Malware

Archive for Malware

POODLE Bug Presents a Major Network Security Risk

No, I’m not joking around. It’s real. You may be familiar with bugs known as Heartbleed and Shellshock, which I’ve addressed them in earlier BLOG posts. But now, it’s time that you be made aware of a new bug called POODLE (Padding Oracle On Downgraded Legacy Encryption). Simply put, POODLE allows hackers to access and steal information on encrypted connections.

It is important to note that this is NOT a flaw in SSL certificates, their private keys, or their design but in the old SSLv3 protocol. The bug hijacks pieces of information by using this outdated web communication protocol, leaving systems susceptible to information theft. It’s not believed to be as serious as the Heartbleed bug in OpenSSL, since the attacker needs to have a privileged position in the network to exploit the latest. The usage of Hotspots, public Wi-Fi, does make this attack a real problem. This type of attack falls into the “Man-in-the-middle” category.

How Do They Do It?

Did you ever wonder why you don’t have to log into your e-mail account each time you use it? This is because your browser has a cookie installed which lets your e-mail know that you are who you claim to be. While this is convenient, it can present a problem. If a hacker tricked you into connecting to a bogus wireless hotspot, for example, this bug could allow them to steal a cookie from your computer. This would give hackers a chance to steal enough information from a web connection that they that they would then be able to steal your cookies and effectively pretend to be you.

The Risks

When POODLE emerged earlier this year, security officials got to work and quickly patched many of the sites that were most vulnerable. Unfortunately, it seems, the experts did not go far enough. The bug formerly attacked an outdated version of SSL (Secure Socket Layer), which is no longer used on modern browsers, but is around due to some older sites, which still require it. Another newer layer of security called TLS (Transport Layer Security) has now been found to also be susceptible to POODLE and a fix has yet to be implemented. By the way, some banks are susceptible to the new iteration of this bug.

There are ways to keep your browser safe and to find out whether or not you’re at high risk for such bugs. BizTek Connection wants to make sure you’re doing everything you can to keep your company’s web presence and security safe. For more information, contact us via phone at 501-542-4241 or email at info@BizTekConnection.com

Posted in: Malware, Security

Leave a Comment (0) →

Ransomware – Coming to a Computer Near You!

It seems like it never ends… It seems that Malware is cropping up quicker than the industry can update the virus definitions and today is not different.  But there appears to be a new variety of Ransomware that has recently hit the market.  From what the industry has found so far, KEYHolder appears to be from the same folks that were behind Cryptorbit. It goes by the name KEYHolder.  Although Ransomware may seem like a relatively new type of attack, it actually goes back to the “AIDS” Trojan (also known as “PC Cyborg”) as far back as 1989.  In other words, they are really good at making, and propagating, this type of attack.

Like other Ransomware, KEYHolder will encrypt files (anything/everything from documents, music, videos to images, etc.) on any attached drives, including network mapped file shares. Once the encryption is complete, a ransom of $500 is demanded for the unlock key. The user is directed to download a Tor compliant browser and make the ransom payment through a Tor masked server.

It is thought, although no one is positive at this point, that the initial infection occurred via email.  As this is still developing, the industry as a whole is working to mitigate this threat, there is still much speculation around KeyHolder.  There is some chatter in the security community about infections happening through direct control of systems from the outside, but we have seen no evidence of this. Source files are still being investigated and signatures, to mitigate the risks will be updated by Antivirus vendors as quickly as possible.

This is a very valid, potential threat. Until more is known, and the industry has released fully functioning definition files to reduce the related risks, it is strongly recommended that you inform your users of the following:

1. Do NOT open attachments from unknown senders. While we have seen Ransomware attacks sourced from watering hole attacks, or social harvesting attacks, the vast majority are coming in through email via spear-phishing attacks.

2. Backup often.

3. Do not click on links that seem suspicious

4. Do not allow any software that you do not know the origins of to be installed on your system.

5. Keep endpoint security versions update

6. Keep endpoint signatures up to date

7. Contact BizTek support staff if you have any doubt about your current level of protection, or suspect that you are infected in any fashion.

