Category: Blog

FireEye, a network security firm based in Milpitas, California, recently issued a report detailing how malevolent hackers are using Google Docs and PowerShell to transmit a Trojan virus referred to as “Laziok”. Anyone who owns or manages a business should be aware of this Trojan attack. Even those who use personal computers at home for non-business purposes are vulnerable to the attack as well.

About the Laziok Trojan Attack

The Laziok Trojan was first identified a year ago when employed in a multi-tiered attack against energy companies across the Middle East. The virus was actually pinpointed on a Polish hosting service website used by those energy businesses. Laziok is best described as a combination of a program that steals information and a reconnaissance tool. The malware was employed through a threat group’s exploitation of an antiquated Windows weakness tracked with the label of “CVE-2012-0158”. This vulnerability implements the Trojan directly onto users’ computers.

Google Docs and Laziok

The FireEye report indicates that hackers apparently devised a highly creative method of bypassing Google’s stringent security checks. The hackers then uploaded the Laziok Trojan to Google Docs. The malware was originally uploaded last March and remained in place until FireEye made Google aware of its presence. Google regularly scans and blocks potentially harmful content on Google Docs to prevent such malware from harming its customers’ computing devices. It was widely assumed that Google Docs users would not be able to download malicious files from the popular file sharing / editing service until Laziok hit. It is clear that the malware found a way to slide in past Google’s extensive security scans. Thankfully, the malicious file has been successfully removed by Google so that users can no longer fetch it.

How the Laziok Trojan Attack Occurs

The attack was launched by uploading a highly complicated JavaScript code to take advantage of the aforementioned Windows vulnerability that is now being referred to as “Unicorn”. A VBScript was used to exploit the vulnerability upon users’ requests to access the particular page in question through the popular web browser Internet Explorer. Attackers relied on a means of exploitation referred to as “Godmode” that permits code written with VBScript to compromise the web browser’s sandbox. The script then proceeds to leverage Microsoft Windows’ PowerShell, a management program that automates and configurates computing tasks. PowerShell has been regularly abused by cyber thieves, especially throughout the past couple of years. PowerShell is used to download the Laziok Trojan from Google Docs and promptly execute it. This management framework is also favored by hackers as it is able to quickly and easily evade anti-virus software as it injects payloads right into memory. After infecting a computing device, Laziok proceeds to gather extensive information about the system including all of its antivirus programs.

IT Assistance for Small to Medium-sized Businesses

Social media continues to be a primary method of keeping in touch with friends and family — whether they live near or far. The average American does not just sit down on their couch after a long day at work and browse through their favorite site for a few minutes, though. Today. people access these sites from their mobile devices while they are on the go as well. This constant exposure to these sites means that it is more likely that you will fall victim to an innocuous-looking scam.

Sunglasses Scam

Who hasn’t seen a post by a friend on their social media page prompting them to purchase a pair of their favorite sunglasses at a steep discount? This is the result of your friend’s account being hacked, though it might not be apparent that this is the case at first. Instead, you might think that they are actually doing you a favor. After all, with the many outlet shops and overstock opportunities today, it makes perfect sense that your favorite type of sunglasses would be heavily discounted and that your friend would think of you.

How the Crooks Scam You

Once you click on the link included in the ad your friend posted, you’ll typically see an array of sunglasses from your favorite brand. Curiously, all them will be marked down by the same percentage points. Perhaps, though that does not seem strange to you, so you decide to purchase a few pairs at the great, heavily discounted price. Instead of going to a secure site that is protected by an industry-standard SSL certification, so that your credit card information is encrypted, you’ll be taken to a non-secure website that offers no protection whatsoever. Instead, your credit card information is transmitted to the scam artist in plain text and can be exploited in the future.

How to Protect Yourself

First, if it looks like it is too good to be true, then it nearly always is. Don’t fall for heavily discounted items and inquire on the manufacturer’s website or social media page about the validity of the ads claims before you complete on online transaction. If you are the person whose account is generating these ads, first change your password, then remove all apps that look suspicious. Finally, run a thorough virus scan from a trusted manufacturer on your computer.

As the owner of an IT company, we take the risk of your cybersecurity threats very seriously. In April 2016, Samba and Windows users discovered the potential dangers of the Badlock bug. This bug is in its infancy but could get worse. By understanding what Badlock is now, how it affects users, what signs to look out for, and how to get rid of it, you can prevent Badlock from ever worming its way into our clients’ computers.

What Is Badlock?

