CryptoWall: Advanced Ransom Malware

Security, ,
04
May 2015

ransomware-161113CryptoWall 3.0, a new variant of the Cryptolocker ransom-ware virus is out causing problems to many businesses. Learn how it works and how to prevent it.

Discovered in late February 2015, CryptoWall 3.0 works very much like the previous versions of this virus, however its strategy to infect systems is somewhat different..

How CryptoWall 3.0 works

  • When the infected file containing CryptoWall 3.0 is opened, the malicious program encrypts all files that it finds mapped over the network.
  • Files become encrypted and unreadable.
  • Only the perpetrator can unlock the code to make it readable again.
  • Once it finishes encrypting all files, it asks for a ransom of around $500USD.
  • This amount is expected to be paid in Bitcoin currency, which is a universal currency used around the world.

Point of entry and identification

CryptoWall 3.0 employs social engineering tactics via phishing emails. These come through with attachments disguised as an “incoming fax report” displaying the same domain as the one the user is on creating a false sense of trust by making them believe it is a legitimate document. Once opened, Cryptowall picks up all mapped drives identified from the host machine it infects and encrypts all of the contents on it as well as the data on the mapped drives.

CryptoWall 3.0 uses .chm attachments, which is a type of compressed file used for user manuals within software applications. Since .chm is an extension of HTML, this allows the files to be very interactive with different types of media such as images, hyperlinked table of contents and so forth. It also uses JavaScript to allow the attack to send users to any website on the Internet, which occurs when a user opens up the malicious .chm file.
Once the file is opened, the attack automatically runs its course.

CryptoWall: More than meets the eye

rouge

Ransom Malware bas been evolving since the first wave of Cryptolocker attacks back in September 2013, which had netted the virus writers over $27,000,000 from claiming ransom money within only a few months of the Cryptolocker operation. Attacks are happening all over the world with detections in Europe, the UK, the US and in Australia.
The sophisticated Cryptolocker and CryptoWall attacks also use botnets, which is a wide network of compromised machines, to be the originators of the attack. Aside from speeding up distribution of the virus, it allows anonymity for the virus writers.

How to prevent CryptoWall 3.0

For more ways to stay protected and safeguard your network, contact your local IT professionals.

Read More

The Declining Firefox Market Share

Office IT,
02
May 2015

chrome_vs_firefox_securos.org_.ua_

Is Firefox as popular as it used to be? A decline in the Firefox market share has proven its loss of user share. Learn why by reading our overview here.

Browsers take long-term data statistics very seriously, as it is a measure of their success in the internet browser market. The popular and widely used browsers today are considered to be Google Chrome, Mozilla Firefox, Internet Explorer, Safari and Opera.

In the past year, Mozilla Firefox’s desktop user share has dropped by a significant 34% and since April 2010, dropped down to a total of 54%.

In recent months and years, Mozilla’s Firefox has continued to lose user share due to other widely used internet browsers gaining popularity. The Firefox browser has dropped to the lowest numbers in the browser market share since its initial release back in 2004 when Internet Explorer had already captured most of browser market.

Less people are using the Firefox browser and they’re increasingly reporting issues related to its use. For instance, there are now fewer browser users discussing bugs and fixes on blogs and forums than ever before. This has led to more problems for Mozilla Firefox.

The rise and fall of user share

browser-war-galit-weisberg

Browser wars as depicted by Galit Weisberg.

 

Let’s look at the rise and fall of user share regarding Mozilla Firefox browser and compare it to other popular browsers.

February saw Mozilla Firefox’s user share on desktop platforms to be down to 18.2%, which was down half a percentage from the previous month.

According to Computerworld, if the trend of losing market share continues at the same rate, this could mean that Firefox would go under 8% by this coming October based on both mobile and desktop users being at a low 9.8%, which is 3.4% down from when they first recorded statistics in July 2014.

