We are a bunch of tech geeks, coders and designers. New Version of gpcode Ransomware »
0
Kaspersky Lab reports that is has seen a new variant of the gpcode ransomware. Gpcode.ak is an encryptor-virus which uses 1,024 bit encryption to lock down all data on an infected hard drive. The infected machine then shows this popup:
Translation – if you get infected, you are, um… in trouble. Kaspersky has cracked previous variants of this virus in a relatively short period of time. However, this encryption is twice as strong as previous versions, so don’t hold your breath waiting for it to be cracked.
Ransomware is not a new phenomenon, but this one is the worst threat to date. As we have warned before, BE VERY CAREFUL WHEN OPENING E-MAIL ATTACHMENTS. Especially .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h. Kaspersky also has some guidelines to follow if you do become infected by gpcode.ak:
Contact Kaspersky Lab using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine.
Write to Kaspersky at: stopgpcode@kaspersky.com with the following information included in the email:
* Date & Time of infection
* Everything done on the computer in the 5 minutes before the machine was infected, including:
o Programs executed
o Websites visited
Kaspersky will then try to help.
Make sure you have a strong anti-malware program running and that you keep it up-to-date (ie. daily). Do not turn if off because it makes your computer run slow and do not run more than 1 anti-virus program on any one machine.
SpyBossPro: The Latest Spyware Threat »
2
The latest and most annoying piece of spyware released is called SpyBossPro. This piece of software is pretty sneaky and could cause plenty of headaches for the end user. As a piece of spyware, SpyBossPro will actually record your keystrokes (like when you type in your credit card information), record all web sites visited, take screenshots at regular intervals, as well as send all of this information to a predetermined email address. It does all of this in the background, so you will not even know it’s happening.
So please, keep your Anti-Virus programs up to date. They will detect this nasty piece of software if it is on your machine, or trying to enter your machine and save you many headaches in the future.
Getting “E-Mauled” by E-Mail »
0
Back when e-mail was in its infancy, users used to have to pay around $20 a month for an account. I remember when having an email account was viewed as a status symbol, even if none of your friends had one and therefore did not communicate with you that way.
Fast forward 15 years and almost EVERYONE has an email account. The only holdouts are usually the elderly, infants or separatists living in one-room cabins in Wyoming. Most people even have multiple email accounts since they are available for free these days. But, of course the Spammers know that fact also and one of the biggest complaints, if not THE biggest, these days is the amount of SPAM that the average user receives daily (the FTC even has a lengthly form you can fill out to file a formal complaint). Some estimates say that as much as 90-percent of all email is SPAM, although I think that figure could be really inflated. Add to the sheer volume of spam the ever-more-sophisticated phishing attacks unleashed on unsuspecting users and it is obvious that the email method of communication is under serious attack.
One can no longer just rely on Blacklisting or blocking certain email addresses. E-mail address spoofing has rendered that technique all but useless. Blocking emails containing certain “words” is another technique that is so ’90s. Spammers are just rewriting these words so that filters c@n’t bl()ck them.
The bad guys go to these lengths because SPAM is far too lucrative a business for it to just go away. The average spammer sends 100 million messages at one time. Let’s say that only 1% get past the spam filters. That is 1 million messages that are actually delivered. Now take it a step further and let’s say that 1% of those messages are actually answered – that is 10,000 SPAM emails that are actually answered in some way by the recipient. There is not another advertising method available that provides that kind of success rate and all the spammer has to do is create an email and push the “send” button.
Make no mistake, spammers are in the lead in this race. They are hiring professional software developers to create more and more effective programs. They are also using botnets to avoid detection by ISPs and to send the emails from multiple nodes, making it harder and harder for security vendors to stop or even slow the flow.
So the next time you see spam in your inbox, try to remember what the web hosting company is up against. It requires constant effort and even that sometimes is not enough. You, however, can make things a little easier by protecting your email addresses. For example, if a website requires you to enter a valid email address in order to sign up for something, try using a temporary email address service. One that we have mentioned before is Guerrilla Mail. A service like that will keep your personal email address from ending up in some spammer’s database.
