Archive for Security – Page 2

New Crypto-Locker with DropBox attachment

There has been a rush of reports on newer strains of the Crypto-Locker (Ransomware) type of virus. If it gets on your computer, it will begin encrypting your data files and make them unusable. More importantly, your screen will display a message saying that you must pay $1,000 if you want to restore access to your files.

Now comes word that some of these newer strains are being delivered by dropping files from a rogue DropBox account to your computer via a link in an email.

In fact, I just identified the first of these type of emails myself. On further investigation, I found that, indeed it was associated with DropBox. Fortunately, my spam filter blocked the email.

The email appeared to be a harmless email saying that I had received a fax from a company called J2.com. Here’s the email, as viewed from my spam filter:

image

The red arrows indicate the two links in the email. If I hover (but don’t click) over either link, this is the URL that it displayed:

image

Here is a blog from MXLab on the same exact issue.

So, please — be very careful with emails and attachments.

Microsoft includes XP in fix for recent IE security issue

Microsoft has released today (May 1, 2014) a security update (MS14-021 / 2965111) that addresses the recent Internet Explorer (IE) issue that was first discussed in Security Advisory 2963983. More importantly, Microsoft has decided to make this patch available for Windows XP users, although XP is officially no longer a supported operating system.

If your computers are set to receive automatic Windows updates from Microsoft, then this patch will be automatically installed.

Read more here:

http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx

https://technet.microsoft.com/library/security/ms14-may 

https://technet.microsoft.com/library/security/ms14-021

Unregister VGX.DLL for IE Zero-Day workaround

Post revised 4/30/2014

Over this past weekend (April 27, 2014), there have been numerous reports of another zero-day security flaw with Internet Explorer. Some sites have gone so far as to say :”stop using Internet Explorer” completely until this flaw is fixed.

But given that the vulnerability exists in a now deprecated VML vector graphics format, there is an easy workaround solution that is recommended by Microsoft and others — simply unregister the VGX.DLL system file that is associated with this deprecated format.

To unregister VGX.DLL manually

These instructions should work for XP, Vista, Windows 7, and Windows 8 computers. Before starting, you will need to know if you are running a 32-bot or a 64-bit version of Windows.

  1. Press “WIN“+R keys to display the Run window.
    WIN” = Windows key next to the ALT key. Press the “WIN” key like a Shift key, and then press the letter “R“)
  2. Type (or copy and paste) the following command into the Window, including the double quotes:
    “%SystemRoot%\System32\regsvr32.exe” -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”
  3. Wait for a response window to appear telling you that the command was successful.
  4. If you are running a 32 bit version of windows, you are done.
  5. If you are running a 64 bit version of Windows, you need to repeat steps 1-2-3, but using the following command instead:
    “%SystemRoot%\System32\regsvr32.exe” -u “%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll”

For more information:

https://technet.microsoft.com/en-us/library/security/2963983.aspx

http://nakedsecurity.sophos.com/2014/04/27/microsoft-acknowledges-in-the-wild-internet-explorer-zero-day/

Windows XP End of Support coming this Tuesday

In case you have missed it, Microsoft’s Windows XP operating system will not receive any new security updates beginning Tuesday April 8th.  

image

Yes, this is a true statement. So, how does this impact you?

WINDOWS XP

Keep in mind that Windows XP will continue to run after Tuesday. It just means that Microsoft will not be pushing out any new security updates for the product after this date. Nor will Microsoft provide technical assistance. This could be an issue for people using Windows XP in regulated industries, such as legal, financial or medical. Microsoft, of course, is recommending that you to move to Windows 7 or Windows 8.1.

MICROSOFT SECURITY ESSENTIALS

Microsoft Security Essentials (MSE) is Microsoft’s free anti-virus software. If your XP computer has MSE installed, you may already have seen popup windows warning you support for the XP operating system is ending. These warnings may lead you to believe that MSE will stop working on April 8th and that your computer will not be protected. But that is a false assumption.

If you already have MSE installed, Microsoft will continue to upgrade anti-virus definitions for that product for another year! However, after Tuesday, if you have Windows XP, and you try to install MSE, you will be blocked from doing so.

THIRD PARTY SOFTWARE

Since Windows XP will no longer be a “supported” operating system after Tuesday, it is possible that various third party software companies may also choose sometime in the future to stop supporting or selling their product on Windows XP. If you have a specific concern about a particular product, you should contact the vendor of your software.

