Back to Top

Tech, Web, Cloud & Cabling Services

Category: Security

Security Category

How To Remove Windows 7 Antispyware

Remove Windows 7 Antispyware 2012, Vista Antivirus 2012, and XP Security 2012 (See Uninstall Guide Below)

Win 7 Antispyware 2012, Vista Antivirus 2012, and XP Security 2012 are all names for the same rogue anti-spyware program. This family of rogues is promoted in two ways. The first is through the use of fake online antivirus scanners that state that your computer is infected and then prompt you to download a file that will install the infection. The other method are hacked web sites that attempt to exploit vulnerabilities in programs that you are running on your computer to install the infection without your knowledge or permission. Regardless of how it is installed, once it is running on your computer it will install itself as a variety of different program names and graphical user interfaces depending on the version of Windows that is running. Regardless of the name, though, they are all ultimately the same program with just a different skin on it. This rogue goes by different program names, which I have listed below based upon the version of Windows that it is installed on:

Windows XP Rogue Name Windows Vista Rogue Name Windows 7 Rogue Name
XP Antispyware 2012 Vista Antispyware 2012 Win 7 Antispyware 2012
XP Antivirus 2012 Vista Antivirus 2012 Win 7 Antivirus 2012
XP Security 2012 Vista Security 2012 Win 7 Security 2012
XP Home Security 2012 Vista Home Security 2012 Win 7 Home Security 2012
XP Internet Security 2012 Vista Internet Security 2012 Win 7 Internet Security 2012

When installed, this rogue pretends to be a security update for Windows installed via Automatic Updates. It will then install itself as a single executable that has a random consisting of three characters, such as kdn.exe, that uses very aggressive techniques to make it so that you cannot remove it. First, it makes it so that if you launch any executable it instead launches Vista Home Security 2012, XP Internet Security 2012, Win 7 Security 2012, or any of the other names it goes under. If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself. It will also modify certain keys so that when you launch FireFox or Internet Explorer from the Window Start Menu it will launch the rogue instead and display a fake firewall warning stating that the program is infected.

Win 7 Antispyware 2012 Screen shot

Once started, the rogue itself, like all other rogues, will scan your computer and state that there are numerous infections on it. If you attempt to use the program to remove any of these infections, though, it will state that you need to purchase the program first. In reality, though, the infections that the rogues states are on your computer are all legitimate files that if deleted could cause Windows to not operate correctly. Therefore, please do not manually delete any files based upon the results from this rogue’s scan.

While running, XP Internet Security 2012, Win 7 Antivirus 2012, and Vista Security 2012 will also display fake security alerts on the infected computer. The text of some of these alerts are:

XP Home Security 2012 Firewall Alert
XP Home Security 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

XP Antispyware 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?

Just like the scan results, these security warnings and alerts are all fake and should be ignored.

While running, Win 7 Home Security 2012, XP Antivirus 2012, and Vista Antivirus 2012 will also hijack Internet Explorer so that you cannot visit certain sites. It does this so that you cannot receive help or information at sites like BleepingComputer.com on how to remove this infection. When you attempt to visit these sites you will instead be shown a fake alert stating that the site you are visiting is dangerous and that the rogue is blocking it for your protection. The message that you will see is:

Vista Security 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
– Dangerous code found in this site’s pages which installed unwanted software into your system.
– Suspicious and potentially unsafe network activity detected.
– Spyware infections in your system
– Complaints from other users about this site.
– Port and system scans performed by the site being visited.

Things you can do:
– Get a copy of Vista Security 2012 to safeguard your PC while surfing the web (RECOMMENDED)
– Run a spyware, virus and malware scan
– Continue surfing without any security measures (DANGEROUS)

Just like the fake security alerts, the browser hijack is just another attempt to make you think that your computer has a security problem so that you will then purchase the program.

Without a doubt, this rogue is designed to scam you out of your money by hijacking your computer and trying to trick you into thinking you are infected. Therefore, please do not purchase this program , and if you have, please contact your credit card company and dispute the charges stating that the program is a computer infection. Finally, to remove Win 7 Antispyware 2012, Vista Antivirus 2012, and XP Security 2012 please use the guide below, which only contains programs that are free to use.

