PDA

View Full Version : Safer Computing: 09/02/16


Wally
9th February 2016, 01:45 PM
B U L L E T I N (ID: HKRI-A6YG28)
---------------------------------------
Researchers have uncovered an advanced modular backdoor that is capable of logging victims' Skype calls and copying files off removable drives.

The initial exploitation occurs when a victim clicks on an .RTF file that is attached to a spear-phishing email message. That file exploits two Microsoft Office vulnerabilities in order to create a shellcode that loads the embedded malware payload and saves it to a temporary file. Once that temporary file is executed, the malware proceeds along an additional four stages by which it completes its setup.

Thus far, the malware has been spotted targeting various organizations in the United States. However, given its multi-stage structure, including the lengths to which it goes to verify that security products are not intruding upon its infection process, the researchers feel that the malware could target a much broader range of users. For that reason, they have provided the malware's indicators of compromise with the hope that organizations will use them to protect themselves against the tool.

W E B L I N K S
-----------------
By David Bisson: ->
https://www.grahamcluley.com/2016/02/advanced-malware-logs-skype-calls-steals-files-removable-drives/

http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/

PeteM
13th February 2016, 09:16 PM
Thanks Wally

Graham_of_Rainham
13th February 2016, 10:11 PM
It reads like something that was once considered Science Fiction but is now very much "documentary". :(

Ross the fiddler
14th February 2016, 03:34 AM
I guess the moral of that story (information) is not to open phishing emails in the first place & never click on anything except absolutely known emails (& emails from friends can be hijacked fake ones as well).

Thanks for these updates Wally. It certainly is worthwhile keeping up to date to protect ourselves.

*chr

drmarkf
14th February 2016, 09:36 AM
Yes, I've had odd-looking emails apparently from half a dozen of my friends who it turned out have been hacked.

You have to be really careful.

If it's any help, I've noticed that this is most likely to happen to two sorts of people: those who know and understand nothing about online security and have been simply duped in to clicking on something they shouldn't have; and those who probably dabble in places the rest of us avoid and/or they do so while drunk/stoned. I recommend immediately deleting anything 'odd' you get from those sorts of people, and email them directly to ask what's going on *yes

Otto
14th February 2016, 09:42 AM
I had an odd one yesterday, from a recruitment site thanking me for registering and asking me to click on a link to confirm my registration. I have never registered on that site, and the e-mail address it was sent to is one known only to close friends. The site, myjobscotland.gov.uk, appears to be entirely genuine so I would love to know how they got my private e-mail address and who thought I might want a job in the public sector in Scotland! Anyway, needless to say I did not click on the link.

peak4
14th February 2016, 10:32 AM
I highly recommend "Mailwasher", which I've been using since a Beta version in Windows 95.
It allows you so preview your mail directly on the server, so you can delete spam from there, without ever having to download it to your own PC.

Multiple email accounts or Hotmail need the paid for Pro version, but for single email accounts, I understand that the free version works fine.

I'm still on my year's free trial of the new Pro version since I upgraded to Win-7, having been using the aforementioned free multiple account Beta version on XP. The only reason I've tried the later one is a memory error waring on closing the Beta version. Otherwise it still seems to work OK.

I don't use the Auto Bounce option for spam, as that just adds yet more traffic to my ISPs mail servers

N.B. there are reports that some people who have paid for the lifetime licence, as now being told that they have to pay again to get the latest updates.

DerekW
14th February 2016, 12:35 PM
I route all my incoming mail through GMail, it has an excellent Spam detection system.

Otto
14th February 2016, 01:36 PM
Another vote for Mailwasher (http://www.firetrust.com/), it's kept me safe for years. The way it flags up links which are not what they purport to be is very useful. Together with the ZoneAlarm firewall it forms an effective barrier against nasties, and I don't need to use a resource-hungry anti-virus program.

Jim Ford
14th February 2016, 04:49 PM
Another vote for Mailwasher (http://www.firetrust.com/), it's kept me safe for years. The way it flags up links which are not what they purport to be is very useful. Together with the ZoneAlarm firewall it forms an effective barrier against nasties, and I don't need to use a resource-hungry anti-virus program.

I've seen it stated that 3rd party firewalls such as Zonealarm are worse than useless. 'Useless' because they they start up long after the network is established, leaving a window of opportunity for intrusion. 'Worse' because they give you a false sense of security.

Virus checkers are also useless. If a virus is detected, your system is 'toast'. You've already been burgled and the burglars are down the road with your flat screen television!

Jim

Ross the fiddler
15th February 2016, 01:41 AM
On Win 7 I am fine with Windows Live Mail (Essentials) as it generally (& more so since the last update) sorts out suspicious mail, especially with any questionable attachments & links etc.

Otto
15th February 2016, 09:45 AM
I've seen it stated that 3rd party firewalls such as Zonealarm are worse than useless. 'Useless' because they they start up long after the network is established, leaving a window of opportunity for intrusion.

Well, if the system tray icons are anything to go by my network is not connected until after the ZoneAlarm icon appears. It would indeed be pretty daft if it was otherwise.

As for anti-virus software my understanding is that it scans new files, e-mails etc for the signature of a virus and warns you not to open them, but as I said I don't use it. The only time I ever got a virus was when I upgraded from Win98 to WinXP and the stupid installer connected to the Internet without enabling its firewall.