We’ve started seeing yet another version of CryptoLocker .
It begins as a very simple plain text email pretending to be an email delivered fax. I’d like to point out that in an effort to evade filters or at least make blocking these a bit harder, the cyber thief has been utilizing DropBox links to give to potential victims. Much like many campaigns in the past, other virus campaigns have attempted to utilize legitimate, especially free, services to hide their malware. GoogleDocs was a favorite of spammers to peddle their pharma campaigns, but Google was usually pretty quick to clean those up. In this instance it would appear that DropBox does not scan their stored files for malware and CryptoLocker is taking full advantage of this.
This variation also appears to work a little differently in a few ways. Once the victim machine is infected, a few new pages pop up to inform the victim that they have been infected. One is a webpage explaining what just happened. Another is a text file that explains what you must do in order to decrypt your files entitled “DECRYPT_INSTRUCTION”. An interesting note in the decryption instructions his time is that they include Tor links that are supposed to be “your personal home page”. If you follow them though, you will just end up at a page that looks like the original instruction page that pops up when you are first notified of your new infection. DO NOT click on these links!
The third page that pops up is reminiscent of the original CryptoLocker providing a little countdown timer. Originally the timer represented the time you had left before they would destroy your personal encryption key, this time it states that when it runs out you will be charged double for their not so friendly decryption services. This go around i’s $500 – $600 and then $1000 – $1200 after the timer expires which appears to begin the countdown at 120 hours. With previous attacks, the payments were accepted through Western Union or Moneygram, this time they’re back to Bitcoin, and Bitcoin only.
This is a very nasty bug. Not only does it encrypt local files, but it also seeks out and encrypts attached storage as well as network shares and encrypts everything on those as well. If you have a cloud based storage system like DropBox open and logged in on your system it attempts to encrypt those files as well. It is not recommended that anyone pay these criminals the ransom they demand. We have not heard that anyone has paid and gotten their files back – the criminals just continue to bleed the user dry until the user stops paying additional money then they just stop responding.
This particular variation requires the recipient of the email to click on the DropBox link to retrieve a Zip file. The Zip file must then be opened. Inside that reveals a file by the name of Fax-932971.scr, note the screensaver .scr extension. Once the file is removed from the Zip it then appears as a pdf icon.
The ONLY way to combat this challenge is to remain HYPER ALERT AND VIGILANT to any and all emails that contain attachments. DO NOT CLICK ON ANY email attachments, faxes, bank transfers, PDF files, ZIP files.
This Trojan employs a very complex encryption algorithm and its removal has evaded everyone so far. There is currently no antivirus or anti-malware program that can protect you from this nor can it remove and fix the problem afterwards. The ONLY RECOURSE available for anyone that gets infected is to isolate the compromised machines from their networks, format and re-install the affected systems and servers and then restore them from backups. In many cases, unless you have a comprehensive offsite backup solution, your critical data is encrypted and unable to be restored. We have found that even paying the ransom will not get your data back as the criminals do not respond even after you’ve sent the money.
Yesterday, Apple introduced a major update to its iCloud service. Up until now, iCloud’s storage offering was fairly limited when compared to competitors such as Dropbox, Google Drive and Microsoft’s OneDrive. Now you can use it to store files of your choosing, and sync with not only other Mac devices, but also your Windows computers as well.
Apple also introduced a related service called Mail Drop, which allows for large-size file attachments in email, leveraging the cloud drive.
More importantly, Apple is dramatically lowering its pricing for iCloud Drive. In addition to the 5GB you get for free, Apple will provide an additional 20GB for 99 cents per month, and 200GB for 3.99 per month. This finally puts Apple iCloud more in line with Google, which charges $1.99 per month for 100GB.
We can expect more important announcements this week as Apple’s annual Worldwide Developers Conference kicks off in San Francisco. Among the rumored announcements may be new offerings from health care to indoor location tracking. Watch for what may be a new application called Healthbook, designed to track and monitor fitness and health information.
It may be a few months before we get a new iPhone, but WWDC should bring announcements on ways to extend the iPhone’s functionality. One interesting turn could be using your iPhone as a remote control for a connected home.
There’s more anticipation than usual in 2014 because Chief Executive Tim Cook has promised that Apple will enter new product categories this year. Apple’s Internet services chief Eddy Cue heightened expectations last week, saying the company’s product pipeline is the best he’s seen in 25 years.
Apple has been riding a wave of momentum in recent weeks from a combination of strong quarterly earnings, a 7-for-1 stock split that took effect yesterday, and plans to repurchase additional billions in shares. Apple shares are trading at its highest levels in more than a year.
