• Tag Archives new virus
  • NEW MALWARE – New Banking trojanwith Network Sniffer Spreading on the Internet at a high pace

    The hike in the banking malware this year is no doubt almost double compared to the previous one, and so in the techniques of malware authors.

    Until now, we have seen banking Trojans affecting the infected device and steal users’ financial credentials in order to run them out of their money. But nowadays, malware authors are adopting more sophisticated techniques in an effort to target as many victims as they can.

    BANKING MALWARE WITH NETWORK SNIFFING

    Security researchers from the Anti-virus firm Trend Micro have discovered a new variant of banking malware that not only steal the users’ information from the device it has infected but, has ability to “sniff” network activity to steal sensitive information of other network users as well.

     

    The banking malware, dubbed as EMOTET spreads rapidly through spammed emails that masquerade itself as a bank transfers and shipping invoices. The spammed email comes along with a link that users easily click, considering that the emails refer to financial transactions.

    Once clicked, the malware get installed into users’ system that further downloads its component files, including a configuration and .DLL file. The configuration files contains information about the banks targeted by the malware, whereas the .DLL file is responsible for intercepting and logging outgoing network traffic.

    The .DLL file is injected to all processes of the system, including web browser and then “this malicious DLL compares the accessed site with the strings contained in the previously downloaded configuration file, wrote Joie Salvio, security researcher at Trend Micro.

    If strings match, the malware assembles the information by getting the URL accessed and the data sent.

    ENCRYPTED STOLEN DATA

    Meanwhile, the malware stores stolen data in the separate entries after been encrypted, which means the malware can steal and save any information the attacker wants.

    The decision to storing files and data in registry entries could be seen as a method of evasion“, Salvio said. “Regular users often do not check registry entries for possibly malicious or suspicious activity, compared to checking for new or unusual files. It can also serve as a countermeasure against file-based AV detection for that same reason.”

    HTTPS CONNECTIONS KICKED

    Moreover, the malware also has capability to even bypass the secure HTTPs connection which poses more danger to users’ personal information and banking credentials, as users will feel free to continue their online banking without even realizing that their information is being stolen.

    [It has] capability to hook to the following Network APIs to monitor network traffic: PR_OpenTcpSocket PR_Write PR_Close PR_GetNameForIndentity Closesocket Connect Send WsaSend

    This kind of financial threat is really dangerous for the people, because previous banking malwares often rely on form field insertion or phishing pages to steal users’ financial information, but the use of network sniffing in the malware, makes the threat even more harder for users to detect any suspicious activity as no changes are visibly seen, said the researcher.

    Researchers are still investigating that how the gathered stolen data the malware sniffs from the network is being sent to the attacker.

    The malware infection is not targeted to any specific region or country but, EMOTET malware family is largely infecting the users of EMEA region, i.e. Europe, the Middle East and Africa, with Germany on the top of the affected countries.

    Users are advised to do not open or click on links and attachments provided in any suspicious email, but if the message is from your banking institution and of concern to you, then confirm it twice before proceeding.

    The hike in the banking malware this year is no doubt almost double compared to the previous one, and so in the techniques of malware authors.

    Until now, we have seen banking Trojans affecting the infected device and steal users’ financial credentials in order to run them out of their money. But nowadays, malware authors are adopting more sophisticated techniques in an effort to target as many victims as they can.

    BANKING MALWARE WITH NETWORK SNIFFING

    Security researchers from the Anti-virus firm Trend Micro have discovered a new variant of banking malware that not only steal the users’ information from the device it has infected but, has ability to “sniff” network activity to steal sensitive information of other network users as well.

    The banking malware, dubbed as EMOTET spreads rapidly through spammed emails that masquerade itself as a bank transfers and shipping invoices. The spammed email comes along with a link that users easily click, considering that the emails refer to financial transactions.

    Once clicked, the malware gets installed into users’ system that further downloads its component files, including a configuration and .DLL file. The configuration files contains information about the banks targeted by the malware, whereas the .DLL file is responsible for intercepting and logging outgoing network traffic.

    The .DLL file is injected to all processes of the system, including web browser and then “this malicious DLL compares the accessed site with the strings contained in the previously downloaded configuration file, wrote Joie Salvio, security researcher at Trend Micro. “If strings match, the malware assembles the information by getting the URL accessed and the data sent.

