• Tag Archives online news

  • Rise in Anti-Child Porn Spam Protection Ransomware infections

    Posted on by admin Comment

    This ransomware pretends to be from a legitimate government organization that states that the infected computer is sending out SPAM that contains links to child pornography sites. The ransom program then states that in order protect yourself, and others, it has encrypted your data using Advanced Encryption Standards, or AES, encryption. Just like the Malware Protection and the ACCDFISA Protection Program variants, these files are not actually encrypted but are password protected RAR files.

    sl.png

    ScreenLocker window for ACCDFISA v2.0, There are actually a few different versions of this. ACCDFISA v2.0 HTML file, These can be worded slightly different, and can have different emails to message the virus creator.

    There seems to be either a leak of the ACCDFISA v2.0 source, or the creator is mixing up the layout of Ransom Note, Screen Locker, and even the internal code. So far I have found 3 different version of ACCDFISA v2.0 with different contact emails, Ransom Notes, Code, and what is worse is even the method of delivery. The previous ACCDFISA v2.0 mostly only affected servers with RDP enabled with weak security. But the last 2 victims I have been messaging had neither a server or RDP enabled, and claimed to have gotten it either by email or a malicious or hacked site. This makes this older modified infection another top placer for worst encrypting infections because the key is unrecoverable, Restore Points are wiped, the computer is locked down, services are mangled, free space and deleted files are wiped with SDelete, and of course files are encrypted with WinRar SFX AES exe’s.

    For informational purposes, the 2 virus creator emails I have found with these variants are brhelpinfo@gmail.com and Dextreme88@gmail.com.

    When first run, this program will scan your computer for data files and convert them to password protected RAR .exe files. These password protected data files will be named in a format similar to test.txt(!! to decrypt email id <id> to <Email>@gmail.com !!).exe. It will then use Sysinternal’s SDelete to delete the original files in such a way that they cannot be undeleted using file recovery tools. It will also set a Windows Registry Run entry to start c:\<Random Number>\svchost.exe when your computer starts. This program is launched immediately when you logon and blocks access to your Windows environment. If you boot your computer using SafeMode, Windows Recovery disk, or another offline recovery CD, you can delete or rename the c:\<Random Number>\svchost.exe file in order to regain access to your Windows Desktop. This “lockout” screen will also prompt you to send the hackers the ransom in order to get a passcode for the system lockout screen and for your password protected files.

    This variant took 3 hours to completely finish on my VM. I was able to access the key file, and decrypt nearly all files and back them up before shutdown. So if you are lucky enough to see this happening, you should immediately backup the key file on the desktop / in the ProgramData folder.

    Sadly, just like the past variants, files cannot be decrypted either without the key, or a backup. If you are reading this infection free I have one question, Have you backed up today?. If not, you better get to it as these types of computer infections are on the rise and definitely here to stay!

    The files that this infection creates when it is installed are:

    File List:

    c:\<Random>\svchost.exe – ScreenLocker / Decrypter

    c:\<Random>\howtodecryptaesfiles.htm – RansomNote that all RansomNotes lnk’s point to

    c:\ProgramData\fdst<Random>\lsassw86s.exe Encrypter / Main dropper

    c:\ProgramData\<Random>\<Random>.dll – Different Numbers and Hashes used by the infection / Also where Temp Key is kept, But removed after completion

    c:\ProgramData\<Random>\<Random>.DLLS List of files to be infected by WinRar

    c:\ProgramData\<Random>\svchost.exe – WinRar CUI renamed

    c:\ProgramData\<Random>\svchost.exe – Sdelete Renamed

    c:\ProgramData\svcfnmainstvestvs\stppthmainfv.dll List of Numbers used by the infection

    c:\ProgramData\svtstcrs\stppthmainfv.dll List of Numbers used by the infection

    c:\Windows\System32\backgrounds2.bmp Renamed ScreenLocker / Decrypter, Used to replace the one in ProgramData if deleted

    c:\Windows\System32\lsassw86s.exe Renamed Encrypter / Main dropper, Used to replace the one in ProgramData if deleted

    c:\Windows\System32\scsvserv.exe Used to complete mangle / disable services to further lock down computer

