Category: Malware

lockyRansomware, what is it? Defined as “malware for data kidnapping,” it is one of the top security issues in the digital and cloud age, wherein the hacker or attacker encrypts data and asks for ransom (usually a Bitcoin payment) for the decryption key.

Today, another ransomware threatens the online community “Locky” that can hit you if you were ‘unlucky.’ It works similarly like the modus conducted by the banking software Dridex.

How Locky works?

A victim will be sent an email with a Microsoft Word attachment disguising as an INVOICE that requires macro.

[By default, Microsoft disables it due to security reasons. So a user normally will see a warning if an attachment contains it.]

Now if you would enable the macro function, it will run and then download Locky to your PC, according to the Palo Alto Networks.

[It is the same modus operandi used by Dridex, a notorious Trojan that steals banking account details.]

There are suspicions that the distributors of Locky are connected to one of the main men of Dridex because both use the same mode of malware distribution.

If you or your organization happens to be the unlucky target, your files will be unrecoverable unless you have a regular backup or if your data has not been touched yet.

Lately, the Hollywood Presbyterian Medical’s computer system was infected by ransomware in which the hackers ask for 9,000 bitcoins (or approximately US$3.6 million).

Reports indicated that the operators behind Locky may have conducted a large attack. Palo Alto Networks revealed that it had detected 400,000 sessions that used the same downloader “Bartallex,” which is the one that deposits the infection onto a computer system. Over half of the targets were recorded in the United States and the rest included Australia and Canada.

Locky utilizes its command-and-control infrastructure for conducting a memory exchange before encrypting the files.

Kevin Beaumont from Medium said that encrypted files have the ‘.locky’ extension. He wrote guidance on how to figure out who among the people in an organization has been infected and recommended that the active directory account of the victim must be locked and its network access must be shut down. Finally, he said that you are more likely to rebuild the victim’s PC from scratch.

Check out the full story here.

Computer-MouseMalware trickery has been a problem for many because it can cloak itself as a fake Java updates or a porn app. It can also exploit the people’s data with coding errors in the programs and applications they use. Eventually, malware would enter such system and steal a user’s personal information.  One application to protect the people from such malware invasion is the Malwarebytes Anti-Exploit, a computer protection company based in California that can monitor the most exploited programs, including browsers like Internet Explorer, Firefox and Google Chrome. Check out more of this story from the source.

Source: Tom’s Guide

Malvertising on Online Ads

globe2Advertising used to promote products and services alone, but not now, when there is malvertising that enable advertisers to include malware on their ads, and now this is a question for many, especially after a malicious ad was published on Yahoo.  Blue Coat Systems researchers discovered a group of websites that included malvertising payloads using brand websites, including the Los Angeles Times and Salon.com. To learn more about this story, check out the source.

Source: Computer World

Screen-exclamationWhen it comes to how phishing and spy frauds work their way in getting access to your personal information, most of it would simply rely on exploiting ones trust. Most of the time hackers or cybercriminals seem to make a malicious message to appear as if it was from a legitimate source. When that happens, most users on the internet find it easier to work their way into your personal information as well as your bank account. More often than not, a malware would simply get into your system, accessing your personal information and contacts. This allows hackers to send out fraudulent emails on your behalf. The same techniques apply with social networks, instant messaging and SMS text messaging. For more information regarding this post, go to the source.

Source: PCWorld

Just recently, the U.S. Department of Justice brought charges against nine of the alleged members of some criminal organization that spread the Zeus Trojan. The said malware was used to steal millions of dollars from almost any bank account worldwide. The DOJ’s charges were unsealed last Friday in the U.S. District Court in the District of Nebraska, included conspiracy participating in the racketeering activity, the conspiracy to fraud and identity theft and several counts of bank fraud. Two of the defendants, Yuriv Konovalenko and Yevhen Kulibaba are for arraignment at the Federal courthouse in Lincoln, Nebraska, according to the. The two defendants were extradited recently from the U.K. For more information regarding this post, go to the source.

Source: ComputerWorld

USAThe FBI can record keystrokes and activate web cams, and they are not the only ones, as even criminals can. To depend yourself, you should be informed. Did you know that a malware could remotely activate your webcam even without your camera’s light turning on, and could logged keystrokes from your PC? For the past years, the FBI has been able to send malware to target systems and remotely activate their web cameras, log keystrokes and record the video feeds. These actions are done to investigate on serious crimes and terrorism.

Source: Information Week

A newly discovered Trojan program exploits previously unknown flaws in Android and borrows techniques from Windows malware in order to evade detection and achieve persistence on infected devices.

Security researchers from antivirus firm Kaspersky Lab named the new malicious application Backdoor.AndroidOS.Obad.a and labeled it the most sophisticated Android Trojan program to date.

The malware is designed to send SMS messages to premium-rate numbers and allows attackers to execute rogue commands on infected devices by opening a remote shell. Attackers can use the malware to steal any kind of data stored on compromised devices or to download additional malicious applications that can be installed locally or distributed to other devices over Bluetooth.

Source: ComputerWorld

A stealthy malicious software program is taking hold in some of the most popular Web servers, and researchers still don’t know why.

Last week, security companies Eset and Sucuri found Apache servers infected with Linux/Cdorked. If that malware is running on a Web server, victims are redirected to another website that tries to compromise their computer.

Marc-Etienne M. Leveille of Eset wrote that the company has found 400 Web servers infected so far, of which 50 are ranked in Web analytics company Alexa’s top 100,000 websites.

“We still don’t know for sure how this malicious software was deployed on the web servers,” Leveille wrote. “One thing is clear, this malware does not propagate by itself and it does not exploit a vulnerability in a specific software.”

Source: InfoWorld

At least two million Google Play downloads gave Android users an unwanted freebie in the form of BadNews, a piece of malware which masqueraded as a legitimate advertising network.

The malware was integrated into 32 different apps in the Google Store, according to mobile security specialist Lookout. Those apps have been downloaded more than two million times, exposing users to embedded advertising – but the ads then push users towards fake app updates – which in turn send out premium-rate SMS messages via the well-known AlphaSMS malware.

BadNews, as the malware has been dubbed by Lookout, slipped by Google’s automated detection by posing as a legit advertising network. Such networks fund free apps by supplying standard-sized advertisements, and thus it shows ads for other applications by the same authors.

Editor note: There are many free anti-virus apps available on Google Play so I really suggest that you download and use one of them. I use Dr. Web’s free app and I know BitDefender also has a free app that should give your phone a relatively good protection.

Source: The Register

Skype256Security researchers from Kaspersky Lab have identified a spam message campaign on Skype that spreads a piece of malware with Bitcoin mining capabilities.

Bitcoin (BTC) is a decentralized digital currency that has seen a surge in popularity since the beginning of the year and is currently trading at over $130 per unit making it an attractive investment for legitimate currency traders, but also cybercriminals.

BTCs are generated according to a special algorithm on computers using their CPU and GPU resources. This operation is called Bitcoin mining and is usually performed by users who operate multi-GPU computer rigs. However, mining efforts can also be pooled for better results.

Cybercriminals have figured out that distributed Bitcoin mining is a perfect task for botnets and have started developing malware that can abuse the CPUs and GPUs of infected computers to generate Bitcoins.

Source: ComputerWorld