Virus Spreading over USB Thumb Drives
Virus Spreading over USB Thumb Drives

Spreading Viruses on USB Thumb Drives

Security, , ,
30
Jan 2015

Virus Spreading over USB Thumb Drives

To stay safe from infections, we’re going to look at how viruses spread over USB thumb drives and how you can protect yourself and your business.

Why would anyone deny the comfort level enjoyed with using USB thumb drives to conveniently transfer data? Beneath it all, there’s more to that data transference than meets the eye.

How Viruses Spread over USB Thumb Drives

It starts with attaching a USB Thumb Drive to a device for it to infect the computer. The machine is then infected using the Windows AutoRun feature which is trigger when a storage device is plugged in. Not only is the data transferred, but the device in which the data goes in becomes infected with malware (virus) and malicious software, causing damage or data loss.

autoruninf_thumb

The virus likely originates from the infected device the USB was connected to before. The process of transferring viruses can stem back through a chain of infected hosts, bringing with it a trail of disruption.

At present, it’s highly likely that most USB Thumb Drives connected to an infected device or PC hoards a virus in it. For instance, a new virus threat known as “BadUSB” works off USB thumb drives and is claimed to be unstoppable, according to security researcher Karsten Nohl.

Types of Viruses

The following types of viruses can infect a computer when the user runs or installs the infected program. Infection can occur through something downloaded from the Internet, or in most cases, loaded onto the computer from USB thumb drives.

  • Worm –a program that replicates itself by exploiting vulnerability on a network.
  • Trojan horse -appears to serve a useful purpose, but actually hides a virus, thus infecting the computer by tricking the victim into installing it willingly.
  • Rootkit – makes itself difficult to detect by hiding itself within the system files of the infected operating system.
  • Spyware -designed to covertly spy on a user and report information back to the originator.
  • Spam – common method of transmitting malware onto a user’s computer, usually via unsolicited email messages containing infected attachments or links to exploited websites.

How to Protect Yourself and Your Business

The most effective means of transferring virus for the hackers are through public data bases. Firstly, it is extremely important for anyone to restrict the use of USB thumb drives on computers based at net cafés, coffee shops, copy shops and even at an airport or a hotel, as they are for public use.

You never know which computer might be infected so plan to use business or personal systems over public computers as they are more vulerable to infected USB Thumb Drive viruses. Secondly, it’s best to run a firewall and update to the latest virus definition on any personal or business computers.

Turnoffautoplay_thumb

We suggest disabling the Auto Run functionality of the drive and avoid downloading “free online software” to better protect any USB thumb drive from adopting those menacing viruses.

For more ways to secure your business data and systems, contact your local IT professionals.

Read More

Know Everything About Your System with Speccy

Office IT, ,
26
Jan 2015

Speccy

Speccy is free software that provides a very detailed view of your computers hardware and software in a easy to understand, user friendly environment.

Speccy lists and provides very crucial and accurate specifications of your computer hardware and software. If you have ever been baffled by trying to find out how much RAM you have installed, what your Windows serial number is and a number of other things that you often have to communicate to your IT professional, then Speccy is worth considering. Here are 3 ways you can use Speccy:

Windows Serial Number

Windows

Sometimes in an emergency the only way to fix your computer is to re-install your OS. In order to re-install a legitimate copy of Windows, you must have your serial number handy. You cannot install install a legitimate copy of Windows without a valid serial number. It is always a good habit to copy and store your serial number somewhere safe in case of a computer emergency. Speccy conveniently lists your serial number and a number of other details for your OS.

RAM or System Memory

RAM

Sometime the best solution to speeding up an old slow computer is to just add more RAM to it. But how do you know if you have any room to add more of it? Or the type? Or the frequency? It is important to know these details when upgrading as different types of RAM are not compatible with each other. Speccy lists all these details in the RAM tab to the left. With this you will know exactly how much and what kind of RAM you are using and what kind of RAM you need to upgrade.

CPU or Processor Information

CPU

The number of cores and clock-speed of your CPU directly equates to the raw power of your CPU.  With CPU’s ranging from a single core all the way up to a whopping 12 cores, knowing how many cores you have will give you an expectation of performance. Other important information is how many gigahertz your CPU runs at and whether your CPU is a 32 bit or 64 bit processor.

Speccy offers vital information that is summarized and easy to understand. If you want to download Speccy head over to their website and give it a shot.

