Skip to content
Skip to LINKS-2
Skip to SEARCH-2
Skip to RECENT-POSTS-2
Skip to RECENT-COMMENTS-2
Skip to CATEGORIES-2
Skip to META-2
Skip to CALENDAR-2
Skip to CUSTOM_HTML-3

Complete Computer Repair Latest Virus news Local Fort Lauderdale Miami, USA

Shrunk Expand

Primary Navigation

  • Home
  • Computer Repair Website
  • Tel. 754-234-5598
  1. Complete Computer Repair Latest Virus news Local Fort Lauderdale Miami, USA
  2. DNS
  • Tag Archives DNS
  • Using DNS to weaken Locky ransomware threat

    Posted on February 8, 2017 4:42 pm by admin

    Ransomware and other cyberthreats often go unseen by traditional detection methods like antivirus, deep packet inspection (DPI) or sandboxing. In fact, a report by Lastline Labs indicates that 51% of zero-day malware—threats that strike before developers have time to release a patch—is undetected by anti-virus solutions. So what can security professionals do to stop attacks? The answer lies, in part, in DNS.

    One of the most powerful ransomware threats currently targeting individuals and organizations is Locky, which infects up to 100,000 devices per day, of which 3% submit payments. Cybersecurity experts estimate that Locky possesses 17% of the entire global market share for all ransomware infections.

    First, let’s look at a few statistics that demonstrate the power and expense of Locky:

    • Number of malicious email attachments delivered by Locky in Q2 2016 = 7 in 10
    • The average ransom demand = $459
    • Number of file types that can be encrypted by Locky (e.g., .docx, .jpeg, .xlsx) = 160
    • The largest Locky payout to date = $17,000
    • Number of devices infected daily around the world = 90,000
    • Average daily payout by Locky at the current bitcoin exchange rate = $1.6M

    Locky is typically delivered through aggressive spam campaigns, often claiming to be an invoice. Despite the known dangers of clicking on links in unknown emails, Locky is so sly it entices even trained IT staff to click on obscure messages and activate downloads.

    Once a download has completed, Locky connects with its Command & Control (C&C) server to get a cryptographic key to use for encryption. There are three known mechanisms for Locky to reach its C&C hosts:

    1. Direct IP communication
    2. A number of fixed domains
    3. A time-based Domain Generation Algorithm (DGA) that creates a set of random-looking domains that are only valid for a few days

    Here is where DNS can play a role. DNS data can be analyzed to identify C&C connection mechanisms. When these communications are blocked, Locky’s ability to obtain encryption keys is limited, giving infected users a better chance of being protected.

    Unfortunately, the DGA used by Locky to generate domains and get encryption keys is marked with the current time period combined with a secret seed, making it harder to block new domains quickly. Locky changes seeds frequently, and reverse engineering current versions of the malware to discover each new seed takes time. Every new seed indicates another wave in the life of the exploit, so until there is an accurate way to identify traffic associated with Locky, it can’t be permanently blocked.

    But examination of a worldwide feed of anonymized DNS queries, along with anomaly detection and correlation technology, makes it possible to identify suspected domains used by Locky to download encryption keys in real time. ForcePoint is one company that has done some work to reverse engineer the DGA used by Locky. By using the existing DGA and conducting some additional processing of suspect domains, it is possible to determine new seeds used by Locky, thereby enumerating all future new domains Locky will use.

    Below is a sampling of more recent domains created by Locky as detected by our DNS algorithms:

    • mrjuvawlwa[.]xyz
    • uydvrqwgg[.]su
    • uwiyklntlxpxj[.]work
    • owvtbqledaraqq[.]su
    • udfaexci[.]ru
    • eabfhwl[.]ru
    • olyedawaki[.]pl
    • uxwfukfqxhydqawmf[.]su
    • ikdcjjcyjtpsc[.]work
    • wrbwtvcv[.]su
    • osxbymbjwuotd[.]click
    • qtuanjdpx[.]info

    As Locky and other types of ransomware become more adept at avoiding detection and remediation, new strategies need to be used to combat them. Many of the new cyberthreat strategies make traditional malware block lists less effective. Facing DGAs with fast-changing seeds, security researchers must constantly identify the new seeds used by each wave of phishing to pre-generate domains. Once new seeds are released the old ones immediately become obsolete.

