A post today on Trend Micro’s TrendLabs Malware blog pointed out how spammers will use the upcoming G-20 Summit as a way to distribute their content.
It works like this: The spammer sends emails out, they appear to come from the Japanese finance ministry and contain comments on issues related to the Summit.
Should you click on the link, it will lead to a .ZIP file, and when that is run, it opens a Word document which helps cover its tracks so that it does not appear to be malicious… Trend explains that what REALLY happens is that a malicious file is contained in the payload, and the registry is modified so that it is run at startup.
Trend Micro Worry Free Business Security Advanced and ScanMail as well as other Trend Micro products successfully detect this as the appropriately named “TROJ_DROPPER.WTH” and stops it before it gets into your system. The actual malicious file is detected as “TROJ_AGENT.JAAK”.
This is nothing new, every major news-worthy event for the past few years has served as a transport mechanism for various malware and spam messages. If a spammer uses “US President Attacked” as a topic, chances are good, if the from address looks legitimate that a large percentage of people will open it. If that message contains ONLY spam, then at the very least, thousands or tens of thousands of people have just seen their ad about some product or another. If it contains a link to a malicious site, many will follow that link if it looks enticing.
As always, use common sense, and be sure to employ some form of mail system protection. We recommend Trend Micro WFBS Advanced for small businesses like our own.
If you would like additional information about Trend Micro’s security products, or how you can stop or at least cut down on spam that affects your Microsoft Exchange Server, email us at info@homelandsecureit.com or call 864.990.4748. We offer Greenville and Upstate businesses free consultations, and we can help reduce your spam and mail issues!
Our number one selling security software to protect small business servers, endpoints (desktops), mobile notebook computers, and Microsoft Exchange email is Trend Micro Worry-Free Business Security Advanced. There’s a good reason for this… Our clients get the most bang for the buck from this product! It even filters SPAM!
Trend Micro products always rank in the highest levels of anti-virus protection, but just as important is the fact that the Trend Micro agents do not slow your computers down like many other products…
Now Trend Micro has taken an already incredible product and turned it up to 11! (sorry for the “This is Spinal Tap” reference).
Worry-Free Business Security v7.0 does everything the previous v6.0 did, and much more.
The following new features and enhancements are provided with version 7.0 of Worry-Free Business Security.
What’s New in v7.0
Version 7.0 of Worry-Free Business Security provides the following new features and enhancements:
o Mac Client Protection (Advanced only) And YES, your Macs need protection too!
o Data Loss Prevention via email templates (Advanced only): data loss prevention content filtering policies prevent sensitive information from being distributed outside the network
o Device Control: regulates access to USB devices and network resources (Frequently asked for by businesses)
o Customized Installation: install only needed components (Cuts down on install size dramatically)
o Enhanced URL Filtering: including Flexible business hour settings and a separate block list from Web Reputation (Many businesses are using this to control their user’s browsing and bandwidth hogging with great success!)
o Enhanced ScanMail for Exchange Support (Advanced Only); supports Microsoft Exchange Server 2010 (Say goodbye to spam and viruses in email)
o Web Reputation Filter: scans URLs in email messages and takes a configurable action when detecting malicious URLs. This feature is separate from spam filtering. (This stops the number one way people are becoming infected)
o Email Reputation Services Filter: helps block spam and malicious emails by checking the IP addresses of incoming emails against one of the world’s largest email reputation databases as well as a dynamic reputation database. It helps to identify new spam and phishing sources and stop even zombies and botnets as they first emerge. (Many businesses claim better success with Trend than with Barracuda and other spam firewall appliances)
o Simpler and easier Security Agent user interface
o Easier replication amongst WFBS servers
o Enhanced blocked page with clear explanation and continue browsing option (Again, helps control those bad websites)
If you are a current subscriber to Trend Micro WFBS, this is a FREE upgrade, the only expense would be for a computer service professional to handle the install and configuration if you do not have your own IT staff.
Those who are not using Trend Micro products will be pleased to find that there is a “Competitive Upgrade” available that will let you transition from McAfee, Symantec, etc. If you are buying Trend Micro for the first time, and not renewing, there are some current specials for you too, such as the Three Years for Two campaign, letting you pay for two years and get a third year for free.
Please call us at 864.990.4748 or email info@homelandsecureit.com for pricing for your business. We also offer installation, configuration and support in the Greenville / Upstate, SC area. Should you become infected, our virus removal and cleanup service is fast & affordable.
Is your business currently using Symantec, McAfee, Microsoft or Kaspersky for corporate anti-virus protection?
If so, and you are unhappy with the current level of protection and would be interested in trying Trend Micro but the cost has been prohibitive, then maybe the Competitive Upgrade offer will encourage you to make the move!
Trend calls their program “Competitive Displacement”, and should you be using one of the aforementioned security suites, then you qualify for the discounted price. How much of a discount? A large one, over 10 dollars per seat on Trend Micro Worry Free Business Security Standard!