Malware in any variety, is a pain, even in it’s simplest form.  But some, such as Ransomware and other, can bring your business to its knees.  If you are not confident that you have this base covered, give us a call.

Posted in: Malware, Security

Leave a Comment (0) →

WordPress MailPoet Plugin (wysija-newsletters) Has BIG Bug

It seems that every time we turn around there’s another area in which someone is jumping on a new way to exploit weakness on programs on our computer, Operating Systems and even on the websites/server we use to promote out businesses.  Today is no exception.  There has been another serious security vulnerability in the MailPoet WordPress plugin. Unupdated versions of MailPoet allows an attacker to upload any file remotely to the vulnerable website without any type of username or password being required.

File uploads of this time are used to ad code to your site that can cause you to become a spammer, or sell products that you know nothing of, nor make any money from those sales.  Basically, they can make your site open to just about anyone to do just about anything they want to do.  Any way you slice it, this is a serious issue. The MailPoet plugin (wysija-newsletters) is a very popular WordPress plugin with over 1,700,000 downloads so far. This vulnerability has been patched!  So, if you run the WordPress MailPoet plugin, please upgrade ASAP!

Are you affected?

If you have this plugin activated on your website, the odds are not in your favor. An attacker can exploit this vulnerability without having any privileges/accounts on the target site. This is a major threat, it means every single website using it is vulnerable.

The only safe version is the 2.6.7, this was just released a few hours ago (July, 1, 2014).

Why is it so dangerous?

This vulnerability gives a potential intruder the power to do anything they wants on a victim’s website. It allows for any PHP file to be uploaded. This can allow an attacker to use your website for phishing lures, sending SPAM, host malware, infect other customers (on a shared server), and so on!!!

Technical Details

Because of the nature of the vulnerability, specifically it’s severity, I won’t go into the technical details. The basics of the vulnerability however is something all plugin developers should be mindful of: the vulnerability resides in the fact that the developers assumed that WordPress’s “admin_init” hooks were only called when an administrator user visited a page inside /wp-admin/.

It is a easy mistake to make and they used that hook (admin_init) to verify if a specific user was allowed to upload files.

However, any call to /wp-admin/admin-post.php also executes this hook without requiring the user to be authenticated. Thus making their theme upload functionality available to everybody.

How should you protect yourself?

Again, update the plugin as soon as possible! Keeping WordPress and all plugins updated is the first step to keep your sites secured. If you don’t know how to do this, or even if you are not sure if your site us using this plugin, give us a call at 501.542.4241. We’ll help mitigate any risks.

Posted in: Malware, Security

Leave a Comment (0) →

TimThumb WebShot Zero Day Exploit

I have not idea if you are, or aren’t, using TimThumb WebShot after a serious vulnerability was discovered last year but, if you are, you may want to rethink it now.

A Zero Day exploit is one where there is now time delay between a particular exploit being discovered and it being released into the “wild”.  And, there’s a new Zero Day that was just disclosed on TimThumb’s “Webshot” feature.  Simply put, this exploit allows for certain commands to be executed on the vulnerable website remotely without any authentication (username/password) being required. With a simple command, an attacker can create, remove and modify any files on your server.

I could bore you with examples but, simply out, someone could remove files and/or create files using very simple URL (web browser, address bar, code execution).  Those two simple things are not the only possibilities… There are many others can be executed remotely (Remote Code Execution).

Are you vulnerable?

The good news is that Timthumb comes with the webshot option disabled by default, so just a few Timthumb installations are vulnerable. However, you have to check if your timthumb file does not have this option enabled to prevent it from being misused. Open your timthumb file (inside your theme or plugin) and search for “WEBSHOT_ENABLED” and make sure it is set to “false”, just like this one:

define (‘WEBSHOT_ENABLED’, false);

If it is enabled, you have to disable it asap.

We can help you, both check for the vulnerability and mitigate any vulnerabilities, if you need our help.   Another piece of good news is that we offer website firewall that will automatically protect against this vulnerability, and many others.

