Computers cannot survive by anti-virus software alone

Published February 06, 2014

Over the past few weeks, several widely knows companies have been competing for top spots in many of the major news headlines but, for all the wrong reasons. Retail giant Target, to offer just one recent example, could be forced to pay millions of dollars to cover the direct damages incurred from the recent malware-related data breach that enabled cyber-criminals to steal credit card data from all Target point-of-sale systems located within the United States and Canada. While financial loss is certainly a major concern, the massive hit they will take to their reputation could be incalculable for years to come.

It’s no secret that one of the biggest challenges facing any business is protecting against malware attacks and other cyber-crimes. This recent string of cyber-attacks are some of the biggest (that we know of) in history. They were so massive that the FBI has recently issued a special warning aimed at businesses to tighten up their cyber security infrastructure.

It’s common for most people to say to themselves “As long as Antivirus software is installed and up to date, a computer will be protected.” That’s no longer the case. What worked before doesn’t work now. Standard Antivirus programs are no match for the new zero-day malware outbreaks that are now commonplace in the world of computing. With all of the complex attacks being developed and altered on a daily—sometimes hourly basis, just having Antivirus software installed isn't enough.

Nowadays IT security experts recommend adding a dedicated anti-malware layer to existing endpoint security software to block the barrage of constantly looming cyber threats. That’s why here at New River Computing, we’ve recently started offering Malwarebytes Anti-Malware Enterprise Edition as a part of our overall security portfolio. During our vigorous pre-deployment testing phase, we found that by adding the power Malwarebytes to our current deployments of VIPRE Anti-Virus, the combo proved to be unmatched in catching new vulnerabilities, PUP’s (potentially unwanted programs) and zero-hour malware on live client machines. There’s no better real-world test than that!

Below is a partial list of benefits our clients can gain by adding the power of Malwarebytes to their existing security strategy:

• New River Computing will be able to identify and respond to malware threats in real-time.
• Compatibility with VIPRE Anti-Virus and most other major endpoint security products.
• Detects zero-hour and known Trojans, worms, rootkits, adware, and spyware in real-time.
• File execution blocking prevents malicious threats from executing code and quarantines them.
• Real-time malicious website blocking prevents access to and from known malicious IP addresses.
• Ensures data security and network integrity. Reduces IT helpdesk tickets, ensures user productivity.
• Protects users from downloading malware, hacking attempts, redirects to malicious websites, and “malvertising.”
• Reduce endpoint and network downtime due to malware remediation.
• Prevent data theft.

In addition to all of these benefits, New River Computing can also leverage the power of Threat View to monitor security stats in real-time. It affords us the capability to aggregate the data necessary to evaluate potentially malicious threats on client networks and track user access to potentially malicious websites. Data is streamed to us in convenient chart formats for more efficient security assessment and analysis. We can also track malicious activity on networks by IP address and user login.

You can see why all of these benefits are a must-have in regards to strengthening existing security infrastructures. To find out more about implementing Malwarebytes Anti-Malware technology in your business, please contact Shana, our Business Development Manager and she will fill you in on how easy it is to get started.

Stay Safe!

The CryptoLocker virus is spreading!!!

Published November 11, 2013

There’s a new type of malware that has been spreading like wildfire over the past couple of months called CryptoLocker. Most security researchers are claiming that this is one of the nastiest and most successful computer viruses ever: CryptoLocker is currently infecting Windows operating systems all across the United States and in other parts of the world. The virus is part of a generically named family of malware called “ransomware,” and its main function is to encrypt your files and “hold them hostage” until you pay a fee to have them decrypted.

How does CryptoLocker infect computers?

The CryptoLocker virus is passed around in emails that include attachments. The criminals send emails claiming to be from well-known companies like UPS, USPS, PayPal or FedEx in order to trick users in to thinking that they are legitimate and safe to open, but of course they aren’t safe at all. Instead, when a user attempts to open up the attachment, the computer becomes infected and the virus locks files on the system until the ransom request is paid. Most often the attachments will be disguised as JPEG images, ZIP files, PDF files and various types Microsoft Office files (mostly Excel and Word documents).

After a computer becomes infected, users are given 100 hours to pay a fee between $100 and $700 to get the files decrypted. The version of the virus that we’ve been seeing on infected machines have been asking $300 dollars for the decryption key. So far, it appears that the virus only encrypts data files with certain extensions, including Microsoft Office, OpenOffice and other documents, pictures, and AutoCAD files.

How to prevent your computer from becoming infected by CryptoLocker

The file paths that have been used by this infection and its droppers are:

• C:\Users\\AppData\Local\.exe (Vista/7/8)
• C:\Users\\AppData\Local\.exe (Vista/7/8)
• C:\Documents and Settings\\Application Data\.exe (XP)
• C:\Documents and Settings\\Local Application Data\.exe (XP)

In order to block the CryptoLocker and Zbot infections, certain Path Rules have to be implemented within the system so that they are not allowed to execute. There is a manual process to create these Software Restriction Policies easily, but thankfully a company called FoolishIT has created a utility called “CryptoPrevent” that automatically adds the appropriate series of Software Restriction Path Policies to a computer in order to prevent CryptoLocker and Zbot from being executed.

