Blog

Malware called DressCode infects apps in app stores

Apps infected with Malware called DressCode

Apps infected with Malware called DressCode are reportedly on the rise from application stores.

Dresscode Malware enables attackers to use your Android device to launch attacks against another

person or organisation’s online services or gain access to corporate servers and information.

Reports from TrendLabs Security Intelligence  state that even games and themes maybe infected with DressCode.

Other  reports state that 400 compromised apps have been detected on Google Play and more than 3,000 have been detected overall. 

Keeping your device safe from Malware DressCode

One of our security partners Sophos  recommends to keep your device safe by installing

Sophos Security for Mobile which is specifically designed for Android which can help identify

malicious or potentially unwanted applications.

We can can also show you how cost-effectively protect and maintain the security of your network, 

assets and data against external attack, providing you peace of mind with our Network Security Solutions.

Google Play also have some tips on protecting against harmful apps and recommends you check the star 

ratings and reviews of an app and the number of times the app has been downloaded before deciding whether or not to proceed.

 

More information 

Stay Smart Online‘              ‘Sophos Security’

iTandBeyond are an SSO Partner & Sophos Silver Partner

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Be careful when installing Java Updates – more FoistWare

Be careful when installing Java updates - more FoistWare installed

Exercise Caution when installing Java Updates

Caution when installing Java Updates is required or you may be tricked into installing FoistWare.

What is FoistWare (also called CrapWare)?

Firstly, lets explain what we mean by FoistWare.  FoistWare is a tactic used by software developers to install additional software during the installation process, sometimes without the users knowledge or consent or with deceptive messages that trick the user into installing the additional software.
Often if you accept the default installation options, the unrelated third-party software is installed.
The FoistWare itself may be a legitimate program, though the manner in which it is installed makes it FoistWare.
The software developers try to make a quick buck by tricking users into installing software they don’t need, which can impact on system performance.
Some FoistWare applications are browser hijacks that modify your web browser’s settings without user’s permission, which can inject unwanted advertising, replace your existing home or search pages.

This tactic is sometimes used by Freeware software developers and has been used by Oracle for many years when installing updates to their popular Java software.

What is Java (by Oracle)?

Java is a programming language and computing platform used on many devices from laptops to datacenters, game consoles and mobile phones. Lots of applications and websites will not work unless you have Java installed.
For Australian Accounting firms and Businesses, one especially relevant application that needs Java is the Australian Government’s AUSkey secure login, used to access participating Government websites.

Oracle is at it again installing deceptive software with Java Updates

Java Updates have previously tricked users to install the Google Toolbar, Yahoo and Ask Toolbar and Search App.  Here’s one example of what users were prompted with when installing previous Java Updates:

Caution installing Java Updates - Previous Java Update defaulting to install Ask Search

Previous Java Update defaulting to install Ask Search

The latest Java updates now try to trick you into installing the Teoma Search App:

Caution installing Java Updates - Latest Java Update Install Offer Teoma Search App

Latest Java Update Install Offer Teoma Search App

Other vendors that have been purveyors of FoistWare include:

  • Adobe when you download Flash Player, included Google Toolbar for Internet Explorer or when you download Reader downloaded Google Chrome.
  • Skype

Our Recommendations for Caution installing Java Updates

It is important to install patches and updates for all software, including Java. If you don’t install the latest Java update, you may not be able to use your AUSkey to access Government websites.
When installing software, including updates, always review installation questions/options, rather than simply accepting the Defaults and clicking Next, Next, Next.

If you require any assistance with installing updates, removing any unwanted FoistWare inadvertently installed, or removing any browser hijacks, please Contact Us.

See the following articles for more information on Java Updates installing FoistWare:

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Can Small Businesses Afford Proactive Managed IT Support?

Can Small Businesses Afford Proactive Managed IT Support?

Affordable Small Business IT Support

When determining the affordability and Return on Investment (ROI) of engaging with Proactive Managed IT Support Providers, Small Business Owners often find themselves in a position of trying to balance a limited budget while making sure they have the proper tools to grow their business.  It is a challenge many business owners face, in that they recognise the need for additional products or services that will allow their business to continue to thrive.   However, funds may be in short supply to achieve these goals.

Faced with this challenge, many small business owners are forced to make difficult decisions as to where they can afford to spend money to improve their business.  One of the areas in which business owners are on the fence is whether or not hiring a Proactive Managed IT Support Services Provider is something they can afford.  In some cases the cost is not worth the benefits, however there are many situations where cutting costs will end up costing you more money in the long run.  Here are a few reasons why managed IT support service providers may be more affordable than the alternative.