SHOULD I UPGRADE?

Eventually, yes.

Windows XP was released 14 years ago. A lot has changed in that time. Look at it this way: perhaps you have a 14 year old TV or car or washing machine. Not only does it still work, but you’ve grown to accept and understand it’s little quirks. It’s become familiar to you, and you would like to keep it for as long as you can.

The thought of getting a new TV or Washer or car may be frightening to you because all these new items have all sorts of fancy new features and gadgets that you’re not sure of. Moving from Windows XP to Windows 7/8 will be a similar challenge.

Yes, it is possible to install Windows 7/8 onto your current Windows XP computer, and not lose any data. However, if your XP computer is more than 3-4 years old, I would NOT recommend doing so. It’s like putting new wine into an old wine skin. That old wine skin is apt to break sooner than later!

The other issue is to determine whether the various software programs you are using on your XP workstation will run under Windows 7/8. To help you in this process, Microsoft does provide a Windows Upgrade Compatibility tool that will check all your software and hardware, and let you know which will work and which may need to be replaced or upgraded if you move to Windows 7/8.

Read more from Microsoft:
http://windows.microsoft.com/en-us/windows/end-support-help

If you have questions, please contact me and we can determine the best solution for you.

Stolen Email Passwords Again!

Yahoo reported today that usernames and passwords of some of their email customers have been stolen. Read the specifics in this ABC News Wire story.

Unfortunately, this is becoming a daily occurrence, and much like the person who kept yelling “fire”, we are slowly becoming numb to these warnings of security breaches and identity thefts. But we must not let down our guard.

So, what can you do? Here are a few suggestions, and by no means complete:

  • Use strong passwords – the password for your email account should (1) contain a combination of letters, numbers and special characters, and (2) be 8 or more characters in length. Why? Because it makes it that much harder for spammers and hackers to break your password. An easy to implement rule is to replace some letters with numbers or similar special characters.
    One example, if your password was “racingcars”, you might change it to “R@c1ngC@r$” – where I simply replaced the letter a with @, the letter i with the number 1, and the letter s with $.
  • Change your email password – if you think your email account has been compromised, go online to your email provider’s web site and change your password immediately.
  • Don’t click on links within emails – especially those that are mass emails sent from financial institutions, stores, or online web sites. Example: if you get an email from PayPal saying there’s an issue with your account, don’t click on the link in the email. Instead, open up your browser and go directly to the PayPal website.
  • Restrict incoming email – if you really want to cut back on junk email, many email programs, including Outlook, will allow you to set up a “Safe Senders” list. If a person is not listed in your “Safe Senders” list, then the email will be sent to your Junk Mail folder. Outlook will also give you the option to automatically add everyone in your Contacts to your Safe Senders list.
  • Learn to use the BCC: field – BCC stands for “Blind Carbon Copy”. If you are going to send out an email to a group of unrelated people, then list their email addresses in the BCC: field rather than the TO: field.
  • Never send confidential information by email – if someone needs your social security number, call them and give it to them over the phone. Don’t email it. Don’t text it. You have to consider the possibility that anything you put into an email could get into the wrong hands.

C’est la vie!

Cloud Backup Calculator

Backing up your business data to the cloud should be a point of discussion with each and every one of your customers. I’m not saying that it’s necessary to do cloud backup, but it should be addressed.

One of the first questions that is generally asked is: “How long will it take me to backup my data?”

image

The folks at Highly Reliable systems posted an Upload Time Calculator which you may find useful. For example, it will take 8 days to backup 100GB of data on a T-1 line (1.5Mbps). But that time reduces to 2 1/2 days if your Internet upload speed is 5Mbps.

image

CryptoLocker Round 3?

I first blogged about the Cryptolocker ransomware a little over a month ago. Since then workstations and servers worldwide have been attacked and compromised, even with the best levels of software and hardware protection in place. And this “cyber nemesis” is still on the move, per a new advisory from US-CERT.

In early October I began a review of the computer systems that I manage on a daily basis to ensure that all systems were clean. Later in the month, I began implementing new security policies on those systems to block the attack and spread of the ransomware. These policies were based on documentation provided by Third Tier, a group of my fellow MVP’ers.

But, the party is not over.

Most often, the CryptoLocker gets loaded via a fake email from companies, such as PayPal or FedEx. However, I was just alerted from an I.T. friend of a version of the CryptoLocker that showed up as a voice mail attachment!

