Securitate IT - protectie impotriva ransomware si al virusilor informatici

The ST.exe Miner, otherwise known as No File, is a Trojan that utilizes a victim's CPU processing power to mine digital CryptoCurrency. When installed, this Trojan will create an autorun that launches an executable called ST.exe. ST.exe will attempt to mine coins for the malware developer by using all of the resources of your computer's processor. This article was published first at Remove the ST.exe & No File CPU Miner

A new scam web site is one that states "Your Device Is Showing Suspicious Surfing Behaviour" and then starts using your browser & CPU to mine Monero until you enter a captcha code. This is obviously done to take CPU cycles from your computer without your permission to generate revenue from mining. This article was published first at Remove the Your Device Is Showing Suspicious Surfing Behaviour Page

The Scarab ransomware was discovered in June 2017. Since then, several variants have been created and discovered in the wild. The most popular or widespread versions were distributed via the Necurs botnet and initially written in Visual C compiled. However, after unpacking, we’ve found that another variant discovered in December 2017, called Scarabey, is distributed a little differently, with a different payload code as well. Scarabey, like most ransomware, is designed to demand a Bitcoin payment from its victims after encrypting files on their systems. However, instead of being distributed via Necurs malspam like the original Scarab, Scarabey was found targeting Russian users and being distributed via RDP/manual dropping on servers and systems. In addition, Scarabey seems to not be packed in any samples we have come across. The malicious code is written in Delphi without the C++ packaging that Scarab has and the content and language of the ransom notes are different for each. SAMPL

BrowserWatch by be-watches.com is a unwanted Chrome extension that has a description of "Functional extension "BrowserWatch". When installed, it will create a small icon in the Chrome toolbar that when clicked on opens small box with the time. This article was published first at Remove the BrowserWatch Chrome Extension

Bug Watch is a Firefox addon that will display advertisements in search result pages and web sites that you visit. When installed, Bug Watch will download a javascript script and inject it into web sites that you visit so that they are monetized by injecting ads and hijacking link clicks. This article was published first at Remove the Bug Fix Firefox Addon

The customer Headquartered in Peoria, Illinois, Advanced Technology Services (ATS) has been providing IT and managed services for some of the largest brands in the U.S., Mexico, and United Kingdom since 1985. In addition to global enterprises, ATS also services a good many small businesses. This calls for adaptability in their offerings.

A Trojan.BitCoinMiner is a computer infection that silently runs on your computer while using your CPU or GPU resources to mine for digital currencies. As the value of cryptocurrencies, such as Bitcoin, rise, more and more criminals want to use your computer's resources to mine for them and generate revenue. This article was published first at How to remove a Trojan.BitCoinMiner Miner Infection

In 2017 Google removed apps that violated the Google Play policies because they were malicious, purposely copied a more popular app or served up inappropriate content.

FF Search Informer is a Firefox addon that will display advertisements in search result pages and web sites that you visit. When installed, FF Search Informer will download a javascript script and inject it into web sites that you visit so that they are monetized by injecting ads and hijacking link clicks. This article was published first at Remove the FF Search Informer Adware Firefox Addon

Image Previewer is a Firefox addon that will display advertisements in search result pages and web sites that you visit. When installed, Image Previewer injects a javascript script into web sites that you visit that monetize the pages by injecting ads and hijacking link clicks. This article was published first at Remove the Image Previewer Miner & Adware Firefox Addon

Researchers have discovered critical vulnerabilities in Zoho’s ManageEnging suite that can lead to data loss and possible remote code execution.

This post was authored by Vasilios Hioueras and Jérôme Segura Late last week saw the appearance of a new ransomware called GandCrab. Surprisingly, it is distributed via two exploit kits: RIG EK and GrandSoft EK. Why is this surprising? Other than Magnitude EK, which is known to consistently push the Magniber ransomware , other exploit kits have this year mostly dropped other payloads, such as Ramnit or SmokeLoader, typically followed by RATs and coin miners. Despite a bit of a slowdown in ransomware growth towards the last quarter of 2017, it remains a tried and tested business that guarantees threat actors a substantial source of revenue. Distribution GandCrab was first spotted on Jan 26 and later identified in exploit kit campaigns. RIG exploit kit The well-documented Seamless gate appears to have diversified itself as of late with distinct threads pushing a specific payload. While Seamless is notorious for having switched to International Domain Names (IDNs) containing char

Cyberattacks are continuing to increase in number and severity every year, and 2018 will be no exception. We believe that many of the threats we observed in 2017 will, unfortunately, appear in evolved forms this year to continue threatening our businesses, personal data, and privacy via attacks on our PCs, smartphones and IoT devices. After all, as trends in politics, society, and technology evolve, so does cybercrime.