    By utilizing a broad set of DNS query data, it is possible to detect and track the evolution of generated domains through a variety of algorithmic methods such as clustering, reputation scoring, reverse engineering and additional methods that continuously evolve. Recent innovations include anomaly detection algorithms, new domain clustering and a Domain Reputation System that resulted in almost 100,000 domains and C&Cs provisioned daily for blocking.

    By employing these advanced methods, suspicious domains can be detected with a high level of accuracy very quickly, and false positives can also be weeded out so good traffic can still reach legitimate sites. Currently, this is the best defense against Locky. Service providers and companies can use this technique to protect their online users from having their files encrypted, and identify machines that have been infected.

    Locky provides ample evidence that attackers are continuously innovating. Staying one step ahead requires cybersecurity expertise and real-time processing of massive, worldwide data sets to uncover malicious activity. Blocking traffic to these domains is a good way to avoid the threat of Locky, and expert security teams that take the right steps to understand its behavior and put appropriate measures in place to protect would-be victims will render cyberthreats much less effective.


    📂This entry was posted in Computer News Virus Threats 📎and tagged Blocking Traffic complete computer repair Computer Technology News Cyber Security Cyber Threats Cyberthreat data DECRYPTER Decryption Detecting Malware DNS DNS Weakens Locky Domain Reputation System DRS encrypted files IT News Locky Locky Data Locky Decrypter Locky Dection Locky Domains Locky Files Locky Ransomeware Locky RealTime Locky Spam new virus news online news online threats Payload Security threats virus
  • Free Windows Desktop Software Security List – IP-Blocking Pop-up Blocker and more

    Posted on January 2, 2017 9:47 pm by admin

    IP-Blocking / Popup-Blocker / Hardening

    IP filtering applications:
    Peerblock
    ProtoWall
    Bot Revolt

    HTTP filtering applications:
    NoVirusThanks Website Blocker
    Web Monitor
    Active Wall Web Filter

    Parental control:
    Best Free Parental Filter
    Norton Safety Minder
    Windows Live Family Safety
    Kidzui
    K9 Web Protection
    Avira Social Network Protection
    Parental Control Bar
    Safesquid
    AOL Parental Controls
    DansGuardian
    Kidz CD
    BlockSmart
    Cloudacl Addons (FF,Ch)
    GoGoStat
    FoxFilter (FF,Ch)
    ProCon Latte (FF)
    Profanity Filter (FF, Ch)
    Blocksi (Ch)
    Qustodio
    MinorMonitor
    Kurupira Web Filter
    JuniorWatch
    Safe Internet for kids
    Dns Angel
    See also in this list: Password protect applications

    IP/URL/domain blacklists:
    Spy Eye Tracker
    Zeus Tracker
    Blocklist Manager
    I-Blocklist
    AlienVault
    StopBadware
    OpenDNS
    Threat Log
    DShield
    More

    Domain security:
    Subsections follow.

    1. Domain Name System (DNS):
    Subsections follow.

    1.1 Public DNS servers:
    Norton ConnectSafe
    OpenDNS
    Comodo Secure DNS
    DNS Advantage
    ScrubIT
    FoolDNS
    Google DNS
    Gozoom DNS
    DNSresolvers
    Safe DNS
    CloudNS
    Yandex.DNS
    BA.net
    OpenNIC
    Verisign Public DNS
    More: 1; 2

    1.2. DNS server configuration:
    Public DNS Server Tool
    DNS Helper
    ChrisPC DNS switch
    QuickSetDNS
    Check DNS-settings
    Dns jumper
    DNS Benchmark
    Namebench

    1.3. DNS server applications:
    Unbound
    DNSKong

    1.4. DNS proxies:
    Acrylic

    1.5. DNS encryption:
    Dnssec-Trigger
    DNSSEC Validator (FF)
    DNSSEC or not? 
    DNSCrypt
    SSL-DNS

    2. Hosts file:
    Subsections follow.

    2.1. Information:
    Using the Windows Hosts File for Security and Privacy

    2.2. Third-party hosts files:
    hpHosts
    MVPS HOSTS
    Hostfile
    someonewhocares HOSTS

    2.3. Management:
    Hostsman
    HostsXpert
    BISS Host File Manager; download
    Hostblock
    BlueLifeHosts editor
    PowerShell script
    Hosts Block

    Anti-spam:
    Subsections follow.

