Subscribe to:

Subscribe to :: ::

AVAST To Seek An IPO In 2018

November 10, 2017 by  
Filed under Around The Net

AV outfit Avast has hired Rothschild to prepare the business for an initial public offering (IPO) which could value the firm at as much as $4 billion.

CVC Capital Partners, which took control of the Prague-based company in 2014, could seek a London listing for Avast in the first half of next year if market conditions allow.

If successful, Avast’s float would represent the largest ever UK technology IPO. However it would have to navigate a tough market, which has seen a number of planned London listings pulled in recent weeks.

CVC hired Rothschild after talking to a series of banks as part of a contest in October, the sources said, adding Rothschild will carry out the preliminary work for the deal which includes the selection of global coordinators and bookrunners.

Avast, which previously attempted to float on Nasdaq in 2012, has Summit Partners among its minority investors alongside Czech entrepreneurs Pavel Baudiš and Eduard Kuera who founded the company in 1991.


Can Microsoft Help Linux Grow

September 26, 2017 by  
Filed under Computing

A Docker and Google Cloud expert has packed her bags and headed to Microsoft claiming that Vole is going to be the next key Linux driver.

Jessie Frazelle, who rose to prominence in the developer community with Docker and later Google Cloud, made the bold claim to justify her departure to Microsoft.

For those who came in late, Microsoft was the “enemy” of the Open Source movement for many years. This was not helped by the shy and retiring CEO of Microsoft, Steve Ballmer, calling the Linux a cancer.

Frazelle said that it was “very possible that Microsoft doesn’t merely accept a peaceful coexistence with Linux, but instead enthusiastically embraces it as a key to its future”.

Vole has hired Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and Stephen Hemminger, and it now employs 12 Linux kernel contributors.

Linux kernel maintainer Greg Kroah-Hartman says” “Microsoft now has developers contributing to various core areas of the kernel (memory management, core data structures, networking infrastructure), the CIFS filesystem, and of course many contributions to make Linux work better on its Hyper-V systems.”

According to InfoWorld, it means that pigs really do fly. Microsoft has come a long way from declaring that Linux is a cancer.


‘Stegano’ Malvertising Ads Expose Millions Of Online Users To Hacking

December 8, 2016 by  
Filed under Around The Net

malvertising-2-150x150Since October, millions of internet users have been exposed to malicious code embedded in the pixels from tainted banner ads designed to install Trojans and spyware, according to security firm ESET.

The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.

The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.

The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.

The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.

Victims will typically see a banner ad for a product called “Browser Defense” or “Broxu.” But in reality, the ad is also designed to run Javascript that will secretly open a new browser window to a malicious website designed to exploit vulnerabilities in Flash that will help carry out the rest of the attack.

Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.

The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.

ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.

Android Malware Using Twitter To Communicate With Infected Phones

August 26, 2016 by  
Filed under Mobile

Twitter-on-smartphones-150x150Twitter users aren’t the only ones getting updates from the micro-blogging social media site. One maker of Android malware is also using Twitter to communicate with infected smartphones, according to security firm ESET.

The company uncovered the feature in a malicious app called Android/Twitoor. It runs as a backdoor virus that can secretly install other malware on a phone.

Typically, the makers of Android malware control their infected smartphones from servers. Commands sent from those servers can create a botnet of compromised phones and tell the malware on all the phones what to do.

The makers of Android/Twitoor decided to use Twitter instead of servers to communicate with the infected phones. The malware routinely checks certain Twitter accounts and reads the encrypted posts to get its operating commands.

Lukas Stefanko, an ESET researcher, said in a blog post that this was an innovative approach.  It removes the need to maintain a command and control server, and the communications with the Twitter accounts can be hard to discover.

“It’s extremely easy for the crooks to re-direct communications to another freshly created account,” he said.

ESET said this was first Twitter-controlled Android botnet it had ever found. Windows-based botnets using Twitter have been around since at least 2009.

ESET said Android/Twitoor hasn’t been detected in any app stores, so it probably spreads through malicious links sent to the victim. The malware pretends to be a porn player or multimedia messaging app, and it’s only been active for about a month.

So far, Android/Twitoor has been found downloading versions of mobile banking malware to users’ phones.

“In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks,” Stefanko added.

