Beware Fake Apps

Fake apps

 

Yes, there really are fake apps out there masquerading as the real deal.

They can be used to implant trojans onto your device that can, for instance, be used to steal banking credentials, spyware and adware.

Last year, two new types of mobile malware were found that planted adware and spyware:

  • LevelDropper – discovered in the Google Play Store it first rooted devices and then went on to install applications on the victim’s device such as adware and malicious spyware.
  • Shedun – masqueraded as legitimate apps such as Facebook, Twitter and WhatsApp and then planted adware

How to spot the fakes

A recent article on Bullguard.com offers some handy tips on how you can spot fake apps:

  • Many fake apps are clones of popular established apps. If in doubt as to the legitimacy of an app you are about to download back pedal a little bit and do a bit of research.

  • Read reviews about the app. If they are short and a bit bland it could well be a scam. Also look out for reviews from users who have been duped; they’ll let you know in no uncertain terms if it’s a scam.

  • However, also keep in mind that an app with few reviews or few downloads might be from a developer who is just starting out.

  • To establish a developer’s legitimacy see if they have a website. If they are genuine they will likely have website  that showcases their apps.

  • You can also check the app details. If it’s genuine it will likely be well designed with lots of clear instructions. If it’s a scam its likely to be poorly designed so much so it could be actually quite jarring.

Here at MPMIT, we recommend you use BullGuard to protect your devices.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

 Source: Bullguard

How Secure Are Your Smart Devices?

Internet of Things

You’ve probably heard of the Internet of Things (IoT) – the network of physical devices, vehicles, buildings and other items that use software, sensors and network connectivity to collect and exchange data. Well, by 2020, it’s estimated that there will be between 20 and 30 billion connected devices on the planet.

Just like your PC, your smart devices need protecting from hackers, which is why we want to tell you about BullGuard’s IoT Scanner.

It’s the world’s first IoT Scanner and you can use it for free. We’ll tell you how in a bit.

What is the IoT Scanner?

It is a web-based application that scans the Shodan website for smart connected devices.

Connected devices whether they are smart TVs, media hubs, thermostats, coffee makers, garage doors, webcams, or baby monitors (there are loads more) often have a web interface through which they are controlled.

Many IoT devices are based on Wi-Fi technology to link them together, as well as connecting them to wireless access points that in turn connect to the web.

Shodan is basically a search engine, but rather than find web pages it identifies devices that are connected to the internet.

That’s all well and good, but what does BullGuard’s free IoT Scanner do?

Well, it will tell you if your smart device (e.g. smart TV) has been detected by Shodan.

If it has, its listing will also show loads of technical information about it, including how it is connected to the internet. That means it could be vulnerable to hackers.

Unfortunately security on IoT devices is poor and setting them up can be complex. But that’s not their only vulnerability; there are others such as an insecure web interface, insufficient user authentication or poor security configuration.

One of the most dangerous vulnerabilities is an open port (a port is the means by which one computer talks to another). Hackers can identify them and use them like an open door to enter your device and take control of it. If it is configured on your network, they could enter it without you knowing about it.

If the BullGuard IoT scanner finds your device on the Shodan search engine it will let you know if you have an open port and therefore vulnerable to hacking so you take the necessary action to protect yourself.

BullGard free IoT Scanner

So far we’ve told you why you need to use it, so now we’ll tell you how.

As already mentioned, BullGuard’s IoT Scanner is free to use and you can find it here. All you have to do is check whether your internet devices appear on Shodan.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

 

 

How to Protect Yourself Against Cryptowall 4.0

Crypto wall 4.0

 

Crytpowall 4.0 is the newest version of Cryptowall ransomware – one of the most destructive computer viruses of all time.

It can be spread by malicious emails. Once on your machine, it scans the entire system to find your personal files, and locks them using an encryption algorithm that’s almost impossible to crack.

Then it leaves ransom notes on several folders informing you what needs to be done in order to recover the encrypted data.

