Loading....

Apple ID Phishing Email

Apple ID Phishing Email

A client of ours received an email warning her that someone had used her Apple ID to download an app:

[hr]

Apple Phishing Email
Apple Phishing Email

[hr]

This email did not come from Apple.  This is a fake email, known as a phishing email, and they’re trying to bait the recipient into clicking on the links in the message.  The message tries to trick the recipient into thinking their Apple account has been compromised, when in fact, the message itself, is attempting to do just that.

The links do not lead to Apple’s website.  Instead, the links lead to a malicious website:

[hr]

Apple ID Phishing Link
Apple ID Phishing Link

[hr]

This is the first place your Web Browser makes a difference.

If you use Internet Explorer and click that link, it does nothing to stop it (and that’s with Smart Filter protection enabled).

If you use Firefox, it detects it is a malicious link:

[hr]

Firefox Phishing Protection
Firefox Phishing Protection

[hr]

If you use Chrome, it detects it is a malicious link:

[hr]

Chrome Phishing Protection
Chrome Phishing Protection

[hr]

By no means should you rely on your browser as your sole point of Web security, but you can see how Internet Explorer compares to Firefox and Chrome when it comes to ‘safe browsing’.

Next, you get to see how well your antivirus holds-up.  For you Microsoft Security Essentials users out there, it does nothing to detect, nor prevent this phishing attack.  If you’re utilizing ESET NOD32, you’re in better shape:

[hr]

ESET NOD32 Antivirus Phishing Protection
ESET NOD32 Antivirus Phishing Protection

[hr]

[info_box style=”notice”]The Computer Peeps recommend a layered approach to Web Security, including OpenDNS Web Filter, Firefox w/ NoScript, AdBlock Plus, and Public Fox, as well as logging-in to your system as a non-admin + utilizing ESET NOD32 Antivirus (or one of the top performing antivirus solutions).[/info_box]

[hr]

The takeaways from this post:

[hr]

[checklist]

  • Be cautious and aware of emails that are trying to get you ‘riled up’, so you click on something without thinking.
  • Utilize an email service that does a good job of filtering out fake/fraudulent emails – e.g. Gmail/Google Apps for Business.
  • Switch to Firefox or Chrome.
  • Implement additional security in your Web browser – e.g. ad-blocker, Javascript/Flash blocker, password-protection for downloads/changes, etc.
  • Utilize a proper antivirus solution, such as ESET NOD32 Antivirus.
  • Do NOT use Microsoft Security Essentials.
  • Utilize a Web Filter, such as OpenDNS.
  • For daily-use, do not log in to your computer as an administrator.

[/checklist]

[hr]

If you have any questions, don’t hesitate to comment below or give us a buzz!

5 Reasons Why Consignment Stores Should Not Use Microsoft Security Essentials

Consignment Stores Should Not Use Microsoft Security Essentials

We’ve compiled five very specific reasons why consignment and resale stores (or any business) should not use Microsoft Security Essentials (MSE).

First and foremost, what is Microsoft Security Essentials?  Microsoft Security Essentials is free security software provided via Microsoft.  On Windows 7, Microsoft Security Essentials is automatically downloaded via Windows Update, if an antivirus product is not detected on the system.  On Windows 8/8.1, it’s known as Windows Defender and is included out of the box.

#1 – AV Comparatives Considers MSE “Non-Competitive”

AV Comparatives regularly tests the major antivirus/security products and publishes their findings.  They recently published their October 2014 Real-Word Protection Test results.

See the white, dashed-line?  That represents Microsoft Security Essentials:

[box]

AV Comparatives October 2014
AV Comparatives October 2014 | Click to Enlarge

[/box]

Now, no antivirus solution is 100% effective, 100% of the time, nor should antivirus be your sole point of system security/malware prevention.  However, MSE can’t even compete @ only 83.3% protection.

Source: http://www.av-comparatives.org/wp-content/uploads/2014/11/avc_factsheet2014_10.pdf

[hr]

#2 – AV-Test Revoked MSE’s Antivirus Certification

Two years ago, AV-Test revoked Microsoft Security Essentials antivirus certification.

