Saturday, 14 September 2013

61% Of Malware Attack Victims Lose Some Data Forever


Most IT users know that malware is dangerous but few are fully aware of the havoc it can wreak. A new survey from B2B International and Kaspersky Lab reveals the true scale of the malware problem: just 39% of victims manage to fully restore the data lost as a result of a breach.


As Kaspersky Lab points out, a quarter of malware attacks succeed in stealing or corrupting confidential information. In the case of 17% of victims all data is lost forever, while 44% manage a partial retrieval. This is cause for concern, considering the importance we attach to our data, Kaspersky Lab said. Among the survey respondents, 56% declared that they deemed their information more valuable than the machine storing it. The poll also showed that 10% of affected users have resorted to the services of outside experts in the effort to restore their lost data.

But a data recovery specialist may not always achieve complete success and sometimes nothing can be done. Even an expert will be helpless if the attackers have used a file encryptor. This malicious program encrypts the files on the user's computers and requires a unique key for decryption. This is the type of program known as ransomware because the attackers typically demand payment in return for the decryption key.


Computers and mobile devices have become an integral part of daily life so it would be virtually impossible not to store confidential information on digital devices. However, users can minimise the risk of data loss through regular back-ups and reliable anti-malware protection, Kaspersky Lab said.



Sunday, 21 April 2013

'BadNews' Android malware in approved apps may have been downloaded 9 million times!


A new breed malware has been discovered within at least 32 Android apps, which may have been downloaded up to nine million times!
The so-called 'BadNews' malware was outed by security firm Lookout Mobile Security in a blog post on Friday and the affected apps have now been removed by Google.
All of the apps found to contain the malicious code had been approved by Google, but it appears that the harmful elements had been added after the fact, disguised as updates.
Apps containing the BadNews code have been reporting back to a server and revealing sensitive information like the phone number and handset serial number.

'Bad guys are smart'

The affected apps include English and Russian-language games, dictionaries, wallpapers and were able to make it past the Google Bouncer software that scans the Play store for harmful apps.
Marc Rogers, principal security researcher for Lookout, told Ars Technica: "You can't even say Google was at fault in this because Google very clearly scrutinized all these apps when they want in.
"But these guys were cunning enough to sit there for a couple of months doing absolutely nothing and then they pushed out the malware.
"This is a wakeup call for us in the industry to say: 'Bad guys are smart as well and they'll take a look at the security models we put in place and they'll find weaknesses in them. That's exactly what they've done here."


Saturday, 16 February 2013

Facebook site infiltrated!


The Facebook security teams has confirmed that the social networking site was targeted in a "sophisticated attack" last month.

The digital intrusion apparently occurred when a small number of Facebook personnel visited a compromised mobile developer website.

"The site hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines," a Facebook rep explained.

"After analyzing the compromised website where the attack originated, we found it was using a 'zero-day' (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability."

Interestingly, Facebook says it wasn't not alone in the above-mentioned attack, as other sites were infiltrated as well.

However, the rep was also quick to point out that the social networking site had found "no evidence" of compromised user data.

"As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future," the rep added.


Source: www.tgdaily.com/


Saturday, 17 November 2012

Ransomware - A Major Threat To Internet Security

Ransomware is emerging as a major cybercrime strategy, threatening to oust fake anti-virus software as the most popular cyber-attack next year, new research by IT security firm Symantec shows.

A total of 2.8% of victims of ransomware pay a "ransom" of up to £280 to regain access to their computers which have been blocked by cryptoviruses. Victims are tricked into making the payments after receiving fake messages that look like they have been issued by police authorities. Such messages often tell users they must pay a penalty for browsing illegal content.



Cybercriminals pocket £3 million annually from blackmailing users to pay to free their PCs from the malicious software, with one criminal group having tried to plague 495,000 computers in just 18 days, Symantec said, as quoted by IT Pro.

The first cases of ransomware were found in 2009 and were mainly limited to Eastern Europe and Russia.