Not very nice.

Prevention is always better and we found this comment on a thread on the Spiceworks.com community forum about the security measures you should take to avoid such attacks.

In no particular order of importance, do ALL of them…

  • Make some real firewall rules – DON’T just leave the default allow-any-outbound rules – ONLY allow traffic outbound on ports that you actually use/need – Example for DCs: 53,80,123,443,3544  Example for End-Users: 80,443,1935,3544
  • CryptoPrevent: https://www.foolishit.com/cryptoprevent-malware-prevention/ or some other Group Policy based software run restrictions – don’t let any executable run from a temp location.
  • An end-user should never be a local admin.  Admit it, you did this once-upon-a-time only cause you were tired/lazy and didn’t take the time to set the permissions right on something.
  • Automatically remove all shares if/when the encryption starts to happen: http://jpelectron.com/sample/Info%20and%20Documents/Stop%20crypto%20badware%20before%20it%20ruins%20… This can also be setup to email you the moment it happens, the filename, and the user who did it.
  • Use an Internet filter to block all the ccTLD’s and IDN’s your company doesn’t really need – also block the known bad/malware domains – better yet also block advertisements (the source of much badware) – we use DNS Redirector: http://dnsredirector.com it’s great and it doesn’t cost a fortune.
  • Prevent access to any URL with an IP in it – only bad guys do links like http://93.184.216.34 – everything else should be a DNS name like http://example.com and therefore a DNS lookup (which is filtered) before getting out to the Internet.
  • User training: re-enforce that users should not click on things that look phishy, are spelled wrong, or they were not expecting – even if the email looks like it’s someone they know.  
  • Implement spam/email message filtering, if your users can’t get to a bad link, then they can’t click on a bad link.
  • Do backups, check that they are actually working.  Make a “compliance game” if someone else (in your IT department) can delete a file (they should make their own backup first) and you can’t restore it – then you owe them lunch.  Shit get’s solved real fast.
  • Try executable whitelisting, the idea being only software you know about can run, I think this is extreme and haven’t resorted to doing it myself.

Another comment provided a 20 Step Security Defence in Depth Strategy:

  1. Two anti-malware email filters (separate services).
  2. Anti-malware at perimeter and at endpoints (separate services).
  3. Firewall at perimeter and endpoints blocking inbound and outbound (separate services).
  4. Content filtering at endpoints and perimeter (separate services).
  5. Geo-IP filtering at perimeter.
  6. End-user security training.
  7. Quarterly phishing tests.
  8. Block malicious attachments (bat, scr, exe, etc).
  9. Require admin review of all ZIP attachments.
  10. Software restriction policy white listing.
  11. Windows shadow copies.
  12. Block-level snapshot’s of shared drives.
  13. Daily backups that are secured from end users.
  14. Offsite replication of critical storage and backups.
  15. Regular patching of apps and operating systems.
  16. Firmware updates of firewalls, storage and servers.
  17. Restricted admin rights.
  18. Restrict RDP and VPN access using AD permissions and IP blocking by valid login attempts.
  19. Strict password policies.
  20. Test, test and re-test.

The most important thing is to always remain vigilant, never open a suspicious email and be wary about the websites you visit.

Hopefully these user tips will prove useful to you. If you have any other tips you’d like to share, please leave a comment below.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Recovering Data From USB Flash Drives and SD Cards

In an earlier blog post, we talked about how you could get lost data back and mentioned a few products that could help you.

Of course, if you’d rather not risk doing it yourself, there are a number of companies you can find with a quick Google search that can do it for you for a small fee (usually starting at around £50).

Unintentional erasing or mistakenly overwriting data are only a couple of ways you could lose data. If you were unfortunate to fall into a swimming pool whilst working on your laptop (it could happen), or accidentally set it on fire, your data could still be retrievable.

Hard drives are pretty resilient and it usually takes a powerful magnet to be completely and irrevocably erased.