This new bug was discovered in March 2016 with its own .org site. It began affecting Samba and Windows users by April. Any Samba users running 3.6.x, 4.0.x, 4.1.x, 4.2.0 through 4.2.9, 4.3.0 through 4.3.6, and 4.4.0 could be targeted. Any Windows users running Windows XP, Windows 2000, Windows 2003, Windows 7, Windows Vista, Windows 8, Windows 8.1, and Windows 10 can be affected as well.

What Does Badlock Do?

Badlock affects both the Local Security Authority Domain Policy or LSAD and Security Account Manager or SAM protocols. This bug can then attack users’ computers in one of two ways:

• Denial-of-service attacks: Also known as DoS attacks, denial-of-service attacks can kill service, preventing users from getting online and doing other basic computer functions.
• Man-in-the-middle attacks: Also known as MITM attacks, man-in-the-middle attacks can affect up to two users at once, as the name suggests. A hacker or attacker can glean information and gain private access by changing the conversation stream and other data between two users.

How Do You Know If You Have Badlock?

It can be difficult to know if your clients have Badlock. To be on the safe side, you should consider sending out an email or making a video informing all your clients of what Badlock is and what it could do. If any of your clients report that their computer has been acting strangely, it’s best to address this as soon as possible.

How Can You Prevent Badlock?

At this point, the respective Samba and Windows teams are working tirelessly to prevent the spread of Badlock to any other users. Samba users can download an office patch that was released for SAMBA+ and Enterprise SAMBA. Windows users can report any instances of Badlock. However, Microsoft is optimistic that the company is doing a good job containing the bug.

Badlock: The Verdict

While Badlock sounds risky and scary in name alone, the consensus is that it’s not as detrimental as other bugs and vulnerabilities. Microsoft has an Exploitability Index where bugs are rated on a scale of one to 10. The tech giant rated Badlock a three out of 10. One reason Badlock isn’t causing a huge panic is because of its MITM method of attack, which requires any hacker to know a bit about the network they’re invading. That takes more time, patience, and dedication than random attacks.

Overall, you shouldn’t overlook Badlock entirely (especially if your clients use Samba or Windows), but with some education, your clients can prevent the spread of Badlock relatively easily. With enough awareness, it seems like the potentially dangerous Badlock bug can be contained and prevented from more widespread attacks.

A computer virus is at best a mild inconvenience that requires time and money to solve, and at worst something that compromises your personal security and crashes your whole system. At either end of the spectrum it is clearly something that should be avoided at all costs.

The very first computer virus was the Creeper program, which was designed not to harm computers but to display a message. The second was the Reaper program which was designed specifically to delete the Creeper. The first virus to get into the wild and spread, was the Elk Cloner. It to was mostly harmless and meant as a prank at first. Most virus’ are not as harmless as these, and despite efforts on many levels to prevent them new viruses emerge often. There are a few that have stood out in the past few years as particularly bad and/or far reaching.

Viruses You Should Know About

• Sobig.F: This version of the Sobig virus has been dubbed the “fastest growing virus in history.” The thing about this virus is it will come from people who are seemingly trustworthy. It may be a co-worker or friend who sends the email for all you know. The attachment will be labeled things such as “thank you”, or “wicked screen saver”, things that they may actually send you. When the attachment is opened it sends the virus to all the people on your email list spreading itself across the internet through email attachments.
• Blaster: This virus is also in the form of a worm that is spread through Microsoft Windows XP and Windows 2000. It could be spread without the user actually opening an attachment. The 18-year-old creator was sentenced to 18 months in prison, despite the virus not being known for being particularly harmful because it was far reaching and the implications of a worm spread without the user opening an attachment is disturbing, even if it was isolated to one operating system.
• My Doom Virus: This virus has been dubbed the worst ever. It is a worm like Sobig, but shortly after it emerged it accounted for 20 percent to 30 percent of the email traffic in a single day. Slowing systems and spreading faster than anyone could have expected.

What Can You Do to Protect Yourself and Your Company?

• Do not open e-mails that look suspicious or from an unknown sender.
• Do not ever open an e-mail attachment unless it is from a sender you know and you are expecting it.
• Keep your anti-virus software up to date.
• Also keep in mind that if your computer is running very slowly, something is wrong. Chances are it is a virus of some sort and you should get it checked out by professionals for both increased security and speed.

At Data Magic Computer Services we offer IT services at the level you need. From full data management, to co-management, to consulting and development. Contact us today to increase your company’s security and prevent any of these viruses from effecting your business. If your personal or work computer is infiltrated by any virus we can help remove it and repair whatever weakness allowed it in to begin with.

I can think of few accessories more essential to computing than the mouse. This device made computer use more friendly. The ability to point and click revolutionized home and business computing.

It is easy to take the computer mouse for granted. I have grown accustomed to using it. In fact, to me, a mouse is a virtually natural extension of the computer, seemingly indistinguishable.

