Browsing Posts published by Brandon

Hey folks, Brandon here! Something we’ve talked about to for the past year or so is Ransomware, a type of malware designed to encrypt your files causing you to not be able to access them, then demand a monetary ransom to get access to your files again. Every couple of months there seems to be a new wave of these coming out and one seems to have started going out this week……So of course Steve and I decided to download the latest and greatest in Cryptowall and try it out!

So let’s talk about how this new wave of Cryptowall is being distributed and how it works.

Note that this version is using Java to run. When we didn’t have Java installed, the virus couldn’t do anything. Unfortunately, removing Java from all your machines isn’t really a good way to prevent this sort of thing, as it’ll cause new issues. The best thing to do is to keep everything up to date, as companies are constantly releasing security updates.

How it’s being sent

This is being sent to people in an email about new Outlook settings (Subject typically: Important – New Outlook Settings) coming from Administrator@outlook-us.com

Attachment/Link

The email comes with a URL (different URL each time) that appears to change what it’s doing each time you click it. Sometimes it downloads ‘message.zip’ which contains ‘outlook_settings_pdf.exe’ (the virus). Now this is tricky because unless your computer shows file extensions, it just shows as outlook_settings_pdf with a sneaky little Adobe Acrobat icon. Sometimes the site it takes you to loads a blank page. Sometimes it loads what appears to be a…poem? Yeah, a poem. Alaa has actually been reloading the page over and over to make a poem book. We’ll probably put that on Amazon for your Kindle soon.

Bottom line

If you see an out-of-place looking email from anybody @outlook-us.com, you should probably err on the side of caution. As always, clicking on links if you don’t know where they’re from is typically a bad idea. If there’s anything you’re unsure about, ask your IT support! We in IT would rather you be cautious and secure than click-happy and vulnerable :)

That’s really it. If you want the details of what the virus is doing, keep on reading!

What’s the file doing?

If the outlook_settings_pdf.exe gets run, it will show itself as a process as well as 2 process that *appear* to have randomly generated names. They’re definitely noticeable. Here is resource monitor with the processes (click image to see full-size):

Then it gets to work! It’s using the system Cryptographic Services to start encrypting your precious files to hold for ransom:

 

 

 

 

 

 

(I just realized the bottom task got cut off. But it’s the cryptographic service…)

 

I have returned

No comments

Brandon here! I just wanted to let everyone know that after a 3-month hiatus in my work at Simplex-IT, I have decided to return! I spent the summer working for Google in California. Working there was an amazing experience and I learned quite a bit. As much as I do miss being out there, I am really excited to be back and working with all of you.

I will be here for the foreseeable future in the same capacity I was before. Can’t wait to work with everyone again.

Hey folks! Brandon here, just wanted to give you all an update on some of my experiences with Web Browsing on Windows 8.1. 

With Windows 8.1 Microsoft brings Internet Explorer 11 (IE11), which contains a lot of performance and security enhancements, but changes mean that your sites need to work well with it. I have already encountered multiple instances of websites that I rely on for work that are not compatible with IE11.

When a web browser such as Internet Explorer, Chrome, or Firefox gets updated, there are always new things that might not work with websites that haven’t updated everything for each browser. Something that every business should be paying attention to is whether the websites they hold dear to their heart actually work on updated versions. This is one of the key reasons updating software gets delayed in a business environment.

The first thing we try when something isn’t compatible, is a feature called Compatibility View, which works by letting a list of websites you create run as if you were using an older version of IE, just for that website though. Unfortunately, the typical settings for this don’t seem to work as well as one would hope in IE11. The process quite the annoyance now and is rather inconsistent. Next I tried downgrading to IE10, but that process isn’t so simple either (They really want you on IE11).

I jumped into Windows 8.1 without doing my research into whether or not the sites I rely on for business will be compatible. Now I can’t use IE for work until the websites update on their end. This can be a tough situation to be in as a business. You need to get your work done, but should also be on the best and most secure experience possible. Sometimes we need to make a trade-off.

That being said, if you rely on web-applications for your business I would check with the people who run the site to see if it is compatible with IE11 and probably wait a little bit for them to get updates going.

 

Hey folks, Brandon here. Recently, Bob posted about me bringing Google Glass to Simplex-IT.

Two weeks ago I was in New York picking up Google Glass after being accepted into the Glass Explorer program. Essentially, I am beta testing the product. Looking for bugs, showing it off, trying new things, and maybe doing some development.

