBS)— This week marks the last day that Microsoft will offer support for its popular XP operating system. The company followed up XP with Vista, which got a fair share of bad reviews when it was introduced.

Tuesday, April 8th is the important date. If you have XP, you need to move on. Normally I don’t buy into hype, but this is not hype. Once Microsoft stops supporting XP, it becomes a sitting duck for all the malware and viruses.

Unless you intend on taking your computer offline, I definitely would not run Windows XP after this date.

Larry Magid: Windows Ending Support for XP, Upgrade Suggested

KCBS Radio

playpause

There’s not only individuals who haven’t upgraded, but companies as well. They don’t want the hassle of re-training staff and they don’t want to go to Windows 8, which also got a negative response when it was introduced.

The good news is you may be able to go to Windows 7 on the same machine. Some people are really going to have to buy a new computer because their current computer may not have the horsepower for even Windows 7, let alone 8.1.

I think version 7 is as good as, if not, better than XP. As far as 8 goes, I’ve had my qualms and reservations.

REDMOND, Wash. (AP) — Microsoft ends support for the persistently popular Windows XP on Tuesday, and the move could put everything from the operations of heavy industry to the identities of everyday people in danger.

An estimated 30 percent of computers being used by businesses and consumers around the world are still running the 12-year-old operating system.

“What once was considered low-hanging fruit by hackers now has a big neon bull’s eye on it,” says Patrick Thomas, a security consultant at the San Jose-based firm Neohapsis.

• ATMs Vulnerable To Hackers After Windows XP Deadline

Microsoft has released a handful of Windows operating systems since 2001, but XP’s popularity and the durability of the computers it was installed on kept it around longer than expected. Analysts say that if a PC is more than five years old, chances are it’s running XP.

While users can still run XP after Tuesday, Microsoft says it will no longer provide security updates, issue fixes to non-security related problems or offer online technical content updates. The company is discontinuing XP to focus on maintaining its newer operating systems, the core programs that run personal computers.

The Redmond, Wash.-based company says it will provide anti-malware-related updates through July 14, 2015, but warns that the tweaks could be of limited help on an outdated operating system.

Most industry experts say they recognize that the time for Microsoft to end support for such a dated system has come, but the move poses both security and operational risks for the remaining users. In addition to home computers, XP is used to run everything from water treatment facilities and power plants to small businesses like doctor’s offices.

Thomas says XP appealed to a wide variety of people and businesses that saw it as a reliable workhorse and many chose to stick with it instead of upgrading to Windows Vista, Windows 7 or 8.

Thomas notes that companies generally resist change because they don’t like risk. As a result, businesses most likely to still be using XP include banks and financial services companies, along with health care providers. He also pointed to schools from the university level down, saying that they often don’t have enough money to fund equipment upgrades.

Marcin Kleczynski, CEO of Malwarebytes, says that without patches to fix bugs in the software XP PCs will be prone to freezing up and crashing, while the absence of updated security related protections make the computers susceptible to hackers.

He added that future security patches released for Microsoft’s newer systems will serve as a way for hackers to reverse engineer ways to breach now-unprotected Windows XP computers.

“It’s going to be interesting to say the least,” he says. “There are plenty of black hats out there that are looking for the first vulnerability and will be looking at Windows 7 and 8 to find those vulnerabilities. And if you’re able to find a vulnerability in XP, it’s pretty much a silver key.”

Those weaknesses can affect businesses both large and small.

Mark Bernardo, general manager of automation software at General Electric Co.’s Intelligent Platforms division, says moving to a new operating system can be extremely complicated and expensive for industrial companies. Bernardo, whose GE division offers advisory services for upgrading from XP, says many of the unit’s customers fall into the fields of water and waste water, along with oil and gas.

“Even if their sole network is completely sealed off from attack, there are still operational issues to deal with,” he says.

Meanwhile, many small businesses are put off by the hefty cost of upgrading or just aren’t focused on their IT needs. Although a consumer can buy an entry-level PC for a few hundred dollars, a computer powerful enough for business use may run $1,000 or more after adding the necessary software.

Barry Maher, a salesperson trainer and motivational speaker based in Corona, Calif., says his IT consultant warned him about the end of XP support last year. But he was so busy with other things that he didn’t start actively looking for a new computer until a few weeks ago.

“This probably hasn’t been as high a priority as it should have been,” he says.

He got his current PC just before Microsoft released Vista in 2007. He never bought another PC because, “As long as the machine is doing what I want it to do, and running the software I need to run, I would never change it.”

