News Prevention From Hacking : How To Protect Yourself From The Global Ransomware Attack

Security experts are bracing for more fallout from Friday's worldwide WannaCry ransomware attack, which has so far affected more than 150 countries and major businesses and organizations, including FedEx, Renault and Britain's National Health Service. But if you're just hearing about this attack - or waking up to an unresponsive computer of your own - here's what you need to understand about what law enforcement officials have called the biggest such attack in history.

-- What's ransomware?

Ransomware is a kind of malicious software that, as its name implies, takes a computer hostage and holds it for ransom. In this case, the attackers are asking for at least $300 in bitcoins for each computer affected by the attack.

With ransomware attacks, the malware locks down a target machine, encrypting its data and preventing the owner from accessing it until he or she agrees to pay up.

-- How many people have been affected by the current strain, WannaCry?

Over the weekend, Europol officials said that some 200,000 computers have been hit by the malware. But that number has almost certainly risen as people in Asia - who had logged off for the workweek before WannaCry began spreading - have returned to work. On Monday, the Japanese electronics maker Hitachi, a prominent Korean theater chain and the Chinese government said their systems had been affected. Chinese state media reported that 40,000 businesses and institutions have been hit, according to NPR, including universities, gas stations and city services.

And that's just a measure of the electronic consequences of WannaCry. The software attack has taken a toll on many people in the real world. Health care providers in Britain's NHS, for example, were forced to turn ambulances away and cancel or delay cancer treatments for patients over the weekend, though officials say 80 percent of the NHS's systems were unaffected and that the disruption is easing.

-- Are victims paying the ransom?

Some are. The news site Quartz has set up a Twitter bot to track the bitcoin wallets linked to the attack, which are growing fatter by the minute.

actual ransom tweeted: The three bitcoin wallets tied to #WannaCry ransomware have received 194 payments totaling 31.38971127 BTC ($53,453.58 USD).

-- Businesses and organizations seem to have been hit pretty hard, particularly overseas. Why?

It's largely a question of resources and attention. Security experts say the attack could have been prevented if many businesses had simply kept their machines up to date with the latest software. In reality, doing that may be more difficult than it sounds, either because of corporate cultures that don't prioritize security or because of a lack of funding to upgrade to the latest and greatest.

That raises questions about inequality in technology, said Stewart Baker, a former general counsel at the National Security Agency. Many people, he said, run pirated versions of Microsoft operating systems because they feel they cannot afford the real thing. Those people "are at risk - they're probably not getting updates," he said.

Other organizations, he said, may have stuck with legacy software because it worked and paying to upgrade to new versions of Windows didn't seem necessary.

But after the highly public spread of WannaCry, companies around the globe no longer have an excuse to forgo system updates, said one former Obama administration official.

"It's no longer a cost of doing business," said R. David Edelman, who advised President Barack Obama on technology. "It's going to be a cost of staying in business."

-- I've been hit by WannaCry. Should I pay?

Some of those who have paid the WannaCry ransom have regained control of their computers, security researchers say. Still, many are urging consumers not to pay the ransom if they can avoid it because giving in simply encourages attackers to pump out more ransomware, and victims may not get their data back even if they do pay.

Analysts have noticed an uptick of ransomware attacks in recent years, with most predicting an even bigger increase in 2017.

-- What if I don't have the luxury of fighting the ransomware?

The bad news is, you might be stuck with paying or wiping your machine and starting over from a clean install. But the next best thing you can do is help reduce the odds of being hit next time. We'll get to some tips in a minute.

-- Who's being targeted? Am I safe?

The WannaCry ransomware targets Windows computers, particularly those running Windows XP, an aging operating system that Microsoft largely stopped supporting in 2014. If you're running the most recent version of Windows, or XP with the appropriate security patches, you should be okay (though you should really stop using XP right away).

-- What about Apple and Android devices?

Apple computers appear not to be affected by WannaCry, but that does not mean that Macs or iPhones are immune to malware in general. As Apple has gained more marketshare, its products have become a much bigger target for attackers. And Android phones are notoriously susceptible to malware, in part because many Android phones run outdated versions of the system and it's incumbent on cellphone carriers to push updates. If you prefer using Android, consider switching to one of Google's proprietary handsets, such as the Pixel, which tend to receive Google's software patches as soon as they're released.

