Login
“Antivirus software slows down my PC.” This is a comment that is often heard when talking about antivirus and malware protection.
That might be the case with many security products, but it’s not the case with McAfee. Independent tests since 2016 have proven that McAfee is not only good at catching malware and viruses, but also one of the lightest security products available today.
Antivirus forms a major cornerstone of online protection software. It protects your devices against malware and viruses through a combination of prevention, detection, and removal. Ours uses AI to detect the absolute latest threats — and has for several years now.
For decades, people have installed antivirus software on their computers. Today, it can also protect your smartphones and tablets as well. In fact, we recommend installing it on those devices as well because they’re connected, just like a computer. And any device that connects to the internet is a potential target for malware and viruses.
One important distinction about antivirus is its name, a name that first came into use years ago when viruses first appeared on the scene. However, antivirus protects you from more than viruses. It protects against the broad category of malware too — things like spyware, ransomware, and keyloggers.
To measure how much impact online protection software has on PC performance, some independent test labs include performance impact benchmarks in their security product tests. The most well-known of these test labs are AV-TEST, which is based in Germany, and Austria-based AV-Comparatives. These independent labs are among the most reputable and well-known anti-malware test labs in the world.
Over the years, we’ve tested strongly. Those results got stronger still with the release of our McAfee Next-gen Threat Protection.
McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.
And the results show it.
Even with strong protection continuously monitoring all activity on your PC and laptop for threats, the best kind of antivirus keeps your devices running quickly.
Advances in our already high-performing protection have solidified our excellent standing in independent tests. The labs run them regularly, and we take pride in knowing that we’re not only protecting you, we’re keeping you moving along at a good clip.
The post Does Antivirus Software Slow You Down? appeared first on McAfee Blog.
Vanquishing aliens, building virtual amusement parks, mashing buttons in online battles royale. For some, playing video games is a way to unwind from the day and momentarily journey to new worlds. Others game because they love the competition or enjoy participating in the online community around their favorite game.
But just like other online realms, gaming isn’t free of cybercriminals. Cybercriminals take advantage of highly trafficked online gaming portals to make a profit on the dark web.
The next time you log on to your virtual world of choice, level up your gaming security to protect your device and your personally identifiable information (PII).
Gaming companies host a trove of valuable information. Gamers trust these platforms with their payment information, personal details, passwords, and with the safety of their gaming characters on which they spend thousands of hours and hundreds of dollars upgrading.
Cybercriminals also target gamers through malware disguised as an advantage. Cheat software for online games is common as players strive to be the best among their opponents. For instance, a malware scam targeted players seeking an advantage for “Call of Duty: Warzone.” The malware creators advertised the “cheat software” on YouTube with instructions on how to download it. The video received thousands of views and hundreds of comments, which made it look legitimate.
One of the steps in installing the “cheat software” was that users had to disable antivirus programs and firewalls. Users let the cybercriminals walk right into their device! From there, an aggressive type of fileless malware called a dropper infected the device. A dropper doesn’t download a malicious file; rather, it creates a direct pathway to deliver an additional payload, such as credential-stealing malware.1
Competitive gaming is, well, competitive. So, if you invest a lot of real money into your characters, be especially vigilant and follow these five important tips to protect your online accounts.
It’s common for gamers to use variations of their real names and birthdates in their public-facing usernames. Doing this could reveal personal information that you’d rather keep private. Consider using a nickname or a combination of random numbers instead. Along this same vein, don’t reveal personal details about yourself (phone number, hometown, places you visit regularly, etc.) on chats or streams. Lurking cybercriminals can gather these personal details to impersonate you.
On some online PC games, you can join campaigns with gamers from all over the world. While the interconnectivity is great, carefully vet who you allow to follow your online profile. If a stranger sends a friend request out of the blue, be on alert. They could have nefarious motives, such as phishing for valuable data. It’s best to customize your privacy settings to make your profile invisible to strangers.