These updates apply to the following Trend Micro products: Worry Free Business Security (both Standard & Advanced), Worry-Free Business Security Services, Hosted Email Security, Hosted Email Security-Inbound Filtering, Scanmail Suite for Microsoft Exchange (SMEX Suite), Scanmail for MS Exchange Suite with Email Reputation Services, Scanmail Suite for Lotus Domino, Enterprise Security for Endpoints (Advanced), Enterprise Security for Communication and Collaboration Suite, Enterprise Security for Endpoints and Mail Servers, and Trend Micro Enterprise Security Suite.
If you would like more information about Trend Micro anti-virus, anti-malware, anti-spam products, please call us at 864.990.4748 or email info@homelandsecureit.com
We are a Trend Micro Partner and offer complete sales & licensing for a single workstation, notebook or server to thousands! We also offer installation and support in the Greenville / Upstate SC area.
TOP 10 REASONS CUSTOMERS CHOOSE TREND MICRO
Homeland Secure IT believes that Trend Micro Anti-Virus / Anti-Malware products offer the best value and best performance, but don’t take our word for it, what follows are the top 10 reasons customers choose Trend Micro:
1. Trend Micro Works hard to make customers happy.
Trend Micro Internet Security is great for business or personal use!
“Trend Micro is just great– professional, responsive, and a real pleasure to work with.” – Craig Berry, Senior Vice President and Chief Information Officer, UGS PLM Software, Plano, Texas
2. Trend Micro understands its customer’s business.
“We are still partnering with Trend Micro today because they offer us more than just point products. They look at our overall environment and help us make the right decisions within the context of our business environment.” - Antonio Traetto, Networks and Storage Manager, IT, Rexam, London, UK
3. Trend Micro saves customers time by delivering easy-to-use solutions
“Once we put Trend Micro products in place, we didn’t have to spend as much time on security. The software takes care of everything for us and it’s working great. With the level of automation that we’ve gained, we don’t have to intervene. This has been huge— to know that our protection has been increased while our work has been reduced.” - Steve Buche, Chief Information Officer, Christian Homes
4. Trend Micro’s leadership and protection earns customers’ trust.
“I appreciate the timesaving, centralized administration of the Trend Micro solutions. But it’s the company’s leadership in technology and overall protection that keeps me a loyal Trend Micro customer. In our business, we have to take care of our buyers and sellers. We take that job seriously and Trend Micro helps us earn the trust of our customers. That keeps them safe and that keeps our company safe.” - Brian Carpenter (CISSP), Sr. Network and Systems Administrator, Heritage Auction Galleries (www.HA.com), Dallas, Texas
5. Trend Micro offers superior protection with multilayered solutions.
“We face very sophisticated, variable threats today—making it hard to keep up. To help us overcome this challenge, Trend Micro gives us an enterprise strategy that includes the best possible messaging protection at the gateway and at the mail server. Multilayered solutions— and strategies for cleaning up unwanted content— create a solid end-to-end approach. This is the extra added value we get from Trend Micro.” - Antonio Traetto, Networks and Storage Manager, IT, Rexam, London, UK
6. Trend Micro goes the extra mile.
“We were very impressed with the help we got from Trend Micro sales and engineering teams. We were used to software vendors that sent us software and wished us luck—Trend Micro was clearly motivated to help us succeed and they were there to provide all the information we needed to make sure our network-wide deployment went smoothly and met all of our requirements.” – Eric Ellerman, Network Manager, IT, Dot Foods
7. Trend Micro offers a range of scalable solutions.
“Through all stages of our growth, Trend Micro solutions have served us very well, reliably adapting and scaling as we needed to provide a stable environment for students and staff.” – Matthew Chapman, Assistant Director, Information Communications and Technology Services, Orange County Public Schools, Florida
8. Trend Micro listens and delivers on its promises.
“The integrated products and centralized management set Trend Micro apart from the competition right from the start. They were the fi rst to cover the desktop, servers, and gateways with a centralized management console. We have been with Trend Micro ever since and it has never let us down. Trend Micro works WITH you. Lots of other vendors don’t. Trend Micro listens and gives us what we need to succeed in our business.” – Gary Hall, Founder, Hall Computer Services, Brisbane, Queensland, Australia
9. Trend Micro keeps up with new and evolving web threats.
“Trend Micro™ InterScan™ Web Security Suite and Trend Micro InterScan™ Messaging Security play a vital role in our first line of defense against Web threats by filtering traffic and blocking attacks right at the gateway. We needed to address the growing issue of spyware, phishing, and virus threats, and without Trend Micro products, there would be a gap in our managed services portfolio, and an inability to protect customers from these types of threats.” – Alexandre Rigaldo, Business Security Solutions Manager, Orange Business Services
10. Trend Micro makes life easier.
“Trend Micro offered us a solution that was less complicated than the others. From a technical point of view, it was the speed and simplicity of installation, and we had a good impression of Trend Micro’s overall approach. It was also very important to us to work with a reliable partner—the first-class qualifications and assistance we received from our local Trend Micro team put us completely at ease.” – Massimo Carnevali, Manager Information Systems, City of Bologna, Italy
—
There is a Trend Micro product that is right for just about every situation such as Worry Free Business Security (WFBS) and OfficeScan. Tired of Spam? WFBS Advanced and ScanMail can cut your unwanted junk mail down to a trickle. Smaller offices may want a hosted service to protect them from viruses, trojans, worms, malware, spyware, and more.