Linux Botnets Appear To Be On The Rise

August 8, 2016 by  
Filed under Computing

Kaspersky Lab is warning that the Linux botnet is not only a thing but on the rise.

The report said that the share of attacks from Linux botnets almost doubled (to 70 per cent) – and Linux bots are the most effective tool for the SYN-DDoS attack method. This is the first time that Kaspersky DDoS Intelligence has registered such an imbalance between the activities of Linux- and Windows-based DDoS bots.

SYN DDoS is one of the most common attack scenarios, but the proportion of attacks using the SYN DDoS method increased 1.4 times compared to the previous quarter and accounted for 76 per cent.

Oleg Kupreev, lead malware analyst at Kaspersky Lab said that it is Linux which is to blame.

“Linux servers often contain common vulnerabilities but no protection from a reliable security solution, making them prone to bot infections”, says. “These factors make them a convenient tool for botnet owners. Attacks carried out by Linux-based bots are simple but effective; they can last for weeks, while the owner of the server has no idea it is the source of an attack. Moreover, by using a single server, cybercriminals can carry out an attack equal in strength to hundreds of individual computers. That’s why companies need to be prepared in advance for such a scenario, ensuring reliable protection against DDoS attacks of any complexity and duration”.

Brazil, Italy and Israel all appeared among the leading countries hosting botnet Command and Control (C&C) servers. South Korea is the clear leader in terms of the number of C&C servers located on its territory, with its share amounting to 70 per cent. Brazil, Italy and Israel saw the amount of active C&C servers hosted in these countries nearly triple.

DDoS attacks affected resources in 70 countries over the report period, with targets in China suffering the most (77 per cent of all attacks). Germany and Canada both dropped out of the top 10 rating of most targeted countries, to be replaced by France and the Netherlands.

The report also identifies an increase in the duration of DDoS attacks. While the proportion of attacks that lasted up to four hours fell from 68 per cent in Q1 to 60 percent in Q2, the proportion of longer attacks grew considerably – those lasting 20-49 hours accounted for nine per cent (and those lasting 50-99 hours accounted for four per cent (one per cent in Q1).

The longest DDoS attack in Q2 2016 lasted 291 hours (12 days), an increase on the Q1 maximum of eight days.



Microsoft Teams Up With Law Enforcement To Take On Dorkbot

December 8, 2015 by  
Filed under Computing

Microsoft announced that it has worked with law enforcement agencies in several regions to disrupt a four-year-old botnet called Dorkbot, which has infected one million computers worldwide.

The Dorkbot malware aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix.

It was first spotted around April 2011. Users typically get infected by browsing to websites that automatically exploit vulnerable software using exploit kits and through spam. It also has a worm functionality and can spread itself through through social media and instant messaging programs or removable media drives.

Microsoft didn’t provide much detail on how Dorkbot’s infrastructure was disrupted. The company has undertaken several such actions over the last few years in cooperation with law enforcement.

Coordinated actions to take botnet servers offline have an immediate impact, but the benefits can be short-lived. Cybercriminals often set up new hosting and command-and-control infrastructure and begin rebuilding the botnet by infecting new computers.

Microsoft said it worked with security vendor ESET, the Computer Emergency Response Team Polska, the Canadian Radio-television and Telecommunications Commission, the Department of Homeland Security’s U.S. Computer Emergency Readiness Team, Europol, the FBI, Interpol, and the Royal Canadian Mounted Police.

Cybercriminals have sold a kit that allows other bad actors to build botnets using Dorkbot. The kit, called NgrBot, is sold in underground online forums, Microsoft wrote in a blog post.



Does AVG Respect Your Privacy?

September 22, 2015 by  
Filed under Computing

AVG has been answering questions about its new privacy policy after accusations that the firm is about to sell its users down the river.

A Reddit discussion has heard from furious users who spotted that the simplified policy effectively gives the company permission to sell its mailing lists to third parties for fun and profit.

AVG stated under ‘Do You Share My Data?’ in the Q&A about the new policy, which is automatically enforced on 15 October: “Yes, though when and how we share it depends on whether it is personal data or non-personal data. AVG may share non-personal data with third parties and may publicly display aggregate or anonymous information.”

