Microsoft recently released a number of security bulletins and patches addressing vulnerabilities in Windows and Office that are of high risk to users. It’s widely believed that many will be exploited by hackers within the next 30 days. One of them could potentially allow hackers or malware authors to easily compromise systems by tricking users to download malicious AVI-formatted files. Others require nothing more than just visiting a website. Another specifically targets Powerpoint Viewer 2003, and opening a malicious .ppt file could affect your system.

This latest round of patches and vulnerability updates is really nothing new – although the sheer number made public in one day is notable. This highlights the need for a comprehensive security policy, because vulnerabilities do exist in even the most mundane or old versions of software. Customers under our Managed Services plan can rest easy since we monitor and update their computers as soon as these patches and advisories are released. Find out more about what we do to make your systems safe and secure. Contact us today.

Related links:

• Patch Tuesday: Microsoft plugs critical Windows worm holes (zdnet)
• Researchers warn of likely attacks against Windows, PowerPoint (computerworld)
• Microsoft delivers huge Windows security update (computerworld)

A malicious piece of software making the rounds of news websites this week is believed to be behind the compromise of over 75,000 systems in over 2,500 international organizations – many of which are government agencies and large Fortune 500 companies.

Called the Knebner botnet after the name in the email used to register the initial domain used in the campaign to propagate the malware, the software infects computers and captures user login access to online financial services such as Paypal and online banks, social networking websites such as Facebook, and email. Infected computers can be centrally controlled from a master computer, which presumably harvests the data captured for nefarious means.

The Knebner botnet itself is not new. It’s based on the ZeuS botnet, and has gained prominence lately because it’s slipped under the radar of so many organizations. However, there are ways to prevent compromises from botnets – one of which is to have a proactive security system and policy in place. Our Managed Security customers have this assurance in place since we continuously protect their system from botnets and other malware. If you’re not sure that you’re protected, talk to us today.

Related articles:

• Kneber botnet described as ‘massive’ and ‘worldwide’ (inquisitr.com)
• Kneber attack resurrects notorious Zeus Trojan, say experts (guardian.co.uk)
• Malicious Software Infects Corporate Computers (nytimes.com)

For businesses of all types and size, managing data online is critical to the smooth operation of a website. However, incorporating data collection programs can be time consuming, especially if any of your data is “time bound” – meaning it’s only valid and useful during a specific period of time.

Here’s a solution. FormSpring provides free and paid website data collection services that eliminate the need for additional programming or the purchase of additional software.

If your website includes contact or event registration forms, surveys, and the like, FormSpring provides services ranging from a basic free option to more feature-intensive offerings with custom made forms based on your unique requirements. There’s no long-term registration contract, and you may cancel at any time. FormSpring also offers a 30-day money back guarantee.

It’s worth noting that the data is stored on FormSpring’s servers, so if you have special compliance requirements for privacy or security you might want to check to ensure you remain compliant.

Overall, FormSpring is a very useful website for companies or groups that need a hassle-free way to collect data through their website. Check out their free version of the plan or use the 30-day money back guarantee to explore whether FormSpring meets your data collection needs.

If you suspect that you’ve responded to a phishing scam with personal or financial information or entered this information into a fake Web site, take these steps to minimize any damage.

Read more

Phishing, pronounced “fishing,” is a type of online identity theft that uses e-mail and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information. Follow these guidelines to help protect yourself from phishing scams sent through e-mail.

Read more

The growing reach and power of the internet has changed the way people do business, with more and more web-based services popping up. One of these is SaaS.

SaaS stands for Software as a Service, which refers to any licensed software being “rented” to a company by another company on an as-needed basis.

To illustrate, let’s say Company A is in need of licensed software, but only for a specific period of time because of a one-time client or project. Company B, as the SaaS provider, rents out the use of the software  to Company A for the time Company A needs to use it – weekly, monthly, and so on. (Company B is specially licensed to do this, of course.)

The term became popular near the end of 2000, but the service started in 1998 with a website called siteeasy.com. The concept has become increasingly popular because the legal alternative to rent/outsource the use of the software spares the expense and hassle of procuring software licenses.

As with other outsourced services, the hardware used for SaaS are remotely located and hosted, and accessed through the internet by the subscriber. Virtually all kinds of software can be used through a SaaS service, and availability of the software depends on the subscriber.

There’s vast potential in the use of the internet and web-based services such as SaaS, but the nature of the remote hosting service is not for everyone. If you’d like to learn more about the pros and cons in relation to your business model, we’d be happy to discuss a possible SaaS road map with you.

Most small and medium businesses can’t afford the luxury of a qualified IT administrator, let alone an entire IT department. If you’re in this position, how do you maintain the information technology infrastructure that’s critical to your organization?

