Monthly Archives: March 2015

Viruses, Spyware, Malware, etc. Explained

Omerta Information Security – Rotterdam, The Netherlands

logo_3D

 

 

 

 

 

 

 

 

 

Makeuseoff has a pretty cool article explaining Viruses, Spyware and Malware. If you care about your privacy or security you better read this! Thx to Bryan Clark.

 

When you start to think about all the things that could go wrong when browsing the Internet, the web starts to look like a pretty scary place. Luckily, Internet users as a whole are getting far more savvy, and better at recognizing risky online behavior.

While pages with a dozen download buttons – or auto-checked boxes that tricked us into downloading things we didn’t want – are no longer quite as effective as they once were, that doesn’t mean there aren’t hackers out there right now trying to come up with new methods of deception. In order to protect ourselves from these threats it’s important to understand just what they are, and how they differ.

Let’s dive in.

Understanding Online Security Threats and How They Differ

Malware

may-harm-computer-warning

Malware is short for malicious software. This means that while most of us refer to these threats as viruses, the correct catch-all term should indeed be malware. Malicious software comes in many forms, but malware itself is a general term that could be used to describe any number of things, such as viruses, worms, trojans, spyware, and others. In short, it’s a program or file with bad intentions, the nature of which could encompass just about anything.

Luckily, malware is exactly what all of the most popular antivirus programs are looking for. Getting affected by malware happens, and it doesn’t have to be catastrophic. Learn the right protocol for dealing with malware, and how to avoid it in the first place for the safest browsing experience.

Viruses

virus-abstract

Viruses consist of malicious code that infects a device after you install a software. Typically this infection happens through USB drives, Internet downloads, or email attachments, but it can happen in numerous other ways as well. It’s important to note that the infection doesn’t actually occur just from having the infected files on your computer. The infection happens once the program runs for the first time, whether through Autorun, a manual install, or an executable file that the user opens.

Once opened – or run – the infection happens. From that point, it can be very difficult to find and rid yourself of the virus due to the nature in which it works. While actual details are virus-specific, they tend to replicate themselves and infect the file system of the device they reside in by spreading from file to file before they are inevitably – and usually unknowingly – passed on to another machine.

Unlike other threats, viruses have no other purpose than attempting to render your computer inoperable. Some of them have been particularly good at it. Most others are quite weak and easy to detect.

Oh, and it should be pointed out – due to popular opinion – that Macs aren’t immune to viruses.

Adware

pop-up-ad-illustration

While relatively benign in most cases, adware might be the most annoying of the threats we’ll talk about today.

Adware is bundled with otherwise legitimate apps or software, which makes initial detection somewhat difficult. A common example is the checkbox at the bottom of a download link (often pre-checked) that asks if we want to “Include X for free” – well, “X” is often the program containing the adware. This isn’t a hard and fast rule, but it’s not uncommon. If you aren’t sure what these additional programs are, or how they function, don’t download them.

Adware infections are also possible through no fault of our own. Recent stories detail at least one major manufacturer including adware – or an adware-like browser hijack – in their computers by default. While Lenovo, and Superfish are the exception, rather than the rule, it’s important to note that these threats happen and often times there isn’t much we can do about it.

Trojans and Backdoors

hacker-access-granted

Trojans were named after the Trojan Horse, which was a giant wooden horse used to conceal Greek soldiers as they entered Troy during the Trojan War. History lesson aside, this is the same way that a trojan damages your computer. It hides malicious code inside a seemingly innocuous program or file in order to gain access to your machine. Once inside, the program installs itself on your device, and communicates with a server in the background without your knowledge. This gives an outside party access to your computer through what’s commonly referred to as a backdoor.

While giving an outside party access to your computer is scary in and of itself, the implications of what they could be doing with this access is even scarier. What complicates matters is the small footprint that these backdoors leave, which keeps the user completely in the dark that any privacy breech is even occurring.

One benefit of a backdoor is the nature in which they operate. Since the hacker must connect to your machine remotely, they won’t be able to do this if you disable the Internet connection while you attempt to locate and remove the malicious code.

