Staying Connected: Security

Sun	Mon	Tue	Wed	Thu	Fri	Sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Security

November 10, 2010

One Deadly Brew, Search Engine Optimization Poisoning

Malware infected PC's are rapidly becoming the most common support issue for many IT vendors. Client's PC's that become infected with Malware are all but unusable, not to mention key logging of critical information, becoming an unwilling member of a zombie bot-network or being subjugated to random pornographic advertisements. Needless to say, people are not happy once their PC’s become infected, nor is the IT cost of malware removal particularly pleasing. Clients always want to know, how did I get malware?

My answer to them is, “from using the Internet.” Cybercriminals have utilized search engine optimization poisoning techniques with astounding effectiveness. On today’s Internet performing a web search using common search sites, such as Google, can yield a significant number of results which direct users to unsafe malware-laden URL links. A recent study has shown that some 22.4% of Google searches performed since June 2010 produced malicious URLs within the first 100 results (Websense 2010 Threat Report). Compare this number to just 13.7% during the first half of 2009.

Recent trending shows that searching the Internet for adult material and other more scandalous topics is actually less risky than searching for news items, entertainment and other common subject matter material. Commonly recognized news sites such as CNN and Fox News are not sources for malicious links, but search results can yield links designed as malware traps to fool people. This is particularly evident during major events or crisis situations, where web searches for a particular topic are accelerated (World Series, Haiti Earthquake and Brett Favre).

Victims doing the search that end up clicking the bad URL, find themselves at “rogue anti-virus” sites where someone is attempting to sell fake software. This is where exploits in browser and operating system technology are utilized to bypass security measures and gain a foot hold, infecting the user’s PC. Websense’s 2010 Threat Report states that the number of web links to malicious content is up 111% in 2010 from 2009. Malicious sites themselves have seen growth of around 1 million per month in April 2009 to 2 million today and some 80% of legit websites have at one time been compromised in some manner.

It is also worth noting that social-networking sites (Fakebook, Tweeter, etc.) are now the most common carriers for malware and spam.

Posted by Smith at 02:53 PM in Internet, Security, Windows | Permalink | Comments (1) | TrackBack (0)

February 08, 2010

"I don't know how my computer got infected"....we do!

Most end-users are confused when their PC's become infected with Mal-ware/Spy-ware/Virus software, and they were only browsing the web for work and doing nothing out of the ordinary. Unfortunately on today's Internet, being cautious does not always equate to being secure. There are many areas of the web which contain mal-ware and spam. Even the common, or well-known sites are being used to distribute malicious software and phishing attacks.

In the second half of 2009 the web saw a 225% increase in malicious websites; more frightening is that 71% of the sites that were found to contain malicious code were legitimate sites which had been compromised. Hackers are now using Search Engineer Optimization (SEO) to boost the ranking of their mal-ware sites in your search results, making it easier to believe they are legit sites. Botnets are utilized to inflate search rankings. As soon as a trend towards the latest hot topic is discovered (i.e. Super Bowl, Tiger Woods, etc.), botnets are instructed to artificially boost the malicious site's ranking for that search topic.

Worse yet, hackers are increasingly injecting malicious code in websites that already appear in the top 100 search results and are often considered safe or trusted by end-users. Often "bad-links" are being injected via user-submitted content such as news items, posts, and comments.

Email traffic still consists of mostly Spam (85%), but 81% of that now contains links to malware. With increased social trending being used against us, how does your average user avoid becoming a victim? Some simple rules still apply:

1. Have a corporate firewall (such as a Sonicwall) that blocks mal-ware/viruses. Ensure this hardware is configured properly and up to date.

2. Run and maintain local virus protection software (such as Mcafee ASP). Though at best these products are only ~70% effective, they are a vital layer in protecting your PC.

3. Keep Windows, Office, and Internet Explorer up to date with any patches that are released and approved by your IT provider. This applies to any 3rd party software as well

4. If possible, do not have local administrative rights on your PC. Use a dedicated admin account for installations as needed.

5. Advanced users may also want to try web browsing with a 3rd party browser such as Google Chrome, Firefox or Opera. Often Internet Explorer is necessary for web applications, but not for day-to-day browsing.

References: http://www.websense.com/content/State-of-Internet-Security-Q3-Q4-2009.aspx?cmpid=prblog

Posted by Smith at 05:12 PM in Security | Permalink | Comments (0) | TrackBack (0)

January 26, 2010

Johnny Depp is Dead. Wait, Maybe Not.

Every once in a while a rash of bad choices will remind us to remind our clients and our readers to be security aware when surfing the web. The most recent example took place this past weekend when someone posted a fake death notice for Johnny Depp stating that the actor had befallen an untimely demise by crashing his car in Bordeaux, France. It was intended as a prank and had no malicious motives.

