Articles about Malware

Ransomware is one of the most prevalent security threats at the moment, and each week there are new examples that up the ante a little more. In recent months we have seen cross-platform ransomware, Tesla 4's unbreakable encryption, and the MBR-overwriting antics of PETYA, but a new phishing scam takes another approach.

In a cleverly orchestrated campaign, a phishing scam is doing the rounds whereby malware meets social engineering in a bid to extract cash from victims. It marries together the file-encrypting Maktub ransomware with a thinly-veiled threat -- home addresses. Quoting victims' home addresses to them serves two purposes: it adds a level of authenticity to the phishing email, but also acts as additional leverage by upping the fear level.

Continue reading →

Malware is far from being a new problem, but the inexorable rise of ransomware has taken many by surprise. There have been a number of very high profile instances of ransomware such as PETYA, and the threat is perceived as being so high that the US and Canada have taken the unusual step of issuing a joint security alert.

The likes of TeslaCrypt 4 feature 'unbreakable encryption' and use scare-tactics to encourage victims to part with their money. This is what has prompted the joint alert from the US Department of Homeland Security and the Canadian Cyber Incident Response Centre which warns about "destructive ransomware variants such as Locky and Samas". Interestingly, the advisory actively discourages victims from bowing to ransom demands.

Continue reading →

Using threat intelligence helps enterprises to improve decision making when it comes to managing security incidents and enforcing policy.

Threat defense specialist LookingGlass Cyber Solutions is looking to improve the way analysts and security operators interpret threats targeting their organizations with the launch of its new ScoutPrime threat intelligence management platform.

Continue reading →

The FBI has began seeking the assistance of companies in the US to streamline its investigation on an increasing ransomware threat in the country.

The FBI is looking into a strain of ransomware called MSIL/Samas, which has been encrypting data across entire networks rather than single computers, Reuters reports. The ransomware infects machines before encrypting data and asking for money in return of the access.

Continue reading →

Ransomware is the malware du jour, and each strain seems more vicious than the last. As with any virus variant, there is a game of cat and mouse played out between virus writers and security companies as each battles to outwit the other.

Trying to get ahead of the curve, Bitdefender has released a tool that offers protection against the likes of CTB-Locker, Locky and TeslaCrypt. When it comes to dealing with ransomware the advice, unfortunately, has become a case of either pay up, or revert to data backups. Alternatively, you could try prevention rather than cure, and Bitdefender's 'crypto-ransomware vaccine' could be what you've been looking for.

Continue reading →

ESET has detected an undetectable malware. The security firm recently said to have discovered what it now calls Win32/PSW.Stealer.NAI, also known as the USB Thief.

The malware is designed to steal data and is, according to the firm, basically undetectable. It cannot be copied or reverse-engineered, making it extremely difficult to detect or analyze.

Continue reading →

Crypto-ransomware is the malware du jour, and the likes of TelsaCrypt 4 and KeRanger are just some of the names to hit the headlines recently. One of the latest examples of ransomware, PETYA, is taking a slightly different and more worrying approach -- it not only targets enterprise users, but also encrypts entire hard drives rather than just a selection of files.

PETYA -- also known as RANSOM_PETYA.A -- goes to some lengths to make sure that victims know that their computers are infected, overwriting the MBR (Master Boot Record) to display a ransom note during the boot process. The malware uses a "military grade encryption algorithm" to lock users out of their files, and victims are directed to venture onto the dark web using the Tor browser to make a Bitcoin ransom payment.

Continue reading →

If you think an application is suspicious, then you might run it in a sandbox, a virtual machine, maybe use a debugger, and watch what it does. And if nothing happens then that means it’s safe. Right?

Well, maybe not. Malware will often try to detect this kind of trickery, and if it thinks it’s being watched, won’t do anything to raise an alarm.

Continue reading →

Apple might be currently talking about its unbreakable encryption and how it's a good thing for privacy, but the FBI ruing it. The privacy arguement certainly stannds up to scrutiny, but strong encryption can also be used as a weapon, as demonstrated by countless examples of ransomware. There are numerous breeds of ransomware out there, but one of the most prolific is TeslaCrypt.

It's just a year since the first version of TeslaCrypt appeared on the scene, and it's gone through various updates and iterations over the ensuing months. Now it's hit version 4 and as well as continuing to threaten victims with sharing their files online, it also boasts what is being referred to as 'unbreakable encryption'.

Continue reading →

Top news websites including the BBC, the New York Times and MSN were hit over the weekend by a co-ordinated malware campaign. Delivered through the advertising networks used by the sites, the malvertising attack aimed to install ransomware on victims' computers.

On-site ads are far from loved, hence the prevalence of ad-blocking tools. But as well as being an annoyance, online ads can also pose a serious security risk -- something highlighted by this attack. The infected ads redirected people to servers hosting the Angler exploit kit and was engineered to target US-based web users.

Continue reading →

Microsoft's incredibly aggressive pushing of Windows 10 has been going on for some time now. In many regards it is something that home users have become accustomed to. While you might bemoan Microsoft constantly adverting Windows 10 to you if you've not yet upgraded, you must appreciate that it at last makes some sort of sense to the company -- it wants you to push that button and install the latest version of Windows.

But while this sort of nagging is nothing new, it seems that some of Microsoft's marketing efforts are wildly wide of the mark, particularly when it comes to enterprise users. Many have already been upset by the appearance of Windows 10 ads in an Internet Explorer patch but there's another level to this insipid pestering. Described by some as 'malware' the IE update tries to foist Windows 10 onto enterprise users, encouraging them to nag sysadmins to upgrade to the latest version of Windows.

Continue reading →

Ransomware is a growing problem, with businesses and individuals increasingly having their data encrypted and held to ransom. As with so many forms of malware, it has been PC users that have borne the brunt of attacks, but over the weekend it was Mac owners that were targeted by the KeRanger ransomware.

The malicious software first appeared on Friday and is said to be the first fully-functional example of ransomware aimed at Apple devices. KeRanger was found to be installed alongside the Transmission BitTorrent client, and while Apple has used its Gatekeeper security system to prevent further infections, if you have installed Transmission 2.90 there are steps you need to take to clean up your system.

Continue reading →

Researchers at threat defense company Skycure have uncovered an Android proof of concept malware that uses accessibility services to allow attackers to spy on and even control a device.

It can monitor all of a victim's activity and allow attackers to read, and possibly compose, corporate emails and documents via the victim's device, as well as elevating their permissions to remotely encrypt or even wipe the device.

Continue reading →

Cyber-criminals are now using fingerprinting techniques in their malvertising campaigns, researchers from security firms Malwarebytes and GeoEdge have reported.

Fingerprinting is an evasion technique in which crooks, through snippets of code, check if the targeted machine is a honeypot set up by malware researchers or an actual machine belonging to a potential victim.

Continue reading →

Ransomware was the biggest threat to Android users in the UK last year, a new report by security company Bitdefender says.

Even though it’s not as dangerous or prolific as its Windows counterpart, ransomware still played a major role in the overall mobile security landscape for last year.

Continue reading →