In October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this – CryptoWall – has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn’t go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:

• Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
• CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn’t paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
• Payment servers can’t be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn’t go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:

• Don’t open any suspicious attachments - Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
• Don’t open emails from unknown sources - Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you don’t use. Chances are high that they contain some form of malware.

Should your files be attacked and encrypted by this malware, then the first thing you should do is to contact us. We can work with you to help find a solution that will not end up in you having to pay the ransom to recover your files.

If you are looking to learn more about CryptoWall malware and how to boost your security and protect your data and systems, then we could you your first line of tech defence.

I got a fraudulent email pretending to be from PayPal today.  Upon reading it, it was pretty clear to me that was spam – the punctuation, the grammar, the lack of personalization and that it was sent to a non-existent email account all added up to one thing:  SPAM!  I’ve pasted a copy of the email at the end of this post so you can see for yourself!

Upon Googling “PayPal” and “phishing” I found myself on PayPal’s site and this neat little quiz.  Take it for yourself – if you’ve been reading my blog for a bit, you’ll pass with flying colors for sure!

https://www.paypal.com/webapps/mpp/security/antiphishing-canyouspotphishing

I understand if getting an email that has any reference to taxes makes your heart stop, it’s the easiest way to get my attention, that’s for sure!  But, really, would a tax authority send you a notice via email?  Take a moment to look at the email below and see if you can pick out the red flags.

• It’s sent to support@ – that’s a role address, not a person.   The support department does not owe taxes.
• There’s nothing of value in the body of the message that indicates where it comes from.  There’s no “Dear taxpayer” or “Sincerely, HMRC” or “Regards, IRS”
• Virtual Density is a US corporation – there’s no reason any taxing authority in the UK would send us this.
• The attachment is a .zip file.  All types of malicious things can be transported in a .zip file and so, never, never, never open one without knowing it’s origin.

Remember!  You are your own best defense against spam, malware and phishing scams.  Take a moment to read the email before you click on an attachment or link and NEVER, ever, EVER click on something if you’re not absolutely sure or it’s origin!

I found this email in my spam filter this afternoon.  (Thanks, SmarterMail!).   It’s another attempt to take advantage of the fact that people are busy.  We’re bombarded by incoming email – from customers, coworkers, vendors – and sometimes, we forget to think before we click.  It’s easy to protect yourself and you don’t have to have a degree in IT.  When you get an email with a link embedded in it, place your mouse over the link and then look in the lower left hand corner of your screen.  Check to see what the URL (web address) is.  If it doesn’t look right – it probably isn’t.  You won’t be able to do that with the email above, ’cause it’s a picture of the email.

Not sure what I’m talking about?  Try it here:

You should see http://www.virtualdensity.com/category/spam-alert/ in the lower left hand corner of your screen.  If you click on the “Click Here” (instead of just hovering) it will take you to that page.   Your best bet is to never follow a link that you’re not sure about,  and if you’re at all concerned email the sender to double check.  You can also check suspect emails by going directly to the company’s website and reading their information on how steps they’ve taken to help keep you safe.  American Express, for example, has a page devoted to Fraud Protection. 

Think before you click.  Remember, you are the best defense against viruses and malware! 

But, if you made a mistake and now you’ve got a problem you can call us 203.987.4566 and we’ll help!

Business technology is becoming increasingly complex to manage. In fact, many business owners and even IT departments often don’t have the time to oversee every business function. One area where help is often needed is with regard to security, and more specifically antivirus based solutions. There are so many different options available that it can be tough to pick and manage even one.  This is where Virtual Density comes in.  AntiVirus is an integral part of our CloudCare:  Managed IT Services.

What exactly is CloudCare Managed AntiVirus?

By now, most people are familiar with the term ‘antivirus’. They know that the majority of solutions are a monthly or yearly subscription that they pay for. By subscribing, the company that created the program will update virus databases, allowing scanners to identify viruses during a computer scan. This type of antivirus software is often referred to as unmanaged, largely because the end-user has the ability to deny updates, turn off the scanner, or uninstall it.

CloudCare Managed AntiVirus is provided by Virtual Density. We take care of installing the software on computers and other devices, and then manage the solution. We make sure the scanners and virus definitions are up-to-date and scans are scheduled for a convenient time, thus protecting your computers.

