The scam involved spreading the Zeus Trojan bot or “Zbot”.

This week, other piracy gangs seem to have stepped in with a modified and improved version of the Zeus bot aimed primarily at hijacking Charles Schwab investment accounts.  This new bot is primarily spread by fake Linkedin reminders including disguised links to malicious sites.  Once the user clicks on the link, the malicious site will attempt  a large number of exploits looking for one that works.  Once the workstation is infected, a number of exploits are downloaded to the workstation which silently listen in for usernames and passwords to a number of banking sites.  These exploits run silently so it’s almost impossible to tell that your PC has been infected.

More concerning is that a new study concludes that most antivirus software will not be able to detect the new Zeus Trojan.  It avoids heuristic detection techniques used by anti-virus proactive defense mechanisms to predict which segments of code will trigger alarms and carefully avoids them:

http://www.computerworld.com/s/article/9191479/Zeus_botnet_gang_targets_Charles_Schwab_accounts

It also launches a confirmation window while you are visiting the legitimate Schwab site, asking for additional info such as your mother’s maiden name, which hackers can later use to verify that they are a legitimate account holder.

We have not had an opportunity to decide whether or not Kaspersky (which most of our clients use) will be able to detect or prevent this exploit, therefore, as a precautionary measure, we suggest the following steps:

1. Apply Microsoft patches diligently;
2. Most of our clients user Kaspersky with auto-update enabled by default; however if your anti-virus is expired or if the virus definitions are out of date, update it immediately;
3. Do not open emails with subject of “LinkedIn Reminder” or “XYZ wants to connect on LinkedIn” or similar titles;
4. If you see a pop-up window asking for additional info, such as mother’s maiden name, drivers license number or employer while visiting the legitimate Schwab website or any other banking website, DO NOT fill it out.  Call their support immediately.

But today I got a call from a new client who, on the advice of, not one, but two other network admins had purchased a Fortinet FWF-80CM which is an entry level firewall with wireless and VPN capabilities.  He needs  some help setting it up to work with a Toshiba VOIP system with the SIP server on the trust side and the IP phones remote.  OK, so I’m thinking how hard can it be, right?  After all I’ve done the same thing dozens of times on Junipers and SonicWalls.  All you have to do it forward the VOIP ports or put the Toshiba in the DMZ zone, right?  Wrong.  I tried both methods to no avail, so ended up calling Fortinet support.

First of all the guy on the other end sound like a high school dropout with a tendency to utter unfinished sentences. OK, no problem I can work with that.  I give all the relevant info like what I’m trying to accomplish, the environment, serial number, the works.  So he puts me on hold, comes back in 5 and gives me a ticket number and says someone will call me back in the next couple of days.  What the heck?  Next two days?  I ask him is this some kind of low 2nd tier support or do we need to pay more to talk to someone live (as in NOW).  His answer is “nope” this is the normal routine, i.e. there is no level of support I can possibly purchase to get live support for the kind of problem I was having.   I could not believe my ears.  This is a firewall manufacturer and they have no live support?  Are you kidding me?  What if this was a production unit and the entire company was offline?  What if this was a million-dollar-a-day company and we needed support NOW not four days from now?  Today being a Thursday and knowing they don’t have basic/standard support on weekends, I presume this could take as long as next Monday.  Furthermore they could not even give me a window when they would call.  So what am I support to do?  Go to the client site and just sit there the whole day to see when these guy feel like calling back?  You must be joking!

Contrast that with the kind of support you get from Juniper.  The support folks at Juniper are not only “god”s of networking as far as I’m concerned (and I’ve been eating, living and sleeping this stuff for 15 years) , but they are just fanatical about making sure they solve your problem.  If fact they will hunt you down with emails and follow up phone calls for days until they’re certain that whatever it is that you called about got resolved.  There is just no comparison.

I was just just floored by the nonchalant and careless attitude this company, Fortinet,  has toward customer support.  I’m really disappointed and am glad I never recommended their products to anyone.

After finishing the call, I looked at the client who was just an incredulous as I.  And my next statement was “You have to get rid of this ****.  You just can’t run a business this way”.

Bottom line, if you’re looking for a firewall, stay away from Fortinet.  That’s my recommendation and I’m sticking to it.