Developers spend a lot of time creating amazing games, so make sure you purchase games legally and play them as they are intended. Research revealed that cracked versions – or unauthorized versions – of popular games sometimes hid ChromeLoader malware, which has the ability to steal credentials stored in internet browsers. Cracked versions of Call of Duty, Elden Ring, Dark Souls 3, Red Dead Redemption 2, and Roblox were found to be harboring malware.2
Be especially wary of free downloads and cheat software. Instead, go for a challenge and have fun with the game as it’s written.
A virtual private network (VPN) scrambles your online data traffic, foiling nosy digital eavesdroppers you may encounter while online gaming. A VPN makes it nearly impossible for anyone to access your IP address or spy on your online browsing.
Antivirus software can make your online gaming experience more secure. McAfee antivirus software, which is included in McAfee+, provides real-time threat protection, which means your devices are covered with 24/7 protection from ever-evolving malware and online threats.
1Ars Technica, “Malicious cheats for Call of Duty: Warzone are circulating online”
2TechRadar, “Be very careful when downloading these games online – they could be malware”
The post 5 Online Gaming Tips to Stay Safe From Cybercriminals appeared first on McAfee Blog.
[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.]
In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. Bloom resigned from AshleyMadison citing health reasons in June 2015 — less than one month before unidentified hackers stole data on 37 million users — and launched LeakedSource three months later.
Jordan Evan Bloom, posing in front of his Lamborghini.
On Jan. 15, 2018, the Royal Canadian Mounted Police (RCMP) charged then 27-year-old Bloom, of Thornhill, Ontario, with selling stolen personal identities online through the website LeakedSource[.]com.
LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals.
The RCMP arrested Bloom in December 2017, and said he made approximately $250,000 selling hacked data, which included information on 37 million user accounts leaked in the 2015 Ashley Madison breach.
Subsequent press releases from the RCMP about the LeakedSource investigation omitted any mention of Bloom, and referred to the defendant only as Defiant Tech. In a legal settlement that is quintessentially Canadian, the matter was resolved in 2019 after Defiant Tech agreed to plead guilty. The RCMP declined to comment for this story.
The Impact Team, the hacker group that claimed responsibility for stealing and leaking the AshleyMadison user data, also leaked several years worth of email from then-CEO Noel Biderman. A review of those messages shows that Ashley Madison hired Jordan Evan Bloom as a PHP developer in December 2014 — even though the company understood that Bloom’s success as a programmer and businessman was tied to shady and legally murky enterprises.
Bloom’s recommendation came to Biderman via Trevor Sykes, then chief technology officer for Ashley Madison parent firm Avid Life Media (ALM). The following is an email from Sykes to Biderman dated Nov. 14, 2014:
“Greetings Noel,
“We’d like to offer Jordan Bloom the position of PHP developer reporting to Mike Morris for 75k CAD/Year. He did well on the test, but he also has a great understanding of the business side of things having run small businesses himself. This was an internal referral.”
When Biderman responded that he needed more information about the candidate, Sykes replied that Bloom was independently wealthy as a result of his forays into the shadowy world of “gold farming” — the semi-automated use of large numbers of player accounts to win some advantage that is usually related to cashing out game accounts or inventory. Gold farming is particularly prevalent in massively multiplayer online role-playing games (MMORPGs), such as RuneScape and World of Warcraft.
“In his previous experience he had been doing RMT (Real Money Trading),” Sykes wrote. “This is the practice of selling virtual goods in games for real world money. This is a grey market, which is usually against the terms and services of the game companies.” Here’s the rest of his message to Biderman:
“RMT sellers traditionally have a lot of problems with chargebacks, and payment processor compliance. During my interview with him, I spent some time focusing in on this. He had to demonstrate to the processor, Paypal, at the time he had a business and technical strategy to address his charge back rate.”