However, the site that was posting the information was designed in a very realistic CNN theme. This became too much temptation for virtual sewer-dwelling scum, and it wasn’t long before the bad guys had capitalized on the opportunity.

WHAT THEY DID: The aforementioned sewer scum copied the site and page delivering the prank news and they turned it into a video graphic…not an actual video, but a graphic that made it look like a clickable video. When a user clicked the video, they were prompted to install an ActiveX control. Unfortunately though, it wasn’t an ActiveX control, it was a Trojan Horse designed to harvest identity information of the computer’s owner.

So once again, because it can never be said enough, be careful when you are surfing. Do your best to uncover the true identity of the website. Just because it looks like CNN doesn’t mean it is CNN. If the website name is www.CNN.not-really.hackers-for-hire.com, then guess what. And always take a second look before clicking anything.

There is a good primer on how to determine the true identity of a website in a newsletter article we had sent out previously. You can read it here. If you enjoy the article and would like to read more, you can browse all of our newsletter archives. Or you can subscribe to the newsletter.

Surf Safe!

P.S. If you have come across any virus traps out in the wild, tells us about your experience by posting your story in the comments section below.

Posted by Scott Ford at 11:01 AM in Internet, Security | Permalink | Comments (0) | TrackBack (0)

January 25, 2010

IBM Files Location-Based Security Patent

On Thursday, 01-21-10, IBM filed for a patent regarding location-based authorization. The patent claims that access to a device can be limited to certain geographic areas. In other words, if a company wants an employee to be able to use their laptop at work or at home, then they could, but not anywhere else.

This can also be useful for preventing data loss after the theft of computer equipment. Keep in mind, this is only a patent filing; it’s not on the market yet, but keep your eyes open. It is certainly worth watching. This is the kind of technology that even if IBM beats everyone else to the market, others will follow suit with.

For those who want to read a little more about it, you can find the patent filing at the U.S. Patent Office’s Website here

Posted by Scott Ford at 03:28 PM in General, New Technology, Security | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: access, authorization, ibm, location-based, security

January 11, 2010

Adobe Releases Vulnerability Patch on Tuesday 1-12-10

Adobe is releasing a patch tomorrow, 1-12-10, that will secure a vulnerability in Acrobat and Reader that allows a program to hijack a PC. The fix is simple; just download and install the update as soon as it is available. The quickest way to check is to open up any PDF document. When it is open, click on Help > Check for updates. Adobe will automatically scan your product and version and let you know what is available.

If it has been a while since you’ve done updates on Adobe, then there may be a few that you need to do, and you may need to do some updates in the first wave, then close and restart and do another round of Adobe updates. If this is the case, then keep checking for updates until all of them have been installed.

If you have any questions at all, contact your Network Engineer or Account Manager and we can help you out.

Posted by Scott Ford at 09:21 AM in Announcements, Security | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: adobe, patch, update, vulnerability

December 10, 2009

New SQL Injection attack means more malware attacks

A large scale SQL injection attack is surfacing today that can infect your computer with the Backdoor.Win32.Buzus.croo (a Trojan virus) as a drive by attack. Over 132,000 pages are showing signs of the malicious code according to Help Net Security So far, this attack is looking for many exploits to attack from:

Integer overflow vulnerability in Adobe Flash Player, described in CVE-2007-0071.
MDAC ADODB.Connection ActiveX vulnerability described in MS07-009.
Microsoft Office Web Components vulnerabilities described in MS09-043.
Microsoft video ActiveX vulnerability described in MS09-032.
Internet Explorer Uninitialized Memory Corruption Vulnerability – MS09-002.

None of these patches are recent (the newest was published August 11th, 2009), so be sure to patch your computers. Managed IT Clients for ConnectWise, these patches have been pushed to your computers already, but if you have any questions, please contact the Help Desk.

Posted by Owen Parry at 04:58 PM in Announcements, Internet, Security | Permalink | Comments (0) | TrackBack (0)

September 28, 2009

iPhone OS 3.1...DANGER Exchange Users...DANGER!

In response to several support incidents we have received, I wanted to inform our clients of an issue they may experience with Exchange functionality on iPhone since updating to OS 3.1 software. In order to comply with several security policies, Apple changed the way iPhone and iPod touch devices connect to Exchange in OS 3.1. With the upgrade applied, many users have found that Exchange support has been lost (AppleInsider). The reason for the downgrade in functionality is the need for hardware encryption required to connect to Exchange servers. In fact if you aren't on an iPhone 3GS (or newest IPod Touch) and applied the OS 3.1 update, you are likely nodding your head as you read this.

Continue reading "iPhone OS 3.1...DANGER Exchange Users...DANGER!" »

Posted by Smith at 02:44 PM in Security | Permalink | Comments (0) | TrackBack (0)

Is Email Encryption Good for Your Business?

