Support our Sponsors


uClip Clipping Path Service



Main Menu
Home
News
Blog
Links
Search
Resources
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions
Login



Syndicate
feed-image Feed Entries

spamNEWS | botnet | phising | virus | spam | mallware
Broken Ransomware Permits to Retrieve Locked Data PDF Print E-mail
Written by Administrator   
Monday, 20 April 2015 09:00

ZDNet.com published news on 10th April, 2015 quoting experts as saying "a new thread of ransomware has been cracked permitting victims to avoid payment and get access to their bolted data."

The ransomware dubbed Scraper which is initially called 'Torlocker' was given the name as Trojan-Ransom.Win32.Scrape. The Scraper first appeared in an attack against Japanese users during last October.

The malware encrypts the office documents, audio and video files, archives, images, backup copies, databases, certificates, virtual machines encryption keys and other files on all hard and network drives. It also deletes all recovery points of the system. Later the Scraper appeared in English language demanding a ransom amount of ($300 or more payable in Bitcoin or UKash) to decrypt the encrypted documents or files.

The files of the user are encrypted with AES-256 with one-time key generated randomly; a separate encryption key is created for each file.

To boost the user to pay ransom amount to owners of Trojan, the Trojan threatens to remove the private key which is required to decrypt the files in case the user was not able to send money within a stipulated time.

According to security firm Kaspersky, the Scraper ransomware has a fault which means that in around 70% cases, decryption of files is possible.

Theregister.co.uk published news on 10th April, 2015 stating that Kaspersky Labs does not claim to know about the wrong process though other experts have their own theories but in any case, it is clear that mistakes have been made otherwise recovery would not have been possible.

Unfortunately, ransomware has become a renowned method to collect money from victims who unintentionally download the ransomware. The fear factor arises from ransomware frequently concealing as law implementing agencies and contending that the victim has been watching illegal content or similar and a set time can be frightening forcing a victim to pay ransom rather than lose his files.

A new variant of Cryptolocker ransomware targeted gamers in March. It is dubbed as TeslaCrypt and strain affects data files for games dispersed on hijacked websites and employs the Angler exploit kit to lock machines and demand ransom.

Read more... - Broken Ransomware Pe...
 
Enterprises in Australia Targeted Excessively For Ransomware Attacks - Symantec PDF Print E-mail
Written by Administrator   
Monday, 20 April 2015 09:00

Symantec reveals in its annual report that Australian business houses suffered excessively high rate of attacks from ransomware during 2014 in comparison to other nations.

20th annual Internet Security Threat Report (ISTR) of Symantec revealed that Australia was placed 7th for ransomware attacks in the world and ranked first in the APJ or (Asia Pacific and Japan) region. In general, ransomware attacks swelled 113% but the vendor thinks that this number would be "slightly higher" when talking of Australia.

Itwire.com published news on 14th April, 2015 quoting a statement of Nick Savvides, Symantec Security Specialist, as "It is disturbing to think about being 7th for ransomware globally. I believe it is fact that the criminals head in the direction of money and Australia being a fairly rich country, there are many opportunities for the criminals to extract money from this country."

Attacks in Australia were traced to China, India and the United States which is familiar to 2013.

The report highlights that Australia also had 21% of crypto-ransomware among all ransomware infections.

Moreover, Australia ranked second most targeted behind India when it came to social media scams in the Asia-Pacific region.

ZDNet.com published news on 14th April, 2015 quoting Savvides as saying "there was such widespread scamming in Australia because users click and share scams when the material was posted by a trusted person in a social media network."

Savvides said that a similar pattern is happening within enterprise also which is known as Supply chain attack. The growth of supply chain attacks during 2014 partly contributed to the 40% rise in global attacks on companies resulting in five out of six targeted companies.

He explained that attackers are looking for less-protected companies in their supply chain to compromise like supplies of software because many companies are starting to strengthen their security.

Symantec has requested consumers to take more care on social media by saying: "Don't click links enclosed in unsolicited email or social media messages especially from unknown sources. Scammers know people are more intended to click on links coming from their friends and hence, attackers compromise accounts to send malicious links to the contacts of the account owner."

Read more... - Enterprises in Austr...
 
Threat Actors Use New Tactics in Targeted Attacks - High-Tech Bridge PDF Print E-mail
Written by Administrator   
Monday, 20 April 2015 09:00

Securityweek.com reported on 14th March, 2015 stating that security firm High-Tech Bridge has discovered an exciting attack where miscreants used a novel way of distributing malware to a targeted person as believed by researchers.

The Security firm nicknames this technique as "drive-by-login" and it is analogous to drive-by downloads in which malware is distributed to Internauts when they visit the website of the attacker. But, in drive-by-login attacks, the miscreant sets up malicious code on a website which will be visited by the victim as per the attacker.

High-Tech Bridge says that it seized the new technique when their one customer contacted them after a very strange behavior of his website. One of his clients complained that the website of the store tried to infect his PC with a malware. However, daily malware and vulnerability scans did not reveal any threats since months and the shop was running the latest osCommerce Online Merchant v2.3.4 released in June 2014. High-Tech says that initially it thought this as a case of false-positive alert but it was not.

