Technology by Design

Technology news, reviews, and how to keep your technology running fast and smooth!

ALERT: Email Attachment “Fax”

by 1 Comment

fax attachment

ALERT:  

Email Attachment “Fax”

CryptoWall 3.0

This email scam is the latest CryptoWall attack that has affected businesses world-wide.

An email is sent, which has an innocent-looking email attachment that claims to be a fax report from your own business or home.

If you receive an email that claims to be a fax report, that seems to come from your own domain/business/home, but the link ends in “.CHM”,

The email attachment link will look similar to the one below:

CryptoWall3.0

 DO NOT OPEN,
and
DO NOT FORWARD.
 
DELETE THE EMAIL IMMEDIATELY!

 

After you delete the email, warn I.T. that the email sits in your “Deleted” items.

If you click on the link to open it, it will download malware, which will lock up all your files,

and potentially all files of everyone else in your business or organization.

The CyberCriminals responsible for this scam, then demand a $500 Bitcoin ransom to get your files back.

This malware is being sent in waves, attacking computers all over the world.

We highly recommend to add “.CHM” files to the list of potentially malicious extensions in your spam filters.

 

Got Computer Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

 

 

Power Surge vs. PC

by Leave a Comment

Power Surge vs. PC - Had a power surge? Here are some things to check.

Power Surge vs. PC – Had a power surge? Here are some things to check.

Power Surge vs PC

 

A power surge is a damaging spike of voltage through the electrical network.

 

If your computer was plugged in and turned on during one, you’re more than likely to see some evidence of damage to your computer.

 

Check and Fix a PC After A Power Surge
  1. First step is to unplug your PC, and the power bar – in that order.
  2. Plug the monitor directly into a power outlet.  If that works you can set it aside, safe in the knowledge that the problem is in the PC itself.
  3. Open the computer tower.  This will likely involve unscrewing some screws at the back.  Consult your PC User Manual if you’re unsure.
  4. If your computer was a power surge victim, and your computer won’t turn on, you’ll need to replace your power supply unit (PSU).
  5. Make sure not to touch any of the equipment inside the case.  Take a look for anything that looks obviously scorched or damaged.  If there is, you’ll need to replace that part.
  6. Close up the case, using all the screws you took out.  If you have any extras, you missed some.

Now, if you got away unscathed, count yourself very lucky.

If you need some parts replaced, call a reliable, qualified computer tech to quote you on the parts & labour.  And consider your hand slapped.

NOW, before your computer receives any more battle scars,
make sure it’s adequately protected.

 

Use a power bar, a surge protector, or a Uninterruptible Power Supply (UPS).

 

To see which is right for you, check out an earlier blog:   Power-Less.

 

Computer Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

 

ALERT: Microsoft Volume Licensing

by Leave a Comment

MS VLSCALERT:  Microsoft Volume Licensing

CyberCriminals are going after the businesses with Microsoft Licensing this time.

 

Corporate users are sent a phishing email that appears to be from “Microsoft Volume Licensing Service Center (VLSC)”, according to researchers with Cisco Managed Threat Defense.

The email looks similar to this:

MS Volume Licensing

 

 

 

 

 

 

 The email has a very personalized welcome line, and asks recipients to click on a link to login to the VLSC.

The link in the email appears to be for a Microsoft website but Martin Nystrom, senior manager for Cisco, points out that hovering over it with the mouse reveals the true URL.

Clicking on the link will result in the authentic VLSC login page opening, but will also trigger a ZIP file to download that recipients may not notice is being delivered from a different website.

The ZIP file contains a Windows Executable with a SCR extension – a screensaver file – and opening it results in the system being infected with “Chanitor”, which is used to download other malware.

Everyone needs to be aware of the security risks (and responsibilities) that come with using a computer these days, and employees need to be educated about security risks, and what to look for.

For some examples of how to identify a fake email, click:  HERE.

 

Got Computer Problems?

Call 1-204-800-3166

For Cyber-Extermination!

 

Sleep vs. ShutDown

by Leave a Comment

Shutdown vs SleepSleep vs. ShutDown?

  In this age of thinking “green” and power-saving, there is a constant debate about whether it’s better for your computer (and the environment, not to mention your bank account) to shutdown your computer, or just let it go into “sleep” mode.
I’m going to put that debate to bed, so to speak.

