Fake Microsoft Security Alert - KB910721

I just received an email today from Microsoft supposedly, that was for a "Critical Update" for Outlook and Outlook Express. The email referenced a knowledgebase article KB910721. Now at first glance I already had my suspicion about the legitimacy of it because of how it came and looked plus all my systems are patched properly, however I could see how this could fool someone into thinking it was real. It used a email address that appeared to be from Microsoft. It referenced a real KB article from Microsoft. It had a link that looked to go to a Microsoft site. It even talked about products that Microsoft sells, Outlook and Outlook Express. However it really was not from Microsoft at all.

A couple of things that I did that helped me determine that it was fake was, one I looked up the KB article on Microsoft’s site. Even though it was a real KB article and talked about email, it had nothing to do with Outlook or Outlook Express. In addition the date of the KB was not the same at all. I also tested the link in a browser and it went nowhere. Note I did not click on the link in the message as this could have executed a program and infected my system. I simply copied the link into a browser. I also checked Microsoft’s web site for any updates released today, which none were found of course. One thing to keep in mind is that Microsoft will always post an update on their web site before they ever email something to someone. This particular one has been going around.

I have posted a copy of the email here for you to see. Be on the lookout for this type of email as they can lead to your system getting infected with a virus and or the compromise of your data. If you’re ever are not sure about an email you received, ask someone that could help you.

201 Compliant in Massachusetts: Will it move to other States?

Hey Everyone,

I read this article from a vendor from which we sell and install there products which I found to be very interesting. I can't take credit for the information here, but I felt it important enough that I should post it here to inform you about the new law and bring up the question, "Is your state next"? My opinion, without a doubt, is YES!!! It may take some time to pass in your state or some similar version of it, however it will eventually end up being law in every state in some form or another. The next question would be "are you ready for it when it does make it"? and if not you really should be thinking about how and when you will be ready. Please read on and let it sink in.

Are you 201 compliant? New Massachusetts data breach law in 2010

The deadline for businesses to be in compliance with the new data security law in Massachusetts, 201 CMR 17, has been pushed out again so that business can be ready for when it's in place. In case you weren't aware of the new law, you now have a six-month to get ready for it. And you have to be ready for it if you have just one customer that resides in Massachusetts. But even if you don't have customers in Massachusetts, you should keep an eye on this one as there is talk it could lead to tougher laws in other states or at the federal level.

Here's a short FAQ on the new law.

So what makes this law tougher than other state laws?

It's broader in scope and has specific detail about what companies must do to protect consumers’ private data.

What does it consider unprotect personal information?

The Massachusetts law defines unprotected personal information as a resident's first name and last name or first initial and last name in combination with any one or more of the following: 1) Social Security number, 2) driver's license number or state-issued identification card number, or 3) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.

What practices does it say IT has to follow?

The Massachusetts law says companies must:

*Designate at least one employee to manage data security

*Identify all the data that your company collects, and limit the amount of data collected to that which is reasonably necessary to accomplish a business need

*Identify all the internal and external risks to data security

*Encrypt all sensitive data that is sent electronically or stored on laptops or other portable devices (Senate Bill 173 was recently introduced, not yet passed, to remove this mandate and instead does not dictate what technologies should be used to protect data. Bill 173 also introduces guidelines specific to small businesses.)

*Install and regularly update computer firewall and security software

*Create a written Information Security Program (ISP), which details:
*What sensitive data you collect
*Describes controls that limit employee access to sensitive data on a need-to-know basis
*System of individualized passwords or other devices that track who is using computer or paper records
*Training for employees on security procedures, and disciplinary measures for employees who break the rules
*Take reasonable steps to ensure that all third-party service providers with access to the customer records comply with the Massachusetts law
*Audit the system at least annually

With the new law, when do companies have to disclose a breach?

As soon as a company knows that data is missing or a potential breach as occurred. One good point in the law is that it leaves room for delaying breach notification if the police are actively investigating the case and publicity could impede the criminal investigation.