Spyware

toolbar-spyware

Spyware is the most common piece of badware on the Internet. While it’s quite deceptive in nature and a major annoyance, most spyware is relatively harmless. Typically, spyware is used to monitor browsing behavior in order to better serve relevant ads. What makes it bad is how these companies go about collecting your data. Rather than relying on tracking pixels – or cookies – like most major companies, spyware acts like more of a trojan in that you install it and it communicates data from your computer back to a server, all while most of us are completely oblivious to its presence in the first place.

Other, more malicious forms of spyware, are far more dangerous. While typical spyware is mostly used for ad-serving purposes, malicious spyware communicates sensitive data back to another user, or a server. This data can include emails, photos, log files, credit card numbers, banking information, and/or online passwords.

Spyware is most often downloaded by the user as part of an add-on to a legitimate download (such as a toolbar) or included as part of a freeware or shareware program.

Scareware and Ransomware

scareware-winpc-defender

Scareware and ransomware differ in their approach, but the end goal for both is to collect money by manipulating the user into believing something that’s often untrue.

Scareware most often takes the form of programs that pop up and tell you that your computer is infected with some sort of malware. When you click to remove the (often) multiple instances of malware, you are forced to pay to purchase the full version before the program can clean your system and rid it of the infections or threats.

Ransomware operates a bit differently in the sense that after the malicious software is installed, it’ll often lock down your system outside of a window that allows you to pay the ransom in order to regain use of it. While ransomware is generally among the easiest threats to remove, it can be quite scary for a non-savvy computer user. As such, many believe that they must give in and pay the ransom in order to regain control of the machine.

Worms

dual-monitor-crash

Worms are by far the most damaging form of malware. While a virus attacks one computer and relies on a user to share infected files in order for it to spread, a worm exploits security loopholes in a network and can potentially bring the whole thing to its knees in a matter of minutes.

Networks with security vulnerabilities are targeted by introducing the worm into the network and allowing it to pass (often unnoticed) from computer to computer. As it passes from one device to another, the infection spreads until each machine is infected – or – the worm is isolated by removing the infected machines from the network.

Unnamed Exploits, Security Flaws and Vulnerabilities

No matter how competent the developer, every program has security flaws and vulnerabilities. These security flaws allow hackers to exploit them in order to gain access to the program, alter it in some way, or inject their own code (often malware) within it.

If you were ever wondering why programs had so many security updates, it’s because of the constant cat and mouse being played between developers and hackers. The developer attempts to find, and patch, these holes before they’re exploited, while the hacker attempts to exploit security flaws before they’re discovered and patched by a developer.

The only way to stay even remotely safe from these exploits is to keep your operating system and each of your programs up-to-date by installing updates as they become available.

Staying Safe Online

computer-keyboard

If you’re using the web, there’s no foolproof method to avoid all online threats, but there are certainly things you can do to make yourself safer.

Some of these are:

  • Keep your operating system and each of your programs up-to-date by downloading updates as they become available.
  • Install a good antivirus program and keep the virus definitions up-to-date.
  • Utilize a firewall that monitors both inbound and outbound traffic. Keep an eye on the flow of this traffic to help to detect the presence of threats that may be communicating with outside servers.
  • Avoid unsafe downloads from unknown and untrusted sources.
  • Use your antivirus program, or a malware detection program to scan suspicious links before opening them.
  • Avoid pirated software.

Again, if you spend any portion of your time on the web, it’s unlikely that you can completely protect yourself from all the badware out there. While infections and exploits can – and do –  happen to anyone, I don’t think any of us would argue that we could stay a little safer with subtle changes in our browsing or computer use habits.

What are you doing to keep yourself safe from threats and exploits online? Are there any specific programs or apps that you use for online security? Please help keep the rest of us safer online by sharing any tips you have in the comments below!

We are constantly searching for great articles online, If you have any suggestions, please feel free to contact us by email       info   @   omertasecurity  .   com

Keep you all posted!

Omerta Information Security Team

 

 

Malware, ransomware and removal tips: Remove PacMan Ransomware

Omerta Information Security – Rotterdam, The Netherlands

 

41870204

 

Yellow nightmare

 

Ransomware is pretty popular these days, University’s and schools are getting ransomed, several local governments in the netherlands where doomed. This is getting pretty annoying!
Latest tip for removing ransomware is about the Pacman ransomware, here is how you do it. ( with thx from the boys from pcthreatsecurity.com )

 

pacman

 

Remove PacMan Ransomware: Easy Steps to Remove PacMan Ransomware Spyware and Adware from Windows PC

PacMan Ransomware

PacMan Ransomware is a nasty malware ransomware infection that gets intruded in the compromised System through phishing techniques such as spam emails, bundling and so on. On infection, this vermin will lock the computer screen and will ask to pay some amount to unlock and decrypt the files. User are offered a 24 hours time to make the payment however the performance of PC still remains the same even after the money is paid.

The main aim of PacMan Ransomware is to cheat and misguide the innocent users for money. Important settings and features such as default browser, homepage, search engine etc gets totally ruined. At the beginning, this vermin might even do a fake scanning whose reports say that System has been infected with several malware infections. Users will be forced and misguided to buy the offered programs which are actually useless and has nothing to do with the actual performance of PC. Hence it is strictly advised to get rid of PacMan Ransomware at the quickest.

“Delete PacMan Ransomware Instantly to Avoid any serious damages on infected computer. Click on Download button to Scan and find out infectious files”

Infected Symptoms of PacMan Ransomware

Presence of PacMan Ransomware on Windows system arise lots of annoying problems for users. It is very necessary to instant detect for the infected program and eliminate it. But most of the users fails to know that Windows computer has injected by any harmful parasite that can lead to big issues if remains for longer time. Below are some of the common symptoms that you have to face because of installed PacMan Ransomware threat:

  • Frequently you have to face annoying error messages on display screen
  • Computer crashes repeatedly with automatic restart process
  • Many of the programs and application automatically disappears
  • You will see many of the strange icons that you have never installed
  • It gets difficult to access drives or any storage devices
  • Some of the security websites are not allowed to open
  • You will not be able to print any document with infected computer
  • People in your chat list get messages containing harmful virus without your permission
  • It is not possible to update any anti-virus program
  • And many others

How to Remove PacMan Ransomware Instantly from Windows System? 

The step by step guide of the effective and powerful Spyhunter application helps you easily detect and remove ec.jcoffer.com pop-up popup from Windows system. It make use of sophisticated and advance programming logic that helps users to get rid out of the problem without any effort.

Step 1: At first Download PacMan Ransomware Removal Tool

Step 2: After successful installation, you need to launch the software and click on “Scan Computer Now” button

Step 3: In this step, you will view list of infected file in thumbnail format and can also delete all the threats in simple mouse click

Step 4: Spyhunter Software offers you to scan registry, cookies, files and memory

Step 5: “System Guard” feature of the Software helps you to protect from future malware attack and run time protection

Step 6: You can also make use of “Scan Scheduler” feature that will help you automatically scan on daily, weekly or monthly as per your choice.

“Delete PacMan Ransomware Instantly to Avoid any serious damages on infected computer. Click on Download button to Scan and find out infectious files”

 

How to Delete PacMan Ransomware using Manual Procedure? 

Method for removal of PacMan Ransomware proves risky in many of the situation. It process is very cumbersome and requires lots of technical knowledge to complete the entire process successfully. A minor change in system files and registry entries can tend to big issues such as deletion of important files, system crashes and many others. If you are novice then it is suggested to avoid going through the manual process for safe and effective PC running.