If you get an email that includes any type of attachment, use extreme caution and make sure you know who the sender is BEFORE opening it. If you don’t know who the sender is, or if it appears to be from one of the companies mentioned earlier DO NOT OPEN IT!!! Just delete the email. If you start seeing the CryptoLocker demand screen, please shutdown your machine immediately and call your IT administrator for further assistance. If you’re a current New River Computing client, please contact us ASAP if you see the CryptoLocker message on your screen.

Below is an example of what the CryptoLocker demand screen looks like.

How to use the CryptoPrevent Tool

One important feature to make use of in CryptoPrevent is the option to whitelist any existing programs in %AppData% or %LocalAppData%. This is a useful feature as it will make sure the restrictions that are put in place do not affect legitimate applications that are already installed on your computer. To use this feature make sure you check the option labeled Whitelist EXEs already located in %appdata% / %localappdata% before you press the Block button.

It is available from the CryptoPrevent download page.

Once you run the program, simply click on the Block button to add the Software Restriction Policies to your computer. If CryptoPrevent causes issues running legitimate applications, then remove the Software Restriction Policies that were added by clicking on the Undo button.

More Information:

For a detailed analysis of the CryptoLocker virus please check out this excellent Bleeping Computer CryptoLocker article .

Detailed information on the CryptoPrevent tool developed by FoolishIT's CryptoPrevent page.

Cyber Crime vs. Cyber Defense

Published June 03, 2013

After reading an article on the Huffington Post the other day, I started thinking about the fact that we really ARE now living in a world where BIG DATA = BIG BUSINESS = BIG MONEY. With more and more people paying bills, shopping, banking and socializing on the internet, there are going to be obvious financial losses to individuals and organizations. The article prompted some further sleuthing, which led to some eye-opening statistics.

Below is a brief summary of data showing the difference between what cyber criminals are estimated to steal in a given year and the money being spent to protect against their digital crimes.

Cyber Crime:

Fake Antivirus - $97M

Users get a message warning them that their computer has been infected with malware. When they click on a link to download antivirus software, their machine is infected. An analysis of financial records from three criminal gangs found that from 2008 to 2010 they collectively earned $97 million annually.

Stranded Traveler - $10M

Hijacked e-mail accounts are used to ask friends for money, claiming to be stranded traveling abroad. According to an analysis from several major e-mail service providers, criminals receive between 1-5 payments a day, on average.

Online Banking Fraud: Malware - $370M

Cyber criminals target businesses and individuals using malware to capture passwords, account numbers, and other data to get into online banking accounts. As of September 2011, the FBI was investigating 400 cases of “corporate account takeover” where criminals stole $85 million.

Online Banking Fraud: Phishing - $320M

Online banking fraud is sometimes carried out in a phishing attack, in which criminals impersonate websites to get unsuspecting users to provide their login credentials.

Cyber Defense:

Bank Countermeasures - $1,000M

Banks often hire companies to conduct penetration testing to ensure that their IT infrastructure is up to the standards of being secure. They also many times pay companies to search for and eliminate bogus websites used in phishing attacks. There are also additional internal security costs, such as authentication programs, UTM appliances, Firewalls, AV software and systems for generating one-time passwords.

Antivirus - $3,400M

It’s currently estimated that between 74-88% of all households with a broadband subscriptions use some form of antivirus protection.

Patching Vulnerabilities - $1,000M

Software companies constantly patch their products against vulnerabilities that can be exploited by malware. Some evidence suggests that the development cost of a single patch for key enterprise software can run up to $1 million. Deploying that patch is equally costly.

User Cleanup - $10,000M

When antivirus programs fail, aren’t updated regularly or are just used incorrectly (if at all), users often times have to call on the help of a professional computer technician to clean up their PC. This type of service usually costs between $99-$300 dollars depending on the severity of the infection.

Business Security - $10,000M

Companies use a variety of tools to fight cyber-crime including firewalls, intrusion detection systems, software maintenance/patching, deployment, and user training.

Law Enforcement - $400M

The U.S. spends nearly $200 million a year to fight cyber-crime. This accounts for half the law enforcement work worldwide.

These number are staggering to say the least. I think it’s extremely important for end users and organizations to work together with security experts and IT professionals to put all of the necessary security measures in place to combat against system vulnerabilities. Also, it’s important that folks “in the know” educate other users on how to stay safe online. Through collaborative efforts and commitment to deploying aggressive multi-layered security policies, there is hope that the cyber-crime epidemic can one day be contained.