In the last 24hrs, I have spoken with or assisted at least 3 people who have become infected due to opening a malicious email.

One of them was my wifey, Pamela, who received an email from the US Postal Service stating that her package had been refused and to open the attached file for details. Due to her old Microsoft Windows Vista system which without question should be updated, the payload from the trojan was dropped and she was without her computer for 3 hours while over 300,000 items were scanned again and again and her icons restored so she could use her desktop.

What is happening is a bit of social engineering.  The emails appear to come from someone you trust, in this case the Post Office, and they appear to have important information, just too good to pass up. A busy worker may be momentarily fooled, and likely, at the very moment they click on the item, they think, “Ohhh I bet I shouldn’t have done that”, but it is too late.

• How can you keep from becoming a victim of this type of exploit?
• Avoid using unpatched Microsoft Windows systems!  When updates are released, install them.
• Install all updates to important applications, such as Microsoft Office.
• Install all updates to Adobe Reader, Flash, Acrobat, and to JAVA.
• Keep current and trustworthy anti-virus such as Trend Micro Titanium 2012 on all your computers.
• Use caution when opening attachments. Ask yourself why the USPS would be sending you and email and why would the information be in an attachment before clicking on it.

Before I get responses such as “Macs do not have that problem”, yes, Apple Mac OS X does have that problem. We have dealt with almost as many Mac security issues this year as we have Windows 7.  Regardless of the Operating System, a little common sense and preventative maintenance goes a long way!

Should you need help with a virus cleanup or virus removal for your personal computer or your business, we can help. We also partner with Trend Micro to offer Worry-Free, Trend Micro Titanium, and the entire outstanding line of Trend Micro anti-virus, anti-spyware, anti-spam and anti-everything software, just give us a call at 864.990.4748 or email info@homelandsecureit.com.

Microsoft has released Volume 11 of their “Microsoft Security Intelligence Report” or SIRv11, which provides “An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011″.

One tidbit of interesting information contained in the report is that in the first half of 2011, less than one percent of exploits were against zero-day vulnerabilities and 99 percent of all attacks during the same period distributed malware through familiar techniques like social engineering and unpatched vulnerabilities.

I encourage you to read it in its electronic format as it is 168 pages of eye-glazing information, and we wouldn’t want to kill a tree for it.

You can find the full report and further information at: http://www.microsoft.com/sir

Homeland Secure IT Alert

Homeland Secure IT Alert for Friday, September 30, 2011

An update to Microsoft Security Essentials (MSE) and Microsoft Forefront Endpoint Protection was causing grief for many users today as it incorrectly flagged the Google Chrome browser as malware.

The typical behavior was for an alert to be displayed stating that “PWS:Win32/Zbot” was found and that it needs to be removed. What is really removed is the Chrome.exe, so you are left without your favorite browser.

Attempts to reinstall Chrome fail with additional warnings.

Microsoft has stated that a faulty virus definition update was the cause. and by 10AM Pacific time, an additional update was released to correct that behavior.

If this has happened to you, a manual update of the MSE or FEP should fix you up! Of course, you will still have to reinstall Google Chrome.

Homeland Secure IT Alert

In what is becoming way too common, the popular site, mysql.com was exploited, and used to distribute malware by redirecting visitors to another site this week.

Anyone browsing to mysql.com yesterday would have been redirected, and without even being prompted, then likely been exploited themselves by the software running on the rogue website which apparently looked for vulnerable browser plugins to use for an injection point.

Trend Micro’s smart web filtering may have caught this and stopped it, but one thing is for sure… Doing everything you can to protect yourself from this type of exploit is more important than ever.

You should always insure you are running up-to-date and mainstream/quality anti-virus software (Such as Trend Micro), and also keep your operating system (whether Microsoft Windows, Apple Mac OS X or even linux), browser, and all support software such as Adobe Flash Player, Adobe Reader and JAVA, as well as Microsoft Office fully updated!

Another thing you should consider is backups! With the cost of USB hard drives at an all time low, and online backup (Like our Servosity offering) being an easy install, configuration and affordable, there is no excuse to not have backups.

Should you need assistance in the Greenville / Upstate SC area determining what you or your business needs, please contact us at 864.990.4748 or email info@homelandsecureit.com. We provide sales of Trend Micro, Symantect & McAfee anti-virus protection, virus cleanup & removal, and can handle your computer service & computer repair tasks!

This may come as no surprise to those who have been around computer security for a while, but the BIOS viruses are making a comeback!

One of the first made its debut back in 1999 and was known as “CIH”.  But Symantec is reporting a new killer on the block called “Trojan.Mebromi” that affects the Award BIOS and seizes control of a system even before you get to the MBR (Master Boot Record).

Expect this trend to continue….

Read more about it here:

http://www.symantec.com/connect/blogs/bios-threat-showing-again

As always, please insure your systems are using the latest anti-virus (We suggest and sell Trend Micro products such as the amazing Trend Micro Worry Free Business Security), that all updates are applied to your Microsoft Windows operating systems, all applications and support programs from Microsoft Office, to Adobe Reader, Flash and JAVA are at the latest patch levels. Obtain a quality firewall, and use common sense! And don’t forget to BACKUP!

