Login is only required for web access to tickets.

RSS Feed
Latest Updates
Internet Explorer Zero-Day Exploit – What You Need to Know
Posted by Anthony on 14 November 2014 10:32 PM

By now, most of us have heard of the new zero-day exploit for Internet Explorer that was revealed last week. Beyond the realm of the media, which likes to immediately declare security issues a harbinger of doom and are quick to assign blame to everyone from the software developer to secret government agencies, these type of exploits, as well as bugs and security holes, are generally not a huge cause for concern for the end-user so long as the affected software is patched and the affected machines are promptly updated.

Poor, sad, little foxWhile opinions on browsers tend to lead to heated discussions, an objective review will undeniably reveal that various exploits and other security concerns have been discovered and made public for essentially every browser available. It is virtually impossible to design a foolproof system, and even Firefox, frequently lauded by many as superior to Internet Explorer, tends to frequently fall flat on its face.

What makes the recent Internet Explorer zero day exploit of notable concern in the Internet security industry is the fact that it affects versions of Internet Explorer as far back as version 6, first released in 2001.

The Nature of the Beast

The nature of this particularly Internet Explorer zero day exploit potentially allows for a web site to execute data-thieving code, or silently upload a malicious payload to a client or end-user machine. These aptly named drive-by downloads are already a fairly popular meathod of delivering code to a target machine, and this exploit could allow for an easier and more reliable means of accomplishing the drive-by download. The malicious payload of these drive-by downloads could contain a variety of code ranging from adware and rogue / fake security applications to remote access packages allowing a hacker to take control of or download private data from the affected machine.

For those hackers with no other dreams and aspirations in life, the exploit can also be used as a means of executing a denial-of-service attack. All things considered, a denial-of-service attack seems unlikely in all but cases of the most blunt attacks and would likely simply be seen by the end-user as a buggy web site.

The Measure of the Program

Within the Internet security industry, one of the primary measures of a good software package is how quickly and appropriately the software developer responds to exploits, bugs, and other security concerns. In this respect, Microsoft tends to do fairly well these days (although this has not always been the case) and generally addresses security flaws significantly faster than we’ve seen and expect from other developers such as Apple, an organization that has gained an unfortunate reputation for burying or simply denying security flaws.

There has been some speculation that this exploit comes fast on the heels of the recent Windows XP End of Service and may be an indication of a coming storm front, the first of an anticipated onslaught of exploits and security flaws in the new and exciting realm of a vulnerable operating system. I have even myself been cited in the argument by way of my award winning post: See You, Windows XP.

Out of Band Update

Whatever your stance on the matter, Microsoft has opted to ensure versions of Internet Explorer available to Windows XP are properly patched against this exploit. We view this as a responsible decision on the part of Microsoft, and I personally view it as an exceedingly generous act given the support state of Windows XP.

Taking Action

So you’re using Internet Explorer and are unsure of what to do at this point? Your first task should be to download and install your updates if your machine has not already done so as part of its regularly scheduled maintenance (you DO regularly install updates on your machines, right?). Your best course of action here is to use the Windows Update tool, which will automatically identify the various updates available to Microsoft software including Internet Explorer.

For those not using Internet Explorer, you are certainly not out of the woods by a long shot. This week, we saw an exploit for Internet Explorer. Your browser of choice may see an exploit next week. If you use Flash or Java, these are also popular avenues for hackers. As a point of contention, in its 2014 Annual Security Report, Cisco cited Java as representing 91% of all Indicators of Compromise (IOC).

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Read more »

See You, Windows XP
Posted by Anthony on 24 March 2014 09:40 PM

see you xp

After far more than a decade, the sun is finally setting on Windows XP as we approach its End of Life. It has been a long and exciting ride for the operating system, but this has undeniably been a long time in coming. When you consider the possible financial and logistical expense of maintaining such an old operating system, particularly in an enterprise environment, not to mention the tremendous amount of effort needed on not only the development end but also the support and end-user sides of the equation simply to keep the operating system running well and properly patched against the various exploits that have been discovered over the past 13 years, the decision should, of course, be a no brainer.

At the end of the day, it’s easy to reason that Windows XP was surpassed by numerous new iterations of Windows, and very few machines would be running Windows XP at this point. We’ve seen Windows Vista. Windows 7 came on strong in following Windows Vista, and even if you consider Windows 8 and the later Windows 8.1 dubious successors to the Windows line, there have been numerous avenues for upgrade. Further, those machines that initially came with Windows XP installed are, themselves, rather aged at this point.

