Securitate IT - protectie impotriva ransomware si al virusilor informatici

If your computer is connecting to the gameorplay.info and being shown native advertisements for that contain not-safe-for-work pictures and animated pictures then you may be infected with adware. Some adware program will connected to http://http://gameorplay.info and retrieve native advertisements that are then injected into web sites that you are visiting. This article was published first at How to Remove Gameorplay.info Ads

Over the past few days researchers say DDoS attacks have been using memcached servers to amplify DDoS attacks using UDP-based packets.

For a couple of weeks, we have been observing a malvertising campaign that uses decoy websites to redirect users to the RIG exploit kit. Those sites, whose theme is about cryptocurrencies, were all registered recently and are swapped after a few days of use. The initial redirection starts off from a malvertising redirect, which loads the decoy page containing a third-party JavaScript. The JavaScript appears to be conditionally loaded based on the visitor’s user agent and geolocation. That JavaScript contains many different ways to fingerprint users and determine whether they are legitimate or not by validating some checks: getHasLiedLanguages getHasLiedResolution getHasLiedOS getHasLiedBrowser The results are then sent back to the server with the following code snippet: //botDetect.onUser(function () { var fp = new Fingerprint2(); fp.get(function(result, components) { var head = document.head || document.getElementsByTagName('head')[0]; var script = document.creat...

In part one of this series, Encryption 101: a malware analyst’s primer , we introduced some of the basic encryption concepts used in malware. If you haven’t read it, we suggest going back for a review, as it’s necessary in order to be able to fully follow part two, our case study. In this study, we will be reviewing the encryption of the ransomware ShiOne line by line. The main focus of this case study will be to fully understand an example of the encryption process that ransomware can use. We are using ShiOne as the practical portion of the lesson not because it is particularly unique or uses any novel techniques, but just the opposite: It’s relatively straight-forward and is written in C#, which will make it much easier to show key components. Encryption method In the previous article, we spoke of a couple different encryption methods ransomware can use. They include the following: The encryption keys are generated locally on the victim computer and sent up to the C2 server....

Intel has issued stable microcode to help protect its Broadwell and Haswell chips from the Spectre Variant 2 security exploits.

If searches from a browser's address bar and possibly search engines are being redirected through the site my-search.com, then you most likely have a browser extension or addon installed that is causing these redirects. Some extension will cause all of the searches from your browser's address bar to redirect through http://my-search.com/, which then redirects to Yahoo.com. This article was published first at Remove the My-search.com Search Redirect

Morphisec said that it has detected several malicious word documents – part of a “massive” malspam campaign – that takes advantage of a critical Adobe Flash Player vulnerability discovered earlier this month.

If searches from a browser's address bar and possibly search engines are being redirected through the site go2searching.com, then you most likely have a browser extension or addon installed that is causing these redirects. Some extension will cause all of the searches from your browser's address bar to redirect through http://ift.tt/2CNh1ES, which currently redirects to another site, which then redirects to Yahoo.com. This article was published first at Remove the Go2searching.com Search Redirect

Researchers have found sneaky encoded malware targeting WordPress and Joomla sites that pretends to be ionCube files.

A little while ago, I was invited to take part in Jenny Radcliffe’s Human Factor Podcast . With 44 episodes strong (and counting!), Jenny spends an hour or so talking at length with her guests who are professional investigators , security advocates , all-round educators , tireless consultant/conference organisers , and many more besides. In Episode 41 , you’ll hear me talk about: [00:01:00]: How I originally became interested in computers as a child [00:04:00]: Some of my non-infosec work [00:07:55]: Why my original career plans fell through [00:13:00]: A slight—okay, more than slight—detour into mainland China [00:30:00]: Some of the earliest security research I took part in and old school adware vendor wars [00:34:54]: Why companies need to invest in writers, public facing research, and active conference participation [00:37:00]:  The rise of DIY scams, games company compromises, privacy policies, and the possible perils of virtual/augmented reality [00:44:15]: Tr...

Noticing that your computer is running slow? While sometimes a telltale sign of infection, these days that seems doubly true. And the reason is: malicious cryptomining. So, what, exactly, is it? We’ll tell you how bad this latest malware phenomenon is for you and your computer, plus what you can do about it. Definition Malicious cryptomining, also sometimes called drive-by mining, is when someone else is using your computer to mine cryptocurrency like Bitcoin or Monero. But instead of cashing in on your own computer’s horsepower, the collected coins go into the other person’s account and not yours. So, essentially, they are stealing your resources to make money. Cryptomining can sometimes happen with consent, but unfortunately these occasions are rare. Salon.com gave its site visitors the choice to view ads or let them mine your computer   How bad is it? If the duration of the cryptomining is not too prolonged and you are aware of what is going on, then it’s not that big a d...

A remote code execution security flaw has been patched in one of the latest versions of Adobe Acrobat Reader DC.

