Computer News & Safety – Harry Waldron Rotating Header Image

February 29th, 2016:

Malware – Malicious fake invoices with Word macro virus circulating

Graham Cluley’s security site shares awareness on avoiding fake invoice emails that are circulating with Word macro viruses embedded (a 20 year old attack method):

 

It’s been over 20 years since the first Word macro virus reared its ugly head and pulled the carpet from underneath the feet of computer users worldwide.  Up until then, it was pretty easy to know what to look out for – executable files (normally .EXE or .COM) and floppy disk boot sectors.

But macro viruses changed all that, infecting the templates inside Microsoft Office files – Word documents, Excel spreadsheets and Powerpoint presentations – where Microsoft had, rather unhelpfully from the security point of view, incorporated a macro language that could execute instructions.

And, of course, computer users were much more used to having Word documents and even (in some cases) spreadsheets sent to them via email than they were .EXE files, and so the opportunities for malware to spread successfully grew significantly.

419 Scams – Avoid the Casino Online Winner spammed email

Malwarebytes shares awareness on avoiding all scams that appear to good to be true as the “Casino Online Winner” scam is circulating currently:

https://blog.malwarebytes.org/fraud-scam/2016/02/avoid-this-casino-online-promotion-419-scam/

Remember the time when you won a ridiculous amount of money from a Casino you’d never heard of, much less visited?  Me neither, but as it turns out it doesn’t really matter when dealing with the wacky world of email spam – where winnings are often plentiful despite not actually taking part:

Dear Email User, Congratulations!!!!” You have won £3000.000.00 from SilverSands Casino Online Promotions”    We wish you success in our SilverSands Casino Online Promotions /Email Internet Program held in Republic of South Africa Announcement made today, Your Email Address was attached to Reference No: 04 08 09 11 36 50, Drew the Lucky winning No 11- 15 -16 -19 -22 -03 from 800,000 Email Addresses consequently won in the 1st Category. You have therefore Been Approved to claim a Star Prize of £3000.000.00 Three Million Pounds in cash credited to Power Ball No: 23 25-30-45-50-MB/2016. Payable through our Paying Agent in South Africa.

Below are your winning details for claiming
Winning Reference No: 04 08 09 11 36 50
Lucky winning No: 11- 15 -16 -19 -22 -03
Power Ball No: 23 25-30-45-50-MB/2016.
Amount Won: £3000,000.00

To claim Your Winning Prize Contact Mrs. Rachel Johnson Claim Director in our Paying Bank in South Africa for Immediate Release of your fund.

Contact Person: Mrs. Rachel Johnson
Telephone:

You are hereby advice to Contact Mrs. Rachel Johnson for your claim and send your information below with your winning details immediately via email to process your payment.

1.Your Full Name:
2.Your Postal or Residential Address:
3.Country:
4.Direct Mobile:
5.Age:
6.Gender:
7.Occupation:
8.Reference No:
9.Alternative Email:

WordPress Security – Over 26,000 websites impacted by DDoS Attacks

Active BOTNETs have been attacking the denial-of-service attacks against Word Press based sites (often used for blogs) as shared below.  

https://blog.sucuri.net/2016/02/wordpress-sites-leveraged-in-ddos-campaigns.html

We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The problem being that any WordPress website with the pingback feature enabled (its default setting) could be used to attack the availability of other websites. The attacks would inundate the web server with Layer 7 requests resulting in very large DDoS attacks.

If you are not familiar with the terminology, Layer 7 attacks (also known as http flood attacks) are a type DDoS attack that disrupts your server by exhausting its resources at the application layer, instead of the network layer. They do not require as many requests or as much bandwidth to cause damage; they are able to force a large consumption of memory and CPU on most PHP applications, CMSs and databases. We provide a more in depth explanation in our previous article – Analyzing Popular Layer 7 Application DDoS Attacks.

Massive Layer 7 attacks – Despite the potential reduction in value with the IP logging, attackers are still using this technique. Likely because website owners rarely check the user agent logs to derive the real IP address of visitors. For system administrators I highly recommend referring to it when performing your administrative and forensic tasks.

