In a report by security firm Websense, an alarming rise in the growth of malicious websites was identified in 2009 as compared to 2008 – almost 225 percent. The study also found an increased focus among hackers and spammers on targeting social media sites such as blogs and wikis. Social media or so-called Web 2.0 sites allow user-generated content, which can be a source of vulnerability. Researchers identified that up to 95 percent of user-generated comments to blogs, chat rooms, and message boards are spam or malicious – linking to data stealing sites or to downloads of malicious software. Email also continues to be a target for malicious activity with tens of thousands of Hotmail, Gmail and Yahoo! email accounts hacked and passwords stolen and posted online in 2009, which resulted in a marked increase in the number of spam emails.

For our clients on our Managed Service plans, we work hard to ensure your systems are protected from harmful or malicious activity coming from the Internet. If you’re not under our Managed Service plans perhaps now is a good time to talk – let’s make sure your systems are safe in 2010.

Related articles

• Top search results riddled with malware (v3.co.uk)
• Email phishing attack spreading say experts (telegraph.co.uk)
• Fraudsters Go Phishing For Victims’ Friends (news.sky.com)

Mozilla, the organization behind the popular Firefox browser disclosed that two add-ons available for download on its website were vectors for Trojans that could compromise users’ computers. Add-ons allow users to extend and enhance the capabilities of Firefox beyond the default install. Normally they are scanned for malware before being uploaded onto Mozilla’s website, but apparently two of them managed to slip through Mozilla’s automated scans. The infected add-ons are Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer.

Mozilla has since updated their scanning process, but as part of our ongoing security watch we are vigilant in continuously protecting our customers under our Managed Services program from malware – you can rest easy.

When managing your systems on your own, it’s highly advisable to be vigilant with security and always use antivirus software – even when downloading and using software from legitimate sources. If you have downloaded these Firefox add-ons, uninstalling them does not remove the trojans that they carry, and you’ll need to use antivirus software to remove any malware on their system. Need more information or help? Call us and we will be glad to assist you.

Related links:

• Mozilla Firefox hit by malware add-ons (zdnet)
• Trojan Horse Mozilla Firefox Addons (the firefox extension guru’s blog)
• Mozilla admits Firefox add-ons contained Trojan code (sophos)

Security firm Imperva recently released a warning to users of popular social networking website RockYou indicating that their accounts and passwords may have been compromised. According to the firm, a hacker may have accessed an alarming 32 million accounts. But what is more interesting in the wake of this news is an analysis made of the accounts and passwords stolen. From the data provided to researchers, it seems that a great number of users still use insecure passwords, such as those with six or less characters (30% of users); those confined to alpha-numeric characters (60%); or passwords including names, slang words, dictionary words, or trivial passwords such as consecutive digits, adjacent keyboard keys (50%). The most popular password? 123456. Are you using an insecure password? Let us guide you through best practices for information security. Contact us today.

Related links:

• And the most popular password is… (zdnet)
• RockYou hack reveals easy-to-crack passwords‎ (register)
• RockYou hack exposes names, passwords of 30M accounts (computerworld)

Early January, Google released a report detailing attacks on its infrastructure which it claimed to have originated from China. In the wake of its announcement, another report came out detailing what is purported to be an “organized espionage operation” originating from China. Known as “Operation Aurora”, the attack attempted to siphon information from 33 companies in the US, including Google. The attackers are believed to have exploited a vulnerability in Internet Explorer (IE). The vulnerability affect IE 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and IE 6, IE 7, and IE 8 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. In the wake of the attacks Microsoft released a patch to address the vulnerability. If you are unsure if this patch has been applied to your systems, contact us for help.

Related links:

• More Security Flaws Found in Internet Explorer (Mashable)

RealNetworks, developers of RealPlayer, a popular real-time streaming media player, recently released an advisory about vulnerabilities that when exploited could trigger remote code execution attacks. The firm reports at least 11 critical vulnerabilities that expose Windows, Mac, and Linux users to malicious hacker attacks. RealPlayer is a favorite target for malware and fraudware writers, and users are advised to download the latest software update. If you don’t use RealPlayer, you’re best advised to uninstall it immediately. Need help in making sure your applications are safe to use? Contact us today.

Related links:

• Bogus IQ test with destructive payload in the wild (zdnet)
• Tor project suffers hack attack (zdnet)
• RealPlayer Exploit Infecting Windows Machines (eweek)

IMPORTANT UPDATE FOR QuickBooks Customers: Intuit is receiving reports of individuals receiving fraudulent emails from QuickBooks or QuickBooks Online. The two separate emails ask customers to either download a plug in to assess their security or download a Digital Certificate. Customers should delete either of these emails. As we discover these fraudulent sites (cyber criminals often use the same email repeatedly, although they change web sites), we take them down.

More at the Intuit website

Hello friends, this is Brett Passmore.

For some, it has been a long time since we talked, and I apologize for that. I truly hope you are doing well. I will do my best to be in touch on a more consistent basis.

Our family had quite the holiday break. If you ever want to get to know your family and yourself, take an RV trip. We just travelled to Ohio and back to visit family, a few museums, and to see some sights. Boy did we. As you know, living together can be difficult at times, but living together in a rolling 288 sq foot coach with one bathroom can be brutal. All kidding aside, it was one of the best trips we have ever had the opportunity to take together.

