Wanna Cry Ransomware
, , , , ,

Worldwide Ransomware Crisis – Self Inflicted?

Wanna Cry Ransomware

By now, most people would have heard about the Worldwide Ransomware attack that employed the virus called Wanna Cry.

Some 200,000 computers across many counties worldwide have been affected including the NHS in Britain, the National Railway in Germany, FedEx in the USA and Spain’s National Railway system.

It has caused mayhem among some very large Institutions like those I have mentioned.

How did this happen?

Well it would seem to me that this is largely self inflicted. Microsoft released a Patch back in March that addressed the vulnerability that allowed this virus to be effective. So all supported Operating Systems, Windows Vista and on, had they been patched, were protected. But there were many PC’s still running Windows XP that were targets. Now you tell me, when Microsoft ended support for Windows XP, there were plenty of warnings and messages that support was ending. So why in the world would you continue to use obsolete, unsupported software for Critical Systems?

Like I said, self inflicted. And I suspect that those in charge of IT at some of these places will have a lot to answer for and may well lose their jobs.

Let’s look at the Home User now.

Much the same applies. You must always download, and install the Patches released by Microsoft. They release these Patches for a reason. In addition, do not continue to use PC’s with outdated Operating Systems like Windows XP. Let’s face it, we had a pretty good run with Windows XP. It first appeared in August 2001, and it was supported right up until April 2014. So people certainly got their money’s worth. Now it’s time to move on.

But if you MUST have Windows XP because of some software you run will only work on XP, then at the very least, do not have it connected to the Internet. But if you absolutely and positively need it connected to the Internet, then please make sure you have good Security Software installed and you don’t go downloading dodgy things or visit dodgy websites, and certainly be very careful about opening or even using email on that PC.

Cyber Attacks
, , , , ,

Cyber Attacks – are you prepared?

Cyber AttacksI recently read a quote that was meant to apply to Businesses, but equally applies to anyone online. And it went like this:

When you are attempting to secure your business, you have to be right 100 percent of the time. The hacker only has to be right once.

This quote highlights the ever increasing issues we all have, but in particular businesses. A business that is the focus of a successful Cyber Attack can quickly accrue costs that can, at worst, send the business bankrupt. If you lose access to your data through a Ransomware Attack and you don’t have a recent backup, or even a backup at all, you will quickly find it difficult to run your business, and you will lose customers. Not to mention the costs involved removing the threat, and securing your systems.

Cyber Attacks are in epidemic proportions. Just in the last two weeks there were two high profile incidents. One was on the Queensland State Government, and more recently, the National Census Website. Although the latter is probably more about the websites inability to cope with the traffic, nonetheless, it was subject to what is known as a DDoS (Distributed Denial of Service) Attack, designed to bring down a website and potentially expose security holes.

The Cost of Cyber Attacks

The average total cost of a data breaches world wide is around $3.79 million. The costs from cyber attacks include, remediation costs, lost productivity, legal fees, lost data and lower stock prices.

When Pokémon Go was released, Hackers created bogus versions of the App that was infected with malware which enabled the Hackers to access mobile phones and accounts. Just imagine how many businesses were put at risk from the millions of compromised smart phones. In 2014, a WordPress Plug-in allowed an estimated 50,000 websites to be hacked that allowed Hackers to upload PHP files to the Server and control the website.  And it allowed the infection of all the other websites Hosted on the same Server. 

The total cost to the world economy for computer and network cyber crime is $445 billion!!!

So what can you do to protect your Business?

  1. Be proactive, not reactive. Don’t wait until something goes wrong. Have someone in your organisation that is responsible for ensuring that all PC’s have good Security Software, and that it is up to date. They must also ensure that all Windows Updates, Java, Adobe Flash and Adobe Reader updates are carried out as they become available.
  2. Talk to your employees. Make sure that all your employees are up to speed on doing, and not doing certain things. Things like not opening email attachments they shouldn’t, particularly if they are in .zip format. But any email attachments that seem odd or out of character. Train them to recognise what bogus emails look like. For example, the typical Phishing emails from the Banks, Australia Post, Courier Companies etc. Your employees are the first line of defence, but also the weakest component if they don’t understand what to look out for.
  3. Keep your website secure. If you have a Website, particularly if it is based on the WordPress and Joomla platforms, it is imperative that the platform, and all Plug-in’s, are kept up to date. Equally important is the use of security Plug-in’s to help mitigate any Cyber Attacks. Keep your website secure!!
, , , , ,

Ransomware – The do’s and don’ts to protect you and your business

ransomwareRansomware (viral infections that encrypt data on your hard drive), are becoming more prevalent. Cryptowall and Cryptolocker are two that are increasingly infecting computers world wide, with an estimated 545,000 infections from between Sep 2013 to May 2014. Ransomwares’ purpose is to attempt to extort money from the victim with the promise that your data will be restored after payment.

