Expert Virus Removal Services and Technical advice.

We are Providing Computer users with Expert Virus Removal Services and Technical Advice.

Threats and their Removal.

Do you need a quick solution to a technical problem? With our live remote-assistance tool, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution.

Spywares and their Removal.

Are you worried that your computer might be nfected with Spywares? Then this is were you can find Support.

Advices for Protecting the Computer.

Expert Advices for Protecting your computer from attacks from all threats

Different Anti Virus Software and Tools.

Familiarizing different Anti Virus Software and removal Tools.

December 31, 2010

Man in the Middle and Redirection Attacks

We use to play a game where two people throw the ball to each other while the third person in the middle will have to intercept the ball then he changes the position with the person from whom he has intercepted the ball.

In the cyberworld, the game of keep-away gets a new twist; the two players have no idea the man in the middle (MITM) exists. It works like this:
  • Computer A initiates conversation with Computer B
  • Computer C intercepts that attempt and then relays the request to Computer B
  • Computer B responds, Computer C intercepts it, and returns that response to Computer A. 
While the computer C has intercepted the communication between A and B it may change the data in the communication or even redirect it to an entirely different new destination while computer A still thinks that it is receiving the information from computer B.


Key Loggers

In general keystroke loggers is the action of tracking the keys that are typed on a keyboard without letting the user know that their actions are being monitored. In its simplest form, a keylogger trojan is malicious, surreptitious software that monitors your keystrokes, logging them to a file and sending them off to remote attackers. They can be classified as Software key loggers and Hardware key loggers.  

December 30, 2010

Unconquered Zeus Threat

ZeuS is a well-known banking Trojan horse program, also known as crimeware.  This trojan steals data from infected computers via web browsers and protected storage. Once infected, the computer sends the stolen data to a bot command and control (C&C) server, where the data is stored.

The US FBI, Secret Service, and various NY agencies have issued a joint Cyber-Security Advisory warning of the threat posed by the Zeus botnet specifically and wire fraud risks from keylogger trojans in general. Zeus combines keylogger capabilities with man-in-the-middle (or man-in-the-brower) style attacks to steal online banking credentials.

How to remove Worm_Lamin.AC

First I suggest you to follow prevention is better than cure proverb as it is better to safe than trying clean up after the system getting infected. We have to be very careful in clicking the unknown links, enable pop-up blocker, Turn on firewall on your system, getting the Anti-virus updated are some of the basic things we need to make sure that they are done to safe guard our system.

Manual removal of the worm : 

Step 1: We need to turn the system restore off.
Step 2: Delete all the files and processes that belong to the worm from task manager processes tab
Step 3: Some times you will not be able to download the files from the locations found from the processes tab or using process explorer, at that time restart the system in safe mode and and try to remove the files.
Step 4: Enable Registry Editor
Step 5: Delete the registry values from the path 


  • In HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    • Shell = %Program Files%\Microsoft Office\OFFICE11\WINWORD.EXE
  • In HKEY_CLASSES_ROOT\exefile
    • NeverShowExt =
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    • EnableLUA = 0
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{Application name}
    • Debugger = cmd.exe /c del    
      
  • Delete the registry keys 
    • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\
      • Svc
    • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\
      • FWCFG
    • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
      • WinDefend
    • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center              
     
  • Restore this modified registry values in the files 
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced From: SuperHidden = 0
    To: SuperHidden = 1
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc 
  • From: Type = 4
    To: Type = 20 
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
  • From: Type = 4To: Type = 20 
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
  • From: Type = 4To: Type = 20 
  • There will be another location with the same path change the value from type 4 to 20.

Search and delete the keys in the following location for different files %Program Files%\Microsoft Office\OFFICE11\ control.ini 
Drvics32.dll
hjwgsd.dll
jwiegh.dll
PUB60SP.mrc
ruimsbbe.dll
smss.exe
yofc.dll
remote.ini


After doing this please scan your computer using any good updated anti-virus program.

Worm_Lamin.AC

This worm will propagate via instant messaging applications online like yahoo messenger, Gtalk, msn Messenger or Digsby.