[box]

MSE No AV-Test Cert
MSE No AV-Test Cert | Click to Enlarge

[/box]

Again, no antivirus solution is 100% effective and ratings from one testing firm should not be the sole reference point for selecting a security product.

MSE flunking though, is right in-line with real-world experience, as well as other testing firms’ results.

Source: http://www.maximumpc.com/article/news/microsoft_security_essentials_flunks_av-test_loses_certification419

[hr]

#3 – Microsoft Does Not Recommend Utilizing MSE

[hr]

Even Microsoft, does not recommend utilizing MSE:

[box]

Microsoft Does Not Recommend MSE
Microsoft Does Not Recommend MSE | Click to Enlarge

[/box]

Source: http://www.howtogeek.com/173291/goodbye-microsoft-security-essentials-microsoft-now-recommends-you-use-a-third-party-antivirus/

[hr]

#4 – Computer Peeps Have Found MSE Does Not Work

The Computer Peeps manage hundreds of systems for consignment and resale stores all across North America.  We are directly responsible for keeping computers clean, protected, and available; computers which store employees utilize to search the Web for pricing, browse Facebook, sell on eBay, check email, etc.  i.e. Computers that are a high-risk for getting infected.

We regularly work on systems that are utilizing the all-too-common (yet ineffective) Chrome + MSE combo:

[box]

[hr]

[/box]

In five years of managing, maintaining, and securing systems for consignment and resale store owners, The Computer Peeps have not seen a worse or less-effective antivirus solution than Microsoft Security Essentials.

[hr]

#5 – MSE Is Not PCI Compliant

Last but not least, MSE is not PCI Compliant.  First, it’s simply not considered antivirus by multiple, independent testing authorities.

Second, Microsoft recommends utilizing an actual antivirus product, further reinforcing that MSE is not antivirus.

Third, MSE does not have the ability to retain its log files for 365 days (required as per the PCI DSS, Requirements 5.2d and 10.7):

[box]

ESET NOD32 Logging
ESET NOD32 Logging | Click to Enlarge

[/box]

Source: https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf

[hr]

This isn’t a matter of opinion or “We like pepperoni pizza vs. cheese pizza – so should you!”  It’s just really simple – MSE doesn’t work, it is not considered antivirus, Microsoft recommends not utilizing it, and multiple antivirus testing firms have found MSE cannot compete against even the worst antivirus program.

So please, if your tech or vendor recommends or implements MSE, stop them and ask them to remove it.  Then, ask them to install and configure a viable antivirus solution.  MSE is free and it helps avoid the topic of money – yes, viable antivirus costs money + time to configure.  Would you rather avoid the topic, or would you rather spend $57 for a viable antivirus solution?

Windows XP Users, This One Could Get Messy…

Windows XP

A very common browser hijack/search redirect, Conduit, has a little bug in its uninstaller.  If you attempt to remove Conduit via Add or Remove Programs, it is rendering Windows XP machines unbootable.

For those interested in the technical details, Bleeping Computer has a great write-up.

This could get messy, since many will try to remove Conduit and other unwanted applications via Add or Remove Programs.  A little piece of adware could quickly render your consignment shop’s systems unusable.

The goal should be prevention, not removal.  See our recent blog post on how to better protect you system from this sort of infection.

7 Tips To Help Better Secure Your Computer Systems

We’d like to see as many consignment and resale stores start 2014 out on the right foot.  It is not an impossible task to better-secure your systems and while there is no silver-bullet, it’s a relatively straight-forward set of tools that can drastically help secure your systems.  After all, if your computers aren’t cooperating, it can have a major impact on your business.

[hr]

OpenDNS

opendns_logo

Consignment and resale shops spend a lot of time online searching for pricing and pictures, as well as working on social media.  This puts consignment stores at the front-line of where malware and unwanted software can make its way into your systems.

OpenDNS is a service that provides web filtering, which helps prevent bad or unwanted websites from being accessed by employees.  From malware after searching for “free image editing software” to browser infections/search redirects, one of the first places that should be filtered are the websites your computers can access.

In addition to blocking known-malware sites, adult content sites, etc. OpenDNS also lets you block or allow specific websites, as well as view reports of your store’s Internet and search activity.

