Spyware, Viruses, & Security forum


NEWS - February 05, 2016

by Carol~ Moderator / February 5, 2016 9:30 AM PST
Mysterious spike in WordPress hacks silently delivers ransomware to visitors

It's still not clear how, but a disproportionately large number of websites that run on the WordPress content management system are being hacked to deliver crypto ransomware and other malicious software to unwitting end users.

In the past four days, researchers from three separate security firms have reported that a large number of legitimate WordPress sites have been hacked to silently redirect visitors to a series of malicious sites.

The attack sites host code from the Nuclear exploit kit that's available for sale in black markets across the Internet. People who visit the WordPress sites using out-of-date versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer can then find their computers infected with the Teslacrypt ransomware package, which encrypts user files and demands a hefty ransom for the decryption key needed to restore them.

Continued : http://arstechnica.com/security/2016/02/mysterious-spike-in-wordpress-hacks-silently-delivers-ransomware-to-visitors/
Discussion is locked
You are posting a reply to: NEWS - February 05, 2016
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 05, 2016
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Bleeping Computer Defends Freedom of Speech
by Carol~ Moderator / February 5, 2016 9:34 AM PST

Very recently, a very popular and useful website called Bleeping Computer reached out to the community at large asking for help.

See, Bleeping Computer is known for helping out folks remove malware and keep their systems safe, without charging any fee or additional costs, similar to our own support forums.

The content is provided by the volunteer efforts of security professionals and the more than 700,000 registered users who ask and answer all questions presented on the site. To summarize, Bleeping Computer is a valuable resource in the efforts to help users live in a malware free world.

Unfortunately, that all might change pretty soon here. A software development company, Enigma software, is suing Bleeping Computer because of a negative review which was posted on the site about their product, Spyware Hunter. Basically they want BC to take down the post because it makes them look bad.

Continued: https://blog.malwarebytes.org/news/2016/02/bleepingcomputer-defends-freedom-of-speech/

[Note: Emphasis by me]

Collapse -
Malwarebytes Anti-Malware Vulnerability Disclosure
by Carol~ Moderator / February 5, 2016 9:39 AM PST
Marcin Kleczynski @ the "Malwarebytes Unpacked" blog:

In early November, a well-known and respected security researcher by the name of Tavis Ormandy alerted us to several security vulnerabilities in the consumer version of Malwarebytes Anti-Malware.

Within days, we were able to fix several of the vulnerabilities server-side and are now internally testing a new version (2.2.1) to release in the next 3-4 weeks to patch the additional client-side vulnerabilities. At this time, we are still triaging based on severity.

The research seems to indicate that an attacker could use some of the processes described to insert their own code onto a targeted machine. Based on the findings, we believe that this could only be done by targeting one machine at a time.

However, this is of sufficient enough a concern that we are seeking to implement a fix. Consumers using the Premium version of Malwarebytes Anti-Malware should enable self-protection under settings to mitigate all of the reported vulnerabilities.

Continued : https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/
Collapse -
Scareware Campaign Targets Mac OS X Machines
by Carol~ Moderator / February 5, 2016 9:43 AM PST

A unique scareware campaign targeting Mac OS X machines has been discovered, and it’s likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate.

“Sadly, this particular developer certificate (assigned to a Maksim Noskov) has been used for probably two years in similar attacks,” said Johannes Ullrich, dean of research of the SANS Institute’s Internet Storm Center, which on Thursday publicly disclosed the campaign. “So far, it apparently hasn’t been revoked by Apple.”

Continued : https://threatpost.com/scareware-campaign-targets-mac-os-x-machines/116164/

Collapse -
Fake Amazon survey-for-money offer leads to acct compromise
by Carol~ Moderator / February 5, 2016 9:58 AM PST

Amazon users are being targeted with a clever phishing email impersonating the retail giant.

"As a valued customer we would like to present you with an opportunity to make a quick buck," says the email, decked out with the Amazon logo and using a similar color scheme.

"We are offering £10 each to a selected number of customers in exchange for completing a quick survey relating to our service. Your opinions and thoughts are vital in order for us to provide the best possible service. Please press the link below to get started."

Continued : http://www.net-security.org/secworld.php?id=19411

Collapse -
eBay Vulnerability Exposes Users to Phishing, Data Theft
by Carol~ Moderator / February 5, 2016 9:58 AM PST

Researchers are warning that some visitors to eBay.com could be tricked into opening a page on the site that could expose them to phishing attacks and data theft.

The vulnerability exists in the site’s online sales platform, according to Roman Zaikin, a researcher with Check Point. With it, an attacker could bypass the site’s code validation and execute malicious JavaScript on users via their browser, or mobile app, the firm warned Tuesday.

Check Point disclosed the issue to eBay on Dec. 15 last year but when it got back to the firm, just over two weeks ago, the company claimed it had no plans to fix the issue.

