Virus writers are evolving the use of encryption and other techniques to hide malicious code from detection software. They have direct access to the operating system documentation (for Windows, Mac, etc.); the same documentation used by developers. They have traditionally made sure they're malicious code evades detection by signature based antivirus detection. This fact and economics means the number of crackers and malicious attacks will continue to increase.In spite of this, researchers have been baffled as to how the Flame Malware has been devised to avoid detection for two years (not matching the available antivirus signatures) with the ability to infect fully patched Windows 7 machines… Security Researchers have identified 'Windows Update' as the mechanism Flame uses to infiltrate and compromise networks.Network InfectionCrackers exploited a flaw in the Microsoft Terminal Services licensing certificate authority, which allowed them to generate a new certificate that was "signed" by Microsoft. This particular kind of certificate (valid from February 2010 and February 2012) gave crackers a clear avenue into most computers running Windows.This sophistication in malware creation has never been seen before. Many security experts are just amazed, calling it "the Holy Grail of malware writers" and "the nightmare scenario". Antivirus Researchers (such as) Symantec and Kaspersky said that Flame didn't actually compromise anything in 'Windows Update' and it did not compromise the service or servers.Computer to Computer InfectionFlame conducted an imitative deception operation of Windows Update (a military grade attack). Using this process it was able to make all other computers on the network believe, that it's the Windows Update server. It Then collected the NetBIOS information (which identifies each computer) and used that info to send Windows Update requests through Internet Explorer. Flame makes itself a Web Proxy Auto-Discovery Protocol (WPAD), and sends configuration files to all of the requesting PC's.Configuration files sent from computer to computer through the WPAD directs the compromised machine to redirect all traffic through the infected machine. When Flame detects a URL request matching the Windows Update URL, it transmits a new downloader (disguised as an update from Microsoft) to infiltrate the machine disguised as a '.cab' file. Once the update is executed, it downloads a copy of Flame from the infected machine to the clean machine.Microsoft (upon detection) has blocked three certificates that were used by attackers, preventing additional spoofing of Windows Update (as long as there are no more rogue certificates in the wild). They have also implemented prevention procedures to stop others from creating new code signing certificates.Attack Vectors and InstructionsFlamer spreads from computer to computer, however; It doesn't do that automatically, instead it waits for the attacker to send instructions. Here are the additional methods that Flamer uses to spread:- It uses captured credentials from administrators - spreads through network shares.- It uses (CVE-2010-2729), spreading through a Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability, which was previously used by Stuxnet.- It uses removable media - spreading through a specially crafted autorun file.- It uses removable drives - spreading through a special directory that hides the files. It can execute automatically while viewing the USB drive, if combined with the (CVE-2010-2568), the Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution VulnerabilityThe Last vector has not been seen before (using junction points exclusively). A junction point is actually an alias to a directory, which has some special attributes. The interesting thing is that Flamer uses junction points, and makes them hide its files and enable auto-execution.Flamer creates a directory and places three files there -' ', '' and '' the configuration file in the '' file causing this directory to work as a junction point. However, Flamer uses a special trick, to make the junction point lead to a file instead of a directory. So this directory leads to a file named ''. That means that this folder won't be accessible by the user, and the files inside will be hidden.Flamer uses (CVE-2010-2568) Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability to be executed. Then the '' file will be used and automatically parsed, and by using the "shortcut" vulnerability, it will execute the Flamer (). Additionally, Flamer might change it's names to , , , or probably any other name.In ConclusionFlamer uses new techniques to get executed and hide itself. Moreover, it exploits the old techniques too. It is incredibly large, and it will probably show us some more techniques as new versions continue to morph. BitDefender, Kaspersky, Norton and some of the other antivirus companies have released a free tool which removes the scariest cyber espionage tool ever. Please use one of the automatic removal tools listed below to eradicate this weapon.