Effects: 

  • Deletes registry  that are related to anti-virus and security applications resulting in improper functioning of anti-virus programs leaving the system security at risk
  • It disables security center functions like firewall security updates
  • Disables Internet connection sharing service which will disable sharing
  • It sends a copy of its link in the instant messages
It drops files following files in the system :

  • %Program Files%\Microsoft Office\OFFICE11\services.exe
  • %Program Files%\Microsoft Office\OFFICE11\WINWORD.EXE
  • %User Startup%\Adobe Gamma Loader.com

  1. These dll files are loaded into the system program files Drvics32.dl, hjwgsd.dll, jwiegh.dll, PUB60SP.mrc, remote.ini, yofc.dll, ruimsbbe.dll, smss.exe and creates an auto start entry in the registry attacking the word file. 
  2. It also disables registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot which will not allow us to boot in safe mode and explorer, shared access, services related registry entry's values will be changed to 4.  
  3. It also pings many sites that are harmful using command prompt.
  4. The sent spam messages are predetermined, which is listed in HJWGSD.DLLl, and contains the link http://bukuger{BLOCKED}.hared.com. Copies of the malware maybe downloaded from this site, which is currently inaccessible.    
So please be aware while clicking on any links in any instant messenger sites.

Mitigating Cross Site Scripting

Attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool a user  in order to gather data from them besides spoiling the victims PC with different things like DNS poisoning, making changes to the system security, cookie theft and adware etc

XSS holes can allow Java script insertion, which may allow for limited execution. If an attacker were to exploit a browser flaw (browser hole) it could then be possible to execute commands on the client's side. If command execution were possible it would only be possible on the client side. In simple terms XSS holes can be used to help exploit other holes that may exist in your browser.

Cross Site Scripting (XSS)

It is the vulnerability in the web applications that will inject malicious scripts in to the websites viewed by other users. This may result in hacking of the user details and misuse of it to very small issues like leading to different sites which can be easily prevented by a good Internet Security Program.

December 29, 2010

Email-Worm.Zhelatin

Anti-Virus8 is a typical rogue anti virus that installs itself on the computer and shows itself as not genuine and asks to purchase showing that there are many threats on your computer.It looks similar to AVG anti-virus and that is the reason why many people are getting to know the threat.

Brontock

This is the worm that comes as an attachment named Kangen.exe in the email. When executed this will open the documents folder and loads itself in user profiles and current user section. It consists of following the email-

Browser Modifier

This is some kind of adware which attacks the browser. It keeps on giving pop-ups and advertisements that has different obscuring infections. This will block certain other advertisements and changes the internet explorer settings for search option. This particular block will result in giving unwanted pages or browser redirects; when we want to go to particular website it will land on other site.


Virus named Java Downloader


TrojanDownloader:Java/OpenConnection.IT is the detection for an misconcepted Java applet that attempts to download and execute files from a remote web site. It often works in conjunction with Exploit:Java/CVE-2010-0094, which exploit a vulnerability in the Java Runtime Environment (JRE).






December 28, 2010

Passwords that can be Cracked Easily

Passwords are the key for securing our email or bank accounts. We must keep a good combination of small, capital letters, numbers and special symbols. They are the key sources to secure our computers, emails and bank accounts from crimeware, spyware etc.

Sality Virus

Sality is a family of file infecting viruses that spread by infecting executable files, it runs an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web. So it is a combination of many infections bundled to damage the computer software.  

It will infect executable files on local, removable and remote shared drives. The virus also creates a peer-to-peer (P2P) botnet and receives URLs of additional files to download. It then attempts to disable security software on the computer. It also has key logging functionality . Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives or removable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed. Updates to the malware that is dropped by it are fed via decentralized lists of HTTP URLs.


Removing Sality Virus: 

  • Take a registry back up and create a restore point to be on safe side.
  • Unregister the file using the command in command prompt Unregsvr32 vcmgcd32.dll
  • Remove the file vcmgcd32.dll by searching it using the search option.
  • Remove the "Virus.Sality.U" components:
  • BwUnin-6.1.4.36-8876480L.exe, syslib32.dll, sysdll.dll, oledsp32.dll and all the files those are associated with that file.

This will remove the virus Virus.Sality.U from the virus.