One option is Managed Services, in which you outsource this role to an IT expert called a “managed services provider,” which will typically offer on-site or remote network and security monitoring, data backup and technical support.

Because the Managed Services model allow a business to focus on its core competencies, it is increasing in popularity—but sometimes it’s hard to separate the real benefit from the hype.

What’s the value to you?

• Peace of mind. Your managed services provider will monitor your IT infrastructure and prevent or resolve any problems—a sharp diversion from the traditional “fix it when it breaks” model of IT management.

• Simplicity. Your managed services provider will provide many of its services remotely, via the Internet, instead of through on-site visits. This reduces time and cost.

• Constant support. You don’t have to worry about support; your  managed services provider will offer the assistance you need, when you need it.

• Affordability. Managed services providers typically offer several price structures, including a per-month fee—which is much lower than the cost of building an in-house IT support department.

• Accountability. Have you ever tried to resolve an IT problem only to find that one vendor blames it on another who blames it on another? With managed services, you don’t have to go to multiple vendors to figure out why your network is down or you’ve experienced a security breach. You’ll have one point of contact: your managed services provider.

Want to learn more about how Managed Services can give you dependable IT with predictable costs? Give us a call.

In a report by security firm Websense, an alarming rise in the growth of malicious websites was identified in 2009 as compared to 2008 – almost 225 percent. The study also found an increased focus among hackers and spammers on targeting social media sites such as blogs and wikis. Social media or so-called Web 2.0 sites allow user-generated content, which can be a source of vulnerability. Researchers identified that up to 95 percent of user-generated comments to blogs, chat rooms, and message boards are spam or malicious – linking to data stealing sites or to downloads of malicious software. Email also continues to be a target for malicious activity with tens of thousands of Hotmail, Gmail and Yahoo! email accounts hacked and passwords stolen and posted online in 2009, which resulted in a marked increase in the number of spam emails.

For our clients on our Managed Service plans, we work hard to ensure your systems are protected from harmful or malicious activity coming from the Internet. If you’re not under our Managed Service plans perhaps now is a good time to talk – let’s make sure your systems are safe in 2010.

Related articles

• Top search results riddled with malware (v3.co.uk)
• Email phishing attack spreading say experts (telegraph.co.uk)
• Fraudsters Go Phishing For Victims’ Friends (news.sky.com)

Mozilla, the organization behind the popular Firefox browser disclosed that two add-ons available for download on its website were vectors for Trojans that could compromise users’ computers. Add-ons allow users to extend and enhance the capabilities of Firefox beyond the default install. Normally they are scanned for malware before being uploaded onto Mozilla’s website, but apparently two of them managed to slip through Mozilla’s automated scans. The infected add-ons are Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer.

Mozilla has since updated their scanning process, but as part of our ongoing security watch we are vigilant in continuously protecting our customers under our Managed Services program from malware – you can rest easy.

When managing your systems on your own, it’s highly advisable to be vigilant with security and always use antivirus software – even when downloading and using software from legitimate sources. If you have downloaded these Firefox add-ons, uninstalling them does not remove the trojans that they carry, and you’ll need to use antivirus software to remove any malware on their system. Need more information or help? Call us and we will be glad to assist you.

Related links:

• Mozilla Firefox hit by malware add-ons (zdnet)
• Trojan Horse Mozilla Firefox Addons (the firefox extension guru’s blog)
• Mozilla admits Firefox add-ons contained Trojan code (sophos)

With the start of a new year, businesses commonly implement changes and launch new initiatives that have ramifications for your IT environment. Ignore them at your own peril.

Chief among your IT considerations should be a Business Continuity Plan, or BCP, which will allow your business to resume normal operations in the event of a significant data loss or network downtime. Unfortunately, recent studies have found that about half of small and midsize businesses have no BCP. That’s a huge risk; more than half of companies that experience catastrophic data losses go out of business within a couple of years.

And while it’s important to have a plan in the first place, it’s equally important that your BCP is flexible and scalable to adapt as your business undergoes changes.

Software installations, modifications, and updates as well as the addition of new hardware are an important part of business continuity planning. You must ensure your backup, storage, and recovery procedures and systems are kept current with these changes. Improper maintenance and outdated procedures can lead to backup errors that result in costly data losses. Unfortunately, some companies discover these errors too late – when they try to recover the data.

In addition to the IT considerations of a BCP, don’t ignore the human element. Someone, typically your IT staff, has to be in charge of overseeing BCP execution. But it doesn’t end there. Other employees have their roles, too, but do they know what those roles are? Have they been brought up to speed on the importance of backup and recovery, and what they need to do should you experience a catastrophic data loss? Has your business produced and printed a manual for employees to use as a reference?

Let us help you assess your business continuity strategy to make sure it takes all relevant aspects into account and is kept current with your evolving needs. Your business may depend on it.