Thursday 17 October 2013

Hacker Horrorshow Shaping Up for Halloween

Blue Coats Malware Security Get yourself ready for the frights of October! We're not talking about ghosts or ghouls, but malware threats. In a recent blog post, Solera Network, a Blue Coat company, warned victims of this month's malware infection campaign to keep a watchful eye out for more dangers. These include the ransomware CryptoLocker, clickfraud on a massive scale, and the theft of personal data like passwords.
CryptoLocker CountdownIn early September, malware present on actively infected PCs began to receive instructions from its Command and Control server to download the CryptoLocker ransomware application. CryptoLocker wastes no time and encrypts most document file types on the victim's computer. Other ransomware campaigns normally try to convince the user that he or she is going to be arrested for an alleged cybercrime.
CryptoLocker isn't joking around. It employs a 72-hour countdown clock with the following warning: pay up 300 dollars before time runs out or the malware will delete the decryption key which will render files unreadable. A year ago, ransomware criminals typically charged 200 dollars for data retrieval. CryptoLocker changes the desktop background to a threatening message that is revealed if your antivirus program deletes the program. It warns that you won't be able to decrypt your files unless you download the Trojan again.
CryptoLocker threat
CryptoLocker is pretty simple to find, kill, and delete because this malware runs under a suspiciously long, random-looking filename in the device's Application Data folder. However, if the Trojan finds a way into your system and you don't have your files already backed up, they're likely gone for good.
You should run regular backups on your computer for recovery, as well as antivirus software to keep CryptoLocker from breaking in. In case you find CryptoLocker on your system, the best possibility to get your data back is to recover it from your backup.
Medfos MaladvertisingUnfortunately, the malware campaign doesn't end here. It also employed Medfos, a Trojan that has write-ups from 2012. Medfos is a clickfraud Trojan that earns profit for malware distributors by running on unattended computers.
Medfos receives a list of websites that allow Pay Per Click advertising. Advertising agencies pay associates based on the number of clicks through an advertisement. This Trojan loads these websites in "headless" web browser applications that do not have visible windows and pretends to click an advertisement.
It only takes one computer infected with Medfos to overwhelm a home broadband connection; it loads hundreds of ads per minute. To add insult to injury, the bot controller performs regular checks to make sure Medfos is continually running and reinstalls the Trojan as needed.
Watch out for signs that your computer has been infected by Medfos. The Trojan runs from two DLLs that are visible in the process list from the Application Data folder. Additionally, it adds a new browser add-on, most recently dubbed Addons Engine 3.0.1 to Firefox, but normally uses Internet Explorer for heavy downloading. Medfos hijacks search engine settings in your browser so that when you think you're searching Google, you're actually sending information to Medfos-controlled pages.
Kegotip Wants EverythingIt's common for cybercriminals to steal and spread victims' personal information like passwords. In this recent malware campaign, perpetrators scan the infected system's files to search for anything that resembles an email address.
The Trojan, called Kegotip, sends a batch of email addresses every 15 to 30 seconds in a specially crafted packet to a server specifically listening to them on Transmission Control Protocol) (TCP) port 20051. You can identify this packet because the data portion always starts with the text string "Asdj," which ends up actually translating to "QXNka" according to the encoding format used by the bot.
Kegotip sifts through Internet-enabled applications, like File Transfer Protocol (FTP) clients, email apps or browsers, for stored credentials. These cybercriminals work efficiently: the report claims that two Kegotip attacks carried out transmitted over 15MB of stolen email addresses and fake credentials from two infected machines in the lab network.
Stop Infection Before It StartsMalware threats are certainly frightening, so it's important that you protect your devices before they get infected. Invest in antivirus software and keep it updated to protect yourself against future threats. Some good choices are our Editors' Choice Bitdefender Antivirus Plus (2014), Norton Antivirus (2014), or Webroot SecureAnywhere Antivirus 2013. Remember the fight against cybercriminals isn't hopeless; you can overcome these malware demons like your childhood nightmares.

No comments:

Post a Comment