Posted in: Malware

Leave a Comment (0) →

Another Zero Day Exploit Affects Almost ALL Versions of IE

Zero-Day Attack is an attack that exploits a new vulnerability that developers have not had time to address and patch.  Simply put, the name comes from the concept that there were zero days between the time the vulnerability is discovered (made public) and the first attack.  In this case, Microsoft has confirmed this vulnerability in Internet Explorer that could allow remote code execution.

As you might expect, Microsoft is scrambling to fix a security flaw in its browser (Internet Explorer) that could allow a hacker to remotely execute malicious code if a user visits an infected website.  It’s important to know that there is no way for an attacker to force you to the infected site, so this is normally accomplished by convincing the user to visit the site by getting them to click a link in an email message or Instant Messenger.

Enhanced Protected Mode, which is enabled by default on IE 10 and IE 11, will help protect against this potential risk. You can also use Google Chrome or Firefox, since this particular exploit doesn’t appear to involve these browsers.  But, even more importantly, you can simply avoid clicking on suspicious links!  You may ask; what is a suspicious link?  In my opinion, any link in a message sent to be from any external source.  I know, that may be a bit “over the top”, but I see the repercussions from people clicking those links almost every day.

Not to sound like a broken record, but clicking links in messages sent to you, even from people that you know and trust, is a risky venture.  It is extremely common for attackers to mimic the email address of someone that you may know to get you to click that link.  It’s always a best practice for you to contact the sender of a message to confirm that they sent the message and there is a valid reason to visit a site by clicking the link imbedded in a message.  As a general rule of thumb, whenever I receive a message with a link, even if it’s from a trusted source and they have confirmed the message to be valid, I will type (as opposed to clicking the link) the entire URL into the address bar.

Exploits are, and will always be, around.  I’ve frequently said that whatever one person is bright enough to create, another is bright enough to break (or exploit, in this case).  So, do everything you can to mitigate the risks, including explore using a different browser AND being extremely skeptical about clicking links in messages.

Posted in: Malware

Leave a Comment (1) →

Beware: Ransom-ware CryptoLocker

Once this malware is executed on a computing device it encrypts files in the victim’s computer, and demands a ransom 300 USD to be paid by the victim within 72 hours in order decrypt the victim’s files.

In early September 2013, security experts around the world became aware of a very nasty piece of malware that, once executed, encrypts files in the victim’s computer, and then demands a ransom of $300 for decryption.
This one of the most destructive malware infections I have ever seen! It is essential that anyone with a connection to the Internet is aware of this beast.
This type of malware is popularly known as ransomware and is spread using social engineering tricks especially via email such as fake FedEx, banking, credit card, or UPS tracking notifications with attachments. Once the victim opens such email attachments, CryptoLocker gets installed and starts scanning the hard disk for all kinds of documents. These include images, videos, documents, presentations, spreadsheets AND including any backup files that may also be maintained on the target system. Thereafter it encrypts these files converting them into an unreadable form. The ransomware then pops up a message demanding a payment of $300 (currently) to obtain the private key to decrypt the files. The message also displays a time limit within which the payment must be made.
CryptoLocker uses unique RSA encryption method of public private key pair to encrypt its victim’s data. It is not possible to decrypt the files encrypted in this way until one has access to the private decryption key. The key is not stored on the infected computer, but rather on the hacker system which, of course, we do not have access to.
There is no known fix – other than paying the ransom. Without the key it is not possible to decrypt the data encrypted by this malware. The malware defines a window of 72 hours to pay the ransom and to get the private key to decrypt your data. If the amount is not paid the hackers destroy the private key and your encrypted data is locked forever with no way to recover it. Hackers behind this malware are able to avoid the trace back by using digital cash systems like Bitcoins, UKash and MoneyPack, where the payments can be anonymous.
Here are two very simple steps you can take to minimize your risk:

* Never entertain unknown or unwanted emails with attachments, especially those that come from FedEx, banking, credit card, or UPS tracking notifications. Use strong anti-phishing, anti-spam and content filtering to filter out the fraudulent emails and no-go web sites.

