Barracuda's blacklist - keep out

Barracuda Spam Firewall is a popular spam filtering software. One of the ways it figures out whether an email is Spam or not is through the use of its "Intent Engine". The "Intent Engine" is a human run and maintained blacklist which is turned "On" by default with each new Barracuda installation.
To get blacklisted inside the "Intent Engine" you must first have had a complaint submitted to Barracuda by one of its customers. By default Barracuda assumes all mail is good mail, until that initial complaint is filed. Once a complaint is filed, a person will look at your email for three attributes to determine if it belongs on the blacklist.

1. "To:" line cannot be obfuscated. Anyone who uses blind carbon copy line (BCC line) to load up a list of recipients would fail this test.
2. The email must let the recipient know how they got on the email list inside the body of the message.
3. There must be a one-click unsubscribe link.

If the email fails in any of these areas, then the person analyzing the email will add URLs that are linked to in the email to the blacklist which means that future emails sent by that sender could be blocked. Once your URL gets on the blacklist, any Barracuda customer who has the "Intent Engine" turned on will likely not receive your messages.

We encourage our customers to add a quick one-line explanation to the body of their messages that explain how and where permission was gained from the customer to be on your list. This line can be in the header or the footer of the message. Not only would this help with deliverability, but it would also help make transparent your relationship with the end recipient which is always a good thing.

source: Campaigner
read more: Barracuda Lookup

Barracuda's blacklist - keep out

Barracuda Spam Firewall is a popular spam filtering software. One of the ways it figures out whether an email is Spam or not is through the use of its "Intent Engine". The "Intent Engine" is a human run and maintained blacklist which is turned "On" by default with each new Barracuda installation.
To get blacklisted inside the "Intent Engine" you must first have had a complaint submitted to Barracuda by one of its customers. By default Barracuda assumes all mail is good mail, until that initial complaint is filed. Once a complaint is filed, a person will look at your email for three attributes to determine if it belongs on the blacklist.

1. "To:" line cannot be obfuscated. Anyone who uses blind carbon copy line (BCC line) to load up a list of recipients would fail this test.
2. The email must let the recipient know how they got on the email list inside the body of the message.
3. There must be a one-click unsubscribe link.

If the email fails in any of these areas, then the person analyzing the email will add URLs that are linked to in the email to the blacklist which means that future emails sent by that sender could be blocked. Once your URL gets on the blacklist, any Barracuda customer who has the "Intent Engine" turned on will likely not receive your messages.

We encourage our customers to add a quick one-line explanation to the body of their messages that explain how and where permission was gained from the customer to be on your list. This line can be in the header or the footer of the message. Not only would this help with deliverability, but it would also help make transparent your relationship with the end recipient which is always a good thing.

source: Campaigner
read more: Barracuda Lookup

Barracuda's blacklist - keep out

Barracuda Spam Firewall is a popular spam filtering software. One of the ways it figures out whether an email is Spam or not is through the use of its "Intent Engine". The "Intent Engine" is a human run and maintained blacklist which is turned "On" by default with each new Barracuda installation.
To get blacklisted inside the "Intent Engine" you must first have had a complaint submitted to Barracuda by one of its customers. By default Barracuda assumes all mail is good mail, until that initial complaint is filed. Once a complaint is filed, a person will look at your email for three attributes to determine if it belongs on the blacklist.

1. "To:" line cannot be obfuscated. Anyone who uses blind carbon copy line (BCC line) to load up a list of recipients would fail this test.
2. The email must let the recipient know how they got on the email list inside the body of the message.
3. There must be a one-click unsubscribe link.

If the email fails in any of these areas, then the person analyzing the email will add URLs that are linked to in the email to the blacklist which means that future emails sent by that sender could be blocked. Once your URL gets on the blacklist, any Barracuda customer who has the "Intent Engine" turned on will likely not receive your messages.

We encourage our customers to add a quick one-line explanation to the body of their messages that explain how and where permission was gained from the customer to be on your list. This line can be in the header or the footer of the message. Not only would this help with deliverability, but it would also help make transparent your relationship with the end recipient which is always a good thing.

source: Campaigner
read more: Barracuda Lookup

Ammyy Admin Website Compromised

The website of the Ammyy Admin remote desktop management tool has been compromised to spread malware for the God-knows-what time in the past year.