     

    ENCRYPTED STOLEN DATA

    Meanwhile, the malware stores stolen data in the separate entries after been encrypted, which means the malware can steal and save any information the attacker wants.

    The decision to storing files and data in registry entries could be seen as a method of evasion“, Salvio said. “Regular users often do not check registry entries for possibly malicious or suspicious activity, compared to checking for new or unusual files. It can also serve as a countermeasure against file-based AV detection for that same reason.”

    HTTPS CONNECTIONS KICKED

    Moreover, the malware also has capability to even bypass the secure HTTPs connection which poses more danger to users’ personal information and banking credentials, as users will feel free to continue their online banking without even realizing that their information is being stolen.

    [It has] capability to hook to the following Network APIs to monitor network traffic: PR_OpenTcpSocket PR_Write PR_Close PR_GetNameForIndentity Closesocket Connect Send WsaSend

    This kind of financial threat is really dangerous for the people, because previous banking malwares often rely on form field insertion or phishing pages to steal users’ financial information, but the use of network sniffing in the malware, makes the threat even more harder for users to detect any suspicious activity as no changes are visibly seen, said the researcher.

    Researchers are still investigating that how the gathered stolen data the malware sniffs from the network is being sent to the attacker.

    MALWARE DISTRIBUTION OVER WORLD MAP

    The malware infection is not targeted to any specific region or country but, EMOTET malware family is largely infecting the users of EMEA region, i.e. Europe, the Middle East and Africa, with Germany on the top of the affected countries.

    Users are advised to do not open or click on links and attachments provided in any suspicious email, but if the message is from your banking institution and of concern to you, then confirm it twice before proceeding.

     

    IF INFECTED Visit Our Main Site OR call 754-234-5598

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

     


  • Certain DevianArt advertising Campaigns lead to Malware, Spyware and Unwanted Applications on your computer

     

    DeviantArt Malwaretising

     

    Today, the estimated number of known computer threats like viruses, worms, backdoors, exploits, Trojans, spyware, password stealer, and other variants of potentially unwanted software range into millions. It has the capability to create several different forms of itself dynamically in order to thwart antimalware programs.

    Users of the biggest online artwork community, DevianART with Global Alexa Rank 148, are targeted by the potentially unwanted software programs — delivered by the advertisements on the website, Stop Malvertising reported on Sunday.

    A Potentially Unwanted Application (PUA) is a program that may not be intentionally malicious, but can negatively affect the performance and reliability of the system by distributing spyware or adware that can cause undesirable behavior on the computer. Some may simply display annoying advertisements, while others may run background processes that cause your computer to slow down. However, unlike malware, users themselves consent to install a PUA into their systems.

    The malicious advertisements are delivered via newly registered (3rd March 2014) domains – Redux Media (www.reduxmedia.com) and avadslite.com. “Over the past months, this domain has been seen to resolve to the following IP addresses: 107.20.210.36 (2014-05-01), 54.243.89.71 (2014-05-01) and 184.170.128.86 (2014-05-25). According to VirusTotal, malware has communicated with the last two IP addresses.” Kimberly from Stop Malvertising said.

    Once the user click on the Ad served by the DevianArt website, they are redirected to the Optimum Installer, a source of Potentially Unwanted Applications (PUA’s) that downloads legitimate software applications as well as bundled third-party software including toolbar.

     

    malware ad

    As shown, a pop-under warning will urge users to “update Media Player“, immediately followed by a second advertisement to “update Windows 7 Drivers” to avoid vulnerabilities, reduce crashes and ensure an optimal browsing experience. This is just a scam nothing more or less.

    Obviously, these are well known social engineering techniques to trick the computer user into installing malicious or ad-support software. Such infection are designed specifically to make money, generate web traffic, and will display advertisements and sponsored links within your web browser.

     

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Zeus Trojan (or Zbot Trojan) steals confidential information from the infected computer.

    Pandemiya hacking trojan

    A new and relatively rare Zeus Trojan program was found which is totally different from other banking Trojans and has capability to secretly steal data from forms, login credentials and files from the victim as well as can create fake web pages and take screenshots of victim’s computer.

    Researchers at RSA Security’s FraudAction team have discovered this new and critical threat, dubbed as ‘Pandemiya’, which is being offered to the cyber criminals in underground forums as an alternative to the infamous Zeus Trojan and its many variants, that is widely used by most of the cyber-criminals for years to steal banking information from consumers and companies.

