block Archives - IT Security Guru

ESET Warns Against a Wave of Infected E-mails

The Gurus — Fri, 11 Mar 2016 11:01:44 +0000

ESET® warns users against an increased number of infected emails containing a malicious attachment, which downloads and installs ransomware onto an infected device. When opened, it encrypts victims‘ files on thier PCs and requires a ransom for decryption.
ESET telemetry detects this malicious downloader as JS/TrojanDownloader.Nemucod and records its unusually high incidence in Europe, North America, Australia and Japan.
Nemucod is wide-spread via emails, which contain attached zipped files. Emails are written in a very trustworthy way, claiming to be invoices, notices of appearance in court or other official documents. Attackers are just trying to get users to open the malicious attachment that contains a JavaScript file, which after it is opened, donwloads and installs Nemucod to the victims PC. Nemucod is known for downloading a diverstiy of other malware available in-the-wild.
„Nemucod currently downloads mainly ransomware, for example TeslaCrypt or Locky. These encrypt the data on the victim‘s computer and demand ransom,“ says Peter Stančík, Security Evangelist at ESET.
Both TeslaCrypt and Locky ransomware use encryption standards similar to those used by financial institutions when securing online payments.
Commenting on this sudden surge of ransomware emails, David Gibson, VP of strategy and market development at Varonis, said, “Ransomware attacks grow more common because they’re effective and lucrative. They’re effective because it’s relatively easy to trick someone into downloading malware via phishing , and once a user launches a piece of ransomware it often won’t be detected (until it’s too late) because most aren’t watching or analysing file activity on networked file shares or in SharePoint. This means that it’s difficult to spot and stop an attack/infection while it’s in progress. Without a record of activity, it’s difficult to know which files were encrypted and when, so recovering from backup can be challenging. It’s lucrative because many people and organizations end up deciding it’s just easier to pay. User Behaviour Analytics that incorporates file activity can help detect and stop the spread of malware, and make recovery much more straight-forward.”
How to protect against this threat:

Do not open attachments sent to you in emails from unknown senders.
Warn colleagues who most frequently receive emails from external sources – for instance financial departments or human resources.
Regularly backup your data. In case of infection, this will help you recover all your data. An external disc or other storage should not remain connected to computer in order to avoid infection by filecoder.
Regularly install updates of your OS and other software you use. If you still use Windows XP, seriously consider moving to other, supported operating system of Windows.
Security software must also be used with all updates installed, ideally with the latest version. IT security vendors are packing new versions of their software with additional scurity features.
Users of ESET solutions are protected when ESET LiveGrid® Reputation System is turned on. This technology protects users‘ devices against ransomware by actively blocking their processes.

Prevalence level of the Nemucod malware. The scale spans from 0% (deep green) to 75% (Japan).
Source: http://virusradar.com/en/JS_TrojanDownloader.Nemucod/map

Fraser Kyne, principal systems engineer at endpoint security firm, Bromium, added “Ransomware is a particularly nasty form of malware because, once you are hit with its encryption, your files are toast. Anti-virus can’t do anything to bring those encrypted files back to you. I only expect this trend to continue because it is so effective, and this increase in ransomware highlights the importance of best practices, such as endpoint protection and external data back-ups. Many times, when you are hit with ransomware, it is impossible to get your files back because the payment processing may fail or the encryption keys may not work. The ransomware trend will only continue if those infected continue to pay the ransom. We cannot encourage this behaviour, so we suggest these ransoms are not paid.
Ransomware will continue to cause significant problems for many organisations, simply because their IT security mechanisms fail to protect them. Modern threats need modern and innovative solutions. It’s not enough to go through a continual ‘pay-up or wipe’ loop as these attacks become ever more popular. We also need to ask ourselves this question: “If we have ransomware that is TELLING us we’ve been hit because it wants our money, what does that reveal about our vulnerability to more convert attacks too?”

The post ESET Warns Against a Wave of Infected E-mails appeared first on IT Security Guru.

Google to deep six dodgy download buttons

The Gurus — Thu, 04 Feb 2016 11:39:04 +0000

Google has taken aim at another class of internet scumware: the deceptive download buttons that infest advertising on places like free software directories.
“Your computer is out of date!” ads and the like that take the unwary either to adware and/or malware installers – or worse – are in Google’s sights.
Lucas Ballard, the software engineer who announced the earlier stage of the safe browsing program when the Chocolate Factory started warning users about malware sites last year, says the program aims to eliminate “social engineering ads” in embedded content.