* Ensure that your systems are backed on a regular basis. Preferably daily, with multiple versions and maintained at an off-site location.
I have attached a link to recent NakedSecurity newsletter from SOPHOS that includes a MUST WATCH video that illustrates how Crypto-Locker works, prevention, cleanup and recovery.

http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

Posted in: Malware, Tech Tips for Business Owners

Leave a Comment (0) →

How risky are Bitcoin payments?

Bitcoins have become a popular way for people to purchase goods and services online. The question, though, is if your small business should accept this virtual currency. Entrepreneur Magazine recently took a look at this issue. Here are the key questions they outlined about Bitcoins.

What they do

Bitcoins aren’t real money – as Entrepreneur says, they are simply pieces of computer code – however they are used as real money by many online vendors. Not surprisingly, a great number of vendors are disreputable. But more “real” online businesses are starting to accept this currency. Entrepreneur lists such reputable vendors as Reddit, WordPress and Etsy as accepting Bitcoin. Remember, too, that Bitcoins only exist after individuals purchase them with real, old-fashioned money.

Safety issues

Like all online transactions, there are safety risks with taking Bitcoins. These transactions are protected by way of a process known as public key cryptography encryption. That doesn’t mean clever criminals can’t hack these transactions. Businesses also need to be wary of malware that steals Bitcoins.

Your decision

As a small business owner, is it advisable to accept Bitcoins? You may want to sometime soon to do business with certain online vendors. There are some benefits, too, to this online currency. Bitcoin transactions – as of now – aren’t taxed. Additionally, there aren’t any fees or charges from banks, credit cards or financial institutions involving such transactions.

Posted in: Malware, Uncategorized

Leave a Comment (0) →

These IT projects will boost your business in 2013

Your New Year’s resolution was to grow your small business in 2013. How is that resolution faring? If you’re struggling to increase your small business’ revenues so far this year, it might be time for you to turn to your IT department. That’s right: Your IT department provides the technical expertise to make your small business even more efficient. That, in return, can raise your employees’ productivity and improve your business’ bottom line. Here are a few tech projects that Small Business Computing.com recommends for small business owners who want to see their businesses grow in 2013.

OnsiteWi-Fi

A growing number of businesses allow their employees to bring their own electronic devices – everything from laptops to tablets – to their cubicles. The reasoning driving this movement: When people work on laptops and tablets that they know well, they work more efficiently. But allowing your staff to participate in the bring-your-own-device movement doesn’t mean very much if your office isn’t equipped with a reliable Wi-Fi network that allows your workers to access the internet, send e-mail and post to social media sites while at their desks. Make setting up a powerful Wi-Fi network in your office a priority for 2013.

Invest in Ultrabooks

Your employees can do more when they can tote laptops to meetings with clients. Traditional laptops, though, are too cumbersome. And small Netbooks are often too slow and limited. Ultrabooks, though, are a different story. These laptops are both small and light enough to be portable, and powerful enough to enable staff members to display multimedia demonstrations and reports to prospective customers. A great way to see your business grow is to give your employees more options for snagging new customers. Ultrabooks are one of these options.

No more Windows XP

A surprising number of businesses still have computers running the Windows XP . This is unproductive. To begin with, Microsoft will no longer support this 10-year-old operating system as of April 8, 2014. Which means that Microsoft will no longer be sending monthly security updates for the system. In addition, newer versions of the Windows operating system, especially Windows 7, are simply more efficient. Give your employees a better chance of finishing their projects faster — upgrade from Windows XP.

Also slated for EoL (End of Life) is Windows Server 2003 and Office 2003.  Don’t wait until the last minute! Not only are these products going out of support, which makes them at a much higher risk from malicious attacks, but they are also much more cumbersome and less efficient than their newer counterparts.  Essentially, they should pay for themselves with productivity boosts.  Ask me to prove it and we’ll sit down and go over the options.  I can be reached at the number listed at the top of the page.

Posted in: Malware, Security, Technology and How it's Used, Time Management, Tips and Tricks, Windows 7, Windows 8

Leave a Comment (0) →

Is the U.S. government driving a black market in zero-day bugs?

