Subscribe to:

Subscribe to :: TheGuruReview.net ::

Did Kaspersky Hack NSA Staff

November 22, 2017 by  
Filed under Around The Net

Kaspersky has denied it played a role in hacking into the personal computer of a US National Security Agency (NSA) worker.

Kaspersky Lab has published a report detailing an internal investigation it launched examining allegations that its software was used to compromise an NSA employee’s home computer.

In early October, a report published in the Wall Street Journal claimed that the firm’s software was used to download confidential data from an American agent’s home computer.

However, later reports circulated accusing the firm of deliberately taking files from the PC. Following the incident, Kaspersky conducted a full investigation to gain additional evidence of the incident and explore how it happened.

Researchers at the company confirmed that Russian cybercrooks installed software on an NSA contractor’s computer to access and steal sensitive data.

The user, according to the company, was able to download and install pirated software on the machine. The researchers identified a compromised Microsoft Office ISO file, as well as an illegal Microsoft Office 2013 activation tool.

They were able to install the pirate copy of Office 2013 after disabling the Kaspersky security product. If the latter had been left on the PC, it would have identified the illegal activator tool.

This illegal tool was infected with malware, and this was left on the PC while the Kaspersky software was inactive. The malware meant other third-parties could access the user’s machine, causing major security concerns.

However, when the company’s antivirus software was re-enabled, it detected the software with the verdict Backdoor.Win32.Mokes.hvl and stopped it from contacting a dodgy command and control software.

This backdoor approach was first identified in October 2014, but it’s still being used by cybercriminals looking to steal important data. Kaspersky researchers said the antivirus software detected other variants of the Equation APT malware too.

Various variants of the malware, including a 7zip archive, was sent to the Kaspersky Virus Lab for analysis. Researchers found that it contained a number of source codes and classified documents.

At the request of the firm’s CEO, these files were removed from its servers.

“The reason Kaspersky Lab deleted those files and will delete similar ones in the future is two-fold: first, it needs only malware binaries to improve protection and, secondly, it has concerns regarding the handling of potentially classified material,” the firm wrote.   

“Because of this incident, a new policy was created for all malware analysts: they are now required to delete any potentially classified material that has been accidentally collected during anti-malware research.”

“To further support the objectivity of the internal investigation we ran it using multiple analysts including those of non-Russian origin and working outside of Russia to avoid even potential accusations of influence.”

Speaking about other findings, the firm said: “One of the major early discoveries of the investigation was that the PC in question was infected with the Mokes backdoor – a malware allowing malicious users remote access to a computer.

“As part of the investigation, Kaspersky Lab researchers took a deeper look at this backdoor and other non-Equation threat-related telemetry sent from the computer.

Courtesy-TheInq

Will Ransomware Reach Epidemic Levels In 2018

November 9, 2017 by  
Filed under Computing

Sophos expects that ransomware will become a fully fledged epidemic in 2018.

While 2017 has already seen some major outbreaks, Sophos believes that ransomware will continue to grow in 2018, affecting more companies and platforms. Cybercrooks, it said, are becoming more sophisticated.

Throughout 2017, there have been a string of global IT security crises, from WannaCry to NotPetya. According to Sophos, attackers have been able to perfect their ransomware delivery techniques to cause such outbreaks.

While most ransomware hits Windows users, the report found that other platforms aren’t immune. Attackers have also been targeting mobile devices, particularly Android.

Ransomware, the firm says, is a “vexing problem” for businesses. Generated in May 2017, WannaCry was the biggest ransomware to affect customers – beating previous leader Cerber, which appeared in early 2016.

WannaCry made up 45.3 per cent of the ransomware tracked by Sophas, with Cerber accounting for 44.2 per cent.

Dorka Palotay, a researcher at the firm, said cybercriminals will likely launch more complex ransomware attacks in the future.

“For the first time, we saw ransomware with worm-like characteristics, which contributed to the rapid expansion of WannaCry,” he said.

“This ransomware took advantage of an old Windows vulnerability to infect and spread to computers, making it hard to control,” he added.

“Even though WannaCry has tapered off and Sophos has defenses for it, we still see the threat because of its inherent nature to keep scanning and attacking computers.

