The BLACKHOLE is a version of an exploit kit. Exploit kits are a means for the perpertartors to install their malicious software on other’s computers. There are hidden security loopholes within the software that allow the intended malware to seep through and infect. The market for these Blackhole kits is growing. The writers and designers of the kits are not the ones doing the distribution. They just create and market the kits just like Microsoft does with their software. Similar to traditional forms of software our customers are familiar with, purchasers of these kits buy licenses for periods of time with them, including access to updates within the exploit kit software, and even upgrades that will allow the user to get around anti-malware software. The owners of the kits then distribute them. Blackhole threats are becoming so common that they have been estimated to account for almost 30% of all detected malware threats.

So how does Blackhole work?  Users must first have their web page directed to an exploit site. This can be achieved by several means.

Legitimate websites can be compromised by malicious code. When a user visits that page, the code will load from the site. Links to these pages are often spread through emails or twitter with enticing messages getting users to visit the sites

Spam, although much touted for its dangers, is still used and successful in its means of spreading links and attachments via email that tricks users into clicking on links. In regards to Blackhole, the links redirect to the Blackhole site

Landing Pages, used to control and direct user traffic in organizations, can also be compromised with the code of Blackhole

The code mentioned is usually of the JavaScript variety, making it easy to obscure aggressive malicious code. The written code is then encoded to hopefully evade detection by anti-virus and anti-malware software.

Beyond being aware of these threats, our users can take certain steps to prevent them. Spam Filters in email can often intercept the malicious threat through detecting the Javascript content. Web Filters can serve to scan page content and block access to sites with the infected JavaScript. Beware that basic web filters that filter based on site reputation will not be sufficient to block Blackhole attempts. Users can also Patch their operating systems to provide extra defense. Since Flash, Adobe and Java are vulnerable, applying automatic updates to protect these applications can be useful.

ZERO ACCESS rootkits are distributed by exploit kits, similar to the Blackhole, but commonly attack ad servers. The malware can be spread very quickly if the ad appears on high volume sites. SEO rankings increase traffic to these sites, therefore putting more users are risk. There is no action needed from the user other than to merely access the site to be infected.  Zero Access often also uses social media as its primary form for infection. They lure users into running an executable file that contains the rootkit code. This could be for a game, or a copyright protection bypassing tool for example. The files are actually trojanized, but the filenames is designed to trick the user into loading and running them.

ZeroAccess attacks computers via a “dropper” that installs the components of the malware on the computer. These droppers are designed to make it past anti-malware, similar to how the Blackhole is able to. However, Zero Access can also have success in being able to bait security programs into changing access permissions on one’s computer, or even terminating the running process completely until the Rootkit is installed. The droppers are so sophisticated that they will even be able to detect whether the OS is a 64-bit or 32-bit and install malware specific to the version installed.

Once installed, Zero Access causes the computer to communicate with other infected Zero Access computers. Further downloads and malicious files are then released. The initial list of ‘peers’ the infected computer communicates with is a list of 256 IP addresses of previous infected computers. The infected computer will attempt to contact each of these, and once a connection is successful with another infected computer, further malicious commands are executed onto both machines.

We encourage our users to increase their protection by installing an anti-rootkit took. These will be able to detect changed in the system and do a cleanup from there. But they need to be closely monitored to ensure the removal is completed in entirety.  Monitoring logs for errors on the network can also be useful, if monitored regularly. For example, an increase in failure reports could indicate Zero Access attempted to disable security products.  Lastly, firewalls that interrupt peer-to-peer communication can be helpful in circumventing communication of botnets like ZeroAccess

These exploit kits threats are real and increasing in the success of infecting users. If you would like further information on how to protect either your personal computer, or business network structure, please contact us to 505-954-4400.

The post The Threats of Blackhole and ZeroAccess appeared first on ECS | Computer & IT Services.

Our team of experienced techs can assist you in upgrading your equipment, implementing or upgrading a backup system, upgrading your network or server, enhancing your security, implementing a Voice Over IP Phone system, as well as provide consulting and solutions for other IT needs your business may have.

We are extending a 10% Discount for any project booked prior to December 1st and scheduled for completion from Jan 1st-March 31st 2013.

Contact us today at 505-954-4400 to discuss your project or upgrade needs and how we can help implement those so you start 2013 with technology solutions that will carry your business successfully through the new year.

The post 10% Winter Project/Upgrade Discount for Our Business Customers appeared first on ECS | Computer & IT Services.

First there are Viruses. These are spread, similar to how viruses are spread from a person to another. There is a carrying agent (one program or file) that she passed along to another. They are often spread over a network, or through removable disks.  They also can be spread through file attachments that are activated upon the opening of the file by the user.