If you would like information, or a free consultation please email us at info@homelandsecureit.com or call 864.990.4748. We offer the entire line of Trend Micro products & provide installation and support in the Greenville / Upstate SC area. We also offer virus cleanup and removal service should you decide anti-virus is not for you.
Hyperactive filters can be cause for a headache!
About a week ago, a network administrator that our company provides assistance to contacted us with an oddball issue…
All mail seemed to be working well, both in and out, except for mail coming into her domain from one company. The obvious was checked, such as the other company’s IP against all known block lists (RBLS), logs for blocked spam from the origin, and then it got even more odd. SOME mail from that domain was making it in, such as from their generic “info@somecompany.com”: address, then another address was able to send mail, but it was narrowed down to 3 addresses that could not send mail. Such as lisa@somecompany.com and art@somecompany.com.
At this point, the network administrator was at her wits end and we checked it out for her, having the company try to send a few mails, and sure enough, some were coming in, and others were not, but it was dependent upon the email address. We checked filters for those email addresses and none existed.
Everything was checked at the Exchange server, full logging was enabled, to watch for mail as it came in, and sure enough, nothing came in to the Exchange server from those email addies. Not even a connection. After ruling out the Exchange server, we went back to the Alt-N MDaemon server, which is a gateway that handles all incoming email, checks it against RBLs, content, viruses, whitelists, blacklists, attachments, etc, then if it thinks the mail is good, it sends it on to Exchange. We watched the logs as mail came in from lisa@somecompany.com and MDaemon reported it was totally happy.
Just to make sure, we added lisa@somecompany.com to the whitelists, and then *@somecompany.com was added. Still MDaemon reported it was happy and nothing was being filtered.
Still, the issue remained. Info@somecompany.com could send email, lisa@somecompany.com could not. The logs in MDaemon read the same, kind of placing the blame back on Exchange, however, Exchange was never seeing a connection.
Long story short, after several emails being sent back and forth with the wonderfully patient people at somecompany.com, MDaemon’s support was enlisted to find the issue. Which took many emails back and forth between our network administrator friend and them, and several days… In the end, the problem was a content filter inside MDaemon. A filter for certain phrases had been added, such as “Breast Enhancement”, “Penis Enlargement”, “Viagra” and “Cialis”… This filter was to blame, even though no logs indicated this was the case.
Just what was triggering the content filter? It was the word “Cialis”… Each individual at Somecompany.com who could not email in, had content in their email that contained the word “Specialist”, and MDaemon was most interested in “Specialist…
The lesson to be learned from this is that careful selection of your content filtering keywords is crucial to a smooth flowing mail system. We have seen content filters block mail in Trend Micro’s CSM (now Worry Free Business Security Advanced) and Scan Mail, but usually there is a log filled with the results that you can use to find an issue quickly.
In this case, “Cialis” was found in the word “Specialist”, but others have been as simple as filtering profanity such as the word “dick”, which happens to be some people’s first name… Even the word “Fanny” was someone’s given name.
More about MDaemon:
In MDaemon, this is what the logs look like when it encounters content:
Wed 2010-09-22 10:47:31: Start Content Filter results
Wed 2010-09-22 10:47:31: * Message matched rule: Penis <- this was the name of the rule
Wed 2010-09-22 10:47:31: * Matched 1 of 14 active rules <- this shows that there are 14 rules and 1 matched
Wed 2010-09-22 10:47:31: End of Content Filter results
Keep in mind this does NOT show up in the MDaemon GUI, you have to find the log on the machine and examine it….
If you own or maintain your own business phone or computer network, you are probably renewing your licensing yearly for everything from your Cisco VoIP phone system & ASA 5500 network security appliances to Trend Micro Worry Free Business Security, Trend Office Scan, to Microsoft Software Assurance or purchases of new seats.
Chances are also good you are buying your licensing from a vendor who may have originally installed the equipment and they could be charging you for the licensing plus a fee to administer those licenses for you. The licensing is generally sold at the manufacturer’s suggested retail price.
If you would like another quote on your license renewals and sales, please contact us at 864.990.4748 x 201, or email info@homelandsecureit.com
We offer sales of products and licensing, as well as licensing renewals for Trend Micro, Cisco, Symantec, Microsoft and more! We never charge an administration fee.
One word of warning regarding “deep discount” licensing providers – if it sounds too good to be true, it probably is. The markup on licensing is not very much, so if you find Microsoft Office Professional for 20% less than the retail, odds are, it is counterfeit product and will allow you no ability to upgrade or receive support.