“We’re expecting cyber criminals to build upon WannaCry and NotPetya and their ability to replicate, and this is already evident with Bad Rabbit ransomware, which shows many similarities to NotPetya.”

The report also explored the rise and fall of NotPetya, which made headlines in June 2017. Sophos said this attack was far less damaging than WannaCry, and it suspects cybercriminals were merely “experimenting”.

“NotPetya spiked fast and furiously before taking a nose dive, but did ultimately hurt businesses. This is because NotPetya permanently destroyed data on the computers it hit. Luckily, NotPetya stopped almost as fast as it started,” said Palotay. “

“We suspect the cybercriminals were experimenting or their goal was not ransomware, but something more destructive like a data wiper.

“Regardless of intention, Sophos strongly advises against paying for ransomware and recommends best practices instead, including backing up data.

Android ransomware is also on the rise, according to the research. The report has revealed that the number of attacks on users using Google’s mobile platform grew month-on-month during 2017.

The firm said that by the end of the year, its systems will have identified an estimated 10 million suspicious Android apps. In comparison, 8.5 million were processed in 2016.

Rowland Yu, a SophosLabs security researcher focusing on mobile malware, said: “In September alone, 30.37 per cent of malicious Android malware processed by SophosLabs was ransomware.

“One reason we believe ransomware on Android is taking off is because it’s an easy way for cybercriminals to make money instead of stealing contacts and SMS, popping ups ads or even bank phishing which requires sophisticated hacking techniques.

It’s important to note that Android ransomware is mainly discovered in non-Google Play markets – another reason for users to be very cautious about where and what kinds of apps they download.” 

Courtesy-TheInq

Windows 7 Still Microsoft’s Most Popular OS

November 7, 2017 by  
Filed under Computing

Windows 7 lost a few more users last month as its share of the overall Windows universe slipped a bit closer to 50%.

But if the veteran operating system were a person, it would be that party guest who stayed well past welcome, lingering long after everyone else has left, after the hosts have, in fact, gone to bed. And there Windows 7 would sit, talking without a listener, making itself at home, feet up on the coffee table.

According to metrics vendor Net Applications, Windows 7’s user share in October was 46.6%, a decline of six-tenths of a percentage point. More notable during these times of migration, the operating system ran 51.4% of all Windows machines during the same stretch, a month-to-month drop of seventh-tenths of a point. (The second percentage is larger because Windows was detected on 90.8% of the world’s PCs, not 100%; the remainder ran macOS or a Linux flavor.)

October’s decline was only half that of September, but was still the third largest of 2017.

The continued weakening of Windows 7’s user share – five months of declines and counting – is a promising sign, as the operating systems faces a deadline: Microsoft has set Windows 7’s retirement for Jan. 14, 2020, now little more than 26 months away. The faster Windows 7 relinquishes its user share, the less the chance that businesses will find themselves running unpatched, and thus, vulnerable, machines. No one wants a repeat of the panicky last few months of Windows XP’s lifespan, when companies blew through IT budgets scrambling to purge the obsolete OS.

Yet Windows 7 remains behind the pace set by XP . With 26 months to go before its April 2014 retirement, XP accounted for 49.4% of all Windows PCs, or two points lower than Windows 7’s share in October. Things could be worse: In August, Windows 7 was three points behind XP’s tempo. But the lack of progress in matching XP’s slide toward irrelevance must be disheartening to Microsoft, which continues to sing Windows 10’s praises, and even assert that Windows 7 is not only old and tired, but simply not up to the tasks required of it.

Meanwhile, Windows 10 did see a bump in user share last month of two-tenths of a point, ending October at 29.3%. When only Windows systems are counted, its share of that pool was 32.8%, within shouting distance of the one-in-three milestone. Computerworld calculated that, with the 12-month trend in Net Applications’ data, Windows 10 should pass the 33.3% line during December.

US Government Agencies Start To Give Kaspersky The Boot

November 2, 2017 by  
Filed under Computing

US federal government agencies have met the first three deadlines of the September directive calling for the removal of Kaspersky Lab security products from all government systems and networks. 

