Tag Archives: malware

Ransomware! – How A Layered Security Approach Can Defeat It

My Australian mate, Mal Cowan, steps into the breech when his good friend gets infected with one of the most difficult to remove pieces of malware currently ripping up the Internet – ransomware. Follow Mal, in this guest writer article, as he spins up his skill set and puts the hammer to a ransomware payload cybercrime.

imageRecently, I received a frantic call from a good friend.  He informed me that when he booted his computer, there was a message supposedly from Australian Law Enforcement, stating that his PC had been involved in illegal activity and, distributing pornographic material.

Freak-out time – The malware had taken a photo of him via his webcam and placed it in the top  middle of the Law Enforcement notice.

Note: This scam is not restricted to Australia. The graphic below provides ample evidence that this type of ransomware is a global issue.

Graphic courtesy of F-Secure.

Immediately, I knew what this program was – Ransomware.  Tech and blog sites have been full of news of this scourge in the past few months.

At first look, there was a full screen message – complete with an official looking logo from the Australian Federal Police.  The computer’s IP address had been logged, and there was indeed a photo of my friend, along with the messages outlined above.

The clincher? The message stated that he had to pay a fine to unlock his computer.

First, I tried to start Task Manager to stop the malware process.  That did not work – it simply would not load.  The computer was well and truly locked.

Next, I tried to restart the computer in Safe Mode.  No luck.  The message appeared again.  Still frozen.

Then, I inserted Kaspersky Rescue Disk (a fantastic Linux based recovery disk made for just this type of situation), and restarted the computer.

Selecting boot options before Windows started, I loaded Kaspersky and updated the malware database via the Internet.  The wonderful thing about Kaspersky is, it scans the infected machine without Windows running, so anything nasty cannot hide.

After a three hour scan, Kaspersky came up with 50 Trojan detections (one of the biggest I have ever seen).  It was able to eliminate all but one of them.

I crossed my fingers and restarted Windows.  Instead of the message, there was just a big white screen – still locked.  Kaspersky had obviously made a dent, but I needed something more.

Before leaving for my friends house, I had loaded up a USB stick with Hitman Pro Kickstart.  Hitman Pro is a wonderful true cloud antivirus scanner using multiple AV engines, with an excellent detection rate.

Recently, it also added a feature in which one can create a bootable USB stick that can bypasses the infected boot process.  The catch is – this must be done on an uninfected machine (which is why I used my personal computer to create it).

I inserted the USB stick into the slot, restarted the machine, and went to boot options (the F12 key on the infected machine) and selected “Boot from USB”.

Hitman Pro Kickstart came through.  It booted straight into the Windows environment without a hitch, and then proceeded to run a scan (an Internet connection is required).  I was a bit dismayed when the scan came back clean, as I knew Kaspersky had not been able to eliminate one threat.

But now, I was past the ransomware Trojan and able to start other antimalware applications.  Malwarebytes was next.  I updated it and proceeded to run a full scan.  Bingo.  It nailed a few more Trojans that had got past Kaspersky and Hitman Pro, and after deleting these nasties and rebooting the computer normally again, a further scan with Hitman Pro, Malwarebytes and AVG, the computer came up clean.

The point of my story really is quite simple.  NOBODY can rely on one antivirus/antimalware application to catch all malware.  The ransomware obviously got past the onboard, realtime antivirus (which was not AVG, I installed that afterwards).  Kaspersky detected most of the infections, Hitman Pro helped me boot into the Windows environment, and Malwarebytes cleaned up the rest.  AVG came up with a clean scan after I uninstalled the old antivirus.

How did my friend get infected?  Who knows.  There are so many exploits that this Trojan could have used that I don’t have a clue.  The computer is a family machine, used mostly by children for online games and such.

Just visiting a family friendly site can get your computer infected these days. It could have been worse.  It might have been an infection that actually encrypted the contents of the whole computer.  That’s a nightmare I am glad I didn’t have to deal with.