-- Who's behind the WannaCry attack?

It's unclear who the attackers are, but we do somewhat know about the origins of the ransomware. The vulnerability in Windows that WannaCry takes advantage of was discovered by the NSA for its surveillance toolkit. But word got out when a hacker group known as the Shadow Brokers dumped a bunch of leaked NSA information onto the Internet in April. Microsoft, however, had already issued a software update the month before; those that downloaded and installed the patch were protected from WannaCry, but many others lagged behind and became victims.

Microsoft is now warning that the government practice of "stockpiling" software vulnerabilities so that they can be used as weapons is a misguided tactic that weakens security for everybody.

"An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen," the company said Sunday.

-- How can I protect myself?

Bottom line: Make sure your device's software is up to date. Software updates often contain lots of patches that fix bugs and close security loopholes; regularly using Windows Update or the Software Update feature on a Mac will help insulate you from problems. But you can also set your devices to install those updates automatically so you don't even have to think about it. Hackers prey on complacency.

In addition, you can:

Create backups of your most important files, either by downloading them to an external hard drive or by storing them in a cloud-based storage service.

Use a password manager to create and keep track of unique, hard-to-remember (and thus hard-to-break) passwords for each of your services. It's a little counterintuitive, but experts say it's much more secure than the alternative, which is reusing the same password across multiple websites.

Check your medical and credit reports for evidence of fraudulent activity.

At work, check with your IT administrator to make sure your organization's devices are protected from WannaCry.

Remember to treat unexpected emails with caution, and read up on phishing - one of the most common types of social engineering attacks used by attackers to compromise machines.

"Ransomware is following the same trajectory as phishing," said Phillip Hallam-Baker, an expert at the digital security firm Comodo. "The criminals have worked out how to monetize the crime, and they know which types of businesses are likely to pay up - and how to collect the money without being caught."

Posted by Unknown Tuesday, May 16, 2017

News Technology Threat Update : Dangerous Backdoor Found In About 3 Million Android Smartphones, BLU Affected The Most

Just a few days ago, a backdoor was discovered in various Android smartphones that was being used to send call logs and text message archives to servers hosted in China. Now, an even more dangerous rootkit has been discovered, with devices from US-based smartphone brand, BLU, being found to be among the most affected.

Security research firm, BitSight has released an advisory about a rootkit found in the Ragentek firmware used in certain Android smartphones, mostly manufactured by Chinese OEMs. The firm carried out extensive tests using a BLU Studio G smartphone, which involved installing a tracking file using the exploit. Since the firmware allows installation of apps with elevated privileges, a compromised device can be used to do a lot of harm.

By monitoring the data transmitted to a couple of domains, BitSight identified nearly 55 smartphone models, which feature the backdoor. Many more devices with unknown identifiers were also discovered. US-based brand, BLU, is the worst-affected with about 26 percent of its smartphones found with this backdoor. The other brands include Chinese vendors such as Doogee, Leagoo and Infinix. BLU is said to be addressing the issue, but no details of the process are available yet.

According to BitSight, requests to the remote servers were largely made from phones used in institutions such as banks, hospitals and governments, where these devices probably were deployed in bulk due to low prices. Network admins or enthusiasts can monitor their traffic for requests to the following URLs to find out whether they have any affected devices in their network:

• oyag[.]lhzbdvm[.]com
• oyag[.]prugskh[.]net
• oyag[.]prugskh[.]com

The recent discoveries about backdoors in smartphones coming out of China will surely raise concerns in the global market, where many of these devices are being sold with local branding as in the case of BLU.

Posted by Unknown Sunday, November 20, 2016

New Technology Update : A Malicious WhatsApp Video Feature Invite Is Spreading Across The Messaging App

WhatsApp recently announced the launch of its video calling feature which has started to roll out for Android, iOS and Windows Phone users. While a number of messaging apps offer this feature, WhatsApp has been a little late, it does however have the biggest user base across the globe.

