SophosLabs labs' blog reported about a new Ransomware strain with a  difference - this one is a true self-replicating parasitic virus!  They call it VirRansom.... see more below...

This new strain is a hybrid that combines CryptoWall-like functionality  with active self-replicating virus infections of all files it can find. And  like the cybercrime Reveton family of malware, it locks the PC's main screen  demanding 0.619 Bitcoin (currently $217.07) to let you back in. Yikes.

To quote Sophos: "Worms vs. Parasitics: Most worms leave you  with one, or perhaps a handful, of infected files that weren't there before  and need to be deleted.

"Parasitic viruses, in contrast, may leave you with hundreds of infected  files on each computer, or thousands, or more. If you leave even one of  those infected files behind after a clean-up, the infection will start  up all over again.

"Worse still, the infected files can't just be deleted, because they are your  own files that were there before the infection started. That makes cleanup much  trickier." 

The good news: The file encryption is not as advanced as CryptoWall, as  the key to decrypt the files is contained in the malware itself. Your antivirus  should soon be able to decrypt the files and restore them, unless the bad guys  are constantly changing the encryption keys in which case it may take a day or more before your AV catches up.

The bad news: This is a full-fledged virus which will spread across  your network and doing a less than perfect job on the disinfection can  easily lead to reinfection of your whole network.

CryptoWall-encrypted files that you can't or don't decrypt are harmless  garbage forever, but you can delete them. With VirRansom, files that you  don't decrypt are still recoverable, but also still actively infectious. 

It gets nastier all the time. You can expect a VirRansom 2.0 soon where  they might implement "new features" like industrial-strength encryption like CryptoWall where you only get the decryption keys after payment, and things like infection of your email server, where emails are converted  to a worm for maximum dissemination of their malcode. (Think about the legal ramifications of something like this.)

Starkville Computers can mitigate these types of threats through both technical measures  and enforcing security policy.

1. Local Businesses Support Local Charity
2. Local Shops Value You More
3. Protect Local Jobs
4. Keep Dollars in Local Economy
5. Great Customer Service
6. Less Environmental Impact
7. Community Well-Being
8. Healthy Competition
9. Sales Taxes Support Your Local Community
10. Save Money
11. Product Diversity
12. Protect Local Character

The Dispatch - 12/7/14 p4A

So far, infected emails have been acting like they are from Home Depot, Target, Walmart and Costco. They began around Thanksgiving, and with the holiday rush, scammers are trying capitalize on the craziness of the season.

These fake confirmation emails will generally tell you there was an issue with your order. The subject lines have been along the lines of: Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order,” according to Brian Krebs.

The emails also encourage you to clink on links within the email. Don't fall for it! The links contain malware that will steal your personal and valuable information.

If you get an email about a legitimate order you placed online, it's still a good idea to visit the merchant site directly. Don't give out any personal information, and don't forget the telltale signs of a fake email. 

For these emails in particular, their grammar isn't great, "From" lines don't necessarily match the name of the merchant, there are multiple recipients in the "To" line, and when you hover over the links, they don't go directly to the retailer sites.

More importantly, these emails don't include order confirmation numbers or any other information regarding the items purchased. Legitimate emails will contain information of that nature.

Threat characteristics of ZBot - a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.

Stealth-mode characteristics common to Rootkits.

Downloads/requests other files from Internet.

Contains characteristics of an identified security risk.

IF YOU ARE USING ANY TYPE OF *FREE* ANTIVIRUS, YOU ARE LIKELY *NOT* PROTECTED AGAINST THIS THREAT... WE HAVE THE #1 ANTIVIRUS IN THE WORLD AT 66% OFF FOR A LIMITED TIME.

Thanksgiving Holiday Hours:

Wednesday Nov. 26: 9am-5pm
Thursday Nov. 27: Closed
Friday Nov. 28: Closed
Saturday Nov. 29: Closed

We will re-open with regular business hours (9am-5pm) on Monday Dec. 1

We all know that a large amount of cybercrime originates in Russia and other eastern European countries that were former USSR states. But why is that? I decided to dig into this and did some research which turned out to be eye opening. One of the most fascinating sources of reliable information was a book called Putin's Kleptocracy: Who Owns Russia? by Karen Dawisha, professor of Political Science at Miami University.

Why cybercrime is so widespread in eastern Europe is closely connected and date-coincident with the rise of Vladimir Putin to Russia's autocratic leader. If this all sounds too unreal, I assure you it's the unpleasant truth. 

I'm going to give you a very, very short summary of what happened, so you get the big ugly picture. Putin came up in the 1990's in the KGB in Leningrad, and was also stationed in the German town Dresden as a recruiter for agents, and obtaining high-tech secrets from the West. Yup, Putin was a spook stealing Western high tech intellectual property.

He created his personal network in Leningrad (renamed to St. Petersburg) there, consisting of political allies, his personal security people, and Russian Organized Crime (OC). The group he created around him, is the same as the one today that brought him to power. 

From the beginning, Putin and his circle wanted to create an authoritarian regime, (call it a modern Stalinism really), ruled by a close-knit cabal with the interest to only enrich themselves, and not create a real democracy. The cabal consists of former KGB, mafia, and political and economic forces that joined together. They claim to be devoted to Russia and did this to save her, but they are more devoted to their personal survival and prosperity. The whole enterprise is being bolstered by high oil prices and state control over almost the entire media space.  

It started out with the KGB moving all the Communist Party's vast financial reserves offshore, absorbing the Russian mafia and using them for black ops as a price for operating on Russian territory. At the same time, the KGB created hundreds of companies and several banks inside and outside of Russia to launder money. Good examples are the Bank Russia, and energy company Gazprom. Putin's cronies were put in charge of many of these, and many of these people have become billionaires. Their price? Total loyalty and like the mafia, silence: "Omerta".

While moving all this money abroad, the KGB found themselves using the same channels as the mafia for their illicit gains, and these funds started to get mingled up to a point where it was no longer possible to tell which monies belonged to the KGB and which to the mafia. So, when more or less spontaneous privatization was occurring through Russia, the KGB and the mafia got a head start.

To make all this happen in an invisible way, a top-down corruption scheme was hatched that truly starts with Putin and then goes all the way down to low-level government employees. You only get into Russian government by paying for it, and then get rewarded via "tribute" payments.  The system put in place by Putin causes the Russian economy to be badly hamstrung because their is no technical innovation, except in cybercrime where the innovation is furious.

Russia scores very high in overall education, but the well-trained young graduates only have three choices: go abroad, start working for the corrupt government, or go into cybercrime. The third option pays very, very well and many take it.

The long and short of it is that organized crime in Russia is being allowed to operate, and has moved into cybercrime in a massive way, ransomware like CryptoLocker and CryptoWall being a good example. Now and then the cyber mafias are used by Putin as a resource to harass countries that get into his way. The same is more or less the case in countries like the Ukraine, where cybercrime also has become a measurable percentage of their gross domestic product. 

Since they are thousands of miles removed, the major ways these bad guys can penetrate your systems are limited:  

1. Badly configured servers and workstations
2. Known and unknown vulnerabilities in software
3. Social engineering 

That's why implementing an effective security management plan with a professional Managed Service Provider such as Starkville Computers is such an important part of your defense-in-depth. Find out how affordable this is for your organization now by contacting us! 
info@starkvillecomputers.com
(662)324-7272

article by J.R. Guthrie

Thanks for the great response on our iPhone 5 screen repair special coupon post!  If you retweeted, favorited, or shared the post on your facebook page during those 2 hours, please come in with your broken iPhone BY NEXT FRIDAY to redeem your 50% off special offer!