Posted on

Think Twice Before Outsourcing

One of our SEO and Website customers has spent the day lamenting once again the outsourcing of the bulk of their network infrastructure to an external contractor. Following a botched configuration change by the network supplier, their much depleted IT department spent the whole morning jury-rigging alternative network connections so that people in their headquarters could work. As this was the third or fourth attempt to implement this particular change, there is only one inescapable conclusion; it is getting near Christmas, and the pantomime season has started!

As an arms length Non Departmental Public Body, with a national IT supplier who can not be named for legal reasons, they have found that their costs have risen disproportionally, their service levels have deteriorated, and there is no opportunity for compensation in the event of a substantial loss of service. You may very well ask why they would have such a contract, but that is a question you should direct at your MP!

When you think about it, any contractor is going to put all their effort into winning the contract, and then use the duration of the contract to recoup that cost of the bidding process. Furthermore contractors have directors and shareholders to pay for, to say nothing about the desire to make a profit. That means cutting back on every cost that they can get away with, while charging over the odds for any additional services not included in the contract. The financial impact of this on the end users will depend on

  • the service levels that the supplier is obliged to deliver
  • the metrics used to measure the performance
  • the strength of the enforcement regime of the authority

Needless to say, in the case of our beleaguered NDPB, the service levels do not apply to installations, moves and changes, there are no relevant performance metrics, except on the time taken to fix incidents, and of course the enforcement regime is woefully inadequate. Before you ask about the wisdom of entering into such a contract, it is worth pointing out that the unfortunate organization is NOT the customer, and had no input into the contract, which was awarded nationally. Queue earlier reference to directing why questions to your MP.

As it is possible to learn valuable lessons from any occurrence if you chose to, a quick analysis of the misfortune of our unfortunate subject can help with our own decisions. Any business with a plan to outsource its Information Technology should consider these inescapable conclusions:

  • You inevitably deskill your technical staff, or lose them completely through TUPE or jumping ship
  • No contracted out service ever included all the services actually provided by your in-house team
  • When something goes wrong your business bears the risk, not the supplier

Carl Sagan observed in “Bringing Science Down to Earth”:

We live in a society absolutely dependent on science and technology and yet have cleverly arranged things so that almost no one understands science and technology. That's a clear prescription for disaster.

Carl Sagan

There are countless examples of Private Finance Initiatives (PFI) where the tenants are paying way more than they need to for sub-standard service. There are contracted out IT services where the organization has transferred all its skilled staff to the contractor, only to have to replace them at additional cost to make up for inadequacies in the provision. Then of course there is a growing catalog of late, over budget and failed government IT projects, all outsourced to private sector contractors. Despite all these lessons, somehow there are still people who think that outsourcing can save money and is a good idea!

The next time you start to think about outsourcing your local area network support and network infrastructure to a faceless third party organization, remember that poor unfortunate NDPB. There is no such thing as a free lunch!

Posted on

Visa Scam Email Circulating

The spam filters are currently picking out a Visa Scam Email circulating at the moment which is claiming that your card has been blocked for security reasons. If your email browser will render the html, it looks something like this Visa Scam Screenshot:

Visa Scam Screenshot
Visa Scam Screenshot

Analysis of the content shows a hyperlink which claims to point to visa.ca, but in fact is a link to an IP address in the Republic of Korea. Launching the link will only get you a page that looks like this:

Visa Scam Link Screenshot
Visa Scam Link Screenshot

If you have received any of this type of email, and want to find out where the masked link is actually pointing, you could try looking it up via ipchecking.com. However, the best advice with this scam is to press delete, and save your mailbox space.

Posted on

Max Rebo Band Website Live

The featured Blog this week is Max Rebo Band Website, which is a WordPress site using the default Twenty Eleven 1.2 theme. Kudos to Rich Pegler, the band’s drummer and webmaster, who has set this great site up from scratch. This just shows you the flexibility of WordPress out of the box, and the Max Rebo Website is a good place to see what is possible.

Max Rebo are a great four piece band, based in the area around Bristol and Weston-super-Mare, who are described as the best covers band this side of the galaxy. You may have guessed from the band name, and other Star Wars references that there is a theme to the website. May the Force be with you; this is the band you are looking for! Along with the usual band Biog, Events Discussion Board and Shop, there is a Media section where you can hear and download some of the original tracks penned by Max Rebo, as well as some of their great covers.

Once you have visited the site, you may be wondering how Rich has managed to achieve all the features, just using standard WordPress plugins. Along with Mingle Forum, ShareThis, Status Press Widget, Widget Twitter VJCK, WPaudio and WP Photo Album Plus the site uses:

  • Events Manager, which is an Event registration and booking management plugin for WordPress. Allows recurring events and shows locations, with links to google maps.
  • Flash MP3 Player JW2.3, a user friendly MP3 Player widget which you can add to your sidebar. You edit the playlist through the intuitive options page.
  • GRAND Flash Album Gallery provides a comprehensive interface for managing photos and images through a set of admin pages,
    with a very professional feel.

