Sep 202013
Beta bot will disable your antivirus program

Beta Bot “Windows Command Process” message box

Beta Bot masquerades as the “User Account Control” message box, it is also able to perform modifications to a user’s computer. If the pop-up message shown here or a similar prompt appears on your computer and you did not request it or are not making modifications to your system’s configuration, do not authorize “Windows Command Processor” to make any changes.

From the FBI:

The FBI is aware of a new type of malware known as Beta Bot. Cyber criminals use Beta Bot to target financial institutions, e-commerce sites, online payment platforms, and social networking sites to steal sensitive data such as log-in credentials and financial information. Beta Bot blocks computer users’ access to security websites and disables anti-virus programs, leaving computers vulnerable to compromise.

Beta Bot infection vectors include an illegitimate but official looking Microsoft Windows message box named “User Account Control” that requests a user’s permission to allow the “Windows Command Processor” to modify the user’s computer settings. If the user complies with the request, the hackers are able to exfiltrate data from the computer. Beta Bot is also spread via USB thumb drives or online via Skype, where it redirects the user to compromised websites.

Always be careful—and very aware—when allowing modifications to your computer.  Some malware will install itself even if you respond “No” or close the message box.  If in doubt just turn off your computer and call us at 303-290-8888.

 Posted by at 10:34 pm
May 152013

The Bcc field is your friendWhen you send or forward an e-mail to a group of people, please be courteous and use the “Bcc” field instead of the “To” or “Cc” field — unless you specifically want your recipients to know who received the e-mail.

If you are forwarding an e-mail with a list of recipients already on it, please be kind and delete the prior list of recipients.

It is so annoying to receive an e-mail that has a half page of e-mail names and addresses on it, and doubly so when you are using a mobile device with a small screen.

Reasons to use the “Bcc” field:

  1. Common courtesy.  Don’t make your recipients wade through a long list of names and e-mail addresses before they get to your actual message.
  2. Privacy.  Maybe everyone on your list doesn’t want the world to know their e-mail address.
  3. Spam protection: (of sorts).  If one of your recipients has a virus or malware, the entire address list may get automatically spammed.
  4. The (sometimes) dreaded “Reply All” person.  Protects the recipients from a “Reply All” response.

Of course there are valid business reasons as well.  Sometimes you want to include a recipient that the other person doesn’t need to know about (think paper trail).

When you forward an e-mail, you should always do some basic due diligence.  Also—this is really important—please be cognizant of the other person’s time.

Here’s some help in finding and using the Bcc field in Outlook and

Lastly, just in case you are not familiar with the term, Bcc explained (for those of you too young to remember typewriters and carbon paper.)

 Posted by at 12:36 am
Jul 152012

You should temporarily turn off your antivirus software when you are installing new software.  Especially printer software.  If you don’t, you may end up with a corrupt installation.  Sometime it won’t tell you it’s a bad installation, it just won’t work correctly.

Be sure to turn the antivirus software back on when the installation is complete.

And ALWAYS set a password on your antivirus software, something a bit more secure than “password” or the like.  Many types of malware are counting on an easy—or no—password so that they can turn off your antivirus program to escape detection.

Mar 112012

Sometimes all you have to do is open an e-mail and malware is deployed.  Many times clicking a link in a spam message will cause malware to be downloaded to your computer.

You can stay ahead of the curve by checking the message header before you open an e-mail.

Message headers is information that travels with an e-mail and is chock full of information about where an e-mail came from. It doesn’t take long to zero in on the key information.  The Reply To field (if you clicked reply) is often a dead giveaway.  Looking at the routing information is another.

Previous versions of Outlook had a really handy tool to help you look at the message headers by selecting a message, right-clicking, and selecting Options from the contextual dropdown menu.  In Outlook 2010, Message Options are still there, you just have to create a shortcut manually.