Thanks Mal.   Smile

Advertisements

9 Comments

Filed under Anti-Malware Tools, Free Security Programs, Guest Writers, Malware Removal

Valentine’s Day – Malware Love Is Coming Your Way

From the – here we go again files. Love in your inbox – malware on your computer.

imageLike clockwork, spammers and cybercrooks ramp up the volume of Valentine’s spam emails aimed at unsuspecting users – every yearstarting just about now.

You know the ones –  “Falling in love with you”, “Sending you my love”, “Memories of you”, “I Love You Soo Much” …………. (saccharin sells I guess  Smile  ). Since cyber crooks are opportunity driven, you can expect much more of this type of cybercriminal activity again this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. MP3 files, screensavers, cartoons, YouTube videos, and the like. You get them so often, that you just automatically click on the email attachment without thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting emotions. The fact is, we’re all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, many of us find it difficult, if not irresistible, to not peek at love notes received via *email.

The reality.

The truth is, these emails often contain links that deliver advertisements – or worse, redirect the victim to an unsafe site where malware can be installed on the soon to be victim’s computer.

Would you be fooled?

A couple of years back, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. Clicking on the link led him to a site which had a graphic of hearts and puppies – and of course,  the teaser.

image

Luckily, common sense prevailed and he backed out of this site. If he had clicked on the teaser, he would have begun the process of infecting his machine with a Trojan. A Trojan designed to connect to a remote command and control center.

Unfortunately, being smart is often NOT enough to protect yourself. At a minimum – make sure you have an effective security solution installed; capable of detecting both known and new malware strains.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them – they could take you to a web site designed to download malware onto your computer.

* Cyber crooks have moved on from using just emails as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter

Facebook

Chat forums, etc..

6 Comments

Filed under Don't Get Scammed, Don't Get Hacked, email scams, Malware Alert

Sandboxie! – Think INSIDE The Box!

imageWouldn’t it be terrific if, following a mistake which led to malware making its way on to your computer, you could wave a magic wand, utter the words – “get thee gone” – and, quick as you like – no more malware infection?

Luckily, you can do just that. You don’t have to be a mage or a magician – you don’t have to deliver a magic enchantment – but, you do need to be running a sandbox based isolation application.

And that, brings me to Sandboxie (last updated December 16, 2012) – the King of isolation applications in Geek territory. Rather than geek you into the land of nod – today’s review is what I like to refer to as a “soft review”.

Simply put, Sandboxie, when active, creates a virtual environment (of a sort), on a computer by redirecting all system and application changes, to an unused location on a Hard Drive. These changes can be permanently saved to disk or, completely discarded.

A case in point for isolating web surfing:

While surfing the Net, an inexperienced user mistakenly accepts an invitation to install a scareware application but realizes, after the fact, that this is a scam. Operating in a “real” environment, the damage, unfortunately, would already have been done.

Operating in an isolated environment with Sandboxie active; the system changes made by this parasite could be completely discarded – since the attack occurred in a – “I’m not really here” environment .

An obvious part of reviewing an application is, providing a technical breakdown of just how an application gets the job done – or, in some cases how/why an application doesn’t quite get it done.

It’s not often that I get caught between the proverbial “rock and a hard place” in terms of illustrating an application’s aptitude in getting the task accomplished. In this case however, Ronen Tzur, Sandboxie’s developer, has taken the expression – a picture is worth a thousand words – and definitely run with it.

From the site: Introducing Sandboxie

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally.

The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

Fast facts:

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.

Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.

Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

The developer has provided a clear and concise Getting Started tutorial – which includes:

How to to use Sandboxie to run your applications.

How the changes are trapped in the sandbox.

How to recover important files and documents out of the sandbox.

How to delete the sandbox.

System requirements: Windows XP, Vista, Win 7 (32 and 64 bit), Win 8 (32 and 64 bit).

Available languages: English, Albanian, Arabic, Chinese (Simplified and Traditional), Czech, Danish, Estonian, Finnish, French, German, Greek, Hebrew, Indonesian, Italian, Japanese, Korean, Macedonian, Polish, Portuguese (Brazil and Portugal), Russian, Spanish, Swedish, Turkish, and Ukrainian.

Download at: Sandboxie

A Caveat: You may run with Sandboxie free of charge – but, once past the initial 30 days, you will be reminded that a lifetime licensed version is available for € 29 (approximately $38 USD at today’s conversion rate).

10 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Don't Get Hacked, downloads, Malware Protection, Virtualization

Scan a QR code – Expose yourself to mobile malware

Guest post by David Maman – CTO & Founder of GreenSQL.

imageA single poisoned link is all it takes to expose an entire organization to a full-scale attack.

Hackers write sophisticated browser-based attacks that operate quite stealthily. Now, they’re going after our mobile phones, which are soon to be the number one way we access the web.

As QR codes have evolved, they now can offer users – and thieves – unlimited information within seconds of scanning.

And we scan them voluntarily.

We’ve already been trained to think twice before entering an unknown link we get from a stranger or even a friend, but almost anyone will scan an unknown QR code with a smartphone or a tablet, if the offer it’s embedded in looks tempting enough.

The Experiment:

Over a three-day security conference in London, I created a small poster featuring a big security company’s logo and the sentence “Just Scan to Win an iPAD.” Thousands of people walked by, no one asked where the sign came from, and no one took it down, not even a representative of the company featured on the sign.

The results: 455 people scanned the sign and browsed the link over the three days. The breakdown: 142 iPhone users, 211 Android users, 61 Blackberry, and 41 unknown browsers.

Remember, this was a conference for security professionals.

As I’m a nice guy fighting for the right side, the QR code simply linked to a web page featuring a smiley face. If I had decided to include a malware or poisoned URL attack based on multiple mobile smart phone browsers, I wonder whose phone I would have penetrated…

To make a long story short: QR codes are becoming more and more prevalent. And most of us don’t have the same AV or URL filtering technology on our phones or tablets that we have on our PCs.

The question is: Can we really fully trust the QR codes we see on the streets, in restaurants, or in ads? Regretfully, the answer is no.

Any attacker can take advantage of QR codes. And remember, unlike computers, most mobile devices do not include antivirus solutions to protect us against mobile malware.

Think before you scan.

· Does this QR code seem to come from a reliable source?

· After scanning the QR code and seeing the link, is the link really from whom it claimed to be?

· Would I click on this link if it came through my email?

Even if you miss out on the iPAD or the free ice cream cone, you’re probably better off.

Author bio:

David Maman is CTO & Founder of GreenSQL, the database security company.

About GreenSQL:

GreenSQL, the Database Security Company, delivers out-of-the-box database security solutions for small and mid-sized organizations. Started as an open source project back in 2006, GreenSQL became the no. 1 database security solution for MySQL with 100,000 users worldwide. In 2009, in response to market needs, GreenSQL LTD developed a commercial version, bringing a fresh approach to protecting databases of small- and medium-sized businesses.

GreenSQL provides database security solutions that are affordable and easy to install and maintain. GreenSQL supports Microsoft Azure, SQL Server (all versions including SQL Server 2012), MySQL and PostgreSQL.

6 Comments

Filed under Connected Devices, Cyber Crime, Don't Get Hacked, Guest Writers, Internet Safety Tools

Another Worm Worms Its Way Into Instant Messaging Applications

imageFrom the more things change the more they remain the same files:

AV-killing worm spreads via Facebook chat and IM clients – A rather industrious piece of malware that – among other things – paves the way for other malware by disabling AV solutions and software update modules has been spotted spreading via several Instant Messaging applications (ICQ, Skype, GTalk, Pidgin, MSN, YIM) and Facebook.

The victims receive a message from an unknown user, offering a link to a funny or interesting video. If they follow it, the malware in question downloads automatically from the linked site and is executed.