Technology – In order to be competitive today, small businesses must remain up-to-speed with current technology.  The amount of money invested in this area can be quite large, making it necessary to ensure you have someone in your corner who can help manage and support the technology used in your business.  While the average person is becoming increasingly well versed in the use of basic technology, there remains a need for experts in the industry to ensure your business can stay up and running on a daily basis as well as in the event of a natural or man made emergency.

Internal IT Department – Larger corporations have the budget necessary to support an internal IT department that provides expertise and support of the technology used by the company. Small businesses do not have the same resources and often find themselves either without backup or paying a high price when they have to bring in an outside expert.

Services provided by Proactive Managed IT Support Providers, also known as Manged Service Providers (MSP’s) – When a small business enlists the help of a Proactive Managed IT Support Service Provider, they will agree to a Service Level Agreement (SLA) which covers specific services at a specific price.  This allows the the small business owner to see upfront what they are paying for and how it will work in the budget.

Depending on the business, these services can be customised to meet the specific needs of the client, making it possible to reduce costs in certain areas.  There are many reasons why a small business owner might feel Proactive Managed IT Support service providers are not something they can afford.  Unfortunately the services provided are often not realised until there is an emergency, where small business owners quickly discover the amount of money spent to “fix” a problem or recover from a disaster is much more expensive than planning for it in the first place.  In this case it is not a matter of if you can afford Proactive Managed IT Support services, rather if you can afford NOT to have them.

Click here to learn how [contentblock id=company] can help you save on IT costs with our Proactive Managed IT Support Services for your business in [contentblock id=location].

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

WARNING – new document virus threat in your Inbox

Warning Document virus threat in your Inbox

Another new Document based virus threat is doing the rounds via email.

Several clients in the last few days have reported receiving an email with a Word Document attachment, almost identical to the following email.  It is highly likely the Word document contains a new Virus, MalWare or Trojan Threat.

Check out our previous Blog article for more information on Document Based Malware on the Rise.

Our Business IT Solutions gurus have scanned the suspicious Word doc and although leading anti-virus solutions are not as yet detecting any Threats, telltale signs the email is bogus include:

  • Sender email address domain name (verizon.net) does not match the company name (Onto It Web Services)
  • Sender email address name (phys-mgmt) does not match the senders name (Leigh Wilson)
  • ABN is bogus an not listed on Australian Business Register
  • Very few accounting systems email invoices as Word docs, most are sent as PDFs
  • Highly irregular for the body of an email to be addressed to persons Full Name and Title.  It is interesting that the Full Name, Title, and matching email address have been harvested from somewhere.

Due to our suspicions, we submitted the Word doc to several leading anti-virus vendors for assessment.  In addition to reporting back to us, we also expect updates to their anti-virus definitions soon.

UPDATE: Symantec Security Response have responded to our file submission and confirmed:

  • Determination: New Threat
  • Submission Detail: This file is detected as W97M.Downloader (a Word macro trojan) with our existing Rapid Release definition set.  Protection is (now) available in Rapid Release definitions with a sequence number of 180266 or greater.

What should your virus strategy include for Document based threats?

As new threats are not immediately detected by anti-virus software, please continue to exercise caution when opening email attachments.  You are the first line of defence against Virus, Torjan, MalWare and other Threats.

Contact Us if you need any assistance with your anti-virus strategy or Network Security.


Email received with Word document virus threat attachment:

From: “Leigh Wilson” <phys-mgmt@verizon.net>
To:
Date: 31/08/2016 01:21 PM
Subject: iT and Beyond Pty Ltd; Neville, See and Remit – NET-30 01C956044

Dear Neville Rose,
CEO and Founder

I am getting in touch to let you know that we haven’t received deposit of AUD 1,402.00 from iT and Beyond Pty Ltd (), which appears unpaid.
Since you are our returning client, we are offering you 7 additional days to make the payment. Please check the inserted document for payment requisites.

Best Regards,
Leigh Wilson
Onto It Web Services | Accounts Department
A.B.N 29 740797125
Burke Road Camberwell Victoria 3124

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

CompTIA Dream IT Video Advancing Women in IT

CompTIA Dream IT Video – Advancing Women in Information Technology industry

Computing Technology Industry Association (CompTIA) is a global Information Technology Industry Trade Association and leading voice for the IT industry.  CompTIA has developed a portfolio of IT education, IT certification, IT advocacy and IT philanthropy that empower IT companies worldwide with knowledge and resources.  CompTIA’s Dream IT program is a global effort, led by CompTIA’s Advancing Women in IT (AWIT) Community, to impart the message that the IT industry is a great place for women.

Learn more about CompTIA’s Dream IT initiative in this informative, locally produced video, which interviews women in IT and showcases the diversity of roles in IT careers.