A great band from the southwest, with an interesting WordPress implementation. Click here to visit the Max Rebo Band Website

Posted on

Bredolab Botnet Still Active

More Tax Payment malware news today, with a resurgence of the Bredolab botnet.

Our MessageLabs Anti-Virus Service reported a suspicious email, similar to the Tax Spam Malware Warning yesterday. The message title once again was Your Tax Payment ID [Random Number] is failed

This time Symantec reported it as Trojan.Bredolab, which is a likely resurfacing of a Bredolab botnet.

The Bredolab botnet was partially dismantled in November 2010 through the seizure by Dutch law enforcement agents of 143 command and control servers, effectively removing the botnet herder’s ability to control the botnet centrally. Although the botnet’s size and capacity has been severely reduced by the law enforcement intervention.

A PC infected with Bredolab shows a number of effects as the malware:

  • Downloads more malware on to the compromised computer
  • Lowers the security settings on the infected computer
  • May result in file deletion

If your anti virus software or mail gateway informs you that it has detected Bredolab, follow the instructions and do not open any affected files. To make sure that your machine does not get infected keep your anti virus software switched on and the signatures up to date.

Further resources

Posted on

Tax Spam Malware Warning

The spam filters are currently working overtime catching dubious email messages about tax payments having failed. As you might expect, this is a Tax Spam Malware Warning, so take care before opening anything that tells you that Your Tax Payment failed.

This email, which purports to be from US tax payment service Electronic Federal Tax Payment System (EFTPS), claims that the recipient’s tax payment has been rejected due to a submission error. The message, which includes a sender address and link that are seemingly valid EFTPS addresses, asks the recipient to click a link in order to review details about the error.

Obviously the email is not from the EFTPS, and the link in the message has been disguised so that it appears to point to the genuine EFTPS website. In fact, it is a phishing scam designed to steal personal information from recipients. A sample of the email appear below:

Your Tax Payment ID [random number] is failed

Your Federal Tax Payment ID: 32127292 has been rejected.
Return Reason Code R21 - The identification number used in the Company Identification Field is not valid.

Please, check the information to get details about your company payment in transaction contacts section:

attach name = report.18653.pdf

In other way forward information to your accountant adviser.
EFTPS:
The Electronic Federal Tax Payment System
PLEASE NOTE: Your tax payment is due regardless of EFTPS online availability. In case of an emergency, you can always make your tax payment by calling the EFTPS.

Attempting to open the attached file will result in a malware loader executing. This is detected by Sophos Anti-Virus as ‘Virus/Spyware Mal/FakeAV-OQ.

The gramatical errors should give you a clue to the bogus source of this Tax Spam Malware. Do not click on any links in this email or download any attachments. Flag as spam and press delete!

Posted on

Malware Scripts Added To Websites

A couple of our customers have experienced hacks to their websites this last week, with malicious code (or malware) added to several pages. Normal visitors to the site have a little extra script added when they load the page, which good antivirus software will identify as a malware script. Kaspersky Labs identifies the Trojan loader as Heur: Trojan Script Generic, which is a generic Trojan loader identified by a heuristic algorithm. Alternatively, it may be identified as as Blackhole Exploit kit by other AV products.

Analysis of samples of the inserted code show some common strings, which can be used to find the script on an infected website. This appears to have been inserted by an automated script loader, probably a bot using brute force to guess FTP passwords.

< b o d y>< d i v id="w3stats">
< s c r i p t language="JavaScript" type="text/javascript">
window.w3ssss=function(){
=== Script Link and other code removed ===
CheckBody();
< / s c r i p t >< / b o d y >< / h t m l >

A quick Google search reveals that quite a few sites have had this little addition. If you find that you have been infected, carry out the following actions as soon as possible:

  • Search the code on each page for the string “window.w3ssss”
  • Remove the offending code from all of the pages where it has been installed
  • Change all your site passwords, including FTP
  • Monitor the site regularly for reinfection

Thousands of website owners are unaware that their sites are hacked and infected with malware scripts. Here are a few useful links to help:

Posted on

Spear Phishing Attack Warning

A warning which is currently circulating in security circles concerns a Spear Phishing attack masquerading as a company virus warning. The object is to trick users into installing malware on their computers which would compromise their security.

Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Named after Fishing, (baiting a hook) the message could claim to be from a bank, online payment processor or a social media site.

Spear Phishing (sometimes written as Spearphishing) is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. This is usually by impersonating a company employee via e-mail to steal usernames and passwords from colleagues and gain access to the company systems. Spear phishing is commonly used to refer to any targeted email attack, not just limited to phishing.

The particular attack which is currently circulating attempts to trick users into believing they are downloading an approved anti-virus update from the company’s IT department, to combat a new kind of virus. However, if they do succumb to temptation, they will install a Trojan horse. According to the Sophos Naked Security blog post, Sophos anti-virus products detect the malware as Mal/Generic-L and Troj/Inject-QL.

If you ever receive an odd email recommending that you click on a link to install something, check with your IT department to see if the instruction is genuine. They would much rather you checked than put the network at risk from malware infection.