The unfortunate reality is that a significant number of machines are indeed still running Windows XP, and like that old car you bought in high school, many of them actually seem quite happy to continue plodding along until they turn to dust. Recent surveys have suggested there are a tremendous number of users, and even quite a few people within the information technology field, who are unaware of the upcoming Windows XP end of life. Of those who are aware of the impending retirement, updates and upgrades frequently seem to be a hot debate. From an anti-malware support standpoint, we have even seen quite a few users who are using older versions of Windows XP that are not patched to the latest Windows XP Service Packs, creating an environment that is significantly easier to infect and harder to clean . When it comes to matters of updates and upgrades, the familiar old adage always rears its ugly head. “If it isn’t broken, don’t fix it.”

In any other situation, that argument can legitimately hold some weight, but a situation such as this when we face a product’s end of life is where that logic quickly falls apart.

The good news is that any user who wishes to continue using Windows XP is free to do so. Windows XP will continue to function. Microsoft is maintaining its activation infrastructure for Windows XP, which will allow for “new” installations of Windows XP. Microsoft is also ensuring existing updates are available for users who may have older.

The bad news is that the very nature of end of life means Microsoft has no intention of continued updates and patches for Windows XP, and this makes continuing to use Windows XP far more costly than people might realize.

The first consideration a user should give to the decision to continue using Windows XP is that an ever growing number of Microsoft and third-party software packages will state they are not officially supported on a Windows XP machine. Basically, if Microsoft is no longer supporting the operating system, quite a few software companies will follow suit, and you will find greater numbers of technical support staff unable and unwilling to assist with software and hardware issues.

From a malware standpoint, there is a larger issue to consider. While Microsoft will no longer support or update Windows XP, hackers and malware engineers will be eagerly looking at Windows XP as a far more appealing target than it ever has been. We’ve historically seen outdated and end of life products meet this disappointing end time and time again.

Over the next few years, Windows XP will become an increasingly dangerous platform. Malware that will run on Windows 7 will likely also run on Windows XP, although while Windows 7 will get the privileges of updates to cover newly discovered exploits and security holes, Windows XP will be left vulnerable.

For those people unsure of whether they are running Windows XP, Microsoft has put together a quick little web site to assist in making the determination and provide further information on the Windows XP end of life. Users intent on sticking with Windows XP will have some work ahead of them, and strict security and good habits will now be more critical than ever. Machines running unpatched versions of Windows XP should be updated with the latest service packs and updates as soon as possible. Your anti-malware software of choice should also continue to be as conscientiously updated as always.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Read more »

Gift Card Balance Scams (And Other Ways To Ruin A Gift)
Posted by Jon on 16 January 2014 11:35 PM

Gift Card Balance Scams (And Other Ways To Ruin A Gift)

Gift cards are a popular item any time during the year, but they’re especially so during the holiday season. Gift cards to Starbucks, Walmart, Olive Garden, and a host of other stores and restaurants make great stocking stuffers and help ease the anxiety for shopping for picky people on our shopping lists.

The only downside to gift cards (assuming you’re not one of those folks who think, as a present to someone, they’re too impersonal) is that the cards themselves are vulnerable to hacking or tampering that can result in a gift card with a zero balance. Cue the sad trombone.

  • Peek-A-Boo, I see you!

    The activation code on the back of a gift card can be seen by anyone in-store unless the card creator takes the time to create a concealed portion of the card. Often times this will result in a small area you have to scratch off with a key or a quarter to see the “secret key code”. If you’re buying a card for someone, check out the back of the card and make sure it has a secret code to help make it harder for thieves to steal the gift cards credit balance.

  • Can I get them digits?

    One inventive way crooks grab valid card numbers is when someone attempts to sell their card. If you ever want to sell a card for cash, don’t let the would-be buyer check the numbers to verify the balance unless you like handing the keys to the gift card kingdom over to them. With those numbers on the back of the card, there’s not much stopping them from using the card even without it physically in their hands.

  • Buy, buy, buy.

    When you purchase a gift card for yourself of someone else, ask the cashier to verify the balance on the card, and then call the help line on the back of the card to double-verify everything’s as it should be. Also keep the receipt in case there’s an issue later on so you can prove you legitimately purchased the card in the first place.

