Blog

WARNING – new document virus threat in your Inbox

Warning Document virus threat in your Inbox

Another new Document based virus threat is doing the rounds via email.

Several clients in the last few days have reported receiving an email with a Word Document attachment, almost identical to the following email.  It is highly likely the Word document contains a new Virus, MalWare or Trojan Threat.

Check out our previous Blog article for more information on Document Based Malware on the Rise.

Our Business IT Solutions gurus have scanned the suspicious Word doc and although leading anti-virus solutions are not as yet detecting any Threats, telltale signs the email is bogus include:

  • Sender email address domain name (verizon.net) does not match the company name (Onto It Web Services)
  • Sender email address name (phys-mgmt) does not match the senders name (Leigh Wilson)
  • ABN is bogus an not listed on Australian Business Register
  • Very few accounting systems email invoices as Word docs, most are sent as PDFs
  • Highly irregular for the body of an email to be addressed to persons Full Name and Title.  It is interesting that the Full Name, Title, and matching email address have been harvested from somewhere.

Due to our suspicions, we submitted the Word doc to several leading anti-virus vendors for assessment.  In addition to reporting back to us, we also expect updates to their anti-virus definitions soon.

UPDATE: Symantec Security Response have responded to our file submission and confirmed:

  • Determination: New Threat
  • Submission Detail: This file is detected as W97M.Downloader (a Word macro trojan) with our existing Rapid Release definition set.  Protection is (now) available in Rapid Release definitions with a sequence number of 180266 or greater.

What should your virus strategy include for Document based threats?

As new threats are not immediately detected by anti-virus software, please continue to exercise caution when opening email attachments.  You are the first line of defence against Virus, Torjan, MalWare and other Threats.

Contact Us if you need any assistance with your anti-virus strategy or Network Security.


Email received with Word document virus threat attachment:

From: “Leigh Wilson” <phys-mgmt@verizon.net>
To:
Date: 31/08/2016 01:21 PM
Subject: iT and Beyond Pty Ltd; Neville, See and Remit – NET-30 01C956044

Dear Neville Rose,
CEO and Founder

I am getting in touch to let you know that we haven’t received deposit of AUD 1,402.00 from iT and Beyond Pty Ltd (), which appears unpaid.
Since you are our returning client, we are offering you 7 additional days to make the payment. Please check the inserted document for payment requisites.

Best Regards,
Leigh Wilson
Onto It Web Services | Accounts Department
A.B.N 29 740797125
Burke Road Camberwell Victoria 3124

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

CompTIA Dream IT Video Advancing Women in IT

CompTIA Dream IT Video – Advancing Women in Information Technology industry

Computing Technology Industry Association (CompTIA) is a global Information Technology Industry Trade Association and leading voice for the IT industry.  CompTIA has developed a portfolio of IT education, IT certification, IT advocacy and IT philanthropy that empower IT companies worldwide with knowledge and resources.  CompTIA’s Dream IT program is a global effort, led by CompTIA’s Advancing Women in IT (AWIT) Community, to impart the message that the IT industry is a great place for women.

Learn more about CompTIA’s Dream IT initiative in this informative, locally produced video, which interviews women in IT and showcases the diversity of roles in IT careers.

IT covers almost every industry, and does not mean a lifetime in a highly technical role.  Whether you are interested in Science, Technology, Engineering and Math (STEM) based subjects, are creative, or are business driven there is a role in IT for you.

CompTIA Dream IT Video Advancing Women in IT

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

IT Security Tips – Zepto Ransomware

IT Security Tip – Ransomeware is Growing – Zepto

Ransomeware is growing bigger as it is an easy way for cyber criminals to gain access to users personal data.  It’s not like your normal virus that gets installed via a software installation.  In most cases it is delivered via email with a document attached.  When a user opens this document a script is set in motion which downloads the ransomware then in turn infecting your data.  Zepto is not really any different to other ransomware its just like the Locky or Crypto Locker virus’s and they all want to achieve one thing, and that is getting you to pay a ransom to retrieve your data back.  

