Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature currently requires accessing the site using the built-in Safari browser.
Theres a nasty computer virus going around that shocks users by putting on the screen a claim that the FBI and the federal government has taken control of the computer because it has been linked to illegal activity. Further, it controls the computers Web camera and makes it look like an image of the user is being streamed to the government. It is scary. The first time we saw it we jumped back and said, Hey, what is going on? Alex Diaz, with Top Tech Experts, told KTRK-TV in Houston. The latest wave of attacks has hit the Republican National Convention in Tampa, where numerous computer users lined up at computer centers for help removing the malicious software.
Diaz told the Houston station the new FBI scam tries to convince users that they have done something wrong and have been caught. It then demands that the user purchase a pre-paid debit card for $200 and enter the card number so the fine can be paid and the computer unlocked. With anything that you see with FBI warnings, you want to be alarmed and read it properly, but do not send any money, Diaz advised the station. The FBI is not taking money from you, or wanting any money from you in that manner. Federal investigators confirm its just a new twist on an old theme used by scammers scaring people into sending them money. But technical experts say the computer effectively is worthless until the virus can be cleaned.
The The Hillsboro, Kan., Star-Journal reported that local computer users were being threatened for owning or distributing copyrighted material, pornography, or malware. The virus also threatens criminal action for those who fail to pay. Several anti-virus program companies already were addressing the concerns, posting notices about the FBI Moneypak Virus and instructions on how to remove it. Spyware, spybot and other companies also posted warnings and advisories about the problem. Officials with Geek Squad, Best Buy electronics companys computer fixit shop, said the software is accurately described as a ransomware, which states the users computer is locked and requires payment via Moneypak cards.
The company declined to comment on the number of cases its technicians have seen. We do encourage individuals to take the proper precautions, because it is dangerous from the perspective that if individuals purchase Moneypak cards and pay the ransom they have no way of getting the money back or filing a claim, the company statement said. The Kansas Better Business Bureau also is warning about the situation. And Agence France-Presse noted the worldwide impact of the scam. Were getting inundated with complaints, Donna Gregory of the U.S. Internet Crime Complaint Center said of the Reventon ransomware. Some people have actually paid the so-called fine, she told AFP.
Source
The fraud campaign, known as Project Blitzkrieg, is a credible threat, the Internet security firm McAfee Labs concluded in a new report. The malware has been lying dormant in U.S. financial systems and is scheduled to go active by the spring of 2013, McAfee researchers concluded. The project "appears to be moving forward as planned," the report states. People familiar with the study said some 30 financial institutions are targets of the campaign. They include Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One, Navy Federal Credit Union and others. Information about the intended cyber attack was discovered in September by the Internet security firm RSA during the course of monitoring a web chat room that the company says was run by a Russian hacker known as vorVzakone.
According to the report, the Russian was believed to be using the chat room to recruit fellow hackers to steal assets from bank accounts as part of a criminal enterprise. At the time, there were doubts about the credibility of the threat, with some experts suggesting it was part of a Russian law enforcement sting. "Our researchers have been poring into this and what they have found, they actually found somewhere between 300 to 500 devices in the U.S. that have actually been infected with the particular malware that this individual is talking about," said Pat Calhoun, a senior vice president at McAfee. "That, combined with some additional research were doing, has led us to believe this is true. This is actually a real operation that this individual is planning to launch sometime before spring 2013."
The McAfee report states, "The targets are U.S. banks, with the victims dispersed across various U.S. cities, according to the telemetry data. Thus this group will likely remain focused on U.S. banks and making fraudulent transactions." Calhoun said that McAfee has access to the malware and, through reverse engineering, has learned much about its capability and targets. "We see the IP addresses and names of banks and so on or references to URLs." Calhoun said the behavior of the Trojan suggests it is a variant of a previous known strain called Gozi. RSA labeled this latest version, Gozi Prinimalka. But it's a tedious task dissecting the malware, and the company is still trying to figure out how it would create fraudulent bank transactions, Calhoun said. Based on their analysis, the McAfee researchers believe the plan is to attack a small group of bank customers. "This strategy is necessary if the attackers hope to succeed in transferring several million dollars over the course of the project," the report states. "A limited number of infections reduces the malware's footprint and makes it hard for network defenses to detect its activities."