Once you have registered for an OpenDNS account, all you’ll need to do is update your router’s DNS Servers.

[hr]

Firefox

firefox_huge2The *thing* you browse the web with is commonly referred to as a Web Browser.  On Windows-based computers, Internet Explorer is the default/included browser.  On Macs, Safari is the default browser.  You do not have to use the included browser and you can generally have a safer browsing experience by switching browsers.

Two popular alternatives are Firefox and Google Chrome.  While we utilize each browser for a variety of purposes, we typically recommend Firefox to our clients.  Installing an alternative web browser alone, is not enough to make browsing online safer.  We work with a lot of clients whose browsers are infected with search redirects and other hijacks, yet they felt they were protected from this simply by using Firefox or Chrome.

We feel we can better-secure our clients systems with Firefox.  With Firefox, along with the plugins we outline below (i.e. NoScript, AdBlock Plus & Public Fox), you can establish a first-line of defense as you browse the wild wild web.

Firefox is free and open source.  Once installed, we also recommend enabling Do Not Track.

[hr]

NoScript

noscript_logoWhen you click a link and visit a website, by default, that website can do quite a bit of things – all without you knowing.  It’s sort of like letting anyone just come in to your house and start going through your things.  Better is it to take the approach that no website is trusted and only those on your Allowed list can load.

NoScript makes this process very easy, providing you with a quick ‘Allow’ of a website you trust and plan on visiting more than once.  NoScript also does a great job of picking-out the other 3rd party websites that are loading in the background, as well as other types of active content which can harm your computer.

Of all the ways to block things such as Javascript, Flash, and hidden content, we feel NoScript is the best way to control your web browsing experience.  NoScript is one of the most effective tools at stopping *crap* from making is way into your computers in the first place.

[hr]

AdBlock Plus

abp_logoAds are not only a visual annoyance, they are a common source of malware.  Even popular, trusted websites can have compromised ads which can load malware and malicious content on unsuspecting users’ systems.

We love AdBlock Plus.  Combined with NoScript, you can have a safe, controlled, clean web browsing experience and help keep your systems clean long before malware even has a chance to run.

Once installed, be sure to enable AdBlock Plus’ anti-malware features, as well as disable the ‘Allow some un-intrusive ads’ option.

[hr]

Public Fox

PadlockNow that you have your Firefox installation secured and configured to your liking, wouldn’t it be nice if you could protect those settings from being changed?

With Public Fox you can.  Public Fox essentially treats the web browser as though it’s in-use on a ‘public’ computer.  You can password protect your Options and block downloads.

By no means is this alone meant to be a way of protecting a system, but Public Fox can help curb unwanted changes and downloads to your systems.

[hr]

Non-Admin User Accounts

windows-7-user-iconBy default, when you purchase a Windows-based computer, the only user account will have full Administrator access.  If you do not configure at least one user account for yourself and/or the store, you’re granting full control of your computer to your employees and whatever they might stumble upon out there on the web.

It is best-practice to not utilize a full admin account and instead, log in with a Standard User/restricted account.  This can help prevent major changes to your systems, such as installing/uninstalling software.

We also recommend taking this one step further and on Professional versions of Windows, configuring Group Policy to lock-down additional aspects of the system – e.g. prevent printers from being deleted, etc.

[hr]

Patch Management

patch_managementWith many systems using default configurations @ Administrator accounts, Internet Explorer, and no antivirus, computers without Patch Management are just sitting ducks.

Security holes in commonly used programs such as Adobe Reader, Adobe Flash, and Java are frequently and actively exploited.  These programs do not automatically update and regularly require user intervention to make sure they are updated + system rebooted.  With even two computers in a consignment shop, just keeping programs patched and updated can quickly become a challenge.

Emails with fake PDFs or Word Docs are commonly the source of these sort of attacks and with many email providers not filtering-out messages like this, un-patched systems are waiting to be compromised.

[hr]

The the combo of OPenDNS + Firefox + NoScript + AdBlock can benefit users of all platforms.  Most of what you do is online these days and for many, the web browser is all they use their computer for.  Browser infections/hijacks impact users of ALL platforms.

