Watch Out For A New Ransonware Variant!
Trend Micro has reported on several variants of both ransomware and crypto-ransomware, each with their own “unique” routines. A new variant is called PE_VIRLOCK that not only locks the computer screen but also infects files—a first for ransomware. Unlike other ransomware, it appears to have self-propagation abilities.
There is significant chance of executing VIRLOCK on removable drives by mistake since the icons used by infected files are the same as what you’d expect for certain files on a flash drive. The infected files on the affected removable drive can infect computers with ease.
VIRLOCK variants may arrive bundled with other malware in infected computers.
Once inside the computer, VIRLOCK creates and modifies registry entries to avoid detection and ensure execution. It then locks the screen of the affected computer, disabling explorer.exe and preventing the use of taskmgr.exe. Meanwhile, it also checks the location of the affected system to display the appropriate image for the ransom message.
If the infected system is not properly cleaned, even the presence of a single infected file will trigger the infection chain all over again. Once VIRLOCK gets into a system network, it will be all over the place; it can infect a whole network system without notice.
As VIRLOCK has propagating capabilities, users are encouraged to limit connecting their removable drives to computers that are trusted or with security software installed. The same goes for computers: avoid connecting flash drives that cannot be vouched by other people.
Check with your current anti-virus/anti-malware provider for the best removal techniques for your particular system(s).CAPTCHA Security Can Now Be Fooled By Hackers
We’ve all been frustrated by security gateways that require us to visibly inspect a graphic of distorted letters and numbers and type in what we see to get past a security check. Now hackers have found a way around that too. The Russia-based anti-virus company Kaspersky Labs revealed on Wednesday that the malware, Trojan-SMS.Android.Podec, is now capable of circumvented CAPTCHA image security.
The Podec malware automatically forwards CAPTCHA requests to a real-time online human translation service, Antigate.com, which converts the image to text, and relays that data back to the malware code within seconds, convincing the verification system that it is a person. The purpose of the Trojan is to extort money from victims by subscribing thousands of infected Android users to premium-rate services, said the security software company. Watch your credit card bills for bogus charges!Beware of Apple Watch Phishing e-mails
Malwarebytes reports that hackers have jumped on the unveiling of the Apple Watch as a chance to phish for data through social networks. Victims are reportedly lured into the scam through the promise of a free Apple Watch, but instead are redirected onto a series of bogus links in what appears to be a phishing exercise to collect people's details.
Panda Anti-Virus says OOPS!
Panda users had a bad day on Wednesday, after the Spanish security software firm released an update that classified components of its own technology as malware. As a result, enterprise PCs running the antivirus software struggled to function and leaving some systems either unstable or unable to access the internet. A Panda spokesman confirmed the problem while advising that the issue was well in hand.
A company official advisory about the problem says that the issue was limited to Panda Cloud Office Protection, Retail 2015 products and Panda Free AV. Users are strongly advised not to restart their computer until a fix is available.
New Facebook Exploit Delivers Malware Worm
The folks at MalwareBytes came across a worm whose purpose is to compromise a user and spread via Facebook. The lure is the promise of pornographic material that comes as what appears to be a video file named Videos_New.mp4_2942281629029.exe, which in reality is a malicious program.
Once infected, the victim spreads the worm to all of his contacts and groups that he belongs to, by posting the following message:
Sex photos of teen girls in school – NEW SCANDAL Like · · ShareThe bad guys have built a multi-layer redirection methodology that uses the ow.ly URL shortener, Amazon Web Services and Box.com cloud storage. Once again these hackers are leveraging human nature and while it’s difficult to know how many people fell for this threat, we can guess that it most likely affected a significant number of Facebook users.
Are Your Microsoft Patches Up-To-Date
With the latest Patch Tuesday release, Microsoft fixed the latest FREAK vulnerability that could help attackers intercept secured network communications. The security bulletin is one of 14 Microsoft issued Tuesday, five of which are marked critical, meaning administrators should apply them as quickly as possible. The updates address vulnerabilities in both the consumer and server editions of Windows, Internet Explorer, Office, SharePoint Server and Exchange Server.
Need help with your network security? Call Jeff Hoffman @ ACT Network Solutions or e-mail him at jhoffman@act4networks.com
No comments:
Post a Comment