W32 Trats is a type of virus. People who want to do harm to a computer or steal information from your computer usually construct most viruses. However, some viruses are made by accident. Nevertheless, all viruses are dangerous if not annoying. The W32 Trats virus is a low-level threat and there are two cures for it. Seek the help of an IT professional any time you think you may be infected because some virus cures require manual removal, which can be harmful to your operating system.Symantec, a well-known manufacturer of anti-virus software, discovered the W32 Trats virus December 6 2007. Sophos and McAfee, other manufacturers of anti-virus programs, detected the virus on December 6 and 10 respectively. They all released their first defense against the virus the same day they discovered them.The newest revisions of the virus definitions took place in January 2009, meaning they no longer update for this virus. The last version update is sufficient at preventing or disinfecting W32 Trats if they find the infection again, but it has essentially been declared as mostly eradicated or so low risk that it would not harm any computer with the most up to date antivirus or antimalware software on it.The W32 Trats infection infects .exe files, which is any program that runs and must be installed, such as Microsoft Word, or other software program that must be double clicked in order to install and run it. Because it only infects executable files, most text files and word documents are safe, until you attempt to open them on an infected computer.This infection also attempts to contact a remote host computer meaning that the virus tries sending information to the computer from which it originated - its host IP address is 188.8.131.52, as revealed by Symantec, and if you notice any network traffic going to this destination, then you are confirmed infected with Trats.This article is for informational purposes and is the opinion of the author which may not be the opinion of the site that this article links to.If you are in need of grants management systems and grant management systems, you can go online to get information and learn more about how these work.
The main objective of phishing attacks and phishing emails are to deceive or trick an individual user by making him/her think that the source of the mail is authentic. Phishing attacks are meant to steal people of their private and confidential data. There have been numerous instances, where individuals and employees of leading enterprises have reported that phishing mails appear sanguine at first glance. Furthermore, most of them have a compelling content, that urges the reader to part with their personal data or click on the links provided that leads to fictitious websites. These mails generally ask the readers to reply immediately via mail, reply to a phone request or visit an unknown URL.However, if analysed carefully every phishing mail offers clear clues that can let a user know that the link and message is not authentic. Any URL links to web portals that are sent via phishing mails generally opens a web page that though appears like an original brand name, but has certain aesthetic or syntax errors that clearly prove its fraudulence. Ebay, leading banks, Alibaba and other online e-cash and e-commerce sites are common targets and have suffered largely owing to phishing attacks. All these negative impacts needs to be dealt effectively and needs efficient phishing awareness programs.Features of a Phishing MailToday innovative phishing awareness solutions help in educating a layman and employees know more about the features of a Phishing mail. Such emails most often make use of emotional triggers and force users to respond on impulse. Research has revealed that the possible indicators of phishing e-mails comprise of the following:* Improper grammar* Spelling errors* The email address not matching with the enterprise name* Using the name of a real company but providing an incorrect email - address* Forced attempts to prove its authenticity, by making use of words such as "Official"* Has unsolicited request for personal informationIn the recent past, though there has been several standard solutions for phishing protection, most of them have been only addressing the "people risk" aspect of a phishing attack. Furthermore, one of the recent trends that gained prominence is the "incident based reactive approach" that analysis the risk and impacts of phishing based on a particular incident. Esteemed solution providers today provide high-end anti phishing software that helps in updating individuals and employees about the negative impacts of social engineering attacks. Features of this software include the following:* Enables an enterprise in analysing the potential phishing attacks* Provides flexible reporting and includes them back into an organization's chief performance-indicator framework* Provides a detailed "road map" solution focusing on the security awareness and training within an enterprise* Assists in identifying weakness within people, method and technology links* Helps in prioritizing remediation attempts through useful benchmarking and maturity analysis* Helps in increasing employee awareness and expertise to safeguard crucial informationData and network security are two crucial elements that every organization needs to focus on for smooth day-to-day functioning. Advanced phishing protection solution helps an enterprise to attain the same seamlessly and helps in the efficient transfer of data.