AVG has hit back at the criticism in a blog post today, by which we mean confirmed that its stance is correct, explaining: “Usage data allows [AVG] to customize the experience for customers and share data with third parties that allow them to improve or develop new products.

“Knowing that 10 million users like a certain TV program gives broadcasters the data to get producers to make more of that type of program.

“This is also how taxi firms know how to distribute their fleets, and how advertisers know where to place banners and billboards, for example. Even at AVG, we have published non-personal information that we have collected regarding app performance.”

But AVG added in big, bold type: “We do not, and will not, sell personally identifiable data to anyone, including advertisers.”

This will placate some, but others fear that the lack of choice over this matter, which requires an active decision to opt out, is too clandestine. As ever, there are threats to move to everything from Linux Mint to the Commodore 64, some more serious than others.

Several Redditors have likened it to similar warnings in Windows 10’s Insider Programme which essentially say: ‘we can track you … but we won’t, unless we do.’


Researchers Uncover Android Ransomware That Changes PIN Codes

September 14, 2015 by  
Filed under Mobile

Researchers at security company ESET have uncovered a type of malware that changes an Android device’s PIN, the first of its kind in a constantly changing landscape of ransomware attacks.

For most users, the only option to get rid of the malware is to reset the phone to its factory settings, which unfortunately also deletes all the data on the device.

The malware calls itself “Porn Droid” and bills itself as a viewer for adult content. It has been seen only on third-party Android application marketplaces or forums for pirated software, wrote Lukas Stefanko, an ESET malware analyst.

But after it’s installed, users see a warning supposedly from the FBI that they’ve allegedly viewed “prohibited pornography.” It asks for a $500 fine to be paid within three days.

To change the device’s PIN, Porn Droid needs administrator-level access to the phone.  Stefanko wrote that the malware uses a new method to obtain that high level of access.

When Porn Droid runs, it asks people to click a button. “After clicking on the button, the user’s device is doomed,” Stefanko wrote. “The Trojan app has obtained administrator rights and now can lock the device. And even worse, it sets a new PIN for the lock screen.”

Other kinds of Android malware locked the screen by keeping the ransonware warning in the foreground using an infinite loop. But that could be remedied by using a command-line tool, the Android debug bridge, or deactivating admin rights in Safe Mode, according to Stefanko.

In the case of Porn Droid, if someone tries to deactivate the admin privileges, the malware uses a call-back function to reactivate them, Stefanko wrote.

The malware is also coded to try to shut down three mobile antivirus products: Dr. Web, ESET’s Mobile Security and Avast.

More advanced users may be able to get rid of Porn Droid without resetting and erasing all data on their phone. It is possible to remove the malware if a user has root privileges to the device, and some security software can stop it, Stefanko wrote.






Microsoft To Bring Interoperability Between Windows And Linux

June 5, 2015 by  
Filed under Computing

Microsoft has announced that OpenSSH, the security protocol at the heart of Linux-based systems, is to get support in its products.

The move is the latest in a long string of acts of openness as Microsoft steers towards taking its place in a multi-platform world, rather than attempting to recreate the domination that has slipped through its fingers as the landscape has evolved.

Microsoft has been working to integrate Linux into products like Azure for some time, and it’s getting to the point where it would be pretty idiotic to hold out any further.

Angel Calvo, group software engineering manager for the PowerShell team, said: “A popular request the PowerShell team has received is to use Secure Shell protocol and Shell session (aka SSH) to interoperate between Windows and Linux – both Linux connecting to and managing Windows via SSH and, vice versa, Windows connecting to and managing Linux via SSH.

“Thus, the combination of PowerShell and SSH will deliver a robust and secure solution to automate and remotely manage Linux and Windows systems.”

He goes on to explain that Microsoft will become an active member of the OpenSSH community and contribute its own take on things and ensure tight compatibility. There is no set date for launch, and development is in the “early planning stages”.

Calvo said that attempts to support SSH in the past were rejected, although he didn’t make it entirely clear who had rejected Microsoft’s advances.

“Given our changes in leadership and culture, we decided to give it another try and this time, because we are able to show the clear and compelling customer value, the company is very supportive,” he said.

OpenSSH was hit by a vulnerability known as Logjam last month. A joint statement from US universities investigating the glitch said: “If you use SSH, you should upgrade your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman key exchange.”


