password

Russian Hackers Compromise 4.5 Billion Records

Hold Security had warned the media outlets that a gang of Russian hackers have gained access to 4.5 billion email addresses and passwords.

The Milwaukee based security firm estimates that 420,000 web and ftp sites, including some Fortune 500 company sites, have been compromised. But details on what specific websites were compromised were not released.

The New York Times have claimed to have had the information analyzed by a security expert not affiliated with the security firm who confirmed the authenticity of the database of stolen information. And The New York Times have also reported that some of the companies involved are aware of the situation.

Most of this information was gathered via a botnet, a collection of interconnected computers that have been infected with a virus that collects and forwards information to individuals who either sell it or use the information to send unsolicited commercial email or gain access to web sites and credit card information.

According to Hold Security the most vulnerable users are those that use a generic password on multiple sites, whose generic passwords can be used to gain access to sites that are not in the records.

They had found that out of the 4.5 billion records, only 1.2 billion had unique passwords so the firm suggest the use of more secure, unique passwords.

An individual password should not be used on multiple sites and a combination of letters (in upper and lower caps), numbers and special characters (punctuation, symbols, etc.) should be used to prevent predictability.

The use of a frequently updated anti-virus program also helps keep individual computers from being infected with viruses that keep track of the passwords used.

Don’t Fall for The Scams

I have just made aware of yet another phishing scam, this time involving Facebook.

Every few days someone tried to get people to click on fake links in official sounding emails and people are unfortunately still falling for it.

It’s quite simple. If a company sends an email to you saying there’s a problem with your account then go to the company’s web site directly.

Do not click on the link provided in the email !
Delete the email immediately !

These links are fake and dangerous. They lead to fake websites that steal passwords and install viruses onto your computer, that also not only steal more passwords as you type them but send out copies of the email you just received to the emails you’ve got in your contact list.

Some of these viruses also take over your computer, so it’s best to just delete these emails immediately and to install virus/malware scanners that will look for these viruses in the email you receive.

Microsoft currently offers windows users a free software package that can be used to protect Windows based machines.

Microsoft Security Essentials will protect machines against viruses, spyware and malware. But I also recommend the use of alternative browsers like Firefox, which is more secure, as well as web based email, like Gmail, whose email is usually scanned for viruses and spam.

I also like the immunity function of Spybot-Search and Destroy, which instructs your browser to prevent certain suspect scripts and websites from loading up. But you need to turn off real time protection if you’re using another virus scanning program.

Some of you may already have anti-virus and anti-spyware software pre-installed on your computers. Or some of you may have software provided to you by your internet providers. You should always update these regularly to address the latest threats. But even with this software installed it’s best to consider all emails of this nature to be potential threats.