In the wake of claims an Israeli company Cellebrite has developed an unlocking tool for any iPhone, Apple is urging customers to upgrade to the latest version of iOS 11.

Today, at Mobile World Congress in Barcelona, Avast announces a strategic partnership with Vodafone Czech Republic, one of the world’s top mobile carriers. Vodafone Security and Vodafone Family Security are two new apps that will protect Vodafone users with mobile security powered by Avast starting in Spring 2018.

At this week’s Mobile World Congress in Barcelona, we will be showcasing our mobile security because, as our recent survey proves, the world needs it now more than ever. New levels of cybercrime sophistication are making it almost impossible to identify scams.

The Updatechecker.exe Trojan is a package of malware programs that include the Taskhostw.exe miner and an adware component that displays advertisements every 60 minutes. When installed, Updatechecker.exe will be configured to start automatically when a victim logs into Windows by an autorun named "WindowsUpdateChecker". This article was published first at Remove the Updatechecker.exe Adware & Miner Trojan

AudioVisualizer is a Google Chrome extension that has a description of "Audio Visualizer, works on any website. Press icon or 'Ctrl+Q' to start/stop. ? +(·?·+)". While it was not readily apparent as to what this extension does, it was noticeable that it hijacked all searches done on Google, Bing, and other search engines and redirected them to Yahoo. This article was published first at Remove the AudioVisualizer Search Hijacker Chrome Extension

Troy Hunt has expanded his Pwned Passwords tool with 80 million more passwords, to help users find if their passwords have been compromised.

Last week on Malwarebytes Labs, we gave readers a primer on encryption , took a stab at that Deepfakes tool  Internet users seem to be interested in, and started a new series that talks about GDPR . We also looked at a drive-by download campaign that starts in booby-trapped Chinese websites that drop malware via different exploits. This malware is a DDoS bot called Avzhan, which we then studied in detail . Other news Hackers targeted Russian and Indian banks by attempting to abuse the SWIFT global banking network . (Source: Security Week) Are you an independent writer who sells books via Amazon’s Createspace? You may want to check if someone is impersonating you for fraud. (Source: KrebsOnSecurity) Akamai spotted an  uptick in credential abuse in the last quarter of 2017. (Source: Computer Weekly) Let’s read about that new Google Chrome “adblocker” that is actually not an adblocker at all. (Source: Sophos’ Naked Security Blog) Should “security” and “social” ...

While cryptocurrencies have been around for a long time and used for legitimate purposes, online criminals have certainly tarnished their reputation. Unfortunately, the same benefits offered by these decentralized and somewhat anonymous digital currencies were quickly abused to extort money, as was the case during the various ransomware outbreaks we’ve witnessed in the last few years. As the value of cryptocurrencies—driven by the phenomenal rise of Bitcoin—has increased significantly, a new kind of threat has become mainstream, and some might say has even surpassed all other cybercrime. Indeed, cryptocurrency mining is such a lucrative business that malware creators and distributors the world over are drawn to it like moths to a flame. The emergence of a multitude of new cryptocurrencies that can be mined by average computers has also contributed to the widespread abuse we are witnessing. Malwarebytes has been blocking coin miners with its multiple protection modules, including our ...

This morning at Mobile World Congress Barcelona, we announced the latest in protection from Avast — Avast Smart Life , a new Internet of Things (IoT) security services platform. Our strategy is to leverage our large, intelligent network to continue expanding the ways we protect you from today’s latest threats, no matter where you are in the mobile connected world we live in. Whether at home, the office or on-the-go, Avast Smart Life uses artificial intelligence (AI) and machine learning technology to identify and block threats so that consumers and small businesses can keep their IoT devices, networks and sensitive data secure.

Google Project Zero researchers are warning of two critical remote code vulnerabilities in popular versions of uTorrent's web-based BitTorrent client and its uTorrent Classic desktop client.

Intel has issued a firmware fix to help its Kaby Lake, Coffee Lake and Skylake processors address the Spectre security flaw.

A new business email compromise campaign targets financial transactions tied to Fortune 500 firms.

Drupal has patched several vulnerabilities – both moderately critical and critical – in two versions of its content management system platform.

The Avzhan DDoS bot has been known since 2010, but recently we saw it in wild again, being dropped by a Chinese drive-by attack . In this post, we’ll take a deep dive into its functionality and compare the sample we captured with the one described in the past . Analyzed sample 05749f08ebd9762511c6da92481e87d8  – The main sample, dropped by the exploit kit 5e2d07cbd3ef3d5f32027b4501fb3fe6 – Unpacked (Server.dll) 05dfe8215c1b33f031bb168f8a90d08e – The version from 2010 (reference sample) Behavioral analysis Installation After being deployed, the malware copies itself under a random name into a system folder, and then deletes the original sample: Its way to achieve persistence is by registering itself as a Windows Service. Of course, this operation requires administrator rights, which means for successful installation, the sample must run elevated. There are no UAC bypass capabilities inside the bot, so it can only rely on some external droppers, using exploits or ...