     

    The source code of the Zeus banking Trojan is available on the underground forums from past few years, which lead malware developers to design more sophisticated variants of Zeus Trojan such as Citadel, Ice IX and Gameover Zeus.

     

    But, Pandemiya is something by far the most isolated and dangerous piece of malware as the author spent a year in writing the code for Pandemiya, which includes 25,000 lines of original code written in C.
    Like other commercial Trojan, Pandemiya infect the machines through exploit kits and via drive-by download attacks to boost infection rate that exploit flaws in the vulnerable software such as Java, Silverlight and Flash within few seconds victim lands on the web page.

    Pandemiya’s coding quality is quite interesting, and contrary to recent trends in malware development, it is not based on Zeus source code at all, unlike Citadel/Ice IX, etc.,” researchers from RSA, the security division of EMC, said Tuesday in a blog post. “Through our research, we found out that the author of Pandemiya spent close to a year of coding the application, and that it consists of more than 25,000 lines of original code in C.

    Pandemiya Trojan using Windows CreateProcess API to inject itself into every new process that is initiated, including Explorer.exe and re-injects itself when needed. Pandemiya is being sold for as much as $2,000 USD and provides all the nasty features including encrypted communication with command and control servers in an effort to evade detection.The Trojan has been designed with modular architecture to load more external plug-ins, which allows hackers to add extra features simply by writing new DLL (dynamic link library). The extra plug-ins easily add capabilities to the Trojan’s core functionality, that’s why the developer charge an extra of $500 USD to get the core application as well as its plugins, which allows cybercriminals to open reverse proxies on infected computers, to steal FTP credentials and to infect executable files in order to inject the malware at start up.

     

    The advent of a freshly coded new trojan malware application is not too common in the underground,” Marcus writes, adding that the modular approach in Pandemiya could make it “more pervasive in the near future.

    The malware developers are also working on other new features to add reverse Remote Desktop Protocol connections and a Facebook attack module in order to spread the Trojan through hijacked Facebook accounts.

    HOW TO REMOVE PANDEMIYA TROJAN

    The Trojan can be easily removed with a little modification in the registry and command line action, as explained below:

      1. Locate the registry key HKEY_LOCAL_USER\Software\Microsoft\Windows\CurrentVersion\Run and identify the *.EXE filename in your user’s ‘Application Data’ folder. Note the name, and delete the registry value.
      2. Locate the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls. Find the value with the same name as the *.EXE file in the previous step. Note the file name, and remove the value from the registry.
      3. Reboot the system. At this stage Pandemiya is installed but no longer running. Delete both files noted earlier. This will remove the last traces of the Trojan. Your system is now clean.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Cryptowall Ransomware Spreading on the internet rapidly through advertisements

    Cryptowall Lock Malware spyware spreading
    Cryptowall Lock Malware

     

    Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim’s computer system or encrypt the documents and files on it, in order to extort money from the victims.

    Though earlier we saw the samples of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware malwares, the recent ones are more subtle in design, including Cryptolocker, Icepole, PrisonLocker, CryptoDefense and its variants.

    Now, the ransomware dubbed as Cryptowall, a latest variant of the infamous ransomware Cryptolocker is targeting users by forcing them to download the malicious software by through advertising on the high profile domains belonging to Disney, Facebook, The Guardian newspaper and others.

    Cryptolocker is designed by the same malware developer who created the sophisticated CryptoDefense (Trojan.Cryptodefense) ransomware, appeared in the end of March, that holds the victims’ computer files hostage by wrapping them with strong RSA 2048 encryption until the victim pays a ransom fee to get them decrypted.

    But unfortunately, the malware author failed to realize that he left the decryption keys left concealed on the user’s computer in a file folder with application data.

    So, to overcome this, the developer created Cryptowall ransomware and alike the latest versions of CryptoDefense, the infected system’s files and documents encrypted by CryptoWall are impossible to decrypt.

    The story broke, when researchers at Cisco revealed that cybercriminals have started targeting people with RIG Exploit Kits (EK) to distribute malicious Cryptowall ransomware malware.

    The Rig Exploit Kit was first spotted by Kahu Security in April, which checks for an unpatched version of Flash, Internet Explorer, Java or the Silverlight multimedia program on the infected users and if found, the system is instantly exploited by the bad actors.