To gain the trust of users, many websites and companies feature the logos of reputable firms who endorse their products. Unfortunately, some unseemly companies do the same, using logos of companies who have not, in fact, endorsed their product in order to trick people into thinking that what they are about to install is legitimate. Potentially Unwanted Programs (PUPs) are masters in this trade of building false trust. The most popular logos to used by criminals achieve this false trustworthiness are: McAfee SECURE Norton Secured Seal Microsoft Partner Network/Microsoft Technologies Below is an example of a website that has all three of them, so it must be the safest site imaginable. (Wrong.) In fact, it is a fake online scanner that will try to scare you into thinking that your computer is infected with some nasty viruses and that their solution can take care of it. Actually, they will try to sell you a PUP like Master PC Cleaner that will inform you about even more proble

Cisco Systems released a patch Monday to fix a critical security vulnerability, with a CVSS rating of 10, in its Secure Sockets Layer VPN solution called Adaptive Security Appliance.

ATM maker NCR Corp. is warning that cyber criminals are hacking U.S. cash machines with malware that can drain machines dry of cash.

The Intelmain.exe Miner is a Trojan that utilizes a victim's CPU processing power to mine digital CryptoCurrency. When installed, this Trojan will create an autorun called Intel(R) Management service ultimately launches a miner called Intelmain.exe. Intelmain.exe will attempt to mine coins for the malware developer by using all of the resources of your computer's processor. This article was published first at Remove the Intelmain & Intelservice.exe CPU Miner

FF AntiVir Monitoring is a Firefox addon that will display advertisements in search result pages and web sites that you visit. When installed, FF AntiVir Monitoring will download a list of sites that it should monetize in some manner. It then injects a javascript script into sites that you visit so that it displays advertisements, appends affiliate tags to links, or performs some other type of monetization. This article was published first at Remove the FF AntiVir Monitoring Firefox Addon

11 Pumpkin Flavored Foods by waaf.me is a unwanted Chrome extension that has a description of "Give into the deliciousness of autumn ubiquitous flavor with pumpkin recipes that cover every meal of the day". When installed, it will create a small icon in the Chrome toolbar that when clicked on, will open the web page http://ift.tt/2BEoaXS. This article was published first at Remove the 11 Pumpkin Flavored Foods Chrome Extension

Last week on Labs, we analyzed a rogue app outbreak on Twitter , took a look at how Singapore’s government is faring with network defense , and rolled out our 2017 State of Malware report.  We also became  visionaries  in Gartner’s Magic Quadrant report and explored a VR data mishap . Other news Man jailed for mass email compromise . (source: Justice.gov) You have 10 days to save your company . The clock is ticking. (source: The Register) Ransomware that rewards payments with… more malware . (source: ZDNet) Human trafficking victims forced to take part in web scams. (Help Net Security) Mobile point of sale gets a PCI security standard  [PDF]. (source: pcisecuritystandards(dot)org) Coinhive mining in Youtube adverts . (source: The Register) Spyware is up and ransomware is down (courtesy of Labs’ State of Malware report). (source: SC Magazine) New research released on Bitcoins and anonymity. [PDF] (source: arxiv(dot)org) Two factor authentication on Reddit? Yes please . (so

FF uBlocker is a Firefox addon that will display advertisements in search result pages and web sites that you visit. When installed, FF uBlocker will connect to a remote site and download a javascript file. This file contains a list of sites and how advertisements should be injected into them. This article was published first at Remove the FF uBlocker Firefox Addon