While the news is welcoming, many users are receiving as well as sharing an unverified link on WhatsApp which is said to be an invite to activate the video calling feature. An invite system was introduced last year on Whatsapp when the voice calling feature was rolled out. It seems that certain scammers are trying to take advantage of this as they have spread a similar looking fake link for the new video calling feature.

WhatsApp has not officially released any links this time to enable any feature, so in case you get any such links, do not visit any of the links. Visiting these links could be harmful and could expose your personal data.

According to a report, the link takes you to what seems to look like an authentic page where it asks you to send the malicious link to other people on your list. It also mentions the existence of group WhatsApp video calling, a feature that is still not officially available on the platform.

If you do happen to get an invite to activate the video calling feature on WhatsApp, do ignore it. To get the feature you just need to update the app to the latest version. In case you don’t see an update, wait for a couple of days as it is rolling out in phases.

Posted by Unknown Saturday, November 19, 2016

News Apple MacBook Update : Two Mac Viruses Strike At The Heart Of The Platform's Secure Image

‘Thunderstrike 2’, a worm which moves from Macbook to Macbook using hardware, joins privilege escalation bug seen in the wild for the first time.

 For years, Mac users have been safe in the knowledge that their platform was relatively safe from malware. A combination of the lower number of users on the platform, less attention from security researchers and, in general, fewer security holes in the operating system than Windows has led to a history generally free of damaging viruses and malware. So proud has Apple been of its security that it even ran several spots in its Mac vs PC ad campaign dedicated to the idea that Macs don’t get viruses.

But in quick succession, two new serious vulnerabilities in OS X have introduced Mac malware back into the conversation.

One exploits a weakness first confirmed in mid-July, which allows a malicious program that gains access to a Mac to run as though it is the administrator of the computer – a vulnerability known as “privilege escalation”. In doing so, it can bypass a lot of Apple’s security features, which rely on appropriately limiting the ability of downloaded code from affecting the deeper functions of the operating system.

Stefan Esser, the German coder who discovered the exploit, heavily criticised Apple for having already patched it in the beta versions of its next operating system, Mac OS X El Capitan. The company, which did not respond to a request for comment from the Guardian, still has not fixed the flaw in the latest current version of Mac OS, Yosemite, nor in the beta for the next Yosemite patch.

“At the moment it is unclear if Apple knows about this security problem or not, because while it is already fixed in the first betas of OS X 10.11, it is left unpatched in the current release of OS X 10.10.4 or in the current beta of OS X 10.10.5,” Esser wrote.

Later, he tweeted that “Apple was informed about said bug months ago and as usual did the irresponsible to fix it for some beta half a year in the future only.

“That means Apple released the bug via a patch … 4 months before they want to ship the ‘fix’,” he added.

Now, Esser’s bug has been seen in the wild for the first time. Researchers from Malwarebytes discovered a new adware installer doing the rounds, which allowed the adware to embed itself into the operating system, and – crucially – allowed the adware to install itself without requiring the user’s password.

Malwarebytes, which also criticises Esser for releasing the exploit without giving due notice to Apple, says: “This is obviously very bad news. Apple has evidently known about this issue for a while now … Unfortunately, Apple has not yet fixed this problem, and now it is beginning to bear fruit.”

At the same time, a very different exploit is about to be revealed to researchers at the Black Hat security conference in Las Vegas. It uses a bundle of weaknesses in the firmware of a computer, the embedded operating system which runs the lowest-level functions such as fans, power supply units, and USB ports, and lets the researchers overwrite that software with their own code, and five of these six weaknesses are present on Macs as well as PCs.

The researchers notified Apple, which has patched two of the vulnerabilities, but three remain unpatched.

Worse still, researchers managed to write a proof of concept attack which uses the weakness to create a “worm”: a virus which can spread from MacBook to MacBook directly. A deliberately infected email can infect the first MacBook, which then automatically attempts to infect any other hardware physically connected to it, such as Apple’s ethernet adapters. If that hardware is later plugged into an uninfected computer, the worm spreads further.