Step 1: Continuously press F8 button to start computer in Safe Mode

F8 button

Step 2: Now Select “Safe Mode with Networking using down arrow key

Safe-Mode-with-Networking

Step 3: Press Ctrl+Alt+Del to start Windows task manager and delete PacMan Ransomware related process

windowstaskmanager

Step 4: Next type regedit in run Windows

run-regedit3

Step 5: Eliminate all the registry entries related with the process

registory Editor

Step 6: In final step search for all the PacMan Ransomware associated files and remove them permanently

Note: Before going through manual removal guidelines, make sure that you can handle any problematic situation to avoid any data loss or computer damage issues. You can easily get rid of ec.jcoffer.com pop-up popup using expert’s recommended Spyhunter removal tool that will perform all the tasks in quick time and without your any effort.

“Delete PacMan Ransomware Instantly to Avoid any serious damages on infected computer. Click on Download button to Scan and find out infectious files”

 

Succes!

Keep up all posted,

 

Omerta Information Security Team

 

 

Damn good tool by Dvasive– John McAfee

Omerta Information Security – Rotterdam, The Netherlands

 

41870204

 

For the lovers and the Haters, but seriously this is the pretty cool to have tool!

 

dvasive

 

Stop Being Spied On!

Everyday more and more invasive apps are being released. These invasive apps want to silently turn on your microphone to record your voice as well as turn on your camera to video record your activities.
D-Vasive operates in a unique way, allowing you complete control in managing your internal hardware. So that way, when a potential malicious application tries to open your Camera, Mic, Bluetooth or WiFi and spy on you, D-Vasive lets you know, and lets you completely lock them down.

 

NOTIFICATION

Alerts when your Camera, Mic, Bluetooth or WiFi are activated by another app. Flag various services to receive visual and audio alerts when apps attempt to access them.

SECURITY

Lock your Camera, Mic, Bluetooth and WiFi so nothing can access them. With a touch, instantly disable all of the above hardware devices that might otherwise compromise your privacy!

APP SCAN

Scan and list installed and system (pre-installed) apps on your phones, showing you what permissions each app requires and how they affect the security of your privacy.

PROXIMITY

Click the notification and D-Vasive runs a Proximity Scanner, notifying you which app is accessing your Camera, Mic, Bluetooth and WiFi.

Try it before you buy it and get in control!

If you want to scare the sh*t out of somebody download the app in de Google play store for your android device. Have some fun, and you’ll see how often your camera or microphone is opened even if you closed all the programs. The program will give you a pop-up and alarm you when the Mic or camera is opened without permission.
try it out on Dvasive.com for PC or Android, oh almost forgot….and all have greetings from Uncle John!
CAqjTuLUUAAi9p0.png-large

 

Malware, ransomware and removal tips: Removal, detection and Prevention

Omerta Information Security – Rotterdam, The Netherlands

 

rkth

 

We found a great page on neweggbusines.com about removal,detection and prevention.

 

Research shows that encounters with ransomware—a type of malware that locks out users form a computer or mobile phone it infects and demands a ransom paid to the creator—is on the rise, especially in the U.S.  One example is when hackers infected a Detroit municipal database last year, demanding thousands of dollars in Bitcoins for the City to regain access. Here we’ll show you how to prevent and detect a ransomware attack, and actions you can take if you think you have been infected.

Identifying ransomware

Not all ransomware locks down your system or encrypts your files. Rather, hackers hope to trick users into paying ransoms by stating they have been viewing illicit content, or illegally obtaining copyrighted information. Sometimes the message bears a phony stamp of a law enforcement agency.

FBI warning

More serious variants of ransom may encrypt victims’ files. These are certainly less discreet than a fake warning from law enforcement. “Ransomware isn’t going to have tell-tale giveaways,” says Tyler Moffitt, senior threat research analyst at Webroot. “It isn’t trying to hide—it will make itself known as soon as it’s done encrypting your files or locking your device. Its purpose is to make itself and its actions known to you as quickly and as effectively as possible.”

“The only real protection users have are up to date antivirus and a good backup solution.”

Ransomware can gain access into a computer or mobile phone’s system when the user mistakenly downloads it, thinking it is valid file. Some hackers hide files on torrent sites. Other times they may appear as phony software update pop-ups, as is the case with a common variant affecting mobile phones called ScarePackage, which poses as an Adobe Flash update. Like nearly all malware, ransomware finds its way into a computer system through the user.