IT covers almost every industry, and does not mean a lifetime in a highly technical role.  Whether you are interested in Science, Technology, Engineering and Math (STEM) based subjects, are creative, or are business driven there is a role in IT for you.

CompTIA Dream IT Video Advancing Women in IT

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

IT Security Tips – Zepto Ransomware

IT Security Tip – Ransomeware is Growing – Zepto

Ransomeware is growing bigger as it is an easy way for cyber criminals to gain access to users personal data.  It’s not like your normal virus that gets installed via a software installation.  In most cases it is delivered via email with a document attached.  When a user opens this document a script is set in motion which downloads the ransomware then in turn infecting your data.  Zepto is not really any different to other ransomware its just like the Locky or Crypto Locker virus’s and they all want to achieve one thing, and that is getting you to pay a ransom to retrieve your data back.  

How it is delivered

Zepto is delivered via email with an ZIP archive file  and a DOCM file attached.   In the first case, opening up the ZIP archive will unpack a file with a .JS (JavaScript) extension. Opening the JavaScript file, however, runs the script program inside, which in turn downloads the ransomware as an EXE (Windows program) file, and runs it.

 

In the second case, the attachment is DOCM, so that double-clicking on the file opens it by default in Microsoft Word. But DOCM is short for “document with macros,” a special type of document that contains embedded scripts written in VBA (Visual Basic for Applications).

Macros inside a Word file don’t run by default (a security precaution introduced many years ago by Microsoft), but they do produce a prompt “Security Warning Macros have been disabled”

If this is enabled the JavaScript will download the ransomeware, run it and encrypt all of your files. The cyber criminals will have a copy of these decyption keys and offer to sell them back to you. They only use bitcoin as payment and normally around BTC-0.5 which is about $300.   So beware if you have an email message to lines of  ‘Attached, please find the documents you requested”  as it is most likely a fake!

More information can be obtained from our cyber security Partners Sophos and Symantec.

Our Network Security solutions can show you how cost-effectively protect and maintain the security of your network, assets and data against external attack, providing you peace of mind.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

nbn™ – What does it stand for ?

nbn

So what does nbn™ stand for?

Not only does nbn™ stand for National Broadband Network it is also going to revolutionise the way Australians access the internet.  Its super fast connectivity will create a reliable phone and internet services to homes and businesses  across the country.

There is a three year roll out plan which would see 7.5 million homes and businesses connected by 2018.  1,719,122 premises are ready for services so far, Victoria alone has 369,040. 

But is it available in your area?  The nbn™ website has a new feature where you can check your address to find out if the nbn™ network is available at your home or business.  

The nbn service will have number of different connection types which are part of the Liberal Government’s Multi-Technology Mix (MTM).  Each area will be allocated a connection type as the 3 year roll out plan progresses, they include: Fibre to the home (FTTP), Fibre to the node (FTTN), fixed Wireless or Satellite and Cable, Hybrid Fibre Coaxial (HFC).

You can learn more about the MTM by checking out iiNet’s helpful video.
Once the nbn™ is in your area the old services will be switched off. To keep using the fixed line home phone and internet you will need to move them to the nbn™However moving to the nbn™ is not automatic and the following services will be permanently disconnected if you do not move them to the nbn™ you will also need to contact your preferred internet service provider to organise a connection.

  • Telstra Home/landline phone services (except some Telstra Velocity lines)
  • Home/Landlines phone services from all other phone companies, where the service is provided over Telstra’s copper phone lines
  • All ADSL, ADSL2 and ADSL2+ internet services from all providers
  • Telstra BigPond cable internet services
  • Optus cable internet and cable phone services (switch off date yet to be determined)

You can keep up to date with the progress of the nbn™ rollout in your area by registering at the nbn™ website

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

IT Security Tips – Lenovo Security Alert

lenovo_logo_red-930x488

IT Security Tip – Lenovo Security Alert: Accelerator Vulnerability

If you own a Lenovo computer you may want to read on! 

Lenovo have announced that their installed system software on Windows machines has a security flaw.  The software in question is Lenovo Accelerator ApplicationThe Lenovo Accelerator Application is used to speed up the launch of Lenovo applications and was installed in some notebook and desktop systems pre-loaded with the Windows 10 operating system.

The company warned that an attacker with man in the middle position on a network could exploit the vulnerable update mechanism, and run arbitrary code on users’ systems. The vulnerability is rated as high risk by Lenovo. How the application works, an UpdateAgent pings a Lenovo server every ten minutes for updates, with the entire data exchange in plain text over HTTP. An attacker could easily impersonate the Lenovo update server, and deliver malware on users’ computers as UpdateAgent makes no effort to validate patches that are downloaded and executed on systems.