    c:\Windows\System32\lsassvrtdbks.exe Assists with encryption

    c:\Windows\System32\session455.txt Temp Storage used with .BAT file to logoff user account

    c:\Windows\System32\decryptaesfiles.html Used to copy to ProgramData

    c:\Windows\System32\Sdelete.dll Used to copy Sdelete to ProgramData

    c:\Windows\System32\kblockdll.dll Used to Lock desktop

    c:\Windows\System32\btlogoffusrsmtv.bat Used to log user off

    c:\Windows\System32\default2.sfx Used with winrar to encrypt files

    c:\Windows\System32\cfwin32.dll WinRar CUI renamed

    %Desktop%\<Random>.Txt – Also contains Decrypt Key, But removed after completion

    Registry List:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run C:\<Random>\svchost.exe – Launches ScreenLocker

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run C:\<Random>\svchost.exe – Launches ScreenLocker

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run C:\ProgramData\<Random>\svchost.exe – Launches ScreenLocker

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Virus Threats 📎and tagged

  • Microsoft throws old versions of Internet Explorer under the bus

    Posted on by admin Comment

    Come 2016, if you’re not up to date you’re on your own – enjoy your security bugs

    Microsoft has confirmed that it’s ending support for old versions of Internet Explorer, and it’s giving you just shy of 18 months to get up to date.

    Roger Capriotti, director of the IE team, blogged on Thursday that beginning on January 12, 2016, only the most recent version of IE on any supported version of Windows will continue to receive technical support and security updates.

    As of today, that means IE9 on Windows Vista SP2 and Windows Server 2008 SP2, IE10 on Windows Server 2012, and IE11 on any later version of Windows (including Windows Server 2012 R2).

    In fact, the only reason IE9 is still being supported on Vista is because no later versions will run on that little-loved OS. IE9 never won high marks from web devs, and Google, for one, has already discontinued support for it in Gmail and Google Apps.

    “For customers not yet running the latest browser available for your operating system, we encourage you to upgrade and stay up-to-date for a faster, more secure browsing experience,” Capriotti wrote.

    Microsoft is a late convert to web-standards religion, having spent the better part of 20 years releasing browsers that rendered sites in ways that were incompatible with rivals like Firefox, Chrome, and Safari.

    These days, the software giant markets standards compliance as a key feature of IE11, and it has even gone as far as to claim it’s had to build workarounds into its browser to support websites that are coded using the competition’s nonstandard features.

    Redmond even seems to want to atone for its own past bad behavior. It’s now encouraging commercial customers who have built their bespoke web apps for older, patently terrible versions of IE to upgrade to IE11 and use its “Enterprise Mode” to maintain backward compatibility with those standards-shirking browsers.

    Enterprise Mode, which Microsoft shipped with the Windows 8.1 Update and as a standalone patch in April, makes IE11 behave like IE8, even going as far as to announce the old version to websites and ActiveX controls that have been hard-coded for specific browser releases.

    Concurrent with its announcement of the end of support for old IE versions, Microsoft said on Thursday that it will continue to support Enterprise Mode through the full lifecycle of whichever OS IE11 is running on – meaning it will be supported on Windows 7 through January 14, 2020, for example.

    As Microsoft points out, however, most consumers won’t have to worry about much of this – at least until their version of Windows reaches the end of its lifecycle – because they get the latest version of IE installed automatically as a function of Windows Automatic Updates.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • Secret Government and Law enforcement spyware leaked

    Posted on by admin Comment
    Thursday, August 07, 2014

     

    Company That Sells 'FinFisher' Spying Software Got Hacked, 40GB Data Leaked
    FinFisher spyware, a spyware application used by government and law enforcement agencies for the purpose of surveillance, appears to have been hacked earlier this week and a string of files has been dumped on the Internet.
    The highly secret surveillance software called “FinFisher” sold by British company Gamma International can secretly monitors computers by turning ON webcams, recording everything the user types with a keylogger, and intercepting Skype calls, copying files, and much more.
    A hacker has claimed on Reddit and Twitter that they’d infiltrated the network of one of the world’s top surveillance & motoring technology company Gamma International, creator of FinFisher spyware, and has exposed 40GB of internal data detailing the operations and effectiveness of the FinFisher suite of surveillance platforms.
    The leaked information was published both on a parody Gamma Group Twitter account (@GammaGroupPR) and Reditt by the hacker that began publishing links to the documents and satirical tweets.
    The leaked files includes client lists, price lists, source code of Web Finfly, details about the effectiveness of Finfisher malware, user and support documentation, a list of classes/tutorials, and much more.
    The Reddit post Gamma International Leaked in self.Anarchism said, “a couple days ago [when] I hacked in and made off with 40GB of data from Gamma’s networks. I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lots of other stuff in that 40GB.”

