• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
A1 Computer Repair

A1 Computer Repair

Computer Services

  • Computer Repair
    • Local Computer Repair
    • Laptop Repair
    • Slow Computer Repair
    • Online Computer Repair
    • Custom Computer Builders
    • Get a Repair Quote
    • Schedule a Computer or Laptop Repair
  • Our Services
    • Cell Phone Repair
    • Backup and Restore Services
    • Managed Services
    • Computer Repair Services
    • Malware Removal
    • Full System Tune-Up
    • Data Recovery Services
    • Cryptolocker Prevention
  • Support
    • Online Malware Removal
    • Create a Support Ticket
    • Remote Support Request
    • Schedule a Computer or Laptop Repair
    • Online Repair Quote
  • Pay Invoice
  • Contact Us
    • Contact A1 Now
    • Schedule a Computer or Laptop Repair
    • Customer Support
    • Remote Support Request
    • Get a Quote
  • Call (530) 903-8838
  • About Us

Trojan

Millions Exposed To Ads That Use Infected Images

December 7, 2016 by admin

Antivirus provider ESET released a report on Tuesday stating that its researchers have discovered malicious code residing within advertisements that are currently in rotation on many “reputable” news websites. Since the beginning of October, these malicious ads have been exposed to millions of web surfers who still use Microsoft’s Internet Explorer browser.

Millions Exposed To Ads That Use Images Infected By Malicious Scripts

According to the report, the ads promote applications called “Browser Defense” and “Broxu.” What’s scary is that the actual graphic used in these ads contain malicious code buried within the parameters of their alpha channel, which is used to define the transparency of each pixel in images. By way of explanation, an alpha channel is what makes the background color of an image transparent so that the focused object can reside as an overlay against any backdrop image or color.

Adding the malicious script to an image’s alpha channel is only a minor modification. The resulting image has a slightly different tone than the original, but if web surfers have no idea what the originating image looks like, then they have no clue the altered, malicious version is on their screen. The sample provided by the ESET researchers is barely indistinguishable from the “clean” original.

Once the advertisement is displayed on the visitor’s screen, the embedded code uses the CVE-2016-0162 vulnerability in Internet Explorer to scan the target PC to see if it’s running on a malware analyst’s machine. If the coast is clear, it will then load a landing page that includes a Flash file built for exploiting three vulnerabilities in Flash Player: CVE-2015-8651, CVE-2016-1019, and CVE-2016-4117.

“Upon successful exploitation, the executed shell code collects information on installed security products and performs — [in a manner] as paranoid as the cybercriminals behind this attack — yet another check to verify that it is not being monitored,” the antivirus firm reports. “If results are favorable, it will attempt to download the encrypted payload from the same server again, disguised as a GIF image.”

When the encrypted payload is downloaded to the target PC, it is then decrypted and launched through regsvr32.exe or rundll32.exe in Microsoft Windows. The payloads detected thus far have included various trojan downloaders, banking trojans, backdoors, spyware, and “file stealers.”

The attack is based on the Stegano exploit kit, which uses steganography to hide malware out in plain sight. The term is typically used when hiding messages or information within public text and data. However, in this case, the method throws a malicious script within the alpha channel information of an image. The kit was first used in 2014 to target Dutch customers, and moved on to residents in the Czech Republic. New attacks are targeting web surfers in Australia, Britain, Canada, Italy, and Spain.

ESET senior malware researcher Robert Lipovsky pointed out in an interview that web surfers aren’t required to do anything to trigger the malicious script: all they have to do is visit a website displaying the infected ad. The payloads aren’t random either: attackers choose what to download to the target PCs.

Lipovsky added that the firm didn’t release a list of websites affected by the malicious ads because the information didn’t add any value to the warning. Even more, the firm didn’t want to inflict reputational harm to the websites given that they had no clue or control over displaying the ads. Naturally, web surfers can stay safe by keeping their browser, Flash Player, and security software updated regularly.

http://www.digitaltrends.com/computing/eset-malware-images-alpha-channel-browser-defense-broxu-stegano/

Filed Under: Tech Support Blog Tagged With: eset, malvertising, malware ads, malware protection, security, Trojan, virus protection

Bank Account Stealing Malware Returns

July 11, 2014 by admin

Malicious software used to steal millions from bank accounts has re-emerged a month after US authorities broke up a major hacker network using the scheme, security researchers say.

Bank Account Stealing Malware Returns

The security firm Malcovery said it identified a new trojan based on the Gameover Zeus malware, which officials said infected up to one million computers in 12 countries, and was blamed in the theft of more than $100 million.

“This discovery indicates that the criminals responsible for Gameover’s distribution do not intend to give up on this botnet even after suffering one of the most expansive botnet takeovers/takedowns in history,”.

By infecting large numbers of computers, the cybercriminals were able to control the devices to steal passwords and send out emails to further spread the infection.

The news came as the Department of Justice said it had made progress in rooting out the malware infections.

In a status report filed in court, officials said that “all or nearly all of the active computers infected with Gameover Zeus have been liberated from the criminals’ control and are now communicating exclusively with the substitute server established pursuant to a court order.”

A blog post by the security firm Emsisoft said the new variant may be harder to combat because it is using “an evasive technique that allows the botnet to hide its distributive phishing sites behind a constantly shuffling list of infected, proxy computers.”

Gameover Zeus, which first appeared in September 2011, stole bank information and other confidential details from victims.

The FBI blamed the Gameover Zeus botnet for the theft of more than $100 million, obtained by using the stolen bank data and then “emptying the victims’ bank accounts and diverting the money to themselves.”

The June crackdown also targeted another computer virus, dubbed “Cryptolocker,” which appeared in September 2013.

Russian Evgeniy Mikhailovich Bogachev, 30, an alleged administrator of the network, was charged in Pittsburgh, Pennsylvania, with 14 counts including conspiracy, computer hacking, bank fraud, and money laundering in the Gameover Zeus and Cryptoblocker schemes.

Originally from: http://news.yahoo.com/bank-stealing-malware-returns-us-crackdown-193233883.html

Filed Under: Tech Support Blog Tagged With: anti malware, identity theft, internet security, malware, malware protection, ransom ware, Scum Ware, Trojan, windows security, worm

Primary Sidebar

Call Today: (530) 903-8838

(530) 903-8838

Find A1 on Social Media

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

a1 computer repair google reviews

yelp reviews

Copyright © 2025 A1 Computer Repair · Serving the Placerville area since 2014 - Website Design and Website Hosting by WebOvative

  • Get Quote
  • Customer Support
  • Computer Repair
  • Laptop Repair
  • Computer Services
  • Cell Phone Repair
  • Blog
  • Privacy Policy
  • Terms and Conditions