The Senior Manager of Symantec’s Cyber Readiness & Response, Bob Shaker recently stated, “We’ve seen a sharp rise in requests from customers with respect to Ransomware.”

Mr Shaker tells the story of trying to help a customer who, after being infected with a ransomware virus, could only sit and watch while his company’s data was wiped out, file by file. “I never want to have to go through that again,” he says.

Since then, Symantec has gone to great efforts to ensure that businesses understand the risks and have a clear picture of what to do, and what not to do, to protect themselves from becoming a victim of Ransomware.

Here are some Ransomware Do’s and Don’ts

1. NEVER pay the Ransom!

Your first response will undoubtedly be panic, and your first instinct will be to pay the Ransom.
Don’t do it. This will just encourage the attackers, and help fund further development of these types of attacks.
And even if you do pay, there is no guarantee that you will get your data back.

Instead, Do:

Remove the infected system from the network if you are on one, and clean the system of all viruses.
Then restore data from a known good backup. Restoring data from a backup is the quickest way to get back up and running.

2. Do install a quality security solution

A multi-faceted security solution (like Norton Internet Security for example) should be installed. Norton has protections for not just file-based threats (traditional Viruses), but it also includes download protection, browser protection, heuristic detection technologies, a firewall and a community sourced file reputation scoring system.

3. Do educate employees

One of the main ways you can be infected is through “Spear Phishing”. This is whereby an unsolicited email arrives from an unknown sender that incorporates an attachment that, when opened, executes a program (the virus).
If you have employees, you must take the time to educate them about these threats, and how to recognise suspicious links and attachments, and what they should do in such circumstances.

4. Do use content scanning and filtering on your mail servers

All Incoming emails should be scanned for known threats and should block any attachment types that could potentially pose a threat.

5. Do make sure that all computers and software are kept up-to-date with security patches and updates

Compromised websites are frequently used to spread viruses. Regular patching of vulnerable software like Internet Browsers, Java, and Adobe Flash is necessary to help prevent infection.

6. Do limit end user access to mapped network drives

Ransomware is capable of looking for and encrypting data on any mapped drives that a user has access to. Restricting permissions for shared folders and files of a mapped network drive will limit what the Ransomware virus will be able to encrypt.

7. Do make sure that you have a comprehensive backup solution in place.

The fastest way to get back up and running after this sort of attack is to have a backup of your data.

These Dos and Don’ts will not prevent an attack, but they can certainly reduce your risk level.

Rootkit Virus
, , ,

How to remove a Rootkit Virus

Rootkit VirusI recently had a Laptop in the workshop that had a particularly difficult to remove Rootkit Virus installed on it.

I couldn’t use the removal tool that I normally use because it isn’t compatible with Windows 8, so I did some research and found a different tool called GMER.

What is a Rootkit Virus?

But before I go on and explain how useful the tool was, I’ll just quickly explain what a Rootkit Virus is.

The name comes from a term used in Unix and Linux Operating Systems, with “Root” referring to a “Privileged” account or in other words an account with Administrative rights, whilst the “kit” part of the name refers to software components that implement it. A Rootkit virus assumes admin control of the Operating System, making it very difficult to remove.

So having found that my usual bag of tricks was not going to work, it was time to find something else.

During my research, I came across a removal tool that I hadn’t heard of before (as previously mentioned, GMER), and I gave it a shot.

To my surprise it was very simple and effective.

I downloaded the Removal Tool, and unlike many other tools, I didn’t have to rename the executable file to something that a potential virus wouldn’t recognise and therefore prevent running, because it is already named with a random file name at download. It was also a very small file size of 372kb.

