Archive for the 'Computer Security' Category

 

The latest 2017 Ransomware and what to do about it.

 

The latest mid year ransomware is a serious threat and every computer is vulnerable. The serious threat prevention tools in Windows is exclusive to Microsoft’s enterprise customers and online exchange users in Office 365. The new threat is called Petya or NotPetya, but names are not important, it’s the actions of the rogue code. The new Petya strains are not particularly new either, but the techniques are new.

How do the new virus strains get on your computer?

  1. by stealth download from your browsers, an exploit kit is downloaded behind the stage to infect the vulnerable system.
  2. by email attachments and links, such as Word documents, resumes, fake documents etc.

How do I know I am infected?

  1. you will get an infected pop up message or warning, sometimes demanding money
  2. you may not get any warning message; if you suspect you may be infected seek professional IT help from an MCP (Microsoft certified professional) to carry out best practice diagnosis and removal procedures to mitigate risk of data encryption or MBR lockdowns.

What to do after you get a warning message and a ransom demand or similar.

  1. shut down your computer by pressing the power button and remove any network and power cables, battery.
  2. do *NOT* attempt to click off the warning message
  3. do *NOT* attempt to run a virus scan because it will encrypt all your files and possibly the master boot record rendering your drive non bootable

What to do before you get infected

  1. follow the 3-2-1 rule. Backup your data in an automated regular fashion to two locations, including an offsite backup if you have very important files, financial and customer records, family history in the form of photographs.
  2. get an annual maintenance and security checkup by an experienced and certified IT technician.

If you get the ransom warning message or a fake message like the one shown below, your system may be not yet be encrypted or your drive might not yet be locked via the MBR. Get help from an experienced computer tech at this stage to help prevent loss of data and system.

fake warning after restarting system following infection by ransomware

fake warning after restarting system following infection by ransomware

We do provide preventative bug removal via our online remote access service. It’s completly safe! We are based in Australia. Call today or email.

 

 
 
 

The end of the Outlook junk spam filter in 2017

Microsoft is ending support for the junk spam filter known as Smartscreen technology. At a time when email spam and phishing emails are at an all time high why is Microsoft ending support for Smartscreen? It’s worked well over the years because of the Bayesian technology and when your inbox starts getting 100 spam emails a day you are going to wonder how you are going to live without it. User trends such as cloud based computing is driving the change to Exchange Online Protection and ATP Advanced Threat Protection.

For those who do not use Office 365, Sharepoint, or Exchange Online, some ISP’s have some type of spam protection, others don’t. Some ISP’s will no doubt start charging (as one notable ISP has been doing for years with poor results if their forums are a gauge of spam filtering success or failure). Small business with their own domain name will probably have spam protection but it will need to be enabled, computers configured to work with the filter, and some basic education for end users.

Here are a few basic tips to help you avoid being seen as a live candidate and get on email spam lists:

  1. don’t open an email that is obvious spam
  2. don’t reply to a spammer to abuse them
  3. don’t delete email, this action is likely to send a signal that you are live. Sending an email to spam folder does not send this signal.
  4. don’t use your own email on forums and for sale sites, get a throwaway email address
  5. report unwanted (spam) email from your local liquor store or real estate to ACMA.com.au to help discourage our sacred inbox becoming a marketing portal.
  6. have an anti spam software solution in place

Don’t put up with spam every day. It uses bandwidth and is a complete waste of time and makes people angry. We provide an easy support solution via remote access to log in to your computer and configure for both home and small business, home office etc. There is a basic one hour charge to configure antispam measures which is better than dealing with spam everyday.

 
 
 

is your gmail hacked? How to get access again.

google_mobile_apps

emails accounts like gmail are used by small business and professionals as a quick and easy (free) email service but there’s a catch. If you get hacked there’s no one to call, you are out in the cold and left to your own resources.

Hacking is mostly not really about hacking, but guessing your password. We see passwords all the time that look like this:

abc1234

password

and so on. If you are running a business off this free email system you should be prepared for a disaster or you might never see your email again.

To mitigate the risk:

  1. associate a mobile phone number with your account
  2. if you are trying to regain access to a lost or hacked account it seems you should be doing this from the same computer you usually log in with, otherwise flags are raised and it will be more difficult.
  3. setup a secondary email address in your account, though if your account is hacked this might be changed.
  4. set up strong passwords, not the name of your cat you talk about on your social profiles.

