Archive for Malware

Emergency Patch for Adobe Flash Player to be released

Adobe is working on a patch to address a critical vulnerability in their Flash Player software. The exploit impacts those on version 20.0.0.306 and earlier. If your Flash Player is at version 21.0.0.182 or above, then you are not impacted by this exploit.

The patch may be available as soon as Thursday April 7, 2016.

Read more at this PC World post.

New Ransomware Will Overwrite Your Computer’s Boot Record

Petya ransomware corrupts master boot recordsRansomware keeps getting uglier by the day. Now comes a report from Germany of a new version of Ransomware that will overwrite the boot record of your computer. This version is called the Petya ransomware,

Up until now, most ransomware viruses were writing a highly secured password to files on the computer disk, blocking you from opening those files unless you pay the ransom.

But the Petya ransomware attacks the boot record. With a corrupt boot record, you will not be able to boot your computer at all!

According to anti-virus vendors, the Petya ransomware is being distributed through spam email that masquerades as job applications.

And if this is not enough to put you on your toes, consider that this Friday is April 1st!

BE CAREFUL OUT THERE!

Thanks to PCWord for their in depth article on the Petya ransomware!

Analysis of a Ransomware

Ransonware (often referred to as Cryptolocker) is a malicious virus threat in today’s environment.

If the virus gets onto your computer, it will begin locking down files on your computer by writing a hidden secured password to those files. It will then display a message that you have XX number of hours or days to pay the ransom to get the password to unlock your files.

Unless you have solid backup, your two options are: pay the ransom or lose all your files. The ransom could be in the hundreds of dollars. For a California hospital, that ransom was to the tune of $17,000 dollars!

MalwareBytes has a blog post on their site dated March 1, 2016 which gives an in-depth analysis of how such a ransomware virus works.

I found it an interesting read, and thought I would pass it along.

You can go directly to the blog post and read it, or I saved it as a PDF file that you might find easier to read.

Kudos to MalwareBytes!

Scam Alert for Fake Phone Calls from Microsoft Support

It seems to go in waves … phone calls supposedly from a Microsoft person informing you that your computer is infected or has been compromised. We’re in such a wave as I have recently had several people tell me that they have receive such phone calls.

The red flag that this is a scam is when the person calling you says that there will be a fee involved for fixing it.  Microsoft clearly states on their web site:

“You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.”

Bottom line: Any unsolicited phone call from anyone reporting that your computer is infected with a virus, or has been hacked or compromised, should be considered a scam. I would advise that you quickly hang up on them. Do not try to talk your way through it. It’s not worth it.

Here are three links that contain more information on these scams. The first is Microsoft’s own warning on these scams, the other two identify they type of things these scammers will do to try to convince you that they are real and that they have intimate knowledge about your computer.

Finally, here is a true story from a customer of mine who reported that this happened to him this morning:

I got a phone call at home from a man who says his name is John, and claiming to be from Windows Licensing Technical Support.  It sounded like he was calling from India, and I can hear other people in the background making similar calls.  He says that my computer has been sending a message to their servers indicating that there is an issue with my computer and license.  He then asks for me to turn on my computer, and for a fee that he can help correct the issue. 

I asked him to read to me the license number that he is registering as having an issue.  After some push back (he wanted me to read him my license number), hesitation, and almost a minute for him to look it up, he finally rattles off a long serial number (888DC … D7B062).  Already I know that this isn’t a real windows license number so I ask him for their number and I’ll call back if I really have an issue.  He gives me 209-894-0429 as their support line.  The number which showed up on my caller ID was 9-9876.

Ransomware Prevention Kit Now Available

Back HomeThirdTier has announced the availability of their Ransomware Prevention Kit.

This is an update over their 2013 kit. This is a “build your own” solution kit. They offer many different things so that you, as an I.T. professional, can put together what your client or company needs. It also includes some educational material.

There’s no cost to the kit, itself. But they are using this as a fundraiser to support females that want to enter the field of Information Technology. Way to go, Amy Babinchak and Susan Bradley!

The kit includes:

  • Group Policies
  • New WMI Filters
  • Software Restriction Policy instructions
  • TOR, Flash, Zip blocking
  • Firewall settings
  • PC and User settings
  • Securing backup
  • Application Whitelisting
  • Recovery Keys
  • Deployment Script
  • Powerpoint Presentation Slides
  • Blog post listing
  • Other Resources
  • File Server Resource Manager
  • and new content added from time to time

New Ransomware Prevention Kit Coming Soon

Back HomeAmy Babinchak, President of Third Tier, has announced that they will be releasing an updated version of their Ransomware Prevention Kit next week.

http://www.thirdtier.net/2015/11/the-new-ransomware-kit-is-coming-soon/ 

Two years ago (October 2013), Amy and her team led the way in providing a solution to help block the CryptoLocker attacks that were causing havoc worldwide (see blog post).