GMER scans for the following:

[unordered_list style=”tick”]

  • hidden processes
  • hidden threads
  • hidden modules
  • hidden services
  • hidden files
  • hidden disk sectors (MBR)
  • hidden Alternate Data Streams
  • hidden registry keys
  • drivers hooking SSDT
  • drivers hooking IDT
  • drivers hooking IRP calls
  • inline hooks

[/unordered_list]

If a Rootkit Virus is present, you will be notified with a screen that looks like the following:

How to remove a Rootkit Virus with the GMER Removal Tool

Removing the identified viruses involves right clicking on the identified virus and choosing “Delete the Service”.

Removing the Rootkit

 

Windows 8.1 update via the App Store
, ,

Windows 8.1 Update

Why you need to update to Windows 8.1

For those of you out there that purchased a Laptop or PC with Windows 8, you may not realise that there is an update available that upgrades Windows 8 to Windows 8.1.

So what, you may ask?

Well it’s important because if you do not install the 8.1 upgrade before 10th June 2014, you will no longer receive any future updates from Microsoft.

Originally this was supposed to happen in May, but Microsoft has extended the deadline for consumer customers. Enterprise customers have until 12th August.

Here is a direct quote from Microsoft:

While we believe the majority of people have received the update, we recognize that not all have. Having our customers running their devices with the latest updates is super important to us. And we’re committed to helping ensure their safety. As a result, we’ve decided to extend the requirement for our consumer customers to update their devices to the Windows 8.1 Update in order to receive security updates another 30 days to June 10th.

There is no reason why you shouldn’t update to Windows 8.1.

There are many tweaks to the OS that people using a non-touchscreen will find helpful.

To update to Windows 8.1, go to the App Store and the first thing you will see is an option to do the free update.

Windows 8.1 update via the App StoreIt is EXTREMELY important that you update to Windows 8.1. You can view the Microsoft tutorial on how to upgrade here.

If you don’t, you will be in the same boat as Windows XP users and you will not receive any security updates and patches for your OS, leaving you vulnerable to exploits and hackers.

One of the key reasons users of PC’s get viruses is because they do not download and install Windows updates, so it is imperative that you do them.

, , , , , , , ,

Safer Internet Browsing

Safer Internet BrowsingWell I’ve come to the conclusion that if people want a safer Internet browsing experience, then everyone needs to critically look at what they are doing online, how they are doing it, and what they should be doing but aren’t.

It has become painfully evident that the main reason PC’s are getting infected and compromised with viruses and malware is because of the User’s activities online, in conjunction with the User’s reluctance to do updates when they are presented.  The reason why updates are important to safe browsing is because if you don’t do them, simply visiting a compromised or deliberately malicious website can infect your PC.  This is regardless of what Security software you use.  There are something like 50,000 new viruses being released every single day, so it is near on impossible to protect yourself against that.

The other subject I will cover is what Browser I recommend and why, but I’ll address the updates issue first.

I am consistently told by User’s that they do not do updates for several reasons.  Those being:

[ordered_list style=”decimal”]

  1. I never know if they are legitimate.
  2. They take too long.
  3. I have done updates in the past and they caused problems.
  4. I couldn’t be bothered.

[/ordered_list]

Let’s look at these excuses one by one.

I never know if they are legitimate.  This is just a ridiculous thing to say.  If you get a pop-up or a message that tells you there is an update available, and you don’t know whether it is legitimate, then you must also believe that you are infected with something malicious, so why aren’t you doing something about it?  You must do all updates including Java, Adobe Flash, Adobe Reader, and all Windows Updates.  These updates generally address security holes that can be exploited by Hackers and bad people in general.  It is a no brainer and is not an option.

They take too long.  Seriously?  You can sit on Facebook for two hours but you don’t have time to do updates?  Try this. Switch on the computer, let it boot-up, get your updates underway and go for a walk in the fresh air.  Both yourself and your computer will be better for it.

I have done updates in the past and they caused problems.  This one I can understand.  I’ve done plenty of updates myself and afterwards the computer has crashed or something else just isn’t right.  However, this just isn’t an excuse for not doing updates.  There will be some underlying problem that has caused the issue.  You might already be infected with a virus that is screwing up the update for example.  Whatever the issue, you should address it and resolve it.

I couldn’t be bothered.  Well what can I say to this?  If this is your attitude then expect that it will be a case of when you get infected rather than if.  Not much more to say about this one!!!

Also, when you are thinking updates,  DON’T FORGET  to make sure you always have the latest version of your Security Software and Browser.