Benefits of CloudCare Managed AntiVirus:

1. All systems will have the same level of security - We install software on only the systems you want protected. This means that there will be the same program installed on your systems, and CloudCare AntiVirus will be updated to ensure that systems are protected from new security threats that come along.
2. It is easier to manage - Managing your antivirus solution can be a tough task, especially in larger companies where different solutions may need to be employed. By working with Virtual Density, CloudCare AntiVirus solutions are managed by tech experts. This is a great solution for business owners who aren’t too familiar with technology, or have an already overworked IT department.
3. The solutions can be low-cost - Our CloudCare Managed AntiVirus solution is part of a monthly package, and is priced per user. So, you’re never paying for a license that you’re not using.  For some companies, this solution is more affordable per user than a non-managed solution. This is especially true if you have a high number of users and need to purchase multiple licenses.
4. Management is continual - With unmanaged solutions, many users turn the antivirus scanner off because it can slow their computer down or because they believe their usage habits are not compromising security. CloudCare Managed AntiVirus can’t be uninstalled or turned off by the end user, meaning your systems are continually protected.
5. Your systems are truly protected - Regardless of how secure your systems are and the steps you take to ensure that malware doesn’t get through, infections do happen. When it does, it may be tricky to actually completely remove the virus. Virtual Density is trained to do this quickly and efficiently and can usually completely remove the virus, ensuring that your systems are truly secure.

If you are looking for a managed antivirus solution, contact us today.  CloudCare Managed IT services may be the solution that works for you and your business.  Email us at support@virtualdensity.com or call us 203.987-4566 option 1.

Portion of this post are from TechAdvisory.org. Source.

How many different passwords do you have?  In a perfect world, your answer would be, “I have a different password for everything I do.”  But, in reality, that’s unlikely.  Most people have a few passwords that they use in rotation.  Some only have one password that they use for everything.  Your password is the first defense against break-ins of your online accounts (email, banking, Facebook, Twitter, Pinterest). Bearing that in mind, you should be sure that your passwords are strong.

Here are some guidelines to help you create strong passwords:

• Strong passwords are phrases (or sentences) at least eight characters long—longer is better—that include at least three of the following: uppercase and lowercase letters, numerals, punctuation marks, and symbols.
• Substitute numbers, punctuation marks and symbols for letters.  You can do simple substitutions that make the password harder to break, but still make it readable to you.
• Give passwords the thought they deserve, and make them memorable. One way is to base them on the title of a favorite song or book, or a familiar slogan or other phrase. (Don’t use the examples below!)
  • Over The Rainbow = 0verTh3r@inboW
  • Lets Go Mets = L3t$GoMets!
  • Got Milk? = G0tM!lk?

• Don’t use personal identity information like birthdays, anniversaries, addresses or names of family members or pets.  (I know someone who uses his sons’ names as a password!)
• Don’t use sequential or repeated characters.  For instance:  11111 and 987654 are both terrible passwords!
• Don’t use PASSWORD.  In fact, don’t use just one word.  Using more than one word makes it harder to crack.

• Don’t write down your password and then leave it on your desk, or taped to your monitor or inside a desk drawer or anywhere that it will be found by someone at your desk.

• Test your passwords to see how strong they really are.

The longer and more complex your passwords are the better they are.  And, that can make it hard to manage them all.  There are password managers that will help you keep track of your passwords.   Here’s a review of password managers on Information Week to help you choose.

Remember your password is the key to your online identity!  Make it hard to guess!  Make it unique!  And don’t forget it!

Have more questions about passwords?  Email us at support@virtualdensity.com or call our support team at 203.987-4566 option 1.  We’re here to help!

The United States Computer Emergency Readiness Team (US-CERT) issued a recent advisory warning that cybercriminals will very likely attempt to use the Philippines Typhoon disaster as part of email scams and phishing campaigns.

Phishing attacks attempt to use high-profile events, including natural disasters in their subject line, to get victims to open an email and click on links contained in the message. The goal is to send victims to a web page designed to collect as much information as possible on victims, but increasingly phishing attacks attempt to get people to give up sensitive account credentials. They also can be directed to attack websites containing malware.

As the holiday shopping season begins, security firms say they typically monitor an increase in phishing activity. Here are 10 ways the US-CERT and solution providers said users can spot suspicious phishing messages.