SourceForge Injecting Malware In To Software Installers

SourceForge Malware

A popular and long-standing software download site, SourceForge, is injecting malware in to its software installers.  If you go to Google and search for ‘free whatever software’, chances are you’ll stumble upon SourceForge.

For example, if you attempt to download a popular FTP program, FileZilla, you will not be receiving an installer for just FileZilla.  Instead, you’ll find an installer loaded up with adware and malware.

If you’re utilizing ESET Nod32 Antivirus, it detects the installer’s injected payload:

[hr]

ESET Detecting PUP on SourceForge
ESET Detecting PUP on SourceForge

[hr]

So it looks like SourceForge has gone the same route as CNET.  I have personally avoided both sites for years and if you’re looking for installers for common programs, Ninite is a legitimate solution.

Antivirus Alone Isn’t Enough

Securing consignment systems involves more than just installing free antivirus software and hoping all goes well.  Antivirus alone isn’t enough when it comes to securing or ‘hardening’ a consignment system.  For this first and most-basic layer of protection, we recommend ESET Nod32 Antivirus.

Don’t just download and install Nod32 and think all is well, oh no.  Please take the time to configure ESET, from logging of all objects, to storing logs for 365 days; to enabling the appropriate modules, to password protecting settings.

Configure ESET As Per the PCI DSS

You can’t stop at just antivirus.

The user you log in to Windows as should not be an Administrator.  Configure a restricted account and appropriately configure your Windows NTFS Permissions to allow your consignment software and other applications to run.  Harden your operating system – e.g. disable hidden admin shares, configure Group Policy, etc.

That’s still not enough.

We recommend utilizing Firefox, not Chrome or Internet Explorer.  Chrome relies on Internet Explorer’s settings, so if those settings are ever targeted and compromised, Chrome is also infected.  For Firefox, implement the following add-ons: NoScript, AdBlock, and Public Fox.  The final of those, providing you with a way to password protect your settings, block downloads, and prevent browsing history from being cleared.

Implement the built-in web filtering + monitoring service within Windows known as Parental Controls.  This involves installing the Family Safety pack and registering for a Windows Live account.  Once implemented, you can view all web activity, block sites, and prevent malicious content from being accessed.

That’s still not enough though.

Implement a new set of DNS servers at your Internet gateway.  Comodo is a bit strict, but for a consignment store actively browsing the Internet, strict is good.  OpenDNS is also great for catching malicious domains and content.

It can keep going from there too.  If you have Adobe Reader, Adobe Flash, Java, etc. installed, Patch Management really is the only way to keep those programs updated 24 hours a day.

The point is, antivirus alone simply isn’t enough.

[hr size=’big’]

Here’s a handy checklist for consignment store owners:

[checklist]

  • Utilize ESET Nod32 Antivirus + configure as per the PCI DSS.
  • Do not log in to Windows as an Administrator
  • Further secure the operating system via Group Policy
  • Implement Microsoft’s web filtering/monitoring via Parental Controls
  • Utilize Firefox.  Install NoScript, AdBlock Plus, and Public Fox.  Password protect Firefox via Public Fox
  • Implement secure DNS servers, such as Comodo or OpenDNS

[/checklist]

[Critical] Vulnerabilities In Adobe Reader and Acrobat | Affects Linux, Macintosh, and Windows

Acrobat Vulnerability

Critical security vulnerabilities in Adobe Acrobat and Adobe Reader have been identified and Adobe has issued a security advisory.  These are being actively exploited in the wild by sending users malicious PDF files.

This affects users of Linux systems, Macs, or Windows.

Told You So

Adobe is recommending users enable Protected View  via Edit > Preferences > Security (Enhanced).

Reader/Acrobat Protected View
Protected View | Click to Enlarge

Unfortunately, this security feature is not enabled by default.  Thanks, Adobe.

This is one of the many reasons we recommend using SumatraPDF (via Ninite.com).  It is lightweight, functional, and it’s one additional layer of protection against attacks.

For clients on our System Monitoring w/ Patch Management service, we will be addressing this issue for you.

Speedtest.net Recently Compromised

Speedtest.net

The most popular internet speedtest site, Speedtest.net, was recently compromised.  They have since fixed the issue and the site is no longer infected, but if you visited the site within the last few days and if you have Java installed, lookout.