Most of the users going online today are very casual about the internet security and they know minimum about online threats. Whenever, they face issues with their PC they consider it any minor and temporary PC problem and simply ignore them. It happens because users don't really understand that the problem is actually caused by a malware that may be a virus, Trojan or others. Those who can understand the symptoms and types of malware don't really wait till the system crashes down rather they seek the right kind of support and repairs so the threats could be prevented within time. The users who know about malware and other online threats can take recourse to updated antivirus programs in a bid to prevent such threats. What is malware? Malware is in fact a malicious software that is programmed to hack your PC and steal or destroy important data and information. The malware is a broader term that refers to every type of malicious software which is designed and created with the intention of damaging PCs and stealing important data and information. It targets the PCs connected to the internet and sometimes make the users suffer financially as well. Some of the categories of malware include viruses, Trojan horses, worms, spyware and rootkits. This article lets you know about various types malware that can infect your PC. In this article you will know about the mode of infection and features of these online threats. Viruses Viruses are the most frequent type of malware that we know. Some viruses that have made huge impact in the past include ILOVEYOU bug, the Melissa, and the Chernobyl virus. Due to these viruses, companies have suffered huge losses amounting in millions of dollars. While active during their peak, these viruses impacted thousands of PCs and crippled the entire email server of many companies. At one point of time, the companies like Intel and Microsoft had to shut down their emailing servers because of the fast increasing impact of these viruses. The viruses that have appeared in the past had a feature of stealing the contacts from the address book of the infected PC and sending them to many PCs either via the MS Outlook or other email accounts. The virus sends the email with an attachment containing an alluring note to befool users. It is very difficult to remove malware from the system as it gets glued to almost every removable hardware component that is attached to the infected PC or device. The features and mode of infiltration of these computer viruses are very similar to computer worms as both infect the files on the system and gradually make the system slow to an extent that it becomes unusable. To fix the PC you first need to remove these files as they get infected with the virus. Worms Computer worms can be termed as the self-replicating malware. It is widespread and available everywhere on the web. If you are thinking that they are not a major threat to the PC and you can easily get rid of computer worms then you are totally mistaken as worms are stubborn and it is not easy to remove them. One remarkable thing about the worms is their ability to go undetected even after staying for months in your PC. Gradually they begin deleting your files, slowing down your programs and creating ways for other malware to get into the system. Certain worms can also create backdoors for hackers. Worms often attach themselves with files and attachments and infect PCs through mass mailing. So be cautious about these highly dangerous computer worms and always keep your PC protected with an updated antivirus program. Trojan Horses This is one of the most dangerous types of malware. Trojan plays trick to befool the users. They exist in the PC in the guise of some genuine program or file that makes it very difficult for the users to detect the infection. Trojan mostly exists as a document, genuine photo or application to avoid detection. The moment you click on either of it, the malware gets executed and starts harming your PC and programs. Although, it doesn't replicate itself but is capable of inserting many worms and viruses that make irreparable damage to the PC. Some other types of malware include spyware and rootkits. Spyware infects the target PC via ads, message pop ups and browser redirection. They divert you to a malicious web page or website and thus insert the infection into your PC. The best way of preventing these threats is to install an updated antivirus program on your PC. Moreover, be always alert and cautious while you are clicking on an email or attachment coming from a strange source.
Technological innovation over the years has provided organizations with the best tools to drive their business operations. Topping to the list of technology innovation that is most used in today's techno savvy business environment is the Internet which has given a business houses a worldwide access to enter newer markets. Further, the concept of the world wide web has slowly but steadily moved into the enterprises to form a widely networked global organization.However, the internet has become indispensable today. Though it plays a major role in providing a fast and easy method of electronic communication in both day-to-day business and the social circles, it also challenges the internet user with security threats, frauds and phishing attacks. Thus organizations need to do away with ineffective security measures and cater advanced tools to protect the people and process to ensure safety of the business operations. Sophisticated technology alone cannot withstand the pressures from malicious attacks, but require proactive initiatives and timely implementation to control the phishing attacks.The phishing attacks are ways and means to extract critical information from the unsuspecting internet or network end users. With the information extracted in the form of passwords, user name or other basic critical information either personal or professional, these fraudsters then extend their operations to dig out deeper information vital for the organization, leading to security breaches. The standard phishing protection solutions used by most of the organizations address the technology and the process used and some solutions also addresses the people risk factor. However, today's technology based highly networked business organizations need effective anti-phishing software that will cover all aspects of phishing protection.Enterprises today use anti-phishing tools to provide organizations with estimates of security awareness among the employees, identifies data leakage and evaluates data loss and prevention. Further, eminent service providers deploy simulated phishing attacks to prepare the employees with the necessary knowledge to handle real-time attacks. The anti-phishing software also benefits organizations to -??? Assess their employees awareness level on social engineering and its side effects.??? Estimate the probable hazards associated with phishing??? Provides a "road map" solution for ensuring security awareness within the enterprise??? Recognizes the weak links from among the people, method and technology??? Prioritizes remedial action by benchmarking and maturity analysisSuch effective diagnostic anti-Phishing software will help to increase employee awareness against Phishing attacks and safeguard business critical information from the hands of the malicious organizations need to do away with ineffective security measures and cater advanced tools to protect the people and process to ensure safety of the business operations.