Consistently the number 1 question I get asked is “What is that!?” So I wanted to make it a bit easier and just make a video and show you all!

Here is the first video about Glass. I’ll go over some basics at first, and maybe I can do some more in depth videos in the near future.

If you have any questions about the device, let us know. Maybe some things you would like to see or have answered. Feedback is encouraged!

 

Hey everyone, Brandon here! There have been some recent issues regarding iOS and Exchange lately and I just wanted to take a minute and clarify some things.

So in late January Apple began pushing out a small update to the iOS 6.1. This went to devices including the iPhone, iPad, and iPod touch. Including some bug fixes, it also created a few (slightly larger) problems.

It turns out that the update doesn’t work well with Exchange 2010, which also happens to be what Office 365 is running on while they deploy Exchange 2013 (they are in the process of doing this).

What is happening, is when an iOS device connects to an Exchange 2010 server, the server CPU use and memory spikes, affecting performance for all users. This has been bringing servers to a crawl that have a lot of iOS users.

This means even cloud based services such as Office 365, which hosts more mail than I can count, are slightly impacted every time someone uses an updated iOS device with an Office 365 email. Now take into consideration everyone they host mail for with an iOS device connecting daily. That is on a huge service. Imagine how the problem will be amplified for places that host their own mail on their own, much smaller, Exchange 2010 server.

So what are they doing about it?

From the article linked below, a Microsoft spokesperson says, “Apple and Microsoft are investigating this issue. We will post more information in this article when the information becomes available.”

So while the two tech giants work to get this resolved as quickly as possible, what can you do? For the time being they are recommending that if you (or your network administrator) are noticing a problem, to have iOS users disable Calendar sync and restart their device until a fix is put out. Note that this will only help if your company has their own Exchange 2010 server. For cloud based services such as Office 365, there isn’t much you can do at the moment if you are experiencing slower speeds since those servers are shared with everyone else on the service.

If you want some more details and the nitty gritty of it, there is an article on PC World’s website that will get any updates from Microsoft on the situation. The article can be found here:

http://www.pcworld.com/article/2027985/ios-devices-hobble-exchange-servers-when-they-sync.html

Brandon here! So I recently did some digging to get Lync working on the phones of my fellow Simplex colleagues and I thought you all might be able to get something out of this!

So here’s the situation. You have your shiny new Android/iPhone/Windows smartphone and your workplace is using Office365 (or if your company has a dedicated Lync server). You want to be connected to your colleagues at all times but it can tend to be difficult. You can always check your email, but maybe you need something faster. If you are at your computer you can start up Microsoft Lync and get connected, but what about when you are out and about?

For those who aren’t familiar with Lync, it’s a business tool to keep you in contact with your coworkers by syncing your Outlook contacts. It is fully featured to allow instant messaging, screen-sharing, video conferencing, file sharing, and more!

Well, your workplace communication on-the-go problems have been resolved. Upon the release of Lync, Microsoft also released an app for Android, iPhone (and iPad), and Windows Phone.

I’m going to show you how to properly configure Lync to work on your mobile device. For starters, you’re going to need to download the app onto your phone from the proper app store. You can search for the app on your phone, or go to the proper link provided below in your web browser.

https://play.google.com/store/apps/details?id=com.microsoft.office.lync&hl=en

http://itunes.apple.com/us/app/microsoft-lync-2010-for-iphone/id484293461?mt=8

http://www.windowsphone.com/en-US/apps/9ce93e51-5b35-e011-854c-00237de2db9e

Once you have installed the app, let’s open it up and take a look!

Once you are in the app, you will be at the login screen. In order for Lync to work properly, you have to mess with some of the settings. Depending on your phone, you may have to select the drop-down menu to view more options and details, or open your menu button, then select options from there. After you are viewing the options, the rest is easy. You must make the settings as such:

Internal discovery address: https://webdir.online.lync.com/Autodiscover/autodiscoverservice.svc/Root

External discovery address: https://webdir.online.lync.com/Autodiscover/autodiscoverservice.svc/Root

After you have changed your settings to be this, you can go back into the main screen and login using your email address and password! Easy, right? From the app you can message, call, and look at information for all of your Lync contacts!

Make note that this is not as fully-featured as the computer version as it has been trimmed down to bare essentials for mobile use.

If you have any problems with the Lync 2010 mobile client there is a Microsoft Support article for the Android and iPhone/iPad operating systems.

Android: http://support.microsoft.com/kb/2636313

iPhone/iPad: http://support.microsoft.com/kb/2636320