But Calhoun said the fact the malware has been detected allows for a defense to be mounted. "Since we know about it, we will be able to protect against it," Calhoun said. "We're working very closely with law enforcement and a lot of the potential targets to make sure they understand this and know how to behave or how to protect themselves against it." Wells Fargo, the only financial institution to respond to questions about preparations it might be taking to thwart the potential attack, said it was watching for the threat. "Security is core to our mission and safeguarding our customers' information is at the foundation of all we do," Wells Fargo said in a statement. "We constantly monitor the environment, assess potential threats, and take action as warranted." The Department of Homeland Security, which takes the lead for the government on cyber security issues, had no comment on the McAfee report or Project Blitzkrieg.
Looming cyber attack threatens major banks – CNN Security Clearance - CNN.com Blogs
U.S. Attorney Preet Bharara and George Venizelos, head of the New York FBI office, warned of the growing threat to financial and international security as they announced that a 2½-year probe had resulted in three arrests, two of them overseas, and the seizure of vast amounts of computer-related evidence that will take months or years to fully analyze. They said the Gozi virus had infected 40,000 computers in the United States since 2005, including 190 at the National Aeronautics and Space Administration, along with computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey and elsewhere. "This case should serve as a wake-up call to banks and consumers alike because cybercrime remains one of the greatest threats we face, and it is not going away anytime soon," Bharara said. "It threatens individuals, businesses and governments alike." He told a news conference that cybercriminals "believe that their online anonymity and their distance from New York render them safe from prosecution, but nothing could be further from the truth."
Venizelos said law enforcement had seized 51 computer servers in Romania, along with laptops, desktops and external hard drives, accumulating more than 250 terabytes of information. "That vast pile of data is almost certain to aid criminal investigation at FBI offices around the country as well as law enforcement agencies around the world," he said. "It is more than standard boilerplate to say that this investigation is very much ongoing." So far, the investigation has produced three arrests, including that of Nikita Kuzmin, a 25-year-old Russian who pleaded guilty to computer intrusion and fraud charges in Manhattan in May 2011, admitting his role in creating the virus. The plea by the Moscow resident was followed by the arrest in November of a co-conspirator in Latvia and another in Romania last month. Extradition proceedings are under way against both on various criminal charges, including conspiracy.
The NASA breach occurred from Dec. 14, 2007, to Aug. 9, 2012, with the most damage occurring between May and August last year, according to documents filed in U.S. District Court in Manhattan. The infected computers sent data without user authorization, including login credentials for an eBay account and a NASA email account, details of visited websites and the contents of Google chat messages. Mihai Ionut Paunescu, 28, who was arrested in Romania, set up online infrastructure that allowed others to distribute destructive viruses and malicious software, including ones dubbed Zeus Trojan, SpyEye and BlackEnergy, according to a criminal complaint filed against him. The document said Paunescu, a Romanian national residing in Bucharest, was also known as "Virus." The Gozi virus was designed in 2005 and distributed beginning in 2007, when it was secretly installed onto each victim's computer in a manner that left it virtually undetectable by antivirus software. Deniss Calovskis, 27, was arrested in Riga, Latvia, where he is a citizen and resident, on charges including bank fraud conspiracy.
Extradition proceedings had begun to bring them to New York for trial. Charges against Kuzmin carry a maximum penalty of 95 years in prison while charges against Calovskis carry up to 67 years and charges against Paunescu have a maximum penalty of 60 years. Authorities say Kuzmin began designing the Gozi virus in 2005 to steal personal bank account information of individuals and businesses in a widespread way. They said he hired a programmer to write the software and began renting it to others for a weekly fee, advertising it on Internet forums devoted to cybercrime and other criminal activities. Beginning in 2009, Kuzmin offered the code to others for $50,000 plus a guaranteed share of future profits, court documents said. Authorities said Calovskis had training and expertise in computer programming when he was hired by a co-conspirator to upgrade the virus with new code that would deceive victims into divulging additional personal information, such as a mother's maiden name. Federal authorities sought at least $50 million from Calovskis, an amount they said was obtained through the conspiracy.
