You hear about the importance of patching your systems on a regular basis. Occasionally, you hear about people who got a virus because they didn’t patch theirs. What you don’t hear about very often are strong, concerted efforts at hacking into massive amounts of systems… even less often, that it actually worked, and it was Google that fell prey.

“Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks,” Reavey wrote.

You may be asking yourself why a Google employee would be using anything other than Google Chrome as their browser. Smart web companies utilize many different browsers to ensure that their website will display properly to the many different visitors and their different browers.

Many names: Aurora, Google Attack, IE Vulnerability

There are many security vulnerabilities in Internet Explorer. You may have heard of this one referred to as ‘Aurora’, ‘Google Attacks’ and/or the ‘Microsoft IE Vulnerability (MS Advisory 979352)’.

Hydraq is a malware trojan designed to take advantage of this unpatched vulnerability in Internet Explorer. Its purpose is to attack large enterprises and acquire large amounts of intellectual property. According to Symantec’s Security Response website , this trojan opens a back door that allows a remote attacker to perform actions on a compromised computer. Here is a small list of what it can do:

• Adjust token privileges.
• Check status of, control, and end processes and services.
• Download a remote file, save it as %Temp%\mdm.exe, and then execute it.
• Create, modify, and delete registry subkeys.
• Read, write, execute, copy, change attributes, and delete files.
• Shut down and restart the computer.
• Clear all system event logs.

This trojan is different in that you be infected by just visiting a website. It can be a standard looking website – maybe even a blog like this one. Symantec Security Response has already found dozens of websites that include the attack code, and more are surely going to be coming online.

Security firm Websense has published an article with some of the instant messages and email messages that have been making their way around the Internet.

The China Connection

According to a  New York Times article, evidence has been found that Chinese hackers may have had a hand in the exploit code.

“If you look at the code in a debugger you see patterns that jump out at you,” he said. In this case he discovered software code that represented an unusual algorithm, or formula, intended for error-checking transmitted data.

The error-checking code mentioned above has only been published exclusively on Chinese-language websites.

Protect your South Florida Small Business Computer Network

Our advice:  Keep your Windows Operating System, Antivirus and Antispyware programs updated regularly. Don’t open email attachments that seem suspicious. If,  when visiting a website, you receive a pop up message from an anti-virus application that you’ve never heard of and didn’t install yourself, ignore it. It’s probably a virus waiting to happen.

DO THIS NOW: Use Internet Explorer to visit Microsoft Windows Update and apply all critical patches. Even if you are a Firefox or Chrome user, you use Internet Explorer.

If you run a small business with 10 to 150 employees that is based in South Florida (Ft. Lauderdale, Boca Raton, West Palm Beach to Ft. Pierce)  and you are not sure whether or not you are getting these updates, or you are questioning if you have a Antivirus/Antispyware solution, give us a call or drop us a line.  We’re ready to assist you in keeping your business computer network safe and have many plans available.

More information: Microsoft Security Advisory Bulletin MS10-002.

[Update: 1/28/2010] Very good site with current zero-day vulnerabilities and how long they have been in the wild and not patched.

On December 22, 2009, a United States court of appeals ruled that Microsoft must stop selling versions of Microsoft Word (including Microsoft Office suites) that contain certain functionality that was ruled to infringe on a United States patent.

Brief History:

When Microsoft released the Office 2007 product line, they updated the code base to utilize XML as a more efficient and open standard (.docx, .pptx, .xlsx, etc).  However, at the same time, they also embedded certain “Custom XML Markups” that seem to have previously been patented by another person or company.  Therefore, they have to remove the patented code.

What this means:

Any and all licenses for Microsoft Office 2007 and Microsoft Word 2007 that are purchased after January 11, 2010 must use updated media or must be patched.

Reparations:

Thankfully, Microsoft has made this easy for us all by providing a simple update that will be located at the Microsoft Download Center and will be available before January 11, 2010.  We can use this to update current media we possess or will possess (media ordered tomorrow has probably been sitting on shelves in a warehouse for months if not longer).  The other alternative will be to download a new image of the programs (ISOs) from your MSDN, Volume Licensing, or Open License sites.

If you need assistance or have further questions, please comment below.