Mark McCreary, a Philadelphia-based attorney with the firm Fox Rothschild LLP, says small businesses could be among the most effected by the end of support, because they don’t have the same kinds of firewalls and in-house IT departments that larger companies possess. And if they don’t upgrade and something bad happens, they could face lawsuits from customers.

But he says he doesn’t expect the wide-spread malware attacks and disasters that others are predicting — at least for a while.

“It’s not that you blow it off and wait another seven years, but it’s not like everything is going to explode on April 8 either,” he says.

McCreary points to Microsoft’s plans to keep providing malware-related updates for well over a year, adding that he doubts hackers are actually saving up their malware attacks for the day support ends.

But Sam Glines, CEO of Norse, a threat-detection firm with major offices in St. Louis and Silicon Valley, disagrees. He believes hackers have been watching potential targets for some time now.

“There’s a gearing up on the part of the dark side to take advantage of this end of support,” Glines says.

He worries most about doctors like his father and others the health care industry, who may be very smart people, but just aren’t focused on technology. He notes that health care-related information is 10 to 20 times more valuable on the black market than financial information, because it can be used to create fraudulent medical claims and illegally obtain prescription drugs, making doctor’s offices tempting targets.

Meanwhile, without updates from Microsoft, regular people who currently use XP at home need to be extra careful.

Mike Eldridge, 39, of Spring Lake, Mich., says that since his computer is currently on its last legs, he’s going to cross his fingers and hope for the best until it finally dies.

“I am worried about security threats, but I’d rather have my identity stolen than put up with Windows 8,” he says.

© Copyright 2014 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

SAN FRANCISCO (CBS/AP) — More than a half-million computers in over 100 countries were infected by sophisticated malware that lets cybercriminals remotely hijack a computer and its webcam, authorities said as charges were announced Monday against nearly 100 people worldwide.

Authorities said 97 people suspected of using or distributing the malicious software called BlackShades have been arrested in 16 countries, including the software’s owner, a 24-year-old Swedish man.

“This case is a strong reminder that no one is safe while using the Internet,” said Koen Hermans, a Netherlands official in Eurojust, the European Union’s criminal investigation coordination unit. “It should serve as a warning and deterrent to those involved in the manufacture and use of this software.”

U.S. Attorney Preet Bharara called BlackShades a “frightening form of cybercrime,” saying a cybercriminal could buy a $40 malicious program whose capabilities were “sophisticated and its invasiveness breathtaking.” FBI Agent Leo Taddeo said people suspecting they are BlackShades victims should visit FBI.gov to learn how to check computers.

Authorities said the BlackShades Remote Access Tool or “RAT” has been sold since 2010 to several thousand users, generating sales of more than $350,000. The agency said one of the program’s co-creators is cooperating and had provided extensive information.

BlackShades owner, Alex Yucel, arrested in Moldova last November, is facing extradition to the United States. Michael Hogue, 23, of Maricopa, Arizona—the program’s co-creator—had pleaded guilty in New York after his June 2012 arrest and is cooperating, Bharara said.

The malware lets hackers steal personal information, intercept keystrokes and hijack webcams to secretly record computer users. BlackShades also can be used to encrypt and lock computer data files, forcing people to pay a ransom to regain access.

The hacking tool’s low cost has boosted its popularity across the hacker underground, where variants have long circulated online.

Last year, security firm Symantec said use of BlackShades was rising, with program licenses costing $40 to $100.

French officials said raids last week followed the FBI’s arrest of two BlackShades developers and its distribution of a list of the malware’s customers.

Law enforcement coordination agencies Europol and Eurojust, based in The Hague, Netherlands, said Monday that police in 13 European countries—Austria, Belgium, Britain, Croatia, Denmark, Estonia, Finland, France, Germany, Italy, Moldova, the Netherlands and Switzerland—as well as in the United States, Canada and Chile raided 359 properties and seized cash, firearms, drugs and more than 1,000 data storage devices.

In Paris, the state prosecutor’s office said more than two dozen people were arrested during May 13 raids. It said those arrested were identified by the FBI as French “citizens who had acquired or used this software.”

In a previous BlackShades-related investigation, Dutch police this year arrested an 18-year-old man for using the malware to take pictures of women and girls within view of webcams on about 2,000 computers.

A Southern California man who was sentenced in March to prison for hacking the computers of a future Miss Teen USA and other young women was not part of the case. Authorities say that he had BlackShades on his computer, but that it wasn’t clear whether he used it or another program.

© Copyright 2014 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

PALO ALTO (CBS/AP) – Palo Alto Networks has discovered a new form of malware that may have affected hundreds of thousands of Apple mobile device users, largely in China.

