Traditional Antivirus fails to protect 40 percent of users!

Conventional antivirus solutions are failing to protect users from attacks according to a  Malwarebytes report.

The study is based on real-world clean up scans performed by Malwarebytes. Nearly 40 percent (39.18percent) of all malware attacks cleaned on endpoints with an AV installed occurred on endpoints that had two or more traditional AV solutions registered.

In addition 39.16 percent of attacks on endpoints with a non-OS bundled AV installed occurred on an endpoint running one of the four leading traditional AV solutions.

"The results of these scans clearly indicate the ineffectiveness of today's traditional AV solutions and, more importantly, the unknown risks to users that depend only on these AV platforms to stay safe," says Marcin Kleczynski, CEO of Malwarebytes. "Antiquated AV technology is no longer enough to protect from sophisticated cyberthreats. It's crucial that consumers and businesses understand this now before they become a victim of the next attack."

The findings also show the top ransomware types detected on compromised machines are Hidden Tear (41.65 percent) and Cerber (18.26 percent). Botnets most often detected include IRCBot (61.56 percent) and Kelihos (26.95 percent). The most prevalent Trojan types bypassing traditional AV detections are Fileless (17.76 percent) and DNSChangermalware (17.51 percent).

Of ransomware attacks 48.59 percent of Hidden Tear and 26.78 percent of Cerber events were found on a compromised endpoint that had at least one of the four leading traditional AV brands installed.

To show how widespread the problem is, Malwarebytes has produced a real-time heatmap that shows each time Malwarebytes remediates instances of malware on endpoints that have a traditional AV registered. It also shows the numbers of attacks missed by leading antivirus programs.

Source: betanews.com

DDoS attacks so powerful entire countries can be cut from the internet

Liberia has become the latest victim of the Mirai botnet

There has been another worrying development when it comes to massive-scale DDoS attacks, with the latest victim being an entire country – Liberia over in Africa, to be precise.

And as you won’t be surprised to hear if you’ve been following these stories, this is another assault which leverages the Mirai botnet to fire tons of traffic at the victim – that’s been the source of all these big attacks since the first massive volley against security researcher Brian Krebs (which reached some 620Gbps).

As ZDNet spotted, apparently the Mirai botnet employed in the attacks against Liberia is known as Botnet #14, and security expert Kevin Beaumont observesthis is the largest such botnet – consistently capable of producing over 500Gbps – which appears to also be the source of the recent massive attack on Dyn.

The hit on Dyn, which is a DNS provider, caused a massive web outage a fortnight ago, knocking out all manner of sites including Twitter, Netflix and Spotify.

Liberia has apparently suffered at the hands of a number of DDoS attacks which are short by nature, but worrying because they’re pretty much taking the entire country offline.

Glaring weakness 

As Beaumont observes, that’s because Liberia relies on a single pipe for its internet access, and so has a single point of failure (and it’s not the only country like this). Websites hosted in Liberia were downed, and a journalist Beaumont spoke to said that internet connectivity was going offline at times matching the DDoS blasts.

Beaumont noted: “The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.”

The truth is that few people are on the internet in Liberia anyway – only around one in 20 of the population – but ZDNet also managed to get some confirmation from a person returning to the country, who said they experienced ‘minor interruptions’ to their internet usage on Wednesday evening.

But given the low-profile target country and the very short nature of the attacks, it seems that this is just the botnet’s owner(s) testing out firepower against a nation. It’s what might come next that’s worrying, of course, when the DDoS cannons are aimed and let loose with a sustained barrage.

As we saw with the Dyn affair, the sort of damage these large-scale attacks can now muster is quite frightening. And worse still, there’s the prospect of Mirai being cranked up in terms of its potential power as more easily compromised IoT devices (security cameras, DVRs, routers and so on) are hacked and join the massing botnet ranks.

The other major concern is the use of possible DDoS amplification techniques, such as the one we reported on last month, which could potentially be used to inflict assaults of 35Tbps or even more by seriously powering up these botnet-based attacks.

Source: http://www.techradar.com/

The Hallmark e-card virus - A Hoax?

Is The Hallmark e-card virus a Hoax?

There are various opinions on this subject, some caliming that it is a hoax, others that it is true. This blog only provides information from reputable sources. Below is an article on the subject from Web User, UK's best selling internet magazine.

Virus hidden in Hallmark e-card

"Surfers should beware of opening emails purporting to be from the popular card company Hallmark as they may carry a virus.

Security firm MessageLabs has intercepted emails from 25,000 IP addresses containing a new virus that arrives from the sender postcards@hallmark.com with the subject line, 'You've received a Hallmark E-Card!'

