News

RIVER RUN COMPUTERS ANNOUNCES COMPUTER RECYCLE SERVICES

RIVER RUN COMPUTERS ANNOUNCES COMPUTER RECYCLE SERVICES

Protecting the local environment and helping people with disabilities

 

 GLENDALE, WI – (May 17, 2012) – Due to the success and demand from the local community for electronic equipment donations at River Run Computers’ Electronic Recycling Day held Saturday, April 21^st, River Run Computers, Inc.  (River Run), a Total Network Management Organization, is proud to announce Computer Recycle Services as a standard offering. 

 

River Run collected over 6500 lbs. of electronics! Your donations helped aid in the protection of the local environment with Responsible Recycling and helped IndependenceFirst collect over 100 computers, monitors and printers for people with disabilities.

 

           “We’d like to thank the Milwaukee community for making our inaugural recycling event such a great success,” expressed Paul Riedl, Jr., CEO of River Run Computers.  “Offering recycle services on an on-going basis is the next logical step to support the needs of the community and IndependenceFirst.”

 

 

 

 

 

 

 

River Run will offer Recycle services Monday - Friday during the business hours of 8 a.m. – 5 p.m.  You can request a free pick-up, or drop off your electronic equipment at River Run Computers’ headquarters at 2320 West Camden Road in Glendale. River Run and its partners follow the Department of Defense (DOD) guidelines for data security (5220.22-M). There are two types of data destruction that will be offered: 1) wiping of the hard drive, or 2) destroying the hard drive.  For more information on River Run Electronic Recycle services, please visit http://www.river-run.com/services/recycle-services.

 

About River Run Computers

River Run Computers, Inc. supports a wide variety of clients in Wisconsin, including manufacturers, CPA firms, law firms, auto dealerships, schools, non-profits, municipalities and financial institutions.  Founded in 1993, River Run Computers, Inc. is a full-service Information Technology firm whose mission is to “keep you up and running.”  Their organization is built on the core values of Fun, Integrity, Passion, Precision, Excellence, Responsibility and Direct Communication.  For information on Total Network Management RSVP Program or 24/7 Technical Support Service, contact River Run Computers at 414-228-7474 or email them at info@river-run.com. 

 

###

Hackers Target Lonely Hearts with Valentine's Spam & Phishing Scams

With Valentine's Day around the corner, cyber criminals are ramping up spam, phishing, and other attacks targeting the lovers' holiday

By Tony Bradley | PC World | Published: February 10, 2012

There are only a few days to Valentine's Day. Those of you who are shocked by that revelation are prime targets for Valentine's Day related spam and phishing attacks as hackers hope to catch you with your guard down for this day of romance.

Messages targeting Valentine's Day are expected to quadruple globally in the coming days - in part because cyber criminals are adept at targeting holidays and current events as bait for attacks. An offer for a dozen roses for a few pounds might get some traction any time of the year, but with the clock quickly counting down to Valentine's Day it has much higher odds of duping frantic lovers in search of a last minute gift.

A blog post from McAfee warned: "Many consumers look for a little romance on Valentine's Day, whether it is a thoughtful gift, a romantic getaway, or a heartfelt e-card, but if you're looking for these things online, beware."

McAfee points out a number of types of Valentine's Day themed threats you should be aware of:

Phishing scams
Attackers will send out spam promoting bargains for flowers, romantic dinners, jewelry, or other Valentine's Day gift related themes. Clicking on the offer might take you to a malicious site that could compromise a vulnerable PC, or it could take you to a site that looks legitimate, and asks for your credit card, and other personal information to "complete the order".

Malicious eCards
Any holiday that traditionally involves giving and receiving cards is a prime target for cyber criminals. Everyone loves to receive a personalised greeting card - especially if it seems to be from someone that may be romantically interested.
Seriously, though, what are the odds that someone you don't know decided to send you an ecard for Valentine's Day out of the blue? Right.

Mr (or Mrs) Wrong
Another scam to watch out for are fake profiles on online dating sites. Cyber criminals create online dating profiles designed to be as attractive as possible to lure unsuspecting love seekers. The idea is to make connections, and establish trust as a means to further criminal activity.

McAfee outlines some additional threats to watch out for in its blog post. To steer clear of Valentine's Day cyber threats, follow the basic principles of online common sense. Don't open emails or file attachments, or click on links from people or sources you are not familiar with - and even if you do know the sender, think twice about whether that person would really send you a Valentine's Day email.
Another basic rule is that if it sounds too good to be true, it probably is. Don't fall for unbelievable last minute Valentine's Day gift ideas no matter how desperate you are for a gift.
Protect your wallet, your identity, and your heart by avoiding Valentine's Day cyber scams.

River Run Computers Acquires TechQuility

Expands Total Network Management Services for Regional Customers

 

GLENDALE, WI – February 1, 2012 – River Run Computers, Inc. a full-service IT management firm, has purchased TechQuility, an IT firm from Mequon, Wisconsin, expanding its ability to service small business, improve market share and increase sales channels with a proven team.  The TechQuility acquisition adds engineering resources and improves advanced remote monitoring services for its customers.  Tim Ward, founder and CEO for TechQuility, brings leadership and sales expertise for IT strategic planning, networking management and metric reporting.

                The new group will provide on-site network management to small- and medium-sized businesses that require technology to manage and grow their businesses.  “The River Run acquisition will provide TechQuility clients more in-depth technical resources,” says Tim Ward, CEO TechQuility.  “Help-desk support services, available 24/7, are something our clients will now be able to enjoy,” he adds.
  

                Although the overall marketplace has been flat the past few years, River Run Computers has experienced growth on the IT on-site management services side of its business and continues to invest in business operations.  “Small- and medium-sized businesses need cost-effective, flexible service solutions to keep their networks up and running,” states Paul Riedl, Jr., CEO of River Run Computers.  “Tim Ward and his team from TechQuility bring over 20 years of certified networking experience, and we are excited to add them and their clients to our service organization,” he adds. 

                River Run Computers growth is led by its flagship service Regularly Scheduled Visit (RSVP) Program.  The program provides clients with a multitude of managed IT services and support.  It includes the day-to-day onsite and help desk support that small- and medium-sized businesses require.  All clients receive a custom-designed program resulting in the best management and network maintenance program for them.  The RSVP includes critical maintenance and security review activities, while covering troubleshooting and resolution of user and network issues that occur with daily network use. 

About River Run Computers

                Founded in 1993, River Run Computers, Inc. is a full-service IT firm whose mission is to keep your computer network “up and running.” For more information on 24/7 Technical Support Service, Total Network Management or the RSVP program, contact Eric Torres at 414-228-5618 or etorres@river-run.com.

What The Heck is Google Wallet?

How many of you have more than $50 in your pocket right now? If you’re like me, you rarely ever have cold, hard cash in your pocket. Just about every purchase I make is used with a card. Well, for some of us, that is about to change. Soon you will be able to pay for everything using your smart phone. Wait a minute…what? Want to pay for something? Walk up to the register, have the clerk check you out, and then tap your phone to the front of the register. The register picks up some data on your phone, and the bill is settled. No sliding a card, no pulling out cash, just tap your phone to the register and you’re on your way.

All of this is made possible thanks to technology called Near Field Communication (NFC) and Google Wallet. This week, Google Wallet became available to the public, and provided you're in the right place, you can use it to pay for your goods.

How does Google Wallet work?
Let’s start with the basics. Google Wallet is an Android application. It’s a free download and you can add the details of your credit cards so that it stores all the basics that you need to make payments – your credit card number, expiration date, name and the CCV security code on the back.



Google Wallet works by communicating with the checkout terminal when you go to pay for goods or services. Tap your phone to the register and your phone sends wireless data to the store and your products are paid for. There's no cash involved.