Secondly are Worms, which affect users without them doing anything, for they spread on their own. Similar to earthworms, which replicate themselves often in great numbers on one’s property, computer worms can copy themselves by the hundreds on your system. They can slow your network, crash your system, or bring your computer to a halt.

Trojans are yet a third classification of malware. Fully named Trojan Horse, this type of malware is actually a malicious program that guises itself as safe software to the user. Therefore, these are infectious usually by user download, and/or installed in conjunction with another safe program. Unlike viruses, Trojans do not infect other files, and unlike worms, they don’t replicate. But Trojans can cause disaster to a user – they are known for stealing passwords, account numbers, user data. Known as Backdoor Trojans, some have the ability to gain access to and control your computer completely

There is also a subgroup of Trojans known as Spyware. This is malicious software that collects all your personal information stored on your computer and electronically submits it to the one who distributed the Trojan. This can range from obtaining your passwords to websites you visit to recoding every single keystroke you make. Most dangerous in this is the risk that one is recoding your strokes as you do banking, business or other financial transactions. Spyware significantly slows down a system, so would be a user’s first warning sign of a Trojan infestation.

Most users are at least familiar with the terms Virus, Worms and Trojans, enough to know they are dangerous. We hope that the above descriptions increase awareness of the variations in threat. But there are also other less common types of malware that we also wish to highlight.

There is a new type of software that has embedded malicious advertising, called Adware. These types of programs are typically free and it’s the advertising that pays for the malware developer’s time and work. Some types of adware are designed to track web usage and targets users for advertising tailored to their interests and lifestyle.

Similar to being held captive by a robber, there is a type of Malware called Ransomware. This program essentially takes your computer and your files hostage. It prevents users from accessing their OS, and has the ability to encrypt all the files stored. A variation of this type of malware is Blackmailware, which threatens to alert police if the user has certain types of files stored on their computer.

Unauthorized persons can also take over your computer through Rootkits. These malware programs will hide themselves, which the author runs code on your computer, makes changes and takes administrative ownership. Often rootkits are hidden in the boot sector of the disk.

When infected with Bot Software, computers turn into almost ‘zombies’. They become a member of what is called the botnet, controlled by the botmaster. The zombies that attack the computer do so via sending spam or attacking the network without the owner knowing.

All of the above are important types of malware for users to be aware of. Since technology evolves every day, this is by no means an exhaustive list. It is important that users keep their computers updated with the most current security patches designed to fill in the gaps that malware creates. Most security patches can be downloaded by the user. You can also call and schedule an in-shop System Optimization and let our techs increase the safety of your computer.  Be sure to also install and keep current strong antivirus  software. And most important – be safe when computing. Don’t open attachments from sources you don’t know, don’t click on links without careful examination, and don’t install software until you do full research beforehand.  We will be more than happy to assist via phone consulting customers that need more assistance with any of these recommendations. Please call us at 505-954-4400

The post Sort of Like WebMd for Computers –Let us Help you Understand Viruses! appeared first on ECS | Computer & IT Services.

This event is an opportunity for us to remind our customers of the importance of mobile device encryption. While one can take safeguards like not leaving such devices in locked cars, the additional safety provided by encryption ensures that if you are a victim, your personal data is unlikely to be compromised in the hands  of a thief. Yes, encryption presents some inconveniences in regards to the ease of which one can access their data on their mobile devices, but a wise consumer will consider our modern reality. Mobile devices remain with us a good majority of our days. Of our hours spent during the day, our focus is not primarily devoted to ensuring those devices are always within eyesight.  In fact…how many of you have gotten in your car and couldn’t find your cell phone?  One panics, considering all the possible places throughout the day it could have been left.  And smart phones often contain just as much data these days as some personal computers due. Encryption is a way of cloaking data from being viewed or used by anyone who does not have a password to open the data. It makes it unreadable to anyone not authorized and is important for anyone who transmits data over the internet or secures personal information in saved files. Encryption essentially is a formulated way of scrambling all this information to make it unreadable to anyone other than yourself or those you authorize.

There are various encryption options and software available . We recommend both Axcrypt and Trucrypt as great free resources for our home or some small business users, and Sophos offers an Enterprise Encryption product for larger organizations that need mandatory encryption.

If you are interested in scheduling a consult on these options, or for us to install and implement encryption on any of your devices, please call us at 505-954-4400

The post Advising Our Customers to Encrypt Their Mobile Devices appeared first on ECS | Computer & IT Services.

Better-Passwords-Dont-Make-Us-Secure-Best-Practices-Advice

Accrediation: www.infosecisland.com

The post Great Tips on the Illusion that Passwords Alone are Enough appeared first on ECS | Computer & IT Services.

Email phishing scams from unknown, untrusted sources, have been so publicized that most users know how to spot and abort them before information violation occurs. But this new Spear Phishing employs tactics that make it more likely the user will fall victim. They appear to come not only from a trusted source, but often from someone in your own company, a superior in many cases, or from a close relative. The subject line often will be one of relevance to either current projects of developments within the company, or may be related to family history.  The violation occurs when the user opens the emails, clicks on the link attached and then receives notification that they trojans or malware have been downloaded.