    1. Information:
    How to Avoid Getting Spammed
    How to Reduce Spam
    Quickly Block All Future Emails From Selected Senders In Gmail

    2. Spam filtering applications:
    Best Free Spam Filter for the Average User
    Best Free Spam Filter for Experienced Users
    Spam Blockers: The Best Products for Home Use
    SpamAssassin
    SpamBayes
    Spamihilator
    SPAMfighter
    Comodo Antispam
    Mailwasher
    BullGuard Spamfilter
    POPFile
    SpamPal
    ASSP
    Phalanx
    AVS Antispam
    Agnitum Spam Terrier
    SafeMule
    xTerminator
    K9
    AntispamSniper for The Bat!
    SpamFence
    0Spam
    BitDefender 4blogs

    3. Spam blacklists:
    Spamhaus ; Why was my IP address listed on Spamhaus?
    SpamCop Blocking List
    Project Honey Pot
    SURBL
    SORBS
    UCEPROTECT

    Browser element blacklists:
    SpywareBlaster
    ZonedOut
    Adding unwanted sites to the Internet Explorer Restricted Zone


    📂This entry was posted in Computer News Computer Repair bulletin 📎and tagged adds Advertizing Anti Spam Blacklist of IP's Block Bad IP's Browsing Internet complete computer repair DNS Domain Security Family Safety fort lauderdale FREE Parental Filter HOSTS File IP Blocklist IP Filtering Kids Internet Filters miami news online online security Parental Controls Pop-up Blocker popups Protect Yourself Safe Internet Safe Internet for Kids Spammer Block Spy Blocker Spy Tracker Website Blocker
  • Android Trojan Switcher Infects Routers via DNS Hijacking – Android Trojan Switcher Infects Routers via DNS Hijacking

    Posted on December 29, 2016 7:00 pm by admin

    Android Trojan Switcher Infects Routers via DNS Hijacking

     

    A new Android Trojan uses a victims’ devices to infect WiFi routers and funnel any users of the network to malicious sites. The malware doesn’t target users directly – instead its goal is to facilitate further attacks by turning victims into accomplices.

     

    Researchers at Kaspersky Lab, who discovered the malware and dubbed it Switcher Trojan, claim they’ve seen two versions of the malware. Attackers have used both iterations to commandeer 1,280 wireless networks, most of them in China, according to Nikita Buchka, a mobile security expert with the firm.

    One version of the malware mimics a mobile client for the Chinese search engine Baidu. Another passes itself off as a version of an app used for locating and sharing WiFi login information. Once a victim has downloaded one of the versions, it gets to work attacking the router.

    The malware does so by carrying out a brute-force password guessing attack on the router’s admin web interface. Once in, Switcher swaps out the addresses of the router’s DNS servers for a rogue server controlled by the attackers along with a second DNS, in case the rogue one goes down.

    This makes it so queries from devices on the network are re-routed to the servers of the attacker, something that can open victims to redirection, phishing, malware and adware attacks.

    “The ability of the Switcher Trojan to hijack [DNS] gives the attackers almost complete control over network activity which uses the name-resolving system, such as internet traffic,” Kaspersky Lab said Wednesday, “The approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.”

    The creators of the Trojan were a little sloppy when it came to crafting parts of its command and control website however; they left a table complete with internal infection statistics publicly viewable. According to Buchka, who has reviewed the site, the attackers boast to have infiltrated 1,280 WiFi networks over the last several weeks.

    In a Securelist post on the malware posted Wednesday Buchka cautioned users to review their routers’ DNS settings for the following rogue servers: 101.200.147.153, 112.33.13.11, and 120.76.249.59. He also took the opportunity to encourage users – although for many it goes without saying – to verify that they’ve changed their routers’ default login and passwords.

