A1 Computer Repair

Computer Services

virus protection

Millions Exposed To Ads That Use Infected Images

by

Antivirus provider ESET released a report on Tuesday stating that its researchers have discovered malicious code residing within advertisements that are currently in rotation on many “reputable” news websites. Since the beginning of October, these malicious ads have been exposed to millions of web surfers who still use Microsoft’s Internet Explorer browser.

Millions Exposed To Ads That Use Images Infected By Malicious Scripts

According to the report, the ads promote applications called “Browser Defense” and “Broxu.” What’s scary is that the actual graphic used in these ads contain malicious code buried within the parameters of their alpha channel, which is used to define the transparency of each pixel in images. By way of explanation, an alpha channel is what makes the background color of an image transparent so that the focused object can reside as an overlay against any backdrop image or color.

Adding the malicious script to an image’s alpha channel is only a minor modification. The resulting image has a slightly different tone than the original, but if web surfers have no idea what the originating image looks like, then they have no clue the altered, malicious version is on their screen. The sample provided by the ESET researchers is barely indistinguishable from the “clean” original.

Once the advertisement is displayed on the visitor’s screen, the embedded code uses the CVE-2016-0162 vulnerability in Internet Explorer to scan the target PC to see if it’s running on a malware analyst’s machine. If the coast is clear, it will then load a landing page that includes a Flash file built for exploiting three vulnerabilities in Flash Player: CVE-2015-8651, CVE-2016-1019, and CVE-2016-4117.

“Upon successful exploitation, the executed shell code collects information on installed security products and performs — [in a manner] as paranoid as the cybercriminals behind this attack — yet another check to verify that it is not being monitored,” the antivirus firm reports. “If results are favorable, it will attempt to download the encrypted payload from the same server again, disguised as a GIF image.”

When the encrypted payload is downloaded to the target PC, it is then decrypted and launched through regsvr32.exe or rundll32.exe in Microsoft Windows. The payloads detected thus far have included various trojan downloaders, banking trojans, backdoors, spyware, and “file stealers.”

The attack is based on the Stegano exploit kit, which uses steganography to hide malware out in plain sight. The term is typically used when hiding messages or information within public text and data. However, in this case, the method throws a malicious script within the alpha channel information of an image. The kit was first used in 2014 to target Dutch customers, and moved on to residents in the Czech Republic. New attacks are targeting web surfers in Australia, Britain, Canada, Italy, and Spain.

ESET senior malware researcher Robert Lipovsky pointed out in an interview that web surfers aren’t required to do anything to trigger the malicious script: all they have to do is visit a website displaying the infected ad. The payloads aren’t random either: attackers choose what to download to the target PCs.

Lipovsky added that the firm didn’t release a list of websites affected by the malicious ads because the information didn’t add any value to the warning. Even more, the firm didn’t want to inflict reputational harm to the websites given that they had no clue or control over displaying the ads. Naturally, web surfers can stay safe by keeping their browser, Flash Player, and security software updated regularly.

http://www.digitaltrends.com/computing/eset-malware-images-alpha-channel-browser-defense-broxu-stegano/

Be careful, it is The Season for Cyber Criminals

by

With the end of the year, the volume of internet sales increases drastically due to Black Friday, Cyber Monday, Christmas, and New Year’s Eve. Cybercriminals also increase their activity on these dates, as they want to go unnoticed in the high number of transactions.

For that reason, you must be aware of the threats you are exposed to in order to avoid an unwanted gift—more than your grandma’s socks.

cyber criminals

According to Allianz Risk Barometer for 2015, cybercrime rose three positions from 2014 to become the fifth top global business risk in 2015. It is a big threat that continues to expand; you have to be informed about it and take action to avoid it.

Let’s take a look at the biggest threats that you should be aware of.

Malvertising: A growing threat

Malicious ads are online advertisements on legitimate websites created to deliver and spread spyware, ransomware, and other malware to end-user systems. They are usually shown as targeted pop-up advertisements or as banner ads on online shopping sites, news portals, social media sites, and gaming and adult platforms.

Unlike other malware delivery mechanisms which require user action (clicking a link or opening an email attachment), malvertisements often require no user interaction to work, which makes them quite dangerous.

