[this post from Dennis Houseknecht, a Nerd is West Virginia]

Think worms are the malware of yesteryear? Not so. A new worm has been spreading rapidly. This worm spreads via RDP (remote desktop connection).

This worm does not seem to be exploiting any new vulnerabilities in the RDP protocol. Rather, it gets its foothold in the internal network through other means, such as Adobe flash or Reader vulnerabilities or general phishing attacks.

Once inside the network, it infects other machines through the RDP protocol. It also goes outside the network and tries to find other networks that have RDP exposed to the outside and brute force the administrator passwords.

Prevention really is no different from the practices we have always recommended:

1. Keep the operating system and browser add-ons, such as Java, Adobe, etc. patched
2. Educate all users about the dangers of opening attachments and clicking links in ANY email – EVEN those that come (or appear to come) from friends, co-workers, or the boss.
3. Use strong passwords – on admin accounts, use VERY strong passwords
4. If possible, do not expose RDP to the internet, especially on its default port of 3389. If you are using Level Platforms for remote access, you DO NOT HAVE TO OPEN FIREWALL PORTS TO USE RDP. If you have port 3389 open through the firewall, you can assume that someone is trying to brute force the admin account all day, every day. This was true long before Morto came to town.
5. Disable RDP on machines that do not need to have it enabled.

Want to know if port 3389 is open on the firewall? Want to get weekly reports showing all open ports on the firewall? Want to get an alert any time there is a change in the open ports on the firewall? Nerds On Site offers SafetyNet, an automated port scanning service that does this. Contact us if you are interested in this service. There is a low monthly cost.

[this post is from Nerd Dennis Houseknecht]

If it seems to you that malware is on the rise, you are quite correct.

If you think that mobile devices are not a target, you are quite mistaken. Here are a few of articles highlighting the security threats of mobile devices:

Fake AV for mobile platform detected

400% increase in Android malware

The progress of IT threats in 2010

26 trojanized apps pulled from Android Market

Auto-dialing Trojans migrate to Android devices

Android is the most vulnerable, because it is such an open platform. That said, there are sure to be attacks against other platforms at some point – even against the tightly-controlled Apple IOS

A big trend in the virus and spyware industry in recent months has been seemingly trustworthy ads for free spyware and virus removal that is in fact malware itself. Trouble is, it looks legitimate to those that don’t know any better, and when the software is downloaded and installed, it ends up finding a lot of critical infections and offers to remove them…for a price. This is what is known as rogue software, and chances are if you’re paid for it, you’re out that money and should consider canceling your credit card.

If the software doesn’t sound familiar, don’t download it, or at the very least, do a quick Google search and find out if it’s legitimate or not.

In a lot of cases, the rogue software won’t show up in the installed programs list in the Control Panel, and often takes anti-malware software like Malware Bytes or Super AntiSpyware to remove it, which can be a huge pain, especially if it can only remove the malicious software in Safe Mode.

So why do websites have ads for malicious software? Well, in a lot of cases, they may not be even aware of it. The websites may be partnered with advertising providers that have their own partners, who may not all be legitimate, and are simply displaying ads based on keywords on a web page.

In the end, it really comes down to the website visitor to be alert and investigate what software is safe to use and what isn’t. If you aren’t sure, do a quick Google search, or ask a Nerd!

Microsoft has not yet patched the .lnk vulnerability I wrote about last week. In the meantime, though, AV vendor Sophos has released a free tool that they claim will fix the problem.

This has been a serious issue. A number of malware writers have already released exploits targeting this flaw. Everyone should exercise even more caution than usual and avoid opening documents or clicking on links in email messages. Simply opening an infected MS Office document can lead to infection. Once computer is infected, it will infect any USB drives that are mounted and hide the infected files, using rootkit technology. This is a HUGE risk for businesses that allow users to transfer files back and forth between office and home computers.

Another word of caution involves a new rogue anti-virus – this time masquerading as a Firefox / Flash update. Check it out here. We are (and should be) always encouraging Clients to keep their brower plugins up to date – especially Flash, so you can see why this ruse would be effective.

Anyone who is tricked into purchasing one of the fake anti-virus programs can usually have the credit card charges reversed. Surprisingly, most do not. As long as people don’t bother to fight back, the fake anti-virus game will continue to generate profits, and as long as it is profitable, the bad guys will continue to find new and better ways to trick users into installing the rogues.

Dennis H in West Virginia, US

July 29, 2010

ATV.ca reports on XP Antivirus 2008

The symptom may appear as a red icon in your system tray, warning of threats found on your system.  Popups and other symptoms occur also, leading the victim to purchase a full version of Antivirus 2008. Don’t be misled by a legitimate-looking message such as this one:

Unfortunately, once you have purchased it, your bank and/or credit card company will not likely issue a refund since they will not consider it fraudulent, as it’s a real merchant (may show up as any number of merchants on your credit card statement, but it seems the company that owns it is Innovagest 2000).

The following are three possibilities of eliminating this malware (and possibly others) from your system:

1. Backup your important data and bring your system back to factory default settings, apply all operating system and application installations/updates, and restore your data
2. Use eset online scanner to detect and remove malware
3. Use Malwarebytes to detect and remove malware

Many of our customers like self-help guides and information such as the above, but if you would rather one of our eNerds come to your office or home for this resolution, don’t hesitate to request service here.