    The FinFisher files were first leaked on Dropbox as a torrent file and since have been shared across the internet, which means that it is now impossible to stop the information from being leaked.

    One spreadsheet in the dump titled FinFisher Products Extended Antivirus Test dated April this year, details the anti-virus detection rates of the FinFisher spyware which German based Gamma Group sold to governments and law enforcement agencies.

    It shows how FinFisher performed well against 35 top antivirus products. That means FinFisher would probably not be detected by a targeted users’ security systems.


    One more document also dated April this year has been identified that detailed release notes, for version 4.51 of FinSpy, show a series of patches made to the products including patch to ensure rootkit component could avoid Microsoft Security Essentials, that the malware could record dual screen Windows setups, and improved email spying with Mozilla Thunderbird and Apple Mail.


    The file dump also reveals that FinFisher is detected by OS X Skype (a recording prompt appears), so the users of OS X Skype would be alerted to the presence of FinFisher by a notification indicating that a recording module was installed.
    Company That Sells 'FinFisher' Spying Software Got Hacked, 40GB Data Leaked
    FinFisher cannot tap Windows 8 users, so rather the desktop client, the users should opt for the Metro version of Skype.
    The dump also contains a fake Adobe Flash Player updater, a Firefox plugin for RealPlayer and an extensive (though still undetermined) documentation for WhatsApp.

    A price list, which appeared to be a customers’ record, revealed the FinSpy program cost 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each,” the Reg. reported. “The document did not contain a date but it did show prices for malware targeting the recent iOS version 7 platform.”

    The leaked documents also included a FinSpy user manual and brochure. This previously kept so-called spying secret is not a secret now and we’ll be going to find a lot more in the upcoming weeks.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • Airplanes can be hacked through the Inflight Entertainment system

    Posted on by admin Comment

     

    Airplanes Can be hacked through the onboard entertainment system

    Airplanes can be hacked via Inflight Entertainment system

    Almost a year ago, at the ‘Hack In The Box’ protection peak in Amsterdam, a protection specialist at N.Runs and a professional air travel lead, Hugo Teso presented a business presentation that it’s possible to take control of airplane journey techniques and emails using an Android operating system smart phone and some specific attack code.

    Quite similar to the previous one, a protection specialist statements to have developed a method that can give online scammers access to the satellite tv emails equipment on traveler airplanes through their WiFi and in-flight enjoyment techniques.

    Cyber protection expert Ruben Santamarta, a advisor with online protection firm IOActive, will reveal his analysis and all the technical details this week at a major Las Las vegas cyberpunk meeting, Black Hat meeting, showing How professional airliner satellite tv interaction techniques can also be affected by online hackers, along with the proof of satellite tv emails system weaknesses that questions the factors these techniques are using.

    Santamarta analysis paper named “SATCOM Terminals: Coughing by Air, Sea and Land” describes that delivers, airplane and plants are all at risk of being affected — perhaps with disastrous results.

    We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify or re-route traffic provides an invaluable opportunity to carry out attacks,” Santamarta wrote in his paper.

    Until now, it’s just a declare, but if verified, could immediate a extensive rebuild of airplane protection and other SATCOM devices, and throw evaluation on the way its digital protection have been handled in previous times.

    According to the researcher’s subjective of the discuss published, he will describe how gadgets marketed by the world’s major SATCOM providers contain important protection faults. IOActive also stated to have identified that “100 % of the gadgets could be abused” by an range of strike vectors.

    “In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it.” Santamarta wrote in the description to his talk. He told Reuters, “These devices are wide open. The goal of this talk is to help change that situation.”