Here’s how:

  1. Go to the File Menu
  2. Select Options.  This brings up the Outlook Options dialog box.
  3. Click on the Quick Access Toolbar (that’s where we will put the Message Options icon)
  4. In the Choose Commands From dropdown, select Commands Not in the Ribbon
  5. Scroll down to Message Options and select it
  6. Press the Add button.  Message Options will now appear in the Customize Quick Access Toolbar side.
  7. Click OK.

You will see the new Message Options icon in your Quick Access toolbar that appears at the top of Outlook.

Now you can select a message (but don’t open it!) and then click the Message Options icon to see the message headers.

Analysis of a span header will give you an idea of how to interpret the information.  If you are in the United States and see a domain name with a country extension like .cz (Czech Republic) or .ru (Russia), and the company does not have an office there, chances are very high that this is a nasty malware waiting to happen. 

If you have an Exchange Server-based network, ask us about installing a spam firewall.

Jan 212012

We saw a recent article entitled If you think cybersecurity isn’t a big deal, guess again. The author tells of looking for images of a baseball player, clicking on one—and that’s when the adventure started:

“I started to get a bunch of official-looking pop-ups telling me that my computer was infected with all sorts of nasty viruses. They also told me that all I needed to do in order to mitigate the threat was to click on the button contained in the pop-up window and the anti-virus program — which had a very official-sounding name—would make the crisis disappear.”

“I knew enough not to do that. So what I did instead was close the pop-up. That was a big mistake, as clicking anywhere on the desktop is what actually unleashes the virus.

“This particular virus was particularly nasty, burrowing deep into my operating system and rendering my computer inoperable. It took the IT guy two days just to find where the virus was hiding in my system, and then several hours to get rid of it and fix the damage to my operating system. It was a total pain. “

What should he have done? Power off his computer immediately and call his IT people. Stat.

When infected, many people ask: “Why didn’t my antivirus software stop it?” No antivirus software is 100%; things can and will slip through. Unfortunately, whether you are an individual or a corporation, downtime is costly in terms of both repair and … being down.

Here is the $64,000 question: do you have current backups?  Many times it is a lot less costly just to wipe an infected computer and reinstall the system from scratch—reloading all your software and restoring your data.

But if your data backup is not current and we have to try to salvage the system instead of wiping it, it is not out of the realm of possibility to spend a couple of days trying to rid the system of the virus as described in the scenario above.

Got backup?

 Posted by at 9:43 pm
May 112010

Watch out for those pop-ups and be very careful about the websites you visit.  Despite current patches and anti-virus software, one of our clients got hit with some nasty malware recently.  They did not fully explain, but it could have been accidentally clicking on a pop-up or visiting a website that delivered it unknowingly or deliberately.  Either way, we spent a good bit of time removing it.

The problem is that so many websites deliver ad content dynamically, including pop-ups, and sometimes the servers that deliver that content can be infected either unknowingly or deliberately.  Personally, I run a utility on my computer that blocks all server delivered ad content.  It not only protects me from the drive-by ad content and infection, I find it a lot more pleasurable to view a page with the small word “Advertisement” in place of a big flashing ad. 

The only drawback is that you sometimes receive an error when you click on a “sponsored” link.  That is easily enough bypassed with a management utility or simply copying and pasting the link.

If you are interested in learning more about protecting yourself, please contact us.

Mar 312009

Protecting against this much talked about worm is a multi pronged process.

1.  Make sure your system is fully patched (all of our clients are).

2.  You may want to disable AutoRun.  If you don’t, and you see a selection of Open Folders to View Files Publisher Not Specified do not choose that option.  Disabling AutoRun will not fully protect you against Conficker.

3.  Make sure your antivirus software is completely up to date (again, all of our clients are protected).

4.  Use strong passwords both for any user account and also for any file share in your environment.

A quick way to tell if your computer is infected is to try to access the Web site of a major antivirus vendor, which the worm blocks.

According to Microsoft, computers with the latest security updates, current antivirus software, strong passwords, and secured shares are protected against this worm.