If I do not manage your systems on a regular basis, and you would like me to review your computer, and implement security policies to minimize the Cryptolocker attackes, please contact me at kw@kwsupport.com.

CryptoLocker Protection Utility for Home Users

Read detail instructions for installing the KW Support’s CryptoLocker Prevention Utility for home computers and for non-domain joined business computers.

Screenshot #1

image

Screenshot #2

image

Screenshot #3

image

Screenshot #4

image

Screenshot #5

image

Screenshot #6

image

Screenshot #7

image

Screenshot #8

image

Screenshot #9

image

Screenshot #10

image

Screenshot #11

image

Screenshot #11

CryptoLocker Group Policy Exceptions

In recent posts (here) I’ve addressed the process of creating Group Policy rules for securing your workstations from attacks like the CryptoLocker ransomware. These rules will prevent random executable files located in your local Application Data folder (AppData) from running.

The vast majority of programs that you may use should not put .exe files in the AppData folder, but every so often we come across an exception. In my case, I tried running Join.Me this morning and was greeted with this pop up window:

image

The process of adding an exception to the Software Restriction Rules we previously created is very straightfoward:

  1. From the server, open up Group Policy Management console
  2. Drill down Your_domain.local –> MyBusiness –> Computers –> SBSComputers

    Modify the XP rule

  3. Right click on the Prevent CryptoLocker XP rule, and click Edit
  4. Drill down Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  5. Right click on Additional Rules, then click New Path rule… and create a new rule for the exception.
    In my case, my rule looks like this:
    image
  6. Click OK

    Modify the Vista and higher rule

  7. Right click on the Prevent CryptoLocker Vista and higher rule, and click Edit
  8. Drill down Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  9. Right click on Additional Rules, then click New Path rule… and create a new rule for the exception.
    In my case, my rule looks like this:
    image
  10. Click OK

You may now wait the appropriate time (somewhere around 90 minutes, I believe) for Group Policy changes to be broadcast to all workstations, or, if you are in a hurry:

  1. From the server, open up an elevated command prompt and run: gpupdate /force
  2. Then from your workstation, open up an elevated command prompt and run: gpupdate /force

You may now test out your application

Block Executables from AppData folder

The SMB Kitchen team from Third Tier has made available (for free) a CryptoLocker Prevention Kit that includes a 20 page document that includes step by step instructions on how to lock down your servers and workstation using Group Policy settings to minimize future attacks.

The purpose of this post is to summarize those steps down to a single page. These steps are specific to SBS 2008/2011, but should be applicable to Windows 2008/2012 servers.

GOAL: create Software Restriction Policies within Group Policies to block executables (.exe) from running when they are located in the AppData folder or subfolders therein.

CREATE POLICIES FOR XP

  1. Open up Group Policy and drill down to Domain –> Computers –> SBSComputers
  2. Right click on SBSComputers and select ‘Create a GPO in this domain and link…
  3. Title this policy Prevent CryptoLocker XP and click OK
  4. Right click on this policy and select Edit
  5. Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  6. Right click on Software Restriction Policies and click on ‘New Software Restriction Policies
  7. Right click on Additional Rules and click on ‘New Path rule’ and then enter the following information and then click OK
    Path = %AppData%\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData
  8. Repeat Step 7 for AppData subfolders
    Path = %AppData%\*\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData subfolders
  9. Close this policy configuration window
  10. From the Prevent CryptoLocker XP policy locate WMI filtering near the bottom of the middle frame and select ‘Windows SBS Client – Windows XP

CREATE POLICIES FOR VISTA / WIN7 / WIN8

  1. Open up Group Policy and drill down to Domain –> Computers –> SBSComputers
  2. Right click on SBSComputers and select ‘Create a GPO in this domain and link…
  3. Title this policy Prevent CryptoLocker Vista and higher and click OK
  4. Right click on this policy and select Edit
  5. Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  6. Right click on Software Restriction Policies and click on ‘New Software Restriction Policies
  7. Right click on Additional Rules and click on ‘New Path rule’ and then enter the following information and then click OK
    Path = %localAppData%\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData
  8. Repeat Step 7 for AppData subfolders
    Path = %localAppData%\*\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData subfolders
  9. Close this policy configuration window
  10. From the Prevent CryptoLocker Vista and higher policy locate WMI filtering near the bottom of the middle frame and select ‘Windows SBS Client – Windows Vista