InTech Protects Clients from Flame Malware

No doubt many of you have heard of the Flame malware that has targeted systems in Iran, Lebanon, Syria, the Sudan and others.

This malware is so intelligent, not only can it log your keystrokes, but it turns on cameras and microphones connected to PCs and records conversations and actions nearby. It has been described as more powerful than the Stuxnet and Duqu viruses of late.

It is an amazing security threat to any business.

However, InTech customers who subscribe to our OpenDNS service are safe from their network being infected by the Flame virus.

If you want to increase the security of web browsing within your company, contact me today at 724.858.2814 or Leia@intechit.net for a FREE Internet Security Assessment.

I will personally pin-point the holes in your network that can allow hackers and viruses in, as well as checklist to reign in your network and internet security.

Because I can only complete 11 of these this month, I am only offering this until the end of the month (June 30th, 2012).

Call me today to schedule your FREE Internet Security Assessment.

Keeping your network safe & secure,

Leia T Shilobod, IT Princess of Power

DNS Changer Malware – Straight Talk and What to Do

We have been seeing a lot of information floating around the last few days in media outlets and from friends and clients about hundreds of thousands of people suddenly losing internet connectivity in July. Much of the information is dooms-day sounding and finger pointing, so we wanted to give you some straight talk about what this is all about.

Back in November, a group of hackers/malware authors in Estonia were apprehended. They had been infecting computers with malware that would (among other things) redirect you to websites THEY wanted you to visit instead of where you actually wanted to go.

Why? To make money. They made over $14 million from advertising.

Could the malware do other bad things? Yes. And it probably did. Maybe steal information, and at the very least be a big pain in the butt.

How did it do this?

Well, the way the internet gets you to the website you want is by something called DNS (Domain Name Service).

Every website is hosted at some ‘place’ in the world and that ‘place’ is delineated by an IP address. If you want to know what your IP address is, you can find out at www.whatismyip.com.

So when you type in www.AwesomeITGuys.com, DNS translates that name into the numbers (IP address) so that it can point you to the location of my website. Without DNS, you would have to remember a series of numbers (and these numbers may change if where the website is hosted changes), to find a website on the internet .

So DNS makes our lives easier online. It was also the way that the hackers exploited people.

What the malware did (and is currently doing to the infected computers) is re-route you by making your browser use their DNS servers. This is why the malware is known as DNS Changer.

Now comes the element that makes this DIFFERENT from other malware attacks: the government got involved.

In their infinite wisdom (feel the sarcasm), they decided to set up temporary DNS servers so that people could get to where they were trying to go on the internet. If they HAD NOT done this, then the infected PC’s would have immediately lost the ability to browse the internet when the Estonian hacker’s servers were shut down. People would have figured out there was an issue, and their computers would have been cleaned back in November of 2011.

Now people have had infected computers FOR MONTHS with no or little signs that there was a problem.

I’m personally a bit irritated at this course of action. I could go all conspiracy theory on you all, but there is really no point, when really, we need to focus on cleaning up the malware infection.

You can go to the website of the company the government is paying to set up and maintain these servers for additional information (www.dcwg.org) but it is hard to reach because there is so much traffic, so consider this blog your alternative source.

Here is what you do to determine if you are infected with the DNS Changer Malware and what to do if you are infected:

1. Go to: www.dns-ok.us and if you get a RED page, you are certainly infected. If you get a GREEN page, you are PROBABLY not infected with this particular piece of malware. (you could still be infected with a different type of malware)

2. You can manually determine if you are infected by following the these instructions:

a. To check if your Windows 7 machine is infected, first click the “Start” icon.

b. This opens the Windows Menu. Click on the “Search” field at the bottom.

c. Type in cmd, and hit enter.

d. This opens a DOS shell. In the DOS shell, type in the command:

ipconfig /allcompartments /all and hit enter. (Windows users might be used to just typing “ipconfig /all“. This also works, but might not list all the routing compartments if you have a VPN setup in Windows7.)

The output will be very long, since Windows7 by default has support for IPv6. Most likely, you want to look for the IPv4 information under the section entitled “Ethernet adapter…”. Look for the “DNS Servers” line, and write down these numbers. There may be two IP addresses listed there.

e. Are Your DNS Settings OK?