Right now the Google Wallet app is only available for the Sprint Nexus S 4G phone works with a Citi MasterCard credit card. Google has said that it’s looking to support all cards from all suppliers in the future but, until then, you do have another option - the Google Prepaid Card, a virtual credit card that then serves as a source of cash to make your Google Wallet payments.  As an added bonus for early adopters, if you get a Google Prepaid Card before the end of the year, you'll get an extra $10 deposited courtesy of Google.

Also, while MasterCard is the only credit card that will currently work with the system, Visa, Discover, and American Express have come onboard as well recently, meaning that soon everyone's credit cards and check cards should be working with the system.

Who accepts Google Wallet payments?  
Of course, to use Google Wallet you will need to find a place that accepts it as payment. At the moment just over 124,000 merchants are using the MasterCard PayPass NFC terminals currently required for the task. Within that number, you’ll find those who will process the payments as well as supply the full Google Wallet benefits of loyalty points and voucher redemption, and those who are just enabled to take the payments alone. The former are known as Google SingleTap merchants and include the likes of Bloomingdales, Macys, Subway as well as other big names.

If you’d like to find out your nearest PayPass and Google Wallet-ready locations, then you can enter your zip code in the Google Wallet site. The PayPass locator Android app also has a location feature to help you find what you’re looking for. Finally, it’s also worth keeping your eyes open at the check out, Spot the PayPass symbol and you’re in luck. 

How safe is it?
Security and consumer trust are obviously going to be massive issues if Google Wallet is to succeed. As such, Google has done its best to put users at rest by outlining how safe the system is going to be with your money.

Once entered into the app, all your card details are encrypted and stored on a separate chip within your handset known as the Secure Element. The Secure Element apparently can be thought of as a distinct computer capable of running its own programs and storing its own data. It uses storage separate from the normal Android memory and will allow trusted programs to access your information.

On top of all of that, the Google Wallet app also requires users to enter a PIN each time a transaction is made and, just to make sure there’s as little damage potential as possible, each Google Wallet transaction is currently limited to just $100. You can spend more but it requires an activation code being sent to your handset.

Should all else fail, the consumer will find themselves with the same rights and liability as if it were a normal credit card.

What’s next?
Along with the expansion in credit card types, expect to see Google Wallet come to a variety of different platforms and phones quickly. Even though Google is only rolling out things on Sprint's Nexus S 4G, it's just for the initial testing. It won't remain on Sprint alone forever. Current iPhones don't have NFC technology, but it's entirely possible future models might.

There is also the matter of a service known as Google Offers which will be starting up in an area nowhere near you shortly. Google Offers will be for both online and local deals in a rather similar way to which Groupon currently works. The added push is that anything you purchase via Offers will automatically sync with your Google Wallet. Once at the store in question, you’ll be able to present the barcode on your screen for the sale staff to scan or complete the transaction via NFC if they happen to be fitted with a reader.

Where can I get Google Wallet?
Currently Google Wallet is only available on Sprint Nexus S 4G phones through a software update. To get this update and to get started using Google Wallet click here!

Computer Army Being Assembled and Awaiting Orders

The the purpose of this vast computer force is still not clear following August email malware surge

An enormous army of infected computers is being assembled, but it is unclear yet what purpose they will be put to.

Wave after wave of malicious email attachments has been sent out since August, and with average success rates for such mailings, millions of machines could be compromised, says internet security firm Commtouch.

Once infected, the computers can be loaded with additional malware that can perform a range of activities, including spamming, participating in DDoS attacks, stealing bank credentials and compromising email and social-network accounts.
But what this botnet will do remains a mystery. The purpose of this vast computing force is still not clear.

Since a record peak of 25 billion malicious attachments to emails being sent on a single day in mid-August, email-attached malware has peaked five times since, each spike smaller than the one before.

