CryptoLocker
CryptoLocker is a ransomware program that was released around the beginning of September 2013. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted. Read more...
What it does:
- The virus makes Word, Excel, and pictures files unreadable to you by encrypting them.
- If infected these files cannot be unlocked or decrypted and must be restored from backup.
- This malicious software is not blocked by any anti-virus and spam programs currently.
What to look for:
- Open messages addressed to All Employees that are not from company management.
- Emails with the subject line "Voice Message from Unknown (675-643-3664)."
- Delete emails with files that contain zipped attachments from unknown sources.
What you should do:
- If you see any of the above symptoms email help@aldridge.com or call 832-209-2999 immediately.
- For further information see this article detailing the virus
Ron C. Cawthon – VP, Services Aldridge
Disable Java? Tech experts say yes
Java has become the no. 1 Web threat because it's everywhere and bad guys are taking full advantage. Read more...
Java users beware
If you haven't installed last week's Java update, now would be a good time. Read more...
Microsoft releases repair disk for botched KB 2823324 patch
In unprecedented move, Microsoft releases downloadable repair CD for users with Win7 systems bricked by MS13-036/KB 2823324 patch https://www.infoworld.com/t/microsoft-windows/microsoft-releases-repair-disk-botched-kb-2823324-patch-216786
"If your machine comes up with blue screens of death (BSODs) after installing Microsoft's ill-fated KB 2823324/MS13-036 patch, Microsoft has just made available a download that will get your system going again. "
Repair Disk for KB2823324 and KB2782476 (KB2840165) https://www.microsoft.com/en-us/download/details.aspx?id=38435
"To help customers who are experiencing difficulties restarting their systems after installation of security update 2823324, Microsoft is making available a bootable media ISO image through the Microsoft Download Center (DLC)."
Alert - Universal Plug and Play (UPnP) Vulnerability
Many, actually 81 million routers as of late last year, have a flaw that can allow a Universal Plug And Play (UPnP) packet request from the outside
world to be sent to your router and it will respond. With this packet and subsequent response from the router, configuration changes can be made to
your router, and therefore compromise the router.
It has been found that
in some cases even when UPnP is disabled in the router's menu, the router
WILL still be open to UPnP packet requests from the outside world and will
act upon them.
A test for this is at Steve Gibson's "Shields Up!" webpage.
Go to: https://www.grc.com/x/ne.dll?bh0bkyd2 click the "Proceed" button then
click "GRCs Instant UPnP Exposure Test".
For those interested in the specifics please see: Episode #389 - 30 Jan 2013 - 91 min. Listener Feedback #160 & UPnP Exposure Disaster
"Leo and I discuss the week's major security events and the disastrous
news of 81 million exposed vulnerable routers!..."
https://www.grc.com/securitynow.htm
Please test your routers for your security. If you fail, check to see if
there is a firmware update for that brand/model of router. If in doubt, call the Router Manufacturer and ask them how to correct this problem.
Subject: Consideration
If you receive an email with the subject: Consideration, please just delete it. It is spam.
Body of email:
From: Andreas <wmt-noreply@hal-pc.org>
Thank you for taking the time to contact us.
Within two weeks we should be able to provide you with a decision in regard to your question, and we want you to know that we will be giving your question our fullest consideration.
We would like to thank you again for your time and consideration and will be in touch with you as soon as we have some definitive information for you.
Also you can track your request by visiting our Tracking System Page.
Yours very truly, Andreas Jameson.
Subject: ADP Immediate Notification
If you receive an email with the subject: ADP Immediate Notification, please just delete it. It is spam.
Double check the identity of
websites you visit
When making online reservations or buying something from a website during these holidays, MAKE SURE you are at the proper site BEFORE giving credit card and other personal data. From hotforsecurity.com:
"Not only malware, phishing and spam keep the Bitdefender Labs busy.