In September, the US government ordered the removal of all Kaspersky software from federal agencies due to fears of influence from Russian president Vladimir Putin. Agencies were given 90 days to do this.

Following this directive, an official working at the Department of Homeland Security (DHS) has confirmed that the “vast majority” agencies have removed all Kaspersky software.

Michael Duffy, who leads cybersecurity and communications at the DHS, explained that fewer than half of their agencies were using Kaspersky’s anti-virus software.

He didn’t give a specific percentage about how many agencies have actually met the DHS deadline or how many have been using Kaspersky software but said they’re moving in the right direction.

Kaspersky has faced a lot of pressure from the US government over the past few months amid claims the Kremlin is using its software to conduct cyber espionage.

Of course, Kaspersky has flatly denied these claims, but that hasn’t stopped US officials from making new ones. Duffy spoke to reporters at the 27 October meeting of the National Institute of Standards and Technology’s Information Security and Privacy Advisory Board.

He said the agency won’t comment on any individual cases, but each agency was given an ample timeframe to remove the software. This task is lengthy due to the complex nature of Kaspersky’s products.

There are many other systems that are based on Kaspersky anti-virus and its application programming interface, cautioned Duffy.

While US government agencies work to banish the software, some traces of it will still be left behind, a former DHS official told FCW.

John Norton, who worked at the agency when George W. Bush set it up, said: “Probably the best example is anybody who has a home computer and has tried to remove some kind of app they didn’t want anymore. It’s still in there in some form. It’s difficult to clean that up.”

Responding to the directive in September, a spokesperson for Kaspersky said: “Given that Kaspersky Lab doesn’t have inappropriate ties with any government, the company is disappointed with the decision by the U.S. Department of Homeland Security (DHS).

“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company.

“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia.”

Courtesy-TheInq

Can Kaspersky’s Western Business Be Saved

October 27, 2017 by  
Filed under Around The Net

Eugene Kaspersky, the co-founder of Kaspersky Lab, which is at the center of US government security claims, has revealed further details about plans to have its software examined and audited in an independent code review.

However, the former deputy director of the US National Security Agency (NSA), Rick Ledgett, claims that this is not enough.

Kaspersky Lab said on Monday that it will ask independent parties to review its products in a process starting in the new year. The initiative is part a bid to distance itself from allegations that it allows the Russian government to use its popular anti-virus software to conduct cyber espionage.

The company is planning to provide software regulation and review bodies with the source code of current and future products, working with “the broader information-security community and other stakeholders”, Kaspersky said in a statement.

In addition, the company will also give outside organizations access to other aspects of its business, including software development. These reviews will begin in the first quarter of next year.

It said the aim of this is to “verify the integrity” of its solutions and processes. The company’s products are used on around 400 million computers worldwide.

Kaspersky is calling this a “global transparency initiative”, although it hasn’t yet named the outside reviewers that it will employ. Instead, it said that it is working with parties that sport “strong credentials in software security and assurance testing for cyber-security products”.

Distancing itself from Russia, the company will open specialist centers throughout Asia, Europe and United States. Here, customers, governments and other organizations will be able to access the results of the reviews.

And it’ll expand its independent security research program, paying specialists as much as $100,000 if they find security vulnerabilities in its products.

However, writing today, Ledgett claimed that the initiative won’t address the core problem.

“On the face of it this sounds like a good move, but in reality it doesn’t address the alleged activity,” Ledgett claimed.

He continued: “When you download any anti-virus software and click on the very long end-user license agreement, somewhere in there you agree to give that software access to all the files on your computer and all the files that will be sent to and from your computer…

“This all makes perfect sense for legitimate anti-virus companies, but it’s also a potential gold mine if misused. Instead of looking for signatures of malware, the software can be instructed to look for things like ‘secret’ or ‘confidential’ or ‘proprietary’ – literally anything the vendor desires. Any files of interest can be pulled back to headquarters under the pretext of analyzing potential malware.”

He concluded: “Eugene Kaspersky’s proposal to have experts analyze Kaspersky anti-virus code is irrelevant in this case, because the code is doing exactly what it has been designed to do, but in a way that is inconsistent with what customers expect and are paying for. It’s not the code itself, it’s the use of the code…

“If Eugene Kaspersky really wanted to assuage the fears of customers and potential customers, he would instead have all communications between the company’s servers and the 400 million or so installations on client machines go through an independent monitoring center.

