Tag Archives: Malware

Security

Thunderstrike 2 OS X Firmware Attack Self-Replicates to Peripherals

At Black Hat, researchers are expected to disclose new firmware attacks that work against OS X and self replicated to Thunderbolt peripherals.

Panda Security

A problem for Human Resources – some CVs can hold your computer at ransom

mouse

Just like sending greeting cards by post, physically presenting your CV for a prospective job offer is becoming extinct. The digital world in which we live has rendered the act of traditional post as unnecessary – now it is easy, not just for the candidates but also the HR department, to receive CVs by electronic or digital means.

However, this also presents its own risks for your IT security. Cybercriminals are prepared to take advantage of the fact that companies receive hundreds of CVs and like to attach a small extra to theirs in the form of malware.

A group of security experts uncovered a network of cybercriminals that sent malicious programs disguised as curriculums which installed itself on the victim’s computer upon clicking to open the document.

This type of attack is known as ransomware, which is a type of malware which can behave in two ways: it can completely block the computer or impede access to files by encoding them and making them inaccessible. Usually, the attackers demand the victim to pay a certain amount of money to receive a code to unblock the system, which is why they normally target companies as the chances of getting a big payment are higher.

 

In the chain of emails identified by the experts, the address corresponds to a Yahoo account and the attached document is compressed like a ZIP file. The emails also contain a short text with a greeting from the fake candidate in which they give their name (but never their surname) and notification of its delivery. Another characteristic of the email is the misspelling of words and grammatical errors.

CV

The experts therefore advise that once the compressed file is opened, the malicious file will be seen in .html format, which should serve as a warning as these type of texts are usually sent in PDF or Word documents (although it is also advised against opening them in this format if you aren’t sure of their origin).

Once the receiver clicks to open the document, their search engine will open the address that appears in the code (just like clicking on a link). The fake link redirects the program to a page on the infected server where a sequence of links is played out until an .scr file is downloaded, an executable file of Windows that contains the ransomware.

The reason why these criminals have created these cyber-labyrinths lies in the security systems themselves. The antivirus solutions and anti-spam filters have made them design a method of attack that takes place over a series of stages so as to evade the system’s defenses. This should also serve as a warning – if your computer goes through different steps to open a simple CV, be suspicious.

In the event of this or any other type of ransomware infecting your computer, the first thing you should do is turn it off and disconnect it from the internet so that it can’t spread to the rest of your devices that share that connection. The malicious program might be eliminated but it’s likely that you won’t be able to get your information back, which is why it is highly recommended that you make copies of all of your confidential and important information. It’s best to save it onto a different device and, obviously, do it before suffering an attack.

As regards the ransom that the cybercriminals ask for, don’t think that this will be solved just by handing over the cash – these criminals aren’t known for sticking to their word and nothing can guarantee that they’ll give you the correct code. Anyway, even if they do, what’s to say they won’t try and infect your computer again in the future.

The post A problem for Human Resources – some CVs can hold your computer at ransom appeared first on MediaCenter Panda Security.

Security

Writing Advanced OS X Malware an ‘Elegant’ Solution to Improving Detection

OS X security researcher Patrick Wardle is expected at Black Hat to demonstrate how to write advanced Mac malware, including Gatekeeper and Xprotect bypasses, in hopes of raising awareness to the current state of OS malware detection.

Panda Security

More than 50% of malware for Android is aimed at stealing from you. Keep an eye on your pocket!

android

With the barrage of news about Hacking Team, the massive cyber espionage by governments, and the US intelligence raids, it might seem that cybercriminals are taking a different route compared to your average criminal. However, don’t let this fool you as they are all after the same thing which, as the famous song goes, is “money, money, money”.

Wherever there’s money, there are sure to be malware creators. So after the boom in internet shopping people are beginning to reach for their pockets to make payments once again; not with their wallets though, but rather their cellphones.

According to a recent study carried out by IAB, 7 out of 10 Spaniards (more than 19 million internet users) regularly buy online. The percentage of those who make purchases from their cellphones or tablets is steadily increasing and currently accounts for 15% of all purchases. In other countries, such as the United States, the percentage of purchases from mobile devices is even greater.

These online purchases generally require the use of sensitive bank information as you are paying with a card or performing a transfer, but this doesn’t seem to bother consumers. According to a report by ING, nearly half of Europeans now use their smartphone or tablet to carry out bank transactions.

mobile dollars

Slowly but surely tablets and smartphones are replacing the traditional computer for these types of tasks and, as a result, they have become a goldmine for cybercriminals. Financial malware, designed to gain access to your account, is thriving in the darkest corners of the internet.

More than half of all malware designed for Android has been created with stealing money in mind. This was confirmed by a recent study, which named Trojan and ransomware (which hijacks your terminal and requires a payment to unblock it) as the most popular tools deployed by cybercriminals.

It’s interesting to note that it is Android, and not iOS, which is the main target of attack. This is despite iOS taking a far larger profit share of the market. This is because, for the cybercriminals, it is all a matter of volume.

On a global level, Android is a far more popular system and accounts for 78% of the smartphone systems in operation, according to details from the IDC. Meanwhile, iOS only accounts for market share of 18.3%.

The more potential victims there are, the higher the yield for the cybercriminals, as we have seen with the infamous Sypeng and Faketoken cases, which wreaked havoc across the globe. So, if you have already been targeted by them you’re in a tricky situation, as prevention is better than the cure in this case.

An antivirus for Android and following some advice when completing transactions on your mobile device (such as avoiding public WiFi connections and avoiding applications that aren’t on Google Play) will save you a lot of hassle in the future.

The post More than 50% of malware for Android is aimed at stealing from you. Keep an eye on your pocket! appeared first on MediaCenter Panda Security.