Broken ClamAV Update – Update your systems now

Dear Customers,

There was a bad virus definitions file pushed out by ClamAV early this morning that has broken all installations of ClamAV.

We have been busy fixing systems while a new release of virus definitions by ClamAV is worked on.

If you are experiencing slow email delivery or high CPU on your BarricadeMX, BarricadeMX PLUS or DefenderMX systems, please follow the following instructions for your specific version.

BarricadeMX or BarricadeMX PLUS

Login to your system as root
Execute the commands:

echo “Vbs.Downloader.Generic-6431223-0” >> /var/clamav/local.ign
service clamd restart
service MailScanner reload

DefenderMX or DefenderMX Enterprise

Login to your system as root
Execute the commands:

yum clean all
yum update
service clamd@haraka restart

If you are still having issues, please contact us via your support channel.

Fort Systems Ltd.

Devilish Spam

Devilish Spam

Is there no end to the fees we are getting charged daily. Banks, airlines and now spammers are getting in on the act.

Check the spam image below and you can see there is a $250 “devilry fee” being charged.

This I think is totally ridiculous, usually the “devilry fee” is normally included from other spammers. Maybe they will offer a a “Spam Prime” option in the future???

 

Anyways, I had a laugh and wanted to share this with you all.

-Robin Bains

NotPetya Ransomware Attack Update and Info Links

Hi Everyone,

The NotPetya malware is still making the rounds. We haven’t had any reports of infections from our customers to date, but don’t let your guard down.

BarricadeMX and DefenderMX Lite have been doing a great job of filtering out the malware. Keep your guard up, the malware could morph at anytime (as they always do) so best to remind your users to not open any links for files.

Researchers are now saying that NotPetya was set loose not to make money, but cause destruction. Also, researchers are warning that the NotPetya authors have no way to send you decryption keys, so check your backups twice!

https://www.helpnetsecurity.com/2017/06/29/notNotPetya-decrypt-fail/

I’m adding some links below as they dive much deeper into how NotPetya works and the current state it’s in.

Here is a great one by MalwareBytes with a detailed analysis on how NotPetya works

https://blog.malwarebytes.com/cybercrime/2017/06/petya-esque-ransomware-is-spreading-across-the-world/

As always, check out here on our website for updates or subscribe to our Twitter, Facebook, Google+ and LinkedIn sites. Check the top of our site for direct links.

WannaCrypt 2.0 and Beyond

Hi Everyone,

We are happy to report that no FSL customers have reported back to us that they had or have been infected by the WannaCry virus. Credit goes to all the IT teams, Network Admins and everyone out there for protecting their end users, data and staying vigilant against during this outbreak. But this is no time to relax as apparently the 2nd wave of WannaCrypt (without the  Kill-Switch) is out and still infecting and cryptocurrency miner Adylkuzz is spreading.

There is enough information out there on this outbreak, so I won’t dive in the inner workings of WannaCrypt but we want to put a reminder that the next Ransomware/Worm/Malware is already being masterminded and being readied to deploy so best to check & double check your defenses.

Keep in mind that no single solution is the silver-bullet. Layers of security will give you more depth and protection but nothing will guarantee 100% protection.

Here is our Top 10 list of items you should check:

  1. Backup..Backup & Backup.  You’re only as safe as your last good backup. You can do everything right and still get infected. At that point, you’ll only have your backups to rely on and that would be the worst time to find out your backups weren’t running, are corrupted or unusable.  Make sure your backups are protected so that ransomware or virus can’t wipe them out.
  2. Is your Operating System patched and to the latest version. Sometimes you can’t control when patches will be released (Ahem..Microsoft) but do the best you can to make sure you’re up to date.
  3. End User Training – Make sure your users know how to respond properly to a suspicious email. Do they forward it to IT, delete it. Do they know not to click on any links. The Human Factor should be constantly addressed as we tend to get lax and that’s when things go wrong.
  4. Desktop AV should be installed and updated. Most AV suites have anti-malware features. Enable them and let your users know what to do when an alert does pop up.
  5. Increase your Email Security – Have you implemented SPF?. Is your configuration up to date and can you make settings changes to enhance security? Email is one of the ways malware can enter so make sure you’re covered properly.
  6. Enable HTTP scanning by using a HAVP or Squid.
  7. Disable Macros and ActiveX in the Microsoft Office Suite.
  8. Solutions like Applocker and Microsoft EMET(free) can help secure the desktop even further.
  9. Use Network Segmentation to prevent ransomware from spreading. If users don’t need access to certain networks, consider removing access to prevent further infection.
  10. Implement an Intrusion Detection/Prevention System. Properly configured, such a solution can detect and alert you to possible threats.

Here is a more comprehensive list put together by Helpnet Security.

We’ve implemented several methods for you to to get alerts, updates and articles.

Make sure you are on our mailing list. If you haven’t received alerts or notices in the past, check with us and we’ll add you or use the link below to sign up right now. If there is someone else at your organization that would benefit from our alerts, forward this email to them and have them sign up.  Click here to sign up.

Connect with us via Social Media. We post on Facebook, Twitter, LinkedIn & Google+.

As always, contact us at support (@) fsl.com if you have any questions or concerns.

Thank you,

Fort Systems Ltd.

www.fsl.com

MS Office Zero Day – Another Exploit

There has been a new Zero-Day MS Office exploit in the wild.  All users are vulnerable, including fully patched Windows 10 computers.

The exploit does not even require macros to be enabled making this much more serious than before.  The vulnerability is in the Object Linking and Embedding (OLE).

A RTF format file contains an embedded OLE2link object which tells Word to contact a remote server and download an executable .HTA file, which in turn download additional payloads, restarts word and shows a decoy document.

We are hoping a patch will be issued quickly to mitigate this attack-vector.

Here is some more information:

http://www.theregister.co.uk/2017/04/09/microsoft_word_ole_bug/

https://www.helpnetsecurity.com/2017/04/10/ms-office-zero-day/

Please remind your users to be extra careful when opening or running attachments.

Fort Systems Ltd.