The argument for shutdown:  You’ll save energy, money, and the environment.

The argument for sleep:  You’ll save energy, wear-and-tear on your computer, and time.

 
Computer Time

 

 

 

 

The ‘Time’ Argument.

 

I run a relatively high-end computer (Computer-Geek, and all that).

Time to Shutdown:  0:16
Time to Boot Up:  1:06

Shutting down is relatively quick, but booting up is painfully slow.  Keep in mind, this is what I refer to as a “true” boot-up time-the time from when I press the power button to when I’m at a usable desktop (where you can actually click on things and get a response).

Time to Go Into Sleep Mode:  0:18
Time to Fully Wake:  0:02

The time it takes to go into sleep mode is comparable to shutting down my computer.  However, the time it takes to wake my computer to be fully functional is almost instantaneous.  Not to mention the convenience of waking my computer merely by tapping the keyboard, or moving the mouse.

Money saving

 

 

 

 

The ‘Power/Energy/Money-Saving’ Argument:

As long as your system BIOS supports the S3 ACPI (Advanced Configuration and Power Interface) mode, and most computers do, then leaving your computer in sleep mode is not running up your power bill.  The S1 mode leaves the CPU and RAM powered up, the S3 mode powers the CPU and RAM down.  You can check and change your BIOS sleep state, if you want your computer to draw less power.

My high-end computer uses approximately 120-130 watts just sitting at the desktop (not including the 2 monitors I run), and uses 1 watt when shut down (most computers still draw a very small amount of power, even when off, so they can turn on when you push the power button).  In sleep mode, my computer draws 5 watts.  That’s a difference of 4 watts of power, between shutdown and sleep.  Not a huge difference.

Suppose your computer system is turned off 16 hours/day.  The 4 watts difference works out to 1.92 killowatt-hours (kWh) per month.  According to National Resources Canada in April 2014, the average residential electricity price in Canada (including taxes) was 13.272 cents/kWh.  So keeping your computer in sleep mode would cost you 25.5 cents per month more than it would to shut your computer down.  The average Canadian home uses 955.8kWh monthly, so 16 hours of sleep mode per day would be a 0.21% increase in monthly power use.  Of course, some computers use a little more power in sleep mode, but it’s almost always under 10W.

You can find more information on how to change the function of your computer’s power button here.  You probably don’t want hibernate mode, as this dumps the contents of your PC’s RAM to the hard disk and then powers off your PC, so you can resume right where you left off (with programs open, etc.).  With the large amount of RAM in today’s systems, this process can be pretty slow.

Wear-and-Tear

 

 

 

 

The ‘Wear-and-Tear’ Argument:

Computers that are in sleep mode use minimal power to keep only essential components operating in low-power mode.  The major remaining power consuming parts are the RAM, CPU and motherboard; all run in dramatically reduced power consumption states while in sleep mode.  They both have just enough power to keep the OS stored in the RAM.  The sleep state hardly uses the CPU and RAM, which causes them to produce next to no heat or part attrition.  The motherboard is also powered just enough to check for any use of the keyboard, mouse, touch pad, or power button to wake the system from sleep mode.

In sleep mode, the computer turns off components like the graphics card, network adapter, hard drives, and optical drives.  The parts are turned ‘off’ to a state similar to as if the computer was shut down.  The sleep state also prevents the computer from being attacked by hackers and network-related malware, the same way a shut down computer does.

Turning on a computer from a ‘shut down’ state causes a substantially larger amount of wear-and-tear on the hardware, compared to re-booting a computer from a ‘sleep’ state.  Waking a computer from ‘sleep’ uses less energy, in addition to being easier on the computer components.  Waking a computer from hibernation wears the computer similar to turning on a computer from ‘shut down’.

 Time
 Computer Usage:

Of course, computer usage has to weigh into the argument as well.  If you use your computer several times per day, you can reduce wear-and-tear by using sleep mode instead of shutdown.  However, if you use your computer only an hour or so every few days, it makes more sense to shut down your computer.

