SMX Service Status


SMX Servers Status:

No current issues

Last updated 12/09/2016 11:26

 

Additional information:

Crysis ransomware warning

Please watch out for remote desktop protocol (RDP) attacks which have spread via trojan attacks and links to websites. For more information see https://securitybrief.co.nz/story/trend-micro-warns-nz-australian-firms-about-crysis-ransomware/

There has been reports of Xero phishing emails and involve ransomware that can encrypt files on the host device.

Please do not click on the link contained in the email as it prompts the user to download a dangerous malware. Once the downloaded file is executed, the victims machine will be encrypted.

 

------------------------------------------------------------------------------------------------------------------------

We have been advised of new threats coming in the form of LNK file (Microsoft Shell Link Binary File Format), which contains information that can be used to access another data object. It is commonly known as “shortcuts” that users use as a quick way of opening popular apps or often-used files.

Don’t be tricked into opening a shortcut file from an untrusted source, falsely assuming the LNK must be harmless because it can only point to items already on your system. Reports from our vendors advised that cybercrooks exploit this by invoking a command prompt (using cmd.exe) that creates a JavaScript file and then runs it.

SMX recommend Windows users to set up their computers to show file extensions. An extension is an integral part of the filename, and affects how Windows treats the file. Suppressing extensions may look a bit neater, but it needlessly hides information that might otherwise give users early warning of a security trick.

For SMX SmartRules customers who use the SMX-maintained System Rules, please note that the LNK file type has been added to the Executable File detection list.

------------------------------------------------------------------------------------------------------------------------

We are getting reports about the latest virus outbreak overnight and this morning with emails containing Macro-enabled Word file (.docm) impersonating the recipient address as the sender. Please be aware when opening up any attachments. Eg:

From: user@domain.com

Subject: Documents from work

To: user@domain.com

 

If you are a SmartRules customer utilising our 'block executable attachments' rule, we'd like to inform you of a change we made yesterday, Tuesday 19 July 2016, affecting this rule.


Over the previous few days, SMX has noticed an elevated level of false negative malware submissions from customers that had received an email containing a macro-enabled Microsoft (MS) Word document with the filename extension .docm (DOT DOCM).


As a result of the increased level of submissions, SMX has updated the system list that your 'block executable attachments' SmartRule refers to. This means that effective from midday yesterday SMX will reject emails that contain a .docm attachment. For most customers this shouldn't be a problem, however if you do have a need to receive these file types the SMX support team can add an exception to this rule on your behalf.

 

We are seeing an increase in spear phishing emails. Eg:

Hi first name,

Are you at work at the moment? Kindly send me a quick reply when you get this.

Kind Regards,

first name last name

Sent from my iPhone

which has not come from the actual sender. Please keep a watch out for these.        

.PDF attachments prompting people to enter their password

Eg:

PDF password & file permissions
View Document

 

We are getting reports about the latest virus outbreak overnight and this morning with emails with the Subject of recent bill and payment confirmation. Those emails contain a .js attachment contained within a .zip/.rar file. Please be cautious and not open/run the attachment.

Eg:

Subject: recent bill
From: ColonRhoda0297@terraristikshop.net
Date: Thu, 30 Jun 2016 02:31:46 +1300
To: user@company.com

 

If you are interested in the current spam trends in New Zealand, please visit the link below.

http://www.dia.govt.nz/diawebsite.nsf/wpg_URL/Services-Anti-Spam-Email-Scams

Last updated 12/08/2016 09:23