Softpedia detected that something was wrong after we started receiving worrisome comments from readers on two articles detailing past infections of the Ammyy Admin website.

 Ammyy Admin website compromised for at least two days

The contaminated Ammyy Admin file MalwareHunterTeam managed to obtain had been uploaded on VirusTotal 20 times by 19 different people, between 2016-09-14 07:47:04 and 2016-09-15 06:50:39.

Some users have the habit of double-checking downloaded files by scanning them using VirusTotal. The period above is most likely the interval during which the website had been compromised, and some of its users had scanned the file.

A hybrid analysis of the file reveals a binary called "encrypted.exe" packed with the original AA_v3.exe, the legitimate installer. Every user running the installer would also run this file, which installs the Cerber ransomware.

Ammyy Admin website serving latest version of the Cerber ransomware

Cerber, which appeared at the start of the year, had several major branches, some of which were cracked and security researchers created a free decrypter to help victims recover their files.

The version distributed via the Ammyy Admin installer packs the latest v3 version that locks files via the .cerber3 extension. This version is uncrackable, at the time of writing.

Cerber 3 ransom note

MalwareHunterTeam also said that he didn't inform the website admin of the compromise and that it stopped on its own. Either the crooks realized they were exposed or they're just preparing another version of the Ammyy installer that would spread other types of malware.

Ammyy Admin website has spread at least six other types of malware

In the past, both ESET and Kaspersky have put out reports about how the site was used to spread all sorts of malware, such as the Ranbyus, Lurk and Buhtrap banking trojans, the CoreBot and Fareit infostealers, and the NetWire RAT.

ESET reported that the Ammyy Admin website spread malware in October and November 2015, while Kaspersky reported numerous similar incidents that took place between February to July 2016.

Softpedia has reached out to Ammyy Admin's team for additional comments. At the time of writing, even if Ammyy Admin downloads are clean, we can't vouch that they'll stay this way, taking into account the website's track record.

Read more: Softpedia,Google search

Keep your DATA PRIVATE - Encfs Manager in Ubuntu, Windows or Mac

Features of EncFSMP:

• Mounts EncFS folders on Windows and OS X

• Can create, edit, export and change the password of EncFS folders

• Is 100% compatible with EncFS 1.7.4 on Linux

• Completely free, no nags, no additional downloads like toolbars etc.

With EncFS MP, you can store your data in an encrypted folder (works for usb memory sticks as well). This is especially important if you store your sensitive data in a cloud service like Dropbox or Google Drive.Since EncFS exists on many platforms, you can access your data from a Windows PC, from an Apple computer, from Linux (using the built-in EncFS), or even from an Android device (using Cryptonite).Although EncFSMP is an open source project and its source code is released under the MIT license, it contains a closed-source component. The file system component that allows EncFSMP volumes to be mounted is called Pismo File Mount and is developed by Pismo Technic Inc.. Other than that, EncFSMP is 100% open source.

Windows or Mac

Download the (open source) software from Encfs official site

Ubuntu Linux

To add the official GNOME Encfs Manager PPA and install the application in Ubuntu, use the following commands in terminal:

sudo add-apt-repository ppa:gencfsm/ppasudo apt-get updatesudo apt-get install gnome-encfs-manager

You Can Still Get Windows 10 for Free

The free Windows 10 upgrade offer may technically be over, but it isn’t 100% gone. Microsoft still provides a free Windows 10 upgrade to anyone who checks a box saying they use assistive technologies on their computer. This offer will end at some point, but Microsoft hasn’t announced when.

Microsoft has announced that it wants people who use assistive technologies to be able to upgrade to use the new accessibility features in Windows 10’s Anniversary Update.

This free upgrade works just like Windows 10’s previous upgrade offer. In fact, it seems to be the exact same upgrade tool. Upgrading gives your PC a “digital license” (formerly a “digital entitlement”) that allows you to install and use Windows 10 on that PC, even after the free upgrade offer ends for new upgraders.