However, this type of cybercrime is spreading to Western Europe, the USA and Canada, Symantec said. Criminal gangs have been traced back to a single unidentified person who apparently creates ransomware on request.

As consumer demand shifts to mobile devices and the cloud, cyber-attacks will increasingly focus on Secure Sockets Layer (SSL) certificates used by mobile apps, Symantec believes. Meanwhile, according to an earlier report by IT Pro, security experts have identified a new malware strand that steals image files from PCs and dispatches them to a remote server.

Wednesday, 2 May 2012

Have You Been Called From 002538020308?

Many people report having been called from the international number 002538020308.


The scenario is like this: 


Always an english speaking foreigner (Indian sounding). Different name used on each call - Jess, Smith, Stephen, Wayne, & others.


Different Company names have included: Windows security center, Creative Solutions, MPC Help, Windows Service Center, Windows Security Maintenance, 24/7 PC Help, etc.


Sometimes they say they are calling "on behalf of Microsoft", or offer to do a free PC health check, or even directly tell you that your system has been compromised and it has got viruses.


Is this a SCAM?


The New Zealand Internal Affairs Anti-Spam Compliance unit is reiterating it’s warning about a cold caller who offers to fix a problem with home computers. It has received several calls and emails from people who have received similar calls.

Senior investigator Toni Demetriou says a Dunedin computer company had received an infected PC for repairs from a customer who had been taken in by the scamster and police were investigating.

“We now believe the calls are being made from overseas, not from New Zealand as originally suspected, and quite a lot of people are receiving them,” Mr Demetriou said.  “The caller can be quite convincing. On one occasion he handed the conversation across to a ‘supervisor’ in an attempt to make the call sound more professional and convincing. 

“He also gives various explanations for the calls such as phoning from a reputable and well-known international company, maybe a security and anti-virus vendor, suggesting the PC has been infected by a virus and needs repairs.

“The sole purpose of the call is to convince someone to login to a website.  They are given a website name and once they are at the website home page they are then given a six digit code to log into that website.

“Essentially what then happens is that the person is handing over control of their computer to the person they are talking with.   If you follow the instructions you will be allowing and authorising remote access to your computer.  Just about anything could then happen.

Viruses, malware, key logging software could be installed onto the computer.  Any information on the PC could be taken and any sensitive usernames or login credentials and passwords may also be logged and obtained as you continue to use your computer in the future.  If you log into your bank the information could be captured and your account compromised.  The computer may also become part of a botnet and used for spamming activities.”

Mr Demetriou said unauthorised access to a computer system is an offence under the Crimes Act.  Similarly, if the computer is infected through that unauthorised access and used for spamming activities, the Department of Internal Affairs, which enforces the Unsolicited Electronic Messages Act, would investigate.    

If anyone believes their PC has been infected and compromised the Department recommends that it is inspected and repaired by a computer servicing company. 

Wednesday, 16 November 2011

Facebook Blames ‘Coordinated Spam Attack’ for Surge in Porn Imagery

Facebook said today that a “coordinated spam attack” was to blame for the posting of pornographic and violent images on the news feeds of unsuspecting Facebook users.

The issue, which first started appearing on Facebook pages a couple days ago according to ZDNet, has generated a growing wave of revulsion online as some users took to Twitter to complain of graphic and lurid imagery that goes far beyond ordinary porn.

“I noticed Facebook porn in my friend feed. New feature? No. A Facebook ‘virus’ shows hardcore porn and violent,” tweeted Christopher Justice, a CEO of an Austin-based online design firm.  Justice later told Digits that he has asked employees at his firm, who use Facebook “like a telephone,” to proceed with caution.

In a statement this afternoon Facebook said that some Facebook users were tricked into pasting and executing “malicious javascript” in their browser URL bar, causing them to share offensive content without knowing it.  Facebook said that it is working on addressing browser vulnerability exposed by the bad code and that it has built “enforcement mechanisms” to shut down malicious Facebook pages and accounts.
“We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people,” a Facebook spokesman said.

