|Posted by Kenny Clemons on December 28, 2012 at 6:30 PM||comments (0)|
The Internet Crime Complaint Center (IC3) is the result of a partnership between the FBI and the National White Collar Crime Center. Designed to give cybercrime victims an easy way to report crimes, they also assist law enforcement in obtaining evidence to prosecute culprits. The IC3 first began receiving complaints about Reveton Ransomware in 2011. They issued a warning about it on their website in May 2012 (www.ic3.gov/media/2012/120809.aspx). Today, the IC3 receives dozens of complains each day from all over the world.
Most viruses activate after opening a file or attachment. Reveton is particularly insidious because it can install itself when a user simply clicks on a compromised website. It then locks down the computer by encrypting files on the hard drive or producing an inescapable black screen. A message is displayed directing the user to a bogus FBI, Department of Justice or IC3 website. The user is accused of a variety of Internet crimes, from illegal downloading of copyrighted materials to possession of child pornography.
There are a multitude of variants of the malware, but in all cases the user is instructed to pay a penalty fine in order to unlock the computer, typically $100-200. Most versions demand that payment be made with pre-paid credit card, such as a Moneypak card (sold at Walgreens or Wal-mart) or “Ultimate Game Card” (sold at Walmart or CVS).
Some variants of the virus turn on the computer’s webcam, recording video and displaying images back to the victim as an additional “we know who you are” scare tactic. Others disable current anti-malware and antivirus software. Once users have paid the “fines” or clicked through the warning message to investigate, it gets worse. The virus remains in the background, sending personal information to the hackers to be used in further crime, such as identity theft and capturing of credit card numbers or financial information.
While you certainly should NOT pay any “fine” demanded by the bogus malware, what should you do if you’re infected with Reveton Ransomware? The answer depends on how much control you maintain over your computer. If you’re able to access the Internet, download Malwarebytes (www.malwarebytes.org). They’ve kept up with variants as the malware has adapted and evolved, making it a strong contender to remove all versions from your computer.
Some victims are completely locked out of their system, unable to access the Internet or their desktop. The IC3 and the FBI recommend that these users contact a computer repair specialist. They warn potential victims that even if they’re able to unfreeze their system, the malware “may still operate in the background” and “certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.” (www.fbi.gov/news/stories/2012/august/new-internet-scam)
If you haven’t been attacked by this nasty bug, make sure that your system’s malware protection is up to date, downloading updates and running scans regularly. Consider installing a firewall router to limit unauthorized, outward-bound traffic from your computer to the Internet and limit your surfing to lesser-known sites, particularly those that facilitate file sharing.
|Posted by Kenny Clemons on September 22, 2012 at 10:10 PM||comments (1)|
September 6, 2012
By Attorney General
A new “drive-by” Internet virus carrying a fake message and claiming to impose a so-called fine from the Federal Bureau of Investigation (FBI) may be targeting email addresses owned by Connecticut residents, Attorney General George Jepsen and state Department of Consumer Protection Commissioner William Rubenstein warned today.
The virus is designed to extort money from its victims. An email purportedly from the FBI contains a Web link that, once clicked and opened, downloads and installs a virus on the user’s computer. The virus immediately locks the computer and displays a screen stating there has been a violation of federal law and that the user’s IP address was identified by the FBI for viewing child pornography and other illegal content.
The message then demands money through a prepaid money card service as a “fine” to the U.S. Department of Justice.
“Our office has received complaints from consumers who we believe have been victimized by this malicious email scam,” said Attorney General Jepsen. “It’s important for consumers to be informed and to exercise caution to protect themselves from scams like this. Never click on a link or open an email attachment from someone you do not know and trust. I would urge any Connecticut resident who receives this email to report it immediately.”
In addition to the message seeking to extort payment, the virus may continue to operate on the computer and could be used to commit online banking and credit card fraud. Infected computers may not operate normally, and users may require the assistance of a local computer expert to remove the virus.
