Posts Tagged ‘malware’

Apple Ransomware

Posted by

apple now targeted by ransomewareApple computers are not immune to malware vulnerabilities. A new form of malware called “ransomware” is targeting Apple’s Mac OS X operating system. Ransomeware is a computer virus that encrypts important data such as pictures, videos, music, and documents in order to “hold it for ransom” at an unsuspecting victim’s expense. If the victim pays the ransom then, hopefully, they would receive a key to decrypt their data, known as a decryption key. Unfortunately many times there is no decryption key and the victim loses not only their data but possibly up to $700 USD in ransom payment. The ransom payment transaction occurs using an anonymous payment method in order to conceal the identity of the scammer holding the data ransom so that there is no trace. Ransomware is usually spread via email attachments, peer to peer file sharing, and more recently removable devices such as external hard drives and USB flash drives.

While this is not the first time Apple computers have been vulnerable to malware attacks, such as the FBI virus a few years ago, a recent Reuters report revealed that ransomware was targeting Apple computers for the first time. Ransomware is already rampant on computers running the Windows operating system. Many variants of the trojan horse already exist such as Bitlocker, CryptoWall, Cryptorbit, and CryptoLocker or Crypto-malware. So far the ransomware has infected Apple computers via peer to peer file sharing networks using bit torrent.

There is no easy fix for the data that has been affected by the ransomware. Without the decryption key the data is scrambled to a point that it cannot be deciphered using current technology.

“The best way to protect your data from a ransomware attack is to have an archive backup of the important data on a computer” says South City Computer security expert Nestor Wheelock. “Because the archive is completely disconnected from the live file system the ransomware will not encrypt the data”. While this form of data backup service is complex and daunting to most computer users, South City Computer offers a service package that includes this type of backup service. If you need assistance setting up this type of backup service contact South City Computer or a local computer repair store near you.

Mystery Duqu Virus

Posted by

Computer security vulnerabilityEarlier this year cyber security software company Kapersky announced the discovery of a cyber intrusion that affected many of it’s internal computer systems which initiated a large scale investigation. They believe the virus penetrated their systems through an email attachment sent to an employee at the company. From there the virus moved stealthily through the company’s computer network targeting it’s customer’s computer networks and collecting information. Instead of removing the virus Kapersky monitored the virus on their systems in an attempt to better understand its function and purpose.

The investigation led to the discovery of a new highly sophisticated malware platform known as Duqu. The platform was developed from one of the most skilled, mysterious and powerful underground groups in malware. The virus is considered to be in the same league of complexity as the “Stuxnet” worm that was discovered in June 2010 by “Symantic” and has been nicknamed the “step-brother of Stuxnet” in the cyber security world. The Stuxnet worm was a malware created to target Iranian nuclear centrifuge control system software and reportedly ruined one-fifth of Iran’s nuclear centrifuges.

The Duqu malware platform was initially discovered in 2011 by Crysys labs in Budapest Hungary. Crysys Labs released a 60 page document to the cyber security world defining it as a cyber threat that was not related to Stuxnet as was initially believed because it was nearly identical to Stuxnet, but seemingly had a completely different purpose.

In 2012 the mysterious group responsible for Duqu seemed to have gone dark, and the Duqu virus seemed to no longer pose a threat, that is, until now.

The Duqu virus attacks Microsoft Windows computers by using a “zero-day-vulnarability” that uses a Microsoft Word document (.doc) to exploit the computer. A win32k font parsing engine actually enables the virus to install onto the victims computer when the victim downloads and tries to open the Microsoft document.

At first Duqu was thought to be targeting industrial control systems like the “Stuxnet” worm, but recent revelations have uncovered a very different purpose for the virus. The virus actually is a form of spyware targeted hotel computer systems where nuclear arms talks with the Iranian government and allied world leaders (p5+1 events) were happening throughout the world.

Costin Raiu, director of the global research and analysis team at Kaspersky, said the virus was packed with more than 100 discrete “modules” that enabled the infected computers to be controlled by someone else. Other modules found were designed to compress video feeds from surveillance cameras, and also target communications from phones to Wi-Fi networks. The attackers would know who was connected to the infected network, allowing them to eavesdrop on conversations and steal electronic information. The virus is also capable of operating two-way microphones in hotel elevators, computers and alarm systems. The virus automatically deposits a small file on the infected computer to enable a way for the attackers to monitor and return to the computer at a later date.

