# Worms, trojans an' viruses, oh my!



## waltky (Sep 3, 2012)

It's the FBI an' dey comin' to getcha!...

*FBI computer virus sweeping across nation*
_3 Sept.`12 - New nasty demands $200 payment to 'unlock' PC_


> Theres a nasty computer virus going around that shocks users by putting on the screen a claim that the FBI and the federal government has taken control of the computer because it has been linked to illegal activity. Further, it controls the computers Web camera and makes it look like an image of the user is being streamed to the government. It is scary. The first time we saw it we jumped back and said, Hey, what is going on? Alex Diaz, with Top Tech Experts, told KTRK-TV in Houston. The latest wave of attacks has hit the Republican National Convention in Tampa, where numerous computer users lined up at computer centers for help removing the malicious software.
> 
> Diaz told the Houston station the new FBI scam tries to convince users that they have done something wrong and have been caught. It then demands that the user purchase a pre-paid debit card for $200 and enter the card number so the fine can be paid and the computer unlocked. With anything that you see with FBI warnings, you want to be alarmed and read it properly, but do not send any money, Diaz advised the station. The FBI is not taking money from you, or wanting any money from you in that manner. Federal investigators confirm its just a new twist on an old theme used by scammers  scaring people into sending them money. But technical experts say the computer effectively is worthless until the virus can be cleaned.
> 
> ...


----------



## waltky (Dec 13, 2012)

Granny says, "So if dey know about trojan set to hit banks in the spring why don't dey neutralize it?...

*Looming cyber attack threatens major banks*
_December 13th, 2012 - Some of the nation's biggest banks are at risk of a massive cyber attack next year that could potentially siphon funds from unsuspecting customers, according to a leading digital security firm._


> The fraud campaign, known as Project Blitzkrieg, is a credible threat, the Internet security firm McAfee Labs concluded in a new report.  The malware has been lying dormant in U.S. financial systems and is scheduled to go active by the spring of 2013, McAfee researchers concluded.  The project "appears to be moving forward as planned," the report states.  People familiar with the study said some 30 financial institutions are targets of the campaign.  They include Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One, Navy Federal Credit Union and others.  Information about the intended cyber attack was discovered in September by the Internet security firm RSA during the course of monitoring a web chat room that the company says was run by a Russian hacker known as vorVzakone.
> 
> According to the report, the Russian was believed to be using the chat room to recruit fellow hackers to steal assets from bank accounts as part of a criminal enterprise.  At the time, there were doubts about the credibility of the threat, with some experts suggesting it was part of a Russian law enforcement sting.  "Our researchers have been poring into this and what they have found, they actually found somewhere between 300 to 500 devices in the U.S. that have actually been infected with the particular malware that this individual is talking about," said Pat Calhoun, a senior vice president at McAfee.  "That, combined with some additional research were doing, has led us to believe this is true. This is actually a real operation that this individual is planning to launch sometime before spring 2013."
> 
> ...


----------



## iamwhatiseem (Dec 15, 2012)

McAfee's sales must be down...


----------



## anotherlife (Dec 18, 2012)

I think that all types of computer attacks are actually good for the (bigger) banks, rather than bad.  Since the banks have exclusive national services available to them, such as credit monitoring for example, they just deflect any loss by an attack, to the expense of customers.  They can make extra profits from this, by further differentiating between their customers this way.  So there is never gonna be such a thing as a true identity protection or bank account protection, or anything like that.


----------



## waltky (Jan 23, 2013)

Granny says lock `em up an' throw away the key...

*Feds: 3 nabbed for widespread Gozi computer virus*
_23 Jan.`12   A computer virus that spread to more than a million computers worldwide, including some at NASA, and produced at least $50 million in illegal profits or losses to victims should be a "wake-up call" for banks and consumers unaware of the threat posed by Internet criminals, a prosecutor said Wednesday._