Nothing new here – as any one of the 10 or more articles I’ve  written over the years on using Instant Messenger applications safely will attest to. The following post (originally published September 4, 2010) will serve as a quick refresher on how to navigate the Internet safely while using an Instant Messenger client.

Tips For Using Instant Messenger Applications Safely

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.

The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.

Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.

image

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

3 Comments

Filed under Don't Get Hacked, Instant Messenger Safety Tips, Interconnectivity, Malware Alert

Android Malware – Take the Security of Your Device Seriously

Guest writer Megan Berry has some timely advice on how you can avoid avoid malware on Android smartphones and tablets.

imageRule #1 of Android security: don’t download apps from websites other than Google Play for fear that you unwittingly infect your smartphone or tablet with malware. Well, not surprisingly, cybercriminals found a way to invalidate rule #1.

A security researcher at Symantec recently discovered two apps infected with malware in the app store that were quickly removed. But not before tens of thousands of users downloaded them.

This scenario is particularly troubling for companies with BYOD programs that permit Android devices to connect to their network. How do companies protect corporate assets without taking away employees’ ability to use their favorite mobile devices on the job? Especially since it seems that cybercriminals are always one step ahead of security experts.

Whether you use an Android device at home, on the job, or both, the growing threat of Android malware means it is more important than ever to take the security of your device seriously.

How to avoid malware on Android smartphones and tablets

Nothing you can do will guarantee you will never be infected with malware, but there are things you can do to minimize the risk.

· Before downloading an app, do a quick web search to check up on the developer and the app itself. Look for red flags in the search results, such as negative user reviews or complaints, that indicate you need to dig deeper before tapping that “Accept & download” button. Hint: You can visit the developer’s webpage from the app listing.

· Some malicious apps try to hide behind a legitimate brand name. Make sure the name of the developer jives with the title of the app.

· Read the app’s user reviews. Red flags will show up here, too.

· Examine the permissions of the app: are they in line with the app’s intended use? For example, does a news app really need to access your contacts or send text messages?

· IT managers should insist that employees install an Android anti-virus app. Or, better yet, insist that users turn their devices over to IT before they’re allowed to connect to the network for the first time. This way IT can install anti-virus software it has evaluated, configure it properly and enforce its use.

Android anti-virus apps: worth it or not?

The effectiveness of Android anti-virus apps is debatable, though. In a recent study, only a handful of Android anti-virus apps were found to detect most types of threats. The March 2012 study by AV-Test.org rated 23 out of 41 apps effective, or 56%. Of those 23, only 10 detected greater than 90% of known malware types.

Still, the authors of the study say any of the anti-virus apps that were found to detect greater than 65% of known malware types provide adequate protection.

Unpatched system software: Your device’s Achilles’ heel

Even though you’re careful about what apps you install and you run an anti-virus program, your device may still be vulnerable because of unpatched system software.

According to security vendor Duo Security, the speed at which wireless carriers supply updates to their users varies. Therefore, it’s possible for devices to go unprotected for long periods of time. The fragmentation of the Android platform complicates the task of rolling out updates, not to mention the fact that companies have little incentive to fix existing flaws when new devices with the latest system software are already on the shelves.

This is of particular concern for companies that allow their employees to connect their personal Android devices to the company network. It should also be of concern to employees, who may be liable if their device infects their employer’s network – many corporate bring-your-own-device (BYOD) policies place the responsibility for keeping devices malware-free squarely on the shoulders of the user.

Duo Security’s new app, X-ray, scans Android devices to discover unpatched flaws in system software. If the app finds a problem, the user can go to Settings>About Phone>System Updates to download the latest version. If an official update isn’t available via System Updates, Duo Security encourages users to contact their carrier for more information, or at the very least, exercise extreme caution when downloading apps.

Individual users can download and install the app from the X-Ray for Android website. Organizations can get an enterprise-level version by emailing the company.

Lesson learned

The lesson here is that unfortunately, it’s no longer safe to assume that just because an app is available from a reputable source, it’s malware-free. And, educating yourself and your users, combined with tried-and-true anti-virus software, is still the best protection against the quickly evolving threat that Android malware presents.