    Many of SATCOM providers techniques have hardcoded log-in qualifications — same qualifications used in several techniques — providing online hackers potential to grab qualifications from one program and use them to access other techniques, as a result of it, online hackers can turn off the emails and can intervene with the plane’s routing.

    The specialist found the weaknesses by “reverse engineering” the extremely particular software known as firmware, used to function emails devices made by Cobham Plc, Harris Corp, EchoStar Corp’s Gaines System Systems, Iridium Communications Inc and Asia Stereo Co Ltd.

    Meanwhile, he found a concept that a cyberpunk could make use of a plane’s on board Wi-Fi indication or in-flight enjoyment program to crack into its avionics devices. This could allow them to affect or change the plane’s satellite tv emails, possibly disrupting the aircraft’s routing and protection techniques.

    However, it is really worth noting that just because a security specialist is capable of doing the crack, doesn’t mean online hackers are doing it or can easily execute it, too. Santamarta has also recognized that his hackers showing the concept have been performed in managed test, and he is not sure how realistic the crack would be in real life.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • SandroRAT Mobile Phone Android Malware that Disguises as Kaspersky Mobile Security

    Posted on by admin Comment
    Researchers have warned users of Android devices to avoid app downloads from particularly unauthorized sources, since a new and sophisticated piece of malware is targeting Android users through phishing emails.
    The malware, dubbed SandroRAT, is currently being used by cybercriminals to target Android users in Poland via a widely spread email spam campaign that delivers a new variant of an Android remote access tool (RAT).
    The emails masquerade itself as a bank alert that warns users of the malware infection in their mobile device and offers a fake mobile security solution in order to get rid of the malware infection.
    The mobile security solution poses as a Kaspersky Mobile Security, but in real, it is a version of SandroRAT, a remote access tool devised for Android devices, whose source code has been put on sale on underground Hack Forums since December last year.
    A mobile malware researcher at McAfee, Carlos Castillo, detailed the new variant of Android remote access trojan over the weekend. According to the researcher, the package spread via phishing campaign is capable of executing several malicious commands on the infected devices.
    SandroRAT gives the attacker an unrestricted access to sensitive details such as SMS messages, contact lists, call logs, browser history (including banking credentials), and GPS location data stored in Android devices and store all the data in an “adaptive multi-rate file on the SD card” to later upload them to a remote command and control (C&C) server.

    Spam campaigns (via SMS or email) are becoming a very popular way to distribute Android malware, which can steal personal information or even obtain complete control of a device with a tools like SandroRat,” wrote Carlos Castillo. “This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behavior of legitimate banks.”

    This new version of SandroRAT also has a self-update feature in it and it can install additional malware through user prompts for such actions. The malware gives the attacker full control over the messages, who can intercept, block and steal incoming messages, as well as insert and delete them.
    It also appears that the attacker can send multimedia messages with specific parameters sent by the C&C server and can also record nearby sounds using the device’s mic.
    Castillo also notes that the SandroRAT variant of malware had decryption capabilities for older releases of Whatsapp messaging app. But, the users running the latest version of Whatsapp in their Android devices are not vulnerable because the developers adopted a stronger encryption scheme.

    This decryption routine will not work with WhatsApp chats encrypted by the latest version of the application because the encryption scheme (crypt7) has been updated to make it stronger (using a unique server salt),” Castillo explained. “WhatsApp users should update the app to the latest version,” he advised.

    Users are advised to avoid application downloads from unauthorized sources, particularly when the app download link is send through an email. Good practice is to always prefer downloading apps from the Google Play Store or other trusted sources.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

     


    📂This entry was posted in Virus Threats 📎and tagged

  • iSpy? Researcher exposes backdoor in iPhones and iPads

    Posted on by admin Comment

    How much of your personal data on your iPhone or iPad would you be willing to bet law enforcement or a hacker can grab from your device, even if you’ve encrypted it?

    How about all of it?

    A “backdoor” that Apple built into iOS for developers can be used to spy on iPhones and iPads by governments, law enforcement, or cyber criminals, according to forensics researcher Jonathan Zdziarski.

    For the backdoor to be exploited by a spy, your iDevice needs to be synced to another computer via a feature called iOS pairing.