Feds: 3 nabbed for widespread Gozi computer virus - Yahoo! News
It also displays an image that it claims reveals images of child sexual abuse have been viewed on a computer. The Windows virus locks a computer and only returns control to its owner on payment of a 100 euro (£86) fine. It purports to be collecting cash on behalf of German copyright authorities and the country's national computer security agency. The virus amounted to "digital extortion" and victims should not pay up, said German police.
The virus uses a window crafted to look like it was issued by official agencies
The warning about the novel strain of ransomware was issued by Germany's Federal Criminal police office (the Bundeskriminalamt or BKA). The ransomware version found by the BKA uses a pop-up window that says the machine has been locked down due to "unauthorised network activity". The window is crafted to look like it has been put together by Germany's Federal Office for Information Security (BKI) and its society for prosecution of copyright infringement (GVU).
'Emotional blackmail'
Text in the window claims that images of child sexual abuse as well as pirated content have been found on the machine. Also displayed is an picture of a child which it claims reveals illegal images have been viewed. Rik Ferguson, director of security research at Trend Micro, said it was the first time he had heard of ransomware displaying images that users were accused of harbouring. "It seems that they are attempting to increase the pressure of this kind of emotional blackmail," he told the BBC.
Germany's BKA said users should not pay the fine "under any circumstances" and added that neither the BKI or GVU collected cash in this way from those suspected of viewing illegal images or pirating content. Instead, users should use anti-virus and other security software to clean up their PC and deal with the virus. "This is a form of digital extortion," said the BKA in its alert about the virus.
Ransomware, which tries to make victims pay an on-the-spot fine, is becoming more prevalent but most strains simply accuse people of pirating movies or music. Others scramble data that is only unscrambled when a fee is paid. Security firm Symantec said it was seeing more and more strains of ransomware and said it could be "highly profitable" for its creators. It estimated that ransomware makers were already making about $5m (£3m) a year from such malicious code.
BBC News - Computer virus accuses victims of viewing child porn
McAfee's sales must be down...
McAfee's sales must be down...
Have you ever had McAfee do anything for you? I never have. Only thing it has done for me is lighten my wallet and screw up the operation of my computer.
McAfee's sales must be down...
Have you ever had McAfee do anything for you? I never have. Only thing it has done for me is lighten my wallet and screw up the operation of my computer.
Does anyone actually buy that Garbage anymore? I have never found one that did anything other than slow me down, and not stop anything. So now I just have a very good back up system, and simply wipe my OS HD periodically.
The loophole exploits a feature of HTML 5 which defines how websites are made and what they can do. Developer Feross Aboukhadijeh found the bug and set up a demo page that fills visitors hard drives with pictures of cartoon cats. In one demo, Mr Aboukhadijeh managed to dump one gigabyte of data every 16 seconds onto a vulnerable Macbook.
Clever code
Most major browsers, Chrome, Internet Explorer, Opera and Safari, were found to be vulnerable to the bug, said Mr Aboukhadijeh. While most websites are currently built using version 4 of the Hyper Text Markup Language (HTML), that code is gradually being superseded by the newer version 5. One big change brought in with HTML 5 lets websites store more data locally on visitors' PCs. Safeguards built into the "local storage" specification should limit how much data can be stored. Different browsers allow different limits but all allow at least 2.5 megabytes to be stored.
A website showing how the bug might work was set up by Mr Aboukhadijeh
However, Mr Aboukhadijeh found a way round this cap by creating lots of temporary websites linked to the one a person actually visited. He found that each one of these associated sites was allowed to store up to the limit of data because browser makers had not written code to stop this happening. By endlessly creating new, linked websites the bug can be used to siphon huge amounts of data onto target PCs. Only Mozilla's Firefox capped storage at 5MB and was not vulnerable, he found. "Cleverly coded websites have effectively unlimited storage space on visitor's computers," wrote Mr Aboukhadijeh in a blogpost about the bug.
Code to exploit the bug has been released by Mr Aboukhadijeh and he set up a website, called Filldisk that, on vulnerable PCs, dumps lots of images of cats on to the hard drive. So far, no malicious use of the exploits has been observed. In a bid to solve the problem, bug reports about the exploit have been filed with major browser makers.