“Computer crime is a serious, ongoing concern, and it’s critically important that consumers remain vigilant to protect the information stored on their personal computers,” Commissioner Rubenstein said. “Install appropriate protections, keep them up to date and communicate with family members to be sure that everyone understands and practices safe online behavior.”
If you believe you are the victim of this or any other Internet crime, or if you are aware of an attempted crime, complaints can be filed with the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center, on its Web site at www.ic3.gov.
Assistant Attorneys General Sandra G. Arenas and Phillip Rosario, head of the Consumer Protection Department, are assisting the Attorney General on this matter.
|Posted by Kenny Clemons on August 10, 2011 at 11:55 AM||comments (1)|
Written By Robert McMillan, IDG News Service
Software that lets drivers unlock car doors and even start their vehicles using a mobile phone could let car thieves do the very same things, according to computer security researchers at iSec Partners.
Don Bailey and fellow iSec researcher Mathew Solnik say they've figured out the protocols that some of these software makers use to remote control the cars, and they've produced a video showing how they can unlock a car and turn the engine on via a laptop.
According to Bailey, it took them about two hours to figure out how to intercept wireless messages between the car and the network and then recreate them from his laptop
Bailey will discuss the research at next week's Black Hat conference in Las Vegas, but he isn't going to name the products they've hacked -- they've looked at two so far -- or provide full technical details of their work until the software makers can patch them.
|Posted by Kenny Clemons on August 6, 2011 at 4:40 PM||comments (0)|
Why do hackers hack? Why create a worm that sends out an email to everyone in your contact list, or a Trojan that deletes your term papers? Is it mischief, malice, money, or something else entirely?
This is the question that was on my mind when I met with Mikko Hypponen, a legendary computer security heavyweight who has been hunting viruses for 25 years—since Brain.a, the first PC computer virus.
From the plaza, I walked out to a seat by the water facing the San Francisco Bay. Hypponen was there, waiting for me. I sat down next to him. I felt like we needed code phrases.
"What makes this a New Orleans iced coffee," he asked, as he accepted his drink.
"It's the chicory," I replied.
"Did you know the Finns drink more coffee per capita than any other nation?"
"I did know that," I replied. "I know a lot about coffee."
Okay! I guess we had our code phrases after all.
Hypponen is the lead security researcher for F-Secure in Finland. His takedowns and diagnosis include some of the nastiest, biggest computer viruses out there: Sobig.F, Sasser, Storm Worm. PC World called him one of the 50 most important people on the Web. Hypponen was on his way to a black hat conference in Las Vegas.
We met at the Ferry Plaza in San Francisco, sitting by the pier as commuter boats came and went. I wanted to ask him about the long history of personal computer viruses, now in their 25th year, from the simple to Stuxnet, and the shifting motivations that inspire virus writers to act. We had an hour.
2011 is the 25th anniversary of the first PC virus. In September, 1986, two brothers from Lahore, Pakistan, Amjad Farooq Alvi and Basit Farooq Alvi, released Brain.a into the wild. Brain.a infected the boot section of computers running PC-DOS. Its authors claimed they were simply trying to target people who were infringing on their own software. But the virus spread wide across the world, and marked the beginning of the malware era in computing.
Late last year, Hypponen was going through his records at F-Secure. He found a box with the 100 first computer viruses, all on floppy disks. "These are probably from five years or more," says Hypponen, "now more than that are written in one hour."
He realized that the first of these, Brain, was approaching its birthday. He had a long history with it, having studied it when it was first unleashed. To mark the anniversary, he travelled to Lahore, Pakistan, in an attempt to track the Alvi brothers down. Amazingly, they still had a business at the same address they had listed in the original Brain.a virus code. So he knocked on the door. They answered.
"They wanted to demonstrate that the PC system was not as secure as Microsoft and IBM said it was," he explains. "They thought it was weak, and [wrote Brain] to demonstrate that."
The Alvi brothers were Unix guys. DOS seemed like a weaker system, and they thought they might be able to exploit it. They wanted to see if they could move code from one system to another, on its own. They wanted to see if it could be transmitted, like a virus.
