malware Archives - Page 28 of 31

CryptoWall: Advanced Ransom Malware

Securitycryptowall, malware, securityOphtek, LLC

May 2015

CryptoWall 3.0, a new variant of the Cryptolocker ransom-ware virus is out causing problems to many businesses. Learn how it works and how to prevent it.

Discovered in late February 2015, CryptoWall 3.0 works very much like the previous versions of this virus, however its strategy to infect systems is somewhat different..

How CryptoWall 3.0 works

When the infected file containing CryptoWall 3.0 is opened, the malicious program encrypts all files that it finds mapped over the network.
Files become encrypted and unreadable.
Only the perpetrator can unlock the code to make it readable again.
Once it finishes encrypting all files, it asks for a ransom of around $500USD.
This amount is expected to be paid in Bitcoin currency, which is a universal currency used around the world.

Point of entry and identification

CryptoWall 3.0 employs social engineering tactics via phishing emails. These come through with attachments disguised as an “incoming fax report” displaying the same domain as the one the user is on creating a false sense of trust by making them believe it is a legitimate document. Once opened, Cryptowall picks up all mapped drives identified from the host machine it infects and encrypts all of the contents on it as well as the data on the mapped drives.

CryptoWall 3.0 uses .chm attachments, which is a type of compressed file used for user manuals within software applications. Since .chm is an extension of HTML, this allows the files to be very interactive with different types of media such as images, hyperlinked table of contents and so forth. It also uses JavaScript to allow the attack to send users to any website on the Internet, which occurs when a user opens up the malicious .chm file.
Once the file is opened, the attack automatically runs its course.

CryptoWall: More than meets the eye

Ransom Malware bas been evolving since the first wave of Cryptolocker attacks back in September 2013, which had netted the virus writers over $27,000,000 from claiming ransom money within only a few months of the Cryptolocker operation. Attacks are happening all over the world with detections in Europe, the UK, the US and in Australia.
The sophisticated Cryptolocker and CryptoWall attacks also use botnets, which is a wide network of compromised machines, to be the originators of the attack. Aside from speeding up distribution of the virus, it allows anonymity for the virus writers.

How to prevent CryptoWall 3.0

Set up a rule in your email filters to black list .chm file extensions.
Stay on top of your backups with daily backups which are verified and tested- also have an offline copy of your backups.
Update your office applications baseline such as Java, Adobe Flash player etc…
Patch any vulnerabilities on Windows systems, especially on all Servers.
Be sure to have the latest Anti-Malware signatures.

For more ways to stay protected and safeguard your network, contact your local IT professionals.

Microsoft Security Essentials Has Little Effect

Security, Uncategorizedmalware, microsoft, securityOphtek, LLC

Mar 2015

Microsoft Security Essentials is not as effective as you may think. Here’s a summary of the last two AV testing evaluations carried out by AV-Test.org.

There mare any anti-virus programs available to install, some are free, like Microsoft Security Essentials (MSE) and others, like Trend Micro, Kaspersky and the like are paid with free versions available providing less features such as real time scanning.

Are paid ones any better than free AVs? A better option is to run Malwarebytes. We’ll conclude a little later.

AV-Test Results

AV-Test.org is an is an independent test center based in Germany where they carry out tests to evaluate which anti viruses can withstand a variety of malware. This particular test involved approximately 12,327 different malware, along with 153 emulated zero-day attacks, on Windows 7 machines.

Out of the 28 tested AV programs tested, Microsoft fared poorly by failing to protect its own operating system. In fact it came in last compared to all their 27 competitors. These tests were carried out in December 2014 and they measured usability, performance and protection, which resulted in classifications.

This is not the first time Microsoft came last here. They’ve also come last in the previous run of tests in 2013. They had gained top marks for MSE usability and were above averaged in performance but scored a big fat zero in the most critical part, to protect against malware!

Microsoft’s Perspective

In defense of Microsoft’s AV-test results, Joe Blackbird, representing Microsoft, wrote in a blog about it. He spoke out against the malware attacks tested by AV-Test, and stated that they’re unlikely to occur in the wild to pose a major risk to users. To support his statement, he mentioned that 94% of the samples carried out in the test were not picked up by MSE and didn’t even end up infecting their systems, hence not posing a serious risk.

Overall, Microsoft has made it clear that the AV-test results in the past does things differently as opposed to prioritizing their protection based on actual real malware threats.