Tools Needed for this fix:

  • Malwarebytes’ Anti-Malware

 

Automated Removal Instructions for Win 7 Antispyware 2012 & Vista Antivirus 2012 using Malwarebytes’ Anti-Malware:

  1. Print out these instructions as we will need to close every window that is open later in the fix.
  1. It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
  1. This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive. FixNCR.reg.  Once that file is downloaded and saved on a removable devices, insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.regfile to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step.If you do not have any removable media or another clean computer that you can download the FixNCR.reg file onto, you can try and download it to your infected computer using another method. On the infected computer, right click on the Internet Explorer’s icon, or any other browser’s icon, and select Run As or Run as Administrator. If you are using Windows XP, you will be prompted to select a user and enter its password. It is suggested that you attempt to login as the Administratoruser. For Windows 7 or Windows Vista, you will be prompted to enter your Administrator account password.Once you enter the password, your browser will start and you can download the above FixNCR.reg file. When saving it, make sure you save it to a folder that can be accessed by your normal account. Remember, that you will be launching the browser as another user, so if you save it to a My Documents folder, it will not be your normal My Documents folder that it is downloaded into. Instead it will be the My Documents folder that belongs to the user you ran the browser as. Once the download has finished, close your browser and find the FixNCR.reg file that you downloaded. Now double-click on it and allow the data to be merged. You should now be able to run your normal executable programs and can proceed to the next step.
  1. Now we must first end the processes that belong to Win 7 Antispyware 2012 & Vista Antivirus 2012 and clean up some Registry settings so they do not interfere with the cleaning procedure. To do this, please download RKill to your desktop from the following link.RKill Download Link.  When at the download page, click on the Download Now button labeled iExplore.exe download link . When you are prompted where to save it, please save it on your desktop.
  1. Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Win 7 Antispyware 2012 & Vista Antivirus 2012 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Win 7 Antispyware 2012 & Vista Antivirus 2012 when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Win 7 Antispyware 2012 & Vista Antivirus 2012 . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. If you continue having problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.Do not reboot your computer after running RKill as the malware programs will start again.
  1. There have been reports of this infection being bundled with the TDSS rootkit infection. To be safe you should also run a program that can be used to scan for this infection. Please follow the steps in the following guide:

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

If after running TDSSKiller, you are still unable to update Malwarebytes’ Anti-malware or continue to have Google search result redirects, then you should post a virus removal request using the steps in the following topic rather than continuing with this guide:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help Topic

If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again.

  1. Download Malwarebytes’ Anti-Malware, also referred to as MBAM, from the following location and save it to your desktop:Malwarebytes’ Anti-Malware Download Link (Download page will open in a new window)
  1. Once downloaded, close all programs and Windows on your computer, including this one.
  1. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
  1. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button.
  1. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

 

 

  1. On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for Win 7 Antispyware 2012 & Vista Antivirus 2012 related files.
  1. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

 

 

  1. When the scan is finished a message box will appear as shown in the image below.

 

You should click on the OK button to close the message box and continue with the Vista AntiSpyware 2012 & Win 7 Home Security removal process.

  1. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  2. A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

 

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

  1. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
  1. You can now exit the MBAM program.
  1. As many rogues and other malware are installed through vulnerabilities found in out-dated and insecure programs, it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer. A tutorial on how to use Secunia PSI to scan for vulnerable programs can be found here:How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector

Your computer should now be free of the Vista AntiSpyware 2012 & Win 7 Home Security program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes’ Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

To see the original article in its entirety click here.

Mobile Application Management (MAM)

Mobile Device Management does not stop with configuring policies, getting asset information, and securing a mobile device. The MDM solution should also provide the administrators the ability to manage the Apps that are installed on the devices.

SJT Support also provides the Mobile Application Management (MAM) capability that helps administrators perform the following management functions:

  • App Management
  • App Distribution
  • VPP Integration
  • Reports 

App management:

  • Manage the Apps over the Air (OTA) to groups/devices.
  • Automatically get App information from App Store
  • Maintain a repository of all Apps used in the network
  • View the list of Apps and their installation count on mobile devices.