Update

Software Updates:

If your computer is set to automatically install software updates (as it should, as software updates keep your system safe & secure), most software updates occur overnight.  If your computer is left in ‘sleep’ mode, your computer will receive the updates, and will automatically re-start and go back into sleep mode.  However, if your computer is shutdown, when you turn on your computer, your computer will automatically install the updates at that time.  You will then have to re-start your computer again.  If the start of your day is time-restricted, this is something to keep in mind.

 

Got Cyber-Gremlins?

Call 1-204-800-3166

For Cyber-Extermination!

 

 

ALERT: Financial Institutions Hit By CyberHeist

by Leave a Comment

BankALERT:  

Financial Institutions

Hit By CyberHeist

 

 

A multinational gang of CyberCriminals has stolen as much as $1 billions from as many as 100 financial institutions across the world, including Canada and the US.

This was a highly sophisticated operation that managed to stay inside bank networks for a very long time…

UNDETECTED!

Antivirus developer Kaspersky’s publication on Feb. 16, 2015, revealed details on what is likely the biggest cyberheist ever.

The CyberCriminals used carefully crafted emails
to trick pre-selected employees into opening malicious software files,
a common technique known as spear-phishing.

The opened software files infected their workstations.  Once the CyberCriminal had access, they roamed the internal network freely, until they tracked down administrators’ computers for video surveillance.  They studied how the bank clerks worked, and were then able to mimic their activity and tell ATMs to dispense cash to a gang member at a pre-determined time, or transfer larger amounts to accounts located all over the world.  In some cases, they inflated account balances before pocketing the extra funds through a fraudulent transaction.  Because legitimate funds were still there, the account holder would not suspect a problem.

Carbanak2

 Kaspersky reports evidence of theft in the amount of $300 million.  The NY Times reports thefts could add up to 3 times that amount, likely exceeding $1 billion.

Chris Doggett, from Kaspersky North America, told the NY Times, “This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.”

The CyberGang, dubbed the “Carbanak CyberGang” by Kaspersky because of the malware they used, appears to be the first international CyberMafia: a group of CyberCriminals from Russia, Ukraine and other parts of Europe and China.

Kaspersky could not release the names of the banks because of nondisclosure agreements, but reports they were in Russia, Japan, Europe, The Netherlands, the US, and Canada.  NY Times states that The White House and FBI have been briefed on Kaspersky’s findings.  Interpol and Europol are coordinating the investigation.

Sanjay Virmani, director of Interpol Digital Crime Center said in a statement prepared by Kaspersky,

“These attacks again underline the fact that criminals will exploit any vulnerability in any system.  It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.”

 

Kevin Mitnick, KnowBe4’s Chief Hacking Officer tweeted,

“Even after 20 years, social engineering is still the easiest way into a target’s network and systems, and it’s still the hardest attack to prevent.”

 

Security Issues?

Call 1-204-800-3166

Get Cyber-Exterminated!

 

 

Free Security Checkup

by Leave a Comment

Google Security

FREE Security Checkup

February 10 was Safer Internet Day

 

Although you should practice safe internet policies every day, this day is to bring focus to how important online safety is.

Please take 2 minutes out of your day to complete a simple Security Checkup.

 

This checkup makes sure you are making the most of the 24/7 protection you receive from TbyD (if you’re on one of our Monthly Service Plans).

Google is giving you this FREE checkup.
If you complete this checkup by February 17, 2015, they will give you a
permanent 2 GB bump in your Google Drive storage plan.

 

It takes just a couple minutes and, unlike other checkups, it won’t leave you feeling guilty about not flossing.

Here’s what it does:

  • Ensures your account recovery information is current.

    If they detect suspicious activity in your account, they use your recovery info to get in touch and make sure no one but you gains access.

  • Lets you review recent sign-in activity.

    Reviewing this lets you validate the sign-ins are coming from you and not someone else who shouldn’t be using your credentials.

  • Confirms the apps and devices that access some account information.

    This step lets you monitor this list and remove apps and devices that don’t need access to your account any more.

Google checkupAfter you’ve gone through the checkup successfully, you’ll see 3 green checkboxes (see left) that confirm you’re eligible for the free storage and, more importantly, that you’ve taken steps to enhance your online safety.

 

Google will be granting the storage automatically to everyone by around February 28, 2015, and they will send you an email when your adjustment is complete.

