Saturday, October 19, 2013


DON'T FALL FOR THIS SCHEME. IF IT SMELLS LIKE A SPOOF, LOOKS LIKE A SPOOF - IT'S A SPOOF




For those of you who do not know what an email "SPOOF" is, I will attempt to explain it to you in a language even I can understand. Usually when you receive email it's from the person or company who sent it to you.

However it's very easy to change that so when you get an email from a bank, online retailer, etc. it may not come from them. It's so easy that anyone can spoof an email, and usually the email is infected [ed. - keep this in mind as we're facing the "Crypto Locker" infection as I type].

If you are suspicious of an email and aren't sure if it's safe to open or not what can you do? One way is to look at the email header which has information you never see. For example, when I came home after work I checked my email and one message caught my attention immediately


Anytime you see a request for a password reset, the hairs on the back of your neck should start to rise. In the message was a brief "We've been hacked and you have to reset your password" sentence along with a link you can click on to take you directly to their website. Before you jump to attention and race to your computer, please read on.

HIGHLIGHT THE SUSPICIOUS EMAIL


RIGHT-CLICK ON THE MESSAGE AND A BOX WILL POP UP WITH OPTIONS


CLICK ON Message Options...


THE MESSAGE OPTIONS BOX APPEARS



I'VE SHORTED THE BOX BECAUSE YOU'LL BE INTERESTED ONLY IN THIS PART


As you see, my red arrow is pointing to something; does anything seem strange to you? Yes, you got it correct, it's the return path. If I get an email from Dropbox why does the return path show: <rehabilitated97@momix.org> ?? 

Because it's a spoofed email. It could contain hidden Malware within the message content, or an attachment, or a link to an evil site. My best advice is to slow down when opening email and take an extra second or two before opening it. I'm posting this on two of my Blogs because I believe they deserve your attention -

'Nuff Said,
Brian


Friday, October 18, 2013

CRYPTO LOCKER (UPDATE)



ARE YOU BACKING UP YET?






This malware to date, is making those lives affected more than misery, and there is no magic wand to decrypt your files. Some good news - It doesn't seem as prevalent in the wild as it was in August and September, but while the numbers have gone down slightly it doesn't mean "ALL CLEAR".

As a end user you are responsible for the security of your computer, including what emails you open and which ones you delete. Every now and then it takes a virus like this to wake you out of your daze and pay attention to the email, then decide whether or not to open it.



And hopefully you've taken my advice to buy several external USB drives to back up your files, rotate the drives in your backup plan and always disconnect the drive after backing it up, so if you open the wrong email, Crypto Locker can be removed and your files can be restored from one of the backup drives.

Wednesday, October 16, 2013

CRYPTO LOCKER VIRUS


IS A HUGE DISASTER FOR THOSE WHO ARE INFECTED



Yes, I realize that this is my second post about Crypto locker but as more people are infected it's not too much to write about it again. Crypto locker falls into the category of "Ransomware", and while we've seen ransomware before, Crypto locker is a mean beast that you never want to cross paths with.

Once infected with this, and seeing their screen, there is nothing you can do to recover your data files (photos, spreadsheets, word doc's, music, etc.)


Reports I've read say that even after paying the fee to get the "key" that will restore your files, may not work. I hope you are doing regular backups, but if you aren't you'd better run down to pick up some USB hard drives,if you value your files, then disconnect the physical back up drive once completed. I would suggest that you buy several of these and rotate them into you backup schedule.

Online backups like Carbonite will not protect you, and if you have any shared folders to other computers or servers they will be infected as well. Crypto Locker has a list of files extensions to encrypt such as: 
 
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c, *.pdf, *.tif

It does this very quietly and by the time you get the red ransom page - it's too late, the damage has already been done. Moving your files around, or even removing the virus itself will almost 100% insure that if you decide to pay the ransom, it won't work.

If you are worried about this, you should be. Crypto Locker is a new breed of infection/ransomware and I'm sure other infections will follow suit. As email is the carrier for this I would think long and hard about opening an email that looks legit (Enclosed is your FedEx tracking number) so ask yourself some questions regarding the Subject line - it may just help you dodge a bullet and save $300 at the same time. As new information comes out about Crypto Locker I will post them here -

'Nuff Said,
Brian

Monday, October 14, 2013

RED ALERT!!