For more details of the Spear Phishing Attack Warning, including a sample email message, click here to view the Sophos Sneaky fake company virus warning

Posted on

Block Spam from WordPress Contact Page

Have you been having trouble with Spam from your Contact Page on your WordPress blog? This is a quick way to Block Spam from a WordPress Contact Page.

Every good website has a Contact page to ensure that users can get questions answers, and customers can engage before buying goods and services. The trouble is that every bad robot spider trawling the web knows that too, and targets input forms and contact pages. Pretty soon after putting your Contact Page live you can expect to start receiving emails about Viagra, poorly crafted meaningless comments containing back links, or just random strings of characters. While the delete key handles these things quickly and efficiently, the net effect is to dilute our energy which should be directed a answering the real questions from our customers. What we need is a better solution.

What Stops The Bots?
To stop the spiders from even posting the contact form we need to install a WordPress CAPTCHA plugin. A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a challenge-response test used to ensure that the response is not generated by a computer or Bot. It can be as simple as identifying if a picture of an animal is a cat or a dog, which is easy for a human, but a challenge for a Bot. The most common forms use distorted images of letters and numbers, which the human eye can easily distinguish due to pattern matching capabilities within our brains. Go humans!

How To Block Spam from a WordPress Contact Page
If you are using the Contact Form 7 plugin, there is a Really Simple CAPTCHA plugin which integrates right in to the Contact Form 7. While not strongly secure, it will at least stop the script kiddies and bots having an open door. To install it carry out the following steps:

  • In the Plugins section of the Dashboard, click on Add New
  • Search for plugins by keyword Term Really Simple CAPTCHA
  • Next to Really Simple CAPTCHA, click on Install Now

What Else Can Block Spam
If the Really Simple CAPTCHA plugin does not meet the requirements, there are a number of other measures we can use to block Spam from WordPress contact pages, including:

  • Secure CAPTCHA, which uses hard to break and easy to read secure CAPTCHA images from SecureCAPTCHA.net.
  • Contact Form by ContactMe.com, which is a fully customizable contact form which automatically adds your contacts to a free online contacts database.
  • Fast Secure Contact Form which supports sending mail to multiple departments, and redirects to any URL after the message is sent.

Hopefully using one of these methods we can see the back of spam contacts from the contacts page, and get back to the business of responding to or customers and genuine visitors.

Finally, some useful Resources to help block Spam from a WordPress Contact Page

Posted on

What is Conversion Rate Optimization?

OK so we have seen SEO, so what is Conversion Rate Optimization or CRO? In the language of Internet Marketing, the process of improving the experience of the visitor in order to convert them into a paying customer is called conversion optimization, or sometimes conversion rate optimization.

So when we have just managed to get our heads round the idea of SEO, why do we need to think about Conversion Rate Optimization? Remember, the primary purpose of web advertising is to get people who might be interested in buying something from you to visit your web site. In other words, to get the greatest number of visitors to email you or call you with their contact information, and ultimately to buy your products and services.

Conversion Rate Optimization is the process of increasing website leads and sales without spending money on attracting more visitors by reducing your visitor attrition or bounce rate. Another way to look at it is to make more use of the visitors to your site by turning them into customers. Conversion Rate is the ratio of visitors to committed customers, and we optimize our page or site to improve this ratio.

There are two main approaches to conversion optimization, the first focuses on testing as an approach to discover the best way to increase conversion rates for a landing page, website, or campaign. The second approach focuses on understanding the audience and then creating a targeted message that appeals to that particular demographic. Both approaches are equally valid, and some CRO Experts advise us to use both methods as part of our strategy to convert visitors to customers.

Look out for future marketing postings where we will be taking Conversion Rate Optimization a stage further, and looking at some simple tools to help you turn your visitors into paying customers.

Posted on

Keylogger virus infects drone plane command centre

The hot news on the blogosphere at the moment is the revelation that a Keylogger virus has infected the drone plane command centre at Creech air force base in Nevada.

Keylogging (or Keystroke logging) is the action of tracking (or logging) the keys struck on the keyboard, typically in a covert manner so that the person using the keyboard is unaware. The Keylogger virus is used to capture users’ passwords, credit card details and bank account numbers as people type them in. The data is then sent over the web to fraudsters. Security officials are currently unable to completely remove the virus, as it keeps reinstalling itself, suggesting that the attack vector has not been plugged.

Creech air force base in Nevada is the command centre for the remotely piloted aircraft used in Afghanistan including the Predator drone spyplane-bomber. The Predator is a medium-altitude, long-endurance unmanned aircraft system which is used in Afghanistan and, more controversially, across the border in Pakistan.

This is the latest security breach for the hi-tech remotely piloted vehicle system; the US military has previously found out that Iraqi insurgents were able to capture and record the footage being sent to troops and back to the airbase by cameras on the drones. The insurgents hacked into video feeds, which were not encrypted, using a $26 piece of Russian software named SkyGrabber. Apparently The encryption for the feeds were removed for performance reasons.