Yet, problems always seem to accompany progress. Such is the case with the mouse and wireless keyboard. As it turns out, these helpful devices may be letting in viruses and hackers.

That is right. Many computer users are unknowingly vulnerable. I recently came to learn that the mouse and wireless keyboards we love so much are highly susceptible to cyberattacks.

Wi-Fi Connections to Blame

As is true of many of you, I use Wi-Fi daily. I try not to dwell on all the security dangers possible because of Wi-Fi. Unfortunately, the reality is that just as colds can spread when people cough and sneeze into the air, computer viruses disseminate via Wi-Fi signals.

My Beloved Wireless Mouse

I was so excited when I brought home my first wireless mouse. The ability to slide the device around the table without a cable proved optimal in my work. The thought that I could possibly be the victim of a hacker virus never occurred.

Now, wireless mice and keyboards are a primary means of contracting the so-called MouseJack virus, created by hackers.

How Hackers Get Inside the System

Wireless mice and keyboards connect to the actual computer via a dongle, which translates user actions from the devices back to the computer. So, when I type or click on something using a wireless device, there is a moment when my information is out there in cyberspace. Guess what? That is how hackers can intercept data and get into the system.

A hacker who wants to steal my information or install a virus only need be within 100 meters of the computer to cause havoc.

Brands with Known Problems

Right now, there are certain brands that exhibit weaker defenses than others to these wireless attacks. The names include:

• Dell
• HP
• Lenovo
• Linux
• Logitech
• Macs
• Windows PCs

Fighting Back

Using a Bluetooth-enabled mouse or keyboard is the best way to protect against these cyberattacks. Bluetooth technology comes with standard security that keeps out known viruses and provides defenses against hacking.

It is also possible to get a firmware patch from the computer or accessory manufacturer.

Final Thoughts

Small businesses, such as mine, must remain extra vigilant about security. I lack the financial resources to buy a whole new computer system if one falls victim to a serious hack attack. Nor can I afford to lose any sensitive data that could cost me clients.

I strongly advise that anyone serious about remaining safe in cyberspace take precautions as soon as possible.

The behemoth, Microsoft Inc., finds itself in ongoing talk as software platforms online unanimously rave of a springtime upgrade being made. These digital communities are buzzing: debates and analysis for an emerging SharePoint platform to be made official this year.

The Redmond, Wash., software organization, on March 14, 2016, announced its most recent “released to manufacturing” for the SharePoint 2016 development and amid expectations. The latest version is a 2013 model. The RTM has been expected by numerous companies lately as design features are already live in their accounts.

You see, Microsoft has already released SharePoint’s new search service to its primary consumer. The “free” upgrade gives the software developer a slight edge in upselling SharePoint 2016 to all current users.

The new search capabilities allows data to be accessed from multiple Microsoft products, but through one search key now found in all related software. It’s a maneuver taken by the corporation as the software company is distancing itself from the suspicion and speculation forums are creating.

They question the usefulness of this year’s version and from its 2013 predecessor.

Some may argue these new benefits as slight at best.

Yet contrary to skepticism, the new development for 2016 provides various functions, the user, usually an account holder in a SharePoint work space, can benefit from it indefinitely. Microsoft is not, without notice, changing the entire functions the software has and therefore retain great market share by incorporating more functions relevant to its end user.

So SharePoint 2016 will still be a digital workspace for the B2B consumers and its intranet uses among employees. One that is enhanced and more accommodating for expanding hardware technology, mobile devices and touch screen capabilities. Its chief function is with fair-sized businesses and among employees sharing, viewing or accessing privatized data.

Time can only tell how soon companies will adapt and upgrade to the new program. Microsoft will phase out the support options it offers to the program’s previous versions that a lot are still using.

As stated by Microsoft’s very own SharePoint general manager, Set Patton,”This is an important milestone.

The release, as stated in RTM, is scheduled for imminent spring of 2016.

The first edition of the program was released during 2001 in over 35 different languages worldwide and remains integral to many modern businesses. Users can still expect document management, personal cloud computing, enterprise social networking, workflow management, enterprise searches, intranet and extranet uses, and even business intelligence.

Office 365 is notoriously known for offering SharePoint as a service, though, it requires a larger infrastructure for installation and day-to-day processing. The requirements have not changed for the coming release be it password encrypted accounts or usernames.

The modifications are geared to improve user experience chiefly. Features, such as mobile diversity, will enable the program to provide better support in touch-enabled functions. IT professionals will see improved manageability and overall protection against leaks in data and intentional break-ins. They will experience simplicity of applications and information through the future’s mobile customization.