“Close. Close. Close. Close ,” my mother mumbles as she aggressively clicks her mouse over and over. “What’s wrong, Ma?” I’m home for the holidays, and cozy, cold evenings are often spent in front of the fireplace. This night, however, my mom is stuck at her computer. “This stupid thing won’t stop showing me ads.” “Looks like a job for Malwarebytes!” I joke, but come over to examine. Her screen is loaded with advertisements. Upon closing one, another pops up. So many pop-ups, so little time. Looks like mom’s got adware. What is adware? Adware is short for advertising-supported software. It’s well-known for being a major Mac nuisance and has made itself ubiquitous on Android OSes, finding its way into the Google Play Store as Trojanized apps. But adware is a PC problem, too. It delivers ads and other browser-cluttering junk most often in the form of pop-ups, tabs, and toolbars. Beyond simply bombarding you with ads, adware can hijack your browser, redirecting you to sites yo

S-N-A is a Chrome & Firefox extension that creates a little in-browser Snake game when you click on the icon. While this extension does not currently have any malicious behavior in it, it is promoted through deceptive methods. This article was published first at Remove the S-N-A Chrome & Firefox Extension

FF Protect Tool is a Firefox addon that will display advertisements in search result pages and web sites that you visit. When installed, FF Protect Tool will download a list of sites that it should monetize in some manner. It then injects a javascript script into sites that you visit so that it displays advertisements, appends affiliate tags to links, or performs some other type of monetization. This article was published first at Remove the FF Protect Tool Firefox Addon

If your computer is connecting to the cdnpps.us and being shown native advertisements for that contain not-safe-for-work pictures and animated pictures then you may be infected with adware. Some adware program will connected to http://cdnpps.us and retrieve native advertisements that are then injected into web sites that you are visiting. This article was published first at How to remove Cdnpps.us Ads

If your computer is connecting to pages that display a button that state "Click to Continue", then you are either infected with adware or another web site is display that page as a popup. If you click on this Click to Continue button, you will be shown pages that contains for programs such as browser extensions, fake flash and java updates, or parked domain pages filled with advertisements. This article was published first at Remove the Click to Continue Page

Advanced PC Mechanic is a potentially unwanted system optimization program whose website makes the bizarre claim that "It improves the performance of your system to an unexceptional level". Personally, I would prefer a program that improves the PC's performance to an exceptional level. This article was published first at Remove the Advanced PC Mechanic System Optimizer PUP

Update Monday, January 29, 2018 4:00 PM CET: Arenavision reached out to Avast on Twitter, claiming their site was hacked on January 16, 2018. Avast reexamined the JQuery file and can confirm the site is now clean and does not contain any mining algorithms. The below post has been updated to reflect this.

A popular site used to stream sporting events such as soccer, basketball, and tennis is mining the Monero cryptocurrency using CoinHive, without site visitors’ permission. The site, arenavision[dot]in, is mostly visited by Spanish users, followed by Portuguese, and Mexican users, according to Alexa.

Tubemate for Chrome is a Chrome extension that has a description of "Tubemate - download for free directly. Enjoy the best videos saver from Youtube, Vimeo and other websites". In reality, when you click on the icon it just displays a link that opens advertisements. These advertisements are for unwanted extensions, fake software updates, and parked domain pages. This article was published first at Remove the Tubemate for Chrome Extension

Firefox Antivirus is a Firefox extension/addon that injects javascript into sites that you are visiting. These scripts will cause various pages to become monetized with advertisements or to open popups when you click on links. These popped up pages will typically contain advertisements for unwanted extensions, fake adobe flash updates, or tech support scams. This article was published first at Remove the Firefox Antivirus Firefox Addon

The "Update for Firefox 57.0" page is a scam page that pretends to be a required manual update for Firefox. In reality, though, this update is an unwanted Firefox addon or extension that displays advertisements and other unwanted behavior. If you see a page that is not part of the mozilla.org domain offering a update for Firefox, you should definitely not install anything it promotes as it is most likely an unwanted program. This article was published first at Remove the Update for Firefox 57.0 Scam Alert Page

