Archive for the ‘Malware’ Category

Latest Phishing – How do you know when it’s real

October 18th, 2017 by EKG Networking

Today’s latest in the phishing scam front.  Below is an example of the latest phishing scam.

How so you know it’s not real?

  1. Look at the email address it’s coming from.  It’s not Microsoft.
  2. Hover over but do not click the links, they do not go to any legitimate site.

When in doubt, delete it and go directly to the website you have a question about or ask your friendly IT person.

Phishing scams

Office 365 deactivation notices – Fake

July 10th, 2017 by EKG Networking

Happy Monday.

And today another fake email to get in the way of productivity.

This is a quick one to ignore.

When you see an email saying it is coming from Microsoft Office 365 note the return email address.

It will obviously not be @microsoft.com.

The body will say something like:

  • A Request to deactivate your Mailbox (Mailbox name here) was made and this request will be processed shortly.
  • Sorry, we couldn’t validate your Office 365 subscription, so most features in your email have been disabled.
  • Please note that starting from July 10, 2017 we will be introducing new online authentication procedures in order to protect the private information of all Microsft-Account users.

All of these are fake emails designed to get you to click on the link and provide information to bad people.

Thanks to all who have let us know about them and NOT clicked.

Apple iOS hacks – What to worry about, ATT Software Unlock – only if you subscribed to this service

September 21st, 2015 by EKG Networking

Monday morning September 21, 2015 and there are new things to pay attention to.

First the Apple iOS hack:  You only need to worry if you installed any of the listed applications.  Basically what allegedly happened is some hackers created a version of Xcode (software developers used for Apple products) and uploaded it.  Other developers then created real apps using this hacked code which managed to make its way through the Apple Store onto devices.  Please review the list, if you have any of the listed apps, uninstall them and then change your apple id password after.

http://lifehacker.com/hundreds-of-legitimate-ios-app-store-apps-infected-by-m-1732035828

Second ATT software unlock:  This one only applies if you have unlocked your ATT phone using a software service.  Three employees of AT&T are alleged to have been paid to install software on AT&T’s network which allowed another company to unlock phones from people who subscribed to their service.

For more information see:

http://www.computerworld.com/article/2984863/smartphones/att-malware-secretly-unlocked-hundreds-of-thousands-of-phones.html?phint=newt%3Dcomputerworld_security&phint=idg_eid%3D4cac16ea93a1ce4f1d7271a77ca6e69b#tk.CTWNLE_nlt_security_2015-09-21

Review your apps and uninstall anything you no longer use.

Happy Monday!

Windows 10 – Microsoft will NOT send you an email with an attachment – Scams to watch out for

August 5th, 2015 by EKG Networking

With the current release of Windows 10, there are many people willing and ready to upgrade from their previous Operating system.  Many loyal Windows users were not too happy about the Windows 8 model and were looking for something better.  Microsoft decided it was time to cater to what the people wanted when they developed Windows 10, and it shows.

Desktop users can rest assured knowing their once familiar settings are back in an updated Operating System.  This new system caters to not only the desktop user, but also the tablet and the phone user.

With a new Operating System, comes new threats to compromise it.  Unfortunately, there are programmers out there that have already created a new threat that targets the new Operating system.

It comes in the form of email that seems legitimately from Microsoft, but is most definitely not.

Once you double-click on the attached file that is included within the email, you will become infected with the ransomware software.

If you have reserved the Windows 10 upgrade, you will be notified by the small Windows icon in the lower right hand toolbar by the clock.  Microsoft will NOT send you an email with an attachment in it.

Always being on your guard is a good way to think of it.

Here is a link to an article that explains everything in a more involved manor.
http://www.bleepingcomputer.com/forums/t/585105/ctb-locker-ransomware-being-pushed-by-fake-windows-10-update-emails/

– Daniel Grimm

CryptoWall 2.0 Things you can do to prevent

November 6th, 2014 by EKG Networking

Well another version of CryptoWall has reared it’s ugly head and we do mean ugly.  The only way around this is restoring a backup or paying the ransom.  Please do not pay the ransom, this only encourages this kind of activity.

NOTE:  No NON BUSINESS browsing, please communicate this to your staff.

Our new tech Daniel Grimm updated this post with the help of the awesome people over at Bleepingcomputer.com

As many of you know, there has been a virus known as “Crypto-Ransomware or CryptoWall” that has been spreading throughout people’s computers over the past several months.  It has come to our attention there is a newer version of the virus out.  We are trying to spread awareness in reference to this, and have a list of preventative strategies and methods you can use to protect yourselves and help mitigate the risk of these types of Malware.
1.    Backup your computer every night!  Also create an offsite backup.  We like Crashplan Pro by Code42, or Mozy Pro.
2.    Make sure you have an anti-virus program installed and updated
3.    Become educated on what you should and should not do on the Internet.
4.    Use Software Restriction Policies or CryptoPrevent to make it so the malware files cannot launch

NOTE:  As of this writing, only Maximum settings which is in Beta will possibly prevent the infection from spreading.  Please keep this in mind before installing.

Here is a link to the latest version of CryptoPrevent: http://download.foolishit.com/CryptoPreventSetup.exe
Follow the wizard.  Once completed, it will ask you to launch the program, which you want to do.  It will ask you 2 questions, both of which you should say “No” to.  This is what the program should look like once it is opened.  The proper setting should be set to “Default”, and once that is done then you will need to click the Apply button.  It will ask you a question about whitelists, which you need to click “Yes” to.  The computer will need to be restarted for it to fully take effect.  Upon the restart, it will show you a message saying it was successful!