The only question is, who is responsible for this complex and sophisticated eavesdropping attempt? Who would benefit most from this sort of intelligence? Cyber security experts at Kapersky hinted toward involvement from the Isreali government, initially naming the virus “The Duqu Bet”. “Bet” being the second letter of the Hebrew alphabet, but later changed the name to Duqu 2.0. The Israeli government did not claim any involvement in the Duqu malware platform.

The sophistication and dedication of the Duqu group is a testament of just how complex a virus can be all in an attempt to collect information.

Social Media “Click Bait” Malware Scam

Posted by

Link Click Bait ScamsSocial media “click bait” targeting has become a big business in recent years. “Click-baiting” is when a publisher posts a link on a social media website like Facebook, Twitter, or Pinterest with a headline that lures people to click to see more, without telling them much information about what the user will really be taken to. Websites like BoredPanda, Buzzfeed, Reddit, College Humor, and Gawker (to name a few) use click bait headlines to lure users to embedded web content surrounded by advertisements. Click baiting has forced Facebook developers to re-evaluate their algorithm for what is considered relevant content, as currently the more clicks a link receives the more likely it is to appear in other users feeds. Wording a link with just the right message in order to get users to click out of the social media website is what “click baiting” is all about. While many of these links take users to relevant content (like this article), there are several new scams also using the tactic to infect computers with malware or attempt to steal personal information.

A recent scam Facebook users should watch out for is a video that is titled “[Shocking video] When you see what happens to this pregnant lady at the beach, your jaw will drop,”. The link actually takes users to a phony Facebook page which asks them to share the post before viewing the shocking video. The victim of the scam will be prompted to download a video software to view the video, but in reality only downloads malware onto the computer. The victim is never actually shown the “shocking” video but instead is taken through other various websites that attempt to steal personal information. The actually video this scam refers to is available for free at YouTube, but unfortunately is much less shocking than advertised.

Social media users should be leery on the links they click on Facebook, Twitter, and Pinterest in order to avoid being scammed or downloading malware onto their computer.

ALERT: Rombertik destroys your computer, avoids detection

Posted by

Virus AlertA new destructive virus known as Rombertik avoids detection from most anti-virus software by making a computer unusable by deleting key files on a computer and filling the hard drive with extraneous bytes of data in order to overwhelm the anti-virus software from detecting it.

Security experts from Cisco say the virus steals login information and other private data. The malware infects the computer via a malicious email attachment.

The malware is also constantly monitoring the computer for security scans in order to avoid detection. The virus will initiate a “self-destruct” sequence that makes the computer unusable by erasing the master boot record (MBR) so that the computer only reboots and never gets into the Windows operating system most likely resulting in a full system restore in order to correct the issue.

How to fix Proxy Server Isn’t Responding issue

Posted by

Fix the proxy server isn't respondingOne of the more common computer issues we see because of malware is a misconfiguration Proxy Server connection setting in the browser. You may be able to do a quick fix to get your Internet connection back up and running, however if this has gotten set and you don’t recall doing it, this is probably because your computer is infected with malware or a virus.

NOTE: This may only temporarily fix your Internet connection issue and malware may change this setting back on reboot. It is recommended you get professional computer repair services.

In Windows Search type inetcpl.cpl.

Right click and choose to Run as administrator.

Click the Connections tab, and then click LAN settings button.

Un-check the Use a proxy server for your LAN check box.

Make sure Automatically Detect Settings is checked.

If you have already attempted this fix, and are still getting a Proxy Internet connection issue then you may need computer repair service. Bring your computer to South City Computer or to a local computer repair service and support provider near you.

Why is the Proxy Server Setting enabled?

While every issue is different, malware is usual the culprit behind this proxy setting being changed on a computer. The setting allows for all Internet traffic to be rerouted and monitored through another computer. This is likely in order to serve pop-ups and/or search your Internet traffic for usernames, emails, credit card numbers,and passwords.

// //