The security firm highlights that it discovered a very interesting file called 'ozcommerz_pwner.php.bak' in the root of the document.

High-Tech Bridge analyzed the attack and it found that attackers identified the person's preference for online shop and then they exploited a latest Flash zero-day vulnerability to compromise its storefront with their backdoor code. They waited after having done so.The security firm said that the email address and IP of the target are written into the code to provide as a trigger to distribute the malware.

Drive-by-logins could viably replace phishing as method of infection by attackers but it seems more likely to be used in Advanced Persistent Threat (APT) campaigns. SCMagazine.com published news on 7th April, 2015 quoting an explanation of Ilia Kolochenko, CEO of High-Tech Bridge, as saying "Even if high-profile targets employ their own security teams, they remain at the mercy of a website's security."

Consequently, he recommended website operators install automated vulnerability scans along with manual web application penetration testing. He advised that victims should remain aware and doubtful about trusted sites.

Read more... - Threat Actors Use Ne...
 
Computer Virus Paralyze Lincoln County Sheriff’s Office PDF Print E-mail
Written by Administrator   
Saturday, 18 April 2015 19:00


Wmtw.com reported on 10th April, 2015 stating that a computer virus recently compromised computer systems at the Sheriff's Office in Lincoln County (Maine, US) and the departments using the network.

Bangordailynews.com published news on 9th April, 2015 quoting Sheriff Todd Brackett as saying "The virus namely megacode seized data of the record management system captive until a ransom of three hundred euros in bitcoins is paid." Once the payment was made, the decryption code was released and record management system was activated.

Brackett said that an individual manually downloaded the virus by clicking on a link in a doubtful email.

He (Brackett) ruling out cyber attack noted that they weren't hacked because with this kind of virus, one has to unleash it manually.

He said that the unwanted virus was inactive on a system which was unused in one of the police departments of the area. He added that the tainted computer that had been out of use for over a year was put back into the network for use and the virus swelled to the central server.

The virus 'megacode' is a type of crypto-ransomware malware which encrypts system files until a ransom is paid.

This virus is known as ransomware which is being more frequently appearing resulting other law enforcement departments all over the country had to pay ransom money to get back files. The hackers mainly from Russia mostly demand the ransom amount in bitcoins which is an online currency having fluid value. The ransomware often warns that if the ransom amount is not paid within a stipulated time, then it will wipe the whole computer or system.

Sfgate.com published news on 11th April, 2015 quoting Brackett as saying "FBI helped to only track the payment made to Swiss bank account but could not identify the hackers."

Boothbayregister.com published a report on 10th April, 2015 quoting Brackett as saying "But there were more positives derived from the incident."

Now the department knows about such scams and how to deal with them and there will be further training to fight such scams.

Read more... - Computer Virus Paral...
 
Simda Botnet Successfully Busted In a Joint Operation PDF Print E-mail
Written by Administrator   
Saturday, 18 April 2015 19:00


Threatpost.com reported on 13th April, 2015 stating that the Simda botnet, which is known for distributing banking malware and dropping a backdoor on hundreds of thousands of machines across the world, was taken down on 9th April, 2015 by a joint effort of international law enforcement bodies and private security and technology companies.

The operation involved officers of National High Tech Crime Unit of Netherlands, FBI of US, Luxembourg's Police Grand-Ducale Section Nouvelles Technologies, Russia's Ministry of Interior Cybercrime Department "K". INTERPOL also collaborated with Kaspersky Lab, Microsoft, Trend Micro and Japan's Cyber Defense Institute for technical support.

The botnet is supposed to have infected more than 770,000 computers and it has been found in more than 190 countries across the world with US, Canada, Russia and United Kingdom as the worst affected countries.

Researchers of Kaspersky Lab say that fourteen command and control servers in five countries were seized making a malware family over which infected more than 90,000 computers since January 2015 alone.

Simda has been active since the end of 2012 and it distributed many types of malware including illicit software and financial Trojans. The guardians of Simda make frequent functionality updates and continue to increase its capabilities to avoid detection by researchers and security softwares because of which cybercriminals are attracted towards this option who buy only access to machines infected with Simda and then install more malicious code on the machines.

ZDNet.com published news on 13th April, 2015 quoting Sanjay Virmani, Director of IDCC (INTERPOL Digital Crime Centre), as saying "the success of the operation illustrates the value and necessity of collaborations between national and international law imposing bodies with private industry to deal with online crime."

Virmani said that this operation has created a substantial blow to Simda and INTERPOL would constantly work to help its member countries to protect their netizens from cybercriminals and to detect other evolving threats.

European law-enforcement agencies teamed up with private companies to shut down Simda botnet and another botnet, known as Beebone, which is a smaller and more mysterious network of compromised systems. In both the cases, Dutch National High Tech Crime Unit played a very important role.

Read more... - Simda Botnet Success...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1260
Polls
The Spamproblem is
 
Who's online
We have 18 guests online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us