Ransomware removal 

Unknown

Once ransomware locks a mobile phone or computer, it is very difficult to regain access. “You are forced to deal with the malware by either paying them or dealing with the loss of your files if you decide to just wipe the device,” Moffitt says. “Since most users have a strong attachment to their computer and files the ransom payment is in a good position to be strongly considered.”

It’s a sticky situation that is further exacerbated by ransomware price schemes that start relatively low (sometimes around $200, Moffitt says) and can double as each day passes.

This might be a stressful situation, but do not pay the fine. Remove your Ethernet cable to protect other devices on your network.  If you have a malware removal program, start Windows in safe mode and run a scan.  If you do not have one, or are locked out of Windows and cannot install one, follow these steps:

  1. Download antimalware software to a different computer and create a CD, DVD, or USB flash drive for it.
  2. Insert the flash drive or CD in the infected computer and start your PC in safe mode. Run your antimalware software in offline mode.
  3. Follow the onscreen prompts to clean your PC.

If these steps do not work, you will need to wipe your computer and restore your PC from a backup.

Ransomware prevention

As with preventing any sort of malware, a common sense approach works best. First and foremost, back up your files.  Make sure you are using a supported operating system (read: not Windows XP) and you keep all your software up to date.

Keep you all posted!

Omerta Information Security team

Malware, ransomware and removal tips: RSA 2048 Ransomware

Omerta Information Security – Rotterdam, The Netherlands

 

twitter-malware

 

Nothing as annoying as a pc with non removable pop ups or even worser, Ransomware that hijacks your computer by encrypting files. There are numerous examples of Malware  all with different purposes. One more effective or dangerous than the other, but you can be sure that the hackers are trying to let you pay for your files or trying to fool you buying fake antivirus software.

Today we found a post from antivirus gateway.com with a very good explanation of:

How to Effectively Remove Ransomware RSA-2048?(Browser Hijacker Removal Guide)

Are you annoyed by numerous pop-up ads from Ransomware RSA-2048? Have you tried several ways to remove this adware from your computer but all in vain? Are you still looking for an effective solution to solve this problem? If so, read this post and you will get useful removal guides to effectively remove Ransomware RSA-2048 from your computer.

What is Ransomware RSA-2048?

Ransomware RSA-2048 is what’s known as a “rogue antivirus” tool, which has been designed with the sole intention of trying to scam you into buying false products online. This is essentially a virus which will install itself on your PC, and then proceed to heckle you into purchasing the full version of the software. Although this virus is extremely annoying, it’s also potentially damaging to your computer as well, as it will often install a series of “key logger” programs onto your PC which will log your details and Internet activity. Complete removal of this software is paramount if you want to maintain security and the integrity of your system.

Ransomware RSA-2048 is known as a dangerous Trojan virus. Classified as the most destructive group in the computer virus family Win64/zaccess.fo, Trojan virus is one kind of stubborn and nasty virus that can bring fatal damage to your computer. Just like the ZeroAccess rootkit virus, this virus spreads fast through the Internet lately. Win64 ZAccess.a Virus is designed and created by dangerous hackers and become a crime tool by which the hackers can make money or achieve their evil motivation. This destructive virus can sneak into your computer and hides there when you visit illegal websites such as pornographic or violent sites, a behavior of downloading free software or attachment from spam emails may lead to the infection as well. This malicious virus acts rather trickily inside your computer and it’s so stubborn that most of the antivirus can found it out by scanning but none of them are able to have it removed from your system completely.