App distribution:

  • Seamless distribution of both in-house and App Store Apps to devices and group of devices
  • Advertise Apps on App Catalog and make user choose to install themselves
  • Get the status of the deployed Apps on the users’ devices
  • Remove Apps when not required anymore

Integrate with Volume Purchase Program (VPP):

  • Integrates with Apple Volume Purchase Program to install commercial apps.
  • Automatically assign redemption codes to users upon installation or revoke when not installed
  • Get notified on insufficient redemption codes

Reports:

  • Comprehensive reports helps to monitor apps installed in device.
  • Specific reports can be extracted like:
    • Apps by Devices – Generates the report based on apps available in the device.
    • Devices with/without specific app – Generates report based on specific app.

Kill Your Java Plugin Now!

Java Plugin Security Information

Kill your java plugin as soon as possible.

A new Java zero-day security vulnerability is already being actively exploited to compromise PCs. The best way to defend against the attacks is to disable any Java browser plugins on your systems.

The offending bug is present in fully patched and up-to-date installations of the Java platform, now overseen by database giant Oracle, according to Jaime Blasco, head of labs at security tools firm AlienVault.

“The exploit is the same as the zero-day vulnerabilities we have been seeing in the past year in IE, Java and Flash,” Blasco stated.

“The hacker can virtually own your computer if you visit a malicious link thanks to this new vulnerability. At the moment, there is no patch for this vulnerability, so the only way to protect yourself is by disabling Java.”

The exploit targets Java 7 update 10 and prior versions. No fix is available and early indications suggest that exploitation is widespread. Brian Krebs reckons the exploit has found its way into crimeware toolkits, such as the Blackhole Exploit Kit, which will uses the hole to infect victims with software nasties.

Java vulnerabilities were abused by the infamous Flashback Trojan, creating the first botnet on Mac OS X machines in the process last year. In the years before that attacks on Java and Adobe applications have eclipsed browser bugs as hackers’ favourite way into a system.

In all but a limited number of cases Java support in web browsers is not mandatory for home users, unless required by a banking website or similar, so disabling plugins even as a temporary measure is a good idea. Businesses, on the other hand, that rely on Java for particular applications are not so fortunate.

While waiting for a patch from Oracle to plug the gaping hole, you can contact South Jersey Techies by emailing support@sjtechies.com to make sure your systems are protected.

Java Update Coming Tuesday

Oracle says Java Update Coming Tuesday!

Oracle is working on an update to address a flaw in its Java software.

The company says it will release a patch that will fix 86 vulnerabilities in Java 7 on Tuesday.

The Department of Homeland Security last week said computer users should disable the program in web browsers because hackers were using a zero-day vulnerability to attack computer systems. Criminals were using the flaw to stealthily install malware on the computers of users who visit compromised websites.

The problem, which affects Oracle Java 7 update 10 and earlier, can allow an untrusted Java applet to escalate its privileges, without requiring code signing.

 

 

Java, which is running on 850 million computers, is a computer language that lets programmers write software using just one set of codes for computers running Windows, Apple OS X and Linux. Internet browsers use it to access web content and computers and other devices use it to run a plethora of programs.

 

 

In fact, Java is so ubiquitous that the software has become a major bull’s-eye for hackers. Last year, Java overtook Adobe Reader as the most frequently attacked software, according to computer security firm Kaspersky Lab.

Mac users probably don’t have to worry because Apple already removed Java plug-ins from OS X browsers. Apple apparently learned a lesson last year when it took its time making a Java patch available and as a result more than 600,000 Macs were infected with malware.

Last February, Oracle released a fix for a targeted vulnerability identified as CVE-2012-0507 and included it in an update for the Windows version of Java. However, since Apple distributes a self-compiled version of Java for Macs, it ports Oracle’s patches to it according to its own schedule, which can be months behind the one for Java on Windows.

Mozilla also has blacklisted all current releases of Java.

Tight Budget? 10 Great Tools If You Are on a Budget

Takeaway: From diagnostic tools to antivirus to backup utilities, this list of freebies will help you do more with less.

If you’re trying to stretch a thin IT budget, you probably can’t afford a lot of pricey tools. Luckily, a number of highly useful tools are available for free. Some of them even work better and are more efficient than their costlier alternatives.