Before and during the holidays, our antivirus specialists have a lot of
work with fraudulent websites and they keep a close eye on fake hotels,
whose number increases right before Christmas. The most recent example is that of a bogus London hotel that tries to
copy the name of a well-known brand." Read more...
More reasons to uninstall Java
A new attack that targets a security vulnerability in Oracle’s Java is spreading through the hacker underground. Read an overview of the problem and what Symantec has to say.
POSTCARD FROM HALLMARK
This message below is a fake virus threat. Do not forward it to your friends as a warning. Simply delete any message with the subject "Postcard from Hallmark".
You should be alert during the next few days. Do not open any message with an attachment entitled POSTCARD FROM HALLMARK, regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer.
This virus will be received from someone who has your e -mail address in his/her contact list. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of Virus.
This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.
FBI Moneypak Ransomware" or
"Reveton malware" is still active
FBI Issues Ransom Malware Warning After Being "Inundated" By Victims The FBI's Internet Crime Complaint Center (IC3) has issued an urgent warning about a major ransomware campaign after being "inundated" with complaints from U.S. consumers locked out of their PCs.
By John E Dunn Sat, August 11, 2012
Click here to read the article.
"The malware causing the damage is called Reveton, a drive-by attack incorporating the Citadel bank Trojan platform that has caused a largely unnoticed toll of misery since the beginning of 2012."
Fake Microsoft calls
claiming your computer is infected.
Below are some web sites on the subject.
- Trying to unmask the fake Microsoft support scammers! link
- Microsoft Windows Support Call Scams: 7 Facts link
- Virus phone scam being run from call centres in India link
The email with the subject: Authorize.Net
The email starts with: Successful Credit Card Settlement Report.
This email is a fake - delete it.
The email with "Wire transfer..."
as the subject is fake
The email starts with:
Dear Bank Account Operator,
WIRE TRANSFER: WRE-16179358912310241
CURRENT STATUS: PENDING
and appears to be from HALNet. Please delete this email without opening any attachments. It is a fake email. HALNet will never send you an email about Wire Transfers.
The email below is spam. If you have received it,
please delete and disregard it
Dear Webmail User,
Your mailbox has exceeded the allocated storage limit as set by the administrator, you may not be able to send or receive new mail until you upgrade your allocated quota.
To upgrade your quota, Please clickhere
Thank you for your anticipated cooperation.
System Administrator
For Webmail Support Team.
NCSAM
NCSAM is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident. Read more here and here.
Protect yourself:
- Do not click on suspicious links in email messages.
- Avoid providing any personal information when answering an email.
- Never enter personal information in a pop-up page or screen.
- When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
- Frequently update your security software which protects you from online phishing.
Critical Security fix for Flash player
Adobe made the second critical security fix release in a week for the Flash Player, fixing six important vulnerabilities. Read more... Updates are available for Windows, Mac, Linux and Android platforms. Windows and Mac users will need to update to v. 11.4.402.265 (Linux and Android should users see the advisory for their version numbers).
REVETON MALWARE:
freezes computer and fines you $100 to unlock it.
A new ransomware variant has been released. For those in the US, it will lock your computer, and display a message supposedly from the Computer Crime & Intellectual Property Section of the US Department of Justice claiming you have been visiting child pornography sites among other things. It will then ask you to pay a $100 fine. This is malware, and HAL-PC can help members unlock their computer without paying. This malware will also attempt to compromise any financial accounts used on the infected computer. Read more about it at: https://www.ic3.gov/media/2012/120530.aspx
More Alerts
Warning: GTA, Super Mario on
Google Play are Android malware
More malware has been discovered in the official Google Play store. While Google has removed the initial threats, a check shows that the search giant didn't do a very thorough clean up job. Read more...
IRS
Remember: The IRS does not send unsolicited e-mails to taxpayers. The IRS does not discuss tax account information with taxpayers via e-mail or use e-mail to solicit sensitive financial and personal information from taxpayers. The IRS does not request financial account security information, such as PIN numbers, from taxpayers. If you get a
notice about your refund, or advising you of a
delinquency, it is very likely a scammer. Read more...