Each peak represents a surge in a particular scam used to dupe victims into opening the attack attachments. The first wave consisted mainly of phony notices from UPS or FedEx that a package has been misrouted. The second, called the Map of Love, is a PDF that purports to be a map of interesting destinations worldwide. The third is a false notice of an altered charge for a hotel room, the blog post says.

User forums indicate that the malware campaigns worked, with many users opening the attachments. While it doesn't have estimates of the number of machines compromised, Commtouch says that such campaigns have linear success, so the more attachments sent, the more opened.

If the purpose of the assembled botnet is to send spam, it hasn't had an impact on overall spam traffic, which has actually been trending a bit downward. However, if the purpose is for something much worse than to simply send spam, we’ll have to just wait and see.

Microsoft Warns of Password-cracking 'Morto' Worm

Various Internet security firms report a new Internet worm is spreading in the wild and taking advantage of weak passwords on Windows systems.

First reported Sunday, the Morto worm or Win32/Morto appears to be an old-school Internet worm, a rarity in recent years when Trojans and bots make up the majority of new malicious samples. Morto displays a mixture of sophistication and directness in its search for server prey.

According to multiple reports, Morto infects Windows workstations and servers, but spreads via the Windows Remote Desktop Protocol (RDP), an element of the Windows Remote Desktop Connection service that allows a Windows PC or server to be controlled remotely.

Once loading itself as a hard-to-detect service within the Windows svchost.exe, the malware opens a Remote Desktop Protocol (RDP) connection on port 3389, it cycles through IP addresses it detects on any subnets and tries to connect using a simple dictionary list of password possibilities.

Some of the passwords on its list include admin, admin123, user, test, *1234, letmein, password, server and 1234567890, according to an entry on Microsoft's Malware Protection Center (MMPC). Once the worm figures out the weak password, it connects to the remote system and copies itself. Several Morto variants have already been identified.

If the worm gets lucky and guesses a correct password on the server, it then copies itself to the victim system and tries to elevate its own process to gain Administrator control before downloading further components.

Microsoft confirmed the existence of the worm in a TechNet blog post Sunday, but it remains unclear which versions of Windows may be vulnerable and the extent to which it is spreading successfully.

In its post, Microsoft also advised the use of strong passwords, which should include 14 characters or more, and have a variety of letters, punctuations, symbols and numbers.

As Microsoft’s researchers point out, Morto needs no software exploit to perform its job, only weak passwords of the sort that plague even well-defended networks full of more devices that can easily be managed by the teams looking after them.

"This particular worm highlights the importance of setting strong system passwords," said Microsoft's Hil Gradascevic. "The ability of attackers to exploit weak passwords shouldn't be underestimated."

It is important to remember that this malware does not exploit a vulnerability, but instead relies on weak passwords. River Run encourages our readers to use strong passwords to help protect their systems. We also encourage users to enforce both strong passwords and regular password changes.

 

'Anonymous' Hackers Threaten to "Destroy" Facebook on November 5th

Members of the notorious hacker group Anonymous have set their sights on taking down Facebook. They have even set a date, November 5th.

The 'hacktivists', infamous for meddling with the American government, launching  cyber-attacks on Sony, News Corp, Amazon, Pay Pal, Master Card, Visa and the Pentagon, among other targets and for their support for WikiLeaks, have announced that they will focus on bringing down the social networking site because of its privacy policy.

The announcement was made in a YouTube video and sites allegations of privacy infringement. Anonymous members accuse Facebook of selling information to government agencies and giving clandestine access to information security firms so they can spy on people from all around the world.

"Everything you do on Facebook stays on Facebook regardless of your 'privacy' settings, and deleting your account is impossible, even if you 'delete' your account, all your personal info stays on Facebook and can be recovered at any time," the statement reads. "Changing the privacy settings to make your Facebook account more "private" is also a delusion. Facebook knows more about you than your family."

The chilling video, a two-minute warning and explanation using a computerized voice, begins: "Attention citizens of the world, your medium of communication you all so dearly adore will be destroyed."

Anonymous, whose members have been known to wear Guy Fawkes masks - copying the film V for Vendetta - when they appear in public, has launched what it calls 'Operation Facebook'. It has pledged to bring down Facebook on November 5 - Bonfire Night - which commemorates the day in 1605 when Guy Fawkes tried to blow up Parliament.

Recently fourteen members of Anonymous have been arrested by FBI agents on charges related to their alleged involvement in the distributed denial of service (DDoS) attacks against online payment processor PayPal late last year. Further arrests and indictments are expected as authorities continue their investigations into other Anonymous attacks.

The Village Voice was actually one of the first to discover the Anonymous statement and brings up a very good point: killing Facebook for the sake of preserving privacy by a group of people who routinely steal private information is awfully ironic. How can the group be so adamant about privacy if they themselves are responsible for the theft of private information?

Anonymous said November 5th  “will go down in history.” It added, “One day you will look back on this and realize what we have done here is right, you will thank the rulers of the internet, we are not harming you but saving you.”

Even though Anonymous has had success in hacking some major websites in the past, it’s questionable that it would be successful against Facebook. It might not have been the smartest idea to give Facebook several months to prepare for an attack. Many believe it will be extremely unlikely Facebook would be brought down, but when you’re talking about a group of hackers with motivation and disdain, you can never be certain.

 

UPDATED:  Video has since been removed by user. Please find the Anonymous Threat video here.   http://www.youtube.com/watch?v=Q6crH8qmyZ8

University of Wisconsin-Milwaukee Servers Hacked

A computer system at the University of Wisconsin-Milwaukee was hacked and bugged with malicious software. According to the Milwaukee Journal Sentinel, malicious code was discovered on a document management database server. The university contacted law enforcement and after a month-long investigation realized that the database on the system contained over 75,000 records that included social security numbers for both students and employees.

Although this breach, which was discovered back on May 25, could have exposed the names and Social Security numbers of some 75,000 students, faculty and staff, UWM officials told the newspaper that the university has no evidence that information was looked at or used.

Nobody is sure how long the malware was running on the server, but it was shut down once the breach was found.  UWM leaders are suggesting someone might have been trying to gain access to the university's computers for a different reason. It is suspected that the software was being used to identify cutting edge research that the school is working on, but that has yet to be confirmed.

"We are a research institution with a significant number of projects under way. It is theorized that this may have been an attempt to look at work being done," Tom Luljak, UWM's vice chancellor for university relations, told the newspaper. He added that the malicious software was installed remotely.

While the forensic investigation states that there is no evidence that the personal information was stolen, the school is still warning students to be vigilant by monitoring their credit history and putting a freeze on their credit report.  It is also interesting to note that although most companies that suffer data breaches end up offering one year of free credit monitoring to the victims, the University of Wisconsin says that since there was no evidence the data was stolen, they will not offer the free service.

It’s also good to know that while students may have had their identity stolen, the database contained no “academic information such as student grades,” so at least the attackers won’t be able to identify whether students passed their criminology courses.

For more information on the security breach, UWM has set up this website.

3 Ways Mobile Devices Become Infected with Malware

Social engineers have been using various dirty tricks to fool people for centuries. Social engineering, the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques, is as old as crime itself and has been used in many ways for decades.

For the past several years online, social engineers have been trying to fool unsuspecting users into clicking on malicious links and giving up sensitive information by pretending to be old friends or trusted authorities on email and social networks.
And now that mobile devices have taken over our lives, social engineering is an attack method of choice to gain access to a person's smartphone or tablet.

Here are three examples of current cons being used by criminals to get inside your mobile device.

Malicious apps that look like legitimate apps

One example is the case of a popular and legitimate application Android users were purchasing that caused a virtual "steam" to appear on the screen of a smartphone. You could move your finger to scrape the virtual steam off, people love this sort of thing, although it served no real purpose.