    Researchers at Cisco have noticed high levels of traffic consistent with the new “RIG” exploit kit, thereby blocking requests to over 90 domains. On further investigation, the company observed that many of its Cloud Web Security (CWS) users were visiting on those malicious domains after clicking advertisements on high-profile domains such as “apps.facebook.com,” “awkwardfamilyphotos.com,” “theguardian.co.uk” and “go.com,” and many others.

    cryptowall ransomware If clicked, the advertisements redirect victims to one of those malicious domains in order to malvertise users and once the system get infected with the RIG Exploit Kit, it will deliver the payload which includes the Cryptowall Ransomware malware.

    Now, when this CryptoWall is installed in the infected system, it will start scanning the system Hard Drive for data files and encrypt them.

    After encrypting the files on victim’s system, it will create files containing ransom instructions in every folder it had encrypted, demanding up to $500 USD. The service where users are instructed to pay the ransom amount is a hidden service that uses the Command-and-Control server hosted on TOR .onion domain.

    The largest share of infections, some 42 percent, are in the United States, followed by England and Australia, but it believes that several groups and bad actors are involved in this attack chain.

    IF INFECTED Visit Our Main Site OR call 754-234-5598

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable


  • First Android Phone Ransomware that Encrypts your SD card Files

    We have seen cybercriminals targeting PCs with Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it.
    To deliver the Ransomware malwares to the mobile devices, cyber criminals have already started creating malicious software programs for android devices. Last month, we reported about a new Police Ransomware malware that locks up the devices until the victims pay a ransom to get the keys to unlock the phone. But, the malware just lock the mobile screen and a loophole in the its implementation allowed users to recover their device and data stored on SDcard.

    Now, in an effort to overcome this, threat actors have adopted encryption in the development of mobile Ransomware malwares. Recently, the security firm ESET has discovered a new Android ransomware, dubbed as Android/Simplocker.A, that has ability to encrypt the files on the device SD card and then demand a ransom from the victim in order to decrypt those files.

    Once installed, the malware scans the SD card for certain file types such as image, document or video with extensions – jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypts them using AES in a separate thread in the background. After encrypting the files, the malware displays the following ransom message, written in Russian, which clearly means that this threat is targeting Russian Android users.

    WARNING your phone is locked!
    The device is locked for viewing and distributing child pornography , zoophilia and other perversions.
    To unlock you need to pay 260 UAH.
    1.) Locate the nearest payment kiosk.
    2.) Select MoneXy
    3.) Enter {REDACTED}.
    4.) Make deposit of 260 Hryvnia, and then press pay. Do not forget to take a receipt!
    After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!

    The Ransomware malware directs victim to pay the ransom amount i.e. 260 UAH, which is roughly equal to $21 US, through the MoneXy service, as this payment service is not easily traceable as the regular credit card.

    mobile virus

    To maintain anonymity the malware author is using the Command-and-Control server hosted on TOR .onion domain and the malware sends the information of the infected device such as IMEI number to its server. The researchers at ESET are still analysing the malware:

    Our analysis of the Android/Simplock.A sample revealed that we are most likely dealing with a proof-of-concept or a work in progress – for example, the implementation of the encryption doesn’t come close to “the infamous Cryptolocker” on Windows.

    The researchers have found that the malware is capable to encrypt the victim’s files, which could be lost if the decryption key is not retrieved from the malware author by paying the ransom amount, but on the other hand the researchers strongly advise users against paying fine, as their is no guarantee that the hacker will provide you decryption keys even after paying the amount.
    Unfortunately, mobile antivirus products are only capable to detect such known/detected threats only and can’t detect similar the new threats. So, it is important for you to always keep the back-up of all your files either manually on the computer system or use cloud backup services like dropbox, google drive etc, in order to protect it from the emerging threats.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

     


  • New Malware goes viral spreading through Facebook Messages

    Facebook Malware threat

    In yet another method for cyber criminals to utilize the world’s most popular social networks for their own nefarious purposes, it appears a trojan is circulating through Facebook, stealing accounts and (probably) taking creds.

    Thanks to the vigilant mind of Malwarebytes User, Showbizz, we were able to take a look at this new threat and what it could mean for the rest of the net.

