malware Archives - Page 28 of 29

Cryptowall Becoming The Most Destructive Malware of 2014

Network, Office IT, Securitycryptowall, malware, securityOphtek, LLC

Nov 2014

Cryptowall, Cryptolocker and Cryptodefence; all malware looking to hold your computer ransom. Here’s what you need to know about these viruses.

Cryptowall is one of the worst malwares out there that can maliciously encrypt your network and system files, holding them ransom in exchange for a Bitcoin payment. Typical Bitcoin payments can vary between $500 to $1000. Since there’s many hacker groups in existence in the wilderness, Cryptowall has evolved from Cryptolocker to practically do the same thing. And to confuse matters even more, there’s another variant like Cryptowall known as Cryptodefense.

The ransom message from a Cryptowall infection

Cryptowall in a nutshell

Cryptowall works by using encryption to change all of your network files, making them unreadable.
It affects Windows XP to Windows 8 Operating Systems.
It also cleverly deletes Shadow Volume Copies to stop any admins from restoring encrypted files.
Only the attacker holds the key to decrypt the files that makes them readable again.
The ransom increases after 7 days to nearly double the amount and is only payable with Bitcoin.

With this angle of attack, it’s no wonder why hackers are using this hostile method to forcibly siphon Bitcoin payment from their prey.

Examples of attacks

Durham Police

One prime example that has gained recent media coverage is Durham town police in New Hampshire. As a typical response from any law enforcement agency, the police refused to pay the ransom to cooperate with the cyber criminals.
It had impacted 1500 of their own computers, with most of their police e-mail system, spreadsheets and word processing functions being affected. It had bypassed their spam and AV filters, and was masked as an attachment in an email.
The danger lies in that the police receive plenty of emails with attachments to notify them of complaints such as potholes from residents, which of course, aren’t to be ignored. For this very reason an infected email attachment was opened, executed and it ran through the system.
Fortunately for them, they were able to stop the attack from spreading to other company functions and police networks in other towns by isolating their network and recouping their system from offline back-ups.

Business Decisions

Another example of an attack came from a client of Stu Sjourwerman’s security training firm knowB4. The attack happened after an administrator opened an infected file, which ran through onto their 7 mapped server drives, encrypting all 75 GB of data held there.

There were many negative factors against them:

Firstly, they had unverified backups, which would take time to see whether they worked or not, a risk which would be costly to the time in terms of extended downtime with no guarantee of a successful restore.
Secondly, setting up a Bitcoin account involves a lengthy process to set up with society checks that can take days to complete.
In desperation with shortening their downtime, they decided to pay the ransom. It was a business decision, meaning either losing out $500 in Bitcoin or thousands for operation downtime.
The problem was, they didn’t have the Bitcoin to pay the ransom.

The turning point:

Luckily, they had sought Stu Sjourwerman’s help, where he had Bitcoins at hand, ready for such an event like this one.
This company’s IT admins had, prior to this event, taken a security awareness course lead by ex- hacker Kevin Mitnick and with Stu Sjourwerman.
Contrary to the police case, this company had taken the advice from the course, and with Stu Sjourwerman’s Bitcoins, they managed to pay the ransom to avoid further downtime.
In the end they did recover their files; however there was corruption to one of their databases, which all in all took another painstaking 18 hours to return to normal.

Not all cases end well and not all ransoms release the files as promised. It’s really at the discretion the criminal cyber gangs controlling the attack.

For more ways to strengthen your office security and IT policy enforcement, contact your local IT professionals.

3 Reasons to Watch Your Computer Processor Usage

hardware, Security, Servicescpu, malware, pc, trojan, WindowsOphtek, LLC

Jul 2014

Your computer processor is the brain of your system. If your processor runs at 100% capacity there could be a serious problem. Here’s why you should check your CPU.

Modern operating systems like Windows 7, Windows 8 and Mac have come a long way in terms of making the most of your computer’s processor. Multi-core processors have given computers a big boost too. These and many other factors mean your processor should rarely be used at 100% capacity. So what could it mean if your computer processor is being used at 99% or 100%?

