fbpx

Bots turning your Computer into a Zombie

Hello Everyone! Carmine Corridore of Underdog Computer and Network Support! Back with another video blog. This week I will be teaching you about BOTS! Turning your computer into a Zombie! This is part 3 of my 3 part educational series on keeping safe on the internet.

Let’s get started!

BOTS! You may have heard of Bots before or this may be your first time but Bots are just as dangerous as malware and phishing if not more than because, it makes you unwillingly involved in criminal acts!

So what is a BOT? A bot is a piece of software that performs automated tasks by running scripts over the internet. It performs these simple and repetitive tasks much more quickly than a human sort of like a roBOT. I am sure this is where the term comes from. Most bots are harmless and crucial for making the internet useful like chat bots, auction bots, web crawlers or spiders. Like anything else, Bots can be “weaponized” or turned malignant and destructive when deployed by cyber criminals.

I am a history buff and I use history to see how something evolved.  You know the old saying if you don’t know your history you are doomed to repeat it. I love to look back and see how certain technology came to be and how it evolved in this case into something bad.

Some say Bots began all the way back with Greek Mythology. But we are not going that far back. Lets go to 1950’s.

In 1950, computer scientist and mathematician Alan Turing developed the Turing Test, also known as the imitation game It’s most primitive format required three players — A, B, and C.

Player A was a machine and player B was a human. Player C, also a human was the interrogator, by asking a series of questions would try to determine who the human was. However, there was a problem. At the time, databases were highly limited, and could therefore only store a certain amount of human phrases. That meant that the computer would eventually run out of answers to give Player C, eliminating the challenge and prematurely ending the test.

One of the most significant AI developments of the 1960s was the development of ELIZA — a bot, named in part for the Pygmalion character, whose purpose was to simulate a psychotherapist. Created in 1966 by MIT professor Joseph Weizenbaum, the technology was limited, to say the least, as was ELIZA’s vocabulary. AI continued advancing in the 80’s and 90’s but most of it for scientific and government focused.

In the 90’s the shift began towards the consumer market, if you remember some of the games from the 90’s Simon Says, I took a lickin from a chicken and others. Then in the late 90’s around 1996, Tamagotchi a computerized handheld pet hit the market, which required digital care to keep it alive.

As the internet became popular so did the use of bots. As I mentioned earlier you had internet bots called crawlers or spiders that went and “crawled” through a website and harvested all the links to categorize in a search directory(remember those).

So that doesn’t sound so bad, when did it go wrong? Remember I said earlier – Most bots are harmless and crucial for making the internet useful like chat bots, auction bots, web crawlers or spiders. Like anything else, Bots can be “weaponized” or turned malignant and destructive when deployed by cyber criminals. Something called the BOTNET was developed. What the heck is that? Botnets are nothing more than an army of infected computers, which grow by infecting other computers. How that happens is the reason this is part of my 3 part series. It happens through Trojan horses, infected emails, viruses, etc.. who controls them, how do they get their instructions?

So how does it work? First it starts with an infection generally called a Trojan horse. It is called a Trojan horse because it was let in by YOU! That’s right I said you. A free download from a website, Freeware installation of some software. Your reboot your computer and boom you are infected! Your antivirus usually does not pick it up because it is made to install before the av has a chance to start and is not smart enough to know it is a malicious program. Once on your computer it begins reporting to a C2C or a command to control center for instructions. That is it your computer is a zombie now reporting to a Botmaster for instructions and mindlessly infecting other computers. Most of the times you will not know it is happening it doesn’t take a super amount of resources to get done. Most of the times it is only when alerted by your ISP that a Honeypot has flagged your network.

A C2C is one way that a botnet is created a second way and most recent way is a peer to peer. So rather than each zombie communicating back to the botmaster, each computer becomes both the master and the slave, Woooo! Think Skynet! As you can imagine the Peer to Peer method is much harder to kill.

 

How to prevent! Prevention becomes 2 parts education 1 part technology and a good Technology Partner!

