Many people think malware and viruses are things other people’s computers get who aren’t careful.

Maybe you think it’s not that big of a deal, or it isn’t too common.

You might be surprised to know just who is being hacked, and what the hackers are getting…

Facebook, Apple, and Web Hosting Companies

If you missed the news lately, high level engineers in both Facebook and Apple have had their laptops and computers infected with Malware (Both PCs and Macs). This has allowed hackers to obtain important and highly guarded information from these companies.

Hackers have figured out it’s easier to break into a laptop or desktop owned by a person than try to hack into a server or website. Once the computer is hacked, they then search for passwords, logins, etc… that gives them the keys to the castle to get the information they desire.

In addition to these high-profile companies, hundreds of servers operated by web hosting companies have had their servers “root” compromised and used to send spam and distribute malware in the past few weeks. A root compromise is the worst kind, as this means the hackers have access to everything on a server. Based on the evidence so far, this looks to be from infected PCs and Macs that the hackers used to obtain root passwords.

NOTE: We have not had any of our shared or managed dedicated servers root compromised from this latest malware attack. We take extra precautions with regards to passwords and how our computers are used when it comes to server related issues. Since we fully manage servers for our dedicated clients, root access is locked down considerably.

How’d the hackers do it?

What we’re seeing of late is hackers are putting malicious code and software into breached websites around the internet. Visiting one of these infected sites is the first step. They then take advantage of security problems in software on your computer like Flash, Java, or your web browser itself.

Most people aren’t always running the latest patched versions of software, and these websites silently compromise the computer undetected. The hackers then install keylogger software (they see every key you press), scan your computer for FTP and email passwords (even in the programs themselves like Outlook and Filezilla), and check emails for login credentials.

This data is then passed back to the hacker network, where they store it in a database and use it to further their agenda.

It’s not just big companies at risk

The examples above are great for headlines and ratings. The more common thing we’re seeing is webmasters and email users getting their computers infected with malware, and their websites being defaced, malicious code inserted into their web pages, or their email accounts being used to send phishing and spam emails directly.

If this happens to your site or account, your website will likely be blocked by Google, Bing, and virus protection systems. People won’t be able to get to your site, and they’ll see your site as a dangerous place. Emails being sent directly from your account can get the entire mail server blacklisted. It’s a pain to try and get de-listed. Not good stuff…

What can you do to protect yourself?

There are TWO things that everyone should have on their computer:

1. A virus scanner
This would be virus scanning software like Norton, McAfee, Trend Micro, Comodo, etc.. that is not only installed and running, but set to both update automatically each day, and set to automatically scan your computer each day.

2. A malware scanner
This is software that is designed to find and get rid of malware. This is meant to compliment your virus scanning software, and should *NOT* replace it.
We recommend Malwarebytes as the malware scanner to use. It’s worth purchasing the full version so it can automatically scan and run in the background.

Because the latest threats to big companies like Apple and Facebook have involved hacking in through vulnerable software such as Java and Flash, you need to insure your Java and Flash software is fully up to date.

Here’s how:

For Java, it’s easy. Just go to:
http://www.java.com/en/download/installed.jsp

and the website will tell you if the Java software on your computer is up to date. This applies to both PCs and Macs

For Flash, if you use Firefox, just go to:
(edit 4/29/13) http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html
https://www.mozilla.org/en-US/plugincheck/

and Firefox will make sure all of your plugins (including Flash) are up to date.

If you use Internet Explorer, you can go to:
http://get.adobe.com/flashplayer/

to download the latest version of Adobe Flash. Google Chrome should auto update its plugin for Flash.

…

Malware infected computers that lead to malware infected websites IS a big deal. It’s a growing problem that affects every website owner. Make sure you take the necessary steps to keep your computers safe and free from malware.

photo credit