25K Linux And Unix Servers Were Hacked in Two Years

March 21, 2014 by  
Filed under Computing

25,000 Linux and Unix servers were compromised over the last two years to steal Secure Shell (SSH) credentials, redirect web users to malicious content and send spam, security firm ESET has reported.

ESET said the servers were exploited as part of a large server-side credential stealing malware campaign named Operation Windigo, and has published a report about the campaign.

“The gang behind Operation Windigo uses infected systems to steal credentials, redirect web traffic to malicious content, and send spam messages,” ESET said. “According to our analysis, over 25,000 servers have been affected over the last two years. More than 10,000 of them are still infected today.”

These servers have all been compromised with the Linux/Ebury OpenSSH backdoor, ESET established, which the firm said is significant considering that each of the systems has access to significant bandwidth, storage, computing power and memory.

“Well known organizations such as cPanel and were on the list of victims, although they have now cleaned their systems,” ESET said on a blog post. It reported that the infected servers are used to redirect half a million web visitors to malicious content every day.

“Our research also shows that the attacker is able to send more than 35,000,000 spam messages per day with his current infrastructure. Operating systems affected by the spam component include Linux, FreeBSD, OpenBSD, OS X, and even Windows (with Perl running under Cygwin),” said ESET.

ESET said it chose the name “Windigo” for its North American first nation roots and for its references to a malevolent half-beast. It is working on dismantling the operation with help from the European Organization for Nuclear Research (CERN) and the Swedish National Infrastructure for Computing to form an international working group.

“With the help of the working group, thousands of victims have been notified that their servers were infected, in an effort to clean as many systems as possible. We are now releasing a complete white paper in hopes of raising awareness around Operation Windigo and motivating administrators to clean up their compromised servers,” ESET said.


Will Zombie WiFi Hot-Spots Wreak Havoc On Urban Areas?

February 27, 2014 by  
Filed under Computing

Researchers at the University of Liverpool have demonstrated a computer virus that can be transmitted through WiFi networks.

The virus can move like a human infection through WiFi access points (APs), with its spread through populated areas likened to that of a common cold.

The Chameleon virus was tested in a controlled environment and is capable of avoiding detection and finding weak points in WiFi encryption.

Alan Marshall, professor of Network Security at the University of Liverpool, said, “When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi APs that it could connect to and infect.”

This means that even a protected computer can be compromised if it innocently connects to an infected WiFi network AP. Because the virus only exists on the network, rather than the computer itself, open hotspots are particularly vulnerable.

In heavily populated areas with APs in close proximity, the virus could propagate extremely quickly, with the optimum range being among APs in a 10m to 50m radius.

Marshall continued, “It was assumed, however, that it wasn’t possible to develop a virus that could attack WiFi networks, but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely.”

In Hollywood terms, it works like the release of a vial of infectious virus that looks for people who are not wearing gas masks and turns them into zombies. This gives us an idea for a summer blockbuster movie.

Malware spread by conventional means has been a never-ending battle. Nokia this week claimed that nine percent of Android apps it tested for its Nokia X device contained one or more viruses, while institutions including the NHS have been recent victims of computer malware attacks. Now, malware can be airborne and the game could change.



F-Secure Finds More Android Malware

July 3, 2013 by  
Filed under Computing

F-Secure has discovered an Android app that turns a mobile device into a hacking tool that is capable of stealing information from a connected Windows PC.

The company said in a blog post today that its security response analysts came across the app in an analysis on a Chinese language forum over the weekend. It found that, when executed, the sample, which is detected as “Hack-Tool:Android/UsbCleaver.A”, installs an app named USBCleaver on the victim’s device.

When that app is launched, it directs the user to download a ZIP file from a remote server, and then unzips the downloaded file to “/mnt/sdcard/usbcleaver/system folder”.

The files saved are utilities used to retrieve information when the user connects the device via USB to a Windows PC machine, and can grab browser passwords along with stored WiFi keys and network information.

“To run the utilities, the sample creates an autorun.inf and go.bat file at ‘/mnt/sdcard’,” F-Secure explained in a Labs blog post. “When the device is connected to a Windows computer, the autorun script gets triggered, which then silently runs the go.bat file in the background, which in turn runs the specified files from the usbcleaver/system folder.”