Underdog Computer and Network Support will educate you and your staff on good surfing habits and the warning signs. Using proven technology securing your network and making sure your computers are up to date with the latest patches. Our professionals have been doing this for 26 years. Give us a call today 570-634-5350 for a free review of your network. And….. Never Fear, We Fix I.T.

 

 

Hello Everyone! Carmine Corridore of Underdog Computer and Network Support! Back with another video blog. This week I will be teaching you about BOTS! Turning your computer into a Zombie! This is part 3 of my 3 part educational series on keeping safe on the internet.

Let’s get started!

BOTS! You may have heard of Bots before or this may be your first time but Bots are just as dangerous as malware and phishing if not more than because, it makes you unwillingly involved in criminal acts!

So what is a BOT? A bot is a piece of software that performs automated tasks by running scripts over the internet. It performs these simple and repetitive tasks much more quickly than a human sort of like a roBOT. I am sure this is where the term comes from. Most bots are harmless and crucial for making the internet useful like chat bots, auction bots, web crawlers or spiders. Like anything else, Bots can be “weaponized” or turned malignant and destructive when deployed by cyber criminals.

I am a history buff and I use history to see how something evolved.  You know the old saying if you don’t know your history you are doomed to repeat it. I love to look back and see how certain technology came to be and how it evolved in this case into something bad.

Some say Bots began all the way back with Greek Mythology. But we are not going that far back. Lets go to 1950’s.

In 1950, computer scientist and mathematician Alan Turing developed the Turing Test, also known as the imitation game It’s most primitive format required three players — A, B, and C.

Player A was a machine and player B was a human. Player C, also a human was the interrogator, by asking a series of questions would try to determine who the human was. However, there was a problem. At the time, databases were highly limited, and could therefore only store a certain amount of human phrases. That meant that the computer would eventually run out of answers to give Player C, eliminating the challenge and prematurely ending the test.

One of the most significant AI developments of the 1960s was the development of ELIZA — a bot, named in part for the Pygmalion character, whose purpose was to simulate a psychotherapist. Created in 1966 by MIT professor Joseph Weizenbaum, the technology was limited, to say the least, as was ELIZA’s vocabulary. AI continued advancing in the 80’s and 90’s but most of it for scientific and government focused.

In the 90’s the shift began towards the consumer market, if you remember some of the games from the 90’s Simon Says, I took a lickin from a chicken and others. Then in the late 90’s around 1996, Tamagotchi a computerized handheld pet hit the market, which required digital care to keep it alive.

As the internet became popular so did the use of bots. As I mentioned earlier you had internet bots called crawlers or spiders that went and “crawled” through a website and harvested all the links to categorize in a search directory(remember those).

So that doesn’t sound so bad, when did it go wrong? Remember I said earlier – Most bots are harmless and crucial for making the internet useful like chat bots, auction bots, web crawlers or spiders. Like anything else, Bots can be “weaponized” or turned malignant and destructive when deployed by cyber criminals. Something called the BOTNET was developed. What the heck is that? Botnets are nothing more than an army of infected computers, which grow by infecting other computers. How that happens is the reason this is part of my 3 part series. It happens through Trojan horses, infected emails, viruses, etc.. who controls them, how do they get their instructions?

So how does it work? First it starts with an infection generally called a Trojan horse. It is called a Trojan horse because it was let in by YOU! That’s right I said you. A free download from a website, Freeware installation of some software. Your reboot your computer and boom you are infected! Your antivirus usually does not pick it up because it is made to install before the av has a chance to start and is not smart enough to know it is a malicious program. Once on your computer it begins reporting to a C2C or a command to control center for instructions. That is it your computer is a zombie now reporting to a Botmaster for instructions and mindlessly infecting other computers. Most of the times you will not know it is happening it doesn’t take a super amount of resources to get done. Most of the times it is only when alerted by your ISP that a Honeypot has flagged your network.

A C2C is one way that a botnet is created a second way and most recent way is a peer to peer. So rather than each zombie communicating back to the botmaster, each computer becomes both the master and the slave, Woooo! Think Skynet! As you can imagine the Peer to Peer method is much harder to kill.

