SEQUIM — The owner of a local computer repair company is warning area accountants to be vigilant against a digital thief capable of stealing sensitive information about their clients.
“We need to be aware of this,” said Jim Manderscheid, vice president and co-owner of Quality Assured Computer Services at 680 W. Washington St., Suite B-101.
“And I don’t care who is working on their computers, just as long as their customers are safe.”
Manderscheid discovered malicious software, or malware, in late March while providing routine services on a computer belonging to a local accountant.
He encourages area residents to question their certified public accountants about their security status.
“Go to your CPA and have them give you some sort of verification that they have a clean bill of health” and are “scanning their computers daily or weekly,” he said.
And if an accountants discovers they have been hacked, they should notify their customers and law enforcement immediately, Manderscheid added.
Malware is software used to disrupt computer operations, gather sensitive information, or gain access to private computer systems.
While servicing the computer last month, “what I found was disturbing, especially during tax season.” Manderscheid said.
“I found a single, serious malware tool hiding, embedded in the system” known as “MSIL.HackTool.IdleKMS.”
“This may have been a spurious or accidental infection that may be just bad luck,” Manderscheid said.
“But since it was just one malware specific to information harvesting, it was probably done with malicious intent.”
One possible avenue of invasion “would be to introduce it into your computer via a flash drive file,” Manderscheid speculated.
“Or they have set up an account with you and are sending you an email. And on that email you were looking at a QuickBooks file, or some sort of financial file, and that came onto your system.”
After being installed on a targeted computer, MSIL.HackTool.IdleKMS — also known as Trojan.Win32.IdleKMS.deinuh Artemis!1FADEE024CBE Suspicious_Gen4.FTGGO — proceeds quietly with its purpose of collecting sensitive financial information including social security numbers, birthdays and addresses.
It is probably more damaging than simply having a person’s debit or credit card information stolen, Manderscheid said.
“If it happens, it can be a very catastrophic event for the customer base.”
The malware is used in a way “similar to keystroke loggers, [which] keep track of keys pressed and transmits the data to a hacker, who can then use this information to access password-protected accounts, or to spread malware, or viruses, or perpetrate identity theft,” Manderscheid said.
“If this hack has been exploited, then all data on the CPA’s computer has been compromised. This is similar to the [recent] hacking of Target, Home Depot, Chase, and others. But since these large corporations have stepped up their security measures, it has become harder for the hackers to break in.”
That has made smaller businesses with less resources for digital security an appealing target.
“Most likely there is a computer, or relay of computers, that harvest all the information slowly over time so as not to be detected,” Manderscheid said.
“Not being detected while executing its main objective is the primary role of malware.”
The best way to defend against the malware is to prevent it from installing in the first place through the use of anti-virus software that is updated and operating correctly, Manderscheid said.
And folks should be skeptical about downloading or opening files embedded in emails, even from people they know.
For more tips about how to avoid malware infection, go online to http://tinyurl.com/PDN-Protect.
________
Sequim-Dungeness Valley Editor Chris McDaniel can be reached at 360-681-2390, ext. 5052, cmcdaniel@peninsuladailynews.com.