Readers like you help support my blog. When you make a purchase using links on our site, we may earn an affiliate commission! Thank you!

Thursday, April 30, 2015

Anti-Botnet Advisory Centre: Inform

Anti-Botnet Advisory Centre: Inform  



To prevent the re-infection of your computer please note these important rules:


  • 1
    Check your computer for infection. Please use our EU-Cleaner to remove all
    malware.

  • 2
    Install current Service Packs and Security Updates for your system. Activate automatic updates. Microsoft Instructions: Protect.

  • 3
    Check your Internet browser and the
    embedded plugins (e.g. Java, Flash, Shockwave, Quicktime) regularly to
    make sure they are up to date. Browser- and Plugincheck

  • 4
    Install a virus scanner, e.g. one that is mentioned here and update it
    regularly.

  • 5
    Use a firewall e.g. built-in Windows firewall or a router. More Information
    about Firewalls.
    .

hfiref0x/UACME · GitHub

hfiref0x/UACME · GitHub



UACMe

Wednesday, April 29, 2015

Blaze's Security Blog: Thoughts on Absolute Computrace

Blaze's Security Blog: Thoughts on Absolute Computrace: Introduction Not too long ago my friend and colleague from Sweden, Jimmy, contacted me in regards to a strange issue. In the firewall, he...

TorrentLocker changes it's name to Crypt0L0cker and bypasses U.S. computers - News

TorrentLocker changes it's name to Crypt0L0cker and bypasses U.S. computers - News   



A new ransomware called Crypt0L0cker (the OHs have been replaced with
ZEROs) has been released that appears to be a new version of TorrentLocker.
This ransomware was first sighted at the end of April in European and
Asian countries and in Australia. Unlike TorrentLocker, for some reason
this variant is Geo-Locked so that it will not install on US based
computers. This ransomware is currently being distributed through emails
that pretend to be traffic violations or other government notices. At
this point it is unknown what encryption method is used and if its
possible to recover encrypted files. The ransom amount is currently set
for 2.2 Bitcoins.

Monday, April 27, 2015

Without a Trace: Fileless Malware Spotted in the Wild | Security Intelligence Blog | Trend Micro

Without a Trace: Fileless Malware Spotted in the Wild | Security Intelligence Blog | Trend Micro  



With additional analysis from David Agni


Improvements in security file scanners are causing malware authors to
deviate from the traditional malware installation routine. It’s no
longer enough for malware to rely on dropping copies of themselves to a
location specified in the malware code and using persistence tactics
like setting up an autostart feature to ensure that they continue to
run. Security file scanners can easily block and detect these threats.




A tactic we have spotted would be using fileless malware. Unlike most
malware, fileless malware hides itself in locations that are difficult
to scan or detect. Fileless malware exists only in memory and is written
directly to RAM instead of being installed in target computer’s hard
drive. POWELIKS
is an example of fileless malware that is able to hide its malicious
code in the Windows Registry. These use a conventional malware file to
add the entries with its malicious code in the registry.