How it is delivered

Zepto is delivered via email with an ZIP archive file  and a DOCM file attached.   In the first case, opening up the ZIP archive will unpack a file with a .JS (JavaScript) extension. Opening the JavaScript file, however, runs the script program inside, which in turn downloads the ransomware as an EXE (Windows program) file, and runs it.

 

In the second case, the attachment is DOCM, so that double-clicking on the file opens it by default in Microsoft Word. But DOCM is short for “document with macros,” a special type of document that contains embedded scripts written in VBA (Visual Basic for Applications).

Macros inside a Word file don’t run by default (a security precaution introduced many years ago by Microsoft), but they do produce a prompt “Security Warning Macros have been disabled”

If this is enabled the JavaScript will download the ransomeware, run it and encrypt all of your files. The cyber criminals will have a copy of these decyption keys and offer to sell them back to you. They only use bitcoin as payment and normally around BTC-0.5 which is about $300.   So beware if you have an email message to lines of  ‘Attached, please find the documents you requested”  as it is most likely a fake!

More information can be obtained from our cyber security Partners Sophos and Symantec.

Our Network Security solutions can show you how cost-effectively protect and maintain the security of your network, assets and data against external attack, providing you peace of mind.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

nbn™ – What does it stand for ?

nbn

So what does nbn™ stand for?

Not only does nbn™ stand for National Broadband Network it is also going to revolutionise the way Australians access the internet.  Its super fast connectivity will create a reliable phone and internet services to homes and businesses  across the country.

There is a three year roll out plan which would see 7.5 million homes and businesses connected by 2018.  1,719,122 premises are ready for services so far, Victoria alone has 369,040. 

But is it available in your area?  The nbn™ website has a new feature where you can check your address to find out if the nbn™ network is available at your home or business.  

The nbn service will have number of different connection types which are part of the Liberal Government’s Multi-Technology Mix (MTM).  Each area will be allocated a connection type as the 3 year roll out plan progresses, they include: Fibre to the home (FTTP), Fibre to the node (FTTN), fixed Wireless or Satellite and Cable, Hybrid Fibre Coaxial (HFC).

You can learn more about the MTM by checking out iiNet’s helpful video.
Once the nbn™ is in your area the old services will be switched off. To keep using the fixed line home phone and internet you will need to move them to the nbn™However moving to the nbn™ is not automatic and the following services will be permanently disconnected if you do not move them to the nbn™ you will also need to contact your preferred internet service provider to organise a connection.

  • Telstra Home/landline phone services (except some Telstra Velocity lines)
  • Home/Landlines phone services from all other phone companies, where the service is provided over Telstra’s copper phone lines
  • All ADSL, ADSL2 and ADSL2+ internet services from all providers
  • Telstra BigPond cable internet services
  • Optus cable internet and cable phone services (switch off date yet to be determined)

You can keep up to date with the progress of the nbn™ rollout in your area by registering at the nbn™ website

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

IT Security Tips – Lenovo Security Alert

lenovo_logo_red-930x488

IT Security Tip – Lenovo Security Alert: Accelerator Vulnerability

If you own a Lenovo computer you may want to read on! 

Lenovo have announced that their installed system software on Windows machines has a security flaw.  The software in question is Lenovo Accelerator ApplicationThe Lenovo Accelerator Application is used to speed up the launch of Lenovo applications and was installed in some notebook and desktop systems pre-loaded with the Windows 10 operating system.

The company warned that an attacker with man in the middle position on a network could exploit the vulnerable update mechanism, and run arbitrary code on users’ systems. The vulnerability is rated as high risk by Lenovo. How the application works, an UpdateAgent pings a Lenovo server every ten minutes for updates, with the entire data exchange in plain text over HTTP. An attacker could easily impersonate the Lenovo update server, and deliver malware on users’ computers as UpdateAgent makes no effort to validate patches that are downloaded and executed on systems.