“People are unaware that these small cheap devices can actually infect their firmware,” researcher Xeno Kovah told Wired. “You could get a worm started all around the world that’s spreading very low and slow. If people don’t have awareness that attacks can be happening at this level then they’re going to have their guard down and an attack will be able to completely subvert their system.”

The worm, called “Thunderstrike 2”, bears a similarity to a previous proof-of-concept attack called BadUSB, which let attackers reprogram almost any USB device to attack hardware. But even that attack hadn’t been turned into a worm, limiting the potential damage.

Posted by Unknown Wednesday, August 05, 2015

Report : Ninety-Nine Percent Of Fresh Malware Programs Attack Android

As per results of the Kaspersky Protection Message 2012, 99% of recently found mobile harmful programs target the Android operating system foundation, while only a very little bit objectives Coffee and Symbian-based mobile phones. The review found that 2012 was the second year to show intense growth in Android operating system viruses. From a minimal eight new unique harmful programs in Jan 2011, the normal monthly development amount for new Android operating system viruses this year went up to more than 800 examples. This year, Kaspersky Lab determined a typical of 6300 new mobile viruses examples every month. Overall, in 2012, the number of known harmful examples for Android operating system increased more than eight times. 

The majority of Android operating system viruses can be separated into three main groups according to performance. Elaborating further, the review contributes that “SMS Trojans” vacant victims’ mobile records by delivering SMS text messages to premium-rate figures. Backdoors provide unexpected access to a smart phone, making it possible to set up other harmful programs or grab personal information. Malware objectives the unexpected collection of information, such as address books and security passwords (or even individual photos in some cases).

In the first half of 2012, Backdoors, SMS Virus viruses and Malware combined included 51% of all recently found Android operating system viruses. In the Top 10 graph of Android operating system viruses that was obstructed by Kaspersky Mobile Protection or Kaspersky Tablet Protection, SMS Virus viruses showed up to be the most extensive, with programs showing unwanted ads to customers in second place.

Less extensive but by far the most dangerous are mobile banking Virus viruses that often work together with their pc alternatives, as was the case with Carberp-in-the-Mobile.

The Android operating system foundation allows software installation from untrusted sources, and one of the best ways to guarantee an disease is to set up programs from dubious websites. However, viruses on the formal Google Perform program submission foundation is another trend that started this year and ongoing in 2012, despite Google’s best initiatives to reduce cybercriminal activity. One of the most uncommon examples of mobile viruses in 2012 was the "Find and Call" program that managed to put into the Google Perform shop as well as Apple’s app shop.

The FakeRun Android operating system Virus, which is one of the most extensive in the United States but also frequent in other countries of the world, does not grab users’ personal information. It connected to a vast family of phony programs that do nothing but display ads that generate income for their designer. One particular harmful program known as Virus.AndroidOS.FakeRun.a that showed up in Google Perform forced customers to give it a five-star rating and share information about the app on their Facebook records before it would even start. The only thing that customers received though was frustrating ads.

One of the most popular mobile Virus viruses in European countries is Virus.AndroidOS.Plangton.a. To an unskilled smart phone owner, the only proof of its existence are the ads that appear every now and then and some uncommon records in the bookmarks section of the Android operating system web internet browser. After disease, the Virus joins to a control server and changes website favorites as well as opening a web page that reveals customers to potential online frauds.

Russia’s mobile Internet landscape is filled with SMS Virus viruses – harmful programs delivering text messages to premium-rate figures that basically takes users’ cash. For example, Trojan-SMS.AndroidOS.Opfake.bo cover up itself as an user interface skin, but in fact registers the user to costly “premium” content.

Posted by Unknown Sunday, February 10, 2013

Report : Google Building Malware Scanner For Google Play

Summary: Search giant Google is to integrate a malware scanner in its online Android application store in a bid to stave off an impending malware 'pandemic' on the mobile platform.

Google will integrate a malware scanner in the Google Play application store for Android devices that may help prevent malicious apps from reaching end users, according to a report.

On the internet information site Android operating system Cops indicates Search engines may be applying the back-end remedy as a result of criminal programs attaining the Android operating system program store in latest several weeks and months. According to the sequence of the Android operating system program program (.APK) computer file launched this week, post such as package_malware_title and package_malware_banner_warning with associated alerts such as: "Installing this app may damage your device" were found.