But a malicious application that looked exactly like the virtual-steam application was created and many were conned into purchasing that one, instead of the authentic application. From a users perspective it is very hard to distinguish between an app that is legitimate with an app that turns out to be malicious.
What users ended up with was an application with unwanted things behind it. In some cases, the malicious application activated an SMS message from the victim's phone that was sent to request premium services and the user was charged. The attacker, meanwhile, would delete any return SMS messages acknowledging the charges so the victims had no idea they were being billed.

The best advice, don't install applications that come from un-trusted sources.
 
Malicious mobile apps that come from ads

In some cases, legitimate applications on a smartphone run bad advertisements. If the user clicked on the ad, they are taken to a web site that tricks the victim into thinking their battery is inefficient. The person is then asked to install an application to optimize the battery consumption, which is instead a malicious application.

Our advice is the same as with PC’s, be leery of any advertisement that is asking you to install an application.

Apps that claim to be for "security"

Another new mobile attack vector is a ZeuS malware variant that actually originates with an infected PC. When a user visits a banking site from an infected computer, they are prompted to download an authentication or security component onto their mobile device in order to complete the login process.

The attackers realize that users are using two-factor authentication. In many cases that second factor is implemented as a one-time password sent to the user's phone by the banking provider. Attackers were thinking: 'How can we get access to those credentials?' Their answer is: 'Attack the user's phone.'
The way this ruse works is once the PC is infected, the person logs onto their bank account and is told to download an application onto their phone in order to receive security messages, such as login credentials. But it is actually a malicious application from the same entity that is controlling the user's PC. Now they have access to not only the user's regular banking logon credentials, but also the second authentication factor sent to the victim via SMS. In many cases, people thought they simply were installing security applications, or in some cases, a security certificate.

Mobile devices, pure and simple, are hand-held computers and should be treated as such. The best way to protect yourself is to be cautious of not only the applications you install, but the links you click on in the web browser. If asked to download a file, application or security certificate, be leery and only download from trusted sources.

Beware: Fake Google + Invitations

Whenever people desperately want something, criminals have always come up with ways to rip people off.  It's a practice as old as time.

The Google+ invite frenzy has prompted some devious spammers to send out fake invitations.  Sophos, a cyber securities firm, first reported this spam.

Gmail users would receive a Google+ invite that looks like the real thing.  Except when you click on the link to the Google+ invite, it leads you to a completely different website, riddled with malware.

This isn't the first time that insane demand for Google products spawned scams.  Back when Gmail membership was an exclusive club and a hot item, spammers sent existing Gmail users a notice that Google had just given them 50 extra invites.

All they have to do is fill out a form with their Gmail password.

Apple, was also used as bait.  Back before the iPad was released, bogus Facebook pages were set up to ask users to be beta testers; they would get the iPad in advance and then keep it for free.

All these Apple fans had to do was provide their personal information and cell phone number.  Their cell phone number was subsequently enrolled in an expensive premium service.

For active Internet users, scams and spams are a fact of life.  Abiding by the following guidelines, however, will lessen the pain.

• Don't respond to sweet offers that you didn't pursue or don't know the origin of, whether it's a Google+ invite or a millionaire trying to give away his fortunes.

• Don't ever give out your personal information to email requests from scammers posing as legitimate entities.  Legitimate entities will never ask you that; the only time they might prompt you for personal information is when you approach them do something.

• Too good to be true offers do not exist. For example, somebody looking to share the wealth of somebody who has no "next of kin"...does not happen in real life. If you're not sure, don't go for it, especially if you have to provide your personal information or grant access to your computer in exchange for it.

The best way to prevent this is to pay attention and be aware of what sites you are visiting and links you are clicking on. When you enter in password, personal, account, or credit card information, double check to make sure you are on a reputable website. Double check the URL and make sure the URL address is what you think it is. Double check the website you are on to make sure there is nothing suspicious so you won’t fall prey to these scams.