Need Customer Support?click here

Posts Tagged as security (page 3)

Are You Opening Your Spam Email Messages?

A survey conducted by the Messaging Anti-Abuse Working Group or MAAWG reveals that a almost half of computer users in North America and Western Europe not only open spam emails, but also click on the links and open attachments found within these messages intentionally. This not only invites more spam, but potentially exposes them to a large number of security risks as well. Data from the survey revealed that: Nearly half of those who have accessed spam (46%) have done so intentionally – to unsubscribe, out of curiosity, or out of interest in the products or services being offered. Four in ten (43%) say that they have opened an email that they suspected was spam. Among those who have opened a suspicious email, over half (57%) say  they have done so because they weren’t sure it was spam and one third (33%) say they have done so by accident. 84% were aware of the concept of bots. Yet, most think that they are immune from these viruses, with only a third saying they consider it likely that they could get a bot on their computer. Spammers have mechanisms which allow them to track whether their emails are accessed or not. Opening or even unsubscribing from spam messages further invites them to send even more spam. Furthermore, Spam messages these days are not only vehicles to solicit or sell goods and services of dubious source and value, but are increasingly being used as vectors to spread malicious software or malware. Clicking on a link, opening an attachment, or just viewing it can potentially open users’ computers to vulnerabilities in the operating system or installed applications. This in turn can turn compromised systems into “bots”, or unwitting accomplices in spreading more spam or malware. It pays to be aware of this next time you receive suspicious email – and make sure that your employees understand the risks as well. Sometimes even your antivirus software isn’t enough to protect you – so please ask us about our Managed Security Services and how we can help you not only fight spam but prevent it from reaching your Inbox in the first place. Related articles: Survey: Millions of users open spam emails, click on links (zdnet.com) Twitter spam drops to under 1 percent (networkworld.com) ‎ Brazil-originated spam levels topping 13% says Panda Security (infosecurity.com)

Continue reading »

Software on Energizer Battery Charger has Malware

Do you use the the Energizer DUO USB battery charger? If so, you’ll be interested to know that the United States Computer Emergency Response Team (US-CERT) has warned that software included in this charger contains a software “backdoor” or Trojan that allows hackers to remotely access vulnerable systems. In its advisory , the US-CERT warned that the installer for the Energizer DUO software places files in your system that allow an attacker to potentially remotely control your system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with your logged-on privileges and starts every time you start your computer. Furthermore, the Trojan operates whether the charging device it works with is connected or not. Energizer has acknowledged the issue in a statement released at its website. The company said it has discontinued sale of this product and has removed the site to download the software. In addition, Energizer is directing consumers to uninstall or otherwise remove the software from your computers. This incident illustrates the fact that these days threats to your computer and/or network can come from anywhere–including something as seemingly innocuous as your USB battery charger. As always, we advise our clients to be constantly vigilant against such threats. If you don’t have the time or resources to do this yourself (and most don’t!), perhaps it’s time to consider our Managed Security services. Give us a call – we’ll be glad to help. Related articles: Energizer Announces Duo Charger and USB Charger Software Problem (marketwatch.com) Sony Music CDs surreptitiously install DRM Trojan horses on PCs (zdnet.com) Malware hitches a ride on digital devices (securityfocus.com)

Continue reading »

Thinking about Security in the Cloud

As we begin to store more and more of our data on the Internet and in the “Cloud,” the threat of that data being accessed and used by someone or something outside of our knowledge or control becomes very real. Data such as credit card information, banking transactions, work history, private addresses and numbers, email and much more are now stored and searchable in everything from Facebook, Google, Twitter, and a host of other applications. In a June report titled “ Assessing the Security Risks of Cloud Computing “, analyst firm Gartner recommends that businesses work closely with their IT department or trusted IT services provider and consultant to understand the risks of storing data in the cloud. Not stopping there, Microsoft has called for even greater government oversight. Recently, Microsoft General Counsel Brad Smith travelled to Washington to urge the US Congress to enact legislation that would protect information that’s stored in the cloud. Microsoft is proposing legislation that would call for: Reforming the Electronic Communications Privacy Act Modernizing the Computer Fraud and Abuse Act Helping consumers and businesses manage how their information is collected and shared Addressing data access issues globally The move coincides with Microsoft’s recent efforts to offer cloud-based services not only for its consumer and corporate customers, but the government as well. Is your business ready for the cloud? What security and privacy policies do you have in place regarding your employees’ use of cloud-based services? Not sure? Contact us today to find out how we can help. Related links: Microsoft’s thoughts on cloud computing (microsoftontheissues.com) Challenges of cloud computing (techsling.com) Gartner: Seven cloud-computing security risks (infoworld.com)

Continue reading »

Mariposa Botnet Masters Arrested

Spanish authorities report that they have arrested the masterminds behind a string of online criminal activities using the botnet dubbed Mariposa. Mariposa is the original name of a commercially distributed Do-it-Yourself malware kit, sold online for 800/1000 EUR for “wannabe” hackers.  Along with the arrest, authorities seized sensitive data belonging to about 800,000 users in 190 countries, gathered from an estimated 12M+ infected host computers on the Internet. What’s particularly interesting is that the cybercriminals arrested were not themselves the author of the malware, nor were they any more techincally adept than many ordinary users. They simply had access to malware widely available on the Internet, and were able to conduct a crime of such a wide scale and reach. This illustrates that it’s become easier for many cybercriminals to conduct their nefarious deeds online, and highlights the need for more vigilance on the part of law-abiding netizens in keeping their network secure from hackers and malware. Is your network safe? Contact us to find out. Related articles: How FBI, police busted massive botnet (go.theregister.com) Botnet takedowns ‘don’t hurt crooks enough’ (go.theregister.com) Vodafone distributes Mariposa Bot, Conficker and Lineage in HTC Magic (techie-buzz.com)

Continue reading »

Beware of Vulnerabilities in Windows and Office

Microsoft recently released a number of security bulletins and patches addressing vulnerabilities in Windows and Office that are of high risk to users. It’s widely believed that many will be exploited by hackers within the next 30 days. One of them could potentially allow hackers or malware authors to easily compromise systems by tricking users to download malicious AVI-formatted files. Others require nothing more than just visiting a website. Another specifically targets Powerpoint Viewer 2003, and opening a malicious .ppt file could affect your system. This latest round of patches and vulnerability updates is really nothing new – although the sheer number made public in one day is notable. This highlights the need for a comprehensive security policy, because vulnerabilities do exist in even the most mundane or old versions of software. Customers under our Managed Services plan can rest easy since we monitor and update their computers as soon as these patches and advisories are released. Find out more about what we do to make your systems safe and secure. Contact us today. Related links: Patch Tuesday: Microsoft plugs critical Windows worm holes (zdnet) Researchers warn of likely attacks against Windows, PowerPoint (computerworld) Microsoft delivers huge Windows security update (computerworld)

Continue reading »

Beware the Kneber Botnet

A malicious piece of software making the rounds of news websites this week is believed to be behind the compromise of over 75,000 systems in over 2,500 international organizations – many of which are government agencies and large Fortune 500 companies. Called the Knebner botnet after the name in the email used to register the initial domain used in the campaign to propagate the malware , the software infects computers and captures user login access to online financial services such as Paypal and online banks, social networking websites such as Facebook, and email. Infected computers can be centrally controlled from a master computer, which presumably harvests the data captured for nefarious means. The Knebner botnet itself is not new. It’s based on the ZeuS botnet, and has gained prominence lately because it’s slipped under the radar of so many organizations. However, there are ways to prevent compromises from botnets – one of which is to have a proactive security system and policy in place. Our Managed Security customers have this assurance in place since we continuously protect their system from botnets and other malware. If you’re not sure that you’re protected, talk to us today. Related articles: Kneber botnet described as ‘massive’ and ‘worldwide’ (inquisitr.com) Kneber attack resurrects notorious Zeus Trojan, say experts (guardian.co.uk) Malicious Software Infects Corporate Computers (nytimes.com)

Continue reading »

How to handle Suspicious E-mail

Phishing, pronounced “fishing,” is a type of online identity theft that uses e-mail and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information. Follow these guidelines to help protect yourself from phishing scams sent through e-mail. Read more

Continue reading »

Hackers Target Email, Blogs, Social Networking Sites

In a report by security firm Websense , an alarming rise in the growth of malicious websites was identified in 2009 as compared to 2008 – almost 225 percent. The study also found an increased focus among hackers and spammers on targeting social media sites such as blogs and wikis. Social media or so-called Web 2.0 sites allow user-generated content , which can be a source of vulnerability. Researchers identified that up to 95 percent of user-generated comments to blogs, chat rooms, and message boards are spam or malicious – linking to data stealing sites or to downloads of malicious software . Email also continues to be a target for malicious activity with tens of thousands of Hotmail , Gmail and Yahoo! email accounts hacked and passwords stolen and posted online in 2009, which resulted in a marked increase in the number of spam emails. For our clients on our Managed Service plans, we work hard to ensure your systems are protected from harmful or malicious activity coming from the Internet. If you’re not under our Managed Service plans perhaps now is a good time to talk – let’s make sure your systems are safe in 2010. Related articles Top search results riddled with malware (v3.co.uk) Email phishing attack spreading say experts (telegraph.co.uk) Fraudsters Go Phishing For Victims’ Friends (news.sky.com)

Continue reading »

Mozilla Firefox Add-Ons Download Site was Harboring Malware

Mozilla , the organization behind the popular Firefox browser disclosed that two add-ons available for download on its website were vectors for Trojans that could compromise users’ computers. Add-ons allow users to extend and enhance the capabilities of Firefox beyond the default install. Normally they are scanned for malware before being uploaded onto Mozilla’s website, but apparently two of them managed to slip through Mozilla’s automated scans. The infected add-ons are Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer. Mozilla has since updated their scanning process, but as part of our ongoing security watch we are vigilant in continuously protecting our customers under our Managed Services program from malware – you can rest easy. When managing your systems on your own, it’s highly advisable to be vigilant with security and always use antivirus software – even when downloading and using software from legitimate sources. If you have downloaded these Firefox add-ons, uninstalling them does not remove the trojans that they carry, and you’ll need to use antivirus software to remove any malware on their system. Need more information or help? Call us and we will be glad to assist you. Related links: Mozilla Firefox hit by malware add-ons (zdnet) Trojan Horse Mozilla Firefox Addons (the firefox extension guru’s blog) Mozilla admits Firefox add-ons contained Trojan code (sophos)

Continue reading »

Are you using an Insecure Password?

Security firm Imperva recently released a warning to users of popular social networking website RockYou indicating that their accounts and passwords may have been compromised. According to the firm, a hacker may have accessed an alarming 32 million accounts. But what is more interesting in the wake of this news is an analysis made of the accounts and passwords stolen . From the data provided to researchers, it seems that a great number of users still use insecure passwords, such as those with six or less characters (30% of users); those confined to alpha-numeric characters (60%); or passwords including names, slang words, dictionary words, or trivial passwords such as consecutive digits, adjacent keyboard keys (50%). The most popular password? 123456. Are you using an insecure password? Let us guide you through best practices for information security. Contact us today. Related links: And the most popular password is… (zdnet) RockYou hack reveals easy-to-crack passwords ‎ (register) RockYou hack exposes names, passwords of 30M accounts (computerworld)

Continue reading »