December 25, 2010

SYMPTOMS OF SALITY VIRUS

 
Sality virus is one of its kind; very dangerous and infective. It attacks all the system file components like windows task manager and registry. It is the most important part where we need to take care of as registry values are like wheels of a vehicle, if they get corrupted we may not be able to use the computer as similarly as we cannot use the vehicle if the tires go flat. 

Computer Virus Infection Strategies

A virus is a program that is written which can copy itself  and has the capability to completely destroy a computer.A true virus can spread from one computer to another if it is targeting the host computer by the infecting the files in the host computer which is on a network.



"Here you have" Virus

''Here You Have'' is one of the widely spread viruses on the internet these days. It comes as an email to inbox and states like  as the subject  "Subject: Here you have or Just for you". It is also called

W32/VBMania@MM  


December 24, 2010

REMOVING VIRUS FROM PENDRIVES




Preventing the virus from entering the PC:
There are some common things that we need to take note of while using a pen drive/ Flash Drive/ Thumb Drive. People use Flash drives for copying data, often the date would be documents or executable files or movies and so on.
 
  • One can copy the files directly to prevent the virus that attacks folders mostly in a portable drive. That is the first important thing we need to keep in mind.
  • Secondly while opening the PD (portable drive) we should not use the autorun to open it directly. We first need to scan the PD using any good anti- virus before opening it.
  • If we find any infections we can fix them. If not fixed if they are skipped or avoided from scanning then we cannot open the PD as usual.


REMOVING IT:

Command prompt can be used for removing virus from pen drive with some familiar and basic CMD commands.

  •  Go to Command prompt by clicking on Start Run or by pressing windows logo button + R.   Type the drive letter of the pen drive with a colon following it
  •  Then type DIR/A. Check all the files and folders displayed in the list especially for AUTORUN,           RECYCLER and any .exe files which you don't expect in it.
  • Type ATTRIB *.* -S -R -H to unhide all hidden and system files.
  • Then delete the suspected files one by one using the command DEL FILENAME.EXT. This will delete the files from the drive.
  •  Repeat this process for all the folders in that drive.

This will remove the virus from the pen drive for sure.

Note: Never open the files in the pen drive when you have downloaded the files from Internet Cafe directly from windows explorer, cause they are the most important and dangerous places from where we get the infections.

REMOVING ROOTKITS MANUALLY

The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, anti-virus, and system management utilities. There are several root kit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.

Uninstalling an Anti-virus using removal tools:

REMOVAL TOOLS:

Any anti-virus has got some settings and files installed on different folders in computer. So today we will learn how to uninstall an anti-virus using different uninstalling utilities for different companies. Before we look into it we will need to know why we need to use the utilities to uninstall them using utilities.
Reason why we need to uninstall Anti-virus using tools is to make sure that there are no left over files in registry which cause some problems when we install another anti-virus. If there are more than one anti-virus on the system they will give raise to conflicts among themselves and none of them work.
So to protect our PC from infections and to have a clean one and only one security application we need to use the removal tools to uninstall them.

Names of few tools to uninstall different security programs:

  • Norton removal tool
  • McAfee consumer product removal tool
  • Avast uninstall utility
  • Removal tool for Kaspersky products
  • Avg remover
  • Bit defender uninstall tool

These removal tools will help us in removing the anti-virus that we have installed completely from the computer that will help in installing any other anti-virus programs without any problem.


These are operating system independent. That means they work in XP, vista as well as in win7. Sometimes we need to remove the toolbars that we get along with these full programs. For eg. Panda Anti-Virus Firewall 2010 uninstall tool. Norton Online family, Norton online back and so on these have to be uninstalled separately from either add or remove programs or using concerned removal tools.

Virus in RFID

VIRUS THAT HAS INFECTED MAN:

There has been a recent attack on a RFID chip implanted into Dr Mark Gasson’s left wrist by a virus. He gave an interview to BBC world news about the same and its effects.
There are many things we can do with a RFID chip. We can communicate with our mobile phone, we can gain access to our organization we work for and so on. If the chip we use to get access to the machines gets infected there are chances that the machines we show the RFID chip will get infected as well like mainstream computers.

An RFID chip means Radio Frequency Identity which will be embedded into human body to access like it is being done to animals. It is going to be a revolution in future; everyone will be having a RFID chip with all their personal details fed in to it. It may replace SSID to have advanced tracking system.

