Wednesday, November 26, 2014

CoinVault ransomware has appeared suddenly in November 2014

Bleeping Computer has a valuable information and FAQ guide for the new CoinVault ransomware, link here

This new kind of ransomware contains the decryption within the executable, and offers the victim one file “free” as proof that it can be done.  Payment is accepted only in Bitcoin.

The malware is distributed through email zip attachments disguised as .PDF files. It might be more likely to affect people who routinely work with attachments from clients.  
Webroot seems to be one of the first companies to research it. 

Monday, November 24, 2014

"Regin": deep-rooted malware seems to be engineered by NSA and Britain's GCHQ, probably not significant for most "home users"

There are reports of a worm called “Regin” which appear to have been developed by US, British and other European governments, especially Britain’s GCHQ.  The Intercept gives a very detailed account of how it works here. It would appear to affect Windows 7 and 8 users and be intended for deep level espionage.  It is unlikely to be noticed by a home user, although it is conceivable that in some cases it could cause Windows 8 to behave erratically or to freeze.  I wonder if it has anything to do with some instability on my Windows 8.1 HP Envy.
CNN has a simpler account here

A lot of the analysis work of the malware was done by Symantec (Norton anti-virus). 


Saturday, November 22, 2014

Router hack may cause unwanted Adobe download requests

There is new explanation for the unwanted popup I sometimes see to install an Adobe flash player.  It has occurred on one Windows 8.1 machine from and  

I have even communicated with the abuse departments of both MLB and Adobe about the popup, and Adobe recently emailed to me that it had acted (legally, probably with a trademark claim) to stop the particular popup.  

An Adobe forum suggests that it is a router that is infected, not the computer.  The link is here.  The malware is called the “Moon virus” or "Moon worm".   It’s hard to see how a Netgear router itself (firmware) would be hacked (it is password protected) but it’s possible that the hack could be on the ISP’s servers.  The implication is that as long as one doesn’t not click on the link, nothing will happen.  But the unwanted exe (which Chrome now warns about as a threat but Webroot doesn’t yet) disappears from the notification bar when the browser is simply closed (all sessions). 
A hacker news bulletin (link) has an even more sinister warnings that router hacking could lead to fake bank sites coming up.  Therefore, when a home user checks his or her financial statements, it’s a good idea to check them on more than one computer, or on more than one kind of device (try both mobile and PC), more than one operating system (try Mac if you have it), and more than one router.  If you have a hotspot with your cell phone, use that occasionally instead of your home router.  Or even check at a terminal inside your bank branch if it offers one (Wells Fargo is pretty good about this).  

Update: Nov. 26

Here's another writeup from the UK on the Moon virus, seeming to have something to do with Conduit, link here.

I got a fake Adobe update popup this evening on an older Dell Windows 7 laptop when I was on (trying to go to the Washington Nationals page).  In Windows 7, it started downloading, and Webroot Secure Anywhere stopped it immediately.   I closed the browser.  Webroot scan ran for 20 minutes and verified the malware had not actually loaded or installed.  I tried the mlb site again and it worked normally.  I did go ahead and rebooted the machine and nothing unusual happened.  

Friday, November 21, 2014

Webcam hack from Russia seems like an old trick

Home webcam cameras all over the world have been hacked, with some live-feeds available from a website hosted in Russia. The Register UK a typical news story here

Generally, most of the hacks seem to be separate cameras posted at various locations around businesses and homes, not just laptop webcams.

The hacks can be stopped by merely changing default passwords on these devices.   These are also common with some newer home security systems, but users of these probably would have known to protect them.

Some authorities say that these hacks have gone on for a long time.  They have been used as plot devices in films (like "Pornography, A Thriller", Movies blog June 18, 2012, and I think it's happened in soaps like "Revenge" (with likable bisexual techie guru Nolan Ross doing the hacking) and "Days of our Lives").  

The hackers say they did this as a “proof of concept”, and to demonstrate a major hole.  But criminals could use these devices for “peeping Tom” purposes, like to create child pornography, or even to know when people aren’t home.   

Thursday, November 06, 2014

Fugitive in PA used unprotected WiFi routers; password managers based on biometrics come onto the market

A couple of alarming or interesting stories came out today. One is that fugitive Eric Frein, who had hid out in northeastern Pennsylvania for over a month, had used open WiFi routers in the area to get Internet access (as well as solar cells for power).  Apparently this refers to homes with routers wirthour passwords, or weak passwords, or without the usual encryption.  The AP story, in the UK Daily Mail, is here
And Molly Wood, in the Personal Tech column for the New York Times, “Machine Leaning”, p. B6 Thursday, writes about “augmenting your password protected world”, with new devices that you “log in to” with biometric identification.. Hoyos Labs (link ) will offer IU, a facial recognition app that will manage your passwords and log on to sites for you – but you have to use the app rather than your browser inn a normal way. The article also describes EyeLock (link ), an IRIS scanner that looks like a hockey puck, that you can’t afford to lose. The link for the story in here

The idea that facial recognition could be really reliable sounds amazing to me.  It seems so easy for appearance to chance – with age for openers.  Or by weight loss, as with Jake Gyllenhaal in “Nightwatcher”. 

Tuesday, November 04, 2014

Webroot updates coverage on large corporate hacks; biggest danger to ordinary users still seems to come from phishing

Well, what’s my own security news?   Last week, a Metro machine cracked my Bank of America debit card as I tried to update my Smart card.   Sorry, I had to use cash.  I went into a branch in downtown Washington and the employees thought it was still OK, since it still worked.  I insisted on replacing it, and indeed the replacement came to by business box (which is a safer delivery option than a home address) in a few days (with a temporary).  No sign that the Bank has started the European chip technology to make debit cards harder to forge.  (I’ve had trouble with Metro machines twice now.) 
Then, on a day trip last week, I stop at a restaurant in Marshall, VA and notice this is a “cash only business” only when ready to pay.  Fortunately, I had the cash.  But more small businesses are obviously petrified of the security risks right now with cards.
Igor Piatniski has an update on all the big corporate hacks on the Webroot Threat blog, link here.  I still use my debit card at a local grocery store, drug store, and hardware store with no problems.  But I do watch all bank and financial statements online regularly.  Not everyone does this.  And I don’t bank with the cell phone.  I still use the laptop, because I need it for my “work” even when I travel anyway.  I still think security on a PC is a little easier to manage.   On credit card statements, yes, I look, but I admit there is a possibility for small charges to slip by.  I think a couple times, charges disguised as “annual fees” for something obscure might have been slipped onto a bill, for a card.  Oh, yes, Target got around to replacing my regular Visa  credit card, finally.  Maybe I was on the list after all. 
The anecdotal evidence is that very small fraudulent charges and debits may be much more common with compromised accounts than wholesale attempts to drain bank accounts.  I keep seeing a few small charges that I can't explain, randomly. 
One other item:  I've noticed some phishing emails recently offering to a "restore your Facebook account". And I still laugh at the obvious "Nigerian" scams and very obvious fake charities that I see (as in the movie "Believe Me", reviewed Nov. 3 on the Movies blog).