    Once your iDevice is paired to your PC or Mac, they exchange encryption keys and certificates to establish an encrypted SSL tunnel, and the keys are never deleted unless the iPhone or iPad is wiped with a factory reset.

    That means a hacker could insert spyware on your computer to steal the pairing keys, which allows them to locate and connect to your device via Wi-Fi.

    Because iPhones and iPads automatically connect to Wi-Fi networks with names they recognize, an attacker could then set up a hotspot using a spoofed network name to get your device to connect, and grab all your data.

    Zdziarski used his talk at the HOPE X hacker conference on 18 July to state that Apple’s backdoors give access to personal data that’s beyond what developers or Apple itself need.

    In mentioning that the Snowden leaks revealed the National Security Agency (NSA) had used backdoors in iPhone, Android and BlackBerry, Zdziarski also implied that the NSA may have used Apple’s backdoors for easy access to iPhones and iPads.

    Apple issued a statement to reporters, acknowledging the access through pairing.

    But what Zdziarski described as a backdoor, Apple calls “diagnostic functions” – Apple said developers and IT departments need them for “troubleshooting.”

    Apple’s statement also flatly denies any cooperation with the NSA, or government agencies “from any country.”

    We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues.

    A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.

    As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.

    Zdziarski said:

    Apple’s seeming admission to having these back doors, however legitimate a use they serve Apple, unfortunately have opened up some serious privacy weaknesses as well.

    I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices.

    The lack of disclosure of these security loopholes is a bit puzzling, but Apple seems to have, at least, done the disclosing part now.

    Will Apple back down?

    Will the programmers in Cupertino be instructed to remove the libraries, or perhaps limit their use to developers debugging their apps?

    Chances are that’s not going to happen, not least because Apple obviously went to some trouble to get all this stuff working in the first place.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • iPhone 6 leak – Sneak Preview of what’s to come

    Posted on by admin Comment

    If the rumors hold true, the next iPhone could sport a nearly indestructible and perhaps flexible sapphire screen. That sound you hear is Apple muttering, “Bring it on” to device torture-testers everywhere.

    espanol-iphone6-rumorv3.jpg

    The iPhone 6 seems to be itchin’ for a fight, if the rumors are true.

    A video making the rounds this week purports to show a sapphire crystal screen panel from the upcoming iPhone 6 withstanding some pretty serious scratches and stabs from a hunting knife and some keys.

    It’s an impressive demonstration that, along with other rumors that the next iPhone‘s screen could also be curved or flexible, means that those like myself in the device torture-testing community might need to up our game in the near future.

    In the past, simply dropping a device (sometimes from great heights) has sufficed, but to literally scratch the surface of sapphire’s vulnerabilities is probably going to take a little more creativity.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

     


    📂This entry was posted in Uncategorized 📎and tagged

  • Chinese Hackers Brake into The United States Database of Federal Employees

    Posted on by admin Comment

    Chinese hackers broke into the computer systems of United States government agency that keeps the personal information of all federal employees, according to the paper published in the New York Times.

    The attack occurred on the Office of Personnel Management and Senior American officials believe that the attackers successfully gained access to some of the agency’s databases in March before the federal authorities detected the threat and blocked them from the network.

    The hackers targeted the files of tens of thousands of federal employees who have applied for top-secret security clearances, the newspaper reported.

    The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their personal information through the website,” states the New York Times.

    Until now, it is not clear how far the hackers were able to infiltrate the networks of the US Office of Personnel Management.

    But the databases they managed to hack include information such as employment records, people seeking security clearance list their foreign contacts, previous jobs and personal data like past drug use etc, which all could be at risk.

    In response to this matter, a senior Department of Homeland Security official confirmed that the attack had occurred but said that “at this time,” neither the personnel agency nor Homeland Security had “identified any loss of personally identifiable information.” The official said an emergency response team was assigned and handled over the matter “to assess and mitigate any risks identified.”

    Again it started a cold war between China and the United States, because according to the senior US officials, the attack was traced to China. But yet it is unclear if the hackers belonged to the government.