Hopefully preventing CryptoWall

Hopefully preventing CryptoWall

To read more information about CryptoWall:

http://www.bleepingcomputer.com/forums/t/552103/updated-cryptowall-20-ransomware-released-that-makes-it-harder-to-recover-files/

 

 

 

Microsoft Patches Internet Explorer Vulnerability

May 2nd, 2014 by EKG Networking

Referencing our previous post, Microsoft has made available an update to fix the Internet Explorer vulnerability in all versions including Windows XP.

To apply this update or check if it was applied, please do the following:

Make sure to save and close all open work before beginning.

Windows XP

Start
All Programs
Windows Update
NOTE: It may ask you to install an ActiveX Addon underneath the upper portion of the screen, this is okay to do.
Select Custom

The below should appear:

Microsoft Internet Explorer Update fix

Microsoft Internet Explorer Update fix

If it is already installed, there will be no updates.

Install the update and restart the computer.

Windows 7

Start
All ProgramsWindows Update
Select the Important Update –
Security Update for Internet Explorer 11 for Windows 7 for “xxxxx” based systems

Install and restart the system

Internet Explorer Vulnerability – Best Practices

April 30th, 2014 by EKG Networking

The current Internet Explorer vulnerability allows the information on your computer to be exposed when it connects to a hijacked website.  It is not clear whether or not you actually have to agree to download software to allow this access.

Regardless, it is known that the connection to your computer takes place via the Adobe Flash add-on.  Regardless of whether your system is Windows XP or not, you can bypass this issue by:

1)    Not using Internet Explorer.  Options are:
Chrome
https://www.google.com/intl/en/chrome/browser/

Firefox
http://www.mozilla.org/en-US/firefox/new/

2)    Disabling the Adobe Flash within Internet Explorer
a.    Click the Tools menu or the sprocket on the right if you do not have a Tools menu
b.    Select “Manage Add-Ons”
c.    Change Show: from “Currently loaded add-ons” to “All add-ons”
d.    Locate and left-click “Shockwave Flash Object”
e.    Click “Disable” in the lower-right corner
f.    Click Close
g.    If you have a legitimate web site that requires Flash, you can turn it back on by repeating steps a though d and clicking “Enable”.  Just remember to disable again it when done.

 

Microsoft Internet Explorer Tools AddOns

Microsoft Internet Explorer Tools AddOns

The best advice we can give is not to worry about each individual security breach that is reported.  Every company needs to setup best practices with their employees.

Make sure everyone understands business use for the computers.  Using your systems for business use and being diligent all the time will definitely limit your companies exposure to bugs and hacks.

EKG Networking – Notification – Bad Virus

October 23rd, 2013 by EKG Networking

A new variant of the Cryptolocker virus has arrived. 

If you are not a customer of EKG Networking, Inc. please contact your IT Company before doing anything.

So, we are recommending that all of our clients run the following program on each workstation.

You can download it here. It will download as a zip file, so you will need to exact it to run it.

http://www.foolishit.com/download/cryptoprevent/

If you get an error getting to the page, please try again.  It gets overloaded easily.

It will download as a zip file, so you will need to extract it to run it.

Once extracted, you want to run the file named “CryptoPrevent.exe”

You will see this screen.

 Image

 

Click Block and then reboot.

This tool changes setting that stop executable files (programs) from running when they are located in certain directories on a computer.

As long as a program followed Microsoft standard installation procedures, they will work after this is applied. 

However, it is possible some programs will stop working. 

If this is the case, let use know and we can create exceptions for such programs.

We would normally not do all workstations at once, but test it on one first. 

However, this virus is very bad!!!

Please do all the workstations and let us know that it is done. 

If you have programs that stop working, please let us know and we will get to you as soon as possible.

Thanks,
Ted Dutter
EKG Networking, Inc.

How to Workaround Java Vulnerability

January 12th, 2013 by EKG Networking

My partner Ted is correct in we usually try not to scare people by constantly posting warnings.

We have seen a recent uptick in spyware, viruses and bugs and this one seems to be rising above others and looks pretty nasty.

Below is Ted’s suggestions to help keep your machines safe till the patch comes out (estimated) on Tuesday.

“I don’t usually do this because media reports of a vulnerability that could infect you is hyped beyond all reason, but this one might really be a problem.

There is vulnerability in Java that can allow bad guys to infect your system.

It is bad enough that the legitimate computer sites are recommending shutting off java in your browser until it is fixed. Java is predicting a patch will be out Tuesday.

The instructions for turning off Java are located here http://www.pcmag.com/article2/0,2817,2414191,00.asp

Look under “Disable Java in All Browsers”.

If these instructions are different than what you see in your Java control panel then, ironically, you may need to update your Java in order to turn it off.

To do so, go to http://www.java.com/ and click “Free Java Download” and then “Agree and Start Free Download”.

Internet Explorer will ask if you want to run or save, click Run. Other browsers might need to download it first and then you can run it after it downloads.

Follow the installation instructions, but make sure to UNCHECK “Install the Ask toolbar” during the installation.

Once updated, the instructions at PC Magazine should work.”

To read the detail:
http://www.informationweek.com/security/attacks/java-under-attack-again-disable-now/240146082

As always, any questions, please contact EKG Networking, Inc.

DO NOT CLICK on Microsoft Outlook on Behalf of Anonymous Caller

September 11th, 2012 by EKG Networking

Just when you think you have seen it all, the bad guys come up with a new vehicle to entice you into click on the link and infecting your machine.

A new one we saw this morning has the from: Microsoft Outlook on Behalf of Anonymous Caller

from outlook.voicemail_AT_domen.com

The email has the subject line: Voice Mail from XXX-XXX-XXX (55 Seconds)

The content is You Recieved a voice mail from and then a .WAV file

With caller id and message id and email id.

This is a virus laden email, DO not click on it.

Delete it.

Any questions, please feel free to contact EKG Networking at 508-460-1920.