background preloader

Malicious Code

Facebook Twitter

Exclusive: FBI warns of 'destructive' malware in wake of Sony attack. Malware trends and cyber security considerations for 2015. Last year was a banner one for breaches, cyber attacks and advanced malware. In addition to the high-profile incidents at Sony Pictures after Thanksgiving and Home Depot before that, enterprise CIOs and their cyber security teams also had to deal with the spread of intense distributed denial-of-service attacks and destructive threats such as CryptoLocker. Malware in 2015: Easy to create, but dangerous enough to require attention As February 2015 arrives, there are still many emerging challenges in keeping corporate networks secure.

Malware is not only increasingly diversified and capable, but also easier to create. An effective cyber criminal effort could just as well be predicated on an overwhelming amount of simple pieces of malware as it could be upon a monolithic, state-level attack. Paul Christman, vice president of Dell’s Public Sector Software division, noted as much in highlighting the trend toward the creation of “recyclable” malware in particular countries.

Hackers Breaking New Ground With Ransomware. The tools and tactics being used to go after victims reveal growing sophistication, and gamers need to look out, security researchers say. The enormous success which hackers have had extracting millions of dollars from individuals and businesses using ransomware appears to be driving more sophisticated tools and tactics from them. This week researchers sounded the alert on two recent ransomware families that break ground in different ways. One of them dubbed Virlock is noteworthy because it not only locks the screen of compromised systems like other ransomware, but also infects files on the device. First noticed by security firm ESET in December, Virlock is also polymorphic, meaning the code changes every time it runs making it hard to detect using standard malware detection tools.

In an alert on Friday, security firm Trend Micro described Virlock as the first ransomware that includes file infection in its routine. “What’s going on is that this is the new mainstream,” Blech says. What are malware, viruses, Spyware, and cookies, and what differentiates them ? What are malware, viruses, Spyware, and cookies, and what differentiates them ? "Malware" is short for malicious software and used as a single term to refer to virus, spy ware, worm etc.

Malware is designed to cause damage to a stand alone computer or a networked pc. So wherever a malware term is used it means a program which is designed to damage your computer it may be a virus, worm or Trojan. Worms:- Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. It doesn’t harm any data/file on the computer. Examples of worm are: - W32.SillyFDC.BBY Packed.Generic.236 W32.Troresba Due to its replication nature it takes a lot of space in the hard drive and consumes more cpu uses which in turn makes the pc too slow also consumes more network bandwidth. Virus:-Virus is a program written to enter to your computer and damage/alter your files/data. Malware targets gamers, holds high scores hostage. A new type of malware is playing with gamers. The ransomware, described by a researcher at cybersecurity company Bromium, affects at least two dozen popular games, locking players out until they pay to open up their saved games, add-ons and scores.

Ransomware has been a rising trend among cyberattackers over the last couple years. The name comes from the fact that the malware infects your computer and then takes over, requiring payment to let you back into your files. Earlier this year, readers of the Huffington Post and other sites were victims of rasomware that made its way onto their machines via infected advertisements.

Bromium said on its blog that this is the first time it's seen gamers being targeted by ransomware. Given that gamers not only work hard to advance in their games, but that they also pay for upgrades and new features within the games, they certainly seem like ripe marks for blackmail. © 2015 CBS Interactive Inc. Self-deleting malware targets home routers to gather information. March 11, 2015 Attackers could be using VICEPASS for reconnaissance, or for future cross-site request forgery attacks. Researchers with Trend Micro have analyzed malware that first connects to home routers and scans for connected devices, and then sends the information it gathers to a command-and-control (C&C) server before deleting itself without a trace. The malware was detected by Trend Micro as TROJ_VICEPASS.A, or VICEPASS, and it has been observed infecting users that navigate to malicious websites hosting a purported Adobe Flash update, according to a Monday post by Kenney Lu, of Trend Micro.

Once downloaded and executed, the malware uses a predefined list of usernames and passwords to attempt to connect to the home router, Lu wrote. Some of the usernames include admin, D-Link, guest, root and user, and some of the passwords include 12345678, admin, password and qwerty. Lu said that the malware “will affect every device in the target network. Equation: The Death Star of Malware Galaxy. Download "Equation group: questions and answers" PDF "Houston, we have a problem" One sunny day in 2009, Grzegorz Brzęczyszczykiewicz1 embarked on a flight to the burgeoning city of Houston to attend a prestigious international scientific conference. As a leading scientist in his field, such trips were common for Grzegorz. Over the next couple of days, Mr Brzęczyszczykiewicz exchanged business cards with other researchers and talked about the kind of important issues such high level scientists would discuss (which is another way of saying "who knows?

"). But, all good things must come to an end; the conference finished and Grzegorz Brzęczyszczykiewicz flew back home, carrying with him many highlights from a memorable event. Sometime later, as is customary for such events, the organizers sent all the participants a CDROM carrying many beautiful pictures from the conference. A rendezvous with the "God" of cyberespionage It is not known when the Equation2 group began their ascent. Fanny: Cisco_2014_ASR. How the NSA's Firmware Hacking Works and Why It's So Unsettling. One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen.

The hacking tool, believed to be a product of the NSA, is significant because subverting the firmware gives the attackers God-like control of the system in a way that is stealthy and persistent even through software updates. The module, named “nls_933w.dll”, is the first of its kind found in the wild and is used with both the EquationDrug and GrayFish spy platforms Kaspersky uncovered.

It also has another capability: to create invisible storage space on the hard drive to hide data stolen from the system so the attackers can retrieve it later. Here’s what we know about the firmware-flashing module. How It Works Go Back to Top. Dealing with CryptoLocker ransomware | NetSafe Security Central. If you see this CryptoLocker image on your computer screen disconnect your computer from the internet immediately by removing your network cable or turning off the wireless connection.

Also disconnect USB storage devices or network shares and turn off any cloud backup services you may use such as Dropbox or Office 365. Significant numbers of New Zealanders have been dealing with ransomware during 2013. Ransomware is a form of malicious software or ‘malware’ which demands payment to unlock your computer and can often prove difficult to clean up or remove from both PCs and Macs.

CryptoLocker ransomware is the latest variant that now encrypts the files on your computer using a powerful algorithm that cannot be defeated without paying the sum asked for by the cyber criminals. If your computer is infected with CryptoLocker and you do not have a recent backup of your files your only option is to pay anywhere up to $750NZD to decrypt your data. How are users affected? Registry Indicators: