A1 Computer Repair

Computer Services

malware protection

Millions Exposed To Ads That Use Infected Images

by

Antivirus provider ESET released a report on Tuesday stating that its researchers have discovered malicious code residing within advertisements that are currently in rotation on many “reputable” news websites. Since the beginning of October, these malicious ads have been exposed to millions of web surfers who still use Microsoft’s Internet Explorer browser.

Millions Exposed To Ads That Use Images Infected By Malicious Scripts

According to the report, the ads promote applications called “Browser Defense” and “Broxu.” What’s scary is that the actual graphic used in these ads contain malicious code buried within the parameters of their alpha channel, which is used to define the transparency of each pixel in images. By way of explanation, an alpha channel is what makes the background color of an image transparent so that the focused object can reside as an overlay against any backdrop image or color.

Adding the malicious script to an image’s alpha channel is only a minor modification. The resulting image has a slightly different tone than the original, but if web surfers have no idea what the originating image looks like, then they have no clue the altered, malicious version is on their screen. The sample provided by the ESET researchers is barely indistinguishable from the “clean” original.

Once the advertisement is displayed on the visitor’s screen, the embedded code uses the CVE-2016-0162 vulnerability in Internet Explorer to scan the target PC to see if it’s running on a malware analyst’s machine. If the coast is clear, it will then load a landing page that includes a Flash file built for exploiting three vulnerabilities in Flash Player: CVE-2015-8651, CVE-2016-1019, and CVE-2016-4117.

“Upon successful exploitation, the executed shell code collects information on installed security products and performs — [in a manner] as paranoid as the cybercriminals behind this attack — yet another check to verify that it is not being monitored,” the antivirus firm reports. “If results are favorable, it will attempt to download the encrypted payload from the same server again, disguised as a GIF image.”

When the encrypted payload is downloaded to the target PC, it is then decrypted and launched through regsvr32.exe or rundll32.exe in Microsoft Windows. The payloads detected thus far have included various trojan downloaders, banking trojans, backdoors, spyware, and “file stealers.”

The attack is based on the Stegano exploit kit, which uses steganography to hide malware out in plain sight. The term is typically used when hiding messages or information within public text and data. However, in this case, the method throws a malicious script within the alpha channel information of an image. The kit was first used in 2014 to target Dutch customers, and moved on to residents in the Czech Republic. New attacks are targeting web surfers in Australia, Britain, Canada, Italy, and Spain.

ESET senior malware researcher Robert Lipovsky pointed out in an interview that web surfers aren’t required to do anything to trigger the malicious script: all they have to do is visit a website displaying the infected ad. The payloads aren’t random either: attackers choose what to download to the target PCs.

Lipovsky added that the firm didn’t release a list of websites affected by the malicious ads because the information didn’t add any value to the warning. Even more, the firm didn’t want to inflict reputational harm to the websites given that they had no clue or control over displaying the ads. Naturally, web surfers can stay safe by keeping their browser, Flash Player, and security software updated regularly.

http://www.digitaltrends.com/computing/eset-malware-images-alpha-channel-browser-defense-broxu-stegano/

Be careful, it is The Season for Cyber Criminals

by

With the end of the year, the volume of internet sales increases drastically due to Black Friday, Cyber Monday, Christmas, and New Year’s Eve. Cybercriminals also increase their activity on these dates, as they want to go unnoticed in the high number of transactions.

For that reason, you must be aware of the threats you are exposed to in order to avoid an unwanted gift—more than your grandma’s socks.

cyber criminals

According to Allianz Risk Barometer for 2015, cybercrime rose three positions from 2014 to become the fifth top global business risk in 2015. It is a big threat that continues to expand; you have to be informed about it and take action to avoid it.

Let’s take a look at the biggest threats that you should be aware of.

Malvertising: A growing threat

Malicious ads are online advertisements on legitimate websites created to deliver and spread spyware, ransomware, and other malware to end-user systems. They are usually shown as targeted pop-up advertisements or as banner ads on online shopping sites, news portals, social media sites, and gaming and adult platforms.

Unlike other malware delivery mechanisms which require user action (clicking a link or opening an email attachment), malvertisements often require no user interaction to work, which makes them quite dangerous.

Sometimes, just visiting a webpage with malicious ads on it is enough to infect a system. In other cases, users have to click fake Flash or Java updates, or fake anti-virus alerts, to get infected.

Typically, larger websites receive ads through multiple ad brokers and networks automatically, with little action margin to filter them. As advertisements are tailored to the user’s demographics, location, and browsing history, attackers can deliver the malware to their desired victims.

Security vendor RiskIQ reported a shocking 260 percent increase in the number of detected malvertisements in the first half of 2015, compared to the same period last year.

Unfortunately, there isn’t much you can do to avoid malvertising, but make sure you have good commercial antivirus software installed so that if you do stumble upon a bad ad, you will have an extra layer of protection.

