Skip to content

New Zeus Trojan In The Wild

Two weeks ago, both UK and US authorities arrested dozens of members of an internet piracy gang for involvement in an online scam aimed at stealing banking passwords (CNET).

The scam involved spreading the Zeus Trojan bot or “Zbot”.

This week, other piracy gangs seem to have stepped in with a modified and improved version of the Zeus bot aimed primarily at hijacking Charles Schwab investment accounts.  This new bot is primarily spread by fake Linkedin reminders including disguised links to malicious sites.  Once the user clicks on the link, the malicious site will attempt  a large number of exploits looking for one that works.  Once the workstation is infected, a number of exploits are downloaded to the workstation which silently listen in for usernames and passwords to a number of banking sites.  These exploits run silently so it’s almost impossible to tell that your PC has been infected.

More concerning is that a new study concludes that most antivirus software will not be able to detect the new Zeus Trojan.  It avoids heuristic detection techniques used by anti-virus proactive defense mechanisms to predict which segments of code will trigger alarms and carefully avoids them:

http://www.computerworld.com/s/article/9191479/Zeus_botnet_gang_targets_Charles_Schwab_accounts

It also launches a confirmation window while you are visiting the legitimate Schwab site, asking for additional info such as your mother’s maiden name, which hackers can later use to verify that they are a legitimate account holder.

We have not had an opportunity to decide whether or not Kaspersky (which most of our clients use) will be able to detect or prevent this exploit, therefore, as a precautionary measure, we suggest the following steps:

  1. Apply Microsoft patches diligently;
  2. Most of our clients user Kaspersky with auto-update enabled by default; however if your anti-virus is expired or if the virus definitions are out of date, update it immediately;
  3. Do not open emails with subject of “LinkedIn Reminder” or “XYZ wants to connect on LinkedIn” or similar titles;
  4. If you see a pop-up window asking for additional info, such as mother’s maiden name, drivers license number or employer while visiting the legitimate Schwab website or any other banking website, DO NOT fill it out.  Call their support immediately.


Bookmark and Share

Posted in Anti Virus, Malware, Network Security.

No comments

By admin 10/17/2010

Firefox 3.5 Session Restore Problem

If you updated your Firefox to the current release level (3.5.7 as of this writing), you may have noticed that Mozilla – in their infinite wisdom -  made a change to the default settings, so that if Freefox crashes unexpectedly and you re-launch the browser, it will try to reopen the sessions (or tabs, or windows as the case may be).  Well this is all well-intentioned, I’m sure, however, Firefox doesn’t crash easily, and the most like cause if invalid code or corrupt data being fed from the site you are visiting and if that caused the crash in the first place, well guess what – it will crash again and again, and you’ll be stuck in a loop and that can be frustrating.  Therefore,  I recommend disabling this particular feature by following these steps:

(Before you start, if you are stuck in the loop, disconnect your internet connection first, so that the offending page can’t load)

  1. Open Firefox and in the address bar type “about:config” without the quotation marks (notice the colon between “about” and “config”)
  2. In the search field, type “sessionstore” and navigate down to browser.sessionstore.resumte_from_crash
  3. Double click the line to change the value from default setting of “true” to “false”

Firefox session restore from crash

Bookmark and Share

Posted in Uncategorized.

No comments

By admin 01/10/2010

How to invoke “god mode” in Windows 7

Borrowing the terminology from the gaming industry, Ina Fried of CNET discusses how to enable the hidden system option termed “god mode”  in Windows 7 which enables the user to tweak and fine tune the features and performance of Windows 7.  It is only safe to use with the 32-bit version of Windows 7 (and we understand that this will work with Windows Vista as well).  To enable it: Continued…

Posted in Uncategorized.

No comments

By admin 01/10/2010

How to Disable Javascript in Acrobat Reader

Adobe’s Acrobat Reader has been the source of many security vulnerabilities lately.  We recommend, in addition to keeping your software patched and up to date, to also disable the Javascript feature.  Here’s how:

1.  Launch Acrobat Reader
2.  From the menu, select Edit, Preferences
3.  Click on the Javascript category

acrobat-javascript

4.  Uncheck “Enable Acrobat Javascript”

acrobat-javascript-disable5.  While you are in Acrobat, you might as well check to make sure you are running the latest version by checking for updates/patches:

acrobat-check-for-updates

Bookmark and Share

Posted in Uncategorized.

No comments

By admin 12/15/2009

Orange County Data Centers

Data CenterWe get asked this question a lot: “Where can I co-locate my servers.” and “Which data centers do you recommend?”. Continued…

Posted in Data Centers.

No comments

By admin 10/29/2009

Fortinet’s Customer Support

I admit I am not an avid Fortinet enthusiast.  I tend to stick to the products I know well and am confident about he product itself and more importantly about the level of support they offer if I get into a jam.  As far a firewalls go, that mean SonicWall, Juniper and Cisco are among my faves.