End Step 1:Remove the add-ons or extensions related to the browser hijacker form your browser
Instructions for Google Chrome:
Open Google Chrome. Click the Three-bars icon on top-right of the browser and select tools from the list, click on the Extensions on the left side of the window. Locate the extension related to the browser hijacker, select it and click on trash icon. Restart the browser to complete the procedure.
remove-add-ons-chrome(1)
Instructions for Mozilla Firefox:
Start Firefox and click on the Firefox button from the top menu. Click on Add-ons to open the configuration window. Click Extensions on the left side of this window. Now find out Ransomware RSA-2048?and other unwanted or unknown extensions from the list. Remove them from the browser and restart the browser to complete the process.
Firefox-add-ons1
Instructions for Internet Explorer:
Start Internet Explorer, click Tools (or gear icon on IE 9), select Manage Add-ons. Find out add-on entries related to the browser hijacker and remove them from the browser. Restart IE to finish the procedure.
IE-Manage-Add-on

How to Remove Ransomware RSA-2048 Virus from Your Computer?

If you are professional in computer knowledge and skill, and you still have a lot of time, you can take this manual way to clean this nasty Ransomware RSA-2048 from your computer. The manual way to delete Ransomware RSA-2048, now follow it.

Step 1 : Find Ctrl, Alt, and Delete these 3 keys and then press them together to open task manager to end the process related to this Trojan, the name of the process of it is random.


Step 2 : Try to find Folder Options in Control Panel, select the View tab, and then tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then click OK.


Step 3 : Open Registry entries. Search malicious files and registry entries related to Trustedupdate.com and then remove all of them.

Delete Ransomware RSA-2048 with SpyHunter

No doubt that manual removal is a quite dangerous and cumbersome task that is not for each one. Not only you need to edit the files, folders and registry entries related to the Trojan, but also you have to be cautious to avoid further man-made damage to your system. To safely and?effectively delete Ransomware RSA-2048, it is recommended to download SpyHunter on your PC. It can free scan your whole system and remove the threat automatically with a few steps.
Step 1: follow the below installation instructions to?download SpyHunter?on your computer.


Step 2: After finishing the installation, run it to perform a full scan of your whole computer to search for the adware.
scan
Step 3: Then check the scan result and click on Remove button to delete the adware rapidly.
s
Step 4: Restart your computer to apply all changes.

 

Have a another look at antivirus gateway.com for more excellent help if you have any other virus here you can find more information and blogs about removing various malware.

 

Have a great malware free day!

Omerta Information Security team

TCP STEALTH, additional security for the internet

41870204

 

 

Internet-Draft TCP Stealth January 2015.

 

Since the complete integrity of the internet infrastructure cannot be assumed, it follows that adversaries may be able to observe all traffic of an Internet host and perform man-in-the-middle attacks on traffic originating from specific clients. Furthermore, on the server side, an adversary looking for exploitable systems should be expected to have the ability to perform extensive port scans for TCP servers. To help address this problem, we propose to standardize TCP Stealth, a stealthy port-knocking variant where an authenticator is embedded in the TCP SQN number.

 

 

TCP Stealth enables authorized clients to perform a standard TCP handshake with the server, while obscuring the existence of the server from port scanners. The basic idea is to transmit an authorization token derived from a shared secret instead of a random value for the initial TCP SQN number in the TCP SYN packet. The token demonstrates to the server that the client is authorized and may furthermore protect the integrity of the beginning of the TCP payload to prevent man-in-the-middle attacks. If the token is incorrect, the operating system pretends that the port is closed. Thus, the TCP server is hidden from port scanners and the TCP traffic has no anomalies compared to a normal TCP handshake.

 

 

The TCP MD5 Signature Option defined in RFC 2385 defines a similar mechanism, except that RFC 2385 does not work in the presence of NATs (RFC 1631) and visibly changes the TCP wire protocol, and can thus be easily detected. While TCP Stealth does not change the TCP wire protocol, the specific method for calculating the authorization token must be consistent across Internet hosts and their TCP/IP implementations to ensure interoperability. By embedding the port knocking logic into the TCP/ IP implementation of an operating system, we minimize the possibility of detecting hidden services via timing attacks, and avoid the pitfalls of applications trying to re-implement TCP in user-space. Implementors MUST make sure that the response to a connection request with wrong ISN value does not differ in any way from the response to a connection request to a closed port. read further : http://www.ietf.org/id/draft-kirsch-ietf-tcp-stealth-01.txt

Remo Hardeman
CEO Omerta Information Security