For more ways to improve your office technology’s effectiveness, contact your local IT professionals.

Read More

What is Remote Code Execution?

Network, Security, Uncategorized, ,
22
Jan 2015

binary stream

Why do hackers use remote code execution as a malicious attack on businesses? Here we’ll explain what remote code execution is and why most malware uses it.

Remote execution attacks are very real and should not be taken lightly. This is mainly due to the damage which can result in malware disabling parts of a system and disrupting business operations.

What is remote code execution?

Remote code execution can be best described as an action which involves an attacker executing code remotely using system vulnerabilities.

Such code can run from a remote server, which means that the attack can originate from anywhere around the world giving the attacker access to the PC. Once a hacker gains access to a system, they’ll be able to make changes within the target computer.

The attacker leverages the user’s admin privileges to allow them to execute code and make further changes to the computer. It’s often the case that such user privileges become elevated. Attackers usually look to gain further control on the system they already have a grip on and look to exert control onto other computers on the same network.

Examples of remote execution attack

Whether a business realizes it or not, malware threats are consistently looking for vulnerabilities and a chance to infiltrate past security. In essence, every attacker is an opportunist and they’re unlikely to hold back once they’ve spotted a loophole within a system.

Scenario 1:

Zero-day Internet Explorer Exploit CVE-2014-8967

An employee browses the Internet with the Internet Explorer browser and visits a website, which they were prompted to visit via an unsuspecting email message. Little do they know that the website exploits a bug on their browser, allowing for remote execution of code to occur. The code is set up by a criminal who has programmed it to run on the employee’s computer, and in turn, installs a Trojan virus. A Trojan allows a back door into the computer, which can be accessed at any time by the attacker. At this point, the criminal has complete access to the employee’s data files and will do as they please with it.

Scenario 2:

Windows_XP_End_of_Support

A business runs an unsupported version of Windows on a computer, which happens to be Windows XP.  An employee visits a website, however this website has been compromised, and a bug detects the user working on a computer that has Windows XP. Since this particular operating system is no longer patched by Microsoft, vulnerabilities are eminent. The bug picks up on this and begins remote code execution, set up by a criminal, to run ransom-ware on your computer. The ransom involves the criminal holding the company’s files hostage until payment is made.

How can you protect against remote code execution attacks?

For more ways to secure your systems, contact your local IT professionals.

Read More
Malware holding data ransom
Malware holding data ransom

Timeline of Sony Cyber Attack

Uncategorized, ,
20
Jan 2015

Malware holding data ransom

The Sony data breach in late 2014 has caused embarrassment towards their own top executives and employees. Here is a timeline of the Sony hacking events.

Here’s the timeline of the 2014 Sony Pictures Cyber-attacks:

November 24

Sony Pictures Headquarters

Early morning at Sony Pictures Entertainment Headquarters, based in Culver City, an image of a skull with long skeletal fingers simultaneously appeared on all employee’s computer screens. The image contained a threatening message saying, “This is just a beginning. We’ve obtained all your internal data.” This was noted to be the first sign of the digital break-in.

November 25

Computers at Sony headquarters in Culver City and overseas remain shut down.  The spokesperson of Sony Pictures Entertainment said that they were investigating an IT matter. However, several news organizations report that Sony has suffered a digital security breach.

November 26

Sony employees continue working even without computers and other digital technologies, such as voicemails and emails.

November 27

Mr_Turner_Promo_Poster

Five Sony films were leaked online and made available on on-line file-sharing hubs. Four of the five films are yet to be released. Included in the films are Brad Pitt’s Fury, Annie, Still Alice, Mr. Turner, and To Write Love on her Arms.

November 28

Initial reports surface that Sony Pictures Entertainment suspects North Korea being the one responsible for the attack. Sony beleives that the attack is in retaliation for the film “The Interview”. The story is about a plot to assassinate the North Korean dictator.

November 29

Computer_Turned_off

Sony’s computers are still shut down.

November 30

The speculation and reports indicate that North Korea is behind the cyber-attack.

December 1

Multiple confidential Sony documents were leaked including the pre-bonus salaries of Sony’s executives. The information also includes salary details of more than 60,000 Sony employees. Executive figures are published in many sites, including Deadline. Sony works with the FBI to investigate the attack.

December 2

A company-wide alert was delivered to employees about the attack, which was issued by Sony’s chiefs Amy Pascal and Michael Lynton.