In the same way, flash drives can usually be recovered by knowledgeable computer users hence the large number of recovery tools. For data to be truly erased from a flash drive a third party cleaning tool is usually required.

How to protect your flash drive

Here are our top tips:

  • Frequently back up all important data to a service such as BullGuard Backup
  • Don’t use flash drives for frequently updated files. Flash has limitations compared to hard drives
  • Make sure you always remove flash media safely and never unplug the drive while it is reading or writing
  • Keep your flash drive stored in proper conditions and don’t expose it to extreme temperatures, humidity or pressure to keep it functioning longer

So, if you want to keep your data safe, don’t work near a swimming pool, keep away from naked flames and above all, think very carefully before deleting and saving documents.

Opening Attachments in Outlook – Stopping Error Messages

When opening attachments directly in Outlook, have you received an error message?

It probably said something along the lines of needing to check the permissions on the folder in which you want to save it in.

Well that’s a bit of a red herring because the permissions are probably fine, it just means the folder is “full”.

How did it get so full?

Well, when you open an attachment within Outlook it first saves a copy to a subfolder of the Temporary Internet Files folder. Clearing out this folder should solve the problem.

Cleaning out the Outlook Secure Temp folder

Remember, this is IT so it’s not going to be as simple as it sounds.

The subfolder name Outlook creates (when it is first installed) in the Temporary Internet Files folder is random.

For example, in Outlook 2003 and earlier, it starts with OLK and followed by 4 random numbers or letters. In Outlook 2007, 2010 and 2013 it’s called “Content”. Outlook and then has a subfolder identified by 8 random numbers and letters.

As if that wasn’t annoying enough, by default you can’t browse to the folder and clear it out.

However, getting to your Temporary Outlook Folder can be done following these 2 easy steps.

1. Step 1 – Locate the folder

It’s location is stored in the registry in the following key (dependent on which version of Outlook you’re using):

Outlook 97 HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Outlook\Security
Outlook 98 HKEY_CURRENT_USER\Software\Microsoft\Office\8.5\Outlook\Security
Outlook 2000 HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security
Outlook 2002/XP HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security
Outlook 2003 HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security
Outlook 2007 HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security
Outlook 2010 HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
Outlook 2013 HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Security

2. Step 2 – Get access to the folder

These steps will help you gain access to the folder:

  • Open the “OutlookSecureTempFolder” registry key from the location provided in Step 1
  • Copy the path from the key
  • Open Explorer
  • Paste the address in the Address Bar and press Enter

Thank you to Howto-outlook.com for these useful tips.

If you’re struggling, fear not, they’ve created 2 free tools to do the job for you:

OutlookTools offers besides locating, opening and cleaning up the SecureTempFolder also quite a lot of additional features to troubleshoot and tweak Outlook.

OutlookTempCleaner focuses only on dealing with the SecureTempFolder and can also be used in (corporate) login and logoff scripts to clean up the folder without any end-user interaction.

Outlook tool

OutlookTempCleaner can detect and empty Outlook’s Secure Temp folder automatically for you.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

What Do You Do When Your Computer Won’t Turn On?

Windows XP

We’ve all been there.

One day your computer’s working fine and the next it refuses to switch on.

What happened?

Did the techie gremlins sneak in over night and render your computer useless?

Probably not, but there are a number of things that could be preventing your Windows machine to boot up. Here are a couple of possible causes.

1. Nothing happens when you press the power button

In this case there’s almost certainly a problem with power getting to your PC, so the best place to start is your power cord.

Unplug the cord and check it for damage (if you find any replace it). If it looks OK plug everything back in, making sure they’re all firmly in their sockets, and try again. If you still get no joy try plugging something else into that power socket to see if the issue is there. If not, check the surge protector (assuming you have one) to make sure that hasn’t been inadvertently turned off.

If all of that’s OK your last option is to replace the power cord or AC adapter.