“That way evaluators could see what commands and software updates were going from Kaspersky headquarters to those clients and what was being sent back in response.”

Just last month, the use of Kaspersky products was banned throughout US government agencies amid fears that the company has been working with the Kremlin.

Despite this, the company has denied any involvement with the Russian government, adding that it doesn’t work with any governments in order to engage in espionage.

Co-founder Eugene Kaspersky said: “Internet balkanization benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should.

“We need to re-establish trust in relationships between companies, governments and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent.

He added that the company is ethical in its practices. “We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.” 

Courtesy-TheInq

Does Kaspersky Have Ties To The Russian Government

August 28, 2017 by  
Filed under Computing

The Untouchables are briefing private sector companies on intelligence claiming to show that the Moscow-based cybersecurity company Kaspersky Lab is an unacceptable threat to national security.

Apparently the FBI’s goal is to have US firms push Kaspersky out of their systems as soon as possible or refrain from using them in new products or other efforts, the current and former officials say.

The FBI’s counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritising companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.

The FBI has focused on this sector following the cyber attacks on the Ukraine power grid which were believed to be a test run by Russian spooks. However the move also comes as Russia is engaged in its own push to stamp American tech giants like Microsoft out of that country’s systems. Rather than being security issues, it is also possible that it is a form of tit-for-tat trade war.

However  Businessweek claims to have seen emails which “show that Kaspersky Lab has maintained a much closer working relationship with Russia’s main intelligence agency, the FSB, than it has publicly admitted”.

Kaspersky Lab says that the company does not have “inappropriate” ties with any government, adding that “the company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime”.

Courtesy-Fud

Is The Locky Ransomware Back To Wreak Havoc

August 25, 2017 by  
Filed under Around The Net

The Locky Ransomware is back from the dead with two new strains, security researchers at Malwarebytes have warned.

Locky was one of the three most widely distributed forms of malware in 2016, along with Cryptowall and Cerber, but although ransomware has boomed during 2017, Locky has been largely quiet.

But on 9 August, Locky made a dramatic return, using a new ransom note and file extension, ‘.diablo6’, which it followed up a week later with another variant, with the extension ‘.Lukitus’.

What hasn’t changed, though, is the method of distribution.Rather than rifling through the trove of spilt US National Security Agency exploits, as the groups behind WannaCry and NotPetya did, Locky is distributed via phishing emails containing malicious Microsoft Office files or zipped attachments containing a malicious script.

The new Locky variants, adds Malwarebytes, callback to different command and control servers (C2) and use the affiliate id: AffilID3 and AffilID5.

“Over the last few months, Locky has drastically decreased its distribution, even failed to be distributed at all, then popped back up again, vanished and reappeared once more. The ups and downs of Locky remain shrouded in mystery. One thing time has taught us is that we should never assume Locky is gone simply because it’s not active at a particular given time,” the company warned in a briefing note. 

In 2016, a US hospital was forced to pay $17,000 in bitcoin in order to recover devices that had fallen victim to the Locky ransomware.

Locky is a variant on the Dridex banking Trojan, which is believed to have been behind the theft of around £20m from bank accounts in the UK alone, refitted for ransomware rather than stealing online banking credentials. Both are associated with the Necurs malware distribution botnet.

Back then, security researchers at Proofpoint pointed out the connection between Dridex and Locky.

“While a variety of new ransomware has appeared since the end of 2015, Locky stands out because it is being delivered by the same actor behind many of the Dridex campaigns we have tracked over the past year,” warned the company in an advisory.

“The actors behind Locky are clearly taking a cue from the Dridex playbook in terms of distribution. Just as Dridex has been pushing the limits of campaign sizes, now we’re seeing even higher volumes with Locky, rivalling the largest Dridex campaigns we have observed to date.”

Courtesy-TheInq

Microsoft Continues Windows XP Patches Over ‘WannaCry’ Concerns

June 15, 2017 by  
Filed under Computing

Microsoft is following May’s unprecedented release of security updates for expired operating systems, including Windows XP, by issuing another dozen patches for the aged OS.