Kirsten is now 8 years old. It seems like only yesterday we were bringing her home from Vietnam. That was 7 years ago. That is one of the reasons we took the trip. We want to cherish this time we have with her because she is growing up so fast. She is so creative, and so thoughtful. I am amazed at how much of Amy I see in her every day. I am blessed. She acts so much like us that you cannot tell that she was adopted. (Except for the fact that she is Vietnamese!)

My reason for telling that story is this: Take the time to slow down and spend time with your family. All too often we get so busy with life that we let life pass us by. We only have one shot at this. Take time and invest it in your family. You have no idea what a difference you can make in their life, or the difference in your own.

We have all been shocked and terrified by the images we have seen from the tragedy in Haiti. As much as want to, we cannot begin to understand the size of the disaster that they are living in. It honestly looks like a dystopian movie. Lots of people wonder “What can I do?” well, the American Red Cross has made a way to help. Using your cell phone, you can contribute quickly and easily. You can text “HAITI” to 90999 to donate $10 to American Red Cross relief for Haiti. Please do it today.

One last thing, if your business needs IT services (PC, Server, Desktop, Networking, Website, or other) please do not hesitate to contact me. I would love to be a resource for you or your friend’s organization that needs technology assistance. We offer a generous referral plan as well, so please don’t hesitate if you know of a company that could use our assistance.

Thanks for taking the time to read this short message, and please, if you have time, reply back to me. I would love to hear from you.

God Bless,

Brett Passmore

In today’s business environment, you can’t be too careful about what you’re employees are doing when you aren’t watching. The good news is, PC and Internet abuse can be easily addressed with employee monitoring software.

Spector CNE and Spector 360 allow you to record and review everything your employees do on their computers. In other words, you can obtain a complete record of every e-mail or instant message sent and received (including attachments), every web site visited, every application launched and every keystroke typed.

When you need to know exactly what your employees are doing on their computers and the Internet, turn to Spector CNE or Spector 360. Contact us for details.

If you are using an automated clearing house (ACH) system to manage your funds, then you had better be extra careful.

The Federal Bureau of Investigation (FBI) has warned ACH users – particularly small businesses – to be on the lookout for ACH system fraud, which has already scammed as much as $100 million from unsuspecting victims.

The FBI is working with the National Cyber Forensics and Training Alliance (NCFTA) to determine a solution for the problem and to catch the criminals behind these multi-million dollar scams.

All it takes is a seemingly harmless email to an organization’s bookkeeper or accountant to give hackers access to all their accounts. In a technique called “phishing”, these criminals send electronic correspondence laced with attachments disguised as documents or genuine applications (like an update for Windows, for example), or links to supposedly legitimate websites. Once a recipient clicks on these links or installs the software, the hacker installs a keylogging program in their system, giving them access to passwords and other sensitive account information.

The siphoning off of funds happens fairly quickly. Some hackers set up ACH transfers to unaware third party groups that typically do payroll processing tasks for international companies, which in turn transfer the money overseas. Others create fake names on a payroll system which automatically siphons off money into preset accounts enrolled in a similar system.

According to the FBI, the usual victims are small businesses because of their tendency to work with smaller, less secure banks. It’s the FBI’s conclusion, indicated in a report by their Internet Crime Complaint Center (IC3), that smaller banks lack the proper security measures, which gives hackers the capacity to abuse the ACH system.

“In several cases banks did not have proper firewalls installed, nor anti-virus software on their servers or their desktop computers. The lack of defense-in-depth at the smaller institution/service provider level has created a threat to the ACH system,” the IC3 report reads.

More details about this story can be found here.

(http://www.computerworld.com/s/article/9140308/FBI_warns_of_100M_cyber_threat_to_small_business?taxonomyId=17&pageNumber=1)

New research from the Ponemom Institute and Lumension, shows that a majority of firms are struggling to secure data as users quickly adopt new and emerging technologies such as mobile, cloud computing, and collaborative Web 2.0 technologies. The study, which surveyed IT security and IT operations practitioners, shows that many (44 percent) feel that their IT network is less secure than a year ago or that their IT security policies are insufficient in addressing the growing threats arising from the use of new technologies. Budgets are also a limiting factor, with many feeling that IT security budgets still aren’t what they need to be to fully support business objectives and security priorities. Other findings from the report:

• 56% said mobile devices are not secure, representing a risk to data security
• 49% said data security is not a strategic initiative for their company
• 48% said their companies have allocated insufficient resources to achieve effective data security and regulatory compliance
• 47% cited a lack of strong CEO support for information security efforts as a reason for ineffective data security programs
• 41% said there was a lack of proactive security risk management in their organization

Just as large companies worldwide struggle to keep up with security, many small businesses do so even more. If you need help understanding the security implications that new technologies bring to your organization, contact us so we can help.

Related articles:

• Companies face IT attacks in uncertain economy: Ernst & Young (newswire.ca)
• Keeping America’s information safe offers a secure career (techburgh.com)
• Cloud Security and Privacy (oreilly.com)
• Computer Security Challenged By Web 2.0 ‘Endpoint’ Growth (Investor’s Business Daily via Yahoo! News) (slumpedoverkeyboarddead.com)