“He ran this company himself, and did all the coding, including the integration with the processors,” Sykes continued in his assessment of Bloom. “Eventually he was squeezed out by Chinese gold farmers, and their ability to market with much more investment than he could. In addition the cost of ‘farming’ the virtual goods was cheaper in China to do than in North America.”
The gold farming reference is fascinating because in 2017 KrebsOnSecurity published Who Ran LeakedSource?, which examined clues suggesting that one of the administrators of LeakedSource also was the admin of abusewith[.]us, a site unabashedly dedicated to helping people hack email and online gaming accounts.
An administrator account Xerx3s on Abusewithus.
Abusewith[.]us began in September 2013 as a forum for learning and teaching how to hack accounts at Runescape, an MMORPG set in a medieval fantasy realm where players battle for kingdoms and riches.
The currency with which Runescape players buy and sell weapons, potions and other in-game items are virtual gold coins, and many of Abusewith[dot]us’s early members traded in a handful of commodities: Phishing kits and exploits that could be used to steal Runescape usernames and passwords from fellow players; virtual gold plundered from hacked accounts; and databases from hacked forums and websites related to Runescape and other online games.
That 2017 report here interviewed a Michigan man who acknowledged being administrator of Abusewith[.]us, but denied being the operator of LeakedSource. Still, the story noted that LeakedSource likely had more than one operator, and breached records show Bloom was a prolific member of Abusewith[.]us.
In an email to all employees on Dec. 1, 2014, Ashley Madison’s director of HR said Bloom graduated from York University in Toronto with a degree in theoretical physics, and that he has been an active programmer since high school.
“He’s a proprietor of a high traffic multiplayer game and developer/publisher of utilities such as PicTrace,” the HR director enthused. “He will be a great addition to the team.”
PicTrace appears to have been a service that allowed users to glean information about anyone who viewed an image hosted on the platform, such as their Internet address, browser type and version number. A copy of pictrace[.]com from Archive.org in 2012 redirects to the domain qksnap.com, which DomainTools.com says was registered to a Jordan Bloom from Thornhill, ON that same year.
The street address listed in the registration records for qksnap.com — 204 Beverley Glen Blvd — also shows up in the registration records for leakadvisor[.]com, a domain registered in 2017 just months after Canadian authorities seized the servers running LeakedSource.
Pictrace, one of Jordan Bloom’s early IT successes.
A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com shared a server with just a handful of other domains, including Near-Reality[.]com — a popular RuneScape Private Server (RSPS) game based on the RuneScape MMORPG.
Copies of near-reality[.]com from 2013 via Archive.org show the top of the community’s homepage was retrofitted with a message saying Near Reality was no longer available due to a copyright dispute. Although the site doesn’t specify the other party to the copyright dispute, it appears Near-Reality got sued by Jagex, the owner of RuneScape.
The message goes on to say the website will no longer “encourage, facilitate, enable or condone (i) any infringement of copyright in RuneScape or any other Jagex product; nor (ii) any breach of the terms and conditions of RuneScape or any other Jagex product.”
A scene from the MMORPG RuneScape.
Near Reality also has a Facebook page that was last updated in 2019, when its owner posted a link to a news story about Defiant Tech’s guilty plea in the LeakedSource investigation. That Facebook page indicates Bloom also went by the nickname “Agentjags.”
“Just a quick PSA,” reads a post to the Near Reality Facebook page dated Jan. 21, 2018, which linked to a story about the charges against Bloom and a photo of Bloom standing in front of his lime-green Lamborghini. “Agentjags has got involved in some shady shit that may have compromised your personal details. I advise anyone who is using an old NR [Near Reality] password for anything remotely important should change it ASAP.”
By the beginning of 2016, Bloom was nowhere to be found, and was suspected of having fled his country for the Caribbean, according to the people commenting on the Near Reality Facebook page:
“Jordan aka Agentjags has gone missing,” wrote a presumed co-owner of the Facebook page. “He is supposedly hiding in St. Lucia, doing what he loved, scuba-diving. Any information to his whereabouts will be appreciated.”
