Wednesday, November 26, 2014
CoinVault ransomware has appeared suddenly in November 2014
Bleeping Computer has a valuable information and FAQ guide
for the new CoinVault ransomware, link here.
This new kind of ransomware contains the decryption within
the executable, and offers the victim one file “free” as proof that it can be
done. Payment is accepted only in
Bitcoin.
The malware is distributed through email zip attachments
disguised as .PDF files. It might be more likely to affect people who routinely work with attachments from clients.
Webroot seems to be one of the first companies to research it.
Monday, November 24, 2014
"Regin": deep-rooted malware seems to be engineered by NSA and Britain's GCHQ, probably not significant for most "home users"
There are reports of a worm called “Regin” which appear to
have been developed by US, British and other European governments, especially
Britain’s GCHQ. The Intercept gives a
very detailed account of how it works here. It would appear to affect Windows 7 and 8
users and be intended for deep level espionage.
It is unlikely to be noticed by a home user, although it is conceivable that
in some cases it could cause Windows 8 to behave erratically or to freeze. I wonder if it has anything to do with some
instability on my Windows 8.1 HP Envy.
CNN has a simpler account here.
A lot of the analysis work of the malware was done by
Symantec (Norton anti-virus).
Bill
Saturday, November 22, 2014
Router hack may cause unwanted Adobe download requests
There is new explanation for the unwanted popup I sometimes
see to install an Adobe flash player. It
has occurred on one Windows 8.1 machine from MLB.com and Slate.com
I have even communicated with the abuse departments of both MLB and Adobe about the popup, and Adobe recently emailed to me that it had acted (legally, probably with a trademark claim) to stop the particular popup.
An Adobe forum suggests that it is a router that is
infected, not the computer. The link is
here. The malware is called the “Moon
virus” or "Moon worm". It’s hard to see how a Netgear
router itself (firmware) would be hacked (it is password protected) but it’s
possible that the hack could be on the ISP’s servers. The implication is that as long as one doesn’t
not click on the link, nothing will happen.
But the unwanted exe (which Chrome now warns about as a threat but
Webroot doesn’t yet) disappears from the notification bar when the browser is
simply closed (all sessions).
A hacker news bulletin (link) has an even more sinister warnings that
router hacking could lead to fake bank sites coming up. Therefore, when a home user checks his or her
financial statements, it’s a good idea to check them on more than one computer,
or on more than one kind of device (try both mobile and PC), more than one
operating system (try Mac if you have it), and more than one router. If you have a hotspot with your cell phone,
use that occasionally instead of your home router. Or even check at a terminal inside your bank
branch if it offers one (Wells Fargo is pretty good about this).
Update: Nov. 26
Here's another writeup from the UK on the Moon virus, seeming to have something to do with Conduit, link here.
I got a fake Adobe update popup this evening on an older Dell Windows 7 laptop when I was on mlb.com (trying to go to the Washington Nationals page). In Windows 7, it started downloading, and Webroot Secure Anywhere stopped it immediately. I closed the browser. Webroot scan ran for 20 minutes and verified the malware had not actually loaded or installed. I tried the mlb site again and it worked normally. I did go ahead and rebooted the machine and nothing unusual happened.
Update: Nov. 26
Here's another writeup from the UK on the Moon virus, seeming to have something to do with Conduit, link here.
I got a fake Adobe update popup this evening on an older Dell Windows 7 laptop when I was on mlb.com (trying to go to the Washington Nationals page). In Windows 7, it started downloading, and Webroot Secure Anywhere stopped it immediately. I closed the browser. Webroot scan ran for 20 minutes and verified the malware had not actually loaded or installed. I tried the mlb site again and it worked normally. I did go ahead and rebooted the machine and nothing unusual happened.
Labels:
Adobe issues,
modem hijacking,
router security
Friday, November 21, 2014
Webcam hack from Russia seems like an old trick
Home webcam cameras all over the world have been hacked,
with some live-feeds available from a website hosted in Russia. The Register UK
a typical news story here.
