Tuesday, July 28, 2015

Be Mindful of Which E-mails You Open

Dyre -- a dangerous financial trojan -- has been infecting thousands of banking customers worldwide. The virus is hidden in an e-mail usually disguised as business documents, voicemail or fax messages. Recipients are invited to click on an attachment which directs the user to a malicious website and downloads the virus.

The attacks began one year ago and have been continuing to grow in numbers. Symantec Security Response posted a graph this past June showing the numbers of virus detentions over time.

The most dangerous aspect of this virus is its ability to steal credentials not only from the banking company, but from any site a victim visits. According to Symantec.com, "Dyre is capable of using several different types of man-in-the-browser (MITB) attacks against the victim’s web browser to steal credentials.

One attack redirects the victim to a fake website that looks similar to its genuine counterpart. This fake website will harvest the victim’s credentials before redirecting back to the genuine website. Another attack allows Dyre to alter the way legitimate websites are displayed in the browser window by adding malicious code to it to steal the victim’s login credentials. In some scenarios, Dyre may also display an additional fake page informing the victim that their computer has not been recognized and that additional credentials need to be provided to verify their identity, such as their date of birth, PIN code, and credit card details.

Scomage encourages all our clients and their families to be careful when it comes to e-mail. Stay educated and never open an attachment from an unfamiliar e-mail address.

Tuesday, July 21, 2015

Office Macros are Back

Microsoft Office macros are back as reliable way to spread viruses and malware. This works by inserting a malicious macro into an otherwise normal looking document. This could be a Word document, Excel spreadsheet or PowerPoint presentation.

Take a look at the email we received the other day.  I'm sure Bedoes is a fine Georgia restaurant, but they are not immune from hacking and viruses. Neither are any of your typical vendors, so just assume this came from someone you do business with on a regular basis.

The attached spreadsheet looks innocent enough and even pertains to the subject of the message. If you try to open it with a modern version of Excel (Office 2010 of later), you will receive a warning about the macro, but it does not prevent you from running it.  If you have certain versions of Office or clones (Open Office, Libre Office, etc), you may not get a warning at all and could be immediately infected.

If you receive an attachment of any type--even from someone you know-- be very, very cautious about opening it.  If unsure, it is always best to call the sender to confirm.