About the Author: Senior writer for IT Manager Daily, Megan covers the latest technology news and trends impacting business.

8 Comments

Filed under Android, Anti-Malware Tools, Guest Writers, Malware Protection

Put BitDefender Safego Between You And Facebook, Twitter Scammers

It’s an awesome summer day here, and the sum-sum-summer time lazies have gotten a stranglehold on my motivation to stay connected. Since it won’t be all that long until it’s back to snowstorms and blizzards, today is a day to just hang out, crash in the sunshine – and maybe pour a jar or two – or three.   Smile

So, in order to assuage my guilt somewhat (feeling guilty over disconnecting from the Internet – who knew?), I though I’d rerun a post from August of last year – BitDefender Safego – A Free Social Network Cyber Criminal Defense System – since, it’s as timely now, as it was then.

imageNo matter my own thoughts on Facebook and Twitter (which are not entirely positive), it’s impossible to ignore the impact social networking has had on how we communicate.

It’s hardly surprising then, that Facebook and Twitter, and sites like them, have proven to be the perfect channel for cyber criminals to “communicate” with potential victims.

In the past hour alone, over 25,000 articles dealing with Facebook malware have been posted to the Net – as the following screen capture indicates. Ponder on that – 25,000 articles dealing with Facebook malware in one hour! That number certainly reaches the threshold of what I consider an epidemic.

image

Just for a reference point – the “any time” total, using the same search string, is 44 Million results.

image

My usual skeptical observation:

You might think, given those numbers, that a typical social network user would take minimum precautions to ensure that their privacy, and computer system security, are protected against compromise by employing a sound safety strategy. But no, typical social network users’ are #####, ********, !!!!!!!!!! , ………… Unfortunately, given that this is a G rated blog, I’ll have to leave the expletives deleted.

Still, for the sake of fairness, I will note – cyber criminal craftiness should not be underestimated. The video below is just one example of how an unaware user can be misled; leading to a perfect storm of malware issues.

Click on the following graphic to play the video.

image

There is no perfect safety solution in an open system like Facebook, or Twitter – but, there are steps that can be taken to reduce the likelihood that cyber criminals will successfully disrupt your piece of mind.

A few months ago, Bitdefender released a free application – Safego for Facebook- which has just been updated to offer the same level of protection to Twitter users. If you are a Twitter or Facebook users, I urge you to checkout this free application.

From the Bitdefender site:

Bitdefender Safego for Facebook:

Using in-the-cloud scanning, Bitdefender Safego protects your social network account from all sorts of e-trouble: scams, spam, malware and private data exposure. But, most importantly, Safego keeps your online friends safe and …close.

By installing the BitDefender Safego app, users will receive:

Privacy protection – users are warned when they should modify their Facebook privacy settings so personal information isn’t exposed

Automatic scanning –users simply press the “scan now” button to get a snapshot of their Facebook security status

24/7 protection– Facebook accounts are protected even when users are not logged in to Facebook

Protection for friends – users will have the ability to warn their friends about infected links in their Facebook accounts

Bitdefender Safego for Twitter:

Initially launched for Facebook users, Bitdefender Safego is now ready to protect Twitter accounts as well. Bitdefender Safego uses the Bitdefender antimalware and antiphishing engines to scan URLs in the cloud.

Bitdefender Safego keeps your Twitter account safe by:

Checking unknown users before you follow them
Checking the accounts you are following
Scanning your direct messages for spam, suspicious links or highjacking attempts.

See BitDefender Safego in action on YouTube.

BitDefender Safego dashboard shown below.

image

For additional information on BitDefender Safego, please visit the BitDefender Safego app page on Facebook, or the app page on Twitter.

Comments Off on Put BitDefender Safego Between You And Facebook, Twitter Scammers

Filed under BitDefender, Don't Get Scammed, Don't Get Hacked, downloads, FaceBook, Freeware, Malware Protection, Twitter