Are paid anti-virus programs any better than the free ones?

Based on AV-test results, it seems like it’s highly likely. However, not all paid solutions offer the best protection. For instance, McAfee Internet Security is a paid solution and it was not far off from being the worst in protecting from the list of Malware threats. They were next to last on the list, with being only slightly better than MSE.

The highest rated AV from the test results to offer the best protection against malware attacks is Kaspersky, which happens to be a paid solution.

You do not need to necessarily go out and spend money on an AV. However, if you do run MSE, a better option is to run Malwarebytes, which is effective and free.

For more ways to secure your data and systems, contact your local IT professionals.

What is browser hijacking and why is it so common?

Securitybrowser, malware, securityOphtek, LLC

Mar 2015

Browser hijacking is very common nowadays. Whilst it may not seem like a trivial issue at first, it can turn into a big nightmare! Read on to find out why.

What is browser hijacking?

Browser hijacking occurs when a web browser is taken over by an unauthorized program, which runs without the user’s permission. We’ll outline three factors as to why it’s common.

Homepage is taken over
Automated changes are made to the browser’s settings, which usually leads it to replace the current homepage settings with its own designated search page.
Tracks browsing habits
The aim of such hijacking is to spy on your browser activity and record your personal information. This information is then sold to advertisers.
Forces users to search through a specific search engine
Searching through an unknown search page will allow your data to be tracked. Web page redirection may also happen over to a website in order to make money from visitors by presenting search results from paid advertisers.

Some web browser hijacking can be easily cleared, whilst others can persistently remain on your system and reappear even after any attempts at clearing it.

How does browser hijacking happen?

Many such hijacking programs present themselves as an offer on a website or are commonly bundled with free software. They are designed to trick people into installing browser hijacking programs. This strategy can also invite additional malware to become installed onto the system, creating further problems, to only end up with a heavily infected computer.

Some examples of hijacking browsers, from hundreds and thousands out there, include:

Astromenda Search
TV Wizard
Onewebsearch
CoolWebSearch
Conduit Search
Coupon server

A truly infected computer will open the doors to a barrage of undesirable hacker activity, which is why this problem should be addressed ASAP.

How to prevent browser hijacking

The main causes of browser hijacks to originate from free software download sites and from advertising. These downloads and malicious ads bundle spyware and, what we like to state as, “pretend-ware” – useless programs.

Even “trusted” vendors who offer free software may include unwanted software to be installed by default. Therefore we suggest being extra vigilant and follow our advice, which we’ll disclose later on.

Examples of added software may include, for instance, search tool bars, pc cleaners, registry fixers, and even nastier programs such as other Trojans and viruses.
What is deemed as “free” will eventually come at the cost of the user, who contrary to what most people think, is the desired product! To elaborate further on this, it’s actually people and their information that are worth a lot more than free software. The ones who fair the best are the companies behind it all, and that’s why freeware is free- it’s the incentive to attract people.

There seems to be a fine line between what is considered acceptable and what is, to put it in other words, criminal activity.

If downloading Freeware is a must …

If for whatever reason you need to download free software, make sure it’s not on your main pc. Instead, we suggest using a virtual machine as a test environment.
Be sure to customize the installation settings from the default one by un-ticking all options which include the added software displayed during the installation wizard.
Update web browsers to the latest version, especially if Internet Explorer is your choice of browser. Alternatively, use a different browser such as Google Chrome.

For more ways to secure your data and systems, contact your local IT professionals.

Spreading Viruses on USB Thumb Drives

Securitymalware, security, usb, virusOphtek, LLC

Jan 2015

To stay safe from infections, we’re going to look at how viruses spread over USB thumb drives and how you can protect yourself and your business.

Why would anyone deny the comfort level enjoyed with using USB thumb drives to conveniently transfer data? Beneath it all, there’s more to that data transference than meets the eye.

How Viruses Spread over USB Thumb Drives

It starts with attaching a USB Thumb Drive to a device for it to infect the computer. The machine is then infected using the Windows AutoRun feature which is trigger when a storage device is plugged in. Not only is the data transferred, but the device in which the data goes in becomes infected with malware (virus) and malicious software, causing damage or data loss.

The virus likely originates from the infected device the USB was connected to before. The process of transferring viruses can stem back through a chain of infected hosts, bringing with it a trail of disruption.

