DarkFiber Consulting – IT Managed Services

Google Releases Chrome 5.0.375.70

June 23rd, 2010 . by DarkFiber Consulting

Google has released Chrome 5.0.375.70 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, bypass security restrictions, or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 5.0.375.70 to help mitigate the security risks.

Malicious Code Circulating via Social Security Administration Phishing Messages

December 10th, 2009 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of malicious code circulating via phishing email messages that appear to come from the Social Security Administration. The messages indicate that the users’ annual Social Security statements may contain errors and instruct users to follow a link to review their Social Security statement. If users click this link, they will be redirected to a seemingly legitimate website that prompts them for their Social Security number. If users enter their Social Security number and continue to the next page, they will be given an option to generate a statement. If users attempt to generate a statement, malicious code may be installed on their systems. This malicious code attempts to collect online banking traffic to gain access to the users’ bank accounts.

DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks:

  • Install antivirus software, and keep the virus signatures up to date.
  • Do not follow unsolicited links and do not open unsolicited email messages.
  • Use caution when visiting untrusted websites.
  • Use caution when entering personal information online.
  • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
  • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

DarkFiber Consulting will provide additional information as it becomes available.

United States Presidential Election Email Attack

November 6th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of email attacks circulating that are related to the recent U.S. presidential election. The email messages appear to be coming from a seemingly legitimate source and contain a message indicating that additional news coverage of the election is available by following a link. The link directs users to a website that appears to contain a video of the president elect. The website will instruct the user to update to a new version of Adobe Flash Player in order to view the video. This update is not a legitimate Adobe Flash Player update; it is malicious code. If the user downloads this executable file, malicious code may be installed on the system.

DarkFiber Consulting encourages users to take the following preventative measures to mitigate the security risks:

  • Install antivirus software, and keep the virus signatures up to date.
  • Do not follow unsolicited links.
  • Use caution when visiting untrusted websites.
  • Use caution when downloading and installing applications.
  • Obtain software applications and updates directly from the vendor’s website.
  • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
  • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Torpig Trojan Horse Attack Activity

November 6th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of a high volume of financial accounts compromised by the Torpig (also known as Sinowal or Anserin) Trojan horse. This Trojan horse uses HTML injection to add fields to web pages in order to convince users to provide additional user credentials or financial account information. Systems compromised by this Trojan horse are being used by attackers to obtain FTP credentials, email addresses, and digital certificates of the current user.

This Trojan horse uses an MBR rootkit known as Mebroot. This rootkit contains configuration information for the Trojan horse as well as techniques used to keep the Trojan horse undetectable.

DarkFiber Consulting encourages users to do the following preventative measures to mitigate the security risks:

  • Install antivirus software, and keep the virus signatures up to date.
  • Investigate anomalous or slow-running machines, looking for unknown processes or unexpected Internet connections as this may be a sign of malicious programs operating in the background.
  • Examine firewall logs of systems for connections to or from anomalous IP addresses.
  • Consider traffic analysis to identify compromised systems that are exfiltrating data.

Malware Circulating via Russia/Georgia Conflict Spam Messages

August 21st, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of malware circulating via spam email messages related to the Russia/Georgia conflict. These messages contain factual information about the conflict. The messages also contain download instructions for the user to watch a video that is attached to the message. If a user opens the attachment, malware may be downloaded and installed onto their system.

DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks:

Malware Circulating via Spam Messages

August 7th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of malware spreading via spam. It has been reported that malware is spreading in spam messages related to the upcoming Olympics and to fake CNN news reports. If a user clicks the link to one of these fake news reports they are prompted to install a Flash Player update. If users attempt to install the update, malware may be downloaded and installed onto their system.

DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks:

Malware Targeting Adobe Flash Player

August 5th, 2008 . by DarkFiber Consulting

Adobe has issued a Security Bulletin warning of malware spreading via a fraudulent Flash Player installer. Adobe warns that a worm is making fraudulent posts on social networking sites. These posts include links that lead to fake sites that prompt users to update their versions of Flash Player. If users attempt to use the installer to make the update, malware may be downloaded and installed onto their systems.

DarkFiber Consulting urges users and administrators to take the following preventative measures to help mitigate the security risks:

CA ARCserve Backup for Laptops and Desktops Server vulnerability

August 4th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of a vulnerability that affects CA ARCserve Backup for Laptops and Desktops. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition on the server.

More information regarding this vulnerability can be found in the CA Security Advisory “Security Notice for CA ARCserve Backup for Laptops and Desktops Server LGServer” document.

DarkFiber Consulting recommends that users upgrade to the latest versions to help mitigate the security risks.

Airline E-ticket Email Attack

July 31st, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports indicating that a new email attack is circulating. This attack uses email messages that appear to be from legitimate airlines and contain information about a bogus e-ticket. These email messages instruct the user to open the attachment to obtain the e-ticket. If a user opens this attachment, a file may be executed to infect the user’s system with malicious code.

Reports, including a posting by Sophos, indicate that these messages have the following characteristics. Please note that these attributes may change at any time.

  • The subject line “E-Ticket#XXXXXXXXXX”
  • An attachment named “eTicket#XXXX.zip”

DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks:

New Storm Worm Activity Spreading

July 29th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of a new Storm Worm Campaign. The latest campaign is centered around messages related to the Federal Bureau of Investigation and Facebook. This Trojan horse virus is spread via an unsolicited email message that contains a link to a malicious website. This website contains a link, that when clicked, may run the executable file “fbi_facebook.exe” to infect the user’s system with malicious code.

Reports, including a posting by Sophos, indicate the following email subject lines are being used. Please note that subject lines can change at any time.

  • F.B.I. may strike Facebook
  • F.B.I. watching us
  • The FBI’s plan to “profile” Facebook
  • The FBI has a new way of tracking Facebook
  • F.B.I. are spying on your Facebook profiles
  • F.B.I. busts alleged Facebook
  • Get Facebook’s F.B.I. Files
  • Facebook’s F.B.I. ties
  • F.B.I. watching you

DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks: