Fake Groupon discount emails carry malware

Cybercriminals have spammed out malware, attached to emails claiming to be related to discounts for offers on Groupon.

The emails, which have the poorly spelt subject line of “Groupon discount gifts” (in itself something which should ring alarm bells), pretend to come from Groupon, and claim that one of your friends has found a deal on the website.

The website says that your friend has decided to share the deal with you, and that you are receiving a discount code as a result.

groupon

Part of the email reads:
Hi there!
You’re going to love it
We are glad to inform you that one of your friends has found a great deal on Groupon.com!
And even shared it with you!
Yeah! Now Groupon.com gives an opportunity to share a discount gift with a friend!
Enjoy your discount gift in the attachement and share it with one of your friend as well.
All the details in the file attached. be in a hurry this weekend special is due in 2 days!

Websites offering money-saving coupons and promos for online users are prevalent. As such, cybercriminals take advantage of this as seen in the spam run that spoofed Groupon. The spammed message bore the subject, Groupon dicount gifts and offers bogus discounts. It has a .ZIP file attachment. However, instead of coupons, the attachment contains a malicious .EXE file.

groupon

As a last word, be safe and verify the offers, we strongly advised to be wary in opening email messages with too good to be true offers. Go directly to the organization’s website to verify if the said offers are legitimate.

Malware attack spread as email from your office’s HP scanner

For those on our Security Alert and Update list we just emailed an article by Graham Cluley on how a malware attack spread as email from your office’s HP scanner, yes that’s right a scanner!

In these high-tech times, scanners and photocopiers aren’t just dumb machines sitting in the corner of the office.  They are usually connected to the corporate network, and – in some cases – can even email you at your desk to save you having to wear out your shoe leather.

And it’s precisely this functionality that we have seen cybercriminals exploiting today, pretending that their malicious emails in fact come from an HP scanner inside your organization.
Here’s a typical example of the emails we have been intercepting:

hpscanjet

Subject: Re: Scan from a Hewlett-Packard ScanJet 4952740
Message body:
Attached document was scanned and sent to you using a Hewlett-Packard I-56919SL.
SENT BY: SHERRIL
PAGES: 7
FILETYPE: .DOC [Word2003 File]
As you’ll see in the next example, the precise wording (the names and numbers used) can vary from email to email. But each of the emails has the same file attached – HP_Document.zip.

hpscanjet

So, what’s in the ZIP file?
hp_page-1-19_24.07.2012.exe
Clearly that’s not a scanned-in image – it’s executable code.
In fact, it’s a Trojan horse called Troj/Agent-XDD, capable of infecting your Windows PC and putting your computer data at risk.
Here’s a list of some of the different subject lines we saw in this spammed-out malware campaign, in the just the course of a few seconds:

hpscanjet

We’ve seen malware spread as scans from HP devices in the past, but there has been a notable wave of malicious code spammed out using the disguise today – so be on your guard.

If you are one of the many people seeing this malware attack in your email today, please do not click on the attachment even if you are waiting for a scanned-in document to be sent to you. Instead, simply delete the email and your computer will be safe.

Symantec Update Causes Some XP Systems to BSOD

Security firm Symantec released malware signature updates for it antivirus software that caused some Windows XP machines to crash into a Blue Screen Of Death — BSOD.

The update was sent out to users of Symantec’s security products over about an eight hour period between July 11th and 12th.  “The root cause of the issue,” writes Symantec’s Orla Cox, “was an incompatibility due to a three way interaction between some third party software that implements a file system driver using kernel stack based file objects – typical of encryption drivers, the SONAR signature and the Windows XP Cache manager. The SONAR signature update caused new file operations that create the conflict and led to the system crash”.
SONAR stands for “Symantec Online Network for Advanced Response” and is technology that is used to identify potentially malicious behavior exhibited by software.  According to Symantec, the problem the following products:

  • Symantec Endpoint Protection Small Business Edition (SEP SBE) 12.1
  • Symantec Endpoint Protection (SEP) 12.1
  • Symantec Endpoint Protection.cloud (SEP.cloud).
  • Norton 2010, 2011, or 2012 consumer security product
  • Norton 360 versions 4, 5 6

 

The “certain third-party software” have been identified by Symantec to include the following products:

  • Novell ZenWorks
  • PGP Whole Disk Encryption
  • Sophos LanCrypt
  • SlySoft Virtual CloneDrive

For systems that refuse to run following the installation of this update Symantec has published a workaround to help get people’s XP machines back up and running.  Most of the time, antivirus programs protect us from hassles, but this is one in a long line of examples where faulty signature updates can render a PC inoperable.  Over the years almost every major antivirus vendor has shipped dodgy updates that have caused problems on the PC they end up being installed on.

The worst passwords you could ever choose

For those on our Security Alert and Update list we just emailed this great article by Graham Cluley on the worst possible passwords you could ever choose. Many of you know this is something we preach to our clients on a regular basis and is part of our comprehensive 4E Program.

Too many internet users are making poor decisions when choosing their passwords. We’ve spoken time and time again about the importance of choosing hard-to-crack, unguessable, unique passwords that (provided the website you are using looks after its databases properly) will make life very difficult for password crackers. And yet, people continue to use passwords that are – quite frankly – dumb, and then compound the problem by using the same simple password in multiple places.