Sometimes, just visiting a webpage with malicious ads on it is enough to infect a system. In other cases, users have to click fake Flash or Java updates, or fake anti-virus alerts, to get infected.

Typically, larger websites receive ads through multiple ad brokers and networks automatically, with little action margin to filter them. As advertisements are tailored to the user’s demographics, location, and browsing history, attackers can deliver the malware to their desired victims.

Security vendor RiskIQ reported a shocking 260 percent increase in the number of detected malvertisements in the first half of 2015, compared to the same period last year.

Unfortunately, there isn’t much you can do to avoid malvertising, but make sure you have good commercial antivirus software installed so that if you do stumble upon a bad ad, you will have an extra layer of protection.

Phishing

One of the most dangerous threats this season is Phishing. Phishing occurs when cybercriminals attempt to get your usernames, passwords, and credit card details by creating a fake version of a real and well-known site. Users get tricked into entering their sensitive information, thinking that the site is the real one. You may arrive at one of these sites by misspelling the address or by following links on forged emails, ads, or posts.

This time of year we always see several fake stores emerge. They are there for a couple of weeks, then disappear with your sensitive data and your money.

The Anti-Phishing Working Group reports that in the last quarter of 2014, there was an increase of 18 percent in the number of unique phishing reports compared to the previous quarter and that retail /service was the most targeted industry sector, with payment services close behind.

To confirm that you are on a real, legitimate site, look for the https protocol at the beginning of the URL and check that there is a padlock icon, indicating that the identity of the site is confirmed by a third-party security firm.

Click Here to Continue Reading This Article

When you are browsing a site look for https and the padlock icon to ensure its authenticity and that your information will be transmitted securely.

Avoid Ransomware Attacks Using These 5 Steps

by

Avoid Ransomware Attacks

Ransomware is malicious software used by cybercriminals all across the world to get hold of your computer and computer files for ransom, demanding payment from you to get them back in normal working condition. Although ransomware is not a common malware, over time it has proved to be a very effective one. Various new variants of ransomware are swarming in the digital market these days, all specifically designed to frighten the victim into paying a fee to get their computer back in a normal working state. Lately, many cybercrooks have started targeting it locally, making it even more dangerous than before.

However, you can save your system from giving in to the ransomware attack by employing these simple, yet effective steps-

Back up your valuable data

This one is an overall security tip on which you can fall back if your computer system is attacked by ransomware. Have a regularly updated backup of your valuable data so that even if you do become a victim of ransomware, you don’t have to lose all your vital data. In such a case, you can easily restore your system and refurbish all your important documents from backup. Having a regular backup regimen is really important for you, preferably on an external hard disk or any backup service.

Use a robust security suite

It’s always good to have a strong backing of a robust Internet security software program to help you pick out the identity thefts, suspicious activities, and unsolicited dangers. These days many new variants of viruses, malware, and ransomware have hit the digital world, escaping even from the strong detection systems. Hence, it becomes really essential to have an added layer of protection to help detect the ransomware or mitigate its effects after the attack. Install CryptoPrevent as well as a commercial-grade anti-virus like ESET Nod 32.

Patch/update your software

The ransomware authors and programmers heavily rely on the people who are running outdated software. This outdated software is vulnerable itself and it makes the whole computer system susceptible to any malicious attack, which can exploit other programs on your computer to silently get into your system. So, keeping all your software updated can decrease the potential threat of ransomware. For this purpose, you can turn the update notification system of your software program, which will timely alert you about the security updates and patches.

Disconnect from the Internet immediately

Getting a ransomware note from an unknown source can prove to be a real threat to your computer system. In such a case, don’t panic; rather disconnect your system from the Internet so that your personal information isn’t transmitted to cybercriminals and hijackers. The best action could be to simply shut down your computer system and re-install the software and data backup after turning it on. This way, you can not only start afresh but your computer system will be saved from literal damage by a malicious program.

In the end, all you have to do is to stay alert and use a robust security suite to prevent ransomware attacks. Though, following these steps will help you avoid your computer system from becoming a victim of ransomware.

Article Credit Tech Genie @ http://blog.techgenie.com/security-how-to/five-steps-to-avoid-ransomware-attack.html