It worked! Before long the brothers (who had helpfully included their phone number in the code) were getting calls from universities and businesses all over the world, wanting to know what it was.
Others began tinkering with Brain.a, releasing variants. And as time passed, more and more people began writing distinct viruses. These were for the most part, however, more of annoyances than real problems. They might mess up your system but they would not (for most people at least) ruin your life.
And then came email. And that was bad.
"It has changed completely now," says Hypponen. "It changed from hobbyists and old school hackers around 2002 or 2003 when the hobbyists realized they could make money."
By the turn of the century, spam was big business. But in order to send out a lot of spam, you needed a lot of computers. And to keep from getting caught, they shouldn't be your own. Enter botnets.
Viruses allowed spammers to capture and control users computers remotely. They could use infected machines to ensnare other computers, sending out not just offers for herbal viagra, but phishing attacks and keystroke loggers that give them access to bank and financial data and personal information. By 2005, the point of malware writing had largely changed. Fuck proof of concept. Now it's for money.
There's also another reason that malware writers have surged: Microsoft Windows XP. That ancient system is, unbelievably, still the most widely used operating system on the planet. It's installed on more than 50 percent of all machines connected to the Internet, and it's very insecure.
"XP is the weakest of all systems," says Hypponen, " and it is installed on the most computers. Of course you will target that."
"The source of malware today is 99 percent criminal gangs, and that's a pretty nasty development," says Hypponen. "We didn't used to have to worry in the real world. But now there are organized criminal gangs, making millions from their attacks. When we shut down their operations, they know who we are."
It's not just a hypothetical fear. Ivan Eugene Kaspersky, who owns one of the world's leading anti-virus security labs, had his son Ivan snatched off the streets of Moscow earlier this year. Whether there was a revenge motivation, in addition to the ransom, is still unclear. But the fact remains that anti-virus guys are now effectively standing between the mob and big piles of money. Which is never a very safe place to be.
And if that wasn't bad enough, now there's a new, potentially deadlier, source of viruses: governments.
"I have Stuxnet right here with me in my bag! Do you want it?"
He leans over and slaps his computer bag on the side. I decline. I know it's not, say, smallpox, but sitting next to the most sophisticated computer virus ever created is oddly worrisome.
Stuxnet upped the ante. It targeted only a certain programming environment, with a certain PLC, with a certain configuration, in a certain location—which turned out to be a nuclear plant in Iran. When it went active, it recorded the normal plant operations for a few days, and then began playing them back to monitors, like a closed circuit tv camera in a bank heist film, while in actuality it was modifying the speed centrifuges spun at, causing them to break apart, most likely in violent fashion. Stuxnet, for now at least, ended Iran's nuclear ambitions.
But where did it come from?
"It was done by your government!" The Finn doesn't have any proof of this, but like most security researchers, he takes it as accepted wisdom.
"I do believe that when in 2008, George W. Bush signed the [Comprehensive National Cybersecurity Initiative] that the end result of that was Stuxnet."
Unlike most viruses, Stuxnet didn't spread over the Internet. Instead, it spreads from one machine to another on infected USB sticks. Which means that somehow, someone had to get an infected stick into physical contact with Iran's nuclear facility in Bushier.
"We don't know how it was originally planted, says Hypponen. "My guess is that they pick-pocketed workers, or broke into their homes and planted them."
Stuxnet has heralded a new era. Today's sophisticated malware attacks might now just target one machine in the entire world. And employee at a certain company could get a virus targets just to that specific person. Governments, corporations, and extremist groups are already engaged in this. As Hypponen points out, Stuxnet had been in the wild for more than a year before anyone discovered it.
What's out there now is an open question.
Hypponen was late for another appointment. And so as we finished our coffees, I stood to leave, and began walking away from the water, back into the plaza. Hypponen stopped me. He reached out his hand, and gave me my iPod, which I'd carelessly left in my seat.