Invincea has a fantastic dissection of the payload the infected site was delivering.  This is a great opportunity to discuss how completely legitimate websites – e.g. Speedtest.net – can infect your system.  It doesn’t have to be a *questionable* website or suspicious email that leads to infection.  Websites can be compromised in any number of ways and commonly, 3rd party ads on websites are how malicious activity can sneak-in.

There is no single solution to security.  Security is a multi-layered approach.  With AdBlock and NoScript installed, you’re knocking off a good chunk of attacks before they even get a chance to start.  By running ESET Nod32 antivirus and Malwarebytes’ Anti-Malware Pro, you’re giving your system the best chance at fighting off anything that makes its way onto your system.  Changing your DNS to a faster and more-secure service, such as Google Public DNS, Comodo, or OpenDNS, helps keep the pool of sites you bump into, as safe as possible.  A hardware firewall, updated applications (and only essential applications installed), and user-awareness add to the security sandwich.

So keep your wits about ya, folks.  Don’t think that just because you’re browsing legitimate sites, you’re not vulnerable to attack.

For those interested in an alternative to Speedtest.net, there is an HTML5/no Java/no Flash service provided by SpeedOf.Me.

ESET Nod32 Version 6 Released Today

ESET Nod32 Version 6

ESET Nod32 Version 6 was released today.  By default, ESET Nod32 does not check for and install new program updates automatically.  For any clients on our Monthly Support Plan or any clients who have purchased consignment workstations or database servers from The Computer Peeps and as per PCI DSS, this is one of the many adjustments we make to properly secure your system.  Your systems will update automatically.

To manually check for program updates, visit the Updates tab of ESET and then click the Check button.  ESET will check for the latest update…

ESET Manually Check for Updates
ESET Manually Check for Updates

[hr]

[info_box style=”notice”]Tip: Setup > Enter Advanced Setup > Update > Advanced Update Setup > Setup to enable the Regularly check for latest product version option, as well as the ‘Always update program components’ option.[/info_box]

[hr]

Once ESET has checked and found the latest update, click Install

ESET Nod32 Install Update
ESET Nod32 Install Update

ESET will require a reboot once this update has been installed…

ESET Restart Recommended
ESET Restart Recommended

The new version is for the most part, the same as version 5 and is not a complete departure.  That being said, ESET has added handy new features and optimized program performance even more than before.

They’ve added a new Social Media Scanner, which we highly recommend enabling and installing.

ESET Social Media Scanner
ESET Social Media Scanner

You’ll be prompted to install ESET’s Facebook app…

ESET Facebook App
ESET Facebook App

This new extension of ESET, protects your Facebook page by scanning for malicious posts, links, and messages.  It can even alert your friends, if they have malicious content on their Facebook walls.

ESET Facebook App Scan
ESET Facebook App Scan

The settings available cover options such as email notifications and whether or not the ESET app should ‘reply’ to posts from infected/malicious posters…

ESET Facebook App Settings
ESET Facebook App Settings

Overall, this has been a smooth update thus far.  Make sure your antivirus is updating automatically, but as always, make sure you’re taking all the precautions to manage your systems – e.g. file backups, system images, database backups, etc.

For clients on our new System Monitoring & Patch Management Service, we’ll be alerted as each system automatically updates to the latest version of ESET and we will be checking on each and every system…

Peeps' System Monitor ESET Nod32 Installation Alert
Peeps’ System Monitor ESET Nod32 Installation Alert

If you have any questions or comments, feel free to post below!

Malwarebytes Update, New Look

Malwarebytes

This week, Malwarebytes released v1.70 which brings with it a slightly updated look.  The interface and program are still the same, but they’ve implemented their new logo/color palette throughout the application.

Before:

 

Malwarebytes' Anti-Malware Pro (Old Icon)
Malwarebytes’ Anti-Malware Pro (Old Icon)

After:

 

Malwarebytes' Anti-Malware Pro (New Icon)
Malwarebytes’ Anti-Malware Pro (New Icon)

We just wanted to point this out so everyone running Malwarbytes’ Anti-Malware Pro knows MBAM is still running and protecting your system; it’s just no longer using the traditional red ‘M’ icon.

Back To Top