  • Use it or lose it.

    If you receive a gift card as a present, and I’m sure you will, don’t let it sit in your sock drawer for years before you finally remember to use it up. Some gift cards are charged a fee, and taken from the card balance, which will then lessen the amount you can use without the benefit of getting anything fun.

  • One in the hand… or in the email?

    There’s some contention over whether or not buying a gift card digitally is a safe idea or not. Personally I’ve never had an issue, but I know there are people who have. The one nice thing about a digital gift card is that there’s no physical card that someone can swipe the number off of, but then again if someone can tap into the recipients WiFi or email client then the card is as good as gone. It’s a tough call as to which is safer.

Remember this: Gift cards are just like cash. If you drop it, lose it, or give it away (whether on purpose or not), there’s nothing on it to let people know it’s yours. Keep them secret; keep them safe.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Read more »

Cryptolocker and You
Posted by Anthony on 14 November 2013 08:28 PM

Cryptolocker and You - ransom0

In the world of internet security, new versions and variants of malware appear on a daily basis, although relatively few pieces of new malware actually get notable time in the spotlight. Despite all the discussion of worms and backdoors, much of the time, new works of malware these days are designed simply to facilitate browser redirection or the serving of ads to users. Prior to this, false or “rogue” anti-virus programs saw a moment of popularity. If they happened to make their way onto a machine, these rogue anti-virus programs would claim the machine to be infected and offer to kindly cure the non-existent infection for a modest fee. In the end, these programs focused on making a minor nuisance of themselves in the name of ultimately exploiting the user to generate or increase revenue, or direct web traffic to a particular site.

Every now and then, however, something truly worthy of pause surfaces. The big news in the realm of internet security over the past couple of years has been the appearance of "ransomware" software such as Cryptolocker, Cryptowall, and various lesser known variants.  Like many other types of malware, ransomware also aims to generate revenue, but its approach takes a critical diversion from nuisance, opting instead to restrict access to the computer in some way and holding the machine hostage under the demands of a ransom. Until recently, the most successful ransomware usually involved hijacking the desktop, generally under the guise of a law enforcement agency such as the FBI, with the machine left in a state where the user is presented with a demand. In these cases, the machine and its contents are left intact, although the user is unable to use the machine until the infection is removed or the ransom paid.

Removal of these particular forms of ransomware were occasionally time consuming, but once fully removed, the machine was left in the same state it was prior to being infected, negating the need to pay the ransom.

Enter Cryptolocker and Cryptowall

Both Cryptolocker and Cryptowall take what seems to many to be the next obvious step, leaving the machine largely accessible to the user but encrypting their documents. Cryptolocker and Cryptowall are most often distributed via email. Upon installing itself onto the machine, Cryptolocker or Cryptowall begin searching through the enumerated drives looking for various documents to encrypt. Meanwhile, it also calls a randomly selected server on the Internet to register itself and acquire an encryption key, which it uses to encrypt the documents it finds on the machine. While Cryptolocker/Cryptowall does not take the time to look for other machines that may happen to be on the local network and thus generally won’t discover and encrypt files on network shares, it does parse files on logical drive letters. The implication of this is that any network shares a user has mapped and assigned a drive letter to is at very real risk. During this process, the user can expect to see a significant decrease in performance coupled with continuous drive activity.

Only once Cryptolocker/Cryptowall has completed its encryption task does it make itself overtly known, displaying a message describing how to pay the ransom to decrypt the now encrypted and unusable documents. Along with this demand comes a deadline, usually somewhere between 48 and 69 hours in the case of Cryptlocker.  For Cryptowall, the deadline can be a longer period, followed by a doubling of the ransom amount.

Another difference between Cryptolocker and recent versions of Cryptowall is that the latter program will encrypt the file names of your files in addition to the contents, so that they will appear as 27p9k967z.x1nep or 9242on6c.6la9 or the like.

Cryptolocker and You - Cryptolocker0

During this time, if the user chooses to pay the ransom, Cryptolocker/Cryptowall then downloads the private key necessary to decrypt the encrypted files and slowly goes through the list of files it encrypted to restore them to their pre-encryption state.