    Where China said that it faces a major threat from hackers, accused the NSA and U.S. Cyber Command for targeting Chinese politicians and military. The United States recently charged five Chinese military officials for carrying out cyber espionage against several American companies and stealing sensitive data by breaking into corporate systems.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • How to jailbreak iphone 5 iOS 7.1 and iOS 7.1.1. cell phones – mobil

    Posted on by admin Comment
    jailbreak ios tools

    Quite Surprisingly, a team of Chinese hackers, Pangu have released an untethered jailbreak for iOS 7.1 and iOS 7.1.1.

    This untethered jailbreak is compatible with iPhone 5s, iPhone 5c, iPhone 4S, iPhone 4, iPad Air, iPad 4, iPad 3, iPad 2, iPad mini, Retina iPad mini and iPod touch 5G running iOS 7.1-iOS 7.1.1.

     

    The jailbreak tool is currently available for Windows but works on every iOS devices. Many iOS users have posted on Reddit that the tool works successfully.

    Jailbreaking is a process of removing limitations on iOS devices, Apple’s operating system, so you can install third party software not certified by Apple. Such devices include the iPhone, iPod touch, iPad, and second-generation Apple TV.

     

    One question rises in my mind that when Apple’s system root protections have been greatly enhanced in an effort to make jailbreaks more difficult, then what’s the whole story behind the unexpectedly release of this jailbreak tool?

     

    STEPS TO JAILBREAK iOS 7.1 & iOS 7.1.1
    The installation process of the isn’t as simple as the previous jailbreak, but you can follow this Reddit thread:

     

     

    1. Make sure you have iTunes installed.
    2. Edit your iPhone’s date to June 2, 2014
    3. Open the PanGu.exe file
    4. Click the black button to the right (also UNCHECK THE CHECKMARK where you see random characters and the “PP”)
    5. As soon as the “brush stroke” loading bar fills to 20%, the PanGu app will appear on your phone
    6. Tap it
    7. Select Continue
    8. It will fill the loading brush stroke until 80% and your iTunes will open (it will only open IF you have iTunesHelper.exe on your Windows Taskbar)
    9. Close iTunes
    10. Your device will reboot
    11. When it opens again, wait for the brush stroke to complete to 100%
    12. Your device will reboot once more
    13. The process will be finished 100%
    14. The PanGu app will be replaced with Cydia
    15. Do your usual stuff by opening Cydia and continue with what you want to install by then.
    16. For precautionary measures, install Complete PPSync Remover (on https://cydia.angelxwind.net repo) because even though you uncheck the “PP” on step 4, it installs it anyway (internally without the app showing)

     

    COMPATIBLE DEVICES

    This Untethered Jailbreak is compatible with following devices running iOS 7.1-iOS 7.1.1:

    • iPhone 5s
    • iPhone 5c
    • iPhone 4S
    • iPhone 4
    • iPad Air
    • iPad 4
    • iPad 3
    • iPad 2
    • iPad mini
    • Retina iPad mini
    • iPod touch 5G
    CONTROVERSY OF STOLEN JAILBREAK EXPLOIT
    It’s worth noting that the jailbreak is available from a new team and the said hack is the first from the team. The controversy behind the sudden release of the jailbreak apparently came from one of the exploits used by a security expert and known jailbreaker Stefan Esser, aka i0n1c, who show off the method to jailbreak the iOS 7.1.1 using iPhone 5C during his training session.

     

    IOS jailbreak tool

     

    The people behind it reportedly took this training session given by Esser and allegedly exposed his exploit in the market. Esser expressed his disappointment over the adoption of his exploit via his twitter account, and later Esser even called the Pangu team members “thieves” and wished “everyone of my followers who installed Pangu much fun with malware from China.

    The jailbreak tool (download here) apparently installs the most popular third-party app installer Cydia, but also throws in a Chinese store with apps unsanctioned by Apple.

    However, world-renowned software developer and a very well-known iOS hacker, H8sn0w has confirmed via Twitter that the jailbreak tool does not contain any spyware or malicious software in it and is safe to use.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Uncategorized 📎and tagged

  • TowelRoot – 1-Click Android Rooting tool released by Geohot

    Posted on by admin Comment

    one click android rooting software app

     

    Waiting for the root access for your AT&T or Verizon Android phone? Then there is really a Great News for you!