Mobile Device Browsers

web-browsers

Since the introduction of smartphones that have been made widely available to the consumer market, users are also accessing the internet on their mobile devices. The drop in user share for Firefox appears to correlate with the increased use of mobile devices. Not even their combined numbers of desktop and mobile device users can make up for this loss in market share.

This is despite having a mobile web browser available on smartphone devices, such as for Apple’s iOS and Google’s Android devices.

According to Computerworld’s records, February’s mobile share usage was less than seven-tenths of 1%.  Google’s Chrome browser has been the biggest beneficiary of the loss of user share suffered by Firefox.

With Chrome being a popular browser choice on mobile platforms, this has helped their share flourish on the overall market. According to Net Applications’ statistics, Chrome along with the former Android browsers it has replaced, takes up a massive share of the market with 41.5%.

Mozilla committed to evolve their services

As Mozilla is focusing on their cloud service to offer an improved browsing experience for mobile and desktop browser users. They have also signed a five year contract with Yahoo to make its search engine a default one for Firefox browser in the United States.

In regards to a snapshot of the current market share for browsers, the order of popularity from highest to lowest includes Internet Explorer, Google Chrome, Safari, Mozilla Firefox and Opera.

For more information on Cloud services and flexible IT solutions, contact your local IT professionals.

Read More

What to do when your Wifi won’t work

Network, Uncategorized,
30
Apr 2015

Broken-WiFi

Is your Wifi not working? No problem, simply follow our quick checklist to get your Wifi back online so you can get on with business as usual.

It can be annoying to lose your Wifi connection at home or in the office. Besides, where would one be without Wifi these days?

Not having a Wifi connection can effect a multitude of business operations such as losing access to both the internet and your internal network, email, shared peripherals (such as printers and scanners), and any other wireless  resources connected to your router.

For many, it’s no longer feasible to have ethernet cables swimming all over the place.
To help end this panic, we’ve compiled a three -step troubleshooting list to get your wireless working again.

so-asus-wireless-n300-3-in-1-router-ap-range-extender-4-x-10-100mbps-lan-ports-1-x-10-100mbps-wan-port-w-dual-detachable-5dbi-antennas-model-rt-n12-d1-3

  • Restart your device or computer. The idea is to restart whichever device has lost its Wifi connection. It is best to do this first, as it may be an isolated issue with only the your computer, laptop, printer or smartphone. It’s also good idea to confirm this by checking to see if other devices and computers are connected and working over the wifi.
  • Restart your wireless router. If all devices connected to your Wifi router appear to be offline, then the problem is likely to be the router. You may want to observe whether your router is flashing amber or red lights, which is a sign that it has lost connectivity. Green lights are usually an indicator of a Wifi router being online, operating as usual. A simple reboot of your Wifi router by unplugging it from the power for 1 minute and plugging it back in can help it come back online. If the router continues to play up after a few minutes following a reboot, contact your ISP to check if there are problems with the internet connection. If not, the Wifi router may need to be replaced.
  • Make sure you’ve selected the correct wireless access point. Check to see which access point you’ve connected to by checking your device’s wireless settings. If you’re unsure about the wireless access point name, you can double-check it by reading the label displayed on the Wifi router or, alternatively, you can or ask your network administrator what it is. Understandingly, it’s so easy to pick the wrong wireless access point as most households and businesses have Wfi routers emitting wifi everywhere.

For more ways to troubleshoot networking problems, contact your local IT professionals.

Read More

Lenovo Caught Shipping Laptops with Invasive Adware

Security, Uncategorized, ,
28
Apr 2015

Comp 1 (0;00;00;00)

Lenovo has been caught red-handed shipping laptops with invasive adware. Read more here to find out the implications of why you should be concerned.

If your office has purchased any number of Lenovo laptops during the latter part of 2014, then these systems are likely affected by pre-installed adware.

There’s now little wonder  as to why your office’s antivirus or antimalware software might have been bugging you about a malicious adware named “Superfish”. If your systems administrator hasn’t been able to pinpoint the particular source, the culprit could really be the OS itself or Lenovo.