For example, quite often I see people with AVG 2011 or 2012 installed, but the current version is 2013.

The same applies to your Browser.

I see Internet Explorer 8 installed, when IE9 (latest version compatible with XP) or IE10 is available.

What Browser should you use?

I think the Browser of choice is Mozilla Firefox.

My reasons for thinking this are:

[unordered_list style=”tick”]

  • It’s more secure than the default Internet Explorer.
  • You can install add-on’s and extensions that give it greater functionality, but more importantly extra security.

[/unordered_list]

Which Add-on’s or Extensions should you use in Firefox?

Well there are literally thousands of Add-on’s and Extensions available, but there are 3 that I consider essential.

They are:

[unordered_list style=”tick”]

  • NoScript – For safer Intenet browsing, this Firefox extension provides extra protection for Firefox, Seamonkey and other Mozilla-based browsers.  It’s a free, open source Add-on that prevents JavaScript, Java, Flash and other plugins being executed unless it’s a trusted web site of your choice (eg. your online bank).  NoScript also provides powerful anti-XSS (Cross Site Scripting) and anti-Clickjacking protection.  NoScript uses a unique whitelist based pre-emptive script blocking approach which prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality.  You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon, or using the contextual menu.
  • BetterPrivacy – This Firefox extension protects against special longterm cookies, a new generation of ‘Super-Cookie’, which has spread through the Internet. This new generation of cookie offers unlimited user tracking to industry and market research. If you are concerned about privacy, then Flash-cookies (Local Shared Objects, LSO) are most critical.  This add-on was made to make users aware of these hidden, never expiring objects and to offer an easier way to view and to manage them – since browsers are unable to do that for you.
  • Adblock Plus – This Add-on isn’t specifically a security Add-on, but by blocking Ad’s, you won’t be tempted to click on things you possibly shouldn’t.  Besides, who needs all those Ad’s anyway?  Adblock Plus blocks all annoying ads on the web by default: video ads on YouTube, Facebook ads, flashy banners, pop-ups, pop-unders and much more.

[/unordered_list]

What about Security Software?

My advice to people on this changes periodically.

13 years ago I would have recommended VET Antivirus, but then it changed to CA Antivirus and that’s when the problems started.  Since then the recommendations have ranged from a choice of free to paid for products.

Currently I am recommending Norton Internet Security.

I am finding that this product is offering very good protection, functions and features including Social Media protection, and at a price of $29 for 12 months cover, it’s great value as well.

So what does it all mean?

The main points are:

[unordered_list style=”tick”]

  • Do all the updates including Windows, Java, Adobe Flash and Adobe Reader.
  • Use Firefox with the recommended Extensions and Add-on’s.
  • Use good security software.

[/unordered_list]

But above all else, use your brain before clicking on or downloading anything.

Be absolutely sure that you know it is legitimate first.

, , , , , ,

Adobe Patches Exploit in Acrobat and Reader

Adobe ExploitAdobe has released a critical update to users of their Reader software, patching a critical vulnerability that can allow hackers to take control of a victims’ computer.

Adobe recommends the Patch for all users of Adobe Reader and Acrobat, version XI and earlier. The update affects Windows, Macintosh, and Linux users for versions 11.0.01, 10.1.5, 9.x, and all earlier versions. The patch can be downloaded from Adobe’s website, or through the automatic update feature.

Adobe has said that while automatic updates are enabled by default, individuals can manually check for an update by clicking on Help > Check for Updates.

The exploit was discovered by a security company named FireEye, and they appear to be the first people to breach the technology used by Adobe to protect their software. In an attack, victims would typically receive an email with a PDF attached, which in turn contains a well hidden JavaScript.

When the attachment is opened, the embedded Malware will download two DLL files.  One file will display a fake error message and open a PDF document, and the other one installs “callback” software onto the victim’s computer. Once this software is installed, it “calls back” to a Remote Server.

Those with Adobe Reader or Adobe Acrobat (which is just about everyone) should update their software immediately.  This can be done through either the software itself, or directly from Adobe. If for some reason you can’t update your Adobe software, you can instigate “Protected View” in Reader or Acrobat. This will reduce the number of options available in the software (eg. printing) but it will prevent malicious code from being executed from within documents.

To turn on “Protected View,” go to Edit> Preferences > Security (Enhanced) and then check the box next to “Files from potentially unsafe locations.” You can also check the “All Files” option, as well.