Be wary of unsolicited messages, according to the US-CERT. Rather than clicking on links from banks, retailers and other online merchants, recipients should type in the web address directly into their browser, say security experts. Some messages are designed to appear to come from legitimate senders, but instead contain links to a phony web page masquerading as a legitimate website.

In April, a phishing campaign used the Boston Marathon bombing to lure people into viewing videos, photos and other content related to the incident, according to Symantec. The campaign used an automated toolkit to set up the attack, sending victims to a malicious web-page-hosting, data-stealing malware.

Phishing attacks targeting holiday shoppers will craft messages using trendy electronics and other popular must-have items. Phishing messages are spotted year round and increase significantly when new products are unveiled by Apple, Google, Microsoft, Samsung and other top technology vendors.

But phishing scams peak during the holiday gift-shopping period from Nov. 29 through Dec. 25. The US-CERT said to avoid offers that seem too good to be true. Don’t follow links in unsolicited messages. Visit the retailer site directly to verify the legitimacy of an offer, said McAfee.

Mobile threats have increased significantly in recent years due to rising smartphone adoption and an increase in transactions being conducted on the devices. Security vendor McAfee said this month that Black Friday shoppers that use Android devices could face text message phishing attacks. Phishers can create phony mobile apps posing as holiday bargain-hunter tools, the firm said.

Mobile malware FakeInstaller, which has been a long-standing Android problem, can trick users into thinking it is a legitimate mobile application. Ultimately, FakeInstaller can gain unrestricted access to smartphones and makes attackers money by sending text messages to premium rate numbers.

The easiest way to prevent the SMS scam is to avoid sideloading applications. Stick to official mobile apps from the Google Play store, McAfee said. Mobile antivirus apps also can spot and block FakeInstaller from running.

PayPal is a top spoofed site during the holidays, according to industry studies. The Anti-Phishing Working Group, a coalition of technology companies, law enforcement and government officials, found that online payment and money-transfer provider PayPal was the most targeted institution for phishing attacks. Eighteen percent of all phishing campaigns tracked by the group were directed against PayPal users in the first half of 2013.

PayPal offers its users an email identification tool from Iconix to verify the validity of email messages it sends to users. The company also sells a credit-card size security key that can be used to generate a random security code as an additional authentication measure when making PayPal transactions. This helps reduce the threat of an account hijacking as the result of giving up account credentials in a phishing attack.

Kaspersky Lab researcher Stefan Tanase urges users to make sure they are browsing through a secure connection when visiting a bank website, online retailer or social network. Another way to boost your security and avoid giving up information to cybercriminals is to check the SSL certificate of the website you log into, Tanase said.

Modern browsers, such as Microsoft Internet Explorer, Mozilla Firefox and Google Chrome, also will verify the legitimacy of a website and display a lock and green color in the website address bar to provide validation that the site is using SSL and is legitimate. Clicking on the lock icon will provide additional information, including cookies and certificate information that show how it verified encryption and certificate validation.

Antivirus software that has the latest updates often will provide phishing protection by blocking known phishing sites. Solution providers told CRN that, often, small business owners and individuals fail to keep their antivirus updated regularly, missing critical updates to ongoing attack campaigns that spread quickly. A web security gateway, a next-generation firewall or unified threat management appliance also provide blocking capabilities by detecting and blocking connections to locations that have been identified as malicious.

A common phishing scam that targets user account credentials typically tricks users into giving up their login and password details by luring them into implementing a new “security feature.” The scam uses a major bank brand or merchant name. It is effective because out of the millions of spam messages sent out, a small percentage will be fooled into thinking they’re implementing a new security feature.

Security firm Sophos detected this kind of scam targeting the customers of an Italian prepaid debit card service. Recipients tricked into opening an HTML attachment were prompted for their password. It is then saved and a phishing web page is opened.The presence of the password prompt may actually strengthen the social engineering of the phish, Sophos said.

Another good practice according to Kaspersky Lab’s Tanase is to check the email headers to confirm the source of the email message. This isn’t always foolproof because addresses and source information can be easily spoofed.

Email headers can give the details of a sender. Google and other services provide email header analysis tools that can determine the legitimacy of a sender’s IP address. In addition to the IP address, the header will show the Mail Server used and the details of the sender’s service provider. Phishers can spoof the email headers, but usually telltale signs can provide clues as to whether a message is legitimate. When in doubt, throw it out.