Smart Fortress 2012 is a rogue anti-spyware program that pretends to be a legitimate security program, but is actually a program that purposely display false scan results, fake security alerts, and hijacks your computer so that you are not able to run your normal applications. Read more... Check this website for screenshots.
When you encounter one of these fake virus pop-ups while browsing, Do not touch any browser window to close it or browse further. Immediately press Ctrl-Alt-Del and bring up Task Manager and forcibly end all instances of iexplore.exe, if using Internet Explorer, or the executable for your browser for any other web browser. OR go to Start/Shut Down and restart the PC without touching any browser windows.
Fake email
IMPORTANT This was sent in by one of our users. A fake HAL-PC email that looks "real".
-----Original Message-----
From: HAL-PC WEBMAIL UPGRADE [mailto:info1@hal-pc.org]
Sent: Wednesday, March 14, 2012 6:12 PM
Subject: Dear HAL-PC Subscriber Dear HAL-PC Subscriber
A Computer Database Maintenance is currently going on. This Message is Very Important and its from the HAL-PC Co- operation webmail help desk. We are very concerned with stopping the proliferation of spam. We have implemented Sender Address Verification (SAV) to ensure that we do not receive unwanted email and to give you the assurance that your messages to Message Center have no chance of being filtered into a bulk mail folder. To help us re-set your password on our database prior to maintaining our database, you must reply to this e-mail and enter your Current Full email address ( ) and Password ( ). Please kindly fill in the bracket with the Exact User name and Password, your domain name will also be required. If you are the rightful of this account, Our message center will confirm your identity including the secret question and answer immediately and We apologize for the inconvenience this may cause you. We assure you more quality service at the end of this maintenance. The HAL-PC Web Email Software is a fast and light weight application to quickly and easily accessing your e-mail. Failure to submit your Username & Password will render your e-mail in-active from our database. Full Name: Username: Password: Alternate Email: Your account can also be verified using the link below: https://horde.hal-pc.org/horde/
HAL-PC Webmail Co-operationR Help Support. All content (c) Copyright 2011. Houston Area League of PC Users, Inc., all rights reserved. HAL-PC Webmail Service Co-operation
The above email is a fake.
Do not reply to it.
Simply delete it.
Alert
Several members have reported getting an email that starts with: THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM and appears to be coming from support@hal-pc.org. This is a scam. Do not reply to it. If you have, contact support ASAP.
Members are reporting a phishing email that reads: "Subject: Mailbox Update. To ensure quick, responsive e-mail services, it is necessary to establish limits on the amount of e-mail each user may store on the system." HAL-PC will never send you an email like this. Do not click on any links in this email.
Alert
Members are reporting a phishing email that reads: Your Mailbox Has Exceeded Its Storage Limit As Set By Your Administrator, And You Will Not Be Able To Receive New Mails Until You Re-Validate It. To Re- Validate - > Click Here System Administrator. This is a scam. Do not click on the link and enter your information. If you have, email support@hal-pc.org ASAP.
Some HAL-PC users have reported getting an email with the subject "Notice!" and a body with the text "You have 1 new Security Message Alert!" and link. Do
not click on the link. This is a phishing attempt, and the link takes you to a
FAKE Horde Webmail login page.
If you have entered your password on this page, contact support immediately.
How to avoid phishing attemps
Virtually all phishing attempts have a couple of tell-tale
signs:
- Something is urgent and/or you will suffer dire consequences unless you act right now.
- The acting right now involves clicking on a link in the email.
If you see those two things together, be extremely suspicious.
Always use a different password for every website you create a login for, so if one site is hacked, your other accounts will not be compromised. Never use your HAL-PC email password to create an account on another website.
Can you spot a phishing site?
Take the following quiz to find out just how good you are before you have to find out for real. There are 14 questions/sites, and at the end you can see not only how good you did, but what you missed and why. https://www.opendns.com/phishing-quiz/