BBC News - Web code weakness allows data dump on PCs
As mobile devices become more common, cybercriminals see them as having huge profit potential, and aim to gain access to the users confidential personal and financial information. Mobile applications are the primary way users access information via mobile devices, and as a result the majority of mobile malware is embedded in applications that once downloaded on the device can gain access to valuable information. But, creating policies and understanding the risk of mobile malware can often be easier said than done.
Join Saj Sahay for an interactive 30-minute webcast where he will discuss the mobile malware landscape and how organizations can limit their risk.
Participants of this webcast will learn:
Key types of mobile malware
Trending and growth of mobile malware
A simple, three step approach to limit the risk to your organization
MORE
A zombie computer is one that has been hijacked by someone else and carries out instructions in the background, such as taking part in a DDoS attack, sending out spam, or spreading malware. In the case of a DDoS attack, the computer receives the name of the target Website and instruction on when to begin the attack. While there are many ways a computer can become a zombie, the most common is via a Trojan installed on the system when a malicious email attachment was opened. The Trojan runs quietly in the background and opens a backdoor to allow the attacker access, or just waits for instructions. The entire point of the zombie is to be stealthy so that you dont find and remove the infection. Since you likely dont even know that your computer is engaged in any illicit activities, its even more difficult to figure out that it is actually a zombie.
Sure, there may be some hints, such as unexplained error messages and computer crashes. In the case of the spam-sending zombie, you may find unfamiliar messages in the outgoing mail folder. Perhaps the computer is really slow or the network feels really sluggish even though you dont have a lot of programs open. These indicate some kind of a malware infection, not necessarily of a zombie. Still, its a good first step to run an up-to-date antivirus or anti-spyware tool to try to remove the malware. Some malware variants disable antivirus or block it from running. If that is the case, try several different antivirus scanners to find one getting past the malware and cleaning up the infection.
The most thorough way to clean up an infection is to do a system wipe, reinstall the operating system, and restore from backups. Running a security software product to detect and remove the infection is still worth a try. A personal firewall software is also useful. Firewalls act as filters between the computer and the Internet, and block unknown traffic from entering the computer. Personal firewalls also track what kinds of communications are leaving the computer. By setting the firewall to the maximum level, you can track all incoming and outgoing traffic.
By keeping a close watch on the network requests, you can create a short list of potential zombie programs. If there are repeated requests from the same application to a handful of destinations, chances are you have uncovered the zombie process. At this point, its just a matter of removing and uninstalling that malicious program. This frequently becomes a multi-restart process because malware tends to travel in packs and several variants are expected to be on the same computer. The best defense against zombie infections is to focus on prevention. Dont click on file attachments, especially if you arent expecting something and there is nothing in the email to indicate it is legitimate. It may be worth just picking up the call and verifying that attachment was sent on purpose. Keep the operating system, software, Web browser, and security software up-to-date. Run the security software before opening up a file attachment. Dont let that malware get on the computer and turn you into a zombie in the first place.
Is Your PC a Zombie? - ZoneAlarm Blog
Instead of a legitimate statement, the attachment contains malware that if opened, automatically executes, infects your computer, and renders it under the control of a larger bot network. The malware can open network ports, steal user credentials, such as logins and passwords, and act as a self-propagating spam bot ready to execute any new attack instructions and spread malicious emails to other targets a unique aspect of these attacks.
These attacks are variations of a similar one that was conducted last year, and take advantage of a vulnerability in Microsofts Windows Common Controls as described in CVE-2012-0158. The attack can successfully infect both Windows 7 and Windows XP platforms.
Bank-related phishing e-mails remain popular. We all notice a message from our bank, and we are likely to feel a sense of urgency to click or act fast. Remember not to open attachments from unsolicited emails from your bank or other organizations. When you receive a suspicious e-mail in your inbox, always be wary, and when in doubt, use the phone and call your bank. Also, make sure your security software is running and up to date. Stay safe!
Another Round of Email Phishing Attacks: Don?t Get Hooked! - ZoneAlarm Blog
Since I have used norton on this computer it has lasted longer than any of my others I have owned.