If you suspect your system may be infected, or want to know how to better protect your computer or an entire business full of computers and servers, please call us at 864.990.4748 or email info@homelandsecureit.com.  We offer virus removal and cleanup in the Greenville / Upstate, SC area.

We provide sales, licensing, installation and support for Trend Micro and Symantec products. We can sell you one seat, or protect your business with 1000 users!

The WHO (World Health Organization) proclamation that cell phones could, maybe, possibly, some way somehow, cause cancer has a bunch of people up in arms.. There are now groups of people swearing off cell phone usage, and now places declaring they are a “cell phone free zone” all in a matter of hours after the WHO announcement.

Sure, they may have a valid concern, but what about the more immediate concern about your smart phone security?

Not much is being said about this one, but I hope that will change. It seems that users of smartphones will believe anything! If an app asks for credentials to a social media site, people give them without questioning it at all. A group of researchers published their findings about 100 apps designed for both the iPhone and Android phones in which they came up with more than a dozen ways in which scammers could utilize malicious code to allow the collection of user names and passwords on popular social media sites!
Here’s their findings…. http://w2spconf.com/2011/papers/felt-mobilephishing.pdf

Obviously, the phishing is good in smartphone land!

Expect more to be said about this from security experts and news outlets as time goes on.

BTW: The next time you are prompted for your credentials, you might want to just think about WHY you would need to give them….

It seems that Apple has finally acknowledged that there is a need to protect their users from malicious software, in particular the “Mac Defender” (also known as MacProtector, MacSecurity as well as MacDefender).

In an article titled “How to avoid or remove Mac Defender malware“,  posted yesterday on the http://support.apple.com site, you can find out how to avoid this inconvenience and remove it.

The following quote gives hope that Apple has had a change of heart and will indeed address the issue:

“In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware.”

If you are ever prompted for your administrator password, give great consideration to WHY you would need to provide those privileges. Doing so gives whatever requested it full ownership of your Mac.

Should you feel more may be going on with your Apple Mac OSX system than meets the eye, see a computer service professional immediately. Symptoms of an infected machine include, but are not limited to: Computer seems slow, your sent email is being rejected, windows appear or programs open (or close) that you did not initiate, unexpected shutdowns, etc.

If you have fallen for the Mac Defender scam and input your credit card, call your credit card company immediately and inform them.

I’m going to just post this link…..   I leave it up to you to read it, or not. Believe it, or not.

http://gizmodo.com/5803498/apple-to-customer-service-dont-help-our-customers-with-malware

There is a further link from that page: http://www.zdnet.com/blog/bott/apple-to-support-reps-do-not-attempt-to-remove-malware/3362

If you happen to feel your Mac is infected – seek a professional computer service provider’s input.

It seems that not a day goes by that we don’t hear stories of how this person or that company had a data breach and information was leaked outside their walls, but in the news the last couple days is something far more sinister than someone losing data because of a hacker or accidentally installing malicious software.

ABC Action News has a story entitled, “Suit against PC renter raises privacy questions” which tells the story of a couple from Wyoming who have filed a suit against Aaron’s Inc., a company which offers computers on a rent-to-own basis.

The couple got one of those rent-to-own computers and late last year the manager of their local Aaron’s arrived to repossess said computer due to a mixup. While in the process of trying to sort everything out, the manager showed a picture of the husband using the computer to the couple. The picture was presumably taken by software installed on the computer which allows Aaron’s to activate the webcam, disable the computer, etc.

It will come as no surprise that this has resulted in a lawsuit.

If Aaron’s has done this, it makes you wonder how many other retailers, maybe even manufacturers have done the same. In security circles, a topic of conversation is the potential for a manufacturer to distribute large numbers of computers with built-in spyware, laying dormant until activated.

It’s easy to see why many businesses and individuals will wipe a brand new computer and load their own install on it before putting it to use… Of course, this assumes that the install distributions and applications are free from spyware from their developers. Here we go with the “But I use Open Source and know what my software contains” comments, but, honestly, how many people actually pour over tens of thousands of lines of code?

It will come as no surprise that anything newsworthy results in the creators of malware intensifying their efforts to spread their malicious code. The demise of Usama Bin Laden in no exception as various attempts to entice people to follow links through are being reported all over the place. I have seen 3 people I follow on social media who were posting malicious links already.

As always, if you see a link such as “See Bin Ladens last moments” on someone’s Facebook profile, don’t click it, it is likely not something you want.

Using a reliable and trusted anti-virus with web filtering capabilities, keeping your computer operating system up to date, as well as all supporting applications such as Java, Microsoft Office, Adobe products, etc is always a great idea. We recommend and offer Trend Micro for anti-virus for either your personal desktops or for your entire business network security! We also offer complete computer security, repair, support and sales in the Greenville & Upstate SC Area.

If you would like additional information, please contact us at 864.990.4748 or email info@homelandsecureit.com

While we are on the subject of Bin Laden, let me take a moment to thank our military and everyone involved in the events of the last 24hrs. I think we may all sleep a little better at night….