He looked disappointed.
|Posted by Kenny Clemons on October 3, 2010 at 2:59 AM||comments (1)|
The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you to better protect your computer from their often damaging effects.
What Is a Virus?
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files.
Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going.
People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.
What Is a Worm?
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.
Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.
What Is a Trojan horse?
A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
What Are Blended Threats?
Added into the mix, we also have what is called a blended threat. A blended threat is a more sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one single threat. Blended threats can use server and Internet vulnerabilities to initiate, then transmit and also spread an attack. Characteristics of blended threats are that they cause harm to the infected system or network, they propagates using multiple methods, the attack can come from multiple points, and blended threats also exploit vulnerabilities.
To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn't just launch a DoS attack — it would also, for example, install a backdoor and maybe even damage a local system in one shot. Additionally, blended threats are designed to use multiple modes of transport. So, while a worm may travel and spread through e-mail, a single blended threat could use multiple routes including e-mail, IRC and file-sharing sharing networks.
Lastly, rather than a specific attack on predetermined .exe files, a blended thread could do multiple malicious acts, like modify your exe files, HTML files and registry keys at the same time — basically it can cause damage within several areas of your network at one time.
Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats also require no human intervention to propagate.
Combating Viruses, Worms and Trojan Horses
The first step in protecting your computer from any malicious there is to ensure that your operating system (OS) is up-to-date. This is essential if you are running a Microsoft Windows OS. Secondly, you need to have anti-virus software installed on your system and ensure you download updates frequently to ensure your software has the latest fixes for new viruses, worms, and Trojan horses. Additionally, you want to make sure your anti-virus program has the capability to scan e-mail and files as they are downloaded from the Internet, and you also need to run full disk scans periodically. This will help prevent malicious programs from even reaching your computer. You should also install a firewall as well.
A firewall is a system that prevents unauthorized use and access to your computer. A firewall can be either hardware or software. Hardware firewalls provide a strong degree of protection from most forms of attack coming from the outside world and can be purchased as a stand-alone product or in broadband routers. Unfortunately, when battling viruses, worms and Trojans, a hardware firewall may be less effective than a software firewall, as it could possibly ignore embedded worms in out going e-mails and see this as regular network traffic.
For individual home users, the most popular firewall choice is a software firewall. A good software firewall will protect your computer from outside attempts to control or gain access your computer, and usually provides additional protection against the most common Trojan programs or e-mail worms. The downside to software firewalls is that they will only protect the computer they are installed on, not a network.
It is important to remember that on its own a firewall is not going to rid you of your computer virus problems, but when used in conjunction with regular operating system updates and a good anti-virus scanning software, it will add some extra security and protection for your computer or network.
Did You Know...
CodeRed, a blended threat, launched DoS attacks, defaced Web servers, and its variant, CodeRed II, left Trojan horses behind for later execution. CodeRed was processed in memory — not on a hard disk — allowing it to slip past some anti-virus products. Computer Economics has estimated the worldwide cost of CodeRed at $2.62 billion dollars.
[Source: Symantec Web site]
|Posted by Kenny Clemons on April 9, 2010 at 11:37 AM||comments (0)|
Win32 Trojan is a generic name for a specific type of malware, which infects Windows operating systems.
Technically this form of malware is not as many people believe a virus. A Win32 Trojan by definition does not replicate like a virus or worm, rather it creates a backdoor into the infected system.
This backdoor allows a hacker access to the system remotely. Via this access the hacker can perform a variety of functions some of which may include the following.
- Remote installation of additional malware
- Use of the system as a relay to distribute spam e-mail
- Use of machine as part of a bot net, which is a collection of systems used concurrently to perform a distributed denial of service attack or Ddos attack on a website.
- Data theft, including passwords, credit card numbers, serial numbers etc.
Trojan.Win32 are by far the most prevalent form of malware at the present time, accounting for some 83% of global malware. Antivirus vendor Panda Security, estimate that 59% of computers worldwide are infected with some form of malware, the vast majority of which would be Trojans.