    Geohot (aka George Hotz) – a famed cracker who was responsible for hacking the PlayStation 3 and subsequently being sued by Sony – has built and released a root tool called Towelroot on Sunday night that will let most Android smartphones users to root their Android device with one click only, as long as it has an unpatched version of the Linux kernel.
    EXPLOITS LINUX KERNEL VULNERABILITY 

    Towelroot application exploits the same vulnerability (CVE-2014-3153) which was recently disclosed by the hacker Pinkie Pie in the Linux kernel version 3.14.5 and most versions of other Android devices, which could be leveraged by hackers to potentially acquire root access on affected devices.

     

    Having root access of your device simply means you make System-level changes to your device such as accessing and modifying any file or program using any mode (single- or multi-user). It is just like operating an administrator account on a computer.
    SUPPORTED DEVICES

    Towelroot supports handful of devices so far including some particularly tough phones. here’s the list:

    • AT&T Galaxy S5
    • Verizon Galaxy S5
    • Galaxy S4 Active
    • Nexus 5
    • AT&T Galaxy Note 3
    • Verizon Galaxy Note 3
    • Also some users have even reported its success with the all time favorite company of GeoHot, Sony Xperia SP C5303.

    Geohot became famous for being the first person to carrier unlock the original iPhone in 2007 and later for creating the limera1n jailbreak tool for future versions of the iPhone. He gained fame after subsequently hacking the software of the PlayStation 3 console, thereby opening up the ability to add homebrew and play pirated games, for which he was taken to court by Sony.
    HOW TO ROOT ANDROID DEVICE

    Step 1: Download Android Rooting application from towelroot.com and install it.

    Step 2: While Installation you might receive warning message saying that Towelroot “contains code that attempts to bypass Android’s security“. Just hit Install anyway after selecting the checkbox: “I understand and still want to install it“.

    Step 3: Once the Towelroot installation completes, launch the application and click the button reading “make it ra1n” and it will force your device to reboot.

    Step 4: After the device reboots to home screen your phone will be rooted with its bootloader unlocked. Cheers!

    Along with the Android users who were itching to get Android rooting technique for their devices and doing tons of things such as customizations, patching apps and installing third-party ROMs, the new tool will also allow cybercriminals as well to gain administrative access to a victim’s phone.

     

    Specifically, at the same time the cyber criminal with the administrative access could potentially run malicious code, retrieve files, bypass third-party or security applications including containers like Samsung’s secure Knox sub-operating system, and place backdoors for future access on users’ devices.

     

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Uncategorized 📎and tagged

  • Zeus Trojan (or Zbot Trojan) steals confidential information from the infected computer.

    Posted on by admin Comment
    Pandemiya hacking trojan

    A new and relatively rare Zeus Trojan program was found which is totally different from other banking Trojans and has capability to secretly steal data from forms, login credentials and files from the victim as well as can create fake web pages and take screenshots of victim’s computer.

    Researchers at RSA Security’s FraudAction team have discovered this new and critical threat, dubbed as ‘Pandemiya’, which is being offered to the cyber criminals in underground forums as an alternative to the infamous Zeus Trojan and its many variants, that is widely used by most of the cyber-criminals for years to steal banking information from consumers and companies.

     

    The source code of the Zeus banking Trojan is available on the underground forums from past few years, which lead malware developers to design more sophisticated variants of Zeus Trojan such as Citadel, Ice IX and Gameover Zeus.

     

    But, Pandemiya is something by far the most isolated and dangerous piece of malware as the author spent a year in writing the code for Pandemiya, which includes 25,000 lines of original code written in C.
    Like other commercial Trojan, Pandemiya infect the machines through exploit kits and via drive-by download attacks to boost infection rate that exploit flaws in the vulnerable software such as Java, Silverlight and Flash within few seconds victim lands on the web page.

    Pandemiya’s coding quality is quite interesting, and contrary to recent trends in malware development, it is not based on Zeus source code at all, unlike Citadel/Ice IX, etc.,” researchers from RSA, the security division of EMC, said Tuesday in a blog post. “Through our research, we found out that the author of Pandemiya spent close to a year of coding the application, and that it consists of more than 25,000 lines of original code in C.