The cybersecurity provider has named the malware WireLurker and said it monitors devices connected by a USB cable to an infected computer and installs malicious applications onto the device. The malware steals a variety of information from mobile devices, but the goal of its creator isn’t clear yet.

Palo Alto Networks said that while the malware allows an attacker to collect “significant amounts of information from a large number of Chinese iOS and Mac OS systems,” none of it points to a particular motive.

The malware is “unlike anything we’ve ever seen” in terms of malware targeting Apple’s iOS and OS X systems, said Ryan Olson, a Palo Alto Networks intelligence director.

“The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms,” Olson said in a statement from the company.

Palo Alto Networks said late Wednesday that the malware is spreading through applications downloaded from Maiyadi App Store, a third-party Mac applications store in China. A total of 467 infected applications were downloaded more than 356,000 times over the past six months.

An Apple spokesman said the company is aware of the malicious software, and it has blocked the apps to prevent them from launching.

“As always, we recommend that users download and install software from trusted sources,” the spokesman said in an email.

Shares of Apple Inc. fell 45 cents to $108.41 in morning trading Thursday, while Palo Alto Networks Inc. jumped 2 percent, or $2.06, to $104.58.

© Copyright 2014 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

SAN FRANCISCO (AP) — Staples Inc. says nearly 1.2 million customer payment cards may have been exposed during a security breach earlier this year.

The office supply retailer said in October that it was looking into a potential credit card breach, adding to a long list of retailers recently hit by cyberattacks.

Staples said Friday that an investigation shows that the criminals used malware that may have allowed access to information for transactions at 115 of its U.S. stores. That includes cardholder names, payment card numbers, expiration dates and card verification codes.

The Framingham, Massachusetts-based company is offering free identity protection services, including credit monitoring, to customers who might be at risk.

The security breach affected different stores at different times between July and September.

NEW YORK (AP) — The next phishing email you get could be from your boss. Especially if you work for Twitter.

With high-profile security breaches on the rise, from Sony Pictures to Anthem, companies are on the defensive. And they want to make sure their employees are not a hack waiting to happen.

Data show phishing emails are more and more common as entry points for hackers. Unwittingly clicking on a link in a scam email could unleash malware into a network or provide other access to cyberthieves.

So a growing number of companies, including Twitter Inc., are giving their workers a pop quiz, testing security savvy by sending spoof phishing emails to see who bites.

“New employees fall for it all the time,” said Josh Aberant, postmaster at Twitter, during a data privacy town hall meeting recently in New York City.

Falling for the fake scam offers a teachable moment that businesses hope will ensure employees won’t succumb to a real threat. It’s even a niche industry: companies like Wombat Security and PhishMe offer the service for a fee.

Phishing is very effective, according to Verizon’s 2014 data breach investigations report, one of the most comprehensive in the industry. Eighteen percent of users will visit a link in a phishing email which could compromise their data, the report found.

Not only is phishing on the rise, the phish are getting smarter. Criminals are “getting clever about social engineering,” said Patrick Peterson, CEO of email security company Agari. As more people wise up to age-old PayPal and bank scams, for example, phishing emails are evolving. You might see a Walgreens gift card offer or a notice about President Barack Obama warning you about Ebola.

SAN FRANCISCO (CBS/AP) — Get ready to see more red warning signs online as Google adds ammunition to its technological artillery for targeting devious schemes lurking on websites.

The latest weapon is aimed at websites riddled with “unwanted software” — a term that Google uses to describe secretly installed programs that can change a browser’s settings without a user’s permission. Those revisions can unleash a siege of aggravating ads or redirect a browser’s users to search engines or other sites that they didn’t intend to visit.

Google had already deployed the warning system to alert users of its Chrome browser that they were about to enter a site distributing unwanted software. The Mountain View, California, company just recently began to feed the security information into a broader “safe browsing” application that also works in Apple’s Safari and Mozilla’s Firefox browsers.

All told, the safe browsing application protects about 1.1 billion browser users, according to a Thursday blog post that Google Inc. timed to coincide with the 26th anniversary of the date when Tim Berners-Lee is widely credited for inventing the World Wide Web.

Microsoft’s Internet Explorer doesn’t tap into Google’s free safe browsing application. Instead, Explorer depends on a similar warning system, the SmartScreen Filter.

Google’s alerts about unwanted software build upon the warnings that the safe browsing system has already been delivering for years about sites infected with malware, programs carrying viruses and other sinister coding, and phishing sites that try to dupe people into sharing passwords or credit card information.