You can also setup gmail to use offline so if you do get hacked you will have access to old emails. Follow the steps in this support article.

https://support.google.com/mail/answer/1306849?hl=en

 

 
 
 

How to keep backups safe from malware

img_5327

The worst of malware doing the rounds is so-called ransomare, locky, cryptolocker, rogue or fake antivirus, with new variations popping up often. It is installed covertly on the machine and may first attack your antivirus programs to avoid detection. The likelihood of detection is reduced due to the malware’s attack vectors and its sophistication. Modern antivirus programs are often found on computers with this type of active malware.

We are seeing more recent variations of this virus which bypass the ransom payload,  its purpose can also be to steal banking information, credit card details, or identity. The ransomware version may lock (encrypt) your files or even attack the MFT (master file table) which locks you out of your drive. This is the point where you can say goodbye to your data.

img_5328

 

Protecting your backup from nasty malware.

If you are backing up your files to any medium that backup will be at risk of the same data encryption described above. If you are a small business, a home office, or just a home user with precious family photos, you need to make sure you are using best practice to prevent the cryptolocker virus from infecting your backup. We now offer this service by safe, remote login to your computer.

Call today to get industry best practice backup mitigation for home or small office, small business.

 

 
 
 

Removing Browser redirect hijacks (solved!)

 

redirect-hijack

example of a browser hijack with spyware

You will know it if you have a browser redirect virus, also known as the google redirect virus or malware. The various iterations of the dreaded browser hijack or redirect removal solution is a mystery to many on internet forums. It’s nasty and resists every attempt at removal. It is invisble, undetectable by all the malware scanners and antivirus programs including Norton’s Powerful Eraser tool, bitdefender speciality tools, eset’s usually very efficient scanner in ramdisk, in fact just about everything.

We had a business client with this infection and after struggling to remove it, we decided to persevere until we found the mechanism and methods to remove it. Unfortunately, it seems each variant or type of this infection has it own methods to provide a successful removal. There is no single access point to remove it.

But good news! We offer an online (remote access) service to remove this, along with all the other bugs on your computer. If you are anywhere in Australia call or email to arrange a good time for us to log in for you.

wiredoffice.com.au has been providing trusted service for over 15 years and is a Microsoft registered partner, and a Microsoft Certified Professional (MCP).

 
 
 

What to do when you have a lock screen or ransomware

fake lock screen

example of fake lockscreen

Tech support scams and ransomware lockout screens can be delivered by fake emails (phishing emails), hijacked ads on display networks, downloads of programs with names like free antivirus, speed up my computer, and so on. Ransomware can encrypt your files with 128bit encryption.

Any files and folders that are encrypted are gone, at least until computer science find a way to decrypt any time soon. This is not likely because the malware uses standard encryption methods.

If you have the lock screen in place furious clicking to try to remove it will be in vain and make matters worse.

fake Windows screen ransomware

fake Windows alert screen

If you are in our local area in northern beaches of Perth bring your PC or laptop in to us.

  1. remove any ethernet (the blue network cable) cable to disconnect from the internet
  2. do a hard shutdown by holding the start button down fully for several seconds or until the machine shuts down completely.
  3. bring your machine in to our Duncraig workshop
  4. if you are located elsewhere in Australia we can log in remotely to disable the lockscreen and remove the infection.

Every attempt you make to remove the lock screen or scan for the bug will further embed the virus. This particular malware type is also able to install stealth keyloggers to search for passwords, identity and financial information. It can hide in your system and relaunch at a later date if not removed now.

Call us for a remote support session or call to bring your machine in.

 

 
 
 

Fake Tech support Scams in 2016 and How to Deal with them

fake

 

Fake tech support or online technical support scams is something we are going to be seeing a lot more of in 2016. Why? Because they have just about mastered the art of fake online technical support. Here’s how they work and here’s how they fool everyday computer users and small business into believing they are legit.