The virus that has infected the chip that Dr Mark Gasson has implanted into his hand is infecting all the machines that he is accessing using that. BBC news asked how well they infect the devices or computers that he accesses. Medical implants are prone to viruses as the implanting technology has developed to a point where they are capable of communicating, storing, and manipulating data. So technology has to keep pace with the new viruses that are being invented daily and should secure themselves from viruses.

December 23, 2010

Bom Samado Worm

Are you having GOOD SATURDAY WORM:

Is your orkut safe? Did your friends complain about scraps that are being sent to them with a name Bom Sabado, which means GOOD SATURDAY in Portuguese, that they are receiving regularly from your account? If you are experiencing this issue this means your Orkut account is being infected with this severe virus/worm. It has attacked the cross site scripting of the orkut site and has spread its presence.

ANDROID FAKE PLAYER-VIRUS

Android Fake Player:

A new virus was found with the phones using Android operating system, that is called Trojan SMS . This virus works by sending a premium SMS, which is very dangerous, once received corrupts the entire phone. Application of this virus is about 13 KB and will be active when the user is running the media player application. When running this file users will be approved or not activated when the Trojans has just started to attack.

December 17, 2010

Installing Anti-Virus

Different Anti-Virus companies Compatible with Win7
An anti-virus will have a set-up file that will install the program. Before we install it we will have to check many things that need to be unchecked, disabled or enabled. Even uninstalling have to be done using some tools else it will not be removed completely and it will be there in registry which creates some problems in future.

Things to look for in selecting an Anti-virus Program

Features of a Good Anti-Virus:

Things we need to look for,when we purchase an anti-virus are: 
  • Good scanning engine
  • Behavioral Scanning feature 
  • Resource friendly
  • Install and uninstall without any problems
  • No conflicts with other software
  • Boot level Scanning
  • Last but not least, User friendly and Operating system flexible
We need to look for its scanning engine; how deep it scans the computer, whether it scans the system files, compressed files etc.. Also different scanning options, like Quick scan, Full Scan, Custom scan.
Now a days we are getting scanning options like root-kit scanning malware scanning built in to the original scanning module. This avoids purchasing an additional protection software for that infections.

This is another point we need to look for. Internet security is one other thing that has led to the concept of Firewall. Firewall is a tool that monitors that network traffic. We can have some ports blocked or allowed using a firewall. It helps us protect our computer from hackers

Browser and Email protection:  Companies have doubled their ideas and came up with concept of Email Client and browser protection. Browser protection comes with different names like site advisor, safe search, Identity protection etc.. Email protection helps us in preventing unwanted junk files to be filtered and deleted including spam.
However, it is our duty not to open any mails that are from unknown senders and that has links that lead to infiltration of different infections. Spammers always try to send spam mails that will always attract our attention.

Internet Security comes with parental control as well. It is a good tool to monitor kids and help them use the Internet safely. 

End of the day, though we use any good anti virus it is our responsibility to be careful in opening sites that are risky and protecting our programs, network and files with a password. Last but not least look for compatibility with your operating system. For instance if we purchase a security program that is compatible with XP computer it is not compatible with vista. So please take some time in looking for these things in an anti-virus program and go for it.

December 15, 2010

Removing Fake Spywares Manually

Fake anti-viruses are the most important and dangerous infections from which we need to be cautious about. They keep pestering us with pop-ups showing many risks and show us to purchase a full version of it when we click on clean infections. This includes spy wares that take access of most of the system processes and disable most of the trouble shooting tool in windows. Since they take spy on computers after getting installed they are called Spy wares. These fake anti-viruses are created by hackers trying to steal your money using the tactics: fake alerts, wrong scan results and Interfaces that look similar to popular anti-virus software. They will make PC run slow. This can infect operating systems XP, Vista and win-7 

 

Fake Anti-Viruses

Anti virus is a basic security tool that protects us from any kind of  viruses. There are more than 145 different anti- virus companies in the market that helps us protect our conputers.


Taking an advantage of these, many people are trying to create fake versions of those that are there in the market which is actually a risk that no one can find so easily and even the anti-virus companies are facing a uphill task to update their definitions for the newly created fake anti-viruses.

November 27, 2010

Facebook: Risky Communication!

