Massive Ransomware attack going worldwide.

by

Massive Ransomware Outbreak

We have an update on this outbreak here. The ransomware is using an NSA exploit leaked by The Shadow Brokers, and has made tens of thousands of victims worldwide, including the Russian Interior Ministry, Chinese universities, Hungarian telcos, FedEx branches, and more. Original article below.

A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica — one of the country’s biggest telecommunications companies — has fallen victim, and its IT staff is desperately telling employees to shut down computers and VPN connections in order to limit the ransomware’s reach.

The culprit for these attacks is v2.0 of the WCry ransomware, also known as WannaCry or WanaCrypt0r ransomware. For those affected, you can discuss this ransomware and receive support in the dedicated WanaCrypt0r & Wana Decrypt0r Help & Support Topic.

WCry ransomware explodes in massive distribution wave

Version 1.0 of this ransomware was discovered by Malwarebytes researcher S!Ri on February 10 and then spotted in a brief campaign on March 25 by GData security researcher Karsten Hahn.

Version 2.0 was detected for the first time around four hours ago by independent security researcher MalwareHunter. The security researcher says the ransomware came out of nowhere and started spreading like wildfire.

In these first four hours, WCry 2.0 made more victims than Jaff, a ransomware spotted this week distributed via the Necurs botnet, the former home of the Locky ransomware. In numbers, in just four hours WCry made 1.5 times more victims than Jaff did all week.

Currently, researchers weren’t able to pinpoint the exact origin of the WCry distribution campaign. At the moment, it could be from malvertising, exploit kits, email spam, or hand-cranked RDP attacks.

Source  https://www.bleepingcomputer.com/news/security/telefonica-tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/

Windows Defender tops AV-Test zero-day malware charts for the 3rd straight month

by

Windows Defender tops AV-Test zero-day malware charts for the 3rd straight month

April 3, 2017

The recent test reports of Security firm AV-Test reveal that Microsoft’s Windows Defender has scored 100% for the 3rd consecutive month when tested for the zero-day malware protection. AV-test tested Windows Defender against current online threats, which involved accessing known malicious websites or e-mails so as to test if the security product is able to ward off attacks practically or not.

AV-TEST Product Review and Certification Report tests for Windows 7 (January and February 2017) and Windows 10 (December 2016) show Microsoft doing a great job and scoring 100% in zero-day malware checks. Here is the analysis.

Windows Defender does a good job for Windows 10 & Windows 7

Not long ago, Windows Defender was so mediocre that it was only considered as the baseline metric in third-party tests. However, analysis of the recent AV-test reports will tell you that Windows Defender has improved significantly in the past 12 months.

For instance, let’s compare the AV-test report for Windows 7, for zero-day malware protection in the past 12 months. In July and August 2016, the Windows Defender scored 95.2% and 86.1% respectively while for the same test conducted this year in January and February, it scored a perfect 100%.

 

Analyzing the results of the third-party suites, some of which charge you money to use them, the likes of AVG Antivirus Business 16, G Data Antivirus Business 14, Intel Security McAfee Endpoint Security 10.2, Seqrite Endpoint Security 17.0 were found to be trailing Microsoft.

On the other hand, Bitdefender Endpoint Security 6.2, F-Secure Client Security 12.30, Kaspersky Lab Endpoint Security 10.2, Kaspersky Lab Small Office Security 10.2, Sophos Endpoint Security and Control 10.6, Symantec Endpoint Protection 14, Symantec Endpoint Protection Cloud 22.8 and Trend Micro Office Scan 12.0 were found as effective as Windows Defender, all scoring 100%.

For Windows 10 users

Comparing the AV-test report for Windows 10, for zero-day malware protection in the past 12 months. Back in March and April 2015, the Windows defender scored a poor 88.9% and 88% respectively. Whereas, in November and December 2016, it scored 97.9% and 100% respectively showing a remarkable improvement.

Third-party suites like AVG Antivirus Business 2016, Bitdefender Endpoint Security 6.2, G Data AntiVirus Business 14 and Intel Security McAfee Endpoint Security 10.2 were found to be less effective dealing with zero-day malware protection when compared with the Windows Defender.

While, F-Secure Client Security 12.2, Kaspersky Lab Endpoint Security 10, Kaspersky Lab Small Office Security 5, Seqrite Endpoint Security 17, Sophos Endpoint Security and Control 10.6, Symantec Endpoint Protection 14 and Trend Micro Office Scan 11 were at par with the Windows Defender, all scoring 100%.

Can you consider Windows Defender against top third-party antivirus suites

The results from the AV-tests shows that Windows Defender has improved a great deal in moving from the lower bottom levels in the last 6-12 months. Although it has still more ground to cover before it can challenge the top security vendors who offer a better overall protection, you can surely rely on Defender to provide more than average class protection.

source

Windows Defender tops AV-Test zero-day malware charts for the 3rd straight month

 

 

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

by

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

This entry was posted in General Security on April 14, 2017 by Mark Maunder   62 Replies

This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers: 

There is a phishing attack that is receiving much attention today in the security community.

As a reminder: A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be trusted. Merely visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing.

This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.

 

Read More

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

SPAM Campaign Underway that uses Encrypted Word Docs to Install Ursnif

by

A large SPAM campaign is underway where victims receive an email that pretends to be a requested invoice and contains a password for a password protected encrypted Word document attachment. These password protected word documents contain embedded VBScript files that will download and install the Ursnif keylogger.