    Pandemiya Trojan using Windows CreateProcess API to inject itself into every new process that is initiated, including Explorer.exe and re-injects itself when needed. Pandemiya is being sold for as much as $2,000 USD and provides all the nasty features including encrypted communication with command and control servers in an effort to evade detection.The Trojan has been designed with modular architecture to load more external plug-ins, which allows hackers to add extra features simply by writing new DLL (dynamic link library). The extra plug-ins easily add capabilities to the Trojan’s core functionality, that’s why the developer charge an extra of $500 USD to get the core application as well as its plugins, which allows cybercriminals to open reverse proxies on infected computers, to steal FTP credentials and to infect executable files in order to inject the malware at start up.

     

    The advent of a freshly coded new trojan malware application is not too common in the underground,” Marcus writes, adding that the modular approach in Pandemiya could make it “more pervasive in the near future.

    The malware developers are also working on other new features to add reverse Remote Desktop Protocol connections and a Facebook attack module in order to spread the Trojan through hijacked Facebook accounts.

    HOW TO REMOVE PANDEMIYA TROJAN

    The Trojan can be easily removed with a little modification in the registry and command line action, as explained below:

      1. Locate the registry key HKEY_LOCAL_USER\Software\Microsoft\Windows\CurrentVersion\Run and identify the *.EXE filename in your user’s ‘Application Data’ folder. Note the name, and delete the registry value.
      2. Locate the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls. Find the value with the same name as the *.EXE file in the previous step. Note the file name, and remove the value from the registry.
      3. Reboot the system. At this stage Pandemiya is installed but no longer running. Delete both files noted earlier. This will remove the last traces of the Trojan. Your system is now clean.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Virus Threats 📎and tagged

  • First Android Phone Ransomware that Encrypts your SD card Files

    Posted on by admin Comment
    We have seen cybercriminals targeting PCs with Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it.
    To deliver the Ransomware malwares to the mobile devices, cyber criminals have already started creating malicious software programs for android devices. Last month, we reported about a new Police Ransomware malware that locks up the devices until the victims pay a ransom to get the keys to unlock the phone. But, the malware just lock the mobile screen and a loophole in the its implementation allowed users to recover their device and data stored on SDcard.

    Now, in an effort to overcome this, threat actors have adopted encryption in the development of mobile Ransomware malwares. Recently, the security firm ESET has discovered a new Android ransomware, dubbed as Android/Simplocker.A, that has ability to encrypt the files on the device SD card and then demand a ransom from the victim in order to decrypt those files.

    Once installed, the malware scans the SD card for certain file types such as image, document or video with extensions – jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypts them using AES in a separate thread in the background. After encrypting the files, the malware displays the following ransom message, written in Russian, which clearly means that this threat is targeting Russian Android users.

    WARNING your phone is locked!
    The device is locked for viewing and distributing child pornography , zoophilia and other perversions.
    To unlock you need to pay 260 UAH.
    1.) Locate the nearest payment kiosk.
    2.) Select MoneXy
    3.) Enter {REDACTED}.
    4.) Make deposit of 260 Hryvnia, and then press pay. Do not forget to take a receipt!
    After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!

    The Ransomware malware directs victim to pay the ransom amount i.e. 260 UAH, which is roughly equal to $21 US, through the MoneXy service, as this payment service is not easily traceable as the regular credit card.

    mobile virus

    To maintain anonymity the malware author is using the Command-and-Control server hosted on TOR .onion domain and the malware sends the information of the infected device such as IMEI number to its server. The researchers at ESET are still analysing the malware:

    Our analysis of the Android/Simplock.A sample revealed that we are most likely dealing with a proof-of-concept or a work in progress – for example, the implementation of the encryption doesn’t come close to “the infamous Cryptolocker” on Windows.

    The researchers have found that the malware is capable to encrypt the victim’s files, which could be lost if the decryption key is not retrieved from the malware author by paying the ransom amount, but on the other hand the researchers strongly advise users against paying fine, as their is no guarantee that the hacker will provide you decryption keys even after paying the amount.
    Unfortunately, mobile antivirus products are only capable to detect such known/detected threats only and can’t detect similar the new threats. So, it is important for you to always keep the back-up of all your files either manually on the computer system or use cloud backup services like dropbox, google drive etc, in order to protect it from the emerging threats.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

     


    📂This entry was posted in Virus Threats 📎and tagged