It also follows a review a few months ago by protection company Pattern Small that cautioned of a "malware pandemic" by it all one fourth -- which we're already in.

There are two areas to the viruses scanner: an "App Check" assistance that examines all the lamps programs already set up to figure out whether any current programs may damage the product or. The second part is a "doorman-style app blocker" that cautions the individual if an app about to be downloadable may be dangerous, or has been flagged as dubious.

The online book formerly mentioned "Bouncer," a work in improvement by Search engines that functions as a server-side viruses recognition assistance for Search engines Play -- which was returning then known as the Android operating system Market. It's though the assistance was designed by VirusTotal, a online viruses checking application, which was obtained by Search engines last month. Financial conditions of the deal were not revealed.

ZDNet has put in concerns to Search engines. If or when we listen to returning, we'll upgrade the piece.

Posted by Unknown Tuesday, October 16, 2012

Over 60 Percent Of Android Malware Comes From One Malware Family : McAfee

As the popularity of Android operating system has grown, so has the variety of online hackers and viruses focusing on it. However, it has now been exposed that a majority of risks for Android operating system develop from a single viruses close relatives, Android operating system.FakeInstaller.

According to a report by online security company McAfee, viruses from the FakeInstaller close relatives records for more than 60 percent of all Android operating system risks the company procedures. The FakeInstaller viruses masquerades as well-known programs, and once installed by customers, produces income by quietly delivering SMS information to top quality figures without the person's approval. McAfee declares that there are a huge variety of versions for this viruses, and it is allocated on hundreds of sites and bogus marketplaces.

This viruses has obviously been greatly effective as people tend to drop for bogus programs quite easily. What exactly is more, McAfee declares that such risks are growing dangerous as they are applying advanced methods to avoid recognition such as server-side polymorphism, obfuscation, antireversing methods and frequent recompilation.

McAfee declares that the scams starts when customers look for for a well-known application and access a bogus formal website or bogus market via look for engines or social network sites. Applications usually appear to be genuine, such as screenshots, explanations, reviews and video clips, as a result of which unaware customers drop into the snare and set up the viruses.

After installation, when Android operating system.FakeInstaller is implemented, it shows a service contract that informs the individual that one or more SMS’ will be sent; this contract has obviously been found in Western or British. The individual is then forced to click on an Agree or Next option, which delivers a top quality SMS message. McAfee shows that it has come upon variations of the viruses that deliver SMS information before customers even see or click on a option. Often, bogus progress cafes are shown to create customers think some process is developing.

There are also variations of FakeInstaller that besides delivering top quality SMS information, also consist of a entry to receive orders from a remote hosting server. A edition, FakeInstaller.S uses “Android Reasoning to System Messaging” to sign-up the contaminated devices in a data source and deliver them information (URLs) from viruses authors Google records.

McAfee declares that previous variations of FakeInstaller were meant only for Southern Western customers, but the designers of the viruses have extended their value to consist of other countries - adding guidelines to get the Cellular Country Code and Cellular Network Code of it. Based on that information, Android/FakeInstaller chooses the premium-rate figures and the text for the SMS information.

The Android operating system.FakeInstaller viruses familly’s efficiency and money-making ability has inspired harmful app authors to keep upgrading and enhancing their viruses. Moreover, new bogus marketplaces and bogus sites spring up almost daily, and are hard to keep track of. These sites often divert issues for app downloading to the harmful edition of the app on a different hosting server.  McAfee declares that it has also seen fake-site URLs distributed via Tweets by bot records and bogus Facebook or myspace information.

“Malware authors appear to create plenty of cash with this type of scams, so they are determined to continue enhancing their facilities, value, and methods to try to avoid anti-virus software,” McAfee declares.

How to stay secure? Simple: Don't set up any app from outside the Google Play store or follow links on unusual sites. Also, it wouldn't hurt to set up some sort of anti-virus on your smart phone.