KrebsOnSecurity ran the unusual nickname “AgentJags” through a search at Constella Intelligence, a commercial service that tracks breached data sets. That search returned just a few dozen results — and virtually all were accounts at various RuneScape-themed sites, including a half-dozen accounts at Abusewith[.]us.
Constella found other “AgentJags” accounts tied to the email address ownagegaming1@gmail.com. The marketing firm Apollo.io experienced a data breach several years back, and according to Apollo the email address ownagegaming1@gmail.com belongs to Jordan Bloom in Ontario.
Constella also revealed that the password frequently used by ownagegaming1@gmail.com across many sites was some variation on “niggapls,” which my 2017 report found was also the password used by the administrator of LeakedSource.
Constella discovered that the email eric.malek@rogers.com comes up when one searches for “AgentJags.” This is curious because emails leaked from Ashley Madison’s then-CEO Biderman show that Eric Malek from Toronto was the Ashley Madison employee who initially recommended Bloom for the PHP developer job.
According to DomainTools.com, Eric.Malek@rogers.com was used to register the domain devjobs.ca, which previously advertised “the most exciting developer jobs in Canada, delivered to you weekly.” Constella says eric.malek@rogers.com also had an account at Abusewith[.]us — under the nickname “Jags.”
Biderman’s email records show Eric Malek was also a PHP developer for Ashley Madison, and that he was hired into this position just a few months before Bloom — on Sept. 2, 2014. The CEO’s leaked emails show Eric Malek resigned from his developer position at Ashley Madison on June 19, 2015.
“Please note that Eric Malek has resigned from this position with Avid and his last day will be June 19th,” read a June 5, 2015 email from ALM’s HR director. “He is resigning to deal with some personal issues which include health issues. Because he is not sure how much time it will take to resolve, he is not requesting a leave of absence (his time off will be indefinite). Overall, he likes the company and plans to reach out to Trevor or I when the issues are resolved to see what is available at that time.”
A follow-up email from Biderman demanded, “want to know where he’s truly going….,” and it’s unclear whether there was friction with Malek’s departure. But ALM General Counsel Avi Weisman replied indicating that Malek probably would not sign an “Exit Acknowledgment Form” prior to leaving, and that the company had unanswered questions for Malek.
“Aneka should dig during exit interview,” Weisman wrote. “Let’s see if he balks at signing the Acknowledgment.”
Bloom’s departure notice from Ashley Madison’s HR person, dated June 23, 2015, read:
“Please note that Jordan Bloom has resigned from his position as PHP Developer with Avid. He is leaving for personal reasons. He has a neck issue that will require surgery in the upcoming months and because of his medical appointment schedule and the pain he is experiencing he can no longer commit to a full-time schedule. He may pick up contract work until he is back to 100%.”
A follow-up note to Biderman about this announcement read:
“Note that he has disclosed that he is independently wealthy so he can get by without FT work until he is on the mend. He has signed the Exit Acknowledgement Form already without issue. He also says he would consider reapplying to Avid in the future if we have opportunities available at that time.”
Perhaps Mr. Bloom hurt his neck from craning it around blind spots in his Lamborghini. Maybe it was from a bad scuba outing. Whatever the pain in Bloom’s neck was, it didn’t stop him from launching himself fully into LeakedSource[.]com, which was registered roughly one month after the Impact Team leaked data on 37 million Ashley Madison accounts.
Mr. Malek declined a request for comment. A now-deleted LinkedIn profile for Malek from December 2018 listed him as a “technical recruiter” from Toronto who also attended Mr. Bloom’s alma mater — York University. That resume did not mention Mr. Malek’s brief stint as a PHP developer at Ashley Madison.
“Developer, entrepreneur, and now technical recruiter of the most uncommon variety!” Mr. Malek’s LinkedIn profile enthused. “Are you a developer, or other technical specialist, interested in working with a recruiter who can properly understand your concerns and aspirations, technical, environmental and financial? Don’t settle for a ‘hack’; this is your career, let’s do it right! Connect with me on LinkedIn. Note: If you are not a resident of Canada/Toronto, I cannot help you.”
