Tag Archives: ESET

April 15th resource updates

Updates to Anti-Social Media 

The Register: Super Cali’s frickin’ whiz kids no longer oppose us: Even though Facebook thought info law was quite atrocious – “Zuck & Co end fight against California’s privacy legislation” Extra points to El Reg for the title, even if it doesn’t actually scan very well. 🙂

Sophos: Facebook shines a little light on ‘shadow profiles’ (or what Facebook knows about people who haven’t signed up to Facebook).

Also from Sophos: Interview: Sarah Jamie Lewis, Executive Director of the Open Privacy Research Society. OPRS is a privacy advocacy and research group aiming to “to make it easier for people, especially marginalized groups (including LGBT persons), to protect their privacy and anonymity online…”

Updates to Cryptocurrency/Crypto-mining News and Resources

F5: WINDOWS IIS 6.0 CVE-2017-7269 IS TARGETED AGAIN TO MINE ELECTRONEUM – “Last year, ESET security researchers reported that the same IIS vulnerability was abused to mine Monero, and install malware to launch targeted attacks against organizations by the notorious “Lazarus” group.”

The Register: Tried checking under the sofa? Indian BTC exchange Coinsecure finds itself $3.5m lighter. “Indian Bitcoin exchange Coinsecure has mislaid 438.318 BTC belonging to its customers.”

Help Net Security: 2.5 billion crypto mining attempts detected in enterprise networks – “The volume of cryptomining transactions has been steadily growing since Coinhive came out with its browser-based cryptomining service in September 2017.” This is commentary on an earlier article from Zscaler: Cryptomining is here to stay in the enterprise.

Updates to Meltdown/Spectre – Related Resources

Help Net Security: AMD users running Windows 10 get their Spectre fix – microcode to mitigate Spectre variant 2, and a Microsoft update for Windows 10 users.

Updates to Specific Ransomware Families and Types

[14th April 2018] Bleeping Computer re PUBG (and RensenWare, a blast from the past): PUBG Ransomware Decrypts Your Files If You Play PlayerUnknown’s Battlegrounds, based on research from MalwareHunter. Described as a joke, but apart from the fact that such messing with a victim’s data might conceivably go horribly wrong in some circumstances – it doesn’t appear to be an impeccably well-coded program – and is likely in any case to cause the victim serious concern, it looks to me as though this is criminal activity, involving unauthorized access and modification in most jurisdictions.

Updates to Mac Virus

The Register: Exposed: Lazy Android mobe makers couldn’t care less about security  “Never. Is never a good time to get vulnerability fixes? Never is OK with you? Cool, never it is”

Graham Cluley for Bitdefender: China forces spyware onto Muslim’s Android phones, complete with security holes. Links to Adam Lynn’s report for the Open Technology Fund: App Targeting Uyghur Population Censors Content, Lacks Basic Security

Updates to Anti-Malware Testing

[14th April 2018]

Fairness and ethical testing: Pointer to a blog for ESET by Tony Anscombe: Anti-Malware testing needs standards, and testers need to adopt them “A closer look at Anti-Malware tests and the sometimes unreliable nature of the process.” A good summary, and a useful reminder of the work that AMTSO is doing, but it’s a shame that after all these years we still need to keep making these points.

David Harley

Advertisements

Resource updates: April 5th-7th 2018

Updates to Anti-Social Media 

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

Only distantly related, but…

Updates to Specific Ransomware Families and Types

[3rd April 2018] Peter Kálnai and Anton Cherepanov for ESET: Lazarus KillDisks Central American casino – “The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.”

Updates to Mac Virus

 

David Harley

Updates: Facebook, AggregateIQ, and some ransomware resources

Updates to Anti-Social Media 

[4th/5th April 2018]

Updates to: Ransomware Resources

[4th/5th April 2018]

David Harley

17th March 2018 resources and article updates

Specific Ransomware Families and Types

Cryptocurrency/Crypto-mining News and Resources

Mac Virus (now linked from this portal): Android antics and MacOS malware

David Harley

13th March 2018 resources updates

(1) New section on Trend Micro Resources in Meltdown/Spectre – Related Resources

Trend Micro: Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters
“We worked on a detection technique for attacks that exploit Meltdown and Spectre by utilizing performance counters available in Intel processors. They measure cache misses — the state where data that an application requests for processing is not found in the cache memory — that can be used to detect attacks that exploit Meltdown and Spectre.”