A friend was on her home computer when she got a pop up alert, like the one seen above. She rang me and said it looks so real. What also helps with this illusion is the 1800 number which is also fake. When you ring this number it diverts to another number, usually offshore in places like India. You will be sceptical when they claim to be from Telstra, or Microsoft, or an agency that deals with tech support for well known firms. You might ask, “how do I know you are for real?”, and this is where it gets clever and very effective. Rather than use their own fake business names like they did in 2015, they will be using the business names of real firms doing real IT work. This is at least one variation of this type of fake scam. They will send you to that firms website to confirm who they are. You are with them on the line and it’s likely you will not phone that firm because you (a) on the phone with them or (b) that firm is in somewhere a long way off like Canada.

Microsoft support technician credentials or other Microsoft competencies is highly regarded in IT support so the scammer of late is sending the sceptical customer to the Microsoft Pinpoint site to check on the credentials of the firm whose name they are borrowing. Your every objection is covered so far except that something about Joe brown from India doesn’t smell kosher. Trust your instinct.

Exposing fakes and how would you know?

Google is littered with fakes for just about everything, such as fake phone numbers and websites for computer and printer vendors. You might think you are talking to HP while the tech person accesses your PC to install “troubleshooting software” but when they fail to fix the issue and start asking for money for their annual support plan and you realise you are being jipped it’s too late. They’ve installed the hidden software to later steal your ID and launch malware from a remote server. Now you are going to need a real IT support tech with sound experience and credentials to clean your computer up.

As you can see it’s getting harder to spot the fakes but keep these tips in mind:

  1. if you get a pop up alert on your computer warning you about malware, with a number to call, this will be fake. No such thing exists in Windows. Do not call the number.
  2. if someone calls you just hang up. The more you goad them the more likely you are to become distressed when they threaten to send someone local around to your residence.
  3. beware of fake antivirus programs alerts, such as the well documented Norton fake antivirus alert and providing a number to call for urgent online tech support. The fake alert could even be for the antivirus program you have installed.
  4. if in doubt seek help by calling a professional IT guy with Microsoft credentials in your area.

Real Online Tech Support.

The proliferation of fake tech support scams is growing from the real world popularity and convenience of having an online computer technician fix or maintain your computer remotely.

In late 2015 we launched our own version of online tech support within Australia at wiredoffice.com.au partly in response to the fake services and to meet the local demand. Our pricing is capped at 2 hours regardless of how long we spend on your computer. Call us for more advice on checking our credentials which we cannot post online.

 

 
 
 

xmas online security tips and how to stop helping thieves get your money.

As you can see in the TED talk above by Jeff Carter, whose eye scan technology is already in use at some airports around the world, internet and credit card security is sometimes out of our hands and is in the hands of large banks or that little online store selling retro clothing in a foreign country, but there is still plenty we can do at our end to help keep us safe.

Here are some security tips for online (and offline!) security:

1. if you are using your credit card online and the form requests your DOB, shop elsewhere.
2. if someone calls you claiming to be from your bank, or Telstra for example, and asks for your DOB to check the status of your account or payment, don’t give it. You can confirm by phoning them back, not on the number they give you because old discarded Telstra numbers have been known to be used (hijacked), get the number yourself and call back. Nobody gets my DOB over the phone.
3. on websites such as yahoo, google, etc., I use the same term when asked what my mothers maiden name is, which school I went to, where I was born and so on. Whatever you might think about this method it’s far better than this real and personal information being in the wrong hands. I use one term for all these questions including my imaginary dogs name.
4. if you use words found in a dictionary or words and terms that appear on the hackers favourite list of passwords you will be helping any hackers access your accounts.
5. I use a debit visa for all my online buying and payments. If it gets stolen they won’t get much and it is easy to cancel and live without for a week while a new card is issued.
6. banks in Europe have been known to reject liability for computers that are not protected with an antivirus program. Read my other post about snake oil and costly antivirus programs and download Microsoft MSE (Microsoft Security Essentials) because it’s free and as affective or ineffective (with malware and adware) as the others. If you use two AV’s one will react badly with the other and leave you potentially unprotected. Banks may also have the right to refuse liability for infected machines. Remember, bank websites can detect the presence of viruses and malware.
7. if you receive an email from your bank or parcel tracking, or your ISP etc etc., in the reading pane of outlook hover your mouse over the link they want you to click, the hover will reveal the true address. If in doubt go directly to the website and bypass the email.

Xmas is a busy time for hackers and thieves. We hope you enjoy a safe and crime free xmas. Remember to call us for an annual security and general maintenance check-up and tune-up of your home or business computers and laptops.