> U.S. Attorney Preet Bharara and George Venizelos, head of the New York FBI office, warned of the growing threat to financial and international security as they announced that a 2½-year probe had resulted in three arrests, two of them overseas, and the seizure of vast amounts of computer-related evidence that will take months or years to fully analyze. They said the Gozi virus had infected 40,000 computers in the United States since 2005, including 190 at the National Aeronautics and Space Administration, along with computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey and elsewhere.  "This case should serve as a wake-up call to banks and consumers alike because cybercrime remains one of the greatest threats we face, and it is not going away anytime soon," Bharara said. "It threatens individuals, businesses and governments alike."  He told a news conference that cybercriminals "believe that their online anonymity and their distance from New York render them safe from prosecution, but nothing could be further from the truth."
> 
> Venizelos said law enforcement had seized 51 computer servers in Romania, along with laptops, desktops and external hard drives, accumulating more than 250 terabytes of information.  "That vast pile of data is almost certain to aid criminal investigation at FBI offices around the country as well as law enforcement agencies around the world," he said. "It is more than standard boilerplate to say that this investigation is very much ongoing."  So far, the investigation has produced three arrests, including that of Nikita Kuzmin, a 25-year-old Russian who pleaded guilty to computer intrusion and fraud charges in Manhattan in May 2011, admitting his role in creating the virus. The plea by the Moscow resident was followed by the arrest in November of a co-conspirator in Latvia and another in Romania last month. Extradition proceedings are under way against both on various criminal charges, including conspiracy.
> 
> ...


----------



## waltky (Feb 1, 2013)

Child porn virus hits the web...

*Computer virus accuses victims of viewing child porn*
_1 February 2013 - German federal police are warning about a computer virus that accuses victims of viewing "juvenile pornography"._


> It also displays an image that it claims reveals images of child sexual abuse have been viewed on a computer.  The Windows virus locks a computer and only returns control to its owner on payment of a 100 euro (£86) fine.  It purports to be collecting cash on behalf of German copyright authorities and the country's national computer security agency.  The virus amounted to "digital extortion" and victims should not pay up, said German police.
> 
> 
> 
> ...


----------



## George Costanza (Feb 19, 2013)

iamwhatiseem said:


> McAfee's sales must be down...



Have you ever had McAfee do anything for you?  I never have.  Only thing it has done for me is lighten my wallet and screw up the operation of my computer.


----------



## Charles_Main (Feb 24, 2013)

George Costanza said:


> iamwhatiseem said:
> 
> 
> > McAfee's sales must be down...
> ...



Does anyone actually buy that Garbage anymore? I have never found one that did anything other than slow me down, and not stop anything. So now I just have a very good back up system, and simply wipe my OS HD periodically.


----------



## George Costanza (Feb 25, 2013)

Charles_Main said:


> George Costanza said:
> 
> 
> > iamwhatiseem said:
> ...



Ah, yes - the old OS HD wipe.  I always wipe as thoroughly as possible whenever necessary.

I have found that purging my tech batch using an AV screed works quite well also.  Of course, you have to follow up with a TI scan as soon as possible thereafter.

God, I love this technical stuff . . . .


----------



## waltky (Mar 1, 2013)

Here kitty, here kitty, kitty...

*Web code weakness allows data dump on PCs*
_1 March 2013 - Gigabytes of junk data could be dumped onto PCs via a loophole in web code, a developer has found._


> The loophole exploits a feature of HTML 5 which defines how websites are made and what they can do.  Developer Feross Aboukhadijeh found the bug and set up a demo page that fills visitors hard drives with pictures of cartoon cats.  In one demo, Mr Aboukhadijeh managed to dump one gigabyte of data every 16 seconds onto a vulnerable Macbook.
> 
> Clever code
> 
> ...


----------



## waltky (May 16, 2013)

Mobile devices become targets for malware...

* Three Steps to Combat Mobile Malware*
_Thursday, May 30,`13 - Speaker: Saj Sahay, Sr. Director, Product Marketing for Mobilisafe, Rapid7_


> As mobile devices become more common, cybercriminals see them as having huge profit potential, and aim to gain access to the users confidential personal and financial information. Mobile applications are the primary way users access information via mobile devices, and as a result the majority of mobile malware is embedded in applications that once downloaded on the device can gain access to valuable information. But, creating policies and understanding the risk of mobile malware can often be easier said than done.
> 
> Join Saj Sahay for an interactive 30-minute webcast where he will discuss the mobile malware landscape and how organizations can limit their risk.
> Participants of this webcast will learn:
> ...


----------



## Bleipriester (May 16, 2013)

The fear of viruses and other malware is justified, but it should not lead to panic.
Don´t store any important files on C: and you can reinstall your system in case of need.
Furthermore the most common malware programms are not very harmful and are detected by all AV-Solutions.