But today I got a call from a new client who, on the advice of, not one, but two other network admins had purchased a Fortinet FWF-80CM which is an entry level firewall with wireless and VPN capabilities.  He needs  some help setting it up to work with a Toshiba VOIP system with the SIP server on the trust side and the IP phones remote.  OK, so I’m thinking how hard can it be, right?  After all I’ve done the same thing dozens of times on Junipers and SonicWalls.  All you have to do it forward the VOIP ports or put the Toshiba in the DMZ zone, right?  Wrong.  I tried both methods to no avail, so ended up calling Fortinet support. Continued…

Posted in Firewall, Network Security.

No comments

By admin 09/17/2009

Offsite Backup on a shoestring budget

Recently I had a client with a very tight budget for whom I had to set up a low-cost or no-cost off-site backup strategy. If you run or administer a business network, then you probably already know that off-site backups are not just luxury reserved for the Fortune 500 companies. Off-site backup is a crucial and indispensable tool for EVERY business, even one-man shops. The possibility of losing your customer files, accounting data, tax information and basically everything in your file server in the event of a fire, theft, flood or other disaster is not something most of us can live with, especially if we are in charge of safeguarding the IT department and asset.

OK, back to this client. She has a successful company housed in an office in Irvine with about 10 user. Email and website are hosted elsewhere so the regular backup strategy is pretty straightforward and simple to set up and monitor. Put in a local NAS drive, set up scheduled nightly backups with Windows task scheduler and you’re done. Easy enough.

Now what do you do about off-site backups? This same client got broken into a few months ago and thieves took a laptop and a few other goodies, but thankfully they left the file server, the NAS drive, the switches, and other network components alone. So the urgency of doing offsite backups became woefully apparent. I have a couple of other clients using Mozy.com and I am happy with the results, although it does cost about a $1-2 per GB. So for this client the cost would be over $1,000 per year, which would be nice if we could mitigate. Furthermore, last time I had to restore file from Mozy, I had to call them and have them “prepare” a restore CD and FedEx it to us and that took about 3 days. I’m not too thrilled about that, although I like Mozy as a company and their software is pretty much fire and forget. Once you set it up right, it just works and it has nice features like bandwidth throttling and time of day scheduling and most importantly it runs as a Windows service not an executable, so you don’t have to stay logged on to the server or whatever machine is doing the backup. Continued…

Posted in Backup, Data Recovery, Disaster Recovery.

1 comment

By admin 02/18/2009

Dealing with spam

By some estimates, spam costs US companies more than $20 billion a year in lost productivity. In a recent study, Nucleus Research put that figure at $712 per employee per year.

While there is no method to completely eliminate spam from the workspace, very effective measures can be put in place to eliminate at least 99.9% of it In this article I shall discuss some of the common sense methods to avoid spam in the first place, as well as some of the business class spam- fighting strategies.

Steps to avoid spammers in the first place

  • Don’t publish your email – This is common sense, but if your email is published on your web site, you are probably already receiving a lot of spam. The proper way to allow the public to contact you via your web site is to have a CGI mailform which allows the user to fill in their contact requests and it allows the server to turn that request into an email and send it to you without exposing your actual email on your web site
  • Don’t use your email on sites you don’t trust – For example if there is a site offering a promotion or a free vacation, don’t use your regular business email. If you absolutely have to give out your email to untrusted sites, first create a public email on a free site such as GMail or yahoo and use that email instead.
  • Don’t reply to spam – Many spammers will harvest your email by scouring the web and once they find you they will send out some spam. If you happen to respond to it, even if you complain or to ask not to be emailed again, then they know they have a valid email and will continue sending you spam. It is reasonable to assume that spammers have no scruples.
  • Use Encrypted Emails Portals – If you are away from the office and are using your business email portal (e.g. Outlook Web Access) or a public email exchange, make sure you are on an encrypted channel. You can tell if you are on an encrypted channel by the small lock symbol at the bottom of your browser. If you don’t see the lock symbol on a page, don’t enter your email on that page. If you business email portal doesn’t have encryption (SSL) put one in place. Bear in mind that anything you type or send over an unencrypted channel (including emails and passwords) travels in plain text and can easily be intercepted and revealed, especially if you use a wireless connection. Continued…

Posted in Spam Filtering.

1 comment

By admin 09/12/2008

How to design a backup strategy

For every business, there will come a time when critical files are lost, damaged or deleted, sometimes by accident and sometimes intentionally as in the case of a fire or theft or a security breach (think disgruntled employees or and ex-employee with an axe to grind). Having a sound backup strategy will assure continuity of business and the peace of mind that comes with having a backup of all the files and databases you need when they are needed.