The Redmond, Wash. company cited fears of possible attacks by “nation-states,” a label for government-sponsored hackers or foreign intelligence services, for the updates’ release. “In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,” said Adrianne Hall, general manager, issues and crisis management, for Microsoft.

The updates for Windows XP, Windows 8 and Windows Server 2003 — which were retired from support in April 2014, June 2016, and July 2015, respectively — made it two months running that Microsoft has delivered fixes for bugs in obsolete software.

In May, Microsoft broke with policy and practice by offering patches to protect the same trio of operating system versions from the fast-spreading “WannaCry” ransomware campaign. This month’s move was taken for a reason less concrete.

“As part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at [heightened] risk of exploitation due to past nation-state activity and disclosures,” wrote Eric Doerr, general manager of the Microsoft Security Response Center (MSRC), in a post to a company blog.

Hall was somewhat more explicit. “Due to the elevated risk for destructive cyber-attacks at this time, we made the decision [to issue updates for older versions] because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt,” she wrote in a separate post to a company blog. Hall also noted that the additional updates were distributed to all versions of Windows, not just those previously retired.

Microsoft tagged last month’s malware as “WannaCrypt;” most settled on the alternate “WannaCry” as the name.

Although owners of unmanaged Windows XP and Windows 8 systems must manually retrieve the updates from Microsoft’s download website or the cumbersome Update Catalog, enterprises and organizations using WSUS (Windows Server Update Services), SCCM (System Center Configuration Manager) or another patch management platform can automate the downloading and installation of the older editions’ updates as if they were for editions still in support.

China Hit Hard By ‘WannaCry’ Ransomware

May 17, 2017 by  
Filed under Around The Net

The WannaCry ransomware has infected tens of thousands of Windows PCs in China, where Windows XP runs one in five systems, according to local reports.

More than 23,000 IP addresses in the People’s Republic of China (PRC) show signs of infection, the country’s National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT) told Xinhua, the state-run news agency, on Monday.

“Intranets in many industries and enterprises involving banking, education, electricity, energy, healthcare and transportation have been affected in different extents,” CNCERT said.

The Hong Kong-based Southern China Morning Post upped the ante in its report Monday, claiming that tens of thousands of businesses and organizations had been hit by the ransomware, which has been dubbed “WannaCry” by most security experts, “WannaCrypt” by a few outliers.

The China National Petroleum Corporation (CNPC), for example, took some 20,000 gas stations offline early Saturday, forcing customers to pay in cash as credit card purchases could not be processed. By mid-day Sunday, some 20% of the stations were still disconnected from the Internet, but efforts were continuing to restore payment options, the company said in a statement.

It shouldn’t have been a surprise that PCs in the PRC were hit hard by WannaCry: Although security experts have yet to identify the original infection vector, the ransomware spreads rapidly by exploiting Windows vulnerabilities in a baked-in file sharing protocol.

Microsoft patched the flaws in March when it issued MS17-010, one of its last-ever security bulletins. But because Microsoft only supports — patches, in other words — newer editions of its operating system, the 16-year-old Windows XP and the 5-year-old Windows 8 were not bolstered with the same fix.

China is at greater risk of attacks against unpatched Windows XP PCs than most countries because a larger percentage of the nation’s systems run the obsolete OS than the global average.

According to Baidu, the PRC’s largest search provider, 19% of all personal computers using its service last month were powered by Windows XP. That was almost double the share of Windows 10, but less than a third of the share of Windows 7.

Windows XP’s worldwide share was about 7% in April, said U.S. analytics vendor Net Applications earlier this month, about one-fourth the share of Windows 10 and a seventh the share of Windows 7.

Over the weekend, Microsoft issued security updates for Windows 8, Windows Server 2003 and Windows XP, which had had been banished from the patch list one, two and three years ago, respectively. “This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind,” Phillip Misner, a principal security group manager at the Microsoft Security Response Center (MSRM), said in a post to a company blog.

Spread Of ‘WannaCry’ Ransomware Halted For Now

May 15, 2017 by  
Filed under Computing

Friday’s unprecedented ransomware attack may have temporarily halted spreading to new machines thanks to a “kill switch” that a security researcher has activated.