Original Source: The Register
View the full story here

The post Google to deep six dodgy download buttons appeared first on IT Security Guru.

WatchGuard partners with ‘Friendly WiFi’ to foster online safety for children and parents

The Gurus — Wed, 03 Feb 2016 11:31:41 +0000

Company accredited as a Friendly WiFi Approved Provider
WatchGuard Technologies is helping children to stay safe online through a new partnership with the ‘Friendly WiFi’ scheme, designed to identify public places such as shops, restaurants, cafes and cinemas, providing secure filtered WiFi. Initiated by the UK Government with support from the UK Council for Child Internet Safety (UKCCIS) and manged by the RDI trade organisation, the scheme means that children, parents and guardians can look for the Friendly WiFi logo to be sure that the public network has been tested and verified to make sure pornographic and child abuse websites are blocked.
WatchGuard has also become an accredited “Friendly WiFi Approved Provider, meaning that businesses or public facilities using WatchGuard secure WiFi solutions have the correct filtering to ensure inappropriate material remains blocked to users. Once checked by RDI, they can then join the scheme and display the logo.
Under the new partnership, WatchGuard will actively promote Friendly WiFi through its UK reseller channels, creating greater awareness around the dangers faced by young people online and offering a safe solution. WatchGuard partners are also able to assist RDI in rolling out the scheme by signing up end user customers directly to the Friendly WiFi scheme.
Jonathan Whitley, Regional Sales Director, Northern Europe at WatchGuard said, “We are delighted to play a part in promoting and delivering safe online WiFi for younger users. It’s a great concern for any parent, guardian or teacher and we look forward to seeing Friendly WiFi become a universal beacon of reassurance.”
RDI spokesperson, Mike Davies said; “Working with WatchGuard is a great opportunity for us to spread the Friendly WiFi message through the company’s extensive channel network and wide range of customers in key sectors such as hospitality, retail and schools. WatchGuard’s expertise and passion for security will make a valuable contribution to our commitment to make a positive difference to online safety for families everywhere.”
For more information on Friendly WiFi, please go to www.friendlywifi.com and follow on Twitter @friendywifi1

The post WatchGuard partners with ‘Friendly WiFi’ to foster online safety for children and parents appeared first on IT Security Guru.

Microsoft to ban man-in-the-middle adware from March 31

The Gurus — Tue, 22 Dec 2015 10:24:19 +0000

Ad injection software that uses man-in-the-middle (MiTM) techniques will be classed as malware by Microsoft, and blocked accordingly.
In a blog post on Tuesday, Microsoft said that the move to block such ad injection comes as part of the computer giant’s commitment to its users to maintain they have control of their “Microsoft experience”.
“Programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal,” Microsoft said. “The choice and control belong to the users, and we are determined to protect that.”

Orignal Source: ZDNet
View full story here

The post Microsoft to ban man-in-the-middle adware from March 31 appeared first on IT Security Guru.

BT broadband in broad-based brownout and TITSUP incidents

The Gurus — Wed, 29 Jul 2015 09:19:27 +0000

If you can’t reach a chum in the UK, chances are they’ve fallen victim to a substantial outage that’s hit BT’s voice and broadband services. Or a Total Inability To Support Usual Performance (TITSUP) incident.
The carrier appears to be suffering from two issues, the first reported to us by Reg readers Colin and Neil who’ve complained of very slow downloads, difficulties accessing the Web, dropped packets galore and traceroutes that don’t make it past the home gateway.
A glance at the carrier’s service status page omits mention of the slow access problem, but does reveal 15 outstanding issues including one that’s hitting over 40 communities from Manchester to Newquay.
BT says “A small number of our customers in the areas shown below, may experience a loss of telephone and/or broadband services. We hope to have service restored as quickly as possible and apologise for any inconvenience this may be causing. Services can be affected by a variety of reasons such as damage caused by 3rd parties or cable theft.”

view the full story here

The post BT broadband in broad-based brownout and TITSUP incidents appeared first on IT Security Guru.