Latest Bad Email Going Around

I just received an email in my inbox that looks very convincing. However, Microsoft does not send out update notifications via email. Official updates are pushed down to your computer from Microsoft directly.

DO NOT CLICK ON THE LINK.

FROM: noreply@microsoft.com
SUBJECT: Microsoft Outlook Update

Update for Microsoft Outlook / Outlook Express (KB910721)
Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest level of security and stability.

Instructions
• To install Update for Microsoft Outlook / Outlook Express (KB910721) please visit Microsoft Update Center: [BAD ADDRESS]

Quick Details
• File Name: officexp-KB910721-FullFile-ENU.exe
• Version: 1.5
• Date Published: Wed, 21 Oct 2009 20:17:06 -0300
• Language: English
• File Size: 100 KB

System Requirements
• Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista
• This update applies to the following product: Microsoft Outlook / Outlook Express

How to Protect Yourself

• Use common sense.
• Always hover over a link before you click on it in Outlook.
• Delete the message, instead of forwarding it to someone else or replying.
• Ask your network administrator to add this email to the blacklist (although, this is like playing that Whac-a-mole game at Chuck-E-Cheeses).

What’s Really Going On

If you look at the image below, you’ll see that the actual address that it brings you to is NOT microsoft. What it is doing is ‘Phishing‘ for information.

The request seemed like a routine home user workstation setup for one of our clients.  I needed to configure her personal computer and VoIP phone for access to the company network. I would configure a modem and router to setup a home network for the user. After confirming that the home user had all the required equipment I was ready to start.  I attempted to remotely access her computer through Internet Explorer. This is when the problems began.

MrFreeze: New Home Page

The user said her Internet Explorer home page had recently changed to “MyFreeze.com”, and she hadn’t changed it. At the time, I didn’t think it was a problem. I figured a family member might have changed it, in that it was a personal home computer.

My attempts to  access the computer were blocked, and the errors were not normal.  Now, I started to wonder about the “MyFreeze.com” site. I did a quick search and found ”MyFreeze.com” to be the newest version of a browser hijacker, malware or spyware.  A well-known version is “CoolWebSearch (CWS)” or “Morwill Search”.

Browser Hijacker: Malware or Spyware

A very good definition of a “browser hijacker” comes from Wikipedia. It is “a form of malware or spyware that replaces the existing internet browser home page , error page, or search page with its own. These are generally used to force hits to a particular website and allow the collection of information from the hijacked computer.”

Having to remove this hijacker remotely with the help of an end user with minimal technical computer knowledge made troubleshooting extremely difficult. I asked the user a few questions. Were there any anti-virus programs on the computer? “I don’t know.” How old is the computer? “Three years.”  When was the last time computer was serviced or had a virus scan? “I don’t think it has every been serviced or had a virus scan before.”

MyFreeze Removal Difficult

I was faced with a browser hijacker active on the computer, and I needed to use the browser to configure a modem and router.  Without antivirus programs or a special tool called CWShredder, created to specifically remove hijacker malware, removal becomes very technical. It requires accessing the Windows Registry for total removal, and I didn’t feel comfortable enough with this user to access the registry.

A lesson learned here…  before attempting to work remotely on a personal computer, make sure there is an antivirus or antispyware program installed on the computer and make sure the user has run the program before remote support begins.

Remote Computer Support, Miami to Jupiter

Don’t waste an entire day trying to remove spyware or a virus. Many times, if you don’t know what you’re doing, you could cause collateral damage beyond the initial infection. Call DedicatedIT today, 561-491-5725, for all your computer support needs.

Business is heavily dependent on its computer systems. You need over 99% uptime guarantees from your IT Department.

This is a major undertaking for any team, especially with good people being hard to find — or, at least in today’s economy, hard to afford. Most IT staffs implement a monitoring system of some sort or need to for that uptime guarantee to be even close.

Even with monitoring being your first line of defense against failures, proactive monitoring and remediation is time-consuming and requires specialized resources on your teams.

Network Monitoring Software, Systems and Tools

Do-It-Yourself vs. Managed Services Providers

In days past, I would have told you to find a best of breed product and just do it yourself. It may cost you less in the long term, it may not. At least you have complete control of the environment. It takes a working knowledge of advanced networking and management along with a team to stay on top of issues. Knowing full well that teams cost the most out of any budget, these days you just can’t afford to sustain that many high-end personnel.