1. A bitcoin mining virus has infected the system

Bitcoins are a fairly new form of online currency that can be transferred and used anywhere in the world. Bitcoins are generated using a computers processor. However imagine having access to tens if not hundreds of thousands of unsuspecting processors to generate bitcoins for you. This has motivated criminals to write bitcoin mining viruses that will use your computers processor to make them money.

2. Trojan infections on the computer

A trojan virus allows someone to connect to your computer over the internet. They can use trojans to view your screen, record anything you type on your keyboard, steal your files or casually browse the data on your computer. Trojan viruses are one of the leading causes of identity theft and can sometimes be very difficult to remove.

3. Software is malfunctioning or failing

As hard as they try, software publishers aren’t always able to keep their software up to date and working smoothly with the latest systems. Often times the publishers will rely on users to let them know when their software misbehaves so they can release an update or fix. High CPU usage can be a sign of a malfunctioning program so be sure to save your work often.

All managed services clients are automatically covered against high CPU usage. Here’s how you can check if your processor working too hard.

For more ways to protect your home or office computers, contact your local IT professionals.

3 Ways to Remove Malware from your PC

Security, SoftwareDetect, malware, Remove, virus, WindowsOphtek, LLC

Jun 2014

Is your PC running slower or are you getting unwanted popups and ads? You may have a malware or virus infection. Here are 3 ways to remove infections.

1. First, make sure that you have an infection.

Aside from Windows running slowly, one telltale sign of an infection is the computer running programs and processes that look completely unfamiliar.

Open Windows Task Manager. Right- click the taskbar and choose Task Manager from the menu.

Select the Processes tab and click Memory or Mem Usage to to sort the running processes by how much RAM they use.

This should display the processes in descending order of memory usage. If it is in ascending order, you can click the Memory or Mem Usage tab again to view the processes with the largest memory on top. Paying special attention to these processes, look for ones with unfamiliar looking names.

In particular, focus on high memory processes running in the task manager that have names with strange characters or symbols. Perform a google search on the peculiar looking processes to find out if they are legitimate.

If the search results on the web point toward it being a malicious process, you may be able to remove it as a startup program. Click the Start button, type msconfig in the search box, and click it when it comes up as a menu selection.

After the system configuration utility loads, click the Startup tab to display the programs the system loads when the computer starts up.

Try to find the suspect process in the list of Startup Items and uncheck the box next to it to remove it as a startup process. It will be removed when Windows restarts.

2. Run a virus scan on your system

If you haven’t already done so, run a scan of your system with an antimalware or antivirus program. Malwarebytes and Microsoft Security Essentials are highly recommended. First start with a simple scan. If this detects anything, remove the threats it detects. Next, run a full system scan.

If successive full system scans still detect malware, take note of the threats the scanner displays. Run a Google search on the threats to see if anyone has posted a successful method to remove the virus.

Detection of viruses on successive scans likely indicates that your antimalware program has been compromised. Accordingly, downloading a new malware scanner is a good idea. Barring Malwarebytes, Bitdefender, Eset Online Scanner, and House Call are excellent suggestions.

But before running a scan with any of these antimalware programs, reboot the computer into Safe Mode with Networking. To do this, restart the computer and press F8 repeatedly when the logo of the motherboard manufacturer appears on the screen.

You will next see a black screen showing Advanced Boot Options. From this list select Safe Mode with Networking.

This will boot into a simplified version of Windows that runs only necessary programs. Usually malware doesn’t load in safe mode. In safe mode, run your new malware scanner in advanced or custom mode. These modes are favored because you need to scan every directory on the computer. Be sure to perform a full scan on the entire system. This will take some time. You can probably watch a full length feature film while this occurs.

After this scan cleans up your computer, run another with a different malware program. Again, be sure to do a full system scan in Safe Mode with Networking. If the second scanner detects nothing, it is a good bet your system is purged of infections.

3. Run a live disc virus scan

If multiple scans keep detecting infections, you will need to reboot into a Linux live disc. While there are many live Linux distributions to choose from, Kaspersky Rescue Disk is highly recommended, as the interface is simple for Windows users.

For more assistance on this or other issues affecting your computer, consult your local IT professionals.

Hackers Use YouTube Videos to Serve Up Malware Ads

Securitybanking, caphaw, malware, trojan, youtubeOphtek, LLC

Mar 2014

Make sure you have your firewall up!