The ransomware, called Wana Decryptor or WannaCry, has been found infecting machines across the globe. It works by exploiting a Windows vulnerability that the U.S. National Security Agency may have used for spying.

The malware encrypts data on a PC and shows users a note demanding $300 in bitcoin to have their data decrypted. Images of the ransom note have been circulating on Twitter. Security experts have detected tens of thousands of attacks, apparently spreading over LANs and the internet like a computer worm.

However, the ransomware also contains a kill switch that may have backfired on its developers, according to security researchers.

Wana Decryptor infects systems through a malicious program that first tries to connect to an unregistered web domain. The kill switch appears to work like this: If the malicious program can’t connect to the domain, it’ll proceed with the infection. If the connection succeeds, the program will stop the attack.

A security researcher who goes by the name MalwareTech found that he could activate the kill switch by registering the web domain and posting a page on it.

MalwareTech’s original intention was to track the ransomware’s spread through the domain it was contacting. “It came to light that a side effect of us registering the domain stopped the spread of the infection,” he said in an email.

Security firm Malwarebytes and Cisco’s Talos security group reported the same findings and said new ransomware infections appear to have slowed since the kill switch was activated.

However, Malwarebytes researcher Jerome Segura said it’s too early to tell whether the kill switch will stop the Wana Decryptor attack for good. He warned that other versions of the same ransomware strain may be out there that have fixed the kill-switch problem or are configured to contact another web domain.

Unfortunately, computers already infected with Wana Decryptor will remain infected, he said.

Friday’s ransomware attack first spread through a massive email phishing campaign. At least some of those emails appeared to be messages from a bank about a money transfer, according to Cisco’s Talos group.

Victims who opened the attachment in the email were served with the ransomware, which takes over the computer, security researchers said.

The Wana Decryptor itself is no different from other typical ransomware strains. Once it infects the PC, it’ll encrypt all the files on the machine, and then demand the victim pay a ransom to free them.

But unlike other ransomware, Wana Decryptor has been built to spread quickly. It does so by incorporating a hacking tool that security researchers suspect came from the NSA and was leaked online last month.

Security Researcher Develops Method To Test For NSA Spying

April 24, 2017 by  
Filed under Around The Net

Wondering lately if your PC has  been infected with a suspected NSA spying implant? A security researcher has come up with a free tool that will find out.

Luke Jennings of security firm Countercept wrote a script in response to last week’s high-profile leak of cyberweapons that some researchers believe are from the National Security Agency. It’s designed to detect an implant called Doublepulsar, which is delivered by many of the Windows-based exploits found in the leak and can be used to load other malware.

The script, which requires some programming skill to use, is available for download on GitHub.

Some security researchers have used Jennings’s script to scan the internet for machines infected with the implant. Their results have varied widely, showing between 30,000 and 100,000 computers with the code on them.

Below0Day, a penetration testing company, has tweeted graphs showing which countries are most affected. The U.S. sits at the top, with 11,000 machines.

Several other countries, including U.K., Taiwan and Germany, have more than 1,500 machines infected.

It’s not clear when these machines were infected with the implant, Jennings said. However, the suspected NSA exploits that deliver Doublepulsar were leaked a week ago, at which point anyone with some hacking skills could start using them.

Security experts are worried that cybercriminals or foreign governments might take the leaked exploits and attack vulnerable machines over the internet. They say computers with older or unpatched Windows systems are particularly at risk. Rebooting a system will remove the implant, but not necessarily any malware associated with it.

Jennings said he developed his script by analyzing how the Doublepulsar implant communicated over the internet to its control server. However, his original intention was to help businesses identify the implant over their networks, not to scan the entire internet for the implant.

“There’s been a lot of discussion on Twitter,” he said. “People are wondering if maybe the script is incorrect, because they are surprised by the number of systems infected.”

However, not one has presented evidence that his computer script is wrong, Jennings said.

“There’s probably a group out there, or many out there, using these exploits to compromise vulnerable machines,” he said.

Older Windows Server systems, especially those running without a firewall, are considered easy to hack with the exploits. Thousands of these machines around the internet appear to be exposed.

