Heartbleed, a vulnerability affecting nearly 70% of websites on the Internet, was discovered two months ago. It was big. It still is big. Heartbleed affects nearly every person using the Internet (especially if you haven’t changed your passwords since the bug was discovered) because the vulnerability deals with how servers interpret information, such as usernames and passwords, that is sent online. That means users cannot protect themselves from the vulnerability until the bug is fixed on the server’s side—meaning a company’s IT administrator has to fix it.
But it appears some hackers are trying to convince potential victims that Heartbleed can be “uninstalled” from their computers. They’re doing this by sending out emails loaded with a “Heartbleed remover” tool attachment, which is really just a cleverly disguised package of malicious software. This form of attack—where a hacker or a group of hackers try to trick victims into compromising their devices—is called a phishing attack. And phishing attacks, even this one, usually have a few telltale signs.
- A link or attachment.
- A sense of urgency.
- Signs of mischief.
- Dead giveaways.
This phishing attack is as dangerous as it is clever. It tries to trick you into downloading a “cleaner” for the Heartbleed bug, as if it was something that could be fixed on the user-side (once again, it’s not). In reality, what you are downloading is a keylogger. Keyloggers are programs that record your keystrokes and send them back to the controlling hacker. With information from the keylogger, the hacker in question can login to your accounts and get access to your personal and financial information.
A strong rule of thumb to live by online is to never open an attachment or click on a link that you weren’t expecting, or one that comes from an unknown source.
In this case, the phishing email contained a subject line pertaining to investments in Syria. The body of the phishing attack, however, was a warning telling the victim that they needed to run a program to make sure the Heartbleed “virus” was removed from their computer. The email contained a plausible threat to those who aren’t informed about Heartbleed, as well as a strong sense of urgency.
But a closer look at the email gives us the evidence we need to dismiss it as a phishing attack. Take the subject line “Looking for Investment Opportunities from Syria” for example. The subject line had nothing to do with the body of the email. So there are two indicators right off of the bat: a peculiar subject line (sometimes referred to as the “Nigerian Prince” subject line—a reference to another phishing attack which promises the victim riches for a small fee) and an email body unrelated to the subject line. Other signs of mischief can include typos, English syntax errors, and the sender’s email addresses containing odd characters.
There’s a line in the email that ought to give the scam away to anybody: “If you get a warning from windows or your Anti-Virus that this file might harm your computer, please ignore this warning … as it will be an attempt by the virus program to stop you from running the tool.” It’s a sentence explicitly telling you to ignore your own security programs. It’s a subtle order, but it’s one that’s necessary for the attack to work. The same goes for other phishing attacks: a line telling you to click on this link; a single sentence saying you need to reset your password even though you never requested to reset your password; an invitation for you to donate money to a foreign beneficiary.
All of these attacks follow similar patterns, but those patterns are getting harder to detect as hacking tools become both more common and more complex. So what can you do to defend yourself from such an attack? There’re a few options available:
- Read carefully
- Ignore attachments.
- Always use comprehensive security (and never disable it).
- Check the safety of the websites you frequent.
If you suspect you just opened a malicious email, don’t fret. Read the email carefully and look for signs of mischief. Bad grammar is one sign—a conflicting or mismatched subject line relative to the body of an email is another. If something looks wrong, delete the email.
If an unsolicited email contains an unsolicited attachment, then it is, in all likelihood, a phishing attack trying to trick you. Don’t let your curiosity get the better of you. Just delete the email and the attachment along with it.
Whenever an email says you need to disable your anti-virus program in order to work, don’t do it. Disabling your security solution is a guaranteed way of compromising not only your computer, but also anything remotely linked to it—like your bank account, for example.Using a comprehensive security solution, like McAfee LiveSafe™ service can help protect your computer from malicious attachments and dangerous websites. Don’t surf the Internet without a security solution in place.
The McAfee Heartbleed Checker tool is an accurate way to measure your protection against Heartbleed. While Heartbleed cannot be “uninstalled” or removed from your machine as the hackers in this case claim, you can check the sites you frequent to see if they’re at risk.