With over 1 billion users, YouTube is one of the most visited sites on the web, but its incredible popularity is also drawing in criminals and viruses. Cyber criminals are always looking for new ways to exploit popular platforms, and YouTube is not an exception.

Recently, it was discovered that YouTube videos were serving up ads that contained the necessary precursors for an attacker to inject malware into a targeted machine. According to a Bromium Labs, the cyber criminals were leveraging holes in systems running Java, and if that was the case a Banking Trojan belonging to the Caphaw family was dropped locally onto the user’s computer. Another reason to keep your Java up to date.

Once a connection with the victim’s machine is established, the malware then tries to connect with domains which are likely based in Europe.

It’s as easy as 1-2-3.

The YouTube malware ad was delivered in the following manner:

User watches YouTube video
User sees an appealing thumbnail embedded in and clicks on it to watch another video
Once the thumbnail is clicked, the machine opens up the malware ad in the background (served by Google Ads)
Malware then redirects the user to ‘foulpapers.com’
The malicious website then serves up iFrames with the aecua.nl domain
Aecua.nl then detects the system’s Java version and drops the malware onto the victim’s machine

Casual YouTubers may never even notice that their machine was the target of such an attack. Cyber criminals will often put some work into promoting their YouTube videos to make them seem legitimate and worth watching. A video containing such exploits may contain thousands or even hundreds of views, so it is only after the damage is done that one will notice his machine is infected.

As always, we advise everyone to take the necessary precautions to prevent such an attack by installing and updating their antivirus software. It is also recommended that people disable Java unless it is absolutely necessary for running verified/safe services and applications.

For further help keeping your office or home computers secure against such attacks, contact our IT support services.

Thieves Use Yahoo to Spread Bitcoin Mining Malware

Security, Services, Softwarebitcoin, hacker, hijack, malware, mining, yahooOphtek, LLC

Feb 2014

You don’t need dynamites to find Bitcoins, just enough knowledge and computer hardware.

Malware not only steals your personal data, but can also hijack your system and network resources to work on things you don’t approve of.

Bitcoin and other forms of cryptocurrencies have skyrocketed in popularity in recent months. The cryptocurrency craze isn’t reserved just for investors as virtually anyone can get their hands on these lucrative digital coins—given they have the necessary resources. What we’re talking about is: if you don’t have money to invest in Bitcoin, you can mine the Bitcoins. Mining these coins, however, will require some computer know-how and hardware.

Stealing Without Physically Taking

When it comes to knowledge of how hardware works and where digital information flows, cybercriminals and hackers are ahead of the game. What they lack is the hardware, but why do they need to purchase their own hardware when they can steal your processing power? All they have to do is run malicious code on your computer to hijack the computer’s resources remotely and us it to mine Bitcoins for themselves.

Beginning late last year, a slew of malware aimed at hijacking computers for mining Bitcoins began infecting unsuspecting victims. Where and how these tools make their way onto people’s computer can vary, but it is especially troubling if the source is a popular website like Yahoo.

Yahoo admitted in January that its advertising platform was utilized by cybercriminals to distribute hijacking malware and viruses. Fox IT, a cybersecurity firm, estimates that as many as 2 million Yahoo users were affected by the exploit. Yahoo, however, has not given an estimate how many of its users clicked the scam ads.

Must Click the Ad That’s Slick!

While most of us will try to ignore any type of ads that appear on a website, savvy marketers will always find a way to deploy attractive and mind boggling banners that will trick us into clicking. Criminals are also marketers in a sense, and so it is likely that they used these marketing tactics to lure people into clicking their ads on Yahoo.

If you’re not running any resource intensive tasks, the task manager should display low CPU and memory usage.

If you’re a Yahoo user, and notice that your computer is running unusually slow as of late, check your computer’s resource monitor to see which process is taking up abnormally large amount of bandwidth, memory and CPU usage. Any process or application that is hogging up too much system resources could potentially be one of these Bitcoin mining malwares.

If you’re having a hard time navigating and figuring out whether or not you’re a victim of the Bitcoin malware, please contact our IT professionals and we’ll be more than happy to give you a hand!

« Previous 1 … 26 27 28 29 Next »

Tag Archives: malware