A lot has changed in the past two years, and such threats can still do great harm and damage for both individuals and businesses. Thanks to Third Tier, I sleep better knowing that my systems are protected.

Finally, Third Tier wants to reach out and encourage more women to get certified and work in the I.T. field, and is using this new Prevention Kit to raise money for this effort!

Flash Player Action Script Warnings on IE11

After Tuesday August 11, 2015, many users began to report receiving Flash Player alerts or warnings when using Internet Explorer 11 (IE11) on Windows 8.1 or Windows 2012R2. These popups warn about action scripts and other flash features.

The good news is that there is nothing to worry about. Your computer was NOT hacked or infected.

What happened was that in the August 2015 Windows updates, Microsoft accidentally updated the embedded flash player in IE11 with the “debugger” version of flash player instead of the normal version.

Microsoft has updated the notes for KB3087916 to reflect this known issue, which Microsoft says should be fixed by August 18th.

Bitdefender Forced an Unannounced Update for Windows 10

Recently, I have been testing Bitdefender with several of my clients, as it is now the preferred managed A/V solution from MaxFocus (formerly GFI).

This afternoon (Thursday 30-July-2015) we started receiving reports from customers that their workstations were suddenly rebooting. It turns out that Bitdefender has a new certified version of their software for Windows 10 which they wanted to push out today.

MaxFocus, for their part, did send out an email alert on Wednesday regarding this upcoming update. Shame on me for not seeing the email.

We received notification that Bitdefender has a new certified version for Windows 10 that we wish to roll out to the Bitdefender-powered Managed Antivirus service. This update will download automatically on current Release Candidate (RC) installs of Bitdefender MAV. We’re planning to push this update around 15:00 GMT on Thursday 30 July.

In this instance, the Bitdefender engine update will require a reboot of the end-point device, irrespective of its operating system. While Bitdefender engine updates will not normally require a reboot, this particular one does because of the release of Windows 10, and we want to ensure customers are aware. You can set the desired reboot behaviour within the Bitdefender MAV policy.

Ransomware Still Causing Havoc

Nearly two years ago (October 2013) I wrote a blog post titled “Beware Cryptolocker Malware Madness”, a warning about a new strain of ransomware called “Cryptolocker”.  At that time, I immediately implemented new protection software and strengthened security policies on the servers and workstations that I manage.

The Detroit Free Press recently ran an updated article about ransomware attacks on computers:

image

During these past two year, there have been several new variations of this malware threat. It has found its way into home computers as well as multi-national companies. Unfortunately, it is not easily detected by security or anti-virus programs. I have had to cleanup a ransomware attack only three times. In all three cases, we had backups available to restore those files that had been encrypted.

When a computer has been attacked, the virus begins to put a highly secured password on all your files. Suddenly, you find that you cannot open up letters, pictures, spreadsheets, as well as data files (Quicken, QuickBooks, etc.). And, if your computer is on a home or business local network, this ransomware can quickly spread to other computers or servers.

The reason it is called “ransomware” is because you generally have 72 hours to pay their ransom, which can range from $200 to thousands of dollars, to unlock your files. Unless you have a backup of those files, you either pay the ransom or lose those files for good.

In the near future I will be communicating with my clients on additional security precautions I will be recommending to minimize the threat and damage caused by this malware.

MaxFocus Releases BitDefender Support for Their RMM Solution

MaxFocus (formerly GFI) formally released today a new AV engine, powered by BitDefender, for their Remote Management (RMM) platform. You can read the details on their blog site.

Their current AV engine (Vipre) will be supported for the near future, which will allow us to test and transition customers to BitDefender in an orderly manner.

For MSPs, like myself, there are several new things that will make managing AV easier and better:

  1. imageThere are only three policies (server, desktop and laptop) with BD, versus separate policies for different O/S and Server versions
  2. Snooze feature allows you to temporarily disable the Managed Antivirus (MAV) for up to one hour when doing system maintenance on a device. Previously, you would need to create a “Disable AV” policy and then move a device or system to that policy.
  3. Direct communication from the dashboard to MAV managed devices is now available. This means that scanning and update commands are sent instantly, rather than waiting for the next time the device checks in with the system.

Customers and users may ask why a new AV engine?

The threat landscape in today’s environment is constantly changing. So it is critical that we offer the best solution for antivirus and malware protection . Some of the benefits for customers are;

  1. BitDefender has been shown to be more effecting against fighting malware and viruses, with less false positives
  2. Behavioral (heuristic) scanning is added, along with Active Protection, provides another layer of defense

For your reading pleasure:

image