Writing on the blog for Internet security firm Sophos earlier today, senior technology consultant Graham Curley said while the while the exact nature of the problem was not known, “What’s clear, however, is that mischief-makers are upsetting many Facebook users and making the social networking site far from a family-friendly place,” Curley wrote.

Facebook has a no-nudity policy and requires that members be at least 13 years old.  Users are encouraged to report questionable content via links on Facebook pages. The social network also removes pornography on its own initiative.

Digits contacted Curley for more guidance on what users can do.  Because details remain sketchy, he said, it’s hard to give advice. “However, we would continue to recommend that users tighten their privacy settings, lock down as much as possible their friends’ ability to tag them in posts and picture, and run up-to-date anti-virus software on their computers.”


He suggested that firms wishing to protect their staff from offensive content might consider blocking Facebook access until the problem is solved.

The problem comes as Facebook gears up to unveil a massive profile page redesign to its 800 million users. The redesign, called Timeline, will take each and every action a user has made on Facebook, and organize them chronologically.  As one can imagine, no one is going to want their online diary soiled by a speck of violent imagery.

Whoever or whatever is to blame, the damage needs to be contained and fast, wrote Curley. “It’s precisely this kind of problem which is likely to drive people away from the site.”







Tuesday, 1 November 2011

Symantec: Hackers Hit Chemical Companies

Cyber attacks traced to China targeted at least 48 chemical and military-related companies in an effort to steal technical secrets, a U.S. computer security company said Tuesday, adding to complaints about pervasive Internet crime linked to this country.
The targets included 29 chemical companies and 19 others that make advanced materials used by the military, California-based Symantec Corp. said in a report. It said the group included multiple Fortune 100 companies but did not identify them or say where they were located.
"The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," said the report.
Security experts say China is a center for Internet crime. Attacks against governments, companies and human rights groups have been traced to this country, though finding the precise source is nearly impossible. China's military is a leader in cyberwarfare research but the government has rejected allegations of cyberspying and says it also is a target.
The latest attacks occurred between late July and September and used e-mails sent to companies to plant software dubbed "PoisonIvy" in their computers, Symantec said. It said the same hackers also were involved in attacks earlier this year on human rights groups and auto companies.
Symantec said it traced the attacks to a computer system owned by a Chinese man in his 20s in the central province of Hebei. It said that when contacted, the man provided a contact who would perform "hacking for hire."
Symantec said it could not determine whether the Chinese man was a lone attacker, whether he had a direct or indirect role or whether he hacked the targets for someone else. It called him Covert Grove based on a translation of his Chinese name.
The U.S. and Chinese governments have accused each other of being involved in industrial espionage.
Security consultants say the high skill level of earlier attacks traced to China suggests its military or other government agencies might be stealing technology and trade secrets to help state companies.
The chairman of the U.S. House of Representatives Intelligence Committee, Rep. Mike Rogers, said last month that Chinese efforts to steal U.S. technology over the Internet had reached an "intolerable level." He called on the U.S. and other governments to pressure Beijing to stop.
Another security firm, McAfee Inc., said in August it had found a five-year-long hacking campaign that it called Operation Shady Rat against more than 70 governments, international institutions, corporations and think tanks.
In February, McAfee said hackers operating from China stole information from oil companies in the United States, Taiwan, Greece and Kazakhstan about operations, financing and bidding for oil fields.
Thousands of Chinese computer enthusiasts belong to hacker clubs and experts say some are supported by the military to develop a pool of possible recruits. Experts say military-trained civilians also might work as contractors for companies that want to steal technology or business secrets from rivals.
China has the world's biggest population of Internet users, with more than 450 million people online, and the government promotes Web use for business and education. But experts say security for many computers in China is so poor that they are vulnerable to being taken over and used to hide the source of attacks from elsewhere.
Last year, Google Inc. closed its China-based search engine after complaining of cyber attacks from China against its e-mail service.
That case highlighted the difficulty of tracking hackers. Experts said that even if the Google attacks were traced to a computer in China, it would have to be examined in person to be sure it wasn't hijacked by an attacker abroad.