December 3

Critical information has been extracted from a big dump of stolen data which included a large list of account credentials, YouTube authentication credentials, UPS account details, all in plain text. To add to this, it also included a collection of scathing critiques of Adam Sandler movies along with files containing information on passports and visas of crew and cast members who have worked on Sony films. Some of this confidential information is published on online sites, including a 25-page list of workplace complaints of Sony employees.

Sony stated that the investigation is on-going.

December 4

FBI_Seal

A Flash warning from the FBI is made regarding the malware attack, named Destover Backdoor, and alerted all large American security departments.

Press reports also stated that some cyber-security experts found out some significant similarities between the codes used in the cyber-attack of South Korean companies and government agencies, which were also blamed on North Korea and the codes used in the Sony attack.

December 5

The Sony attackers who are claiming to be the “Guardians of Peace” sent Sony employees an e-mail threating them that they will hurt their families if they don’t sign a statement disclaiming the company.

December 7

Further data leaks occur involving the financial details from Sony Pictures. According to Bloomberg, the leak traces back to a hotel in Thailand where an executive from Sony was lodging there at the time.

North Korea praised the attack by calling it a “righteous deed” and denied any involvement in the attack.

December 8

More leaks, which were uploaded to pastebin, were added but were soon taken down. This information illustrated details of email archives belonging to two executives; the President of Sony pictures and his co-chairman, Steve Mosko. This leak was believed to have not been North Korea; it most likely came from a disgruntled employee group.

December 10

The_Pirate_Bay

More legitimate leaks are disclosed, this time pertaining to details of tracking film piracy activities. Such activities include showing Sony’s internal anti-piracy procedures and details regarding the five ISP (Internet Service Provider) giants, used to monitor illegal downloads.

December 12

News reports from Buzzfeed, Bloomberg News, and Gawker stated that stolen documents from Sony were released, which included the medical records of Sony employees. The listed medical conditions include liver cirrhosis, cancers, and premature births.

December 13

Further genuine leaks are involve financial account information, showing revenues, expenditures, past and current projects, and deals, of which are all current still to Sony.

December 14

Spectre

The latest batch of stolen Sony documents was released by the hackers. Included in these documents is the latest version of the script of “Spectre” which is the next James Bond Film. Sony hired famous litigator David Boies who sent a letter to different news organizations demanding that they erase all stolen information that the hackers had provided them.

December 15

Former employees of Sony filed a class-action lawsuit against the studio with the claim that Sony took inadequate security measures to protect their personal data.

December 16

The hackers sent an e-mail to reporters threatening to attack movie theaters that will show “The Interview”, which was set to premiere on Christmas Day. The communication sent by the cyber terrorist to the reporters even mentioned that they should  remember the 11th of September 2001.  They also threatened to fill the world with fear to show to the people that Sony Pictures Entertainment has created an awful film (The Interview).

Another batch of data was released including a huge number of e-mails stolen from Sony’s co-chairman and CEO Michael Lynton. Former Sony employees filed a second class-action suit with the claim that Sony was negligent in not protecting their personal data.

In connection with the threat made by the hackers to theaters, Sony told theater owners to cancel the showing of the film “The Interview” if the threats of the hackers worry them. In response to this, Carmike was the first chain to declare that it will not show the film. Landmark Theaters also said that the New York premiere of the same film was been cancelled.

December 17

The_Interview_Poster

Sony Pictures Entertainment pull the planned release of the film “The Interview” on Christmas Day in connection with the threat of the cyber terrorist to attack theaters that show the film. Moreover, Sony also pulls every TV advertisement of the film.

December 18

The hackers praised Sony’s decision of pulling the premiere of the film and said that as long as the film was kept out of theaters the threat will end. However, there is still a high chance of attack if the film is to be released in VOD (video on demand).

December 20

North Korea invites the United States to take part in a joint investigation regarding the Sony attack as a proclamation of their innocence. However, they warned the United States of “serious consequences” if ever they retaliate.

December 23

Sony decided to move ahead with the release of the film on Christmas day and allow it to be screened across participating theaters.  Simultaneously, the film would be planned to be released in VODs. Sony claimed victory for this decision since they have never given up a film before.

December 30

Sony made the film available for rent online.