A group of scientists has demonstrated the possibility of stripping away the anonymity from significant numbers of users of popular social networking sites. Any technology allowing the identification of users of social networking sites, the collection of data about their habits and the prediction of their behavior can be used to cause harm. For example, such data can reveal a user’s sexual habits, or render somebody open to blackmail. But despite the fact that this threat is well known, very little has been done to prevent it.

The researchers demonstrated the possibility of this type of attack by identifying a user who was simply browsing the web. An attacker can probe the victim’s browser history for any URLs that may reveal membership of any social networking groups. By combining this information with previously collected data it is possible to identify any user of a social network who happens to visit the attacker’s website. In many cases, this allows the attacker running the malicious website to uniquely identify his visitors by the names which they use in their corresponding social networking profiles.

 
This type of attack requires very little effort to carry out and has the potential to affect many millions of registered social networking users who have group memberships.

Ref: iseclab.org/papers/sonda-TR.pdf

November 26, 2010

Using Shortened URLs: Security Risks

URL shortening services such as TinyURL.com and Bit.ly are becoming trendy attack methods. We all share website links with each other through emails, blogs, social media sites, book marking websites and word of mouth and we rarely, if ever, think about the potential security risk this simple act can raise. You may not want to automatically click on the shortened URL after you read this.

What is URL Shortening?

The compacted URLs produced by services such as TinyURL.com, bit.ly, is fine, and many others are convenient and save space, but they can also be used to hide the identity of malicious sites. The idea behind URL shortening or link shortening is very simple, take a long URL and encrypt it to produce a shorter URL. This is what URL shortening services do.

Security Risks
  • Allow spammers to override spam filters as domain names like TinyURL are automatically trusted.
  • Prevent users from checking for suspect URLs by obfuscating the actual Web-site URL.
  • Redirect users to phishing websites in order to get sensitive personal information.
  • Redirect users to malicious websites, just waiting to download malware.

Fortunately, there are several ways to look behind a shortened URL to see exactly where the link will take you - before you click it! Every URL-shortening service I'm aware of offers one or more ways to preview the real destination of a shortened link.

For example, here's a typical bit.ly URL that I created. All it does is take you to the http://www.techsupp247.com/ home page, but there's no way to know that in advance - it's a blind link:

bit.ly/tsp247

So you want to see where the link really goes before you click it.  It's easy: all you have to do is copy the link, paste it into the address bar of any browser window or tab, and add a plus sign to the end, like this:

bit.ly/tsp247+


Adding a plus sign to the end of any bit.ly URL brings you to a special bit.ly page that shows you information about the link, including the full, expanded URL. Using the information on that bit.ly page, you can decide whether the link is safe and worth following.

TinyURL has a similar option. But instead of adding a plus sign at the end of a link, you prepend the word preview. For example, here's a regular TinyURL link to the Windows Secrets home page:

http://tinyurl.com/TS247

Copy that link into the address bar of your browser and add the word preview:

http://preview.tinyurl.com/TS247
Now the link will bring you to a preview page that displays the full, expanded URL. Like all the other major URL-shortening services, TinyURL offers an easy way (circled in green) to preview the true destination of a shortened link.
All the major URL-shortening services have similar ways of letting you preview what's behind their URLs.
If you're checking lots of links, it can be tedious process to manually copy, paste, and edit URLs. Several sites offer automated scripts to make things a bit easier. For example, when you encounter a suspicious short URL, you can try Longurl.org, ExpandMyURL.com, or LongURLPlease.com

Firefox users can install the bit.ly preview add-on to allow previewing of short URLs without needing to leave the page you're on. Despite the name, the add-on works for many URL-shorteners - not just bit.ly. Chrome users can also download a similar extension for that browser. There is no fully automated preview tool for Internet Explorer, although several URL-shortening apps are available in the Microsoft IE Add-ons Gallery. Just type url into the search bar.

Conclusion

URL shortening is a useful and convenient service; just make sure you exercise some common sense and an ounce of caution to avoid being exploited by a shortened URL. Many industry experts say that we shouldn’t click on active links, whether they’re in e-mail messages, IM messages, or tweets. That’s an unrealistic expectation; so just make sure to approach links with caution. If possible, use one of the preview features to check out the link first.

November 25, 2010

Businesses - corporate under attack!