    Several weeks ago a handful of router users in Germany fell victim when a variant of Mirai, the nasty malware that’s become synonymous with internet of things vulnerabilities, took hold of their devices. While those routers didn’t suffer from a hardcoded username/password vulnerability, they did have port 7547, usually used by internet service providers to remotely manage the device, open.

    The behavior of Switcher is somewhat similar to that of DNSChanger, malware that’s been repurposed as an exploit kit as of late. A recent campaign observed by Proofpoint was targeting wireless routers and changing DNS entries in order to steal traffic. In that instance routers made by D-Link, Netgear, Pirelli and Comtrend were vulnerable. According to Buchka, the hardcoded names of input fields and the structures of the HTML documents that the Switcher Trojan tries to access suggests it may work only on web interfaces of TP-LINK Wi-Fi routers.


    📂This entry was posted in Computer News Virus Threats 📎and tagged Android Tojan complete computer repair computer news computer repair DNS DNS Hijacker Hijack Hijacking Router IT News latest news malware new trojan new virus new viruses news PC Repair Fort Lauderdale Router Hijack Router Trojan Router Virus security news Switcher Trojan Switcher Trojan Virus
  • Google DNS servers suffer brief traffic hijack

    Posted on March 17, 2014 5:00 pm by admin

    Are security measures enabled?

    Traffic to Google’s commonly used public DNS service was rerouted over the weekend, meaning all traffic with Domain Name System resolution queries destined for Google’s servers ended up at a Venezuelan network instead.

    UK telco BT’s Latin America division in Venezuela became the destination for the IP address range used by Google, in a phenomenon known as BGP (border gateway protocol) hijacking, according to monitoring firm BGPmon.

    The rerouting affected networks in that country and Brazil for 22 minutes, BGPMon said.

    Why BT Latin America was able to announce the incorrect traffic routing despite Google’s security measures to protect against hijacking isn’t known. iTnews has put in queries with both BGPMon and BT LATAM.

    BGP traffic hijacking is on the rise, according to internet performance metrics analyst firm Renesys, which last year noted that over a period of two months, around 1500 IP address blocks were rerouted. Several were in Australia.

    Google’s 8.8.8.8 and 8.8.4.4 (IPv6: 2001:4860:4860::8888 and 2001:4860:4860::8844) free public DNS resolvers were set up in 2009 with the aim to provide better performance for queries, as well as improved security.

    They are said to fully support DNSsec security policies and validation, but it is not clear whether the routers for the servers’ network support resource public key infrastructure (RPKI) for BGP.

    These security measures provide route origination authorization objects (ROAs) that specify which autonomous systems can announce routes for certain IP address prefixes

    A query by iTnews at whois.bgpmon.net for the ROA for the 8.8.8.0/24 network range did not produce any result, suggesting there is no policy in place to prevent BGP hijacking through wrong unauthorized announcements.

    Google’s free and open DNS infrastructure is very popular with users around the world. Last year, Google said its public DNS servers answer 130 to 150 billion queries a day from 70 million unique IP addresses.

    Similar large numbers were seen in a test by Geoff Huston at the Asia-Pacific Network Information Centre (APNIC) using just under 2.5 million clients. That test showed 7.2 percent had queries passed on to authoritative name servers from Google’s DNS service.

     

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere


    📂This entry was posted in Computer News 📎and tagged 8.8.8.8 compromised network Computer computer bulletin computer related news computer repair DNS dns hacked fort lauderdale fort lauderdale computer news Google google news Hacked Hackers Hijack latest computer news news online bulletin online news repairs virus viruses

  • Calendar of Events

    June 2025
    M T W T F S S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
    « Jan    
  • Visitor Statistics

  • Other Links

    • Miami Computer Repair
  • Recent Posts

    • Broward County Repairs
    • Priority-Driven Computing Solutions for Mission-Critical IT Systems
    • Top-Rated Downtown Computer Repair Services
    • Computer Motherboard Damage
    • Microsoft Windows 10 and Windows 11 upgrade to Windows 12 and Vice Versa
  • Categories

  • Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

©2025 raindrops Entries RSS and Comments RSS Raindrops Theme