 The full list of impacted devices is vast but include the Lenovo Notebook 305, Edge 15, Flex 2 Pro and Yoga product lines. In addition, Lenovo’s IdeaCenter and Yoga Home 500 are amongst the 39 desktop models impacted by the security flaw.  You can read the full list here.

Lenovo ThinkPad and ThinkStation devices are not affected by this security issue.

The Chinese PC maker recommends that users immediately uninstall the software. You can do so by going to the ‘Apps and Features’ application in Windows 10, selecting the Lenovo Accelerator Application and clicking on “Uninstall.”

For our clients who enjoy our Proactive Managed IT Support services, we have identified if you have any of the Lenovo models affected and remotely uninstalled the Lenovo Accelerator Application.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Android Smartphone Attacks

android

 

 

 

 

 

The mobile phone is not like the old days when it was just used to make calls and send the odd text message. The mobile phone is now a Smartphone, a computer in your pocket which runs an OS just like a standard computer with plenty of Apps to play with. Almost everyone now has a Smartphone which means there are millions of us globally connected to a digital mobile network. Being computer based this now gives hackers another chapter in there quest to try to gain access to our personal information or completely destroy all data on a advice  in a new way.

Just recently announced there is a new highly advanced malware called Mazar that is being used to attack Android phones via text messaging. The message incorporates a web link. If a user clicks on the link, an attacker can gain full administrator-level control of the phone and perform tasks such as sending premium text messages, accessing or changing confidential data, making phone calls, steal passwords and information from web sites accessed on the phone.

“Over one billion devices are protected with Google Play which conducts 200 million security scans of devices per day,” a Google spokeswoman said.

“Fewer than 1% of Android devices had a Potentially Harmful App installed in 2014, and fewer than 0.15% of devices that only install from Google Play had a Potentially Harmful App installed,” she added.

Advice to users

  • Never tap on web links in text messages from unfamiliar phone numbers
  •  Be cautious of links even if the message appears to be from a known contact since sometimes this can be spoofed
  • Always keep an up-to-date Anti-virus app on your Android devices
  • Avoid unknown and unsecured WiFi hotspots
  • Keeping your WiFi turned OFF when not in use

 

 

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Document Based MalWare on the Rise

document malware virus threats increase

Document based Virus, MalWare and Trojan Threats increase

Document based Virus, MalWare and Trojan Threats are being detected in increasing numbers across email networks.   Although Document based Malware is not new, the alarming increase in these types of attacks is a major concern.   Due the new nature of these attacks, many leading Anti-Virus, Malware and Firewall systems are not detecting them as they come through.

 partners with several leading global cyber security organisations and anti-virus vendors.  Whenever we encounter suspicious emails not detected as threats, we submit them to our Partner anti-virus vendors for assessment.  As a result, if a new threat is detected, updates to their anti-virus definitions are released soon after.   We encourage other IT Support company’s like us, to do the same.  This would help anti-virus vendors better understand how these attacks function and develop anti-virus definitions to block these attacks quicker.

An email received with an infected attached file can look like it has come from a trusted source.

To give you some understanding, here are some examples of emails that have had infected documents attached.

Example 1
Date and time: 8:11 3.11.2015,  Transaction Total: 30113.29 Australian Dollars,  State: Please open enclosed Statement.

Example 2
Time: 8.41 03-11-2015, Amount: 29694.55 Australian Dollars, Transfer status: Please see attached DOC.

How can you tell if an email is bogus?

  • Most accounting systems email invoices and statements as Portable Document Format (PDF) attachments.  How many legitimate emails do you receive from companies that attach a Word document (.doc or .docx file)?
  • Check if the senders name matches their email address
  • Check the sending domain name.

How Viruses, MalWare and Trojans work in Word documents

To save time on tasks you do often in Word documents, you can bundle the steps into a macro to automate the tasks.  The macro programming language can also be used to write infectious code and viruses.  As a result, if macros are enabled, the malicious MalWare is run in the background when you open the document.  The macro is usually just the start of the attack, subsequent hostile or intrusive functions are performed, without asking you.  These could include viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.

What should your virus strategy include for Document based threats?