This being the case, working here at DedicatedIT, I know more about the ROI of out-sourcing the management and monitoring of your systems and can say with complete confidence, this is the way to go. It brings with it the systems, tools, team and knowledge to handle any situation you may find yourself in. It allows you to focus on your business and not worry about the ‘oh crap our backup was not working for the past six months and I need to get that email the CFO deleted yesterday that will make or break a $100,000 deal’.

It allows you the comfort to know that you can go on vacation and your users are in good hands that don’t need to be held on a daily basis. It allows you to finally take the IT budget from that blood red splotch on the GL to a friendlier shade of black as you don’t consume HR with insurances and payroll taxes. Basically, you get the peace of mind that only a top rated IT team with project specialists and top level support engineers can provide. Keep this in mind while making your decisions.

Open Source vs. Proprietary Software

While we all love open source systems. I have found that specialized applications for network monitoring always come with more functionality or, at the very least, less headache in setup and support. I’ll give you a few at the bottom of this post.

Client Application vs. Web Based

We all hate that dreaded 3am call, “the server is down”, from a user who never works that late but what they are doing tonight happens to be critical.

You got the call because your first level technician was sick and being the responsible IT manager that you are, all calls end up at your cell phone even though you are actually across the country on vacation. Now, I know that I don’t always have the ability to get my laptop online and sometimes need to use someone else’s access.

If you utilize a client based monitoring/management system, you rely on getting to that application before you can do thing 1. However, even if the client based application looks pretty, a web based application is more reliable. All of our management systems have a web based interface which can be logged into securely from any location that has internet access. This has saved me in the past and I’m sure it will do the same for you.

Monitoring the Internet

The Internet is a vast network that no one can truly monitor it all. What can be monitored, however, is the use of the internet by your users. When it comes to your company’s internet usage or bandwidth monitoring tools, DedicatedIT has selected a few elite vendor’s products. I personally don’t believe in the ‘one size fits all mentality’ and have seen first hand that no single product fits all clients’ needs.

Free Monitoring Tools

At the bottom of this post, I’ll give you a list of a few cool free tools. Please remember that tools alone can only do so much. To truly get that 99% uptime, you will need a team to back those tools and systems… that is where we come in (see… THE SECRET).

Free Monitoring Services

When I was a kid, I was always taught that ‘nothing in life is free’. This is not always true. I have provided you a list of some free stuff to prove it. So after years of experience I have refined that to ‘nothing worth anything in life is free’ which brings me to our secret I mentioned earlier:

*THE SECRET*

We take our network monitoring, server monitoring and proactive remediation services seriously which is why we provide you with a 30-day, money-back satisfaction guarantee. Learn more about our basic 24×7 Remote Monitoring and full Proactive Network Management.

Open Source Monitoring Systems:

Free Monitoring Tools:

Plug-and-Play and Wizards Make Most Things Easier

Over the years, computer technology, software and networks have become more user friendly… more intuitive, more robust and just easier for people to use. Overall, this is a very good thing for most computer users. For example, before USB, you’d have to know about IRQs, memory addresses and other low-level things in order to make any new device work on your computer. Want a new hard drive installed, now? Just plug it into the USB port, and you’re off to the races.

Even program installations and configuration have become much simpler. Last night, I started the download for the free version of AVG for a friend and didn’t want to wait for it to complete. My friend asked, “what do I need to do to get this done?”.

The answer was “next, next, next, finish”.

Until There are Problems

Unfortunately, making things that simple can be a bit of a double edged sword – especially if/when something does go wrong or breaks. Because people are no longer required to understand what IRQs, memory addresess, drivers and directory paths are, it makes it very difficult for them to troubleshoot their problems on their own.

• Why is my Outlook not connecting all of a sudden?
• Why is my network drive telling me I don’t have rights anymore?
• Why is my display different today?
• How come the letter on my external hard drive is different today?

Unless you grew up in the days of DOS and hardware-level settings, you probably don’t know where to start with these issues.

“HELP! My Outlook Data is Gone.”

A perfect example of this is the case of a client who “lost all of her email” just a few weeks ago. This client utilizes her Microsoft Office applications within a Citrix environment. As most people who manage Citrix environments know, profiles (user personal settings) don’t always load properly. This morning was no different for this particular client.