It is interesting to note that malware specifically designed to target corporate information systems does not exist. The tools of the hackers’ trade remain the same regardless of whether the target is a private individual or a company, the only real difference is the scale of damage, so companies have to pay particular attention to their own protective measures. The cybercriminals are far more interested in attacking companies than private individuals as the potential rewards from such attacks are considerably higher. It is very rare indeed for a hacker or virus writer to work for nothing. Usually when they feel the need to put their professional abilities to the test they try to ensure that their efforts are duly remunerated. Hackers that attack companies generally do so for the following reasons:

  • To steal confidential information, including financial, with a view to profiting from its usage or resale,  for example, databases belonging to financial organizations 
  • To disable a company’s IT infrastructure with a view to extorting money from that company for returning its IT infrastructure to operational condition. Additionally, a hacker may want to do damage to a company’s reputation or interrupt their business processes by the use of DDOS attacks
  • To use the IT resources of one company for the purpose of attacking other companies.

Cybercriminals do not have to attack a whole organization to get their hands on financial or confidential information. It is much simpler to carry out an attack by targeting an individual victim in an administration or HR department where the level of computer literacy is usually fairly low

Methods of attack

How do cybercriminals gain access to corporate information? What vectors of attack do they choose?

The Structure of a typical corporate network
is usually much more complex than the one
displayed in the picture
Networks belonging to large enterprises with geographically diverse subdivisions have equipment located in different towns and sometimes even different countries, as well as hundreds of kilometers of communications cables. All this makes it very difficult to prevent unauthorized network access or the interception of confidential information transmitted over the network.

Hacking can occur on both private and publicly accessible sections of a network – usually the Internet. In such a case, the cybercriminal does not need to be physically near the hacked channel, using hackers tools and methods available on the Internet it is possible to hack a network remotely.
A hacker does not usually need
direct access to the target
computer within an organization:
these days attacks are carried out
remotely via the Internet

Probably the most popular method for infecting computers is via the use of programs called Trojans which infiltrate a target machine through malware links in spam, instant messaging, and the exploitation of vulnerabilities in different software applications.

Of all of the abovementioned methods of infection, it is the vulnerabilities in software that is one of the biggest problems within the corporate environment. Large corporate networks are made up of a huge number of component parts: workstations, servers, laptops, smartphones, all of which may operate under the control of a different operating system.

Another loophole used by the criminals is the multiplicity of staff and the resulting multiplicity of computer network users and access points. The larger the numbers of end-users and nodes, the more chance there is of an accidental oversight in security procedures or an intentional violation of security policy. Unfortunately, companies rarely do have all-encompassing security policies in place, thus the cybercriminals continue to actively abuse the situation and commit targeted attacks.

Education

One of the keys to successfully minimizing corporate attacks is to educate staff on a constant basis, and not just technical staff, but administrative staff too. Obviously, when a user has no real knowledge of the basic rules of computer security there can be no guarantee that hackers won’t be able to enter the corporate network. It is imperative to teach the staff to think twice and remain cautious.

November 24, 2010

Dangerous Clouds!


The non-profit Cloud Security Alliance has published a report defining the foremost cloud security threats.

Cloud computing is a kind of distributed system whereby all computer resources are provided to the users in the form of Internet services. As the technology becomes more and more popular, criminals use it to improve their reach, avoid detection and increase the effectiveness of their activities. Enterprise and home users need to better understand the risks associated with the adoption of cloud computing.

The authors of the report identified the following seven threats:

1. Abuse and nefarious use of cloud computing
Providers of infrastructure as a service offer their customers the illusion of unlimited compute, network and storage capacity, often coupled with a frictionless registration process where anyone with a valid credit card can register and immediately begin using cloud services. Some providers even offer free limited trial periods. By abusing the relative anonymity behind these registration and usage models, spammers, malicious code authors and other criminals have been able to conduct their activities with relative impunity.

2. Insecure Application Programming Interfaces
Cloud computing providers expose a set of APIs that customers use to manage and interact with cloud services. Provisioning, management, orchestration and monitoring are all performed using these interfaces. The security and availability of general cloud services is dependent upon the security of these basic APIs.

This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure.