In 2014, several Lenovo notebook users reported injected advertisements while doing regular internet searches. The adware was identified as “Superfish” with capabilities of injecting third-party advertisements to not only on search engines like Google but by any website visited as well. Experts and technical enthusiasts have determined the adware was already pre-installed with the notebook by the time a unit is purchased.

Is It a Big Issue?

Although Lenovo would claim otherwise, experts point out that this invasive software can affect both users’ privacy and security.

For internet users who are annoyed by those numerous and deceiving web advertisements, this would already be a problem. Even the more savvy users can be deceived due to the nature of the advertisements displayed, which are designed in a way to look like they are part of the search results or the webpage itself.

A serious security threat which can spy and steal your data

Other than the ability to bombard you with online advertisements,”Superfish” also gives the perpetrators an opportunity to spy on the user’s activities when online and even monitor personal data:

  • The adware installs itself as a root security certificate in the laptops.
  • A security certificate is a small system file/key that determines which websites, servers, and software are trustworthy and which are not.
  • A root certificate can be likened to having a “master key”, where its authority will be adopted within the internet settings of a computer.
  • This makes a computer vulnerable by tricking it into thinking a website is secure, even if it’s not.

It’s a window of opportunity for cyber criminals to spy on their targets or even deceive them to give out personal data like usernames and passwords. There’s also a risk for laptops to be susceptible to malware and virus attacks since they can slip through their antivirus/antimalware software by using the certificates to make them look like legitimate files.

Lenovo’s Response

superfish-screenshot

Lenovo recently confirmed selling their units pre-installed with adware and shipping them worldwide. According to Lenovo, only units produced between September and December of 2014 were affected. Additionally, Lenovo defended the addition of “Superfish” in its laptops citing that the goal was to improve user experience when shopping online and that it does not monitor user activity.

As of January 2015, Lenovo has stopped shipping the adware on its computer products and has promised not do so in the future. It has also disabled “Superfish” and server interactions for the affected units and users. This “feature” should now cease to exist.

Check if you are affected by Superfish

 

superfish

Filippo Valsorda has setup a quick online test to see if your computer and internet connection are affected.  The test can be run here.

For more ways to stay protected, contact your local IT professionals.

Read More

Java 7 End of Life: How to stay protected

Security,
22
Apr 2015

Java_ai

Most systems today need to run Java occasionally. With the Java 7 end of life approaching, learn why it’s important to migrate to Java 8 to stay protected.

Oracle has supported Java SE 7 for 11 years now, however, with new developments on the latest version to support current and future technological developments, it has reached its end of life.

As of April 2015, Oracle will cease to provide updates for Java 7, which also includes discontinuing downloads for this version from their websites.

The good news is that existing customers are entitled to have continued support for any given security fixes or critical bug issues, including long term maintenance for Java 7 and older versions. All this will be available from Oracle’s Java SE Support team. However, it’s best to migrate to the latest version.

Oracle has also included an auto update feature since their January update to help migrate systems from Java 7 to 8.

Why migrate to Java 8?

Java 7 security updates will no longer be made automatically, making any systems running this version vulnerable. We strongly advise all users to switch to Java 8 for continued feature updates and to further close vulnerability exploits. Since vulnerabilities are likely to lead to exploits, its important to secure  your computer when browsing the internet on Java based websites.

Java exists to help applications and websites run correctly, which is fantastic. Being dependent on this component can lead to problems. With unpatched or outdated versions of Java, hackers can take advantage of using web browsers to serve up malware by exploiting its vulnerabilities.

By not maintaining frequent Java updates, this only serves to invite attackers to exploit your web browser and computer.

How to update Java and stay protected

Ophtek managed services clients are automatically updated.  Follow these steps to update Java manually.

Here are more detailed steps on how to install Java updates. Although the Java version shown in this tutorial is older, the method to install and update are still very much the same.

Remember that it’s worth spending a few minutes updating Java on your systems to lock them down from any possible future attacks.

For more ways to protect your office data, contact your local IT professionals.

Read More
1 7 8 9 10 11 14