Phishing

One of the most dangerous threats this season is Phishing. Phishing occurs when cybercriminals attempt to get your usernames, passwords, and credit card details by creating a fake version of a real and well-known site. Users get tricked into entering their sensitive information, thinking that the site is the real one. You may arrive at one of these sites by misspelling the address or by following links on forged emails, ads, or posts.

This time of year we always see several fake stores emerge. They are there for a couple of weeks, then disappear with your sensitive data and your money.

The Anti-Phishing Working Group reports that in the last quarter of 2014, there was an increase of 18 percent in the number of unique phishing reports compared to the previous quarter and that retail /service was the most targeted industry sector, with payment services close behind.

To confirm that you are on a real, legitimate site, look for the https protocol at the beginning of the URL and check that there is a padlock icon, indicating that the identity of the site is confirmed by a third-party security firm.

Click Here to Continue Reading This Article

When you are browsing a site look for https and the padlock icon to ensure its authenticity and that your information will be transmitted securely.

How To Protect Your Files From Malware

by

Protect Your Files From Malware and Viruses

Backing up your files is the best way to protect your files and data. Once you have a great backup system installed, you’ve already taken the most important step in protecting your computer – but there are threats beyond data loss that you can prepare for.

How To Protect Your Files From Malware

Malware (short for malicious software) is software that is developed to disrupt or damage a computer system. It can appear in a number of ways and can be used to gather private information, delete data or even lock people out of their own files. According to Kaspersky Labs, there are more than 200,000 new malware threats per day!

One such malware, Cryptolocker, has been making the internet rounds over the past several weeks. The software is called “ransomware”, as it encrypts the files on infected computers so users can’t access them. When someone tries to open a file on a computer infected with this malware, they are alerted that they must pay $300 for their files to be unencrypted so they can access them. Deleting the malware or refusing to pay the ransom will leave their files encrypted.

As a trusted partner in data protection, Carbonite Backup wants to ensure that our customers are aware of these threats and know how to prevent them from infecting their computers and servers. Here are some tips that can help you avoid malware and other types of viruses to protect your files:

  • Be an email skeptic: Malware is often spread through email links or attachments. Don’t open attachments or click on links from people or companies you’re not familiar with.
  • Free software – too good to be true?: Downloading free software is tempting, but it may include spyware and other malicious content. Only download software from trusted vendors.
  • Down with the pop-ups: Block pop-up windows and don’t click on links or buttons within them.
  • Bump up your browser security: Go into your web browser settings and make sure your security settings are set to medium or higher.
  • Beware of illegal downloads: While it’s tempting to watch a movie that’s still in theatres on your computer, many files shared on illegal file-sharing sites have pieces of malware attached to them.

These are just a few tips that can help you avoid the headaches to protect your files and other negative effects of malware. Need more information on backup software? Contact Us or Open a Support Ticket, we are here to help.

Reprinted from an article

Avoid Ransomware Attacks Using These 5 Steps

by

Avoid Ransomware Attacks

Ransomware is malicious software used by cybercriminals all across the world to get hold of your computer and computer files for ransom, demanding payment from you to get them back in normal working condition. Although ransomware is not a common malware, over time it has proved to be a very effective one. Various new variants of ransomware are swarming in the digital market these days, all specifically designed to frighten the victim into paying a fee to get their computer back in a normal working state. Lately, many cybercrooks have started targeting it locally, making it even more dangerous than before.

However, you can save your system from giving in to the ransomware attack by employing these simple, yet effective steps-

Back up your valuable data

This one is an overall security tip on which you can fall back if your computer system is attacked by ransomware. Have a regularly updated backup of your valuable data so that even if you do become a victim of ransomware, you don’t have to lose all your vital data. In such a case, you can easily restore your system and refurbish all your important documents from backup. Having a regular backup regimen is really important for you, preferably on an external hard disk or any backup service.

Use a robust security suite

It’s always good to have a strong backing of a robust Internet security software program to help you pick out the identity thefts, suspicious activities, and unsolicited dangers. These days many new variants of viruses, malware, and ransomware have hit the digital world, escaping even from the strong detection systems. Hence, it becomes really essential to have an added layer of protection to help detect the ransomware or mitigate its effects after the attack. Install CryptoPrevent as well as a commercial-grade anti-virus like ESET Nod 32.

Patch/update your software

The ransomware authors and programmers heavily rely on the people who are running outdated software. This outdated software is vulnerable itself and it makes the whole computer system susceptible to any malicious attack, which can exploit other programs on your computer to silently get into your system. So, keeping all your software updated can decrease the potential threat of ransomware. For this purpose, you can turn the update notification system of your software program, which will timely alert you about the security updates and patches.

Disconnect from the Internet immediately

Getting a ransomware note from an unknown source can prove to be a real threat to your computer system. In such a case, don’t panic; rather disconnect your system from the Internet so that your personal information isn’t transmitted to cybercriminals and hijackers. The best action could be to simply shut down your computer system and re-install the software and data backup after turning it on. This way, you can not only start afresh but your computer system will be saved from literal damage by a malicious program.