Deniss Calovskis, soft-spoken and bespectacled, pleaded guilty in Manhattan to conspiring to commit computer intrusion. The 30-year-old hacker faces a likely prison term of between 18 months and two years at a December sentencing, according to the terms of a plea deal with the US government.
Before the plea, he had faced charges that could have carried a prison term of up to 67 years upon conviction. Calovskis admitted that he was hired to write code for the Gozi virus. “I knew what I was doing was against the law,” Calovskis told a magistrate judge. Arrested in Latvia in 2012, he was not extradited to the US until February.
1 MILLION COMPUTERS
Prosecutors said the virus from 2005 to 2012 infected more than 1 million computers worldwide and 40,000 in the US, including 190 at NASA.
Computers were also damaged in Germany, Britain, Poland, France, Finland, Italy, Turkey and elsewhere.
When US Attorney Preet Bharara announced arrests in the case in 2013, he said that it was a “wake-up call to banks and consumers” needing to know that the threat of cybercrime was not going away. A 25-year-old Russian, Nikita Kuzmin, pleaded guilty to computer intrusion and fraud charges in Manhattan in May 2011, admitting his role in creating the virus.
Latvian man pleads guilty to generating ‘Gozi’ computer bug - Taipei Times
Just when the world was catching a breather for WannaCry ransomware, another one has come knocking at the door. A new malware dubbed as Fireball has infected millions of computers globally. A Security Firm, Check Point has recently warned of the possibility of a massive outbreak. An adware called ‘Fireball’ may have infected over 250 million PCs around the world. It’s a malware designed to hijack browsers to change the default search engine, and track their web traffic on behalf of a Beijing-based digital marketing firm called Rafotech. Maya Horowitz, the head of Check Point research team, said: “A quarter-billion computers could very easily become victims of real malware, It installs a backdoor into all these computers that can be very, very easily exploited in the hands of the Chinese people behind this campaign.”
Who’s effected from Fireball Adware?
Check Point reported 250 million PC infection by looking at the Alexa traffic, but the security firms fears that the number is much bigger. There’s a possibility that they have missed some domains, and therefore undercounted. Based on analysis of its own network of clients, Check Point estimates that one in five corporate networks globally have at least one infection. But only a fraction of those victims, around 5.5 million PCs, are in the US. Far worse hit are countries like India and Brazil, with close to 25 million infected machines each.
How serious is the Hack?
Fireball installs plugins to boost the ad network for Rafotech’s bogus search engines, all this for generating ad revenue for the firm. That is not all; there is a possibility of greater wickedness as the malware can run any code on the infected device. It can lead to a wider harm as Rafotech could steal confidential information from the infected systems and install additional malware to run codes on the networks of big organizations. Check Point’s Horowitz warns: “Something behind this is fishy, and the intentions of the developers aren’t only to monetize on advertisements. We don’t know their plan, and if there really is one. But it looks like they want to have the opportunity to take it to the next level. And they can.”
How to be Safe?
The best option is to avoid such ads which are of no use and keep poping-up on your screen. But avoiding the ads is just not the only and best solution. Keeping your data encrypted and your original IP invisible is the best option. This can only be achieved with a VPN. A VPN provider that offer built-in ad blocker should be the first choice.
Dangerous Fireball Adware Infected 250 Million PCs Around The World | OneVPN
News of Hutchins’ detention came as a shock to the cybersecurity community. Many had rallied behind the researcher whose quick thinking helped control the spread of the WannaCry ransomware attack that crippled thousands of computers. Hutchins was detained in Las Vegas on his way back to Britain from an annual gathering of hackers and information security gurus. A grand jury indictment charged Hutchins with creating and distributing malware known as the Kronos banking Trojan.
Such malware infects Web browsers, then captures usernames and passwords when an unsuspecting user visits a bank or other trusted location, enabling cybertheft. The indictment, filed last month in a Wisconsin federal court, alleges that Hutchins and another defendant — whose name was redacted — conspired between July 2014 and July 2015 to advertise the availability of the Kronos malware on Internet forums, sell the malware and profit from it. The indictment also accuses Hutchins of creating the malware.