 

Ideally, you’ll revisit this checkup every so often, or anytime your account changes, like when you get a new phone or replace an old laptop.  
While this is just one way to help you stay safe online, you can find even more tools and tips in the Google Safety Center.

 

**Please note:  Google Apps for Work and Google Apps for Education users are not eligible for the bonus storage, but should still consider taking the Security Checkup.

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

ALERT: Bank Phishing Attack Using SMS Text Messaging

by Leave a Comment

ALERT:  Bank Phishing Attack Using SMS Text Messaging

Smishing

Victims receive a fake text from their ‘bank’ on their cell phone, stating there is a problem with their account.  The text urges them to call a number in their own area code.  When they dial the number provided, they receive the following automated message:

“Thank you for calling [name of bank].  A text message has been sent to inform you that your debit card has been limited due to a security issue.  To reactivate, please press 1 now.”  After pressing 1, the caller is prompted to enter the last 4 digits of their Social Security number, then the full card number and expiration date.

 

This is a mix of scams, known as “SMiShing” – phishing attacks sent via SMS text message – and voice phishing aka “vishing”, where people are directed to call a number that answers with a voice prompt, spoofing their bank and instructing the caller to enter confidential data.

NEVER call your bank from a number in a text or email.  
Always double-check the phone number from your bank’s website.  

 

Security Issues?

Call 1-204-800-3166

For Cyber-Fortress Security!

ALERT: New Ransomware Strain Encrypts Files From RAM

by Leave a Comment

Fessleak3

ALERT:  New Ransomware Strain Encrypts Files From RAM

 

Security researchers at Invincea have discovered a new Russian ransomware strain called “Fessleak” which delivers its code straight into system memory and does not drop any files on disk.

This means that almost all antivirus software is not able to catch this malicious malware.
The infection is spread through malicious ads on popular websites.  

The Cybercriminal setup a short-lived burner domain (disposable domain) directing to a landing page where the exploit kit (malware infector) is hosted.  Then they post a legitimately paid-for ad on legitimate major sites such as HuffingtonPost, Answers.com, Thesaurus.com, and Match.com.

The ad is usually similar to “Granny opening a new iPhone video”.

When you click on the link, you are redirected to the malicious domain, which infects your workstation.

You are then presented with a full screen image that announces all personal or business files, photos, and videos have been ecrypted and to get them back you need to pay a ransom in Bitcoin.

Invincea states:

“We continue to see new innovations in ransomware.  More advanced versions use file-less infections, and communicate via the TOR network…they are also able to check to ensure the host is not running on a virtual machine to frustrate security researchers and analysis.  

At this time, there is no detection for the malicious code, which rotates its hash value to avoid Anti-Virus detection.
How do you pre-plan for a possible attack?
  1. BACK UPS!   All malware and virus effects can be prevented by having all important data backed up.  Take a weekly copy off-site.
  2. Keep your attack surface as small as possible, and religiously keep all OS and third-party patches up-to-date.  All our monthly service plans do this automatically.
  3. Disable Flash in your browser, or at least set Flash to Click to Play.  This way, you can activate only the ads or videos using Flash that you want to see, and the others will remain disabled.
  4. Run a multi-layer security system, block ads centrally rather than machine by machine.  If that’s not possible, AdBlocker plugins for each browser.
  5. It is increasingly clear that effective security awareness training is a must.  End users need to be on their toes, and need to keep security in mind at all times.

Cyber-Security Issues?

Call 1-204-800-3166

For Cyber-Fortress Security

Keeping Laptop Batteries In Good Health

by Leave a Comment

Batteries – To Drain Or Not To Drain…

Laptop Battery

 

Everyone, from your neighbor to your great-aunt’s dog-walker’s niece, has their opinion on this.  Some say to drain it completely before re-charging, some say that you should keep it between 40% and 80% at all times.

But which is the truth?

 

A lot of this is confusion over how batteries used to work, not how they work today.  Luckily, most or all of your gadgets today run on Lithium Ion batteries, which are easy to take care of.

The short answer – – Charging incorrectly can decrease their lifespan.  Most lithium batteries should last you a few years, and batteries have a finite life, no matter what, so your efforts will only help to extend the life so much.  However, improper care can decrease that lifespan, meaning your battery will be unable to hold a charge – or unable to hold as big a charge as it used to – quicker.