In recent years, the WWDC keynote has been a showcase for updates to Apple’s two software platforms – iOS for the iPhone and iPad and OS X for Macs. The conference’s focus tends to be on software rather than new hardware products.
Computer hacker forums lit up last week as Federal Bureau of Investigation agents and police in 17 countries began knocking on doors, seizing computers and making arrests.
On the popular websites where cyber criminals buy and sell software kits and help each other solve problems, hackers issued warnings about police visits to their homes.
The hackers quickly guessed that a major crackdown was underway on users of the malicious software known as Blackshades.
The FBI and prosecutors in the Manhattan U.S. attorney’s office announced the results of that probe on Monday: More than 90 arrests worldwide.
Blackshades has been circulating for years now. It’s a remote access Trojan that gives the attacker a great deal of control over the victim’s machine. It behaves like a ‘worm’ in that it contains self-propagation programming to facilitate its spreading to other machines.
The low price makes it an attractive option for low level cybercriminals or any cybercriminal that simply wants one extra weapon in their arsenal.
The malware sells for as little as $40 and it can be used to hijack computers remotely and turn on computer webcams, access hard drives and capture keystrokes to steal passwords — without victims ever knowing it.
Criminals have used Blackshades to commit everything from extortion to bank fraud, the FBI said.
Last week, watching it all play out were about two dozen FBI cybercrime investigators holed up in the New York FBI’s special operations center, high above lower Manhattan.
Rows of computer screens flickered with updates from police in Germany, Denmark, Canada, the Netherlands and elsewhere. Investigators followed along in real time as hundreds of search warrants were executed and suspects were interviewed.
The sweep, capping a two-year operation, is one of the largest global cybercrime crackdowns ever. It was coordinated so suspects didn’t have time to destroy evidence. Among those arrested, in Moldova, was a Swedish hacker who was a co-creator of Blackshades.
“The charges unsealed today should put cyber criminals around the world on notice stated the chief of the FBI’s cybercrime investigations in New York. “If you think you can hide behind your computer screen — think again. ”
What Can You Do?
If you don’t use your webcam you should simply disable it to avoid this type of problem. My Dad immediately put a piece of masking tape over the built in webcam on his computer… Not very hi-tech but certainly an effective security precaution
Keeping your anti-virus and anti-malware protection working and fully up to date can help protect you from this kind of problem but it’s not fool proof.
Many webcam manufacturers don’t require or even mention that the user should change the default password so even inexperienced hackers already have ½ the battle won when they infect a system.
Parents should also monitor their kids laptops, smart phones, home monitoring cameras and even baby monitors – anything with an internet connected webcam or camera installed. All of these devices are susceptible to hackers and malware.
Here’s an article from Symantec detailing a number of things we should all do for better webcam security.
Microsoft released an emergency fix for the latest Internet Explorer Zero-Day exploit. This is an out-of-band patch due to the severity of this security hole.
In a surprising move, security bulletin MS14-021 (KB 2965111) also covers Windows XP. This is the last security update that users of the outdated OS will receive. FireEye has uncovered a new version of the exploit that targets Internet Explorer 8 users on Windows XP as well.
Microsoft encourages all Internet Explorer users to apply the fix via Windows Update, because there are actually several versions of it for IE 11 available: for those who have applied the latest cumulative patch for Internet Explorer and for those who have not.
Our recommendations: Users that have automatic updating enabled will not need to take any action because this security update will be downloaded and installed automatically. For information about specific configuration options in automatic updating, see the Microsoft Knowledge Base Article 294871.
For administrators and enterprise installations, or end users who want to install this security update manually (including users who have not enabled automatic updating), Microsoft recommends that you apply the update immediately using update management software, or by checking for updates using their Microsoft Update service
Windows 7 users, beware: Internet Explorer 11 will crash if you manually apply a wrong version of the emergency update. Please read the Microsoft security bulletin linked above for details.
Please also read the Securing Internet Explorer tutorial for recommended security and privacy practices.
Microsoft Security Bulletin
Microsoft Releases Fix
Microsoft Knowledge Base information
Microsoft issues emergency security advisory for Internet Explorer exploit
On Monday, April 28th, 2014, Microsoft released Security Advisory 2963983 regarding an issue that impacts Internet Explorer. At this time, we are only aware of limited, targeted attacks. This security issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
Microsoft’s initial investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11 will help protect against this potential risk. Microsoft also encourages users to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additionally, everyone should exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.
Here is the information you need to know.
