Ahhh, the Classics! (posted by Bob, 9/18/18)
Hello fellow IT enthusiasts and Cybereal clients! Sorry for the lack of updates on this blog and to the website in general. I will try to make these updates a bit more frequent than once every 4 years or so…
Having said that, what has spurred me into action is the recent increase in spam and phishing as the result of a new virus and attack vector that is obtaining e-mail passwords. It is well known that there are dozens of tools available to recovered an email password that has been stored in Outlook, and it seems that a new virus or attack may be utilizing such a tool to obtain users email passwords. Once the password has been obtained, they setup a simple POP/SMTP account and send more viruses, spam, and phishing emails from that account, often as replies to existing emails you may have already received.
This method bypasses DMARC/SPF/DKIM and is very effective. Please be extra diligent regarding warnings from your virus software or redirects to websites you may not have intended to visit. Always contact your IT support person if you have even the slightest concern that your account or PC may have been compromised. Firewalls, antivirus, and monitoring can go a long way to protect your network and data, but good old fashioned diligence from the end user is still one of the best methods!
That brings me to this; I just received the below email to a temp account of mine.. I was almost nostalgic over the simplicity of this phish.. The good old days of a bygone era! For your enjoyment:
My name is Mr. Peter Adom, a politician and a previous member of Ghana’s executive committee on contract awards.
My purpose in connecting you is to crave your indulgence in assisting me to secure funds abroad. That was i kept to help me finance my senatorial elections campaign with the National Democratic Congress (NDC) on December 2016. Unfortunately, I lost the election.
But, I was able to deposit some kickback money from award of contracts to Chinese and Malaysian companies few years ago in a security vault in Ghana pending my finding of a trustworthy person to move out the funds from Ghana to an oversea bank account for business investment.
The need to contact you arose when the present elected government vowed to crack down on past government functionaries of the National Democratic Congress (NDC) which i am a member and tried to trace all the funds during our tenure in the office from the year 2008 to 2016. If they succeed in tracing this fund to me, they will seize it.
I wish to relocate this fund to a foreigner’s name to avoid any trace. All I need from you is an assurance that you can handle the amount involved (US$19,500,000) comfortably and that I can also trust you.
I will need the following information from you for onward execution of the aforementioned project.
1. Your full name:…………………….
2. Your Address:…………………. ….
3. Company name: …………………….
4. Position in Company:………………
5. Age:…………………….. …………
6. Nationality:……………… ………..
7. Telephone …………………………
8. Cell…………………….. ………….
9. Country of residence:…………….
Rest assured that there is no risk involved. Please inform me of your willingness to assist and co-operate with me, so that I can send you full details of this transaction.
Mr. Peter Adom.”
CryptoWall 2.0 in the Wild (posted by Bob 10/17/14)
On Tuesday one of my clients was unlucky enough to contract the new Onion/TOR variant of the CryptoWall virus known as CryptoWall 2.0. This variant is pretty much undetectable at the moment, and even figuring out where it came in was a problem. Unlike other CryptoLocker/CryptoWall variants, this one does not pop up a screen telling people they are infected. I believe this may actually be a flaw in the design, rather than the way the system was intended to work, but either way it just adds to the amount of time the virus has to do its work before being interrupted.
Their fully updated antivirus solution did not detect the virus, nor did several others I tried. Only the old standby Malwarebytes was able to detect it during a heuristics scan, and flagged it as backdoor.bot. I removed the virus and sent it over to AVG for analysis. It would seem that Tuesday (10/14/15) was the launch day over here in the US, so it’s understandable that most antivirus programs did not have definitions that could detect this new variant, but hopefully that will be remedied soon. In the mean time, please make sure your backups are working properly and that your antivirus program is updating properly. If you’re unsure of your current antivirus or backup solutions, contact a Cybereal consultant who will be more than happy to discuss your options with you.
Windows 10 Announced (posted by Bob 10/2/14)
As I’ve been preaching to my clients and colleagues for a couple years now, I believe Windows 8 will be another of Microsoft’s skipped operating systems. Microsoft has a tendency to reach too far between OS deployments, and whatever they come up with is usually awful. Just as everyone skipped 2000 (which was actually a decent OS) and went from 98 to XP, and then skipped Vista and went to 7, they are now skipping 8 and will likely go to 10. Yes, ten. Not nine. Ten. I assume they opted to go with 10 because it is the closest copy of MacOS X (ten) to date, though some believe it is due to old code which references Windows 95/98 and may have caused issues.
Whatever the reason for the name, it looks as though they went back to their roots and just copied what works. From the brief tech demo I have seen and the images that are appearing online, the interface blends both aspects of 7 and 8 together, along with some new touches which I believe are inspired by the Mac. If you haven’t already seen it for yourself, shuffle on over to Microsoft’s blog to check it out. Unlike Apple’s use of IOS for iPhones and iPads (and now the Apple Watch), and MacOS X for it’s desktop hardware, Microsoft is still focusing on one OS to rule them all. It remains to be seen if one OS can truly provide a great interface for both desktop and mobile hardware, but Windows 10 looks to be making great strides. Assuming there are no egregious issues on the back end of the OS, Windows 10 looks to be shaping up to be a decent entry into the Windows portfolio- just remember, always wait until the first service pack has been issued before you deploy it in a business environment!