Final thought …

This timeline for Sony Pictures Entertainment Cyber Attack serves to create a better picture of what all the fuss was about. With so many events, it can be confusing to keep up with the news; therefore, we hope some value is found from understanding what such a run of malicious attacks can do to a company, even as big as Sony Pictures. Stay safe and always keep your systems and networks up to date.

For more ways to secure your data and systems, contact your local IT professionals.

Read More
Zero-day Internet Explorer Exploit CVE-2014-8967
Zero-day Internet Explorer Exploit CVE-2014-8967

Zero-Day Internet Explorer CVE-2014-8967 Vulnerability

Security, ,
05
Jan 2015

Zero-day Internet Explorer Exploit CVE-2014-8967

If you use Internet Explorer as your web browser, pay close attention to a recent Zero-Day vulnerability CVE-2014-8967 found allowing remote code execution.

Out of the various web browsers available to download, Internet Explorer is often the most vulnerable for attacks since it happens to be the one that is widely used globally.

We will summarize here what you need to know about CVE-2014-8967.

What is a Zero-Day vulnerability?

Microsoft and anti-virus companies regularly release updates and new virus definitions to address these exploits.  Zero-day means the exploit or bug is so new that no company has had a chance to patch it yet.

Specifically for zero-day vulnerability CVE-2014-8967, Internet Explorer has been exploited by hackers who have piggybacked on its publicly accessible framework to execute arbitrary code.

  • Technically speaking, the Internet Explorer vulnerability is all about the way in which it references “counting”, to allocate given in-memory objects.
  • These in-memory objects represent elements pertaining to HTML, otherwise known as CElement Objects.
  • An additional CSS style is applied, which illustrates the style it displays.
  • This change creates a loophole in the browser where the object’s reference can be allowed to drop down to zero before it normally should.
  • This in turns causes the object to become available to accept other commands to run.
  • This is where an opportunist can exploit the vulnerability to run code within the given framework.
  • The danger lies in the privileges the attacker can have on your system.
  • For instance, if you have administrator rights, the hacker can also acquire this same right, that’s if they manage to successful carry out the browser vulnerability hack.
  • It’s not much of a high risk if your account has basic user rights. Regardless of the level of user permissions you have, such an attack is undesirable.

Examples

An example of such an attack can originate via a dodgy website such as a hosted site managed by the attacker, is configured to apply the Internet Explorer vulnerability.

 

Examples of malicious banners and messages.

Examples of malicious banners and messages.

All that is needed is some sort of user action, such as a prompt, to trick the user into visiting the malicious site.

Another way hackers can use this vulnerability is by targeting other compromised websites to do the same thing.

Regardless of the malicious intent, you’re always in control and should practice safe browsing by avoiding suspicious or unfamiliar websites.

It can all begin by accidentally by opening an infected file or unknowingly visiting  a malicious web page, which executes the browser vulnerability.

This is why we stress the importance of not opening unknown recipient messages that contain attachments or links within emails and other places such as web banners or message boxes. The best thing to do is close down the page or delete those suspicious emails and notify your IT administrator.

Prevention and protection

The good thing about all the Microsoft mail clients, such as Microsoft Outlook Express, Microsoft Outlook and Windows Mail, is that they all disabled Active X and scripts by default. This stops malicious code from launching itself automatically and creating a problem, as discussed previously. However, you still need to be careful not to open unknown files or links.

How to protect yourself from Zero Day Internet browser vulnerability:

 

 

  • Update your Operating System. Do this with Windows Updates and be sure to apply any critical patches.
  • Do not Open attachments. It can all begin by accidentally opening an infected file or a malicious web page to execute the browser vulnerability. This is why we stress the importance of not opening unknown recipient messages that contain attachments or links such as web banners.
  • Use a different browser. Using a different browser can prevent the typical browser exploits found on Internet Explorer. For example Chrome, which is one of our preferred web browsers to use.
  • A little configuration can go a long way. Within Internet Explorer settings, you can set the option to prompt before allowing “Active scripting” to run, or alternatively, disable “Active scripting” within “Internet and Local intranet security zone settings”.
  • Use EMET. This is more for system administrators; however EMET (an Enhanced Mitigation Experience Tool Kit) can prove invaluable. This will be necessary I’d you’re working in a company that is unwilling to move away from Internet Explorer. EMET is a great workaround to help you to avoid this vulnerability.

For more ways to pro-actively protect your business and data from malicious vulnerabilities, contact your local IT professionals.

Read More
1 2