Dan Tentler, CEO of security provider Phobos Group, has been looking at the accuracy of the script. He’s already done manual checks on 50 machines that were flagged as infected, and all 50 of them were.

“Usually if you check that many, and the scripting is bad, you would expect to find a handful that were false positives,” he said. “But I’ve found zero false positives.”

It’ll take more time for security researchers to vet the accuracy of the Doublepulsar search results. But Tentler recommends system operators take steps to prevent infection from the recently leaked malware.

Users should install all available patches on their Windows system, he says. Past patches from Microsoft will address the danger, but older operating systems like Windows XP and Windows Server 2003 no longer receive support from the company.

Users can consider upgrading the system to a newer OS. They can also run antivirus products like Windows Defender to help them root out any malware.

Gmail Ending Support For Older Versions Of Chrome

February 3, 2017 by  
Filed under Around The Net

Google has announced that Gmail will discontinue supporting older versions of its Chrome browser soon, in a move that will put another nail in the coffins of Windows XP and Windows Vista.

Users of Chrome version 53 and older editions of the browser could start being redirected to the basic HTML version of Gmail as early as December, the company said in a blog post. Starting next week, users who will be affected by the change will start seeing a banner at the top of Gmail telling them to upgrade to an up-to-date version of Google’s browser.

The affected browser versions include Chrome v49, the last version of the software that supports XP and Vista. While Microsoft officially ended support for XP more than two and a half years ago, Gmail has continued to work with it. Vista Service Pack 2 will reach the end of its extended support period on April 11.

Google also pointed out that users of outdated versions of Chrome are more vulnerable to security exploits, which is of particular importance for XP, because Microsoft is no longer even releasing security patches for the operating system.

Google suggested that administrators managing Chrome on behalf of their users upgrade them at this point. If they can’t be upgraded because of an incompatible OS, Google recommended admins take care of that as well.

Windows XP still makes up 5 percent of the desktop browser market share worldwide, according to StatCounter’s data from December 2016. That’s a fraction of Windows 10’s still-growing share of the pie — measured at 27.2 percent — but shows that there are still hold-outs.

Mozilla’s Firefox Sets Retirement Date For Windows XP, Vista Support

January 4, 2017 by  
Filed under Computing

Mozilla will discontinue support for its Firefox browser running on Windows XP and Windows Vista in 2017, the company announced last week.

The exact timing of Firefox’s retirement from those Microsoft operating systems will be determined in the summer, according to a post to a company blog. “We expect to continue to provide security updates for [Windows XP and Windows Vista] users until September 2017,” the firm said. “In mid-2017, user numbers on Windows XP and Vista will be reassessed and a final support end date will be announced.”

Before that, however, Mozilla will automatically migrate Windows XP and Vista users to the Firefox Extended Support Release (ESR), a build-and-release track designed for enterprises and educational organizations. “In approximately March 2017, Windows XP and Vista users will automatically be moved to the … ESR,” Mozilla said.

ESR builds are regularly updated with security fixes, but do not receive the new features and enhancements that the standard version does. Instead, Firefox ESR remains feature-static for approximately a year, at which time a new ESR is issued. (Microsoft adopted a similar approach with its Windows 10 Long Term Servicing (LTS) Branch, a release track that eschews feature changes for months, or even years.)

Mozilla created the ESR track in 2012 after some customers balked at its scheme to ship a new edition of the browser every six weeks. Firefox ESR 52, slated to ship on March 7, will be what Mozilla moves XP and Vista users to. From that point until Mozilla officially retires Firefox later in the year, XP and Vista users will receive only security updates to the browser.

Microsoft retired Windows XP from support in April 2014, and will do the same to Vista on April 11, 2017. It’s unclear what percentage of Firefox users run the browser on the two aged operating systems, but analytics vendors portray both as minor players. According to metrics company Net Applications, Windows XP powered 8.6% of the world’s personal computers last month, and Vista — one of Microsoft’s biggest OS failures — ran 1.1% of the globe’s PCs.

If Windows XP’s rate of decline over the last 12 months continues, its share of the personal computer operating system market will have fallen to about 7% by September. Meanwhile, Vista’s share will have shrunk to an almost-invisible seven-tenths of a percentage point.

