Thursday, September 19, 2013

Cryptolocker - RansomWare Threat

A computer virus is a software program designed to destroy or steal data. They are often a nuisance,usually designed with malicious purpose, either to disrupt activity, steal information or some other type of financial gain. Viruses have been known to wipe systems out, destroy hardware, or fill a hard drive up with junk applications.

There always exists a motive for the virus's author.Viruses can be used for marketing, theft or political statements. They can bring down home PCs or large corporate networks. Viruses exist under many forms, such as boot sector viruses or browser hijackers to name two. In some cases, a virus will infect a system for the purpose of delivering a "payload", which is other malware with a different purpose.

About two years ago, a new virus called "MoneyPak" came online. When a PC became infected, a phony message was displayed saying the FBI will seize the machine unless a $300 moneypak card was purchased from CVS or Walgreens. From a technical perspective, this was a simple annoying virus that was easy to remove. Gullible users would buy the card and pay the fee, most simply sought out technical help to have the virus removed.


Ransomeware is a computer virus that infects a system and limits access until the owner of the comptuer pays the creator of the virus to have it removed. The Moneypak virus is one such example.

Recently, a new variant of Ransomware (in this case crypto malware) has emerged called Cryptolocker. Crypto Malware infects a computer with a program that takes control of the system and connects to a control server to obtain an encryption key and apply it to specific files on a computer.  Cryptolocker utilizes a 256 bit Advanced Encryption Standard (AES) key. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. Although the original server handing out encryption keys has been taken down, the virus is still being spread

Current forms of the virus go after typical productivity files such as Microsoft Word, Excel, WordPerfect files, Access databases, photos and other multimedia files. Essentially, files you use everyday. Once the files are encrypted, the only way to read those files is through the key.The virus gives the end users options for obtaining a key, usually by paying a $300 un-lock fee. 

At present, paying the $300 ransom is the only way to have your files unlocked.

How the Virus is Spread

To date, the virus is sent to host computers through "social engineering", which typically has been email. Phony emails  typically appear to be from FedEx notifying the reader that a package is waiting for them, and to click a link for more information.


The best methods to avert falling victim to these scams are:
1. End user education - stay informed on computer malware threats
2. Solid e-mail spam filtering

Public e-mail services through Microsoft (Hotmail, or Google (Gmail) are generally good at eliminating these threats through behavior tracking technology. Private domain based mail accounts ( generally don't have aggressive enough spam filtration that will eliminate the majority of these threats. If you would like to improve  your current spam filtration solution or have the current system evaluated, please contact us to discuss in detail.

If you have a private domain based mail account, contact us for information on our email spam filtration service and antivirus protection software. Coverage for your PC and email starts at just $2.99/month.

(215) 634-2997

Tuesday, September 10, 2013

HP to be dropped from Dow Jones Industrial Average September 20th

In a sign that the computer manufacturer continues to struggle, Dow Jones has announced that HP will be dropped from its list of major US manufacturers, namely due to underperforming stock.

Over the years, HP has struggled to gain a higher share of the computer manufacturing market and branch out from manufacturing printers. In 2001, HP merged with Compaq to acquire a larger share of the PC and camera market. At the time, HP founder Walter Hewlett was reluctant on the merger as he saw then that PCs were a marginally profitable product.

Today, the PC division of HP has the lowest margin of their manufacturing line.

Read more.

Friday, September 6, 2013

Electronic communications rejected by court due to lack of authentication

This may seem like a no-brainer, but authentication of electronic evidence is crucial when presented as evidence.

In 2011, a Maryland appellate court overturned a decision involving a murder trial because the prosecution failed to present any authentication that a message from a MySpace account actually came from the account they claimed it did (see: Antoine Levar GRIFFIN v. STATE of Maryland No. 74, Sept. Term, 2010). (Read more about the Griffin case)

Proper handling, analysis and authentication of electronic evidence is crucial in any form of litigation, otherwise the evidence will be tossed as hearsay.

Our SMS Witness service, which covers text messages, instant messages and Facebook data, provides parties with the proper handling, analysis and presentation of this evidence, so that it can be properly entered into evidence in civil or criminal matters.

SMS Witness entails live collection of data, special chain of custody documentation, data analysis and verification, hash code generation (to prove the file is unique), and presentation of text messages, instant messaging or Facebook messaging in a transcript format.

Sample SMS Text message transcripts:

Don't risk your entire case using a free or low dollar third party app to print out your messages. A single text message could swing a decision, even in a minor case, IF you present it properly.

Call 215-634-2997 for more information, or