----------



## Snookie (May 27, 2013)

Since I have used norton on this computer it has lasted longer than any of my others I have owned.


----------



## waltky (Jun 15, 2013)

Heads-up on malware...

*Is Your PC a Zombie?*
_Jun 12,`13 > Millions of spam messages are sent each day. Hundreds and thousands of computers take part in a (DDoS) distributed denial of service attack against a single Website. The scary part is the fact that your computer may be doing all these things without your knowing anything about it. Your computer may be a zombie and operating as part of a botnet._


> A zombie computer is one that has been hijacked by someone else and carries out instructions in the background, such as taking part in a DDoS attack, sending out spam, or spreading malware. In the case of a DDoS attack, the computer receives the name of the target Website and instruction on when to begin the attack.  While there are many ways a computer can become a zombie, the most common is via a Trojan installed on the system when a malicious email attachment was opened. The Trojan runs quietly in the background and opens a backdoor to allow the attacker access, or just waits for instructions.  The entire point of the zombie is to be stealthy so that you dont find and remove the infection. Since you likely dont even know that your computer is engaged in any illicit activities, its even more difficult to figure out that it is actually a zombie.
> 
> Sure, there may be some hints, such as unexplained error messages and computer crashes. In the case of the spam-sending zombie, you may find unfamiliar messages in the outgoing mail folder. Perhaps the computer is really slow or the network feels really sluggish even though you dont have a lot of programs open. These indicate some kind of a malware infection, not necessarily of a zombie.  Still, its a good first step to run an up-to-date antivirus or anti-spyware tool to try to remove the malware. Some malware variants disable antivirus or block it from running. If that is the case, try several different antivirus scanners to find one getting past the malware and cleaning up the infection.
> 
> ...



See also:

*Another Round of Email Phishing Attacks: Dont Get Hooked!*
_May 15,`13 > Researchers at Check Point (our parent company) recently detected evolving phishing and bot attacks. The attackers are sending phishing emails purporting to be from Citibank or Bank of America. The malicious emails contain subject lines like Merchant Statement and invite recipients to open an infected Microsoft Word attachment with names, such as Statement ID 4657-345-347-0332.doc._


> Instead of a legitimate statement, the attachment contains malware that if opened, automatically executes, infects your computer, and renders it under the control of a larger bot network. The malware can open network ports, steal user credentials, such as logins and passwords, and act as a self-propagating spam bot ready to execute any new attack instructions and spread malicious emails to other targets  a unique aspect of these attacks.
> 
> These attacks are variations of a similar one that was conducted last year, and take advantage of a vulnerability in Microsofts Windows Common Controls as described in CVE-2012-0158. The attack can successfully infect both Windows 7 and Windows XP platforms.
> 
> ...


----------



## namvet (Jun 16, 2013)

Snookie said:


> Since I have used norton on this computer it has lasted longer than any of my others I have owned.



ditto


----------



## namvet (Jun 16, 2013)

ive also used this for years which has saved me a lot of grief

[ame=http://www.youtube.com/watch?v=iUmaLmO0gx0]Presentation of Secunia PSI 3.0 - YouTube[/ame]


----------



## waltky (Sep 6, 2015)

possum eats dem lil' bugs dat crawl on Granny's computer...

*Latvian man pleads guilty to generating ‘Gozi’ computer bug*
_Sun, Sep 06, 2015 - A Latvian computer code writer who helped create a virus that spread to more than 1 million computers worldwide and corrupted some at NASA might be returning home soon after pleading guilty to a federal charge on Friday._


> Deniss Calovskis, soft-spoken and bespectacled, pleaded guilty in Manhattan to conspiring to commit computer intrusion. The 30-year-old hacker faces a likely prison term of between 18 months and two years at a December sentencing, according to the terms of a plea deal with the US government.
> 
> Before the plea, he had faced charges that could have carried a prison term of up to 67 years upon conviction.  Calovskis admitted that he was hired to write code for the Gozi virus.  “I knew what I was doing was against the law,” Calovskis told a magistrate judge.  Arrested in Latvia in 2012, he was not extradited to the US until February.
> 
> ...


----------



## waltky (Jun 7, 2017)

250M computers affected worldwide...