As new threats are not immediately detected by anti-virus software, please continue to exercise caution when opening email attachments.  You are the first line of defence against Virus, Torjan, MalWare and other Threats.

If you receive an email something along the lines of the above examples with a document file type attached: .doc .docx, do not open the document and delete the email.

If you do open a document that has been emailed to you and a message like “Do you want to enable the macros” appears, close it straight away and remove it from your system.

More information can be obtained from cyber security services like Sophos and Symantec .

Contact Us if you need any assistance with your anti-virus strategy or Network Security.

 

 

 

 

 

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Windows 10 Edge Browser not compatible with AUSKey

Accounting firms and Businesses beware. Microsoft Windows 10 Edge Browser not compatible with AUSKey

AUSkey not compatible with the new Microsoft Edge Browser in Windows 10

One recommendation in our Blog Should I Upgrade to Windows 10?, is to confirm compatibility with your critical software.  A noteworthy example: Microsoft Edge browser released with Windows 10, is not compatible with Australian Government AUSkey.

This is especially relevant for Australian Accounting firms and Businesses who use AUSkey’s secure login to access participating Government websites.  Websites include Australian Taxation Office (ATO)Australian Securities & Investments Commission (ASIC) and Australian Business Register (ABR).

Compatible AUSkey browsers

Rather than use Edge, you can use either the latest version of Internet Explorer version 11 or Mozilla Firefox.

In addition to the above, Click here for a complete list of AUSKey compatible operating systems and browsers.

See this Microsoft Wiki article for a Review of Microsoft Edge Browser in Windows 10.

Please Contact Us if you need any help with your AusKey or setting up Internet Explorer or Mozilla Firefox in Windows 10.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

What is a Bitcoin

opengraph

You might or might not have heard of the latest trend in digital money Bitcoin, Bitcoin is a form of digital currency, created and held electronically. No one controls it.  A software developer called Satoshi Nakamoto proposed bitcoin, which was an electronic payment system based on mathematical proof. The idea was to produce a currency independent of any central authority, transferable electronically, more or less instantly, with very low transaction fees. Bitcoins are not physical and are digitally created by a community of people that anyone can join and they based on mathematics.

There is to much to explain about bitcoins in one blog! So below we have hunted out some good links that explain in much better detail.

Bitcoin explained

The maths behind it

Bitcoin project

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Fake Windows 10 Update

windows-10-ransomware-817x350

Wondered about the free upgrade to Windows 10?

Microsoft started there official free upgrade roll out on July 28th, 2015 to 190 countries. However it didn’t take long for cyber-crime individuals to start their own roll out of a fake Windows 10 upgrade. The ransomware is sent to the victim via email that claims to be a legitimate Microsoft Windows 10 free upgrade.  Disguised as an installer the ransomware is encrypting Australian users and business computers.

The email sent claims to be from Microsoft offering the free upgrade; the ransomware is attached in a zip file which contains a program labelled as the Windows 10 installer. If you run this program it will encrypt any important files, including Word documents and photos on your computer. Being a Microsoft  partner here at iT and Beyond, we have never received emails from Microsoft  with program attachments! We advise that if you receive an email offering a free upgrade to Windows 10, DO NOT OPEN IT or any attachments.

Windows users interested in upgrading their computer can register via Microsoft’s official website. Windows 10 updates will then be facilitated by a program on your computer, not via an email offer Businesses are advised to be vigilant in protecting their existing computer systems and in ensuring that their critical data is backed up in case an attack does occur. Encrypted data could then be recovered from backup copies.

Staying Safe

In order to protect yourself and your business from this attack a Disaster Recovery Plan, Online backups and Remote Data Storage Solution’s  are essential for your critical data to be secure and offsite away from sabotage.

Security researchers at Cisco have provided detailed technical information about the attack aswell as Stay Smart Online has provided alerts about a number of ransomware attacks in the past.

If your computer is compromised from this attack you can report the incident to the Australian Cybercrime Online Reporting Network (ACORN).

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →
Page 2 of 3 123