How to Upgrade to Windows 10 from the Accessibility Page

The free upgrade offer is simple. To get Windows 10, you’ll just have to visit the “Windows 10 free upgrade for customers who use assistive technologies” page and download the upgrade tool. Like the previous free upgrade offer, this only works if your computer is currently running Windows 7 or Windows 8.1. (If you’re using Windows 8, you can get a free upgrade to Windows 8.1 and then upgrade to Windows 10.)

Once the upgrade is complete, your PC will be running Windows 10 and will have a “digital license” that lets you reinstall Windows 10 at any point in the future.

This probably won’t last forever. However, Microsoft says it will issue a public announcement before the upgrade offer ends.

source and more information: howtogeek.com

Business Email Compromise - Protect yourself and your company

Business Email Compromise (BEC) scams, also known as “whaling’ or “CEO fraud”, involve crafted emails sent to recipients by fraudsters pretending to be senior executives. These emails leverage social engineering and urgent requests to get employees to carry out large wire transfers or send over sensitive information such as W2 forms.

BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices.

BEC emails are typically characterized by:

Impersonation of a high-level executive of your companyEmail domains similar to yours (Typosquatting)Prominent use of freeweb mail service providers (Gmail, Yahoo etc.)Emails that do not contain URLs, phone numbers, or attachments

CHARACTERISTICS OF BEC COMPLAINTS

• Businesses and associated personnel using open source e-mail accounts are predominantly targeted.

• Individuals responsible for handling wire transfers within a specific business are targeted.

• Spoofed e-mails very closely mimic a legitimate e-mail request.

• Hacked e-mails often occur with a personal e-mail account.

• Fraudulent e-mail requests for a wire transfer are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request.

• The phrases “code to admin expenses” or “urgent wire transfer” were reported by victims in some of the fraudulent e-mail requests.

• The amount of the fraudulent wire transfer request is business-specific; therefore, dollar amounts requested are similar to normal business transaction amounts so as to not raise doubt.

• Fraudulent e-mails received have coincided with business travel dates for executives whose e-mails were spoofed.

• Victims report that IP addresses frequently trace back to free domain registrars.

self protection strategies 

• Avoid free web-based e-mail accounts: Establish a company domain name and use it to establish company e-mail accounts in lieu of free, web-based accounts.

• Be careful what is posted to social media and company websites, especially job duties/descriptions, hierarchal information, and out of office details.

• Be suspicious of requests for secrecy or pressure to take action quickly.

• Consider additional IT and financial security procedures, including the implementation of a 2-step verification process.

• Establish other communication channels, such as telephone calls, to verify significant transactions. Arrange this second-factor authentication early in the relationship and outside the e-mail environment to avoid interception by a hacker.

• Digital Signatures: Both entities on each side of a transaction should utilize digital signatures. This will not work with web-based e-mail accounts. Additionally, some countries ban or limit the use of encryption.

• Delete Spam: Immediately report and delete unsolicited e-mail (spam) from unknown parties. DO NOT open spam e-mail, click on links in the e-mail, or open attachments. These often contain malware that will give subjects access to your computer system.

• Forward vs. Reply: Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the intended recipient’s correct e-mail address is used.

• Consider implementing Two Factor Authentication (TFA) for corporate e-mail accounts. TFA mitigates the threat of a subject gaining access to an employee’s e-mail account through a compromised password by requiring two pieces of information to login: something you know (a password) and something you have (such as a dynamic PIN or code).

The victims of the BEC scam range from small businesses to large corporations. The victims continue to deal in a wide variety of goods and services, indicating a specific sector does not seem to be targeted.

It is largely unknown how victims are selected; however, the subjects monitor and study their selected victims using social engineering techniques prior to initiating the BEC scam. The subjects are able to accurately identify the individuals and protocols necessary to perform wire transfers within a specific business environment. Victims may also first receive “phishing” e-mails requesting additional details regarding the business or individual being targeted (name, travel dates, etc.).

source and further information: Internet Crime and Compliance Center (IC3)