Email

Examples of Phishing emails that could contain Ransomware

The FS-ISAC, or the Financial Services Information Sharing and Analysis Center, is the global financial industry’s go to resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC is unique in that it was created by and for members and operates as a member-owned non profit entity.

Here are some examples of phishing emails that member banks have received over the past few days.  I’m sending them to you to familiarize you with the types of emails that you might receive.  If you DO receive any emails that appear suspicious, PLEASE notify the helpdesk, or Bill or myself.  Thank you.

YOU HAVE A PACKAGE WITH DHL  – DHL / Adobe Themed Phishing Email

An FS-ISAC member reported receiving a phishing e-mail purporting to be from DHL with the subject “YOU HAVE A PACKAGE WITH DHL”, containing a .pdf file attachment with an embedded URL that leads to an Adobe Online-themed credential harvesting site.

Important Account Notification – Capital One-Themed Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail purporting to be from Capital One with subject “Important Account Notification”, containing an embedded URL.

Closing Settlement Disclosure – Google Docs-Themed Phishing Email

An FS-ISAC member reported receiving a phishing e-mail with the subject “Helmsmortgage spreedsheet”, containing a .pdf file attachment with an embedded URL that leads to a Google Docs-themed credential harvesting site.

Electronic Shipping Documents Now Ready – NanoCore-RAT Phishing Email

An FS-ISAC member reported receiving a phishing e-mail with the subject “Electronic Shipping Documents Now Ready”, containing a malicious .ace file attachment that leads to Nanocore – Remote Access Trojan.

Inv <#####>  – Ursnif Phishing Emails

An FS-ISAC member reported receiving phishing e-mails with subject lines in the following format: “Inv <#####>”, containing a malicious .docx file attachment that leads to Ursnif malware.

Your Email Will Be Blocked. – Webmail-themed Phishing E-mail

An FS-ISAC member reported receiving phishing e-mails with the subject line “Your Email Will Be Blocked.”, containing an embedded URL that leads to a Webmail-themed credential harvesting site.

the exorcists list – Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail with the subject “the exorcists list” containing a suspicious .doc file attachement and URLs.

Re:invoice – Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail with the subject “Re:invoice”, containing a malicious .ace file attachment that leads to a Trojan.

Total messages: 23 – Phishing E-mail

An FS-ISAC member reported observing a phishing email with the subject “Total messages: 23” containing a malicious URL.

MyFax message from “<COMPANY NAME>” – 4 page(s), Caller-ID: 1-516-799-6300″ – Adwind – RAT Phishing E-mail

FS-ISAC members reported receiving phishing e-mails with the subject “MyFax message from “<COMPANY NAME>” – 4 page(s), Caller-ID: 1-516-799-6300″ containing a malicious .zip file attachment that leads to the Adwind – Remote Access Trojan.

Complaint Letter  – AutoIT Wrapped-Trojan Phishing Email

An FS-ISAC member received a phishing e-mail with the subject “Complaint Letter”, containing a malicious .zip file attachment that leads to AutoIT Wrapped – Trojan.

How to configure an internal relay connector for Exchange 2013

Go to the webpage of the exchange management page (https://exchangeserver/ecp)
Go to the Mail flow > Receive Connectors > + for add a new connector.

exchrelay1

Enter a name for the connector. If you want to relay outside your organization than you need to select Frontend Transport role instead of the Hub Transport role.

exchrelay2

Leave the setting below unchanged.

exchrelay3

Remove the IP address which are shown in the picture below.

exchrelay4

You get an error that the field is required. (click on the + to add a new range)exchrelay5

Enter a single IP address or a local LAN address which is allowed to email via the exchange server.

 

 

 

exchrelay6

The remote network settings will show the list like below.exchrelay7

When clicked on finished. You have to edit the relay connector and go to security tab.
Select the option “Anonymous users”.exchrelay8

Click on Save..

Now you have to open a powershell CLI of exchange on the exchange server ( with administrative rights ).

Get-ReceiveConnector “Receive Connector Name” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

 

Exchange 2013 mailbox move stuck at StatusDetail FailedOther

You have to remove the current move request and resubmit:

Remove-MoveRequest -Identity userID

New-MoveRequest -Identity “userID” -TargetDatabase “Mailbox Database 0422167200” -BatchName “userID” -BadItemLimit “200”

Perform a full backup on Exchange to purge logs

1. Open Command prompt as Administrator
2. Launch Diskshadow

A.Add volume d:
B.(optional, add one line for each additional drive to include) Add volume X:
C.Begin Backup
D.Create
E.End Backup

3. At this step you should notice the following events in the application log indicating that the backup was indeed successful and logs will now be deleted.

Here’s some screenshots from the process:

Command promptdiskshadow

Event Logese-event-id-2005

 

 

American Express virus.

If you do not know the sender or verify the email, never click a link or attachment in an email. Below is the latest viral email being sent.

americanexpress virus

 

Google IS scanning your Gmail and admits it!

http://www.digitalspy.com/tech/news/a564741/google-clarifies-email-scanning-policy.html

Google has updated its terms of service to offer more transparency regarding its email-scanning practices. The web giant confirmed that Gmail messages are automatically scanned when content passes between its servers. Google has staunchly defended this policy, insisting that email scanning is necessary to provide tailored content and protect users against malware.

How to save IPTABLES rules

The following lines allow SMTP and HTTP traffic through an IPTABLES firewall. But this information is not automatically saved and reloaded if the service restarts.

iptables -I INPUT -p tcp –dport 25 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT -p tcp –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables-save

Whenever you make a change to your firewall, on a Fedora/CentOS type system, you will want to save the changes.

The output can be redirected to a file.

# iptables-save > /root/firewall-rules
The following command line restores all rules from /root/firewall-rules assuming that the file /root/firewall-rules exists.

# iptables-restore < /root/firewall-rules

By default, iptables-restore deletes all existing rules before restoring the saved rules. If the saved rules are to be appended to existing rules, use the -n or –noflush option.

Save Your Firewall and Load on Restart

You will need to edit the /etc/sysconfig/iptables-config as root to help iptables save and reload your firewall correctly. Be sure the following settings are changed to “yes”.

# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be ‘yes’ to get to a sane state for a firewall
# restart or stop. Only set to ‘no’ if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD=”yes”

# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP=”yes”

# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART=”yes”

How to change NCOL email settings on the Galaxy S4

From the home screen, tap Email.

Note: if the shortcut is no longer on the home screen, tap Apps and then tap Email.
Tap the Menu key.
Tap Settings.
Tap the account name.
Scroll to and tap More settings
Tap Incoming settings.
The incoming email settings are displayed.

To view the outgoing email settings, tap Done.
Scroll to and tap Outgoing settings.
The outgoing email settings are now displayed.

To exit the email settings, tap Done.