A NEW DISASTER IS UPON US




This computer infection is called "Cryptolocker" and if you are infected with this it will corrupt all of your files [.doc, .xls, .jpg, .pdf, etc.]

This type of infection is called "Ransomware" because you'll have to pay them $300 to get a key to restore your files and as of this post there is no cure. Cryptolocker can be removed, but your files are still corrupted. It usually comes via email "Your FedEx tracking number is attached", or "Here is the .PDF file you requested", or any number of subject lines.

Not only does it infect your computer, but if you have shared drives to a server or another PC, it will infect those files as well. At this point the best thing you can do is alert your employees of this threat, and if one should be infected immediately remove it from your network.

THE CRYSTAL BALL


TREND MICRO'S LOOK INTO THE FUTURE


















'Nuff Said,
Brian


BACKDOOR


BACKDOOR DISCOVERED IN D-LINK ROUTERS




Recently Craig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability which is embedded in the D-Link firmware.

Should someone gain access to your router via the backdoor they could change the settings of your router and send you to fake websites which look exactly like the one you were going to (i.e. - Amazon.com). The specific browser string is "xmlset_roodkcableoj28840ybtide" which, when reversed reads "edit by joel backdoor" indicating this was intentional. Read the full article HERE.

'Nuff Said,
Brian

Wednesday, October 9, 2013

MICROSOFT PATCHES


PATCH WEEK




If you found your computer had rebooted itself overnight it is more than likely Microsoft downloaded and installed some critical patches, including the "Zero Day" exploit hole in all versions of Internet Explorer. In total, I believe there were 10 security patches applied to Internet Explorer over night, along with other security plugs for other Windows features and/or products.



This may not have gone smoothly for your PC though - It took me several shutdown/restarts and a wasted hour or so this morning just so I could open Outlook, Internet Explorer, and even Firefox. All appears rather normal now with one glaring exception: My Norton anti-virus password vault will no longer open. I've clicked on that tab numerous times (in both browsers) to find it not working (typically when you click on the Vault tab it drops down and lets you type in a master password, which it isn't doing now), thank you Microsoft (not). It's possible a 4th shutdown/restart may fix that but I don't have the time to deal with it this morning. 

I hope your patch experience was more pleasant than mine -

'Nuff Said,
Brian

Tuesday, October 8, 2013

IT WAS ONLY A MATTER OF TIME


ADOBE ADMITS HACK




When Adobe started "renting" it's products on their "CLOUD" I had mixed feelings [much like I do now when I should be in the shower instead of typing this].




On one hand, it could save someone who knew their product suite very well but couldn't afford to buy it, a chance to rent it for a month to do a project. But I could see a dark lining to this type of business plan which Microsoft is using as well. The dark lining?

"WHAT IF THEY GET HACKED?"

Well, it's happened, and Adobe says that along with personal data, approximately 2.9 million credit card numbers were stolen via a recent hack. Is there a lesson to be learned? YES, consider very carefully if you really want to go the Microsoft 365 subscription route...

'Nuff Said,
Brian

Monday, October 7, 2013

ONE WORD

MALWAREBYTES




If you aren't already using this, Malwarebytes is one of the best virus-Trojan removal tools available - and it's FREE!! It is my go-to guy when sitting down to begin tracking those evil buggers that lurk in the shadows of your Operating System.

PC Magazine went through and tested a variety of free virus removal utilities for 2013 and Malwarebytes was their "Editors Choice":



"Malwarebytes Anti-Malware 1.70 is probably the best-known free removal-only antivirus tool. Even tech support agents for other companies use it. In my own testing it beat out all free and commercial competition, and did so without the fuss and bother that often makes my testing drag on for days."



CLICK ON CHART TO ENLARGE


Nothing else they tested really came close and the folks behind Malwarebytes continue to improve their product with zeal. I have to point out that this is NOT an anti-virus product like Norton, or McAfee and does not provide real time protection.

I can hear your collective voices shouting "So what good is it then?" and my answer is fairly simple; there is NO anti-virus product on the market will stop every virus, Trojan, or rootkit from infecting your PC, there are just too many variables [ed. - not to mention the human error], so it takes a well designed utility like this to clean up the mess. *Just remember when installing Malwarebytes to un-check the top box which wants you to try all full features for 30 days.