Posted by Unknown Friday, October 12, 2012

Malicious Malware Targets Journalists, Free Press Organizations

Summary: An opportunistic assailant attempted to deceive Committee to Protect Journalists and load malicious malware onto a computer belonging to the the organization's director. 

Last week the Executive Home of the Panel to Secure Correspondents received an e-mail that looked like it was sent from a co-worker at brother company Globe Press Independence Panel.

The e-mail included hidden viruses - that, if implemented, would have allowed distant monitoring by an unknown celebration.

Every season journalists all over the globe are killed in reprisal for confirming on (and in) places such as Syria and Somalia.

Non-governmental companies like the Panel to Secure Correspondents fight to guard high-risk journalists and protect global no cost press offenses.

In doing so the CPJ takes on dangerous globally cases of abduction, strikes, censorship, expulsion, following, jail time and killing of journalists and media professionals globally.

Now their perform has put them square in the crosshairs of nasty viruses strikes.

The Panel to Secure Correspondents has come forth with information about how it was targeted with tactics of carefully designed impersonation to place viruses onto one of its key computer systems.

The first red banner for CPJ Home Fran Simon was a minor misspelling of co-worker Rony Koven's name - the e-mail came from a Yahoo current e-mail address with the name "Rony Kevin."

CPJ's Internet Loyality Manager Danny O'Brien described the e-mail saying,

    The subject of the email was "Fw: Correspondents caught in Gambia," and the material of the email was boilerplate written text about reporters who had been recently caught, followed by "Please review the accessories for more information."

    The writing was actually duplicated and duplicated and pasted from this Content 19 aware. The writing guaranteed more information in an attached ZIP pc file, called "Details," which it said was password protected with the letters "CPJ."
The CPJ explained that since software strikes on companies such as theirs are on the rise, this particular viruses attempt was a good example for discussion.

Naturally, the seasoned company didn't open any of the dubious accessories. Instead the CPJ quarantined the e-mail package for evaluation and 'forensics' perform.

There were five items in the .zip pc file. It included a written text pc file, three images of Gambian journalists - and a Windows exe hidden as an image pc file.

When triggered, the exe was indeed viruses set to unpack itself, run in the background and communicate from the Director's pc to a device that security specialist Morgan Marquis-Boire located in Philippines.

O'Brien mailed the Indonesian server's administrators to no utilize.

That's probably because in this example it in Philippines is only acting as a distant server, rather than the final destination for information the viruses would send to the coming celebration.

In plain terms, when viruses is installed on somebody's pc it is managed from a distant device - through another device.

But knowing the type of viruses used to strike the Panel to Secure Correspondents is a bit more disclosing.

While the objective of the viruses is still in question, typically the type of viruses in CPJ's bogus Gambian e-mail is used to log key strokes and possibly assist in entry to e-mail and other types of accounts. A standard type of account affected in this type of viruses example would be Skype -  viruses like this commonly includes Skype accessibility.

Unfortunately this type of strike on no cost press companies - and journalists - is becoming more typical as viruses toolkits increase in accessibility in the globally pc subterranean.

O'Brien burdened the weight of the attack's purpose by analyzing its social technological innovation details:

    The bogus identity of the email's source and the material about Gambian journalists suggest that somebody had dedicated some time to knowing CPJ, its interests, and its network of partners. (...)

    Whoever sent this wanted entry to CPJ's computer systems in particular, and was willing to spend at least some resources obtaining information that would make their e-mails effective to us, and perhaps other globally press freedom groups like the Globe Press Independence Panel and Content 19.

This strike failed, but all parties on the defense team are certain that more viruses efforts are unavoidable.

O'Brien considers that the objectives are not completely companies like his, but in fact the journalists, no cost press and media that CPJ looks for to guard.

With 85 journalists killed in 2011 (plus 179 imprisoned), the 55 journalists killed so far this season, and an increasing accessibility for viruses sets - experiences about viruses strikes on no cost press companies may become disturbingly typical.

Posted by Unknown Tuesday, September 04, 2012

New Malware Targets Linux And Mac OS X

A new item of viruses focusing on Apples and Linux-based techniques is resulting in a world of problems for those in its direction. Wirenet.1 is accountable for taking security account details saved in internet explorer like Firefox, Chromium, Firefox and Safari. Furthermore, it’s able to acquire security account details from well-known programs such as SeaMonkey, Pidgin and Thunderbird. Even if you do not use any of the above described application, you are still in risk as a key logger is included in the payload.