Infection vectors include the following:
- Peer-to-peer file sharing networks.
- Software downloaded via Bitorrents.
- E-mail attachments
- Legitimate websites that have been compromised by some form of code injection.
Symptoms of Win32 Trojan infection:
- Internet browser hijacks, changed homepage, constant pop-ups etc.
- General System slowness and impaired performance.
- System pop-up messages, purporting to be from the Windows system, or antivirus vendors, warning of malware infection and directing the user to purchase their removal product.
- The disabling of programs, generally antivirus and anti-spyware software. Also administrative level Windows functions, such as task manager, system snap ins, group policy, control panel, registry editor and various other system tools.
Win32 Trojan removal:
Unfortunately many Win32 Trojans will disable any antivirus or security software present on the system.
If attempts to remove the Win32 Trojan are unsuccessful, or if full system capabilities cannot be restored, then it is probably time to seek professional help.
Unsuccessful attempts to remove the Win32 Trojan will just make it dig in deeper until it completely disables your system. The quicker you can get professional help the money you'll save on repairs.
|Posted by Kenny Clemons on April 7, 2010 at 5:34 PM||comments (1)|
XP Anti Virus is a rogue antivirus software that, when runs, display false results as a tactic to scare you into purchasing the software. When XPAntivirus is first installed it will create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries are harmless and have absolutely no effect on your computer. Instead, these entries are set so that XP AntiVirus can find them when scanning your computer and report them as infections. In order to remove these fake infections you need to purchase the software as the trial does not allow you to remove them.
As you can see this program is fraudware in that makes changes on your computer and then states these changes are infections as a scare tactic to have you purchase the software. It goes without saying that under no circumstances should you buy it. The program does come with a removal option in the computer's Add or Remove Programs list, but when you attempt to uninstall it, all that happens is the entry is removed from the list and program's process is terminated. Next time you reboot, XP AntiVirus will start up again.
The best thing to do when the fraudelent XP Anti Virus appears on you computer is shut down immediately. The less time the virus has to do it's damage, the better your chances are for a clean and quick removal
|Posted by Kenny Clemons on April 7, 2010 at 10:52 AM||comments (1)|
A rash of home foreclosures and abandoned dwellings had already taken its toll on the tax revenue for the Village of Summit, a town of 10,000 just outside Chicago. Then, in March, computer crooks broke into the town’s online bank account, making off with nearly $100,000.
"As little as we are, $100,000 represents a good chunk of money, and it hurts,” said Judy Rivera, the town’s administrator. “We were already on a very lean budget, because the tax money just isn’t coming in.”
Summit is just the latest in a string of towns, cities, counties and municipalities across America that have seen their coffers cleaned out by organized thieves who specialize in looting online bank accounts. Recently, crooks stole $100,000 from the New Jersey township of Egg Harbor; $130,000 from a public water utility in Arkansas; $378,000 from a New York town; $160,000 from a Florida public library; $500,000 from a New York middle school district; $415,000 from a Kentucky county (this is far from a comprehensive list).
According to Rivera, the theft took place Mar. 11, when her assistant went to log in to the town’s account at Bridgeview Bank. When the assistant submitted the credentials to the bank’s site, she was redirected to a page telling her that the bank’s site was experiencing technical difficulties. What she couldn’t have known was that the thieves were stalling her so that they could use the credentials she’d supplied to create their own interactive session with the town’s bank account.
“The site even gave her a phone number to call for customer service, but when she tried the number she found it was a residence,” Rivera said. “She also called the bank, which said they weren’t having any technical difficulties.”
The following day, Bridgeview Bank notified the town that someone had executed two sets of transfers: one automated clearing house (ACH) batch transfer of seven payments of slightly less than $10,000 to individuals around the country; and a large wire transfer of nearly $30,000. The bank succeeded in stopping the fraudulent wire, but Rivera said the town has all but given up hope that it will retrieve the other $70,000. Bridgeview Bank could not be immediately reached for comment.