1: ComboFix

When the standard antivirus/malware software can’t seem to find the problem, ComboFix almost always does. It also looks for and removes most rootkits and Trojans. To use this tool, you must completely disable all antivirus solutions (and you should completely remove AVG). Caution: If ComboFix is not used properly, it can wreak havoc on the machine you’re trying to fix.

2: ProduKey

ProduKey will help you get product keys from installed applications so that when you need to migrate to a new machine, you can continue using those costly licenses. ProduKey will recover keys from more than 1,000 software titles, including Microsoft Office, Adobe, and Symantec. When you use this tool, you will have both the product ID and the product key; the ID is important because it will tell you which version of the software is installed.

3: Hiren’s BootCD

Hiren’s BootCD is a one-stop-shop Linux boot disk that can help you pull off a number of small miracles. Its tools include Antivir, ClamWin, ComboFix, Clonedisk, Image for Windows, BIOS Cracker, 7-Zip, Bulk Rename, Mini Windows XP, CCleaner, and Notepad++, among others. This single bootable disk could easily be the only tool you need.

4: Microsoft Security Essentials

Microsoft Security Essentials is one of the better free antivirus tools available. Its tagline, “The anti-annoying, anti-expensive, anti-virus program,” is true. When the firm I work with was looking for a new free solution, we tested Microsoft Security Essentials against AVG Free and Avast Free and found Microsoft Security Essentials to be superior, less intrusive, and less resource intensive.

Note: Microsoft Security Essentials can be used for free for up to 10 PCs. Beyond that, you can purchase the business version, System Center Endpoint Protection.

5: WinDirStat

WinDirStat is the program you need when you must know what is taking up the space on a hard drive. When C drives begin to fill up, performance degrades rapidly. It’s essential to have a tool to help you discern what is gobbling up the precious space on a machine, and WinDirStat is the foremost app for getting this information quickly.

6: CCleaner

CCleaner gets rid of temporary files and Windows Registry problems faster than any other tool. When a machine is having problems, this is almost always the tool I use first. CCleaner also helps ensure privacy by getting rid of traces left behind (such as cookies) by Web browsers.

Note: It is legal to use CCleaner Free for business use. However, CCleaner Business Editioncomes with a few more features (including one-click cleaning) than the free version.

7: Defraggler

Defraggler blows away the defragmenting application in all Windows operating systems. It’s faster, more reliable, and more flexible than the built-in tools. With Defraggler, you can defrag a single file or an entire drive. Defraggler supports NTFS and FAT32 systems.

8: 7-Zip

7-Zip is the best file archiver/compression tool (outside of Linux command-line tools). It’s open source and works on multiple platforms. Once you install it, you will find 7-Zip has Explorer support and a simple GUI tool that any level of user can manage.

9: SyncBack

SyncBack is a reliable, easy-to-use backup utility. No, you won’t be recovering from bare metal, but you can save your precious data. SyncBack can synchronize data to the same drive, a different drive or medium (CDRW, CompactFlash, etc.), an FTP server, a network, or a zip archive.

10: FileZilla

FileZilla reminds you that the cloud has not made FTP useless. There are plenty of reasons you might need FTP, so why not use one of the best and most cost effective FTP clients? And if you need an easy-to-use FTP server to slap up on your Windows machines, FileZilla has one.

Doomsday – Windows XP End of Life

 

XP

Takeaway:  Risks with staying with Windows XP after April 8, 2014.

Since being release worldwide on October 25, 2001, Windows XP has become one of the most popular versions of Windows.  OEM and retail sales of Windows XP ended in June 2008, while smaller OEMs continued to sell the Operating System until January of 2009.

On April 10, 2012, Microsoft officially announced that as of April 8, 2014 they will end extended support for Windows XP and Office 2003, after which no new bug fixes or patches will be issued.

Organizations may be taking a spontaneous risk and assume that Window’s XP’s prolonged life means major vulnerabilities have been acknowledged and dealt with.  If XP were secure, there still might be application-level vulnerabilities.  Even the ranges of security breaches are inadequate to persuade some organizations that are still using Windows XP to upgrade.  The dynamics that have safeguarded XP’s success are now working against the organizations that stuck by the operating system.

A major aspect attackers assess during their investigation is the operating system and the applications used within an organization.  With Microsoft ending their support, the vendors for applications running on it will most likely end support.