(2) Cryptocurrency/Crypto-mining News and Resources

David Harley

BitPaymer/FriedEX

 for ESET: FriedEx: BitPaymer ransomware the work of Dridex authors

“Recent ESET research shows that the authors of the infamous Dridex banking trojan are also behind another high-profile malware family – a sophisticated ransomware detected by ESET products as Win32/Filecoder.FriedEx and Win64/ Filecoder.FriedEx, and also known as BitPaymer.”

David Harley

ESET Trends report, including my ransomware article

The end of another year, and another look backwards and forwards at the threat landscape from ESET. Well, yes, most security vendors do something of the sort at this time of year, but this one is quite interesting.  Tomáš Foltýn introduces the 2018 Trends Report in his article Cybersecurity Trends 2018: The costs of connection.

The article itself is here: Cybersecurity Trends 2018: The Cost Of Our Connected World. It may be of particular relevance on this site, in that it includes my article ‘The ransomware revolution’.

David Harley

Technology versus phone scammers

Not directly concerned with tech support scams, which have tended to be my main scam focus on this site, but David Bisson put up a very useful post – Google and Apple should do more to fight phone scammers, says researcher: Cooperation with government is key, but it’s only part of the solution… – expanding on a slightly naive article by David Glance for The Conversation – Phone scams cost billions. Why isn’t technology being used to stop them?.

David Bisson points out that:

At the end of the day, caller ID spoofing makes it next to impossible to consistently block phone scammers. As a result, users should focus on strengthening their mobile device security by exercising caution around text messages and phone calls delivered from unknown numbers. They should never click on links embedded in text messages sent from suspicious numbers. Also, they could always let an unknown phone call go to voice mail and use that subsequent record to evaluate the number’s legitimacy.

With reference to one of the scam types referenced there, I wrote about the ‘Can you hear me?’ scam, if that’s what it really is, for ESET: Scam calls: can you hear me, mother?

David Harley

ESET’s EternalBlue Vulnerability Checker

A free tool released by ESET ‘to help combat the recent ransomware, WannaCry (WannaCryptor).’

The press release goes on to say that:

ESET’s EternalBlue Vulnerability Checker can be used to determine whether your Windows machine is patched against EternalBlue, the exploit behind the WannaCry ransomware epidemic that is still being used to spread cryptocurrency mining software and other malware.

This obviously isn’t the only way to check, and it may not be the only tool of its kind out there – I haven’t been looking for such a tool. And clearly, checking for a specific vulnerability isn’t a substitute for a sound patching strategy, or for using security software that detects malware (including WannaCryptor) reasonably reliably. But while I haven’t tested it personally, I’d be very surprised (in view of my longstanding association with ESET) if this tool didn’t do what it says on the tin, so some people and organizations might well find this useful.

David Harley

WannaCryptor – XP patch available

Unusually, Microsoft has provided a patch for systems that are no longer supported, but are vulnerable to the Microsoft Security Bulletin MS17-010 flaw exploited by WannaCryptor (a.k.a. WannaCrypt among other names). These include Windows XP, Windows 8, and Windows Server 2003. A patch for later operating systems (i.e. those versions of Windows still supported) was made available in March 2017.

If you didn’t take advantage of the patch for Windows 8.1 and later at the time, now would be a good time to do so. (A couple of days earlier would have been even better.)

If you’re running one of the unsupported Windows versions mentioned above (and yes, I appreciate that some people have to), I strongly recommend that you either upgrade or take advantage of the new patch.

Microsoft’s announcement is here: Customer Guidance for WannaCrypt attacks, with links to the update and further information. Detection of the threat has also been added to Windows Defender.

Kudos to Microsoft for going the extra mile…

Additional analysis and/or commentary by ESET – Huge ransomware outbreak disrupts IT systems worldwide, WannaCryptor to blame, Malwarebytes – The worm that spreads WanaCrypt0r, and Sophos: Wanna Decrypter 2.0 ransomware attack: what you need to know. Among other vendors, of course. [Added subsequently: Symantec – What you need to know about the WannaCry Ransomware]

David Harley