 

How to prevent! Prevention becomes 2 parts education 1 part technology and a good Technology Partner!

Underdog Computer and Network Support will educate you and your staff on good surfing habits and the warning signs. Using proven technology securing your network and making sure your computers are up to date with the latest patches. Our professionals have been doing this for 26 years. Give us a call today 570-634-5350 for a free review of your network. And….. Never Fear, We Fix I.T.

 

 

 

Viruses or Malware, What is the Difference?

There has been a Computer Virus Outbreak! Hello I’m Carmine Corridore of Underdog Computer and Network Support here to talk to you about Viruses or Malware, what is the Difference?

 Let’s get started. Malware, Spyware, Viruses, hijackers, junkware, Trojans and Worms What are the difference between these classifications? Well believe it or not malware and viruses are not different things but instead viruses, spyware, Trojans, worms, hijackers and spyware are all different types of Malware. Malware is a broad term of software that is used cause malicious harm to a computer. Viruses is a type of malicious software that is meant to replicate and spread like an actual human virus. Because viruses are more popular especially early on in the computer age. Companies concentrated and coming up with “Antivirus” software it wasn’t until recently that other types of malware has shown up and viruses are now a minority.

So let start with a little history, when was the first computer virus? Computer viruses date back all the way to 1949 when John von Neumann, who is known to be the “Father of Cybernetics”, wrote an article on the “Theory of Self-Reproducing Automata” that was published in 1966.

Later in 1971 Bob Thomas developed an experimental self-replicating program. It accessed through ARPANET (The Advanced Research Projects Agency Network) and copied to a remote host system with TENEX operating system. A message displayed that “I’m the creeper, catch me if you can!”. Later the first antivirus called the “REAPER” was created to seek out and delete the creeper.

In 1974 Wabbit was an infectious program developed to make multiple copies of itself on a computer clogging the system reducing the performance of the computer. In 1981, A program called the “Elk Cloner” was developed by Richard Skrenta for the Apple II Systems. This was created to infect Apple DOS 3.3. These programs started to spread through files and folders that are transferred to other computers by floppy disk.

In 1983 Virus was first coined by Frederick Cohen for the computer programs that are infectious as it has the tendency to replicate. But it really wasn’t until mid to late 80’s the first antivirus program was made.

So now that we know Viruses are just a type of Malware. The question becomes what should you use antivirus or antimalware? Do they really work? Who do I trust?

Like the Reaper from 1971 it specifically was designed to detect the creeper and eliminate it. IF there was a different type of malware back then it wouldn’t have been able to find and remove it only the one it was targeted to eliminate. That is similar to how vaccines are made that fight human viruses. So antivirus programs contain many signatures or vaccines of known viruses. The traditional antivirus programs used signature based detection. It is hard to remember the world before the internet but early on the big names of the time all subscribed to a bbs mailing list where they tracked and detected new malware. They essentially would reverse engineer the virus and come up with a way to stop them.

Many “ANTI” programs detect all kinds of malware. They now deploy different scanning techniques in addition to signature based. There is heuristic which detects variants of malware, behavioral base detection which looks at the behavior of a program and it if acts like a virus it will isolate the program.

There are a lot of antivirus/antimalware and they are not all the same, some do a better job than others. None claim to be 100%. Over the years I have seen my fair share of antivirus applications and when I was starting Underdog I wanted to make sure the antimalware application we deploy can be trusted and is reliable. After careful consideration, we decided to offer Webroot Secure Anywhere Cloud Antivirus. Webroot uses Machine learning to detect malware. Machine learning is the next level of detection and Webroot has been doing it longer than most. If you remember me saying signature based detection requires a human to get a malware, dissect it and then come up with an “antibody”. Machine learning removes the human from the equation thus making it faster and more precise to create “antibodies”.  To keep your computer safe and your company safe you need to have a antimalware program that deploys machine learning like our Cloud Based Solution using Webroot. Cybersecurity is more important today and will be in the next decade. Call me today 570-634-5350. Stay tune for Part 3 BOTS turning your computer into a Zombie! Underdog Computer and Network Support. Never Fear, We Fix I.T. here!