1. All versions of IE 6 through 11 for Windows are affected.
2. No patch is available as of today (4/28/14)
What Can I Do?
1. Do not use Microsoft’s IE (Internet Explorer) on any machine you may currently have.
2. Use an alternative browser such as Firefox.
3. When the patch is issued, it will NOT apply to XP users!
4. If you are an XP User, you should use an alternative browser-forever!
5. Think seriously about upgrading or replacing those Windows XP machines.
With the end of support for Windows XP earlier this month, we believe this is just the first of many attacks that will be targeting Windows XP.
Microsoft typically releases security patches on the first Tuesday of each month, what’s known as Patch Tuesday. The next one is Tuesday, May 6th – whether or not Microsoft will release a patch for this
vulnerability before than is still unknown. In any case – there will not be a patch released for Windows XP users.
Symantec is offering XP users a tool to protect yourself from this vulnerability which it has made available on its blog:
Please note that recommendations and quick fixes, such as the one provided above by Symantec, may not be possible for future vulnerabilities. We recommend that unsupported operating systems, such as Windows XP, be replaced with supported versions as soon as possible.
Here are three articles with additional information.
The “Heartbleed” security bug has caused a great deal anxiety for people and businesses. Now, it appears that the computer bug is affecting not just websites, but also networking equipment including routers, switches and firewalls.
The extent of the damage caused by Heartbleed is sstill unknown. The security hole exists on a vast number of the Internet’s Web servers and went undetected for more than two years. Although it’s conceivable that the flaw was never discovered by hackers, it’s difficult to tell.
There isn’t much that people can do to protect themselves completely until the affected websites implement a fix. And in the case of networking equipment, that could be quite a while. Tech giants Cisco and Juniper have identified about 2 dozen networking devices affected by Heartlbeed including servers, routers, switches, phones and video cameras used by small and large businesses everywhere
Here are three things you can do to reduce the threat:
— Change your passwords. This isn’t a fool-proof solution. It’ll only help if the website in question has put in place the necessary security patches. You also might want to wait a week and then change them again.
— Worried about the websites you’re surfing? There’s a free add-on for the Firefox browser to check a site’s vulnerability and provide color-codes flags. Green means go and red means stop. You can download it here: https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/
— Check the website of the company that made your home router to see if it has announced any problems. Also be diligent about downloading and installing and software updates you may receive.
The Heartbleed bug isn’t a “virus” but a security flaw. The bug can be tested for to see whether it affects a certain website. You can perform your own test here: https://filippo.io/Heartbleed
Going, Going, Gone!
Unless you’ve been living in a cave you know that on April 8, Microsoft will stop supporting their ancient operating system – Windows XP.
You might think that an operating system that was actually engineered in the late 90s would be fully obsolete and unused by now. After all, since XP came out, Microsoft has released several major replacement versions: Windows Vista, Windows 7, and Windows 8 (recently upgraded to Windows 8.1).
But there’s something about Windows XP. It’s basic, stable, fast enough, and good enough for a lot of people. It’s still running on more than 10 percent of the world’s computers.
Still, it’s time has come. It’s hard to keep an operating system this old up to snuff in today’s fast paced online environment. XP works, but it’s not built to the same security level as modern operating systems. Microsoft doesn’t want to keep writing new security upgrades for it, so on April 8, its stopping. No more security updates. No more support. Your XP computer will still work, but Microsoft won’t help you anymore. Microsoft is pretty harsh about it too, stating: “XP cannot be considered safe to use after support ends.”
Microsoft has been urging us to upgrade for a long time. There’s even a site that tells you when your XP world will end: AmIRunningXP.com. Microsoft also has more info on what “end of support” means. To be fair, moving off XP would be a smart thing to do. Newer operating systems are easier to use (at least most of them), they run the cool new apps, and they’re definitely safer. But how do you move from an old computer that’s running XP into the modern era? There’s a lot of advice on how to make the transition. Not all of it good. Here are some good and bad options.
Bad idea #1: Just don’t worry about it
It’s not like Windows XP computers will magically stop working on April 9. So don’t worry about it; just keep on using it.
Why is this a bad idea? The problem with an old operating system is that it’s not up to speed with modern attacks. Operating systems need to be patched (updated) frequently to keep them safe from data thieves, scammers, viruses, and the like. After April 8, there will be no more updates coming.
But if you plan to keep going with XP for a while, at least make sure you’re on the last, ultimate version of it, called Service Pack 3. After April 8, you won’t be able to upgrade. Windows’ own update utility should manage this for you. Make sure it’s done so.