4. Shared technology vulnerabilities
Cloud computing vendors deliver their services in a scalable way by sharing infrastructure. Often, the underlying components that make up this infrastructure were not designed to offer strong isolation properties for a multi-tenant architecture. To address this gap, a virtualization hypervisor mediates access between guest operating systems and the physical compute resources. Still, even hypervisors have exhibited flaws that have enabled guest operating systems to gain inappropriate levels of control or influence on the underlying platform.

5. Data loss/leakage
The threat of data compromise increases in the cloud. Examples include insufficient authentication, authorization or audit controls, operational failures and data center reliability.

6. Account, service & traffic hijacking
Cloud solutions add a new threat to the landscape. If an attacker gains access to your credentials in the cloud, they can manipulate data, eavesdrop on your activities and transactions, return falsified information and redirect your clients to illegitimate sites. Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks

7. Unknown risk profile
One of the ideas of Cloud Computing is the reduction of hardware and software ownership and maintenance to allow companies to focus on their core business. This has clear financial and operational benefits, which must be weighed carefully against the contradictory security concerns — complicated by the fact that cloud deployments are driven by groups who may lose track of the security ramifications.

These threats described are not listed in order of severity.

November 23, 2010

CLOUD COMPUTING: AntiVirus in the CLOUD?

             Practically all of the major antivirus companies have started using in-the-cloud technologies or are planning to use them in the nearest future. Despite the undoubted advantage with regard to the struggle against attacks, in-the-cloud technologies are themselves sure to be a prime target for the cybercriminals.

The eternal conflict between virus and antivirus has, up to the present moment, been largely going on at the level of files and processes on the end users’ machines. Malware programs have been trying to destroy the antivirus system by different means or attempting to persuade the user to switch it off themselves.

With the beginning of cloud- technology detection and categorization, a new front has opened up in this war. Malware programs, or to be more precise – their authors, will have to solve the problem of attacking the cloud. Although technologically it is practically impossible to destroy the cloud, direct mass DDoS attacks aside, it is quite vulnerable in terms of its own functionality - receiving, processing and sending information to and from the end users.

Problems within the very architecture of the majority of antivirus clouds will be actively used by the cybercriminals, and the first examples of such actions can be seen already. The most widespread and simple method of disabling cloud technologies is to block computer access to the cloud. More complex methods include the substitution of data –with the aim of ‘trashing’ the cloud with false information, as well as modification of the data received from the cloud.

Such ‘trashing’ is probably the most dangerous threat. Blocking access to the cloud or the modification of responses from the cloud specifically affects only infected users, but inputting false data into the cloud
will influence every single user. This would bring with it not only an absence of detection, but also to a more serious problem – false positives, which would lead to a general decline in the level of trust in cloud-based technologies and to the necessity to revise or alter their performance algorithms.

With the increase in the number of antivirus technologies that operate using in-the-cloud technologies, there will be a constant quantified and qualified growth in the number of attacks upon them from malware programs on clients’ computers, and additionally with the help of special services, supported by the cybercriminals.

GLOOMY STATISTICS.

A fake scanner based on Javascript looks quite genuine to an inexperienced user
            There are many types of malicious programs designed to scare people into buying a licence for a worthless program usually for windows. Their names may differ depending on the functionality and the way of packing/compressing the binary files. Thus, rogue antivirus programs may be contained in, among other examples, the following signatures: not-a-virus:FraudTool (this program is ascribed to the ‘not a virus’ category due to the lack of a malicious payload, apart from its attempts to persuade users to pay money for a nonfunctioning application), Trojan.Win32.RogueAV, Trojan.Win32.FraudPack or Trojan-Downloader. Win32.Agent.

The diagram refers to FraudTool signatures and shows the Top10 rogue antivirus programs. Due to the huge number of signatures it is difficult to tell for sure just by the name whether a particular malicious program represents a group of rogue antivirus solutions or not.

A bogus YouTube website. A false message informs the user that it
is necessary to update their copy of Flash Player. Cybercriminals
often covertly insert malicious programs into a user’s system by
this method, any one of which may be a rogue antivirus solution
In total, there were 266,090 victims of FraudTool.Win32 in all of the countries. First place goes to Vietnam with over 120,000 cases of FraudTool.Win32 infection.