We train our customers to only open emails and attachments from trusted sources, ones they are certain are legitimate. Spear phishing has success in manipulating users into releasing confidential information for 3 reasons:

-The source appears to the user to be known, trusted, and one that the user has frequent correspondence with

-The verbiage used in the subject reinforces the validity that the source is legitimate

-The information requested seems to make reasonable sense to the user considering the ‘source’

An example of spear phishing would be an email that appears to come from a specified and known network or IT person within your company. It prompts you to login with your employee name and password. Upon doing so, malware is downloaded.  More threatening is that it only takes one employee to fall victim to an attempt like this. As once the perpetrator has the user name and password of that employee, s/he can then access great amounts of company data using that access.

To protect yourself against such scams, if you are not expecting an emailed request for specific information, do NOT respond or act without first contacting the ‘sender’ by telephone and verifying that the email is legitimate. You may also check if you can see the origin of the email either in the “from” or “reply to” headers. If an address is shown that is not an address used within your company or that is not associated with the name of the person ‘supposedly’ as the sender, then its most likely a scam. Do not just delete these emails. Report them immediately to your IT dept or your contacts for computer support needs.

The post Don’t Get Caught by Spear Phishing appeared first on ECS | Computer & IT Services.

Free Security Awareness Presentation from ECS-Adobe Version

Free Security Awareness Presentation from ECS-Powerpoint

The post Presenting Hints on Computer Security appeared first on ECS | Computer & IT Services.

Malware spread onto a user’s MAC often happens without them even being aware, most commonly through USB drives, email attachments, internet downloads, and even silent installation. The user in most instances isn’t even aware their computer security has been breached . And even though the majority of the Malware discovered was intended for Windows, we stress again that these malware have the potential to spread and cause other problems in MACs.  And Mac users are a new likely target as they less frequently take the steps to install anti-virus software. The days of MACS being immune to malware have long passed and we encourage our customers to appreciate the severity of these risks and install software to protect their computers. We recommend this FREE ANTI-VIRUS software for MAC users to install. We also encourage our MAC customers to make sure their anti-virus once installed is current, including remaining up-to-date on security patches. And while it may seem obvious, its worth reiterating to be cautious when installing programs onto your computer, or opening email attachment links.  Just because you own a MAC, you are not immune!

The post MACS can have Malware too! appeared first on ECS | Computer & IT Services.

At ECS, we strive to satisfy each one of our customer computer and IT service needs. Its great to receive feedback that we are doing our jobs well. Here are some of the things are recent customers are saying about us!  Please click on Comment and leave your own thoughts on your experience with ECS.

“I have never had anything but great service from ECS. Kyle dealt with all my issues amongst my network and now I am up and running better than ever. He was very professional and proficient at his job” -Anna Tindell, Anna Tindell Appraisal Services

“ECS has been wonderful to work with. Asher and Kyle have listened to and understood our company’s unique needs and in turn have been able to get our technology up and running beautifully. ECS has the unique ability to explain what is happening, the course that will need to be taken, and the resulting outcome in a language that is understood by those of us that are not so ‘tech-savvy’ without speaking down to us. We are very fortunate to have ECS as our IT management solution” - Chris Martinez, ACC

“We have found ECS to be very prompt in responding whenever we need help, which is rare, since they do the job correctly the first time. They are dependable and knowledgeable. We highly recommend this company.” -Dr. Robert Bernstein, Regional Endocrinology Associates

“After price comparison shopping, ECS is the only computer repair business in town, prepared with a standard menu price for virus removal, reasonable time estimates, and addresses all my needs with a sincerely welcoming customer service experience. Well Done!” – Christopher Maestas, Chrystalis Salon

“The staff at ECS are very friendly, responsive and knowledgeable. I chose ECS to have repairs done on my laptop because they focused on my concerns, the service was performed as promised and was extremely professional! I would highly recommend ECS to any of my friends and family.” – Jill May, Santa Fe

“ECS was great! I really appreciated the pricing as opposed to the MFG or retail store. I also appreciated your friendliness which isn’t really measurable, but I do think its key to a consumer oriented business. I was very pleased with the work and the excellent customer service was a wonderful bonus. Don’t wish to have problems with my computer, but do look forward to working with ya’ll again. Keep up the good work!. -Mike Adams, Shipping & Receiving Manager-Buffalo Thunder

The post We Appreciate Customer Feedback appeared first on ECS | Computer & IT Services.

Unpatched Java Vulnerability Exploited to Infect Macs With Flashback Malware

The post Flashback Malware Poses Threat to MACs appeared first on ECS | Computer & IT Services.