    Here is how it works:

    1. User gets a Facebook instant message from a friend of their’s, which includes the words ‘lol’ and a file waiting to be downloaded.
    2. The user downloads the file because they can assume it can be trusted.  The filename matches the usual filename of a photo: ‘IMG_xxxx’.zip.
    3. Once downloaded, the user unzips the file and clicks on what they assume is an image file, still called IMG_xxxx.jar
    4. The JAR file executes, downloads malware and infects the system.
    5. The infected users Facebook account is compromised and then used to send more malware to the users friends.

    Unlike previous versions of this scam, it is almost like the cyber criminals decided to make an amalgam of different infection tactics to obtain the normal goal.

    The first is the use of instant messaging, we have seen plenty of malware use instant messaging in various forms to send malicious files to victims, including Skype, MSN, Yahoo, etc.

    Please Visit our computer repair section page if infected

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

     


  • AOL hit by massive data breach, Urges users to change their passwords

    Complete Computer Repair Latest Computer News Fort Lauderdale

    AOL hit by massive data breach

    The personal details of AOL’s millions of customers has been leaked in an attack on the company’s systems, resulting in thousands of accounts being hijacked to send spam.
    Internet pioneer AOL has warned of a major breach that has affected a significant number of users, leaking email and postal addresses, contact information and password details to attackers unknown.

    AOL launched in 1983 as the Control Video Corporation and produced a short-lived modem-based gaming download service for the Atari 2600 dubbed GameLine. The precursor to Valve’s Steam and similar digital distribution systems, GameLine was not a financial success; the company had better luck with the Link series of online portals for the Commodore 64, Apple II and Macintosh, and IBM compatibles. In 1989, America Online was born as a walled-garden internet service which included chat, email and several games – including the first-ever web-based interactive fiction series and the first automated play-by-email game.

    While internet-savvy consumers soon dropped AOL’s walled-garden system for more open services from generic internet service providers, the company still boasts a considerable client base. Despite an ongoing slide in customers, the company boasts a near three-million user count in the US alone – and it’s these customers who have been exposed in a serious security breach.

    ‘We have determined that there was unauthorised access to information regarding a significant number of user accounts,’ the company admitted late last night, following an investigation into spam messages sent from registered AOL accounts. ‘This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly two per cent of our email accounts.’

    The company has not confirmed the nature of the ‘encryption’ used to store the passwords – which should, by industry best practice, be a salted one-way hash function, rather than reversible encryption – but does claim that it has ‘no indication’ that said encryption was broken; this despite the attackers gaining full access to the accounts from which spam is issuing, an indication that they have indeed been able to retrieve at least some passwords from the corpus.

    Users affected by the breach – and, at this point, it looks to cover anyone with an AOL email address, active or otherwise – is advised to reset their password and change their security questions; if the same password is used anywhere else, that should be changed too.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

     


  • Linux Worm targets Internet-enabled Home appliances to mine Cryptocurrencies

    Could a perfectly innocent looking device like router, TV set-top box or security cameras can mine Bitcoins? YES! Hackers will not going to spare the Smart Internet-enabled devices.

     

    A Linux worm named Linux.Darlloz, earlier used to target Internet of Things (IoT) devices, i.e. Home Routers, Set-top boxes, Security Cameras, printers and Industrial control systems; now have been upgraded to mine Crypto Currencies like Bitcoin.

    Security Researcher at Antivirus firm Symantec spotted the Darlloz Linux worm back in November and they have spotted the latest variant of the worm in mid-January this year.

    Linux.Darlloz worm exploits a PHP vulnerability (CVE-2012-1823) to propagate and is capable to infect devices those run Linux on Intel’s x86 chip architecture and other embedded device architectures such as PPC, MIPS and MIPSEL.

    The latest variant of Linux.Darlloz equipped with an open source crypto currency mining tool called ‘cpuminer’, could be used to mine Mincoins, Dogecoins or Bitcoins.

    Symantec Researchers scanned the entire address space of the Internet and found 31,716 devices infected with Darlloz. “By the end of February 2014, the attacker mined 42,438 Dogecoins (approximately US$46 at the time of writing) and 282 Mincoins (approximately US$150 at the time of writing). These amounts are relatively low for the average cybercrime activity so, we expect the attacker to continue to evolve their threat for increased monetization.” Kaoru Hayashi, senior development manager and threat analyst with Symantec in Japan.

    Major infected countries are China, the U.S., South Korea, Taiwan and India.