Phishing can be combined with other scams, and the US-CERT recommends that learning to identify fake antivirus could help stop an ongoing attack. Rogue antivirus is difficult to terminate. It causes realistic security warnings that ultimately request credit-card and personal information claiming that it will identify threats and remove them from the system. One recent scam involved a follow-up phone call from an attacker call center requesting access to the infected machine.

The threat of being infected can be reduced significantly by actively maintaining and keeping your antivirus up to date, say security experts. The US-CERT recommends that users visit a vendor website directly when purchasing or renewing software subscriptions.

Messages using the USA Patriot Act have been a common scam in recent years, according to the US-CERT. The email messages have been seen in greater numbers, possibly as the result of the revelations over the National Security Agency surveillance activity. Emails frequently reported to law enforcement use a message purporting to be from the Federal Deposit Insurance Corporation (FDIC). The phony message says the victim’s bank account is no longer insured because of “suspected violations” of the Patriot Act. The phishing email then attempts to steal the victim’s identity by requesting verification through an online form.

Ransomware is a similar scam. Malware locks the user from accessing any other functions of the infected computer. The attack requests payment in the form of a fine to unlock the system. The latest Cryptolocker attacks are a good example of the problem.

CryptoLocker.  Sounds like an online puzzle or a psychological profiling test, but The CryptoLocker virus is a serious bit of malware.  It locks the files on an infected computer and holds them for ransom. Literally.  And while, it doesn’t cause your computer to self destruct, it will delete all the files it has locked up if you don’t pay the ransom.  This may be the most destructive piece of malware of the year, and you should be worried.  The best defense against CryptoLocker is to educate yourself and your employees on how to minimize malware infections.

Here are five tips you can share with your employees about how to keep systems free from malware.

1. Don’t turn off or stop your anti-virus scanner
Anti-virus scanners are installed by companies and IT departments (and home users) the world over in an effort to keep systems free from viruses and malware. Because there are always new pieces of malware being developed and released, the companies that run the antivirus scanners are consistently updating the database that the scanner refers to when scanning a computer.

These databases come to the end user in form of updates and are downloaded and installed by the anti-virus scanner.  But if the scanner has been disabled or turned off completely, the updates are not received by the scanner and it will be unable to detect the newest viruses and malware.  So, keeping your virus-scanner on, but also up-to-date, is essential to keeping your system safe.

If the reason you’ve turned off your scanner is that it runs during business hours and that slows down your system, you can change the time it scans to during lunch, or after business hours, or before work.

2. Be ware of what you download

One of the more common ways malicious software makes it onto computers is through downloaded files. For instance, that toolbar that everyone’s raving about on your favorite social media site?  Or the file that must be downloaded in order to watch a movie online?  They may actually be teeming with viruses and by downloading the toolbar or the movie file, you may have also downloaded a virus.

So, only download files from websites that you know are secure and offer legitimate files. And, before you download anything ask yourself, “Do I really need this, and will I really use it?” If you are unsure, check with a colleague, or reach out to your IT partner.

3. Study email and attachments closely
Another common way malicious software and viruses are spread is through email attachments. Even if the email looks legitimate, you should take a moment and consider whether or not the attachment is something you should download.  Sometimes an email account has been compromised and a hacker is sending emails to users with the virus attached, or the host system has been infected and the virus is essentially sending itself.

Before you open ANY attachment, take a moment and think carefully about the email and the attachment.  Read the email itself carefully and ask yourself a few questions.  Do you know the sender?  Does it makes sense that there’s an attachment?  Did I ask the sender for information?  Look at the name of the attached file.  If it ends in .exe or .dmg, or .zip this is a program and likely a virus, and should not be opened.  If you’re unsure, start a new email to the sender and ask them to verify that they’ve sent the message.  Or better yet, call the sender!

4. Avoid using unknown thumb drives 
Thumb drives are be incredibly useful but, viruses can actually be spread by them.  If you do use these drives, many virus scanners can check them. So, when you plug in a drive, before you open any files or the drive itself, right click on it and you should see an option to scan the drive with your virus scanner. If not, you can likely do this from the virus scanner itself. This could take time, but it will help keep your systems secure.

5. Ask yourself whether you really need to have an administrator account for Windows
On many systems, when you set up a new user, you can set an account to be the administrator of that system. Administrators automatically have the ability to install programs, change settings and even create new accounts. If you don’t need to change your computer’s settings, or install programs then you likely don’t need to have an administrator account.

This could be a great way to minimize virus infections simply because these viruses need to first be installed. If you can’t install programs or even download them, then your chances of being infected are lower.

Want to learn more about how you can protect your computers? Contact us today as we may have the perfect solution that will not only keep your systems secure, but also free from any malicious software.

Contact our support team by email at support@virtualdensity.com or on our website or call us 203.987.4566!

Cybercriminals pushing rogue antivirus software now have a better chance of infecting systems with malware, following detection of their use of stolen digital certificates.

ThreatTrack Security researchers found that the Winwebsec malware family, which pushes rogue antivirus sofware, has been using stolen digital certificates, said Dodi Glenn, director of security intelligence at Clearwater, Fla.-based ThreatTrack Security.

ThreatTrack released its findings Wednesday, reporting that the certificates were stolen from Source Medical Solutions, a maker of medical management, billing and clinical software for specialty hospitals; Ohanae, a cloud management software maker; and FirsTech, a payment processing provider in Illinois.

Stolen certificates enable attackers to make malware look legitimate on a victim’s PC and can dupe antivirus detection engines. They also can increase the threat level of malware because they give the malicious code root authority, making it appear as legitimate software on a system. Two of the certificates have been revoked, but Glenn said two other recently detected certificates remain active and have been submitted to VeriSign for revocation.

“The interesting thing is that people don’t treat these like golden keys to the kingdom, and they should,” Glenn told CRN. “They should be walled off and locked down from anyone on the outside.”

It’s very likely that the certificates were swept up in a broad attack carried out by cybercriminals attempting to steal FTP credentials and other data, Glenn said. Once stolen, the certificates are sold in hacking forums, sometimes to the highest bidder.

Stolen software code signing certificates increasingly are being used by attackers. In its latest threat report, McAfee said signed malware, which poses as approved legitimate software, continues to set records, increasing by 50 percent in the second quarter of 2013.

Stolen certificates were used by the cybercriminals responsible for the Bit9 data breach in February. The attackers used the stolen certificates to target several other Bit9 customers before the breach was detected and the certificates were revoked. Last year, Microsoft revoked code signing certificates used in the Flame attacks, a targeted nation-state surveillance campaign.

As a best practice, software publishers should be using strong security controls to protect the keys used for code signing certificates that verify the validity of their applications, Glenn said. Access to the private keys should be minimized and storage of the keys protected with encryption, he said.

According to Microsoft’s latest Security Intelligence Report, Winwebsec malware family infections were the most-encountered malware infections in the beginning of 2013. Detection of the malware has decreased since 2012, Microsoft said.

Winwebsec uses prevalent antivirus brand names to make it appear to the user that it is legitimate software. Names seen by Microsoft include Antivirus Security Pro, AVASoft Professional Antivirus, Smart Fortress 2012 and Win 8 Security System. The attackers behind the rogue antivirus software also are believed to be responsible for the Mac Defender rogue security software program detected on Apple Mac OS X systems in 2011, Microsoft said.

“These different distributions of the Trojan use various installation methods, with file names and system modifications that can differ from one variant to the next,” Microsoft said in its report.

By Robert Westervelt & CRN – Published Oct. 30, 2013

Here’s another example of an spam email designed to take advantage of us busy people!  We use a VoIP phone system here and when someone leaves a voicemail, or sends a fax, we get an email alert with the message attached.  So, it’s not unusual to get an email like this one. But, there are a few items that mark *this* email as bogus.  There’s a screen shot of the email at the end of this post.

1) One or more of the email addresses is wrong.  And, why would it be sent to more than one email address anyway?
2) The attachment is a .zip file.  Zip files should ALWAYS make you think!  Always verify with the sender before you open a zip file!

Remember – you are your own best defense against viruses and malware.  It’s important to take a moment and really look at attachments and links before clicking.  An extra few seconds of careful study can save you untold hours of heartache and stress!  If you’re unsure about an email, ask us!  support@virtualdensity.com