Networking Monitoring News – Jan 2016

By Ron Samson Jr January 1, 2016

CryptoWall 4.0

CryptoWall has caused massive damage and has infected scores of businesses and home user machines. CryptoWall 3.0 has made an estimated US $325 Million this year. The new version is pretending to be a resume inside a zipped e-mail attachment. These resumes, though, were actually JavaScript files that when executed would download an executable, save it to the Windows %Temp% folder, and then execute it. Make sure you have working back-ups and if you have something similar to a Network Appliance make sure you are making use of snapshots to help recover data.

If you are a ContentCatcher:Email customer we have blocked .js (JavaScript) files by default and can block a zip file containing these .js files at the first layer.

DELL

Researchers have found that if a website is configured in a certain way, an attacker can abuse a Dell self-signed certificate that comes installed on your Dell machines to extract a device-identifying code (Service Tag). This code could be useful information for carrying out tech support scams against your users.

The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing them to quickly identify the computer model.

Here is a link to the uninstaller that will remove this certificate.

https://dellupdater.dell.com/Downloads/APP009/eDellRootCertFix.exe