The collected details are stored on the device at “/mnt/sdcard/usbcleaver/logs” and can be viewed in the “Log Files” button to view the information retrieved from the PC.

F-Secure said that this attack can be blocked by disabling Autorun by default, as doing so can block USBCleaver’s Windows infecting routine.

“This isn’t the first Android trojan reported this year with PC infecting capabilities, since that ‘distinction’ belongs to the trojan-spy apps family we detect as Sscul,” F-Secure warned.

“Unlike the Sscul malware however, which is more focused on remote eavesdropping, USBCleaver seems to be designed to facilitate a targeted attack by gathering details that would be helpful in a later infiltration attempt.”


Is Android Vulnerable To A Linux Kernel Exploit?

June 14, 2013 by  
Filed under Computing

Symantec has warned that a Linux kernel exploit that allows user privileges to be escalated has been ported to Android.

The Linux kernel CVE-2013-2094 vulnerability was first published on 14 May and affected a number of Linux distributions that used the Linux 2.6.x kernel, including Red Hat Enterprise Linux 6, Ubuntu 12.04 LTS, Debian 6 and Suse Enterprise Linux 11. While Red Hat, Canonical and other distributions have long since issued patches, Symantec claimed that the exploit has been ported to Android.

Google’s Android operating system runs on top of the Linux kernel, and while Android 4.2 Jelly Bean uses Linux 3.0, previous versions of Android used Linux 2.6.

Symantec said of the vulnerability, “The Android operating system normally sandboxes every application so they cannot perform sensitive system operations or interfere with other installed applications. In the past, we have seen malware use privilege escalation exploits to access data from other applications, prevent uninstall, hide themselves, and also bypass the Android permissions model to enable behaviors such as sending premium SMS messages without user authorization.”

While Symantec correctly point out the vulnerability affected Linux 2.6, and the firm doesn’t say whether the mutated Android version affects any other versions of the Linux kernel, the problem is that many smartphone and tablet makers do not issue software updates, meaning some users could still be stuck with a version of Android that runs on a vulnerable Linux kernel.

Since Google has made it easy for Android users to download and install apps from third party sources, Android has become a target for malware. Symantec recommends that Android users running older versions stick to trusted sources of Android apps, such as the Google Play store.


Is Android AV Protecting You?

May 9, 2013 by  
Filed under Computing

Anti-virus software for Android is easily fooled, according to insecurity experts from Northwestern University and North Carolina State University. The university tested ten of the most popular AV products on Android, and discovered that they were easily fooled by common obfuscation techniques.

AV software from Symantec, AVG, Kaspersky Lab, Trend Micro, ESET, ESTSoft, Lookout, Zoner, Webroot, and Dr. Web was tested as part of an evaluation of mobile security software. Using a tool called DroidChameleon malware samples were transformed to generate new variants that contain the exact malicious functions as before. These new variants were then passed to the AV products, and much to the surprise of the paper’s authors, they were rarely flagged.

The paper said that the findings showed that all the anti-malware products evaluated are susceptible to common evasion techniques and may succumb to even trivial transformations not involving code-level changes. More than 43 per cent of the signatures used by the AV products are based on file names, checksums (or binary sequences) or information obtained by the PackageManager API.

Minor changes to a virus will render their protection useless for the most part.


AVG’s Latest Update Will Crash Windows 7 64-Bit Computers

December 3, 2010 by  
Filed under Computing

WARNING, if you are running Windows 7 (64-bit) on your computer systems  with AVG Virus software do not download the latest update from AVG.

The virus protection software was pulled after it was reported by users that their systems were being forced into infinite crash loops.

Those who updated their systems will see error ‘c0000135 error’ on the subsequent restart, which causes a total boot failure.

Unfortunately, AVG has not been able to resolve the problem.  It is said that the anti-virus algorithm wrongly identifies a critical Windows process as malicious and then quarantines the function and deletes it.

The anti-virus outfit added that it will release a program to ensure that the fix is completed automatically as soon as possible.

Fortunately, this will not harm PCs that are running Windows 7 (32-Bit) or those who have not downloaded and installed update 3292, the company said.

Next Page »