And before I forget, I'd like to mention Malwarebytes "MBAR" utility which is designed more for finding rootkits than other types of malware. It's still in beta stage, but I've been using is for many months and it works great!

If you would like to read the PC Magazine article about this subject, and other utilities tested you can find it HERE

'Nuff Said,
Brian

Sunday, October 6, 2013

SHORT AND BRIEF


A FEW TIDBITS OF NEWS...



McAfee, the anti-virus company, has reported that they've found malware written into legitimate security certificates - and, that is not good news. Some of you may or may not know what a security certificate is, or does, so let me fumble a few words your way to making it more confusing.


Security certificates are like tokens that are digital and let your web browser know that the website you are trying to reach is a good website. Sometimes good websites have something wrong with their certificates and usually your browser will alert you, more-or-less giving you a choice to go there or not, but with this new threat it will make it hard to believe the website is truly safe. The article I glanced at is HERE.

BRIEFLY SPEAKING

If you suddenly notice new toolbar's on your web browser, and perhaps your home page has been changed, this could be a sign that your are infected with malware. It can be in the early stages of infection, or it could already be funneling your logins and passwords to a remote server, and it's very possible several virus/trojan/rootkit's has already cut your anti-virus off at the knees so it looks okay to you, and you can run a scan with ZERO infections found, when indeed there could be many. Recently one hard drive broke the shop record with over 56,000 infections. Surf safely and if you don't feel up to the task please call someone who can -

'Nuff Said,
Brian

Saturday, October 5, 2013


IT'S OCTOBER, AND HALLOWEEN WILL SOON BE HERE!




So, while I'm laid up on one side after a back procedure I thought I'd get in my first "Trick-O-Treat" Blog Post, which I hope to have at least once a week. Be prepared, and also remember October is National Squirrel Awareness Month.



First, while not necessarily a Halloween Film, it has sure scared many of us throughout the last year. It was a film about a team of Astronauts who landed on what appeared to be a foreign planet! The last remaining Astronaut is put on trial...



He stands as his own defense for keeping Windows 7, but the judge's clearly do not want to listen to logic!




He, and Windows 7 are sentenced to death, as you might have suspected, while the judge's, called the "Eight's" quickly remove the Windows 7 boxes (keeping one box for each judge). Our hero is put back in jail until the day finally comes where his sentence is to be carried out -




Clearly, even while facing death, he remains steadfast in his loyalty for Windows 7 over Windows 8, when suddenly he escapes with the help of some sympathetic clandestine Windows 7 users, and they head for the coast, where they show him their scientific digs.



And it is there that he shows them artifacts of other failed software, each one buried deeper than the other indicating that each decade seems to get a series of flubs. Brushing the layers of dirt and clay from two of these, he shows them Windows ME, and Windows Vista boxes - they are amazed. Humbly, they let him and his female companion go, "Follow the coastline, they tell them".




The lone remainder of his group who has fought tooth and nail to gain his freedom and his companion follow the coast only to discover what lies beyond the great barrier. After a day of traveling he stumbles off his horse and stares at the horror of it all...







Yes, as he bows and curses to the past "Darn you. Darn you to heck!!". The loan survivor finds himself stranded on "The Planet of the Eight's", [spoiler], only in the sequel to find himself locked up underground in "The Planet of the 8.1's"....

TREAT!!

For Windows 7 users: How often have you opened up Windows Explorer and wished you could add a folder to the list on the left under favorites?





It turns out that it's pretty easy to do. While in Windows Explorer, go to the folder or sub-folder you often go to. For instance on one PC I use a folder under "My Pictures" that is several layers deep and have often wished it would show up under Explorer. But for this example I went into the folder Olympus Pictures.



So now I'm in Olympus pictures and then I go to the left column and right-click on FAVORITES and at the bottom you'll see "Add current location to Favorites", and as you can see below it is now listed under Favorites in Windows Explorer.



Hopefully you'd enjoyed my first "TRICK OR...TREAT" Blog post. I'll try to do another two or three before Halloween arrives -

Regards,
Brian