Along with the email there is an attachment entitled postcard.zip. If opened a Trojan virus will attach itself to the hosts computer and recruit it for a botnet, a web of infected computers.

According to MessageLabs the emails were sent in bursts with a surge of the malicious emails detected on 23 July.

This latest bout of malware is a variation of the Storm botnet which popularised postcard/e-card attacks last year. Web User reported on a similar scam just last month.

"As long as recipients continue to fall for these old tricks, malware authors and spammers will continue to use them," according to Matt Sergeant of MessageLabs."

The following is what Hallmark themselves have to say on the subject.

"How to retrieve legitimate Hallmark e-cards and identify fradulent e-mails

Consumer security and the integrity of our brand are of great importance to Hallmark. Occasionally, we are made aware of fraudulent e-mails and other deceptive practices, such as the postcard virus currently circulating, which we take very seriously. While Hallmark's legal team addresses these concerns, we want our consumers to be aware of how to spot a fraudulent e-mail, which may contain major greeting card company names such as Hallmark.

These fraudulent e-mails do not originate from Hallmark. The Hallmark name has been used by a third party. All legitimate Hallmark e-cards can be retrieved at www.hallmark.com/getecard with the code provided. A legitimate Hallmark e-card will include the name of the sender, a confirmation number and does not include an attachment to download.

Additional Information

Downloading attachments in these fradulent e-mails could download a virus onto a computer that compromises personal data. Here are steps consumers can take to reduce the chances of this happening:

Delete the e-mail without opening it.

If you have opened it and want to forward it to us, send it to abuse@hallmark.com. Due to the large amount of e-mail we receive at that address we will not be able to reply to your e-mail, but we will investigate. Then delete the e-mail from both your inbox and your sent folder. If you click on the link in the bogus e-mail, you will launch a Trojan virus. This virus installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command your machine for the purpose gathering your personal information. An example of this virus is the Zapchast virus.

If you use Windows XP and Internet Explorer you should visit update.microsoft.com to update your browser and operating system. Then you will be less likely to be affected by the virus.

Report suspicious e-mail to your e-mail service provider so they can take action.

File a complaint at http://www.ic3.gov/.

If you are unsure if you’ve received a legitimate Hallmark E-Card, don't click on a link in the e-mail. Instead locate the EG number in the e-mail and use our E-Card pickup.

What Hallmark is doing:

Contacting the Internet providers identified as the source of the spam requesting that they shut down the imposters.

Working with Microsoft to include the virus code in their phishing filter to protect consumers who use their web browser and e-mail client software.

Working with anti-virus software corporations to get the virus code added to virus definition updates.

Reviewing Hallmark's E-Card notification and pickup procedures.

Educating consumers about how to avoid E-Card abuse.

How to tell if a Hallmark E-Card notification is real:

Hallmark e-card e-mails do not include any attachments. To be safe if you receive an e-card notification with an attachement delete it immediately, then empty your "trash" or "deleted e-mails" from your email client.

The sender's first name and last name will appear in the subject line. If you do not recognize the name of the person sending the E-Card, do not click on any links in the e-mail. Delete the e-mail.

The notification will include a link to the E-Card on Hallmark.com as well as a URL that can be pasted into a browser.

The URL will begin with http://hallmark.com/ followed by characters that identify the individual E-Card. Hover your mouse over the words "click here" in your e-mail. If you do not see the URL above, it is not a legitimate Hallmark E-Card.

Hallmark E-Cards are not downloaded and they are not .exe files.

In addition, Hallmark.com will never require an E-Card recipient to enter a user name or password nor any other personal information to retrieve an E-Card.

If you are unsure if you’ve received a legitimate Hallmark E-Card, don't click on a link in the e-mail. Instead locate the EG number in the e-mail. Then go to hallmark.com, click on the "Cards & E-Cards tab," and then on "Pick Up an E-Card" link from the dropdown menu and enter the EG number to retrieve your card.

E-mail Safety Tips:

Don’t open e-mails you know are spam. A code embedded in spam advertises that you opened the e-mail and confirms your address is valid, which in turn can generate more spam.

Don't open e-mails from unknown senders.

Don’t open attachments in e-mails unless you are expecting to receive one. If you receive an attachment that you are not expecting, even if it’s from someone you know, first read the e-mail and make sure the attachment is legitimate. If you’re still not sure, call or e-mail the sender to confirm, but do not reply to the original e-mail.

Don't click on links in e-mails that appear to be from financial companies (PayPal, banks, credit card companies, etc.) that direct you to verify or confirm account details. Instead, call the company if you are concerned about your account."