Learn What Phishing is and
How to avoid being Scammed

Part 1 of a 3 part Series on How to keep your Computer Safe

Hello Everyone! Carmine Corridore of Underdog Computer and Network Support! Back with another video blog. This week I will be teaching you about PHISHING! This is part 1 of my 3 part educational series on keeping safe on the internet.

Let’s get started!

Oh you thought I meant actual fishing, well close! Lets start with what is Phishing, as the homonym implies it is a way for a hacker to “Fish” for information using social engineering and human behavior to get information about you that allows the hacker to gain access to something. Most of the Times it is bank account information, passwords, credit card information, etc..

So how does it work, how do they fool you so easily? Don’t feel bad about phishing, 76% of organizations say they were effected by some kind of phishing scam in 2017 and that number is rising. That is why it is important for you to be aware of how to recognize phishing and how to avoid it.

A Phishing attach can occur in different formats, the earliest of the phishing scams were those emails coming from the famous Nigerian Prince. There were several of them but the concept was always the same, it included a large sum of money he had but for some reason needed your help to transfer funds into your bank account, so all he needed was your banking information. Straightforward right?

That wasn’t too sophisticated but it was early on in the age of the internet so it was easier to fool people. People became wise, so hackers changed up their play. Now Phishing comes in all different types of emails. There is my favorite you get an email from your boss or supervisor they need you to run to the store for them and pick up hundreds of dollars of Itunes gift cards for some reason and then when you get back email the card numbers. But don’t bother confirming this in person with me because I am in a meeting. For this type of phishing scam. Its vague enough because it probably has your boss or supervisors email address or name, and it lends to credibility because they probably are in a meeting. Once you email those gift card numbers that’s it your money is gone.

Then there are the straight up emails from trusted sources like Amazon, Apple, UPS, Microsoft, Google, Fed Ex and my favorite IRS.

They will use the very accessible and famous logos of the company they are trying to impersonate, make it sound as official as possible with just enough social engineering to convince you. Either there is an attached document or in most cases a link that takes you to a website in an attempt to further harm your computer. Some will ask you for credit card or banking information.

Ok, so what do you do? Well it takes some careful habits and common sense. Don’t just respond to the email or click links or open attachments and good god don’t go out and buy those gift cards! Then think about it did you send out a package recently that fedex or ups is contacting you? Do you have a Microsoft or Google account? The IRS and I repeat the IRS will never email you. Second look closely at the email, something will be off about it. Look at the return email address is it the same domain as where it is coming from. For instance is it from Microsoft.com or IRS.gov or ups.com, chances are it is some random generated email account name. Hover your mouse over the name it will reveal the full email address. You can also click reply, which usually will reveal the name. If there is a hyperlink it wants you to click on, again hover your mouse over it and you will see where it wants you to go. Does it make sense is it the companies domain or again some random domain address. Last but not least if you get an email with some kind of attachment be it from someone you know or a trusted company. Ask yourself if you are expecting it. If you are not sure and that person is reachable by phone. Call them or sometimes I will send a fresh email to that person asking them if they meant to send the questionable email.

When in doubt, ask your I.T. professional. Here at Underdog we have trained our customers on these techniques and when in doubt they will reach out to me when they have a questionable email and I will instruct them on what is best to do and sometimes I will reach out to the source myself to follow up. At Underdog Computer and Network Support we believe an educated customer is our strongest ally in combating viruses and malware and keeping everyone safe. If your I.T. provider isn’t doing this for you give us a call.

Underdog Computer and Network Support! Never Fear, We Fix I.T. here! And come back next week for part 2 Viruses and Malware

Managed I.T. Services, what is it good for? Is it a scam?

Hello everyone – Carmine Corridore of Underdog Computer and Network Support, here again with another Video Blog.  This time we are discussing Managed Services, What it is and what it isn’t!