Cryptolocker and You - Cryptolocker1

If the user opts to not pay the ransom, the deadline issued by Cryptolocker is still of particular interest in this situation as Cryptolocker takes the effort to completely uninstall itself upon expiration of that deadline. On the surface, this may sound like an unusual effort as it means the user need only sit and wait several days, at which time their machine will clean itself. Unfortunately, this is part of Cryptolocker’s last revenge upon the user for not paying the ransom. While Cryptolocker does indeed uninstall itself, it does not take the time to decrypt the user’s encrypted documents on its way out the door. Because of the nature of the encryption used by Cryptolocker, brute force decryption of the user’s documents is not particularly feasible as it is very likely the process would take longer than the user’s lifespan. Attempting to reinstall Cryptolocker is also not a feasible option for the user as Cryptolocker generates a new set of encryption keys at that time, invalidating the previous set.

When it comes to ransomware, Cryptolocker/Cryptowall is fairly unique in this respect as it means once a machine is infected, cleaning the infection can be disastrous to the user as it eliminates the possibility of paying the ransom for the key necessary to decrypt the documents. Once Cryptolocker/Cryptowall has been removed from the machine, the only realistic means of recovering data from the encrypted documents is to restore them from a backup. Unfortunately, recent studies have shown that roughly half of all regular computer users not only don’t routinely back up their data but have, in fact, never created a backup of their data. Those users who do back up their data often do not do so frequently and consistently. To complicate matters even further, a quick and dirty means many people use to create a backup involves simply copying documents to an auxiliary drive. While this is certainly a valid means of backing up data and is far superior to not having a backup, it is important to remember that Cryptolocker/Cryptowall won’t hesitate to encrypt those copies as well if the drive containing them is attached to the infected computer at the time.

Although removal of Cryptolocker/Cryptowall is included with a StopSign subscription, concern the user may not have a backup of their documents has prompted the StopSign Research and Development Team to decide to not incorporate an automated removal of Cryptolocker/Cryptowall into the scanner. While we wholeheartedly feel a user should never have to pay a ransom to regain access to their machine or documents, the decision in this case must ultimately fall upon the user whose data is at risk. This was a hard decision, one rarely taken here, but it is a decision we believe most anti-virus and security companies have also settled upon.

It cannot be stressed enough that removing Cryptolocker/Cryptowall effectively eliminates all data recovery options for the user other than restoring data from a backup and should never be done without the user’s consent.

How to Protect Yourself

Cryptolocker and You - onaccess

When it comes to malware, prevention is critical. Users should always be mindful of suspicious or unexpected emails and instant messages. The StopSign Security Suite provides a powerful on-access scanner component designed to monitor the system in real time. Keeping the operating system and associated software properly updated can also be crucial in maintaining a malware-free environment.

Painless Removal

If you should find yourself facing a Cryptolocker or Cryptowall infection, we would be happy to provide personalized assistance to remove it from your machine. Our technicians are available at 1-800-786-7744 to discuss the matter with you and assist in removal.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

More information:


Read more »

Outbreak Alert – Backdoor.Win32.ZAccess
Posted by Anthony on 21 October 2013 05:56 PM

Outbreak Alerts by StopSign Internet Security let you know when specific malware infections are trending, describe what they do, and provide tips on how to avoid them.

What Backdoor.Win32.ZAccess Does:

  • Downloads Malicious Rogue Anti-Virus Packages
  • Significantly Slows Down the Infected Machine
  • Displays False Error Messages
  • Restricts Access to Various System Functions

How It Infects:

  • Can be distributed by any means, including but not limited to: Email attachments, instant message attachments, infected websites, infected media or document files, peer-to-peer file sharing networks, or even downloaded by other malware;
  • Infection can also be found in hyperlinks to infected websites from email, instant messages, and social networking messages or posts.

How To Avoid Infection:

  • Use extreme caution when you receive a link or attachment from anyone, even those you know;
  • Do not download unknown files or files from unknown sources;
  • If using StopSign Internet Security, be sure the On-Access Scan is installed and enabled;
  • Scan all downloaded files with a malware threat scanner, such as StopSign Internet Security, before executing them;
  • Ensure that all updates are installed from Microsoft Update to help protect against vulnerabilities in the operating system.

Type: Downloader

Technical Name: Trojan.Win32.Medfos.m


  • W32/Zaccess.AP.gen!Eldorado
  • Trojan.DownLoader8.14961
  • Trojan-Dropper.Win32.Sirefef
  • Rootkit.0Access.Gen
  • Trojan.Generic.KDZ.9841

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Read more »