Connecticut Better Business Bureau is alerting business owners about a frightening computer virus that targets computer servers running the most widely-used internet encryption security system.
Security engineers discovered that the “Heartbleed” virus exploits a flaw in OpenSSL, which allowed them to view passwords and user names when they tested the virus. SSL is an open-source software program that encrypts data over the internet. It is used to secure business transactions, email, instant messaging services, social media sites and any other sort of web-based system that must secure the data that is transmitted to and from its servers.
Once the specialists understood how it worked, they avoided publicizing the discovery until OpenSSL’s developers could create an update that eliminates the security loophole.
Yahoo was among the first-named websites where the Heartbleed virus was detected. Yahoo and other major companies that rely on OpenSSL moved quickly to fix the vulnerability. SSL is used on web servers, but not on PCs or mobile devices.
The virus is believed to have originated two years ago, but researchers say it covered its tracks to leave no trace of its presence. There is no word on how many servers were infected.
Connecticut BBB recommends businesses consult a qualified information technology (IT) professional, to see whether their servers are infected with the virus, and if so, remove it and apply the updated, secure version of OpenSSL.
Consumers and businesses should change their passwords, and regularly scan their computers with an updated computer security application. In addition, install operating system updates and software patches, which often address emerging security flaws.