Here’s some guidelines to help to extend your battery’s health as much as possible:

  1. Perform shallow discharges.  Instead of discharging to 0% all the time, lithium ion batteries do best when you discharge them for a little bit, then charge them for a little bit.  Discharges to 50% are better for your battery’s long-term life then small discharges to 90% or large discharges to 0%.
  2. Don’t leave it fully charged.  Lithium ion batteries don’t need to be charged 100%.  In fact, they prefer not to be.  So the 40%-80% rule is a good guideline.  When possible, keep it in that range to prolong its life as long as you can.  And if you do charge it 100% – don’t leave it plugged in.  If you charge it overnight, use something like the Belkin Conserve Socket to stop it from charging after it’s full.
  3. Fully discharge it once a month.  While lithium ion batteries shouldn’t be discharged 100% regularly, most modern batteries are what’s called “smart batteries”, which means that they can tell you how long you have until your battery dies.  This feature can get mis-calibrated after a lot of shallow discharges.  Manufacturers recommend fully discharging your battery once a month to make sure this stays accurate.
  4. Keep it cool.  Excess heat is not only bad for your processor, but your battery as well.  A hot battery will degrade in health much quicker than a cool one.  For this reason, we highly recommend not using your laptop on a soft surface like a bed or your lap (does not allow for sufficient air intake), and we highly recommend using a laptop stand with cooling fans built-in.

If you follow these tips, your battery should last.

Computer problems?

Call 1-204-800-3166

For Cyber-Extermination!

February Newsletter

by Leave a Comment

Police Dash-Cam Confessionals!

FEBRUARY 2015 TECHTIPS NEWSLETTER

TechTips Newsletter is published monthly, full of technology news and information (and other stuff!).  If you’re not a Geek, not to worry, there’s tons of information for non-Geeks too!:

  • Police dash-cam confessionals!
  • How you can make money off Youtube videos too!
  • CyberCriminals makes software more user-friendly!
  • A Canadian-made hitchhiking robot treks through Germany!
  • Famous Star Wars mis-quotes!
  • How to overeat…in style!
  • Internet cafe deaths go unnoticed for days!
  • AND MORE!

This and much more!  You don’t want to miss this issue!

Get your newsletter HERE!

Comments?  Let me know what you think at marketing@tbyd.ca

Keep Up-To-Date on the Latest Threats To Your Computer Network!

Regular weekly ALERTS on the latest security threats to your computer network

Check out the ALERTS here.

Do you have a question for our Resident Geek?  Email it to:  geek@tbyd.ca!

Like us on Facebook!

Follow us on Twitter!

EXPIRATION NOTICE:

An urgent security warning for businesses running Windows XP, Office 2003, and Microsoft Windows Server 2003!

Windows XP and Office 2003 are no longer supported by the manufacturer.

Server 2003 will no longer be supported by the manufacturer after April 2015.

If your business or organization is currently running Windows XP, Office 2003, Microsoft Server 2003, or Exchange 2003 on any computers or servers in your office, you need to know about a dangerous security threat that must be addressed NOW!

PLEASE TAKE A MOMENT TO READ THIS IMPORTANT SECURITY ANNOUNCEMENT!

As your local Microsoft Partner, we are aggressively reaching out to all local businesses that use any of these programs to alert you to this serious security risk and inform you about what you need to do NOW to protect your company or organization!

WINDOWS XP AND OFFICE 2003 REPLACEMENTS MUST BE MADE NOW

WINDOWS SERVER 2003 AND EXCHANGE 2003 REPLACEMENTS MUST BE MADE BY JULY 14, 2015

Microsoft has officially announced that it retired all support for Windows XP and Office 2003 April 2014, and on the Server 2003 operating system on July 14, 2015.

This means any business or organization still running any of these programs will be completely exposed to serious hacker attacks, aimed at taking control of your network, stealing data, crashing your system, and inflicting a host of other business-crippling problems you do NOT want to deal with.

This is such a serious threat that the U.S. Department of Homeland Security has issued an official warning to all companies still running these programs, because firewalls and antivirus software will NOT be sufficient to completely protect your business from malicious attacks or data-exfiltration.  Running some of these programs will also put many organizations out of compliance.

CALL 1-204-800-3166

for a FREE QUOTE