Whenever a potential threat is detected by the safe browsing system, it displays a red warning sign advising a user to stay away. Google also is demoting the nettlesome sites in the rankings of its dominant Internet search engine so people are less likely to come across them in the first place. Google disclosed Thursday that the safe browsing application has been generating about 5 million warnings a day, a number likely to rise now that unwanted software is now part of the detection system.

As it is, Google says it discovers more than 50,000 malware-infected sites and more than 90,000 phishing sites per month.

The safe browsing application had gotten so effective at flagging malware and phishing that shysters are increasingly creating unwanted software in an attempt to hoodwink people, said Stephan Somogyi, Google’s product manager of safe browsing.

“The folks trying to make a buck off people are having to come up with new stuff and that puts us in a position where we have to innovate to keep pace with these guys,” Somogyi said in an interview. “You are now going to see a crescendo in our enforcement on sites that meet our standard of having unwanted software.”

© Copyright 2015 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

SAN FRANCISCO (CBS SF) — A recent report from a team of U.S. cybersecurity experts says 2016 will be the year ransomware holds America hostage.

That’s a scary prediction. Ransomware has been around for decades, and whether this is fact or hyperbole, there has definitely been a recent spike in attacks. And it’s not just data at big companies being taken hostage. Individuals are getting hit more and more. Hackers usually demand about $500 or less, but ransoms can go much higher, even into the thousands of dollars, in some cases. Last year the FBI estimated ransonware hackers extorted more than $24 million — and got away with it.

Basically, there are two types of ransomware: Locker ransomware locks your computer but leaves the files intact; Crypto ransomware encrypts data and filesystems on your computer making them impossible to access, although you can still use the computer.

Arm yourself with knowledge. Learn to spot ransomware and protect your computer before you become a victim. Here are a few tips to help keep you from getting taken hostage.
 

2. Resist clicking on ads. Even on trusted sites, adware may be infected with malicious software. Understand that certain heavily trafficked websites are more prone to malicious adware – porn, horoscopes, celebrity gossip sites and the like are often teeming with malicious spyware masquerading as ads that will infect your computer.

(Thinkstock)

(Wikimedia Commons)

ALSO READ: 2016 WILL BE THE YEAR RANSOMWARE HOLDS AMERICA HOSTAGE, ICIT

CBSSF.com writer, producer Jan Mabry is also executive producer and host of The Bronze Report. She lives in Northern California. Follow her on Twitter @janmabr.

SAUSALITO (CBS SF) — A Florida man was arrested Saturday in connection with a computer scam in which he allegedly stole over $100,000 from a Sausalito resident since last year, police said.

According to police, a 64-year-old woman reported that in 2015 her computer got a virus after downloading a free Windows 10 upgrade.

The woman told police shortly after the download her computer started to improperly function, and several ads for a virus repair began to pop up with recommended “computer repair companies”.

Police said the woman paid one of the companies to attempt to repair her computer but instead her bank accounts were accessed unlawfully, and cash was moved from her retirement account to her checking account.

The company alleged the woman had overpaid them and demanded the money be paid back via a cashiers check made out to Robert Ratkovcic.

Police said Ratkovcic, 49, traveled from Orlando to Sausalito on two occasions during June and July to receive the checks from the woman’s home.

On Wednesday, police learned that an individual from the computer repair company contacted the woman stating they needed an additional cashier’s check and that Ratkovcic would be traveling again to retrieve it.

Investigators set up an undercover surveillance operation and arrested Ratkovcic once he arrived at the victim’s home, according to police.

He was booked into the Marin County Jail on suspicion of theft by false pretenses, grand theft, and conspiracy, police said.

In total the woman had nearly $120,000 stolen from her, according to police.

© Copyright 2016 by CBS San Francisco and Bay City News Service. All rights reserved. This material may not be published, broadcast, rewritten or redistributed

SAN FRANCISCO (KPIX 5) — What your kids do on their gadgets  when they’re out of the house can have an effect on your devices at home.

As kids head back to school, a majority of parents surveyed say their kids will spend more time on devices this year, and AVG Security warns, kids are far more likely to jump on public WiFi networks and take other security risk.

“For this generation of children, the internet is like breathing, but they should be cautious,” Tony Anscombe of AVG said.

Anscombe points out that kids are often quick to jump on any WiFi network they can find to help save their precious data which is often limited on family plans.  However, he warns that hackers can eaisly access whatever kids are doing on public WiFi. They may be unknowingly providing valuable information to potential ID thieves or other predators.

“Think about the info our kids are sharing,” he pointed out.  “They’re on social media, email, and suddenly on public WiFi somebody is sitting there sniffing that.”

Anscombe explains that hackers can also download malware onto your kids device via un-encrypted networks. Once the malware is on a kid’s device, it can follow them home, and infect their parents devices when kids plug into a home computer or network.

“That malware could replicate onto other devices in the home,” Anscombe said.

So, how do you protect your kids when they’re out, and your own devices when they come home?

• First, Tony recommends anti-virus software on every device to protect the family from malware.
• Next, education is key. Make sure kids know not to click on email or text links, and warn them about the risks associated with public WiFi.

While AVG sells anti-virus software, security experts commonly recommend anti-virus protection on your devices.

You may also consider a VPN – virtual private network – which will encrypt the data on public networks. VPN’s are often recommended for people who use public WiFi on planes or in hotels.

However, while adding a VPN to your child’s device may help hide their activity from bad guys, AVG warns that a VPN can also prevent parents from motoring  their kid’s online activity.

LOS ANGELES (CBS SF/AP) – Amy Schumer is the most dangerous celebrity on the internet — and not just because of her no-holds-barred personality.

Intel Security announced Wednesday that the actress-comedian topped its 10th annual list of the most dangerous celebrities online. A search for the “Trainwreck” and “Inside Amy Schumer” star carries over a 16 percent chance of connecting with a site that carries viruses or malware.

Schumer was followed on Intel’s list by Justin Bieber, Carson Daly, Will Smith, Rihanna and Miley Cyrus.

Schumer wasn’t the only funny person to make the cut. Other comedians included Chris Hardwick (No. 7), Daniel Tosh (No. 8), Nikki Glaser (No. 15), Kevin Hart (No. 25), Mindy Kaling (No. 30) and Kristen Wig (No. 52).

Intel used its own site ratings to compile the celebrity list.

TM and © Copyright 2016 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2016 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten. The Associated Press contributed to this report.

PARIS (CBS / AP) — European police agency Europol says the threat from ransomware has now eclipsed other forms of online theft, a sign of how quickly the computer-scrambling software has found favor in the electronic underworld.

Ransomware typically works by taking computers hostage, encrypting the files on victims’ hard drives until they cough up the money demanded to unscramble the data. Criminals often demand payment in the electronic currency Bitcoin.

Hospitals, government agencies and even police forces the world over have fallen victim to the scam, which is usually spread through booby trapped links or attachments. More recently, researchers are warning of a new, self-propagating strain of ransomware that can spread without human interaction.

In a report released Wednesday, Europol said ransomware was “overshadowing traditional malware threats.”

© Copyright 2016 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

WASHINGTON (AP) — U.S. authorities announced Monday they are working to dismantle a global computer network that sent hundreds of millions of spam emails worldwide each year. The Russian man alleged to be at the head of the scheme was arrested Friday in Spain.

The U.S. Justice Department said it was working to take down the sprawling Kelihos botnet, which at times was made up of more than 100,000 compromised computers that sent phony emails advertising counterfeit drugs and work-at-home scams, harvested users’ logins and installed malware that intercepted their bank account passwords.

Controlling the vast network since 2010 was Pyotr Levashov, a 36-year-old described in U.S. court documents made public Monday as “one of the world’s most notorious criminal spammers.”

Levashov’s arrest in Barcelona on Friday, following a joint U.S.-Spanish operation, set cybersecurity circles abuzz after his wife told Russia’s RT broadcaster that he was being linked to America’s 2016 election hacking. Justice Department officials said Monday there was no such connection but declined to elaborate. Details of a pending criminal case against Levashov in the United States remain sealed.

Authorities and cybercrime watchers say Levashov also went by the name Peter Severa, who had long been mentioned in relation to the Kelihos botnet. Court documents filed Monday paint Levashov as a longtime spam kingpin who has been indicted more than once stemming from his sending of unwanted emails to promote various scams. In 2009, he was charged in the U.S. with operating the “Storm” botnet that was Kelihos’ predecessor, the documents say.

He is a fixture on the World’s Ten Worst Spammers list, currently coming in at No. 6, according to Spamhaus, an anti-spam organization.

With the Kelihos botnet, authorities say Levashov’s cluster of infected computers targeted Microsoft Windows users and operated undetected. The malware would search files known to contain usernames and passwords and send those back to the network’s mastermind, and would intercept real-time communications.

Authorities said they were able to derail the botnet in part because an infected computer secretly sends requests for further instructions back to the network’s operator. The FBI said it essentially rerouted those requests to an FBI-controlled substitute server and blocked the botnet’s efforts to regain control of the infected computers.