    Darlloz hack malware

    Crypto Currency typically requires more memory and a powerful CPUs, so the malware could be updated to target other IoT devices in the future, such as home automation devices and wearable technology.A Few weeks back, Cisco has announced a global and industry-wide initiative to bring the Security community and Researchers together to contribute in securing the Internet of Things (IoT) and launched a contest called the “Internet of Things Grand Security Challenge“, offering prizes of up to $300,000 for winners.

    Users are advised to update firmware and apply security patches for all software installed on computers or Internet-enabled devices. Make sure, you are not using default username or password for all devices and block port 23 or 80 from outside if not required.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere


  • Facebook ‘Watch naked video of friends’ Malware scam infects 2 million users

    Facebook Watch naked video of friends

    We have seen a lot of Facebook malware and virus infections spreading through friends list, and this time a new clickjacking scam campaign is going viral on Facebook.

    Hackers spam Facebook timeline with a friend’s picture and “See (Friend)’s naked video,” or “(Friend Name’s) Private Video.”

    The Picture appears to be uploaded by a friend and definitely, you might want to see some of your Facebook friends naked, But Beware! If you get curious and click, you will be redirected to a malicious website reports that your Flash Player is not working properly and needs to be re-installed.

    But in actuality it will install a malware in your system and once approved, several disguised thing can happen to you. It further installs a malicious browser extension to spread the scam and steal users’ photos.

    Facebook 'Watch naked video of friends' malware scam infects 2 million people

    When the link is clicked, users are sent to a very realistic-looking mockup of a YouTube page, where the hackers will try to immediately install the Malware Trojan.” 

    So, Don’t Click it! According to the report, 2 million Facebook users are already infected with the same malware campaign and unknowingly flood their friend’s timeline will same campaign. Clicking on the message will automatically publish the same link on the victims Facebook wall potentially allowing friends to click on it.

    Malware often takes advantage of the fact that you trust your friends. So, keep an eye on the links and messages from your friends, and if in doubt, ask them they actually sent you something or not.

    The recent malware attacks are just a few examples of the dangers of using the social network Facebook. Stay safe by keeping your browser up-to-date and install operating system updates when they are released. Please ensure you share this news with your Facebook friends to make all of them aware of it.

     

    Complete Online Computer news and Repair

    WWW.CCREPAIRSERVICES.COM


  • Uroburos Rootkit – Most sophisticated 3 year old Russian Cyber Espionage Campaign

    The Continuous Growth of spyware, their existence, and the criminals who produce & spread them are increasing tremendously. It’s difficult to recognize spyware as it is becoming more complex and sophisticated with time, so is spreading most rapidly as an Internet threat.

    Recently, The security researchers have unearthed a very complex and sophisticated piece of malware that was designed to steal confidential data and has ability able to capture network traffic.

    The Researchers at the German security company G Data Software, refer the malware as Uroburos, named after an ancient symbol depicting a serpent or dragon eating its own tail, and in correspondence with a string (Ur0bUr()sGotyOu#) lurking deep in the malware’s code.

    The researchers claimed that the malware may have been active for as long as three years before being discovered and appears to have been created by Russian developers.

    Uroburos is a rootkit designed to steal data from secure facilities, has ability to take control of an infected machine, execute arbitrary commands and hide system activities, communicating primarily using peer-to-peer connections in a network it has penetrated to infect new machines within the network, manages to pass back the exfiltrated information back to attackers from infected machines and network data, the researchers explained.

    The two main components of Uroburos are – a driver and an encrypted virtual file system, used to disguise its nasty activities and to try to avoid detection. Its driver part is extremely complex and is designed to be very discrete and very difficult to identify.

    The malware uses two virtual file systems, one NTFS file system and one FAT file system, and both are stored locally on the infected system and are used as a “workspace” by the attackers, providing a storage space for third-party tools, post-exploitation tools, temporary files and binary output. The virtual file system can’t be decrypted without the presence of drivers, according to the Gdata’s analysis explained in the PDF.

    The driver is needed to decrypt the virtual file systems, to create several hooks to hide its activities, to inject libraries in the users land and to establish and manage some communication channels.

    “The development of a framework like Uroburos is a huge investment. The development team behind this malware obviously comprises highly skilled computer experts, as you can infer from the structure and the advanced design of the rootkit. We believe that the team behind Uroburos has continued working on even more advanced variants, which are still to be discovered.”