Microsoft says it will continue to provide updates to its “anti-malware signatures and engine for Windows XP users through July 14, 2015,” so you can continue to use the company’s antivirus app, Microsoft Security Essentials. That is, assuming you already have MSE installed and running. After April 8, it won’t be available for download. You might even find another antivirus tool from a third party but don’t get too comfortable. According to Microsoft, even up-to-date security software can’t save you if the operating system itself isn’t secure. And Windows XP just isn’t secure.
So yes, you can keep using XP, but not without risk. You probably don’t want it connected to the Internet, and even plugging a USB drive into it could be unsafe.
Bad idea #2: Upgrade to Windows 8, like Microsoft wants you to
Why not get the latest version of Windows? It’s so shiny!
There are two big reasons why this is a bad idea. The first: It probably won’t work. Your old Win XP machine likely does not have the horsepower, the hard disk space, or the hardware to run Windows 8.
Second: You’ll hate it. Windows 8 (including 8.1) has two separate interfaces. There’s a Windows desktop-like one in there, which you’ll probably find comfortable, but you have to go through the touchscreen-centric primary interface to get to it. That’s fine if you have a tablet. But your XP machine is no tablet. You can mostly avoid that tile-based, touchscreen interface, but not completely. It pops up from time to time, usually when you’re in a hurry and stressed out, and it’s frustrating when it happens.
Bad idea #3: Move to Linux
The geek operating system (sorry, geeks) called Linux is stable, fast, cheap, and free, and will run on your old XP machine better than Windows 8 will. The nerds will tell you it’ll do everything that XP will do. They’re right…. But here’s why it’s a bad idea: Linux really is a platform for nerds. Few people you know — unless you know a lot of programmers — will be able to help you out. And your Windows software won’t work. If you have apps you like, you’ll have to find Linux equivalents for them. You’re better off moving to a consumer-friendly operating system.
Better idea #1: Upgrade to Windows 7
The version of Windows that predates Windows 8 is really very good. It’s stable and similar enough to Windows XP that a transition will not be difficult.
It’s not a perfect solution, though. Your computer may not have the juice to run Windows 7, either, as it actually takes a slightly more powerful computer to run Windows 7 well than Windows 8. But you can, for the time being still buy Windows 7 (even though it’s not clear if Microsoft is still manufacturing Win 7 disks), and some hardware vendors still sell computers with Windows 7 installed on them.
Microsoft really wants you on Windows 8 and continues to remind us that Windows 8 is more secure, faster, and uses less energy than Windows 7. But the easiest new version of Windows to learn after Windows XP is Windows 7, so if you’re just using Windows to run a particular application, it’s a very good option.
Better idea #2: Get a Mac
Interestingly enough, it’s easier to move from Windows XP to the Macintosh operating system, OS X, than to Windows 8.1. There are many small differences, but OS X is pretty similar to Windows XP (and every other version of Windows other than Windows 8). It doesn’t take people very long to adapt. Most (though not all) good PC applications are available in Mac versions, too, and your data files should transfer over just fine.
It’s an expensive move, though. The cheapest new Mac costs $600 (the entry-level Mac Mini can use the screen, mouse, and keyboard from your old Windows computer). Laptops start at $1000 and desktops at $1,300. Complete Windows machines today start in the $500 range, or very nicely equipped at about $800. If you can afford it and you’re not married to specific Windows XP software, a new Mac might be the perfect answer for you.
You’re not alone
Why are people still using Windows XP? Some people keep old machines for specific purposes, like running XP-only software. Some are just of the opinion that if they have a computer that works for what they want, there’s no reason to spend money on an upgrade.
Just because a manufacturer deems one of its products obsolete, it doesn’t mean everyone who uses the product has to stop using it immediately. However, over time, an old product in the modern world will present challenges: It will be less safe, there won’t be people trained to fix it, or some other component it relies on will fail, and replacements will no longer be available. When you get into this portion of the lifecycle, you might be forced to move on. You’ll have a lot of options when it’s time to do so — they just might not be the options the manufacturer recommends.
If you’re one of the millions of us who just don’t like using Webmail or Gmail type mail interfaces here’s a client side email program that can easily take the place of Outlook or Outlook Express.
eM Client works with Gmail, iCloud, Microsoft Office 365, Outlook, Outlook.com, Microsoft Exchange, Apple Server and just about any POP3, SMTP or IMAP mail server available. You can easily import your data from most of the other e-mail clients including Outlook, Outlook Express, Windows Mail, Windows Live Mail, Thunderbird, The Bat and many others. It’s also optimized to run smoothly on Windows XP, Vista, Windows 7 and Windows 8 and fully supports touch enabled devices like laptops, tablets and hybrid devices.