Does this new law supersede federal laws?

No, the Massachusetts law does not apply where federal law is applicable. For example, healthcare providers would follow HIPAA and HITECH acts.

The Commonwealth of Massachusetts has put together checklist to help you determine if you are compliant. If you think that the new Massachusetts law could affect you, please consult an expert in privacy law that can help you determine if you comply and what changes you may need to take.

Dynamic Data and BizTech Line 9

Dynamic Data will again be volunteering and helping support the lines at NBC Channel 9 news in the morning from 5:30AM to 7:30AM on Wednesday June 17th, 2009.

Be sure to look for us on TV, and call in if you have a computer or IT related question or problem. All support and questions answered are free.

Windows 7 Beta and RC End Dates

The end of Windows 7 Beta is August 1, 2009 and it will begin shutting down every two hours starting on July 1, 2009.

The end of Windows 7 RC is June 1, 2010 and it will begin shutting down every two hours starting on March 1, 2010.

Remember if you are running Windows 7 Beta and want to go to Windows 7 RC, you will need to backup your data and do a fresh install of the OS.

Windows 7 RC Available

Today the Release Candidate RC was made available to the public for Windows 7. As with the Beta, the Windows 7 RC Customer Preview Program is a broad public program that offers the RC free to anyone who wants to download it. It will be available at least through June 30, 2009, with no limits on the number of downloads or product keys available.

I suggest if you would like to try it before it comes out, install it on a none production system if possible. If that is not possible, at least have a backup system running a qualified OS within your environment in case you run into any problems.

To get the RC please use one of the following links:
-
Developers
-
IT Pros/Microsoft Partners
-
Tech Enthusiasts/Consumers

IMPORTANT: If you are running Windows 7 Beta you’ll need to back up your data (preferably on an external device) and then do a clean install of the Windows 7 Release Candidate. After installing Windows 7, you will need to reinstall applications and restore your files. If you need help with the installation process, please see the Installation Instructions. If you’re running Windows Vista, you can install Window 7 RC without having to back up and reinstall your programs and data. But to be on the safe side, please do backup your data before you start. Please note: All users of the Windows 7 Release Candidate (including Windows Vista users who have upgraded to the Release Candidate) must do a clean installation of Windows 7 RTM. Please keep this is mind as you consider downloading the Release Candidate as opposed to waiting for the general availability release.

Conficker Worm Update

Update
TrendLabs has discovered a new Conficker variant (detected as WORM_DOWNAD.E). It appears that this may be the activity that was supposed to happen on April 1st. This new variant only affects those PCs that have been previously infected with WORM_DOWNAD.KK. If your customers' Trend Micro products have been patched and they are running the latest engines and pattern files, they are protected from this variant.

To make sure your system is protected, make sure that you have installed all of the security patches for Microsoft Windows operating systems, particularly Patch MS08067. Make sure your system is configured to receive security updates and patches from Microsoft as well as other 3rd party vendors automatically.


Make sure your security software such as Trend Micro, Symantec, or McAfee is up to date.

Make sure you disable the “Drive Auto-run” feature to avoid infections from USB drives.

You should employ secure passwords using a combination of letters, numbers and symbols and frequently change them.

Make sure to take caution when searching online for DOWNAD and Conficker information. There are reports of rogue antivirus packages that are taking advantage of the situation. They will tell you that you are infected and ask you to pay money to download their application, which in many cases turns out to be malware.

What is the Conficker Worm

Many of you may have heard a lot on the news or from a friend about the Conficker Worm that is suppose to make contact with its creator sometime today April 1st AKA April fools day. This is not a new Work at all. It has been around for awhile now. I thought it would be good to post some info about the worm as well as some technical background to help better understand it and what it does. A post by Trend Micro, one of the big manufactures of Anti Virus and Anti Spyware protection software products out on the market, does a great job explaining the worm, so I have posted it here for you reference. Please read below.