Security is not on the top of most business’ IT agenda is it? Businesses don’t want to bother with complicated passwords, inconveniences in their daily workflow, antivirus software interrupting their work, or firewalls blocking unsecure web sites. It’s all just the big, bad IT industry and security consultants trying to scare everyone into buying their products and services.

Although there could be some agreement on both sides that common sense should be used when securing computers and networks. There is always something in the news about the latest security breach, credit card number theft, or health care information being stolen. But by the time it makes it into a newspaper or magazine, it is old news and most likely too late for you to react to anyway.

One Common sense measure that you should consider as more and more organizations and more of your clients recognize the mission-critical nature of retaining and securing their electronic communications is encrypting your email.

If you are sending a check through the postal service, would you not make sure it’s in an envelope, sealed, and stamped to send to the recipient? If it was really sensitive, would you not send it in a secure envelope with proof of receipt? Just like the postal service offers the means of tracking messages by sending the letter certified, asking for a return receipt, insuring the contents of a package, etc., technology is at the fingertip of all business and offers the same and more for digital message communications.

So what about email? Why then would you send personal or confidential information in an unprotected email? Encrypting your email will keep all but the most dedicated from intercepting and reading your private and confidential communications. Using email encryptions so that recipients can verify that it’s really from you (not SPAM) as well as encrypting your messages so that only the intended recipients can view it is a very proven way to ensure your communication is secure and private. For many businesses this is how information that is shared is regulated. For example, those businesses in finance, banking, insurance, healthcare, and government are governed by regulatory compliance such as HIPPA , SOX, and SEC.

Email encryption is not just for the big corporations or for businesses that are regulated, it is for all businesses and some more than others. A type of business that is not required to do email encryption is CPA firms (not yet anyway; SAS is working on it) but they should if they are using email to send personal information, to prepare a tax return, or work on an audit engagement. Retailers or any business for that matter using credit cards should be securing any email that may contain any personal information. I’m sure that anyone who accepts credit cards and has set up a merchant account has signed and agreed to the terms of service and has heard of PCI. If not, you should look into it.

As an added benefit of encrypting your emails, you can help to stem the tide of spam and malware being sent using your name. If your clients and the businesses that you regularly send email to know that you encrypt messages and use a digital signature, then when they receive an unsigned message with your email address spoofed as the source, they will realize that it is not really from you and delete it. And don’t forget the added benefit of your customers knowing that you are serious about protecting their confidential information. It may be small in the grand scheme of things in their eyes, but they will feel much better about your business the next time a data breach is splattered all over the news.

Today’s email encryption tools and services have come a long way from the old days. If you use the right product, consultant, or service for Email encryption, it can be very cost effective, seamless, and effortless to you and your employees and will provide value and integrity to your business. Email encryption can be setup for your business to encrypt all emails sent out of your office, or it can identify encryption needs based on the content in the email such as social security numbers. It can even be done on a selective manual basis by an individual. Although you can be selective regarding what and who, it is important to note that you should encrypt all messages, not just the confidential or sensitive ones. If you only encrypt a single email message, attackers/hackers are smart enough to know that a percentage of your email is unencrypted plain-text and one message is encrypted basically putting a big flashing light on your business saying hack me. If you encrypt all your emails, a hacker will not invest their time trying to decrypt all those “Nice to meet you emails” and most likely will give up. Hackers are like car thieves, a car thief will go for the easy, unlocked car rather than bother with one that has an alarm system or wheel lock.

Email encryption is very effective and hard to crack and will bring a sense of responsibility and security to your business, and overall your vendors and customers will value your business more.

Posted by Gene Pavliscsak - Business Solutions at 01:34 PM in Security | Permalink | Comments (3) | TrackBack (0)

September 15, 2009

Have you seen ScareWare lately?

Over at ZDNet, Dancho Danchev posted a great photo gallery of the last 2 years of "ScareWare" sites & products. These should become a mandatory review for end-users, so they will recognize the nasties like Antivirus 2009 above and show just how professional they will look. No mater how professional looking, they are still dangerous on your network and to the end-users that are on the front line.

What is Scareware? It's basically fake security software that attempts to look legitimate enough to get you to install it by scaring you into thinking your system is compromised. Not only do they steal money from you by collecting your credit card information (when you willingly purchase it), but they also make it difficult to remove as they use every trick in the book to prevent legitimate removal tools from working. It's become the most popular (and profitable) method for cybercriminlals.