Investigators were able to disrupt the network because of new changes to federal rules that allow a judge to issue one warrant for computers or devices in multiple districts at once. Lawmakers late last year were concerned the rule change would make it too easy for the government to hack into computers during investigations.

The work in the Kelihos case was a “disruption technique” and not a way for investigators to search the hard drives of personal computers, a Justice Department official said Monday, speaking to reporters on condition of anonymity in order to discuss the ongoing case. The official said investigators’ efforts are showing early signs of success in disrupting the botnet.

Levashov himself couldn’t immediately be reached for comment, and officials did not say whether he had a lawyer.

Vasily Nioradze, a spokesman for the Russian Embassy in Madrid, confirmed the arrest, but wouldn’t say whether Levashov was a programmer. Nioradze wouldn’t comment on reports of a U.S. extradition order. “As it is routine in these cases, we offer consular support to our citizen,” he said.

© Copyright 2017 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

PARIS (CBS/AP) — Up-to-date Microsoft customers are safe from the purported National Security Agency spying tools dumped online, the software company said Saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet .

RELATED: Hackers Release NSA Tools, Could Compromise Millions Of PCs

In a blog post, Microsoft Corp. security manager Phillip Misner said that the software giant had already built defenses against nine of the 12 tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published NSA code. The three others affected old, unsupported products.

“Most of the exploits are already patched,” Misner said.

The post tamped down fears expressed by some researchers that the digital espionage toolkit made public by TheShadowBrokers took advantage of undisclosed vulnerabilities in Microsoft’s code. That would have been a potentially damaging development because such tools could swiftly be repurposed to strike across the company’s massive customer base.

Those fears appear to have been prompted by experts using even slightly out-of-date versions of Windows in their labs. One of Microsoft’s fixes, also called a patch, was only released last month .

“I missed the patch,” said British security architect Kevin Beaumont, jokingly adding, “I’m thinking about going to live in the woods now.”

Beaumont wasn’t alone. Matthew Hickey, of cybersecurity firm Hacker House, also ran the code against earlier versions of Windows on Friday. But he noted that many organizations put patches off, meaning “many servers will still be affected by these flaws.”

Everyone involved recommended keeping up with software updates.

“We encourage customers to ensure their computers are up-to-date,” Misner said.

© Copyright 2017 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed

SAN FRANCISCO (CBS SF) — As tens of thousands of computers in countries around the world were being attacked by hackers demanding bitcoin payment on Friday, the U.S. Federal Trade Commission and its state partners were urging internet users to take measures to protect themselves online.

The ransomware attacks that crippled computer systems in over 60 countries Friday were likely caused when people either clicked on or downloaded malicious files.

Aside from these threats, federal and state authorities warned consumers about scammers who try to gain access to people’s computers by claiming viruses or malware have been found on their computers, and that they can help get rid of them.

“We released the consumer alert regarding tech support scams this morning ahead of the news of the malware cyberattack,” California Attorney General spokeswoman Tania Mercado told CBS San Francisco Friday. “However, today’s news of the attack is a reminder of the importance of remaining vigilant about these types of scams and protecting consumers against attacks on their personal computers.”

The FTC, along with federal, state and international law enforcement partners on Friday announced “Operation Tech Trap,” a crackdown on scammers who trick consumers into believing their computers are infected with viruses and malware, and then charge them hundreds of dollars for unnecessary repairs.

Tech support scammers use convincing tactics to make the consumer believe their computer has been infected.

In the scams — and in the real cybersecurity breaches on Friday — computer users often see countdown clocks, allegedly representing the time remaining before the computer hard drive will be deleted.

While the ransomware attacks on Friday appear to be a real cybersecurity threat that will delete files from computers, by taking advantage of vulnerabilities purportedly identified by the U.S. National Security Agency, the scammers don’t actually have access to the user’s computer yet.

The scammers, according to the California Attorney General’s Office, claim there is a virus and have the user call a phone number and then try to the user to grant the scammer access to their computer. Then they demand the user pay them for repairs and anti-virus programs.

In the global cybersecurity breaches happening on Friday, the attackers appear to want payment in bitcoin and hold files on the user’s computer hostage until they receive payment.

By Hannah Albarazi – Follow her on Twitter: @hannahalbarazi.

SAN FRANCISCO (AP) — Researchers say suspected nation-state hackers infected Apple iPhones with spyware over two years in what security experts on Friday called an alarming security failure for a company whose calling card is privacy.