    WITH LOVE From RUSSIA: Technical Similarities with the previous malware Agent.BTZ and that the malware Uroburos checks the presence of Agent.BTZ in the system and remains inactive if Agent.BTZ is present, makes the researchers believe that it was designed by the same by the Russian intelligence services, according to G Data analysis.

    “Due to many technical details (file name, encryption keys, behavior and more details mentioned in this report), we assume that the group behind Uroburos is the same group that performed a cyberattack against the United States of America in 2008 with a malware called Agent.BTZ,” say the researchers. They also added that the reason it is meant to be of the Russian origin is, “Uroburos checks for the presence of Agent.BTZ and remains inactive if it is installed. It appears that the authors of Uroburos speak Russian (the language appears in a sample), which corroborates the relation to Agent.BTZ. Furthermore, according to public newspaper articles, this fact, the usage of Russian, also applied for the authors of Agent.BTZ.”

    In 2008, USB and Removable storage drives placed on hold in the U.S. Army facilities after the spread of Agent.BTZ worm. The USB stick contained malicious code was trying to keep on multiplying further and infected the military’s network.

    The attacks carried out with Uroburos are targeting government institutions, research institutions, intelligence agencies, nation states, research institutions or companies dealing with sensitive information as well as similar high-profile targets. The oldest drivers identified by the researchers was compiled in 2011 is the evidence that the malware was created around three years ago and was undetected.

    “The Uroburos rootkit is one of the most advanced rootkits we have ever analyzed in this Environment,” the G Data concluded.

    The team behind the development of the malware Uroburos has developed an even more sophisticated framework, which still remains undiscovered, the researchers believe. Many infection vectors are conceivable. E.g. Spear phishing, drive-by-infections, USB sticks, or social engineering attacks.

    For complete Online Latest news visit our blog

    WWW.CCREPAIRSERVICES.COM


  • Android iBanking Trojan Source Code LEAKED ONLINE

    Smartphone is the need of everyone today and so the first target of most of the Cyber Criminals. Malware authors are getting to know their market and are changing their way of operations. Since last year we have seen a rise in the number of hackers moving from the Blackhat into the Greyhat.

     

    iBanking, a new mobile banking Trojan app which impersonates itself as an Android ‘Security App‘, in order to deceive its victims, may intimidate a large number of users as now that its source code has been leaked online through an underground forum.

    It will give an opportunity to a larger number of cybercriminals to launch attacks using this kind of ready-made mobile malware in the future.

     

    Since many banking sites use two-factor authentication and transaction authorization systems in order to deal with the various threats, by sending unique one-time-use codes to their customers’ registered phone numbers via SMS, but in order to defraud them, cyber criminals have started to create various mobile malware like iBanking to solve their purpose.

     In addition, with the iBanking malware, Computer malware is used to defeat the mobile-based security mechanisms used by the banking sites.

    Apart from the server-side source-code, the leaked files also include a builder that can un-pack the existing iBanking APK file and re-pack it with different configurations, essentially providing fraudsters with the means to create their own unique application,” added Daniel Cohen.

    In addition to SMS Sniffing, the iBanking app allows an attacker to redirect calls to any pre-defined phone number, capture audio using the device’s microphone and steal other confidential data like call history log and the phone book contacts.

    During the installation process, the malicious app attempts to Social Engineer the user into providing it with administrative rights, making its removal much more difficult.

    Latest Computer news and virus and malware threats at Complete computer Repair Services Fort Lauderdale and all South Florida Latest Computer News and Repair Services

    www.ccrepairservices.com


  • Mass Exploit of Linksys Routers

    It has been revealed that a vulnerability in possibly 23 different models of Linksys (Belkin) routers has been exploited by a worm known as The Moon.

     

    The exploit was first noticed about a week ago and reported by the Internet Storm Center. The Worm bypasses authentication on the router to take control. Linksys state that “the router starts flooding the network with ports 80 and 8080 outbound traffic, resulting in heavy data activity”. The worm also attempts to detect any vulnerable systems on the router’s network for exploitation.

     

    Current intentions of The Moon are not yet known, however, there is code within the worm which seems to suggest that it may be gathering infected routers into a network of compromised devices through a command and control system.

     

    Linksys will be issuing a firmware update to fix the vulnerability in the next few weeks. But for now, if you’re using a Linksys router, you should read the advice given here to disable Remote Access Management.

     

    Latest Computer news and virus and malware threats at Complete computer Repair Services

    www.ccrepairservices.com