A study shows the number of malicious programs detected on particular days for the period from March to June. From mid-March, the number of infections has systematically decreased. In March, there were 192,000 infections in total, in April 150,000, in May 135,000 and between 01 and 17 June 58,000 infections, which indicates that the number of infections in June will probably be even smaller than in May. However this fact only proves that like everyone everywhere, cybercriminals also like to take their vacations in summer. As with other malware distribution, scareware peaks in spring, autumn and before New Year.

Microsoft as the biggest software vendor is engaged in a campaign against this type of fraud also. Its website informs visitors how to remove an unwanted program and how to tell the difference between a false version of Windows Defender and the real one,which is built into the Windows system.

Summary:

Rogue antivirus programs are quite successful, which seems to be confirmed by the fact that cybercriminals look for new methods to entrap unwary users. Cybercriminals are getting better and better at making their products similar to known security applications. As a result, companies lose the trust of their customers, whilst the customers themselves, quite apart from money, can lose passwords and logins to bank and email accounts, social networks, etc. This means that the identity of the victim is under threat. We can easily predict what will happen next. With a new ID, a cybercriminal can open a bank account in somebody else’s name and use it with impunity, as it is the victim that will be responsible for the cybercriminal’s actions.

November 19, 2010

Hijacking Google services!

An international research team has demonstrated the possibility of hijacking Google services and reconstructing users’ search histories. Firstly, with the exception of a few services that can only be accessed over HTTPs (e.g. Gmail), researchers found that many Google services are still vulnerable to simple session hijacking.

Next they presented the Historiographer, a novel attack that reconstructs the web search histories of Google users, i.e. Google’s Web History, even though such a service is supposedly protected from session hijacking by a stricter access control policy. The Historiographer implements a reconstruction technique that rebuilds the search history based on inferences received from the personalized suggestions fed to it by the Google search engine. The attack was based on the fact that Google’s users receive personalized suggestions for their search queries based on previously searched keywords. The researchers showed that almost one third of monitored users were signed in to their Google accounts, and of those, half had their Web History enabled, thus leaving themselves vulnerable to this type of attack.

Next they presented the Historiographer, a novel attack that reconstructs the web search histories of Google users, i.e. Google’s Web History, even though such a service is supposedly protected from session hijacking by a stricter access control policy. The Historiographer implements a reconstruction technique that rebuilds the search history based on inferences received from the personalized suggestions fed to it by the Google search engine. The attack was based on the fact that Google’s users receive personalized suggestions for their search queries based on previously searched keywords. The researchers showed that almost one third of monitored users were signed in to their Google accounts, and of those, half had their Web History enabled, thus leaving themselves vulnerable to this type of attack. The attacks demonstrated are general and highlight concerns about the privacy of mixed architectures using both secure and insecure connections. The research data was sent to Google and the company has decided to temporarily suspend search suggestions from Search History in addition to offering Google Web History pages over secure protocol HTTPs only.

November 18, 2010

Crimeware: A new type of threat to our security.

      Crimeware is malicious software that is installed in a covert manner on computers and performs illegal actions unanticipated by a user running the software, which are intended to yield financial benefits to the distributor of the software. Main crimewares are similar to Trojans. There are differrent types of Trojans designed to do different things. For example, some are used to log every key you type (keyloggers), some capture screenshots when you are using banking websites, some download other malicious code,and others let a remote hacker access your system. Commonly they will steal your confidential information and send it to the criminal. Using these information, the cybercriminal is then able to steal your money.

During the past two years, crimeware attacks have increased at a far greater rate than the normal virus. International gangs of virus writers, hackers and spammers are joining forces to steal information and collect huge profits illegally.

Given the newness of this threat type, and the potential of how it might evolve in the future, further clarification and dissection of the definition of crimeware will likely be required.


How can you protect yourself from crimeware?
  • Install Internet security software.
  • Install operating system patches and application patches. Turn on Automatic Updates. And update Microsoft® Office regulary.
  • NEVER open an attachment sent in an unsolicited (spam) email. The same is true for email messages or IM (Instant Messaging) messages that contain links.
  • Update your security software regularly, at least once in a day. Keep your other applications updated.
  • For everyday use, create a separate user account with only limited access rights. By doing this, you limit a malicious program’s access to valuable system data.
  • Backup your data regularly to a CD, DVD, or external USB drive.

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More