Generally, most of the hacks seem to be separate cameras
posted at various locations around businesses and homes, not just laptop
webcams.
The hacks can be stopped by merely changing default
passwords on these devices. These are also common with some newer home
security systems, but users of these probably would have known to protect them.
Some authorities say that these hacks have gone on for a long time. They have been used as plot devices in films (like "Pornography, A Thriller", Movies blog June 18, 2012, and I think it's happened in soaps like "Revenge" (with likable bisexual techie guru Nolan Ross doing the hacking) and "Days of our Lives").
The hackers say they did this as a “proof of concept”, and
to demonstrate a major hole. But
criminals could use these devices for “peeping Tom” purposes, like to create
child pornography, or even to know when people aren’t home.
Thursday, November 06, 2014
Fugitive in PA used unprotected WiFi routers; password managers based on biometrics come onto the market
A couple of alarming or interesting stories came out today.
One is that fugitive Eric Frein, who had hid out in northeastern Pennsylvania
for over a month, had used open WiFi routers in the area to get Internet access
(as well as solar cells for power). Apparently
this refers to homes with routers wirthour passwords, or weak passwords, or
without the usual encryption. The AP
story, in the UK Daily Mail, is here.
And Molly Wood, in the Personal Tech column for the New York
Times, “Machine Leaning”, p. B6 Thursday, writes about “augmenting your
password protected world”, with new devices that you “log in to” with biometric
identification.. Hoyos Labs (link ) will offer IU, a facial recognition app that will manage your passwords and
log on to sites for you – but you have to use the app rather than your browser inn
a normal way. The article also describes EyeLock (link ), an IRIS scanner
that looks like a hockey puck, that you can’t afford to lose. The link for the
story in here.
The idea that facial recognition could be really reliable
sounds amazing to me. It seems so easy
for appearance to chance – with age for openers. Or by weight loss, as with Jake Gyllenhaal in
“Nightwatcher”.
Tuesday, November 04, 2014
Webroot updates coverage on large corporate hacks; biggest danger to ordinary users still seems to come from phishing
Well, what’s my own security news? Last week, a Metro machine cracked my Bank
of America debit card as I tried to update my Smart card. Sorry, I had to use cash. I went into a branch in downtown Washington
and the employees thought it was still OK, since it still worked. I insisted on replacing it, and indeed the
replacement came to by business box (which is a safer delivery option than a
home address) in a few days (with a temporary).
No sign that the Bank has started the European chip technology to make
debit cards harder to forge. (I’ve had
trouble with Metro machines twice now.)
Then, on a day trip last week, I stop at a restaurant in
Marshall, VA and notice this is a “cash only business” only when ready to
pay. Fortunately, I had the cash. But more small businesses are obviously petrified
of the security risks right now with cards.
Igor Piatniski has an update on all the big corporate hacks
on the Webroot Threat blog, link here. I still use my debit card at a local grocery
store, drug store, and hardware store with no problems. But I do watch all bank and financial
statements online regularly. Not
everyone does this. And I don’t bank
with the cell phone. I still use the
laptop, because I need it for my “work” even when I travel anyway. I still think security on a PC is a little
easier to manage. On credit card
statements, yes, I look, but I admit there is a possibility for small charges
to slip by. I think a couple times,
charges disguised as “annual fees” for something obscure might have been
slipped onto a bill, for a card. Oh,
yes, Target got around to replacing my regular Visa credit card, finally. Maybe I was on the list after all.
The anecdotal evidence is that very small fraudulent charges
and debits may be much more common with compromised accounts than wholesale
attempts to drain bank accounts. I keep seeing a few small charges that I can't explain, randomly.
One other item: I've noticed some phishing emails recently offering to a "restore your Facebook account". And I still laugh at the obvious "Nigerian" scams and very obvious fake charities that I see (as in the movie "Believe Me", reviewed Nov. 3 on the Movies blog).
Subscribe to:
Posts (Atom)