Keep Safe is a Chrome extension that has a description of "This extension replaces your default search. It enables you to keep your searches safe from tracking. Introducing Keep Safe". When installed, Keep Safe will cause any searches you make from the Chrome address bar to go through search.playzonenow.com and eventually redirect to Yahoo.com, which will show the search results. This article was published first at Remove the Keep Safe Chrome Extension

If searches from a browser's address bar and possibly search engines are being redirected through the site Search.playzonenow.com, then you most likely have a browser extension or addon installed that is causing these redirects. Some extension will cause all of the searches from your browser's address bar to redirect through http://ift.tt/2Gow4rR, which currently redirects to Yahoo.com. This article was published first at Remove the Search.playzonenow.com Search Redirect

FF Protect AntiVir is a Firefox extension/addon that injects javascript into sites that you are visiting. When installed, FF Protect AntiVir will download a list of sites that it should monetize in some manner. It then injects a javascript script into sites that you visit so that it may display ads, inject affiliate links, or other types of monetization. This article was published first at Remove the FF Protect AntiVir Firefox Addon

Tubemate for Chrome is a Chrome extension that has a description of "Tubemate - download for free directly. Enjoy the best videos saver from Youtube, Vimeo and other websites". In reality, when you click on the icon it just displays a link that opens advertisements. These advertisements are for unwanted extensions, fake software updates, and parked domain pages. This article was published first at Remove the Tubemate for Chrome Extension

Firefox Antivirus is a Firefox extension/addon that injects javascript into sites that you are visiting. These scripts will cause various pages to become monetized with advertisements or to open popups when you click on links. These popped up pages will typically contain advertisements for unwanted extensions, fake adobe flash updates, or tech support scams. This article was published first at Remove the Firefox Antivirus Firefox Addon

The "Update for Firefox 57.0" page is a scam page that pretends to be a required manual update for Firefox. In reality, though, this update is an unwanted Firefox addon or extension that displays advertisements and other unwanted behavior. If you see a page that is not part of the mozilla.org domain offering a update for Firefox, you should definitely not install anything it promotes as it is most likely an unwanted program. This article was published first at Remove the Update for Firefox 57.0 Scam Alert Page

Keep Safe is a Chrome extension that has a description of "This extension replaces your default search. It enables you to keep your searches safe from tracking. Introducing Keep Safe". When installed, Keep Safe will cause any searches you make from the Chrome address bar to go through search.playzonenow.com and eventually redirect to Yahoo.com, which will show the search results. This article was published first at Remove the Keep Safe Chrome Extension

If searches from a browser's address bar and possibly search engines are being redirected through the site Search.playzonenow.com, then you most likely have a browser extension or addon installed that is causing these redirects. Some extension will cause all of the searches from your browser's address bar to redirect through http://ift.tt/2Gow4rR, which currently redirects to Yahoo.com. This article was published first at Remove the Search.playzonenow.com Search Redirect

Earlier this morning, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash. We have triaged this issue and pushed a protection update that resolves it: Disable Web Protection Update to 3803 Reboot The root cause of the issue was a malformed protection update that the client couldn’t process correctly. We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines. To say we are heartbroken is an understatement. We are working hard to not only triage your issues and get your computer or business back up and running but to also rebuild your trust. If the above doesn’t resolve the issue, please reach out to support at  corporate-support@malwarebytes.com   The post IMPORTANT: Web Blocking / RAM Usage appeared

Lenovo said nearly a dozen ThinkPad and ThinkCentre laptops contain a hardcoded password flaw.

I’ve been giving talks on the possible problems raised by virtual/augmented/mixed reality for a while now, and sure enough, we have what may be one of the first potentially major security issues thrown up by an in-the-wild application. Until a recent fix was applied, users of the pornography app SinVR could have found their subscriber information up for grabs. Researchers over at Digital Interruption discovered names, email addresses, and device names for anyone with an account alongside those paying for content using PayPal. This information would be great for social engineering, fake SinVR emails, or just plain old blackmail/embarrassment antics should any attacker be so inclined. They figured this out because while reversing the app, they realised they could make unauthenticated calls to endpoints, thanks to a function which looked as though it allowed SinVR to download a list of all users. Though they would have had to modify the binary to do this via the app, their web API mea