In a recent case we investigated, 26,000 different WordPress sites were generating a sustained rate of 10,000 to 11,000 HTTPS requests per second against one website. At some intervals, the attack would peak to almost 20,000 HTTPS requests per second. The attack started at 1pm (EST) and by midnight it was still ongoing.

Windows 10 – Kaspersky Cleaner removes temporary work files rather than malware

Kaspersky has introduced a new cleaner tool to remove temporary Windows work files that can accumulate and use large amounts of disk space.  The new Kaspersky Cleaner represents an alternative to cCleaner, the Wise Disk Cleaner, and other similar tools, as documented below:

http://www.intowindows.com/kaspersky-cleaner-free-for-windows-10/

Kaspersky Cleaner is a free software from Kaspersky Lab to clean your PC. More precisely, Kaspersky Cleaner helps remove junk files from your Windows 10, Windows 8 or Windows 7 operating system and doesn’t deal with viruses, malware or spyware.

Kaspersky Cleaner Features — The free tool allows you clear Recycle Bin contents, temporary files and various logs, restore system settings, and remove activity traces by deleting cookies, logs, and history from your web browser.

Overall, a decent product from Kaspersky Lab. Given that Kaspersky Cleaner is still in Beta phase, we expect the product get additional features in future releases. As of now, CCleaner is probably the best free and safe cleaning utility out there for Windows operating system. However, if you are a fan of Kaspersky Lab products, please visit the following link to download Kaspersky Cleaner for Windows.

Data Breach – IRS confirms up to 700,000 households impacted

The Internal Revenue Service shares an awareness that possbily 700,000 individuals may have been impacted by a data breach last year.  They have spotted some attempts to create false tax returns and are in process of warning additional impacted households.

http://www.nbcnews.com/tech/security/irs-cyberattack-total-more-twice-previously-disclosed-n526846

Cyberattacks on taxpayer accounts affected more people than previously reported, the Internal Revenue Service said Friday. The IRS statement, originally reported by Dow Jones, revealed tax data for about 700,000 households might have been stolen: Specifically, a government review found potential access to about 390,000 more accounts than previously disclosed.

In August, the IRS said that the number of potential victims stood at more than 334,000 — more than twice the initial estimate of more than 100,000.  Additionally, the IRS said there were 295,000 taxpayer transcripts that were targeted, but “access was not successful.” The agency said it will send mailings to affected taxpayers beginning February 29.

Android Security – FEB 2016 update patches 13 vulnerabilities

Earlier this month, Google issued a critical security update which patched 13 vulnerabilities.  Users should update promptly to ensure the best levels of security protection.

http://www.eweek.com/blogs/security-watch/google-patches-13-vulnerabilities-in-february-android-update.html

Google has come out with its second security patch update for Android in 2016, this time patching 13 vulnerabilities in the mobile device operating system. Five of the vulnerabilities are rated by Google as having critical severity.

Of the five critical vulnerabilities patched by Google, two (CVE-2016-0803 and CVE-2016-0804) are remote code execution vulnerabilities in Android’s mediaserver. The Android mediaserver has been the focus of Google security patches ever since the Stagefright flaw was first exposed in July 2015. As was the case in the January Android update, the new mediaserver flaws are not specifically in the libstagefright library, but they are in the same general area of Android’s architecture.

Security Updates – OpenSSL release planned for March 2016

Corporate users should carefully test, pilot, and install these new releases to better protect against critical vulnerabilities discovered and resolved by these updates.

https://isc.sans.edu/forums/diary/OpenSSL+Security+Update+Planned+for+1+March+Release/20775/

https://mta.openssl.org/pipermail/openssl-announce/2016-February/000063.html

The OpenSSL project team will be releasing OpenSSL version 1.0.2g and 1.0.1s on the 1 March 2016 that fixes several high severity vulnerabilities. They are also reminding everyone that version 1.0.1 will end 31st Dec 2016.