Remember, always be on the lookout for weird or unsolicited emails with PDF attachments. It is also a good policy to check with the sender to see if the attachment is legitimate or not. They might thank you, because it could be the only warning that their PC has been compromised (and it will keep you safe, too).

, , , ,

How to Spot Fake Anti-Virus Software

fake-antivirusThis is a very good article on Fake Anti-virus software and it’s implications.

Take the time to read it and you may prevent the pain of Identity Theft and Credit Card Fraud!!!

Article by Sue Marquette Poremba

Fake anti-virus (AV) software is a pain in the rear. It’s annoying as all get-out. And it can do a lot of damage to your computer. Just when you think you’ve figured out that it’s fake, the bad guys make changes.

If you’re lucky enough to have never experienced fake AV, it usually arrives as a piece of malware that pops up on your screen with a dire warning that your computer is infested with viruses — a lot of them.

If you click on the button, it offers to download the AV software to “clean” your computer. But that’s not a good idea.

“There are many versions of fake AV currently circulating on the Internet today,” said Raul Alvarez, senior security researcher for Fortinet’s FortiGuard Labs in Sunnyvale, Calif. “While there are different variations, styles and names, they all share a common feature set.”

Anatomy of a scam

The first feature is a professional-looking graphical user interface that makes it look like a legitimate anti-virus application. Once the fake AV gets into a user’s computer system, it launches the interface and pretends to begin “scanning” the computer.

Once the “scan” is finished, fake AV typically tells the user that the system is riddled with malicious software

Next comes the crucial part: The fake AV wants payment in order to “clean” the system of all that bogus malware.

But don’t enter that credit-card information. Once you do, all that data gets shipped off to Eastern Europe or Brazil, and you immediately become a prime candidate for identity theft.

Even worse, some fake AV loads real malware, meaning you’ve just paid to have your computer infected, and others log your keystrokes or try to steal other information from your machine.

[8 Security Basics the Experts Want You to Know]

The new breed

Alvarez and his colleagues recently found a new variant of fake AV that’s got a brand-new look. They’ve given it the catchy name of W32/FakeAV.RA!tr.

“Once the malware is installed, an infected user receives a warning message that reads the software has discovered a spyware infection,” Alvarez said.

The warning balloon looks like it’s coming not from some random anti-virus software that you’ve never heard of, but from the real anti-virus package you’ve already installed. That’s pretty sneaky. 

The next part of the scam is par for the course.

“When a user clicks on this warning message, a new application window that resembles a legitimate anti-virus application appears, starts ‘scanning’ the system and begins displaying detected infections,” Alvarez said.

“Once the detection phase is complete, a new window appears that displays the number of infections the software has discovered. The window also includes an option for the user to remove the detected threats or ‘Continue unprotected.’ Common sense dictates a user selects remove the ‘threats.'”

If you continue to click through, you’ll next be asked for your credit-card information and you are taken to a checkout screen. Then things get bad.

“This version of fake AV displays a warning message whenever a user tries launching a program and is particularly nasty as it doesn’t allow a user to launch any applications from their computer,” Alvarez said.

How to protect yourself

Computers are infected with fake AV through infected email attachments, links within emails or social-media links that lead users to malicious sites that automatically infect PCs and Macs via drive-by downloads.

The trick to avoiding fake AV infection is to know what’s already on your system. You should already have genuine anti-virus software that you’ve personally bought or installed.

 Alvarez recommended being familiar with your anti-virus software and to know what it looks like when prompts you for an update, if it isn’t done automatically.

If an update or scan prompt doesn’t match your regular anti-virus software prompt, fake AV has most likely made its way onto your computer.

“Don’t forget, you already paid for the software on your computer,” Alvarez said, “so if you are being asked to pay for something, it is fake.”

If you do end up with fake AV on your system, be assured that you aren’t alone — this is a billion-dollar business for criminals.

First, scan your computer with your legitimate anti-virus software. If it’s blocked by the fake AV, reboot your computer in “safe” mode and scan again.

“In addition, it is advised to do an ‘offline scan,” Alvarez said. “This means a computer should to be scanned and cleaned outside of the full operating system to complete remediation.

“This requires a restart into the Windows Pre-installation Environment (WinPE) to run a scanning utility, such as Windows Defender Offline scan tool,” he added.

Article Source: Security News Daily