2. PC starts but fails before Windows can load

If this happens you need to go into your PC’s set-up programme to make sure your hard drive is recognised and in the boot sequence.

If another issue is causing you a problem it’s best to call in the experts rather than try to figure it out for yourself – you’ll save yourself a lot of time, frustration and, potentially, money.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Have You Got a Dusty Motherboard?

Dusty motherboard

 

 

 

 

 

Are you having trouble with your PC?

Is it refusing to run or reboot even though it’s getting power?

This was a problem presented to use by a client recently. The power input was good, but the PC just refused to come to life.

After removing the cover to the case the problem became clear. The motherboard was dusty.

After blowing out the dust, re-seating the memory and video card, the PC burst into life without a problem.

It’s a simple piece of maintenance, but one that often gets forgotten about. Make sure you add a motherboard check into your regular PC care plan and make sure dust doesn’t mess up your day.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

 

Wireless Printer Troubleshooting

Printer

There’s nothing more annoying than your printer suddenly deciding it doesn’t want to print any more.

Yesterday it worked fine, but now, although nothing has changed, it point blank refuses to play ball.

Before you reach for the phone for your IT support guy, here’s a couple of things you can try.

Reboot

Yes, it’s a hassle, but rebooting your printer could be all that it takes to get it working again.

Print spool

OK, so reboot doesn’t work this time, how about making sure that the “print spooler” service is running (start > run > services.msc > find print spooler in the list)?

Roll back

If you’re still not having any joy, try rolling back the driver.

Wireless

Hmm, OK, this is obviously going to take more digging. How about resetting your wireless connection?

Default

You should also check to make sure your printer is set as the default printer.

Still not working?

OK, it may be something more serious, in which case it’s time to call in the cavalry.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

How to Recover Lost Form Data in Your Browser

How many times has this happened to you?  Lazarus

You write a blog using a browser-based blog tool, hit the wrong key and bam, there goes all your hard work.

Or, you’re completing a form or registration online and your browser crashes – everything you spent the last half hour writing is lost.

Frustrating?

You bet it is.

Thankfully, there is a little tool you can download that saves every keystroke you enter into any web form.

Want to know what it is?

The little fella is called Lazarus. It’s a browser add-on that makes data recovery child’s play. It is available for Chrome, Firefox and Safari. Yes, sorry about that Internet Explorer users.

How Lazarus works

Basically, Lazarus automatically saves every keystroke you make in an online form, blog tool, comment box etc. (you can also add a password if you want added security).

If you lose any information, to bring it back, just look for the Lazarus symbol (shown above) above the box you were just typing in, give it a click. A pop up appears and all you have to do is select the text you want to recover and it reappears – hey presto!

This simple little tool will save you an awful lot of stress and screaming.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Microsoft Support Hoaxers

There is a worrying trend happening. Hoaxers

Recently, we have received several calls from clients about a scam combining elements of scareware, social engineering and outright fraud.

Generally the scam works in a variety of ways, but the end result is always the same: the users are tricked into expensive service contracts after being told over the phone that their computers are on the verge of a meltdown.

They also seem to have specific targets in mind. Everyone we’ve received calls from about this are over 50, so they’re calling older users and trying to dupe them.

One client received a call out of the blue one morning claiming to be from Microsoft. They told the woman they had received security alerts from her computer and that they could remotely access her system to fix it – for a price.

The technique is similar to that of “scareware” fake anti-virus software that saw a huge rise in 2010. But the human element – a real person on the line asking to access your computer – takes the social engineering to another level.

At the end of the day, no legitimate software company will contact you about malicious information they ‘noticed’ on  your computer. So the best advice is to go directly to the manufacturer as most software has built-in support that will lead you directly to the company’s website without having to click on links in dubious emails or search engines (yes, there are dodgy sites that offer instant technical support)

A bit of good old fashioned suspicion will go a long way to saving you money. If it sounds fishy, it probably is. Trust your instincts.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.