Authorities said the malware was first made available in early 2014, and “marketed and distributed through AlphaBay, a hidden service on the Tor network.” The US Department of Justice last month announced that the AlphaBay “darknet” marketplace was shut down after an international law enforcement effort. Hutchins’ arraignment was postponed on Thursday in US District Court in Las Vegas by a magistrate judge who gave him until yesterday afternoon to determine if he wants to hire his own lawyer. Hutchins was in Las Vegas for Def Con, an annual cybersecurity conference that ended on Sunday. On Wednesday, Hutchins made comments on Twitter that suggested he was at an airport getting ready to board a plane for a flight home. He never left Nevada.
Jake Williams, a respected cybersecurity researcher, said he found it difficult to believe Hutchins is guilty. The two men have worked on various projects, including training material for higher education for which the Briton declined payment. “He’s a stand-up guy,” Williams said in a text chat. “I can’t reconcile the charges with what I know about him.” A justice department spokesman confirmed the 22-year-old Hutchins was arrested Wednesday in Las Vegas. Officer Rodrigo Pena, a police spokesman in Henderson, near Las Vegas, said Hutchins spent the night in federal custody in the city lockup.
Hacker who helped control WannaCry arrested in Nevada - Taipei Times
Marcus Hutchins, 23, gained international celebrity status within the hacker community in May when he was credited with neutralizing the global "WannaCry" ransomware attack. His attorney, Adrian Lobo, told reporters he would not be released on Friday because the clerk's office for the court closed before his defense team could post the bail.
Judge Nancy Koppe dismissed a federal prosecutor's claim that Hutchins was a flight risk. If released, Hutchins will be barred from computer use or internet access. Hutchins was "doing well, considering what's gone on," his defense attorney, Adrian Lobo, told reporters.
She said it was "unexpected in (Hutchins') mind to ever be in this situation." News of Hutchins' arrest on Wednesday shocked other researchers, many of whom rallied to his defense and said they did not believe he had ever engaged in cyber crime.
Islamic State behind Australians' foiled Etihad meat-mincer bomb plot: police
The WannaCry attack paralyzed business and government computer systems across the world by exploiting security flaws first unearthed by the National Security Agency. Among the groups hardest hit were the Spanish telecom giant Telefonica and Britain's health ministry. Hospitals in Britain were forced to turn away patients for multiple days while officials scrambled to regain control of their computer systems. Though the hackers, who are believed to have ties to North Korea, succeeded in upending cybersecurity systems across the world, their efforts to turn it into a money-making scheme largely failed due to their own ineptitude.
For starters, though bitcoin transactions are public, they are also anonymous. The three accounts the hackers set up to receive ransom payments from victims were unable to track who had made the payments, meaning the decryption codes the hackers promised were unreliable, making it less likely victims would be willing to pay the ransom in the first place. Other basic coding errors made some of the system take-overs easily remedied. In another twist, the hackers set up a free email account to communicate with victims that was almost immediately identified by the service provider and shut down.
A programer shows a sample of a ransomware cyberattack on a laptop in May. The hackers behind the WannaCry cyberattack have moved the ransom money from three bitcoin accounts to larger accounts.
In all, the hackers received about $140,000 in ransom money in the form of bitcoin payments. Even that payment was inflated due to the rising value of bitcoin in the months since the WannaCry attack. At the time, they received less than $100,000 in ransom payments. International trackers set up a Twitter account to monitor and report any movement in the three accounts the hackers used. On Thursday, that account noted the accounts were drained and the bitcoins were transferred into larger joint accounts known as mixers. Though the bitcoin can still be tracked, mixers allow users to break up bitcoin transactions into smaller ones that are more difficult to trace.
Europol, the European investigative agency, declined to comment on the status of the WannaCry investigation. The U.S. Justice Department did not immediately respond to comment. On Thursday, authorities in Las Vegas arrested Marcus Hutchins, a British computer security researcher responsible for stopping May's WannaCry attack. An indictment filed in the U.S. District Court in Wisconsin accused him of distributing the banking malware known as Kronos between July 2014 and July 2015, USA Today reported. Hutchins was in Las Vegas for two computer security conferences -- Black Hat and Defcon.
WannaCry ransom money is on the move