Scandinavian security blogger Anders Nilsson spent a little time with the Pipal password analyzing tool, running it against the 450,000 plaintext passwords snatched by hackers from Yahoo Voices.

worst passwords

And what he found doesn’t inspire much confidence that users are getting the message about password security.

Repeat after me. A password of ‘password’ isn’t actually a password.

And neither is “123456” or “welcome” or “qwerty” going to prove anything of a challenge to a hacker.
The fact is that every time password lists are stolen and published on the internet, hackers add them to their own databases for their password crackers to try next time they want to break into an account or crack a hashed password.
Your passwords need to be unique, and hard-to-crack. That means not using dictionary words anymore, and not imagining that no-one else in the world has thought of “qwertyuiop” or “password1234”.

The typical response from the average internet user is “But how will I remember all these different, complicated passwords?”  Simple. Use a decent password management program. There are a few to choose from, and some of them are even free. Software like 1Password, KeePass and LastPass can remember all your different passwords on your behalf, store them securely, and even generate complicated passwords for the next website you join.

Clearly the responsibility isn’t all in the court of the user, however. Not only should websites take greater care about securing users’ information (for instance, not storing passwords in plain-text or as unsalted hashes), but they could also do more to ensure that users choose trickier passwords.
I’d like to see more websites check the passwords chosen by their new users, by running them against a database of commonly used passwords and a dictionary.

If the password users enter is too common, or an obvious sequence, or doesn’t obey sensible password rules about complexity or length, then it should be rejected and the user told to try again. When websites tell you to change your password following a security breach, they should also tell you to choose a hard-to-crack, unique password. Otherwise, what’s to stop the new password being “abcdefg”?

It would be a safer world if websites policed the passwords that are submitted by users, and weak choices thrown out.
And it’s not just users who need to have strong passwords. The website’s staff need to have sensible, hard-to-crack passwords as well.

In early 2009, for instance, a hacker was able to break into Twitter accounts belonging to celebrities because he had broken into Twitter’s administrator’s console.

How did the hacker manage that?
The Twitter employee was using a password of “Happiness”.

Here’s a YouTube video I made a while back showing how to choose a hard-to-crack but easy-to-remember password. It also explains how password management software programs like 1Password, KeePass and LastPass can help you remember all your different passwords.

If you already know this about passwords – great! But be a good Samaritan, and share the advice with your family and friends.
We need to get everyone to understand the importance of better password security.
Yes, even the “princesses” and “ninjas”.

The BYOD – Trend Continues to Grow

Like it or not, the line between the workplace and the home is blurring. Work-at-home arrangements are becoming more common and cloud services make it easier to coordinate teams online. People are constantly on call, with the ability to check their emails and stay in touch wherever they are. The days of having a personal mobile and a work device are fast disappearing as the BYOD (Bring Your Own Device) trend continues to grow.

A recent SkyDox survey survey found that 77 percent of information workers use their personal smartphones or tablets for work. A whopping 88 percent report that they need the ability to access work related documents outside the office. Allowing employees to use their own mobile devices for work can prove to be a real boost for productivity and it can also save companies a lot of money.

The downside to the BYOD movement is the difficulty of maintaining security. How do IT departments provide easy access to documents and files for a host of different devices and still ensure that sensitive material remains safe and workplace systems are not exposed to dangerous threats? How do they cope with lost or stolen devices? How can they safeguard company servers?

There is a clear need for the enterprise to establish a set of guidelines for the BYOD trend but it’s not clear how much control employees will accept when they are using their own devices. If a worker is issued with a company smartphone or tablet, then they are unlikely to question the company policy with regards to installing other applications or personal use of the device. When the device belongs to them they will obviously expect to be able to use it any way they like and to be able to install whatever they choose.

Security concerns have been serious enough that a Cisco survey found that 48 percent of companies would not authorize BYOD. The problem is that “57 percent agreed that some employees use personal devices without consent.”

Even if you don’t condone BYOD in the workplace you should still have a security policy in place. The risk of employees connecting to your networks and accessing sensitive materials is there and a draconian crackdown on personal devices is not going to be well received.

The good news is that you can circumvent the threat by allocating the right resources in your IT department. Ensuring security and providing support for a multitude of devices is going to represent a hefty cost but you can offset by embracing the BYOD trend because you’ll no longer have to buy the hardware.

Protecting your sensitive data has to be the key aim and so you’ll need to monitor the flow of data in and out. You also need a policy for when employees leave because they’ll be taking the device with them. The ability to remotely wipe data is supported on all platforms with the right apps so it’s simply a matter of arming your IT staff with the right tools.

There are a lot of different ways to approach the problem. Combine a sensible approach to monitoring and support with some education on risks for your staff and you can reduce the impact on your business dramatically. You may also consider mobile application management which focuses on securing the app or the data regardless of the device. This approach makes a lot of sense in the face of an increasingly mobile workforce.

The BYOD trend is universal and it represents a threat for businesses of all sizes. Since there is no wonder pill guaranteed to alleviate this headache each company should assess the risks and decide on a strategy that works for them. By embracing the movement and preempting any problems you can increase employee productivity and job satisfaction. The key thing is to act because failing to spend a little time and effort on this now could cost you a great deal further down the line.

In brief, some best practices might entail:

· Answer what happens to data when employee leaves?
· Deploy centralized remote wipe of data from devices
· Centralized storage options
· Deploy data leakage prevention
· Monitor use of BYOD
· Educate users to the inherent risks

This blog post also appeared in Mass High Tech