Mr. Bloom told KrebsOnSecurity he had no role in harming or hacking Ashley Madison. Bloom validated his identity by responding at one of the email addresses mentioned above, and agreed to field questions so long as KrebsOnSecurity agreed to publish our email conversation in full (PDF).
Bloom said Mr. Malek did recommend him for the Ashley Madison job, but that Mr. Malek also received a $5,000 referral bonus for doing so. Given Mr. Malek’s stated role as a technical recruiter, it seems likely he also recommended several other employees to Ashley Madison.
Bloom was asked whether anyone at the RCMP, Ashley Madison or any authority anywhere ever questioned him in connection with the July 2015 hack of Ashley Madison. He replied that he was called once by someone claiming to be from the Toronto Police Service asking if he knew anything about the Ashley Madison hack.
“The AM situation was not something they pursued according to the RCMP disclosure,” Bloom wrote. “Learning about the RCMP’s most advanced cyber investigative techniques and capabilities was very interesting though. I was eventually told information by a third party which included knowledge that law enforcement effectively knew who the hacker was, but didn’t have enough evidence to proceed with a case. That is the extent of my involvement with any authorities.”
As to his company’s guilty plea for operating LeakedSource, Bloom maintains that the judge at his preliminary inquiry found that even if everything the Canadian government alleged was true it would not constitute a violation of any law in Canada with respect the charges the RCMP leveled against him, which included unauthorized use of a computer and “mischief to data.”
“In Canada at the lower court level we are allowed to possess stolen information and manipulate our copies of them as we please,” Bloom said. “The judge however decided that a trial was required to determine whether any activities of mine were reckless, as the other qualifier of intentionally criminal didn’t apply. I will note here that nothing I was accused of doing would have been illegal if done in the United States of America according to their District Attorney. +1 for free speech in America vs freedom of expression in Canada.”
“Shortly after their having most of their case thrown out, the Government proposed an offer during a closed door meeting where they would drop all charges against me, provide full and complete personal immunity, and in exchange the Corporation which has since been dissolved would plead guilty,” Bloom continued. “The Corporation would also pay a modest fine.”
Bloom said he left Ashley Madison because he was bored, but he acknowledged starting LeakedSource partly in response to the Ashley Madison hack.
“I intended to leverage my gaming connections to get into security work including for other private servers such as Minecraft communities and others,” Bloom said. “After months of asking management for more interesting tasks, I became bored. Some days I had virtually nothing to do except spin in my chair so I would browse the source code for security holes to fix because I found it enjoyable.”
“I believe the decision to start LS [LeakedSource] was partly inspired by the AM hack itself, and the large number of people from a former friend group messaging me asking if XYZ person was in the leak after I revealed to them that I downloaded a copy and had the ability to browse it,” Bloom continued. “LS was never my idea – I was just a builder, and the only Canadian. In other countries it was never thought to be illegal on closer examination of their laws.”
Bloom said he still considers himself independently wealthy, and that still has the lime green Lambo. But he said he’s currently unemployed and can’t seem to land a job in what he views as his most promising career path: Information security.
“As I’m sure you’re aware, having negative media attention associated with alleged (key word) criminal activity can have a detrimental effect on employment, banking and relationships,” Bloom wrote. “I have no current interest in being a business owner, nor do I have any useful business ideas to be honest. I was and am interested in interesting Information Security/programming work but it’s too large of a risk for any business to hire someone who was formerly accused of a crime.”
If you liked this story, please consider reading the first two pieces in this series:
SEO Expert Hired and Fired by Ashley Madison Turned on Company, Promising Revenge
Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014
Article tags
When my boys were in the thick of their teen years (pre pandemic), bad mouthing their seeming gaming obsession was almost a sport amongst my mum friends. And it would sound something like this:
‘They just waste so much time on those stupid games’. ‘No matter what I try, I just can’t seem to get them off that silly Xbox’. ‘Can you believe they want to spend all their pocket money on the new version of COD?’ ‘I am so close to throwing all their gaming stuff in the bin!!’
Fast forward to life post pandemic and I think it’s fair to say that most of us have changed our attitude around gaming. There is no doubt that gaming helped many of us survive the incredible loneliness that resulted from protracted quarantine periods and seemingly endless lockdowns. It took just a few days of lockdown for things to change real fast in our house: daily gaming time caps were scrapped; screen time limits became a thing of history as survival became our top priority!
But now that life has returned to our ‘new normal’, have our gaming habits and attitudes really changed? Well, a 2022 report, entitled Digital Australia, has done a deep-dive into the gaming lives of Aussies and the insights are quite fascinating. Here are the most interesting takeaways:
So, there’s no doubt that gaming has become both a more regular and widely accepted part of our daily lives. But that doesn’t mean that we can take our eye off the ball. While there is a lot to love about gaming, there are still steps we should all take to ensure the experience is safe and positive for everyone, particularly our kids. Here are my top tips:
If you read my blog regularly, I have no doubt you’re rolling your eyes! Yes, I’m talking about passwords again!! And here’s why – if you (or your kids) use the same password for each of your online accounts and one of those accounts get hacked, then you risk losing control of your entire digital life. Yes, I know it sounds dramatic but that is the reality. The easiest way of avoiding this scenario is by ensuring each of your online accounts, including your gaming accounts, has its own unique password. Now remember, passwords need to be at least 10 characters, have a combination of numbers, symbols and upper and lower-case letters and have no connection to anything about you at all. I’m a fan of a long, nonsensical sentence but, I’m an even bigger fan of a password manager that can both create and remember these unique passwords for you. Check out McAfee+ – it will make your life so much easier!
Keeping your location on the ‘down low’ when you game online is an important way of securing your privacy and a Virtual Private Network (or VPN) can do that. When you connect using a VPN, your location is concealed making it impossible for hackers or stalky types to find you. A VPN can also protect you against DDoS attacks which can be used by gaming opponents when the competition stakes are high! McAfee’s True Protection security software offers a VPN, check it out here.
‘Yes please’ needs to be the answer if your online gamer is offered 2-factor or multi factor authentication from a game or distributor. This adds another layer of security by adding an additional stage to the login process. Usually, a code will be sent to an email address or mobile phone number that needs to be entered before the user can access their account. And it appears as though distributors are getting behind player security with some games even offering in-game rewards to those who sign up for it. How good!
Scammers know we love gaming, so they have spent much energy creating websites that offer free downloads of the most popular online games. But unfortunately, visitors to these websites won’t be getting free games anytime soon as these websites are all about extracting vital personal information from gaming hungry types. So, ensure your kids understand this and that it is essential that they only download games, third-party add-ons, or cheat codes from reputable sites otherwise they risk introducing viruses or game malware into their beloved machines.
If you’ve got kids, then helping them choose the right games to play is essential. Instead of taking an authoritarian approach here, why not think of it as a collaboration? Ask them to do some research on the games they would like to play and ask them to include the recommended age, an overview of the content & whether there are privacy settings available. I then suggest reviewing the list together to see whether the potential games are good for problem solving skills, creativity, or purely social interactions. I also recommend checking out the Australian Classification Board’s review of potential games plus top notch digital parenting sites like Common Sense Media before making your final decision.
Without doubt, the best way you can keep your kids safe while online gaming is to ensure the lines of communication are open and clear. If they know they can come to you if they experience an issue while gaming (and that you won’t immediately punish them and ack away the Xbox) then you’re ahead. Not sure how to kick start the communication? How about a family session on the Xbox. I promise, it will be time well spent!
Happy digital parenting!
Alex
The post The Best Way to Stay Safe While Gaming appeared first on McAfee Blog.
FreshRSS