Continued: https://threatpost.com/ebay-vulnerability-exposes-users-to-phishing-data-theft/116113/

Collapse -
White Hat Pwns Dridex Botnet to Push Avira A/V Instead of..
by Carol~ Moderator / February 5, 2016 10:24 AM PST
... Malware

An unknown white hat hacker has hijacked the Dridex botnet and is now delivering a copy of Avira Free Antivirus instead of the original trojan specialized in banking operations.

Avira researchers discovered this a few days back and said they are not behind it in any way.

Dridex is one of the most successful botnets of all time, making tens of millions of dollars, but most of its activity died down after one key member was arrested in Paphos, Cyprus, after trying to cheat a bank for $3.5 million / €3.12 million.

Continued : http://news.softpedia.com/news/white-hat-pwns-dridex-botnet-to-push-avira-antivirus-instead-of-malware-499978.shtml

Dridex botnet distributor now serves Avira
Dridex banking malware mysteriously hijacked to distribute antivirus program
Collapse -
Apple confirms iPhone-killing “Error 53,” says it’s about..
by Carol~ Moderator / February 5, 2016 10:35 AM PST
.. security

"The iPhone’s most mysterious and dangerous bug is tied to Touch ID tampering and unauthorized repairs, at least according to Apple."

For months, some iPhone users have been running into a mysterious bug called “Error 53,” which can render some newer handsets unusable. Now, Apple has chimed in with an explanation.

With Error 53, some iPhone 6 and 6s users have found that their handsets no longer work after an iOS update. Stranger still, Apple’s support site barely documents the problem, lumping it in with other error codes that appear to be more easily resolved. As reported last year by The Daily Dot’s Mike Wehner, the only fix for Error 53 is to send the phone back to Apple and get a replacement.

But The Guardian has an update on the issue with official word from Apple on its cause.

Continued: http://www.pcworld.com/article/3030244/security/apple-confirms-iphone-killing-error-53-says-it-s-about-security.html
Collapse -
Tired of telemarketers? One man has the answer...
by Carol~ Moderator / February 5, 2016 11:04 AM PST

@ Sophos' "Naked Security" blog:

One opinion we’ve expressed quite strongly before on Naked Security is, “Don’t mess with crooks.”

There’s a school of thought, for example, that comes up every time we write about those odious fake support calls.

That’s where some bloke – at least, it’s been a bloke in every instance of which I’m aware – calls up out of the blue to threaten you with some kind of trouble if you don’t pay him rather a lot of money to permit him to login remotely and pretend to remove a virus infection you don’t have.

Continued: https://nakedsecurity.sophos.com/2016/02/05/tired-of-telemarketers-one-man-has-the-answer/

Collapse -
Introducing Malwarebytes Anti-Ransomware
by Carol~ Moderator / February 5, 2016 11:40 AM PST

Announced @ the Malwarebytes Forum on 25 January 2016 - 06:34PM:

We are very excited to announce the release the first Malwarebytes Anti-Ransomware beta!

As mentioned in the blog announcement by Marcin this beta is extremely exciting as it introduces the most innovative approach in the market today for protecting against ransomware; a completely proactive and signature-less technology that is able to detect and block even the most dangerous of ransomware variants like CryptoWall4, CryptoLocker, Tesla, and CTB-Locker.

Malwarebytes Anti-Ransomware monitors all activity in the computer and identifies actions which are typical of ransomware activity. It keeps track of all activity and, once it has enough evidence to determine a certain process or thread to be ransomware, blocks the infection and quarantines the ransomware before it has a chance to encrypt users' files. During development Malwarebytes Anti-Ransomware has blocked every single ransomware variant we have thrown at it. We are extremely satisfied with its results and are excited to bring this technology to our user community for further testing.

As this is the very first beta we do encourage beta users to install the product in non-production environments for testing purposes.

Continued: https://forums.malwarebytes.org/index.php?/topic/177751-introducing-malwarebytes-anti-ransomware/#entry1014661

Collapse -
Avast Patches Vulnerability in SafeZone Tool
by Carol~ Moderator / February 5, 2016 11:53 AM PST

A vulnerability in Avast’s SafeZone tool allowed attackers to read any file on the system by getting the victim to click on a link, Google researcher Tavis Ormandy revealed on Thursday.

SafeZone, also known as Avastium, is a Chromium fork designed to protect Avast users’ data when they shop or bank online. The tool is included in Avast’s Premier, Internet Security and Pro Antivirus products.

Ormandy discovered in mid-December that unlike Chromium, which only allows WebSafe URLs on the command line, SafeZone allowed any URL without restriction. By removing this security check, the Avast tool permitted attackers to gain additional privileges and conduct various actions on the system.

Continued: http://www.securityweek.com/avast-patches-vulnerability-safezone-tool

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?