On the other hand, those preparing to continue using XP after the cut-off date, are going to be in a unpleasant situation trying to protect their intellectual property, but can take certain steps to limit exposure to risk.  There are specific technologies you could deploy that will permit you to remain using legacy systems.  Mitigating technologies like Host-Based Intrusion Protection will be able to identify that a vulnerability exists and make that vulnerability difficult/impossible to exploit by applying a virtual patch to those non-supported environments.

However, XP’s acceptance is down to the technology itself and an operating system format that people are content with.  The significant changes with Windows Vista, Windows 7 and especially Windows 8 are the reason people are resistant to change.

To protect and upgrade your home or business

 please contact us 856-745-9990 or click here.

 

LivingSocial’s Cyber Attack

living-social-logo

Recent victim of a cyber-attack is the local daily deal site, LivingSocial.  Protected during the attack was merchant and customer banking and credit card information.  Regrettably, 50 million subscriber names, date of birth, e-mail addresses and hashed passwords were compromised.

Steps to further protect your personal information:

  1. An e-mail from LivingSocial will provide you with the necessary steps to create a new password.
  2. If you are using the same password for multiple accounts it is strongly recommended to change all passwords.
  3. After an attack, hackers try to use phishing to extract additional information.  Before changing your password make sure that you are directed to www.livingsocial.com.
  4. Always protect yourself by never sending personal information via e-mail to any person or organization.

Protection for WiFi

Takeaway:  Five simple ways to protect your information when using WiFi and Hotspots.LOCK2

WiFi is exchanging data through a wireless local area network (WLAN) from electronic devices including smartphones, laptops and tablets.

Also, WiFi is available in public places such as Airports and Restaurants.  Identity Thieves, Hackers and Criminals take advantage of WiFi because it is convenient for users to access personal information.

1.  Avoid accessing your bank accounts & online stores:

When using public WiFi, it is best to avoid using your credit card or banking information.

2.  Double check the WiFi name:

Prior to connecting to a public network double check with an employee for their network name.  Identity thieves can create a false Hot-Spot, have users connect and then steal personal information.

3.  Turn-Off “Auto Connect”:

Stay in control of what networks you connect to, smartphones have a setting that automatically connects you to the closest open network.  Simply, turn this setting off to decide what networks to connect to.

4.  Never use the same Password:

An additional step you can take to keep online accounts safe is to use different passwords for each account.   Using the same password makes stealing your information easier for criminals.

5.  Check the Lock:

The extra layer of security is the locked padlock in the address bar of your browser or “https” which means that your information has been encrypted.

Implementing BYOD

BYOD

Bring-Your-Own-Device (BYOD) is permitting employees to bring personal devices (laptops, tablets, and smart phones) to their workplace, and use those devices to access company information and applications.

Create a Private App Store

Designing a private App Store provides the ability to manage custom and purchased apps.  Businesses can manage apps by pushing mandatory apps, approving recommended apps and blocking rouge or unrelated apps.

Policy Compliance

Policies ensure security, productivity, protection of resources and reduce risks.  Implementing a location-based service (LBS) such as Geo-Fencing and GPS will set limitations on access to data based on location.

Strong Security

There are many layers of security for a BYOD environment.  Device enrollment can be a one-time passcode and/or Active Directory credentials.  Applying user profiles will distribute policies, restrictions and Apps based on logical groups (department/location/device type).  Other types of security are tracking device locations, Remote Lock, Complete Wipe and Corporate Wipe.

Track Usage

Usage thresholds can be monitored based on talk, text, data and roaming for each user.  Setting up alerts and reports for misuse, excessive bandwidth, additional charges and security exposures will help track usage appropriately. 

Banning Rouge Devices

Compromised devices such as “jail broken” iPhone or a rooted Android should be restricted from accessing enterprise data and resources.  Compromised devices are susceptible to virus attacks.

For more information on Mobile Device Management

Contact us at 856-745-9990 or click here.

 

New Security Threat: CryptoWall

 

crypt

In October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this – CryptoWall – has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn’t go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:

  • Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
  • CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn’t paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
  • Payment servers can’t be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn’t go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:

  • Don’t open any suspicious attachments – Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
  • Don’t open emails from unknown sources – Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you don’t use. Chances are high that they contain some form of malware.

CALL US NOW!