*Hack Brief: Dangerous ‘Fireball’ Adware Infects a Quarter Billion PCs*
_6.02.17 - Fireball Adware: Unnecessary marketing ads are always annoying, especially when it infects as many as one in five networks in the world, and hides the capability to do far more serious damage to its victims, it’s an epidemic waiting to happen._


> Just when the world was catching a breather for WannaCry ransomware, another one has come knocking at the door. A new malware dubbed as Fireball has infected millions of computers globally.  A Security Firm, Check Point has recently warned of the possibility of a massive outbreak. An adware called ‘Fireball’ may have infected over 250 million PCs around the world. It’s a malware designed to hijack browsers to change the default search engine, and track their web traffic on behalf of a Beijing-based digital marketing firm called Rafotech.  Maya Horowitz, the head of Check Point research team, said:    “A quarter-billion computers could very easily become victims of real malware, It installs a backdoor into all these computers that can be very, very easily exploited in the hands of the Chinese people behind this campaign.”
> 
> Who’s effected from Fireball Adware?
> 
> ...


----------



## waltky (Aug 4, 2017)

Mebbe dat's how he knew how to crack Wannacry...




*Hacker who helped control WannaCry arrested in Nevada*
_Sat, Aug 05, 2017 - Marcus Hutchins, a young British researcher credited with derailing a global cyberattack in May, was arrested for allegedly creating and distributing malicious software designed to collect bank-account passwords, US authorities said on Thursday._


> News of Hutchins’ detention came as a shock to the cybersecurity community. Many had rallied behind the researcher whose quick thinking helped control the spread of the WannaCry ransomware attack that crippled thousands of computers.  Hutchins was detained in Las Vegas on his way back to Britain from an annual gathering of hackers and information security gurus.  A grand jury indictment charged Hutchins with creating and distributing malware known as the Kronos banking Trojan.
> 
> Such malware infects Web browsers, then captures usernames and passwords when an unsuspecting user visits a bank or other trusted location, enabling cybertheft.  The indictment, filed last month in a Wisconsin federal court, alleges that Hutchins and another defendant — whose name was redacted — conspired between July 2014 and July 2015 to advertise the availability of the Kronos malware on Internet forums, sell the malware and profit from it.  The indictment also accuses Hutchins of creating the malware.
> 
> ...



See also:

*U.S. judge sets $30,000 bail for famed British cyber expert*
_August 4, 2017 - A U.S. judge in Law Vegas set a $30,000 bail on Friday for a famed British cyber security researcher accused of advertising and selling malicious code used to pilfer banking and credit card information._


> Marcus Hutchins, 23, gained international celebrity status within the hacker community in May when he was credited with neutralizing the global "WannaCry" ransomware attack.  His attorney, Adrian Lobo, told reporters he would not be released on Friday because the clerk's office for the court closed before his defense team could post the bail.
> 
> Judge Nancy Koppe dismissed a federal prosecutor's claim that Hutchins was a flight risk. If released, Hutchins will be barred from computer use or internet access.  Hutchins was "doing well, considering what's gone on," his defense attorney, Adrian Lobo, told reporters.
> 
> ...



Related:

*WannaCry ransom money is on the move*
_Aug. 3, 2017  -- The hackers behind May's WannaCry cyberattack have moved the ransom money they accumulated from three bitcoin accounts to other, larger accounts, online tracking records show._


> The WannaCry attack paralyzed business and government computer systems across the world by exploiting security flaws first unearthed by the National Security Agency. Among the groups hardest hit were the Spanish telecom giant Telefonica and Britain's health ministry. Hospitals in Britain were forced to turn away patients for multiple days while officials scrambled to regain control of their computer systems.  Though the hackers, who are believed to have ties to North Korea, succeeded in upending cybersecurity systems across the world, their efforts to turn it into a money-making scheme largely failed due to their own ineptitude.
> 
> For starters, though bitcoin transactions are public, they are also anonymous. The three accounts the hackers set up to receive ransom payments from victims were unable to track who had made the payments, meaning the decryption codes the hackers promised were unreliable, making it less likely victims would be willing to pay the ransom in the first place. Other basic coding errors made some of the system take-overs easily remedied.  In another twist, the hackers set up a free email account to communicate with victims that was almost immediately identified by the service provider and shut down.
> 
> ...


----------