The malicious Rove viruses changed some peoples DNS settings to use computers they operated. Compare your DNS settings with the known malicious Rove DNS settings listed below:

Starting IP	Ending IP	CIDR
85.255.112.0	85.255.127.255	85.255.112.0/20
67.210.0.0	67.210.15.255	67.210.0.0/20
93.188.160.0	93.188.167.255	93.188.160.0/21
77.67.83.0	77.67.83.255	77.67.83.0/24
213.109.64.0	213.109.79.255	213.109.64.0/20
64.28.176.0	64.28.191.255	64.28.176.0/20

IF YOU DETERMINE YOU ARE INFECTED:

Run one of the following tools:

	URL
Kaspersky Labs TDSSKiller	http://support.kaspersky.com/faq/?qid=208283363
Trend Micro Housecall	http://housecall.trendmicro.com
MacScan	http://macscan.securemac.com/
Avira	http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199 Avira’s DNS Repair-Tool

– Then  download, install and UPDATE Malwarebytes at www.Malwarebytes.org (for free) and run it.

– Finally, update your antivirus software and run a full scan.

If you are concerned, please don’t hesitate to call us. If you think you are infected and don’t feel comfortable cleaning the computer yourself, we can help you.

All malware is very bad, not just this one piece or type of malware. The media’s frenzy and the government’s strange involvement does not make this worse than other viruses.

Take ALL malware seriously. Protect yourself by keeping your antivirus up to date, doing all your updates (Windows, Adobe, Java, etc.), make sure your antivirus scans run at least weekly.

Forever Standing Guard Against Malicious Hackers To Keep Your Network Safe,

Leia T Shilobod, IT Princess of Power

We Need Good People!

InTech is actively searching for a new team member!

Do you know someone who fits this description? Pass it on!

Would this be an awesome position for you? Send us your resume!

Read on….

Are you a motivated, client-focused IT problem solver? Do you constantly strive to learn more about networks, software, remote access and servers? Are you resourceful and positive when approaching IT issues?

For the IT guy or gal who answered ‘yes’ to these questions, this is the opportunity for you. We are a small, fast-growing I.T. firm in Greensburg, PA that is in need of a Computer Technician/Network Administrator who can efficiently and effectively solve IT issues, configure equipment, and integrate it into our client’s networks.

We are NOT looking for someone who is unmotivated, needs to be told what to do, and is not interested in learning new ways to do things.

Why Work for Us?

• We keep up on the newest technologies to determine how to integrate them to make our client’s more efficient, effective and agile. We love this field because its constantly changing – and we change with it.
• We believe in constant learning in and we help you work towards Certifications.
• We genuinely CARE about our clients and the results they get. If you enjoy working for a company that actually “gets it” and takes care of their customers AND their employees, you’ll love working here.
• Mediocrity is NOT an option. Those who are true professionals at the top of their game will love working in an environment where high standards are expected. Whiners, complainers and those with an “entitlement” attitude should not apply.

Only detail-oriented resourceful troubleshooters and integrators who have a passion for ‘making things right’ will be considered. Those looking for an easy “9-5” customer service job and slower pace should not apply.

Please ONLY Apply If You Meet The Following Criteria:

• You must have at least 2 years experience (on the job or on your own) administering and troubleshooting XP, Vista, Windows 7, Microsoft Server 2003/2008R2, Microsoft Exchange 2007/2010, VPNs, routers, Active Directory, and managing backups. Experience in SharePoint, Cisco Routers, VLAN-ing, scripting, group policy and Managed Service Software is a plus.
• You must be able to communicate clearly to clients so that they understand the solutions you are recommending and what was wrong with the systems you fixed.
• You must be resourceful and detail oriented. We don’t do ‘sloppy IT.’ You also need to know how to find answers – and when to escalate.
• We are located in Greensburg, PA, but you must be willing to travel to client sites throughout the Western PA area. We do a lot of our work remotely, but there are always times we have to travel to our clients’ sites.

The right candidate can expect a competitive compensation plan depending on skill level, with benefits offered. Future growth of knowledge, skills, duties and compensation is available.

If you have what it takes to fill this role, please submit a resume by e-mail to Leia@intechit.net detailing your previous work history and accomplishments (not just a list of task and job responsibilities, we’d like to hear about problems you’ve solved or networks you’ve set up), as well as a brief, one-page summary explaining why you think you would make an excellent candidate for this position.