Is the United States creating a more dangerous Web? This is the theory depicted in a recent story by the MIT Technology Review. The story details the history of Stuxnet. You may remember this bit of malware as it made big news in 2010 when it was discovered. Today, the general opinion is that Stuxnet was created by the governments of the United States and Israel to attack the industrial equipment needed to run Iran’s budding nuclear program. As the Technology Review story states, Stuxnet might be the first well-known example of a new form of warfare, one in which countries use malware and other viruses to attack computers and security systems of other nations. And the United States might just be the leader in this form of virtual warfare.

A developing industry

Here’s the worry, as expressed in the Technology Review story. As governments, including the United States, spend a rising amount of dollars to create malware weapons, are they also making the Internet a more dangerous place than it already is? Unfortunately, the answer appears to be a definite “yes”. Nobody knows just how many malware weapons governments have implemented since Stuxnet made news. But, as the report says, many have undoubtedly done their job without the public hearing about them. That ought to make any Internet users feel nervous.

A mobile attack?

As people move more firmly toward mobile devices such as tablets and smartphones, so are the makers of malware weapons. The Technology Review story reports that exploits aimed towards mobile operating systems are particularly valuable due to the fact mobile systems are updated so rarely. As the report highlights, Apple only sends updates to its iPhone software a few times per year. That leaves the system vulnerable to government that would love to surreptitiously deploy malware such as spyware on the mobile phones of terrorism suspects.

Nothing new?

The Technology Review story ends on a somber note. Perhaps, it suggests, these malware weapons are not so unusual. Countries around the world routinely develop new weapons. Malware exploits might be the latest version of an arms race. However, consumers could be caught in the crossfire of a Web that’s suddenly become considerably more dangerous.

Posted in: Malware, Security

Leave a Comment (1) →

Hackers now targeting smart phones

Think your smartphone is safe from malware attacks? Think again. The depressing statistics indicate that cyber criminals are increasingly turning their attention to smartphones. This should not be surprising. After all, people are increasingly using our smartphones as miniature computers. A large number of even making use of these devices for online banking. Smartphones, then, represent a significant untapped market for cyber criminals. The good news? It is possible to protect yourself from mobile malware by adopting some common-sense strategies.

Scary Numbers

The security firm F-Secure shows the rather frightening numbers: According to the firm, the number of malware attacks directed at mobile Android devices quadrupled from the first quarter of 2011 to the same quarter in 2012. That’s just one of several unsettling statistics regarding mobile malware. CNN Money writer David Goldman, for instance, recently cited an article from security firm Lookout Security that four in 10 smart phone users will click or swipe a suspicious Web Link this year. Goldman also writes that smartphone cyber attacks have spiked by a factor of six, based on statistics revealed from anti-virus company McAfee.

The Good News

These numbers shouldn’t cause smartphone users to toss their devices in the river. Despite the rise in mobile malware, cyber criminals continue to focusing primarily on PCs. For just one reason, it’s easier. Developers have learned from their past mistakes, and have managed to make it a lot more tough for cyber criminals to take over smartphones and other mobile devices. At the same time, these criminals are so successful in targeting PC users, they have little financial incentive to focus on mobile devices. Consumers, though, shouldn’t rely on this for much longer, Goldman writes. As smartphones will continue to rise in popularity, they will likely experience a greater number, and variety, of malware attacks.

Protect Yourself

You can protect yourself from mobile malware attacks. And, just like with PCs, it mostly requires good judgment. To illustrate, when you find yourself looking for new apps, be careful. Don’t inadvertently download pirated versions of free apps. The pirates behind these apps will charge you for apps you could normally get for free. Be skeptical, too, of apps promoting free virus protection. Mobile virus software normally isn’t free. A free app could be a virus in disguise. When you are shopping for apps stay in well-known, regulated app stores. Independent app stores such as GetJar don’t have the same amount of regulation as iTunes and other regulated stores. Finally, be wary of phishing schemes. Never hand out personal data such as checking account numbers or Social Security numbers through e-mail.

Posted in: Malware, Security

Leave a Comment (0) →
Page 1 of 3 123