So just like many IT professionals you fell fowl of the conficker worm? I am sure every IT professional has a plan for disaster should it ever occur but the conficker worm bit us all in the backside - why? Well, the truth is that not only was this a clever infection that outwitted most antivirus programs but it also took advantage of our lack of preparation when it comes to being fully prepared against malicious attack.Here is a checklist that hopefully will enlighten you and also help you prepare against future problems:1. Do not use simple passwords.This is a simple mistake to make for IT professionals and users alike. Choosing 'password' as your password is inviting trouble. Many hackers and malicious coders will take advantage here. You should have a minimum complexity for your passwords.2. Do not simplify your network share permissions.If you are an IT professional you should know what this means. It means basically do not use the 'everyone' group in your network shares. You should tighten it up and use specific domain groups and only use the minimum required permissions or hackers will again take advantage of this lapse in security.3. Use a good antivirus program.More importantly keep it up to date! If you use a client/server program then this is fairly easy to do but make sure all visitors to your network have adequate protection also.4. Keep your network patched with updates.Antivirus programs are designed to keep attacks out, not necessarily to deal with it once on board. Remember this and keep all of your software including your operating system bang up to date with the latest patches. This could be server updates or client security updates. Microsoft have since developed patches to cover up the weakness in their system that the conficker worm took advantage of, who knows what else is lurking? Guys, keep it patched.5. Prepare for the worst.You may never be able to keep all infections out so be prepared with good up to date images of your machines. Also make sure that all data is backed up properly and you are prepared for disaster with a quick recover should the worst occur.In conclusion do not become lazy when it comes to a good disaster recovery plan. Make sure you use antivirus and it is up to date, make sure your servers and your client computers are all up to date. Ensure you use strong passwords and minimal network shares. If you have images and copies of your software and data backups you are on your way to being prepared for when the next generation of conficker worm or it's equivalent comes looking for trouble.
Is your computer hit by some kind of cyber virus? Have you found your computer frequently crashed down or run slower and slower? Wondering why your computer is acting so weird after you installed some free software? As a primary computer user, maybe you are feeling headache with the problem of your computer, but please don't worry because reading this article will help you understand virus better. A general instruction of cyber virus Virus is a computer program designed by intentional cyber hackers that can sneak into user's computer and infect other programs by modifying them in such a way as to include a copy of itself. It's a kind of code that damage or erase data, files, or software programs in your computer. Virus can reproduce and spread itself through Internet when users download infected file or click on malicious code on illegal sites or pages. Once the virus is embedded into your computer, it will immediately start to damage or destroy your system and mess up your computer. What's worse, it can be controlled by the hackers remotely so that it has the ability to steal your personal information or confidential data and then transfer them to the hackers behind for illegal purpose. The common categories of cyber viruses 1). Screen locking malware This kind of malware usually locks your computer immediately once they get in. What you see is that your computer screen has been totally occupied by a page pretending to be warning from local police department of government and with a scaring message stating your online activities have been detected as illegal movements thus you need to follow its instruction which guides you send a certain payment of fine by online transfer otherwise you will face a serious law issue then probably be put in jail really soon and your computer will continue to be locked until the payment is done. If you have been the one to believe this notice is from real government department and actually have paid the fine, I may say you have unfortunately became a fool to believe such a scam malware because this scaring message from so-called local department of police is definitely a scam aiming at robbing money as much as possible from timid people who has a guilty conscience. I bet you still can't get your computer unlock even you have paid the fine online. The most typical one is the Fake FBI virus which is rather popular all over the world recently, for more information about it please click here. Hackers created and updated them all the time to acquire their dirty money and achieve their immoral targets. 