Background
The first samples for the Conficker/Kido/DownadUp (detected by Trend Micro as WORM_DOWNAD.A) were discovered in November 2008 with new samples (detected as WORM_DOWNAD.AD and WORM_DOWNAD.KK) arriving in early 2009. DOWNAD exploits a vulnerability in Windows that Microsoft patched (MS08-067) in October.

DOWNAD.AD added the ability to spread through network shares and removable storage devices (e.g. USB drives) using the AutoRun function in Windows.

DOWNAD.KK shuts down security services, blocks infected computers from connecting to security websites, and downloads a Trojan. It also reaches out to other infected computers via peer-to-peer communications services, and includes an algorithm to update infected PCs.

What's the goal of this worm?
It appears that the goal of this worm is to create a large botnet of infected PCs so that its creators may at some point send spam, steal personal information (user IDs, passwords, credit card info, etc.) and direct users to malicious websites used for phishing or downloading additional malware.

What's happening on April 1st?
On April 1st, 2009, the latest variant (WORM_DOWNAD.KK) will begin to modify the way in which it communicates with other infected botnet nodes (PCs, servers), and will also increase the number of machines it attempts to contact in order to infect them. There is no evidence that the worm will do anything beyond modifying its communications methods.

Conficker Worm

As you may have heard on the news, on April 1st of this year a worm that is potentially installed on millions of computers around the world may unleash its payload and wreak havoc on all those computers that already have the worm sitting on their system. The Worm is called Conficker.

In order to insure that you are as protected as possible it is important to make sure that you have all the latest security patches installed on your system from Microsoft. The one in particular that addresses this worm is the MS Security Bulletin MS08-067 found at http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx. You should also make sure that your PC has an active Anti Virus/Anti Spyware program that is getting updated daily with real time protection enabled.

Many PC owners have the miss conception that there system is protected just because they have some sort of Anti Virus program installed on their system. It is critical that the Anti Virus program be active with the most current Virus Definitions installed. It is also important that real time protection is enabled. The Real time protection helps prevent virus outbreaks on a PC and or network. With Real Time protection turned off, a virus or worm could do its damage long before the Anti Virus product ever catches it to be removed.

To help determine if you have Conficker Worm try to access a well known security software site like Symantec, Trend Micro, McAfee, or Microsoft. If you have any problems getting to these types of sites it is very possible that you have the Conficker Worm installed on to your PC.

If you are one of our DynamicCare Silver, Gold, or Platinum clients, rest assure your systems are already up to date and protected. If you are not and you feel your system is infected or just need help to insure that your system is protected, feel free to contact us for assistance. Our service support team will be happy to help you.

Due to the uncertainty about this worm, Dynamic Data Technology Group will be supporting a special KUSA Channel 9 News Biz Tech 9 Line on April 1st from 5:30AM to 7:30AM to help field support calls.

BizTech Line 9

Dynamic Data Technology Group gives back to small business in the Denver area.

Principal Engineer Eric Mosher along with other IT support vendors in the Denver area volunteered there time to provide free technical support and consulting to viewers and business owners of Channel 9 KUSA morning news.

I must say it was a lot of fun to do, and it felt great to give back to the small business community as well as the average day Joe or Jane that needed help. I know it is a tough market out their and IT support can be expensive. The way the economy is currently, everyone can use a little help. Who knows maybe we were able to help a business owner on an issue or project that they may have been afraid to do anything about because they didn't really know what to do, or what it would cost to find out. If we were able to help them move forward on the issue or project, then that is great, and we accomplished our mission.

Response Point SP2 Release

Microsoft Response Point SP2 is now available. This is free upgrade available from Microsoft.

The SP2 release offers significant system enhancements such as improved communication options supporting intercom/paging capabilities, and increased deployment flexibility via new support for VPN, multi-subnets and additional trunk devices.

Each Response Point hardware platform may have additional firmware updates that should be deployed in conjunction with SP2. Please contact Dynamic Data Technology Group to make sure your Response Point upgrade goes smoothly and avoid phone system outtages.