 The full list of impacted devices is vast but include the Lenovo Notebook 305, Edge 15, Flex 2 Pro and Yoga product lines. In addition, Lenovo’s IdeaCenter and Yoga Home 500 are amongst the 39 desktop models impacted by the security flaw.  You can read the full list here.

Lenovo ThinkPad and ThinkStation devices are not affected by this security issue.

The Chinese PC maker recommends that users immediately uninstall the software. You can do so by going to the ‘Apps and Features’ application in Windows 10, selecting the Lenovo Accelerator Application and clicking on “Uninstall.”

For our clients who enjoy our Proactive Managed IT Support services, we have identified if you have any of the Lenovo models affected and remotely uninstalled the Lenovo Accelerator Application.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Android Smartphone Attacks

android

 

 

 

 

 

The mobile phone is not like the old days when it was just used to make calls and send the odd text message. The mobile phone is now a Smartphone, a computer in your pocket which runs an OS just like a standard computer with plenty of Apps to play with. Almost everyone now has a Smartphone which means there are millions of us globally connected to a digital mobile network. Being computer based this now gives hackers another chapter in there quest to try to gain access to our personal information or completely destroy all data on a advice  in a new way.

Just recently announced there is a new highly advanced malware called Mazar that is being used to attack Android phones via text messaging. The message incorporates a web link. If a user clicks on the link, an attacker can gain full administrator-level control of the phone and perform tasks such as sending premium text messages, accessing or changing confidential data, making phone calls, steal passwords and information from web sites accessed on the phone.

“Over one billion devices are protected with Google Play which conducts 200 million security scans of devices per day,” a Google spokeswoman said.

“Fewer than 1% of Android devices had a Potentially Harmful App installed in 2014, and fewer than 0.15% of devices that only install from Google Play had a Potentially Harmful App installed,” she added.

Advice to users

  • Never tap on web links in text messages from unfamiliar phone numbers
  •  Be cautious of links even if the message appears to be from a known contact since sometimes this can be spoofed
  • Always keep an up-to-date Anti-virus app on your Android devices
  • Avoid unknown and unsecured WiFi hotspots
  • Keeping your WiFi turned OFF when not in use

 

 

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Document Based MalWare on the Rise

document malware virus threats increase

Document based Virus, MalWare and Trojan Threats increase

Document based Virus, MalWare and Trojan Threats are being detected in increasing numbers across email networks.   Although Document based Malware is not new, the alarming increase in these types of attacks is a major concern.   Due the new nature of these attacks, many leading Anti-Virus, Malware and Firewall systems are not detecting them as they come through.

[contentblock id=2 img=gcb.png] partners with several leading global cyber security organisations and anti-virus vendors.  Whenever we encounter suspicious emails not detected as threats, we submit them to our Partner anti-virus vendors for assessment.  As a result, if a new threat is detected, updates to their anti-virus definitions are released soon after.   We encourage other IT Support company’s like us, to do the same.  This would help anti-virus vendors better understand how these attacks function and develop anti-virus definitions to block these attacks quicker.

An email received with an infected attached file can look like it has come from a trusted source.

To give you some understanding, here are some examples of emails that have had infected documents attached.

Example 1
Date and time: 8:11 3.11.2015,  Transaction Total: 30113.29 Australian Dollars,  State: Please open enclosed Statement.

Example 2
Time: 8.41 03-11-2015, Amount: 29694.55 Australian Dollars, Transfer status: Please see attached DOC.

How can you tell if an email is bogus?

  • Most accounting systems email invoices and statements as Portable Document Format (PDF) attachments.  How many legitimate emails do you receive from companies that attach a Word document (.doc or .docx file)?
  • Check if the senders name matches their email address
  • Check the sending domain name.

How Viruses, MalWare and Trojans work in Word documents

To save time on tasks you do often in Word documents, you can bundle the steps into a macro to automate the tasks.  The macro programming language can also be used to write infectious code and viruses.  As a result, if macros are enabled, the malicious MalWare is run in the background when you open the document.  The macro is usually just the start of the attack, subsequent hostile or intrusive functions are performed, without asking you.  These could include viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.

What should your virus strategy include for Document based threats?

As new threats are not immediately detected by anti-virus software, please continue to exercise caution when opening email attachments.  You are the first line of defence against Virus, Torjan, MalWare and other Threats.

If you receive an email something along the lines of the above examples with a document file type attached: .doc .docx, do not open the document and delete the email.

If you do open a document that has been emailed to you and a message like “Do you want to enable the macros” appears, close it straight away and remove it from your system.

More information can be obtained from cyber security services like Sophos and Symantec .

Contact Us if you need any assistance with your anti-virus strategy or Network Security.

 

 

 

 

 

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →
Page 2 of 4 1234