Continue reading "Have you seen ScareWare lately?" »

Posted by Owen Parry at 08:01 AM in General, Internet, Security | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: end user education, scamware, scareware, spyware

September 01, 2009

Pro Tip #2803- How to protect your PC from Malware: Building an Internet bomb shelter

It seems amazing in recent times, that I still hold bragging rights to having never once picked up a Malware infection from the Internet. This is after countless hours of Google searches and aimlessly perusing the Internet. For that, I thank my browser of choice, Firefox and several subsequent add-ons for the software. Building this “Internet bomb shelter” will help keep your PC clean, but awareness is still the key to maintaining a clean and healthy PC. I often use the analogy with clients that “the Internet is like New York City; keeping to the well lit tourist areas is key to avoiding the crime you may find in its bad neighborhoods”.

Continue reading "Pro Tip #2803- How to protect your PC from Malware: Building an Internet bomb shelter" »

Posted by Smith at 03:57 PM in Security | Permalink | Comments (0) | TrackBack (0)

July 28, 2009

Urgent: Surf With Caution This week

I would like to warn our clients of the most recent (of many) Adobe security issues. The excerpt below sums up an article from Computer World warning Adobe Flash users of a currently un-patched vulnerability affecting over 90% of all PC's.

We at ConnectWise would also like to remind our clients to use caution when browsing the web, trying to keep to known business-related sites whenever possible. Even then, many PC's are being infected by legitimate, compromised websites that have had malicious code injected into their own. IF you do have Adobe Flash installed, or other 3rd party software, you should regularly check and apply updates. ConnectWise Managed IT clients should contact their account manager to ensure that 3rd party software is being updated. Adobe is scheduled to release a patch on Thursday, July 30th.

Continue reading "Urgent: Surf With Caution This week" »

Posted by Smith at 11:53 AM in Security | Permalink | Comments (0) | TrackBack (0)

July 27, 2009

Tag...You're it !

A report was recently released on MSNBC.com that exposed unethical practices of tagged.com. When signing up for tagged, it would ask for the user’s email address and password. Keep in mind, this wasn’t for returning users, this was for people just signing up. And it wasn’t asking them to set up a password, it was asking for the user’s password to log on to the email account.

Now, I understand that there are many different levels of tech-savvy, and that some users are more capable than others. But this should be a basic rule for all users to follow. Do not ever give anyONE, any COMPANY, or any SERVICE your password.

It’s okay to create a password with an online service so you can log in, but your bank doesn’t need the password to your facebook account, and Tagged.com doesn’t need the password to your email account.

What Tagged.com would do is use the email address and password to gain access to the user’s address book and send invitation emails to the entire list of everyone in the address book and use the user’s email address as the return address so that it looked like it was coming from a friend. If any of those people were duped and signed up with their email address and password, Tagged.com would raid their address book as well (without telling them) and continue the cycle unhindered until Tagged.com had sent out over 60 million deceptive messages. The state of New York is currently pressing charges against Tagged.com.

Lesson learned: Do not give out your password.

Posted by Scott Ford at 12:39 PM in Internet, Security | Permalink | Comments (1) | TrackBack (0)

Technorati Tags: deceptive, email, password, tagged.com

July 22, 2009

Adobe Reader, out "Fox" insecure software .

One thing I would like our clients to keep in mind is the relative insecure practices Adobe utilizes when distributing it's Adobe Reader software. Adobe Reader is a free and commonplace application that many clients believe they must download to view .PDF files. The problem lies with the relative amount of vulnerabilities in the software product, putting your computer at risk of Virus or Malware infection.

Continue reading "Adobe Reader, out "Fox" insecure software ." »

Posted by Smith at 09:28 AM in Security | Permalink | Comments (0) | TrackBack (0)

July 07, 2009

Browse-And-Get-Owned

Monday, Microsoft issued a security advisory about a zero-day vulnerability in the Microsoft video Active-X control. The flaw effects Windows XP PC's and 2003 servers potentially allowing an attacker to run malicious code.

Continue reading "Browse-And-Get-Owned" »

Posted by Smith at 04:05 PM in Security | Permalink | Comments (0) | TrackBack (0)

June 30, 2009

Be Careful of What You Click

With the recent passing of so many celebrities, spyware and viruses have been on the rise. Makers of the malicious software will prey on the human curiosity of people by emailing links that promise a video, tribute, photos, or other content of dead celebrities.

Often times, these links will initiate the behind-the-scenes downloading and installation of spyware or viruses. Although it’s been said many times before, it is warranted to repeat it again. If you are not expecting the email or trust who it is coming from, do not click on links or attachments.

Posted by Scott Ford at 01:49 PM in Internet, Security | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: celebrities, celebrity, security, spam, spyware, virus

Staying Connected

The Official Blog of Tampa Bay's IT Department -Connecting you to the world of IT for Small and Medium-sized Businesses.

ConnectWise Website

Tech Toons

August 2012

Archives

Categories