One of the most common mistakes businesses, as well as individuals make is putting a backup system (e.g. tape or removable drives) in place and never testing to see if what is being backed up can be readily and reliably restored. Much like your insurance policy or the spare battery in your smoke alarm, if you don’t test the validity of your backup, by the time you find out you need it, it would be too late. In this article we will discuss some of the common techniques and best practices used by businesses today.

Backup Medium

  • Tape – Although an aging technology which has changed little in the past three decades, backup to tape media is still the most common form used today. Tape has the advantage of long shelf life (2 – 4 yrs.), low cost and simple operation. Vendors such as IBM and Dell make tape solutions capable of backing up up to 1TB or more per tape and practically limitless size for tape libraries. Two of the major disadvantages of using tape are a) high cost of tape drives and tape libraries and b) Slow backup and restore times.
  • Disk – Backing up to a disk or more likely a disk array, has become very popular in recent years, primarily because of the declining price of disk drives and the speed of backups and restores.
  • Removable Media – Many small business use removable disk drives such as iOmega to back up their critical files. the major shortcoming of the method is the limited space typically offered by such media and the fact that it is a manual process and requires discipline to do it consistently.
  • On-Line – Many business and individuals are turning to on-line backup services such as Mozy and HP. The greatest advantage of this method is physical separation (discussed below). However to be done properly and reliably, at a minimum you need to have T-1 connection speeds and the backup needs to carefully configured to not overwhelm the bandwidth (which it shares will all the users). Most on-line backup service providers charge on a per-Gigabyte basis. In other words, the more data you have to back up the more you pay. In recent years Amazon and iDrive have come up with relatively low cost or free solutions, however these services are primarily targeted to individual users, not businesses, as they are either limited in the size of backup allowed, or are not compatible to be run on servers where business data usually resides. Continued…

Posted in Backup, Data Recovery, Desktop Security.

1 comment

By admin 07/25/2008

Virus Protection

In this article I would like to go over some of the common sense strategies to avoid being victimized by viruses, trojans, worms, and other malware. First I would like to discuss some web surfing and computer usage behaviors that either contribute to or reduce the likelihood of being infected by viruses and then I will discuss some software solutions. The ideas below apply equally well to individual/home users as well as to corporate users.

Common sense steps to avoid computer viruses

  • Create a non-admin user account – As a corporate network administrator, I generally do not give administrative privileges to users. What this means is that the employee or user can use their computer most if not all common tasks such as creating and saving Office documents, using email, browsing the internet, etc. However they cannot install any software. Since most viruses these days come from the web, if the user does not have the ability to install any new software, then nor does any computer virus which may try to sneak in while he/she is doing the browsing. If you are a home user or have a PC or laptop at home, I recommend creating a non-admin user on your local PC and use that account for all you activities. If you even need to perform some functions that require administrative privileges, such as installing new software, you can always log in as an administrator, perform those functions and re login as the your regular non-admin account.
  • Don’t use your email on sites you don’t trust – For example if there is a site offering a promotion or a free vacation, don’t use your regular business email. If you absolutely have to give out your email to untrusted sites, first create a public email on a free site such as GMail or yahoo and use that email instead.
  • Don’t reply to spam – Many spammers will harvest your email by scouring the web and once they find you they will send out some spam. If you happen to respond to it, even if you complain or to ask not to be emailed again, then they know they have a valid email and will continue sending you spam. It is reasonable to assume that spammers have no scruples.
  • Use Encrypted Emails Portals – If you are away from the office and are using your business email portal (e.g. Outlook Web Access) or a public email exchange, make sure you are on an encrypted channel. You can tell if you are on an encrypted channel by the small lock symbol at the bottom of your browser. If you don’t see the lock symbol on a page, don’t enter your email on that page. If you business email portal doesn’t have encryption (SSL) put one in place. Bear in mind that anything you type or send over an unencrypted channel (including emails and passwords) travels in plain text and can easily be intercepted and revealed, especially if you use a wireless connection. Continued…

Posted in Anti Virus, Malware.

1 comment

By admin 06/05/2008

We provide computer service, support & repair, data & disaster recovery, firewall & network security, server installation & repair & IT support services for Orange County, CA, Aliso Viejo, Anaheim, Anaheim Hills, Brea, Buena Park, Corona Del Mar, Costa Mesa, Cypress, Fullerton, Foothill Ranch, Garden Grove, Irvine, Huntington Beach, Irvine, Laguna Hills, Los Alamitos, Mission Viejo, Newport Beach, Placentia, San Juan Capistrano, Seal Beach, Santa Margarita, Santa Ana, Seal Beach, South Coast Metro district, South Long Beach, Stanton, Tustin, Westminster and the Greater Orange County area.