In an attempt to correct the problem herself, she reset her Outlook archive to a local archive. Then, after completing an archive of her email, she logged out of Citrix.

Naturally, her local archive file did not return, because she was using a temporary user profile. This prompted the EMERGENCY call into our helpdesk, and I began to untangle the mess.

It took quite a bit of time to restore her email without going to the backup from the previous night, which would have cost her day’s email correspondence.

We Know You Were Just Trying To Help, But….

There’s old adage that says a little knowledge is a dangerous thing. Just as a precaution, be sure that you truly know the consequences of what you are doing. The above client could have saved both of us about an hour, if she had just picked up the phone and called her helpdesk at the first sign of “strangeness”.

If you ever have questions about your system PLEASE contact us. We’re here to help.

Existing customers click here to get super fast, insanely great network support.

If you are shopping for a new network support company, please take a look at our network support plans.

AntiVirus 2009 Virus Getting Harder to Clean

I’ve just completed the cleanup of another client’s computer that was attacked by one of the latest insidious Trojan/Scareware versions of AntiVirus 2009. This is the fourth client who has had this attack in the last few weeks. Each of these users is a remote user on a home PC, and each instance seems to be getting more and more difficult to get rid of. (I guess that this just proves that the bad guys are committed to their craft. They are working hard to stay ahead of the good guys.) This time it took me a good 3 hours to completely eradicate the virus.

Social Hacking at its Best

The first question I was asked each time was, “How did this happen?” These clients were simply surfing the web and checking out their favorite web sites when, suddenly there is this frightening Pop-Up message… “Warning! Spyware detected on your computer!”

The majority of computer users are scared silly (which is the objective, of course), and they immediately succumb to the temptation to click on the button provided, hoping that this will stop whatever has taken over their session.

This is when the real trouble begins. The message is fake, and they aren’t really infected… yet. Once they click on the message, however, a Pandora’s Box will open and all sorts of really nasty stuff is released into all sorts of nooks and crannies within their system.

Don’t Give them Money!

To make matters worse, by clicking the ad, a “registration” screen presents itself . Once victims click on that, they are taken to a web site where the crooks try to sell an anti-spyware solution. This “solution” does nothing, and potentialy can do even more damage to the computer. If average PC users have gotten this far, they are at the point where they whip out their credit cards and pay the fee (anywhere from $29.95 to maybe $69.95) for the proposed, but useless, “solution”.

Even worse is the fact that thieves, who set up this type of scam, now have access to the user’s credit card or banking information. There is the potential for the scammers to empty bank accounts or max out the credit cards. Even worse,  they can use the information for full identity theft scams.

Keep an Eye Out for These Scams

The only defense against these scams are knowledge, research and being aware that these scams exist. Following, is a short list of some of the worst of these scams:
•    AntiVirus 2008/2009/2010:  These look like anti-virus ads,  but will completely infect a system and hijack your browser.
•    AntiVirus Plus:  This one looks like a Microsoft Security Center page to make the user think that this is an update or Microsoft generated/approved piece of software.
•    AntispywareXP 2009 or XPAntispyware 2009:  This one continually generates false alerts and scan results that will overload your system and slow it down. The effect worsens very quickly as it digs deeper into your system.
•    WinDefender 2009:  This program looks like a legitimate spyware program and will always find malware on the system. Unfortunately, everything it finds is bogus and is merely an attempt to frighten the victim enough to get him to buy the software.
•    AntiVirus Sentry:  This virus often downloads itself without any click by the user.
•    Security 2009 and ProAntispyware 2009:  These packages even advertise themselves on the web as a legitimate applications.
•    RapidAntiVirus:  This package is one of the most overtly malicious. When it runs on your system, it identifies legitimate system files as malware convincing the user to remove the files, which results in a complete crash of your PC.

The Bottom Line

The bottom line is this. Cleanup has taken hours of my time and caused lost productivity for my clients. In addition, they have had to pay for the hours, or have had the time deducted from their available support hours, for something very avoidable. Be careful where you surf and what you click.

While much of this information comes from personal experience working to cleanup client computers, some of it has been culled from research on the web, including Computer World and Download.com.