The occurrence was just lately recognized significance there are still several items of the challenge losing. It’s unidentified how the viruses is being propagate but European anti-virus company Dr. Web says the harmful value sets up itself into the person's home listing under the name WIFIADAPT.

There are some actions that can be taken right away if you think you could be contaminated. Dr. Web is fast to point out that their anti-virus application will keep you secured (for a fee, of course). Another choice is to simply turn off interaction with the management hosting server used by the code’s writer. In this situation, preventing interaction with IP deal with 212.7.208.65 should do the key.

The viruses further features a increasing pattern to focus on operating-system with less sized set up platform – generally anything other than Windows – that were once believed to be more protected. The most well-known Computer virus to impact a non-Windows system was Flashback, a customized edition of the BackDoor.Flashback.30 edition first discovered by Dr. Web in Apr 2012. This value discovered its way to more than 600,000 Mac computer systems.

Posted by Unknown Monday, September 03, 2012

Difficult For PC Viruses To Stay Invisible Indefinitely

Summary: Security watchers say that while malware such as Rakshasa are stealthier and can stay well hidden embedded in hardware chips, it is often difficult to implement and will eventually be detected. 

It is unlikely that computer germs can stay completely invisible consistently as such strikes are already known to the protection market and attempts are continuous to identify and reduce even greatly included hardware-based entry germs. Soon enough, the malware will also be removed thus debunking the idea of an invulnerable malware, say experts.

The idea for such a malware came in Aug when Jonathan Brossard, CEO and protection analysis professional at Toucan Program, confirmed the "Rakshasa" malware which is a greatly included entry set up on the BIOS processor on a PC's mother board or other elements components such as system cards.

According to him, since the malware is located within mother board snacks, it continues to be invisible from anti-virus application and strong to the common procedures by IT team looking to fresh up a badly-infected PC.

To illustrate this, Brossard said he examined Rakshasa using 43 different anti-virus applications and none of them flagged the germs as risky. "Even if you modify your disk generate or modify your os (OS), you're still very much going to be [affected by the virus]," he said in a evaluation by MIT's Technological innovation Review.

When approached to intricate more on how the malware works, Brossard indicated ZDNet Japan to his analysis document instead.

Not so stealthy, scalable :

Very particular circumstances will have to be met for the Rakshasa germs to be able to be set up into a individuals PC and stay invisible consistently though, mentioned Mark Hd, mature analysis other at ESET. He said the cyber criminal will need access to the PC's provide cycle at some point in order to set up the germs and obtain control of it. On the other hand, it could be set up by a past germs already current in the PC, Hd described.

"Essentially, this is a evidence of idea and not a worldwide property of germs," Hd said. "Even if germs such as Rakshasa work in idea, it will not go that far."

Hardware pre installed with backdoors are not new to the protection market too, and market experts have been working on countering such firmware-based risks for many years, the ESET professional included.

To prevent hardware-related weaknesses, Hd recommended organizations to not buy elements from resources they do not believe in.

Ondrej Vlcek, CTO at Avast, also outlined the attempt to set up Rakshasa is frequently challenging to range and eventually not value the attempt for many cyber criminals. In comparison to conventional software-based strikes, applying Rakshasa is relatively challenging and not scalable, he said.

"It is true that certain uses may not be noticeable using conventional resources. But the attempt to apply such uses is high, and in fairly much all cases, absolutely not value it," Vlcek said.

He included for bigger organizations with bigger, more innovative protection systems, there are ways to identify these entry germs which are stealthier than conventional germs anyway. These protection resources will cost more than frequent resources such as anti-virus though, he mentioned.

Alexandru Catalin Cosoi, primary protection analysis of BitDefender, included a spot would always been found for every known weeknesses so it's a matter of your energy and energy before a spot for Rakshasa will be designed and launched for the public.
 