In the end, all you have to do is to stay alert and use a robust security suite to prevent ransomware attacks. Though, following these steps will help you avoid your computer system from becoming a victim of ransomware.

Article Credit Tech Genie @ http://blog.techgenie.com/security-how-to/five-steps-to-avoid-ransomware-attack.html

Bank Account Stealing Malware Returns

by

Malicious software used to steal millions from bank accounts has re-emerged a month after US authorities broke up a major hacker network using the scheme, security researchers say.

Bank Account Stealing Malware Returns

The security firm Malcovery said it identified a new trojan based on the Gameover Zeus malware, which officials said infected up to one million computers in 12 countries, and was blamed in the theft of more than $100 million.

“This discovery indicates that the criminals responsible for Gameover’s distribution do not intend to give up on this botnet even after suffering one of the most expansive botnet takeovers/takedowns in history,”.

By infecting large numbers of computers, the cybercriminals were able to control the devices to steal passwords and send out emails to further spread the infection.

The news came as the Department of Justice said it had made progress in rooting out the malware infections.

In a status report filed in court, officials said that “all or nearly all of the active computers infected with Gameover Zeus have been liberated from the criminals’ control and are now communicating exclusively with the substitute server established pursuant to a court order.”

A blog post by the security firm Emsisoft said the new variant may be harder to combat because it is using “an evasive technique that allows the botnet to hide its distributive phishing sites behind a constantly shuffling list of infected, proxy computers.”

Gameover Zeus, which first appeared in September 2011, stole bank information and other confidential details from victims.

The FBI blamed the Gameover Zeus botnet for the theft of more than $100 million, obtained by using the stolen bank data and then “emptying the victims’ bank accounts and diverting the money to themselves.”

The June crackdown also targeted another computer virus, dubbed “Cryptolocker,” which appeared in September 2013.

Russian Evgeniy Mikhailovich Bogachev, 30, an alleged administrator of the network, was charged in Pittsburgh, Pennsylvania, with 14 counts including conspiracy, computer hacking, bank fraud, and money laundering in the Gameover Zeus and Cryptoblocker schemes.

Originally from: http://news.yahoo.com/bank-stealing-malware-returns-us-crackdown-193233883.html

Keyloggers – Keystroke Logging Software Threats

by

A keylogger is a program that runs in your computer’s background secretly recording all your keystrokes. Once your keystrokes are logged, they are hidden away for later retrieval by the attacker. The attacker then carefully reviews the information in hopes of finding passwords or other information that would prove useful to them.

Keyloggers---Keystroke-Logging-Software-and-Hardware

For example, a keylogger can easily obtain confidential emails and reveal them to any interested outside party willing to pay for the information.

Keyloggers can be either software or hardware-based. Software-based keyloggers are easy to distribute and infect, but at the same time are more easily detectable. Hardware-based keyloggers are more complex and harder to detect. For all that you know, your keyboard could have a keylogger chip attached and anything being typed is recorded into a flash memory sitting inside your keyboard. Keyloggers have become one of the most powerful applications used for gathering information in a world where encrypted traffic is becoming more and more common.

Keyloggers - Keystroke Logging Software and Hardware 3

As keyloggers become more advanced, the ability to detect them becomes more difficult. They can violate a user’s privacy for months, or even years, without being noticed. During that time frame, a keylogger can collect a lot of information about the user it is monitoring. A keylogger can potentially obtain not only passwords and log-in names, but credit card numbers, bank account details, contacts, interests, web browsing habits, and much more. All this collected information can be used to steal users’ personal documents, money, or even their identity.

Keyloggers - Keystroke Logging Software and Hardware 2

A keylogger might be as simple as an .exe and a .dll that is placed in a computer and activated upon boot-up via an entry in the registry. Or, the more sophisticated keyloggers, such as the Perfect Keylogger or ProBot Activity Monitor have developed a full line of nasty abilities including:

· Undetectable in the process list and invisible in operation

· A kernel keylogger driver that captures keystrokes even when the user is logged off

· A remote deployment wizard

· The ability to create text snapshots of active applications

· The ability to capture http post data (including log-ins/passwords)

· The ability to timestamp record workstation usage

· HTML and text log file export

· Automatic e-mail log file delivery

All keyloggers are not used for illegal purposes. A variety of other uses have surfaced. Keyloggers have been used to monitor websites visited as a means of parental control over children. They have been actively used to prevent child pornography and avoid children coming in contact with dangerous elements on the web. Additionally, in December 2001, a federal court ruled that the FBI did not need a special wiretap order to place a keystroke logging device on a suspect’s computer. The judge allowed the FBI to keep details of its keylogging device secret (citing national security concerns). The defendant in the case, Nicodemo Scarfo Jr., indicted for gambling and loan-sharking, used encryption to protect a file on his computer. The FBI used the keystroke logging device to capture Scarfo’s password and gain access to the needed file.

A1 Computer Repair – Malicious Software Removal Experts