At present, it’s highly likely that most USB Thumb Drives connected to an infected device or PC hoards a virus in it. For instance, a new virus threat known as “BadUSB” works off USB thumb drives and is claimed to be unstoppable, according to security researcher Karsten Nohl.

Types of Viruses

The following types of viruses can infect a computer when the user runs or installs the infected program. Infection can occur through something downloaded from the Internet, or in most cases, loaded onto the computer from USB thumb drives.

Worm –a program that replicates itself by exploiting vulnerability on a network.
Trojan horse -appears to serve a useful purpose, but actually hides a virus, thus infecting the computer by tricking the victim into installing it willingly.
Rootkit – makes itself difficult to detect by hiding itself within the system files of the infected operating system.
Spyware -designed to covertly spy on a user and report information back to the originator.
Spam – common method of transmitting malware onto a user’s computer, usually via unsolicited email messages containing infected attachments or links to exploited websites.

How to Protect Yourself and Your Business

The most effective means of transferring virus for the hackers are through public data bases. Firstly, it is extremely important for anyone to restrict the use of USB thumb drives on computers based at net cafés, coffee shops, copy shops and even at an airport or a hotel, as they are for public use.

You never know which computer might be infected so plan to use business or personal systems over public computers as they are more vulerable to infected USB Thumb Drive viruses. Secondly, it’s best to run a firewall and update to the latest virus definition on any personal or business computers.

We suggest disabling the Auto Run functionality of the drive and avoid downloading “free online software” to better protect any USB thumb drive from adopting those menacing viruses.

For more ways to secure your business data and systems, contact your local IT professionals.

What is Remote Code Execution?

Network, Security, Uncategorizedmalware, security, virusOphtek, LLC

Jan 2015

Why do hackers use remote code execution as a malicious attack on businesses? Here we’ll explain what remote code execution is and why most malware uses it.

Remote execution attacks are very real and should not be taken lightly. This is mainly due to the damage which can result in malware disabling parts of a system and disrupting business operations.

What is remote code execution?

Remote code execution can be best described as an action which involves an attacker executing code remotely using system vulnerabilities.

Such code can run from a remote server, which means that the attack can originate from anywhere around the world giving the attacker access to the PC. Once a hacker gains access to a system, they’ll be able to make changes within the target computer.

The attacker leverages the user’s admin privileges to allow them to execute code and make further changes to the computer. It’s often the case that such user privileges become elevated. Attackers usually look to gain further control on the system they already have a grip on and look to exert control onto other computers on the same network.

Examples of remote execution attack

Whether a business realizes it or not, malware threats are consistently looking for vulnerabilities and a chance to infiltrate past security. In essence, every attacker is an opportunist and they’re unlikely to hold back once they’ve spotted a loophole within a system.

Scenario 1:

An employee browses the Internet with the Internet Explorer browser and visits a website, which they were prompted to visit via an unsuspecting email message. Little do they know that the website exploits a bug on their browser, allowing for remote execution of code to occur. The code is set up by a criminal who has programmed it to run on the employee’s computer, and in turn, installs a Trojan virus. A Trojan allows a back door into the computer, which can be accessed at any time by the attacker. At this point, the criminal has complete access to the employee’s data files and will do as they please with it.

Scenario 2:

A business runs an unsupported version of Windows on a computer, which happens to be Windows XP. An employee visits a website, however this website has been compromised, and a bug detects the user working on a computer that has Windows XP. Since this particular operating system is no longer patched by Microsoft, vulnerabilities are eminent. The bug picks up on this and begins remote code execution, set up by a criminal, to run ransom-ware on your computer. The ransom involves the criminal holding the company’s files hostage until payment is made.

How can you protect against remote code execution attacks?

The most practical way to approach this is to patch up the vulnerabilities found on all computers over the network, especially those used by administrators. To look at it another way, any available holes are waiting to be exploited which can potentially permit an attacker entry onto the computer system, where they can run any malicious code they want.
Therefore, keep your system updated with the latest patches by looking out regularly for Microsoft’s Patch Tuesday fixes. Microsoft offers monthly security updates to patch critical vulnerabilities pertaining to the remote code execution issue. It’s best to apply these as soon as possible.
Be sure to upgrade from unsupported operating systems, such as Windows XP, to make sure that your systems aren’t an easy target to attackers.

For more ways to secure your systems, contact your local IT professionals.

« Previous 1 … 26 27 28 29 30 31 Next »

Tag Archives: malware