Mozilla is one of the last browser makers to pull the support plug from Windows XP. Microsoft stopped patching Internet Explorer on XP when it retired the OS in 2014, and Google scratched XP off Chrome’s support list in April 2016.

No More Chrome Updates For Windows XP And Vista

November 12, 2015 by  
Filed under Computing

Windows XP will be getting even less secure next year, when Google will discontinue updating Chrome for users of Microsoft’s elderly operating system.

The company just announced that PCs running XP and Vista will be able to keep using Chrome after April 2016, but Google will cease providing updates to its browser, including security-focused patches. That same deal goes for Mac users running OS 10.6, 10.7 and 10.8.

Google said it was turning off the updates because the makers of all five OSs had stopped providing official support for them.

“Such older platforms are missing critical security updates and have a greater potential to be infected by viruses and malware,” Chrome Director of Engineering Mark Pawliger said in a blog post announcing the decision.

Google said earlier this year that it planned to stop supporting old operating systems, and called out XP in particular as a problem. Microsoft’s operating system, while more than a decade old, is still clinging to life on computers in homes and organizations large and small. Microsoft ended support for XP last year, but some organizations (including the U.S. Navy) haven’t completely made the jump yet.

This is also especially bad news for people who want to keep old Macs with PowerPC processors running. Those computers are stuck on OS 10.6.8, because it’s the last version of the OS that Apple put out which is compatible with those processors. That said, people still love their PowerBooks and Power Macs, and this change is likely going to hurt for those folks who want to keep browsing like it’s 2005.

It’s a tough spot to be in, but come April, there won’t be much of a choice for those people who want their old computer to still have a secure version of Chrome. Either they update their hardware, or they get left behind.

 

 

 

Kaspersky Stops CoinVault

November 6, 2015 by  
Filed under Computing

Kaspersky has found that attacks by gits on gewgaws have increased and that mobile malware is popular in the mean streets of Malicious Town.

Russian security firm Kaspersky is behind the revelation, and the firm’s IT Threat Evolution Q3 2015 report showed significant increases across the board. All this keeps the firm on its toes and very busy.

It’s not all bad news, and Kaspersky has claimed scalps on the infamous CoinVault and Bitcryptor ransomware systems. The firm said that things have been shut down and people pinched for their roles. Kaspersky has also released the relevant keys so that locked out users can reunite themselves with their kidnapped content.

“The CoinVault story is ending: the remaining victims can retrieve their files and the cyber criminals have been caught, thanks to collaboration between the Dutch police, Kaspersky Lab and Panda Security,” said Jornt van der Wiel, a security researcher at Kaspersky’s Global Research & Analysis Team.

“The CoinVault investigation has been unique in that we have been able to retrieve all the keys. Through sheer hard work we were able to disrupt the entire business model of the cyber criminal group.”

Kaspersky’s three-month information harvest showed that the firm repelled 235,415,870 malicious attacks from online resources all over the world, and saw 38,233,047 unique malicious scripts, exploits, executable files and viruses.

A huge 323,374 new malicious mobile programs were found, a threefold increase over the previous quarter, along with 1,583,094 malicious installation packages.

“The developments in Q3 demonstrate that the global threat landscape is continuing to evolve at a fast pace. Malicious mobile programs are on the rise and in countries where online banking is popular, people are at considerable risk from trojans looking to target them,” said David Emm, principal security researcher for Kaspersky’s Global Research & Analysis Team.

“With 5.6 million cases of attempted theft from online bank accounts, and cyber criminals continually developing sophisticated attacks, the use of high-quality cyber security products has never been more important. It’s vital that all those using the internet – individuals and organisations – protect themselves from these growing threats.”

So there are new problems and old threats, some of which, like the Turla method for hacking downstream satellite connections, continue to flourish.

Turla not does make its way in the direction of the UK or US, but Kaspersky said that it could lead to problems if other hacker groups adopt the technique.

“If this method becomes widespread among APT groups or cyber criminals it will pose a serious problem for the IT security industry and law enforcement agencies,” the firm said.

Courtesy-TheInq

Next Page »