 
 
 

Are you wasting money on mobile phone security apps?

mobile_phone_security

Do you need an antivirus app on your Android or iphone? Computer magazines and ezines like this often present stories about security risks on mobile phones and why we should part with more of our cash on antivirus programs and apps, but in a kind of misguided way. For example, in the article link above Computerworld cites google’s offer to refund money to anyone who bought a fake antivirus app on the google Play Store, but how many did download it and how many sought the refund?

Most of the articles on this subject quote statistics based on estimates and lab based data, not real world data. I have not heard from anyone or know of anyone who actually had an infected phone, Android or iphone. The articles on the subject mostly quote the well known antivirus vendors such as Trend Micro, Norton, MacAfee and others who have been selling a flawed product for years that do little to protect computers from malware, spyware, Trojans and rogue programs. These same people are selling antivirus programs for mobile phones and use the statistics as a marketing exercise. In this article from The Melbourne Age Digital Life Ben Grubb quotes Google’s Adrian Ludwig, lead engineer for Android security at Google who said “…those who used security software on the phones would likely get no protection from it”  (read the full article here). In 2011 a Google engineer called anti-virus software vendors for mobile phones charlatans and scammers. Open source programs manager at Google Chris DiBona called it “….. [bullshit] protection software”

Here’s some interesting statisitics, 80% of apps in the Apple store are called zombie apps – meaning they are hardly ever downloaded at all. The other 20% have been downloaded 75 billion times and earned $15 billion for their creators. If you are an especially cautious type you can look at www.lookout.com for iphone and Android. It has a range of features making it more useful than an antivirus app and has a zero price tag for the standard or personal version.

Disclaimer: this information is presented as general information only and may not suit all mobile phone users.

 

 

 

 
 
 

How to tell if your computer is infected with malware and why you can’t trust your antivirus.

As far back as January 2013 the New York Times ran a story about Chinese hackers who successfully installed 45 malicious-ware items on the NYT’s network with Symantec’s antivirus detecting just one of them. It’s a common story. Recently we seen a computer with Trend Micro Titanium edition installed that had around 90 malware items and Trend did not detect a single one of them. You can read more about this in my other posts about computer security and why your annual investment in antivirus and firewalls will be giving you a false sense of safety.

In 2013 Symantec (Norton) would not comment on the Chinese hacking story, but in this article they fessed up and said antivirus is not enough to face today’s threats. In our experience in the trenches no antivirus is up to the task, regardless of who wins what award for best AV of the year in computer magazines. The no virus found message after a 2 hour scan is certainly one of the problems in creating a false sense of security.

Modern malware has also shown the ability to interact with antivirus and take control of these programs. So far the security industry response has been to keep their customers spending and installing antivirus. It’s about as lame as the response to hackers at ATM’s – use your left hand to hide your PIN,  and while we are at it let’s  introduce tap & go cards.

Until things change (and don’t expect that anytime soon) you are going to need to be aware of the warning signs of a compromised system. Trojans, viruses, malware and spyware are programs that can infect systems with no user interaction on vulnerable, exploited systems. Sometimes you will see pop ups or fake antivirus, other malware is less obvious. What is a vulnerable system? Typically small business and home/home office computers that only have an AV installed, with no other levels of security hardening.

Typical warning indicators or group of indicators of malware infection:

1. You have a downloaded a free antivirus program and it instantly found a lot of viruses and opens the scan window every time you start your computer. The search term “free antivirus” and other search terms like speed up my computer or registry cleaner program are common infection methods.

2. Your existing antivirus program has alerted you to a scan with a result, but failed to delete or quarantine the found items, or your AV has shut down.

3. Your computer is running slower than normal, crashes programs or restarts randomly.

4. Your browsers start page has changed, and, or your searches redirect you to pages you didn’t search for.

5. The internet has slowed down and generally the computer is running much slower.

**You still need to have an antivirus installed for the viruses it catches, and for banking compliance on websites.

There are a number of levels to hardening your computer beyond an antivirus program. If you are in Perth WA contact us for optimised security, screening for bugs, and current best practice hardening.

Want to know which is the best AV at this time? The free Microsoft Security Essentials is our preference but stopped working on XP as of April 8 this year. If you have trouble with Windows 7 backup and MSE you may need to uninstall and install an alternative.