Also, if you receive an unsolicited email from someone you don’t know, don’t click the little link that sometimes appears at the bottom of the email saying “Click here to be removed from our mailing list.” Usually, clicking that link will just notify the spammer that he/she has actually discovered a valid email address.
Top 10 Security Tips For Your Small Business Part 2 »
0
To continue our Top 10 list of simple (and mostly free) security tips for your small business.
7. Watch out for email attachments
Email attachments can be a wonderful thing. They allow people from all across the world to send pictures to family and friends, businesses to send documents to clients, and sometimes the occasional Powerpoint presentation that somehow didn’t make the trip can be sent directly to you in a matter of seconds. Though, for all of these wonderful things, email attachments can also be very harmful. Many of the most common and harmful viruses are spread through email. These will infect your machine as soon as you open the attachment. The main ways to avoid these nasty viruses are:
Never open an email attachment from someone you do not know. Only open an attachment if it is from someone you know and you were expecting it. If you are sending an attachment to someone else, let them know ahead of time. And last, but certainly not least, have an Anti-Virus program, such as Norton Anti-Virus (updated daily) that will scan incoming and outgoing emails for viruses.
6. Anti-Virus Software
Having a properly updated Anti-Virus program on your PC is crucial these days. Most Anti-Virus programs such as Norton Anti-Virus, Trend Micro, McAfee, and AVG all do updates daily in the background, so you don’t have to worry about it. Without an Anti-Virus program, accidentally opening the wrong attachment, or clicking on the wrong pop-up on a website, may open the door for spyware, adware, malware, and viruses to take over your PC.
5. Windows Updates and patches
I was just working on a PC yesterday and noticed that we are up to 93 Windows Updates AFTER the Windows XP SP2 update. That’s quite a few updates! Most of these updates are actually security patches for either Windows or the programs that are running with Windows, such as Microsoft Office, Windows Media Player, etc… These updates are important because they help to close “backdoors” that hackers have found that allow them to compromise your data and your privacy. Having some type of firewall, an anti-virus program and not opening strange email attachments will protect against most of your common threats. Though, to take it one step further and keep your data safe, set your Windows Updates to automatic and let it do it’s thing. There can be exceptions to this rule, though not commonly. Feel free to ask me any questions if you are having any troubles with your Windows Updates.
Click here to see tips 8 through 10 and stay tuned until next time for the Top 4 security tips!
Hackers Infiltrate Power Grid »
0
Well, at least they were white-hat hackers. BetaNews reported that an anonymous power company hired Internet Security hacker Ira Winkler to attempt to hack into and take over a power grid. The results were somewhat disturbing.
Ira and his team hacked the power grid in a matter of hours by using browser exploits and old-fashioned social engineering.
In order to get the power company employees to reveal sensitive access details, the hackers sent employees a fictitious email explaining that the power company was planning to cut their benefits. The email contained a link to an exploited website where employees could get “more information” – which they naturally did. After clicking the link, they were hacked.
Thereafter, the hackers had all necessary access to do whatever they wanted, including the self-destruction of power generators. According to Winkler, many of these software exploits were successful because the companies had not applied software upgrades and patches because doing so would result in system downtime.
So, should companies schedule downtime on their own schedule or wait until they are hacked and let the bad guys schedule the downtime for them? Hmm… According to Winkler, he stopped the hack within a few hours because it was painfully obvious that it was completely successful.
In June of 1998, Wired published an article called Hacking the Power Grid and here is an excerpt:
With deregulation, there is an increasing interest in energy futures trades at the commodities exchange on Wall Street. [IBM senior consultant Nick] Simicich said hackers might use social engineering techniques to obtain passwords to computers with access to the networks containing sensitive information from these sources.
It looks like little has changed… Social Engineering works because there is no patch for human stupidity.