Some of the other high end features include: Secure communication (SSL/TLS) Message encrypting (S/MIME), advanced email rules management, spell check throughout the entire application, a built-in email translator using the Bing translate engine, email templates, signatures, tags and categorizations.
But wait – there’s more. You also get a robust calendar which you can customize and share with others, send and receive meeting invitations/confirmations as well as free/busy scheduling features. A comprehensive contact management interface is included as well as a built in chat interface running inside the application or as a detached window that works with all the common chat services (Google chat, Facebook chat, Jabber, ICQ to name a few) Throw in File Transfer support to round out the package.
So – what’s all this power and productivity going to cost you??? For non-commercial users, not a penny. That’s right – home users get a free license with no functional limitations except that you’re limited to 2 email accounts.
eM Client is so loaded with features it’s easy to forget it only supports 2 email accounts. While this could be a burden for some, many others will find this mail client to be the answer to their email prayers.
If you’re looking for a Microsoft Outlook experience without paying an arm and a leg, you should definitely consider eM Client. It’s a functional dead ringer for Microsoft’s flagship e-mail client and it’s organized in largely the same manner. If you know Outlook, you’ll have no trouble using eM Client, and eM Client has many more features.
Check it out:
You can usually tell a legitimate Google notification from a phishing scam by reading the imbedded URL’s domain name—a message that redirects you to a non-Google address is sure to be a scam. However, a sophisticated phisher has come up with a method of stealing Google login information by using the company’s own servers against it.
Security firm, Symantec, discovered the phishing attempt and reported the incident on its blog. The new scam comes in an email with the subject line “Documents” and encourages you to click on an included link to check out an important message on Google Drive.
The link leads to a login page hosted on a bona fide Google website URL, complete with Secure Sockets Layer (SSL) authentication making the page seem even more legitimate. The login prompt is identical to that of a legitimate Google site, inviting you to sign in for “One account. All of Google.” Those who log in get redirected to an actual Google Docs document making the whole process seem legitimate.
Of course, the document isn’t the point; the point is that the phishers now have access to your Google account credentials. This gives them access to Google Drive documents, private email, and—perhaps most alarming—payment information for Google Play.
The scam works because the fake document is actually hosted on Google Drive. Combined with the convincing login page, this scam could theoretically fool the tech savvy as well as the uninformed.
Still, cautious people would spot a few red flags in this otherwise clever scam. First of all, the email itself does not come from an official Google email address, even if its preferred display name indicates otherwise. Clicking on links embedded in emails is also generally a bad practice, although in this case, even copying and pasting it would still bring you to a “verified” Google page.
If you get an email message purporting to come from a big organization such as Google, it’s generally a good idea to check the content of the email against the company’s official blog or Twitter feed. Always better safe than sorry.
Microsoft introduced product activation with the release of Windows XP. Over the years Microsoft has refined the experience. Windows 8 takes it a step further, in fact, product activation is invisible. When you setup Windows 8 on a new computer, you have to initially enter the product key (unlike Windows 7 which required this during the Out of Box Experience). The minute Windows 8 detects an Internet Connection it activates itself. Windows 8 does not have the old 30 day grace period familiar to Windows Vista and Windows 7 users.
What happens if you don’t have Internet access? You can continue to run Windows 8 including Metro applications without any hindrance, you just won’t be able to access certain customization options such as the ability to change your Start Screen background, start screen and color scheme. A watermark will also become apparent on screen and cannot be hidden, it even appears on your programs, so if you watching a full screen movie, you will see a watermark.
Activation still supports tradition phone activation, so if you are nowhere near an Internet activation, you should not have to worry. Managing your genuine status in Windows 8 is also much easier. You can view your partial product key (something that required command line operations in previous versions of Windows), so if you have multiple copies of Windows 8 installed on different PC’s throughout your home, you can match and compare. If you need to purchase an additional license, you can also do so from the new Genuine Center in Windows 8.
One of the improvements Microsoft is making to Activation 3.0 for newly built machines that come preloaded with Windows 8, you won’t have a COA (Certificate of Authenticity) sticker attached to the machine anymore. Instead, this will be embedded in the BIOS. This will avoid product keys from being compromised and the larger OEMs like Dell, HP and Lenovo will buy what they need.
For additional information visit this CNET article:
If you ever experience a Windows 8 activation issue you may find the answer here: