Heartbleed

Posted: April 11, 2014
Threat Metric
Threat Level: 1/10
Infected PCs 899

Heartbleed Description


Heartbleed vulnerabilityHeartbleed is a software vulnerability affecting websites using the OpenSSL data protection standards. In theory, the exploitation of this bug allows third parties to access passwords and other sensitive information for the users of affected websites, the latter of which encompass roughly two-thirds of all widely-used Internet domains. Heartbleed was recently identified but has had a previous lifespan of two years. PC users should take proper actions to protect vulnerable or hacked accounts, and malware experts also encourage making use of appropriate utilities for verifying any suspected vulnerabilities to Heartbleed with particular websites.

When the Heart of Security Starts Bleeding Your Passwords

Heartbleed is a vulnerability that recently was made public by researchers at Codenomicon, and is a particularly astounding PC threat for the sheer breadth of websites affected by Heartbleed. Although there are no confirmed Heartbleed attacks so far, some news outlets speculate that the American NSA has exploited Heartbleed deliberately to engage in surveillance, and this possibility is awaiting confirmation from reliable intelligence sources. In theory, Heartbleed may be exploited with any website that's used OpenSSL encryption standards – which right on happens to be the most outstanding form of SSL encryption to date. Vulnerable targets include Amazon Web Services, the Facebook social networking site, Google's Gmail and even Cisco-brand Internet routers.

By number of targets alone, Heartbleed may very well be considered the most significant software vulnerability found in the history of the Internet. Along with that, Heartbleed also is significant for leaving no obvious signs of the exploitation, which makes it almost impossible to estimate the number of affected victims or isolate potential exploit-abusing actions. The Heartbleed bug seemingly was introduced by accident by Robin Seggelmann in 2012 and affects 1.0.1 and the 1.0.2-beta of OpenSSL.

Malware experts have noted that most major companies already have issued patches to correct Heartbleed. If Heartbleed is left unpatched, Heartbleed tricks the aforementioned websites and software into giving ill-minded people information about their traffic, possibly including account passwords, user names and other, equally classified forms of information. However, malware experts warn that you should not change all passwords indiscriminately and immediately, since such wide-sweeping actions may encourage third parties to take advantage of the increase in sensitive data transmission and increase the likelihood of Heartbleed's exploitation.

Getting the Internet Back to a Healthy Heart

Although it may be tempting to panic at how prolific Heartbleed is, PC users who monitor their accounts for suspicious activities already should be able to catch obvious attacks against their personal accounts using Heartbleed. Besides hoping that companies will update their own software promptly to stop any future abuses of this bug, PC users also can protect themselves from Heartbleed through methods including:

  • Installing browser-specific add-ons that detect Heartbleed vulnerabilities on various websites. Chromebleed for Google's Chrome is one such add-on and warns you automatically whenever you visit a site that's still vulnerable to Heartbleed.
  • Using Heartbleed-detecting websites, such as Filippo Valsorda's filippo.io/Heartbleed/, AKA the 'Heartbleed test.' These sites function similarly to threat domain scanners, but detect Heartbleed vulnerabilities, as opposed to other PC threats.
  • Changing your passwords for specific websites that recommend that their users do so as part of an overall security overhaul.

Happily, most banking websites and US government websites appear to be unaffected by Heartbleed. On the other end, malware researchers are unhappy to note that over three hundred cloud storage companies so far have eschewed installing updates that would disable the Heartbleed bug, which places cloud storage users particularly at risk.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Heartbleed may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Heartbleed may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.