2). Trojan horse virus Trojan horse virus, usually is called Trojans for short, is defined as a type of virus that masquerades as a system file or helpful program with the purpose of granting a hacker unauthorized access to a computer. It's one kind of really tough and nasty virus that can cause critical damage to your computer. This kind of virus acts rather trickily in your computer and it's very difficult to be found out and removed from the system. One typical feature that departs it from normal computer virus is that Trojan virus does not attempt to inject themselves into other files like a computer virus. Trojan horses can make copies of themselves, steal information, or harm their host computer systems. Many Trojan viruses rely on drive-by downloads or install via online games or internet driven applications in order to reach target computers. Once your computer is infected by Trojan virus, it will attack your programs and files, block the internet visit, and make your system crash down. So this virus should be removed immediately before it wreaks chaos. Definitely it will bring nightmare to computer users who have unfortunately got this devil within their computers. 3). Fake antivirus This kind of virus is recognized as a horrible fake antivirus that pretends to scan your computer thoroughly acting like an authentic and powerful anti-virus software. Usually the interface of this fake program is just similar to the real anti-virus program. It aims at luring computer victims to purchase its full version which is definitely a scam. Once the fake program is installed, the virus can update itself and invade your computer deeply with other threats such as malware and spyware. After scanning, the rogue program displays that your computer maintains many virus infected items needed to be deleted soon. In fact, all fake security warnings are just false information that cheats unknown users for their money. The fake security program is a malware infection itself, so even the full edition of the fake program is never possible to detect and remove any type of computer viruses and other security threats. Don't ever trust such a fake security scanning program which is designed to attack your computer and violate your privacy aggressively. The virus can records your computer data and browser history to gather your precious information for remote hackers by design. In such an urgent situation, you need to uninstall such a nasty rogue program completely and promptly. Some tips to help you protect your computer from virus infection 1???Be cautious when clicking unknown links from sites that you are not familiar with because it can point your browser to download threats or visit malicious web site. 2???Do not download unknown free software or shareware that have not been widely proven to be trustful. 3???Avoid opening unknown attachments from spam emails because it may contain Trojan virus or other malicious programs. 4???Update your Windows system in time or else your system will be vulnerable. 5) Keep the firewall defender running so it can protect your system to some extent. 6) Make sure there is a password protecting your WIFI network which can help to avoid hacker's attack.
Malware that has become common these days is often confused with other forms of internet threats. Usually malware is a malicious threat in the form of software or program that can render the computer unusable. This sounds absolutely fine while looking at it casually, but by getting closer you will find its three sub groups known as viruses, adware and spyware. These threats are basically distinguished by the way in which they inflict and spread.By getting to know about these threats you can easily construe the meaning of malware and understand the entire thing because of which these programs can be labeled as malware.VirusesViruses are the most used term to describe online threats for your computer and everyone is aware of these. Viruses are authored mainly by cyber offenders to harm your computer, multiplying itself and taking away the control of your system. Viruses can harm your PC as these can deceitfully attach themselves to benign files to get into the system without your knowledge. Viruses can also affect as worm that is known for its quick replication. So viruses, Trojans, worms all are malware but not all malware are viruses.Computer viruses refer to discrete programs that infect certain executable software and spreads to other software in case they are run. It is highly probable that viruses contain a payload that often performs other malicious actions that you cannot see.SpywareMost of us are acquainted with the term "spying" from which the name spyware is inspired. Spyware is a malware species that observes and reports about it to cyber criminals. They make a log about your activities without letting you know anything about their presence. They are designed to capture your keystroke, every mouse movement and the websites that you visit. Thus they cause huge damage to the host computer.AdwareSpyware is another sub group of malware that is in the first place very annoying as it appears through pop ups during web browsing. These pop ups are meant to redirect you to a different website containing the malicious agents. Adware refers to those unwanted applications that get installed on your system without your consent.What labels a program as malware?You can say that it is the purpose or intent of the program that defines its category. If a program has malicious ends then it as a malware. Moreover, if a program is made to perform deceitful tasks like stealing your data, corrupting your program files and monitoring of your activities then it is certainly a malware. Malware is highly annoying and is purposed to expose your vital data as well as privacy. It is therefore essential to get your PC protected with an updated antivirus software or end point security system.