 

So let’s dive in! The term Managed Services is one of those overused techie terms and trends that most I.T. companies are pushing these days. Before I dive into that, let me explain what I.T. is for those that don’t know or understand that acronym. I.T. simply means Information Technology it is similar to Computer Support, Tech Support, your Computer Guy or Computer People. Typically a computer company that does I.T. basically supports everything computer related, some may not do repairs while others still do. Underdog still offers computer repairs.

Back to the main point. So the term Managed Services is different also depending on the computer support firm you talk to, treats managed services differently. But the general consensus it is a set monthly fee usually based on the amount of devices or computers the company has and it includes certain features like Remote Monitoring, Patch Management, Antivirus – and what usually varies is the added support, unlimited phone and remote support or unlimited or limited hours of onsite support.

To put it a much simpler way, Managed Services is a subscription service for technical support. As a society we have been trending to subscription based ways of paying for conveyances and then later for big ticketed items. So when you first think of Subscriptions you think of newspapers and magazines, later evolving to streaming services like Netflix, Hulu, Amazon prime. Then software manufactures like Microsoft and Google, subscription services for their email packages instead of buying expensive email server, software and consultation it allowed the smaller companies that didn’t have the money to invest in that infrastructure to get it on-demand and as much as it needed. As your need grew you could purchase more. Microsoft took it a noch up and expanded to their office suite so instead of plunking down 300-400 every few years you are paying 11/month – the advantage is as soon as a new version came out you received it. The advantage for Microsoft is they had a steadier stream of revenue. Then computer support companies started offering Managed Services contracts which allowed a piece of software to live on your computer(s) provide some automated remediation services, managing patches(software updates) and managing antivirus. Bundled with that is a familiarity with your business, ability to “predict or prevent problems by providing proactive support” added to that some kind of tangible technical support service. The benefit to the client was a budget friendly, predictable expense. The benefit to the managed it provider is predictable income.  

Now remember I said, the benefit of Managed Services for the client is prevent problems and being proactive, essentially fixing issues or alerting the customer of issues before they become a big problem. Unfortunately, many Managed IT service providers do not do this. I would guess they had the best intentions but either bringing on too many clients or the sheer volume of errors, alerts coming in or not enough staff for the amount of work overwhelms them. Many Managed IT providers still react in “Fire Fighting Mode” and by that, I mean address an issue only once it has become a problem, which defeats the purpose.

Now remember I also said, another benefit is patch management. So Microsoft releases patches every Tuesday for every supported operating system as well as software vendors release updates and hardware vendors release firmware. Patch Management allows the Managed IT company to release approved patches to your computer instead of everything that comes out. In other words, it is not something that can be automated if it were your computer already does that. Someone has to look at the patches being released and determine their safeness before releasing to you. Unfortunately many Managed IT service providers do not do this. Again I would guess they had the best intentions but for the reasons stated above.

Not All managed IT Providers include antivirus as part of their offering but from my experience I have seen this not distributed as promise, in other words you are under the assumption you are protected and you are not. I have seen clients that have been promised all 3 of the things I mentioned for several years they thought they had it but sadly they did not!

 

So what Am I telling you, is Managed Services a scam? Is it not a good thing to do? Is it right for my company? Who can I trust?

Managed Services when developed and deployed correctly is absolutely not a scam. There are many Managed IT companies that are doing it right, they took the time to understand how run a managed service business, they took the time to understand their clients needs and they took the time to make sure the solution was right for the client.

Underdog Computer and Network Support LLC. Is that company, Our goal is to grow slowly so we are careful when taking on new clients. We take the time to understand your needs; Managed Services is not a good fit for every business and if not we are upfront about that too. Maybe you are an every once in a while need for IT services that’s ok, we can still support you maybe a retainer or hourly works for you. So how do you know, give us a call Today 570-634-5350 or leave a message on one of our social media platforms we are offering a free no strings attached Assessment of your network, so if you are a managed service client for a competitor and you are concerned or you don’t understand your bill – give me a call and I will be happy to stop down and give you some good ol’ free advice  

I’m Carmine Corridore; President Underdog Computer and Network Support, LLC. Never Fear, We Fix I.T.