A mere visit to one of a small number of tainted websites could infect an iPhone with an implant capable of sending the smartphone owner’s text messages, email, photos and real-time location data to the cyberspies behind the operation.

“This is definitely the most serious iPhone hacking incident that’s ever been brought to public attention, both because of the indiscriminate targeting and the amount of data compromised by the implant,” said former U.S. government hacker Jake Williams, the president of Rendition Security.

Announced late Thursday by Google researchers, the last of the vulnerabilities were quietly fixed by Apple by February but only after thousands of iPhone users were believed exposed over more than two years.

The researchers did not identify the websites used to seed the spyware or their location. They also did not say who was behind the cyberespionage or what population was targeted, but experts said the operation had the hallmarks of a nation-state effort.

Williams said the spyware implant wasn’t written to transmit stolen data securely, indicating the hackers were not concerned about getting caught. That suggests an authoritarian state was behind it. He speculated that it was likely used to target political dissidents.

Sensitive data accessed by the spyware included WhatsApp, iMessage and Telegram text messages, Gmail, photos, contacts and real-time location — essentially all the databases on the victim’s phone. While the messaging applications may encrypt data in transit, it is readable at rest on iPhones.

Google researcher Ian Beer said in a blog posted late Thursday that the discovery should dispel any notion that it costs a million dollars to successfully hack an iPhone. That’s a reference to the case of a United Arab Emirates dissident whose iPhone was infected in 2016 with so-called zero-day exploits, which have been known to fetch such high prices.

“Zero day” refers to the fact that such exploits are unknown to the developers of the affected software, and thus they have had no time to develop patches to fix it.

The discovery, involving 14 such vulnerabilities, was made by Google researchers at Project Zero, which hunts the security flaws in software and microprocessor firmware, independent of their manufacturer, that criminals, state-sponsored hackers and intelligence agencies use.

“This should serve as a wake-up call to folks,” said Will Strafach, a mobile security expert with Sudo Security. “Anyone on any platform could potentially get infected with malware.”

Beer said his team estimated that the infected websites used in the “indiscriminate watering hole attacks” receive thousands of visitors per week. He said the team collected five separate chains of exploits covering Apple’s iOS system as far back as version 10, released in 2016.

Apple did not respond to requests for comment on why it did not detect the vulnerabilities on its own and if it can assure users that such a general attack could not happen again. Privacy assurance is central to the Apple brand.

Neither Google nor Beer responded to questions about the attackers or the targets, though Beer provided a hint in his blog post: “To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group.”

Security manager Matt Lourens at Check Point Software Technologies called the development an alarming game-changer. He said that while iPhone owners previously compromised by zero days were high-value targets, a more widespread seeding of spyware at a lower cost per infection has now been shown possible.

“This should absolutely reshape the way corporations view the use of mobile devices for corporate applications, and the security risk it introduces to the individual and/or organization,” Lourens said in an email.

In his blog post, the Google researcher Beer warned that absolute digital security can’t be guaranteed.

Smartphone users must ultimately “be conscious of the fact that mass exploitation still exists and behave accordingly;” he wrote, “treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”

© Copyright 2019 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

SAN FRANCISCO (CBS SF) — Hackers who attacked computer servers at the University of California at San Francisco School of Medicine were paid a ransom of more than $1 million so researchers could regain access to data that had been maliciously encrypted by malware, according to university officials.

The school’s Information Technology staff detected a security incident on June 1 and the affected areas, described as “a limited number of servers in the School of Medicine,” were isolated from the UCSF core network.

The attack left the servers inaccessible and malware uploaded during the breach encrypted data on the affected servers that was used by the attackers as proof of what had been perpetrated.

“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” the university said in a news release. “We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”

Officials emphasized that the attack did not affect patient care, its novel coronavirus work or the overall campus network.

The university said it is working with a cyber-security consultant and other outside experts to investigate the attack and bolster system defenses.

The tainted servers are expected to be restored in the near future.

“This incident reflects the growing use of malware by cyber-criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education,” the university said. “We continue to cooperate with law enforcement, and we appreciate everyone’s understanding that we are limited in what we can share while we continue with our investigation.”

© Copyright 2020 CBS Broadcasting Inc. and Bay City News. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed

CUPERTINO (CBS / CNN) — Nearly 30,000 Macs worldwide have been infected with mysterious malware, according to researchers at security firm Red Canary.

The issue was somewhat confounding to Red Canary researchers, who said it’s not clear what the malware’s goal is. In a blog post, the firm said it did not observe the malware delivering “malicious payloads” — essentially, harmful actions against a device.