Posted by Unknown Monday, September 03, 2012

Car viruses? Intel Aims To Protect Drivers From Hackers

As high-technology is constantly on the slide into horseless carriages everywhere, there's one thing we can all depend on: misuse of that technological innovation. According to Reuters, Intel's "top hackers" are on the case though, poring over the application which abilities the coolest of vehicle technological innovation in wants of finding (and dashing) various insects and uses.

Except under the most specific of circumstances, the destructive results from an strike against an unaware customer's laptop or pc are often restricted. Online online criminals may be able to impact a pc, get into a customer's comfort or even grab somebody's identification. Resulting in injuries or loss of life though, is generally out of the question. However, with an improving amount of technological innovation and application growing contemporary automobiles, this could all change.

"You can definitely destroy individuals," statements David Bumgarner, CTO of a non-profit which calling itself the U.S. Internet Repercussions Unit.

As defined in the following book, Trial Protection Research of a Modern Automobile (pdf), scientists have already shown that a brilliant malware is capable of launching or interesting braking system on impulse, even at great connections. Such traumatic techniques could possibly put out the life of both its residents and others engaged in the producing incident. On certain automobiles, scientists were also able to secure and discover gates, start and turn off the engine and toggle the front lights off and on.

Ford spokesperson Mike Area guarantees us, "Ford is taking the risk very seriously and making an investment in security alternatives that are built into the product from the outset". Honda has been an head in the industry in implementing innovative automobile technology.

Thus far, there have been no revealed occurrences of damage or loss of life brought on by vehicle coughing. That's according to SAE Worldwide, a major requirements panel for automobile and aerospace sectors.

When requested by Reuters whether or not there had been any such reviews, most producers dropped to thoughts. However, McAfee professional Bruce Snell statements that car producers are still very worried about it. Snell confesses, "I don't think individuals need to anxiety now. But the future is really terrifying." McAfee, which is now possessed by Apple, is the department of Apple analyzing vehicle online security.

Posted by Unknown Wednesday, August 22, 2012

Aggressive Android Trojan SMSZombie Detected In China

Experts at TrustGo Security Laboratories have found the Trojan!SMSZombie.A, a new computer virus, according to an formal writing. It is a complicated and innovative viruses that uses a weeknesses in the Chinese suppliers Cellular SMS Transaction Program to invest in unexpected expenses, grab credit card numbers and invoice information regarding money exchanges. The computer virus is challenging to identify, and even more challenging to eliminate. The harmful value piggybacks on a background app found in GFan, China's biggest Android operating system industry. The computer virus sets up itself on a system after its individual has downloadable and set up the app, making recognition challenging. As a result, the background app is not flagged as harmful in the market. Further, the computer virus can change the quantity and moment of unexpected charges; that way most times customers don't know that they have been compromised.

Through the course of research, scientists at TrustGo found that the viruses is used to renew on the internet records of the online cyber criminals via the Chinese suppliers Cellular SMS Transaction Program. To avoid being found, the quantity damaged is usually relatively low.

Once set up, the app is effective enough to stop a customer's ability to eliminate it or turn off it. The writing has detailed a number of offers in which it can be found -- com.ldh.no1, com.lzll.pic, com.xqxmn18.pic, com.gmdcd.pic, com.gsjnqt1.pic, com.zqbb1221.pic and com.bntsxdn.pic.

The writing shows that the background app in which the viruses has been disguised gets the users' attention with attention seeking headings and pictures. Once a individual sets one of the picture as the lamps background, the app further requests the individual to set up more information associated with the computer virus. If the individual confirms, then the payload involved in a computer file called 'Android Program Service' is set up. Then the viruses efforts to get manager rights on it. Here, a individual cannot stop the step and refuse manager access to the viruses. Reaching the "Cancel" option causes the dialogue box to keep coming back until the individual selects "Activate". This way, customers find themselves incapable to remove or turn off the app.

Researchers have found that by using a settings computer file, which can be modified by the creators of the viruses at any time, it is possible for the viruses to indentify and forward sms information. As SMSes sometimes include financial information and other financial information, the viruses can create further chaos in individual records.

Posted by Unknown Tuesday, August 21, 2012