The malware, which the company calls Silver Sparrow, does not “exhibit the behaviors that we’ve come to expect from the usual adware that so often targets macOS systems,” Tony Lambert, an intelligence analyst at Red Canary wrote.

Silver Sparrow includes a self-destruct mechanism that appears to have not been used, researchers said, adding that it’s unclear what would trigger that function. They are also uncertain of how the malware got onto infected computers, though they believe it may have been through malicious search results.

The researchers found that Silver Sparrow contains code that runs natively on Apple’s in-house M1 chip that was released in November, making only the second known malware to do so. However, this doesn’t necessarily raise red flags about the chip.

“New technology is going to be adopted by everybody — good guys, bad guys, everybody in between — it’s definitely something that’s going to happen,” Red Canary Intelligence Expert Tony Lambert said.

Though it’s unclear what the intent of the malware is, Red Canary said it decided to report the findings because its “forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat,” researchers wrote.

Researchers believe Silver Sparrow emerged and began infecting devices sometime last year.

Silver Sparrow infected 29,139 Macs in 153 countries as of February 17, with higher concentrations reported in the United States, United Kingdom, Canada, France and Germany, according to data from Malwarebytes, a website that blocks ransomware attacks. While that number seems large, it’s a small fraction of the millions of Macs in use around the world, though it’s possible there are infected devices not identified by researchers.

Apple, headquartered in Cupertino, revoked the developer certificates used by the malware, a company spokesperson said, which will prevent any future infections. Revoking the developer certificates also creates barriers for any existing malware infections to be able to take additional actions.

Red Canary detailed some “indicators of compromise” in its blog post. For the average consumer, Lambert said he recommends simply using a reputable anti-virus or anti-malware program as a backstop to the existing protections that Apple builds into the MacOS operating system, which are known for being strong.

© Copyright 2021 CNN. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

RENO, Nev. (CBS / AP) — A Russian man was sentenced Monday to what amounted to time already served and will be deported after pleading guilty to trying to pay a Tesla employee $500,000 to install computer malware at the company’s Nevada electric battery plant in a bid to steal company secrets for ransom.

Egor Igorevich Kriuchkov, appearing by videoconference from jail, apologized after U.S. District Judge Miranda Du in Reno acknowledged the attempted hack was not successful and the company network was not compromised.

“I’m sorry for my decision. I regret it,” the 27-year-old Kriuchkov said through a Russian-language court interpreter.

Chris Frey, his court-appointed attorney, said Kriuchkov speaks fluent English, but the judge provided the interpreter anyway.

Kriuchkov said the nine months he has been in U.S. custody made him reflect on the pain he caused his family in Russia and the damage caused to his reputation. Several family members sent email messages to the judge seeking leniency.

“I understand it was a bad decision,” said Kriuchkov said, who could have faced up to five years in prison and a $250,000 fine.

The judge, who agreed not to use the company name in court, went along with a plea agreement reached between prosecutors and Kriuchkov.

He was sentenced to 10 months in custody for his guilty plea in March to conspiracy to intentionally cause damage to a protected computer; to pay about $14,825 in restitution for company time investigating the attempted intrusion and turning the case over to the FBI; and three years of federal supervision if he remains in the U.S. or returns from abroad. He will remain in custody until he leaves the country.

Tesla CEO Elon Musk acknowledged after Kruichkov’s arrest in August in Los Angeles that the company had been the target of what Musk termed a serious effort to collect company secrets. Federal authorities had said Kriuchkov was heading to an airport to fly out of the country.

Tesla, which is headquartered in the Bay Area, has a massive factory near Reno that makes batteries for electric vehicles and energy storage units. Company officials did not immediately respond Monday to messages seeking comment.

The judge put the amount Kriuchkov offered to pay the unidentified employee at $500,000. She did not address previous reports that the bribe amounted to $1 million.

Federal authorities credited the employee with reporting Kriuchkov’s overtures to company officials.

The hack was designed as a distributed denial-of-service attack, using junk data to flood the Tesla computer system, while a second intrusion would let co-conspirators extract data from the company network and demand ransom with the threat of making the information public.

Other suspected co-conspirators are identified in court document by nicknames, and references are made to at least one other failed effort to target another unidentified company.

Kriuchkov told a judge in September that he knew the Russian government was aware of his case, but prosecutors and the FBI never alleged ties to the Kremlin.

“There’s no question the offense is serious,” Du said, citing concerns about “these types of cyber-ransom offenses” in the U.S. and other countries. “Fortunately, the scheme was not successful.”

© Copyright 2021 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.