When Word documents are password protected, they also become encrypted. Malware distributors are hoping that by sending these encrypted Word documents they will be harder to detect by security software. You can see an example of one of the malicious SPAM emails that was provided to me by Zenexer.

Read More. https://www.bleepingcomputer.com/news/security/spam-campaign-underway-that-uses-encrypted-word-docs-to-install-ursnif/

 

 

Skype users hit by ransomware through in-app malicious ads

by

Several users have complained that ads served through Microsoft’s Skype app are serving malicious downloads, which if opened, can trigger ransomware.

News of the issue came from a Reddit thread on Wednesday, in which the original poster said that Skype’s home screen — the first screen that shows up on consumer versions of the software — was pushing a fake, malicious ad, purporting to be a critical update for the Flash web plug-in.

According to the thread, the ad triggered a download of an HTML application, designed to look like a legitimate app. The app, when opened, would download a malicious payload, which locks the user’s computer and encrypts its files for ransom.

Many other users in the past few days have also complained of similar issues with Skype’s in-app ads, with at least two other people having the same “fake Flash” ad into Thursday.

Knowing it was malicious, the user didn’t run the app but instead deconstructed and posted the code…

Read more: Skype users hit by ransomware through in-app malicious ads | ZDNet

Consumers Warned About Tech Support Phone Scam

by

http://abcnews.go.com/WNT/video/consumers-warned-tech-support-phone-scam-45260617

 

How to avoid tech support scams

If you fall for it and download whatever software the crooks give you, they can then secretly track everything you do on that device — just waiting for you to enter any password or payment information that they can steal.

On top of that, once you give the scammers remote access to your computer, they can then hold it ransom until you pay them a large sum of money — which may or may not actually get you your device back.

These scams have become such a big threat that the FTC now has a page on its site dedicated specifically to informing consumers about tech support scams. And since it can be difficult to determine whether an update or alert is legitimate, the FTC has provided some tips on how to spot this type of scam, how to avoid it and what to do if you think you’ve been a victim.

Here are some common tactics a scammer may use to try to get money and/or sensitive information from you:

  • ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable
  • try to enroll you in a worthless computer maintenance or warranty program
  • ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free
  • trick you into installing malware that could steal sensitive data, like user names and passwords
  • direct you to websites and ask you to enter your credit card number and other personal information

What to do if you get a call from someone claiming to be from tech support:

  • Don’t give control of your computer to a third party who calls you out of the blue.
  • Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. They may appear to be calling from a legitimate company or a local number, when they’re not even in the same country as you.
  • Online search results might not be the best way to find technical support or get a company’s contact information. Scammers sometimes place online ads to convince you to call them. They pay to boost their ranking in search results so their websites and phone numbers appear above those of legitimate companies. If you want tech support, look for a company’s contact information on their software package or on your receipt.
  • Never provide your credit card or financial information to someone who calls and claims to be from tech support.
  • If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you’re concerned about your computer, call your security software company directly and ask for help.
  • Never give your password on the phone. No legitimate organization calls you and asks for your password.
  • Put your phone number on the National Do Not Call Registry, and then report illegal sales calls.

Top Ten Infected Cities-Computer Repair San Antonio

by

If you are looking for the best Virus Removal in San Antonio Texas and surrounding areas like Live Oak, Converse, Windcrest, Selma and Schertz consider SAPC Upgrades for affordable fair priced Virus Removal.

 

Do you live in one of the top ten most infected cities?  The answer is YES

Webroot conducted a survey and found the most infected cities in the U.S. The survey found that the numbers do not reflect density. New York, which is the most densely populated city in the U.S. is not on the list.

The research included PC’s, laptops and smart phones. And it also found that these infected devices had an average of 6 to 24 pieces of malware installed.

“Our most infected cities list shows that cybercriminals have no geographical bias,” said David Dufour, senior director of engineering at Webroot. “Whether you live in a big city or small town, from east coast to west coast and everywhere in between, you are susceptible to being a victim of malware. It is in everyone’s best interest to run a security solution on their personal device, and to make sure that all security software subscriptions are current.”

So what are the most infected cities? Here is the top ten:

• Houston – 60,801
• Chicago – 49,147
• Phoenix – 42,983
• Denver – 39,711
San Antonio – 39,646
• Dallas – 37,630
• Los Angeles – 34,050
• Las Vegas – 31,836
• Minneapolis, Minn. – 28,517
• Charlotte, N.C. – 27,092

We advise that all users practice safe surfing. Those safety measures include having up to date security software, use strong passwords, avoid public wi-fi, and store your personal information and important documents in the cloud

Best of all have image backups on an EXTERNAL drive done on a monthly basis.

Contact Us today for Virus/Malware prevention and clean up 210-549-6477

MasterCard Email Phishing Scam Making the Rounds

by

Consumers need to be aware of a phishing scam that is making the rounds this holiday season.

Microsoft and MasterCard are warning users of a scam that could lead to Cerber ransomware. The scam email is supposedly from MasterCard telling the potential victim that they need to click on an attachment to avoid an unwanted charge.

The email comes with a set of instructions to open the attachment supposedly coming from Microsoft. The attachment is a Microsoft Word document. The instructions are to tell the victim how to deal with the Macro.

The email has a hint of validity as it bears a Microsoft logo. However, the MasterCard component is riddled with typos and punctuation errors.

“There are some social engineering flaws in the attack emails. In our sample, the sender address does not spoof MasterCard or a bank, making it much less convincing. Also, the apparent use of automated code to copy the recipient local-name to the salutation section of the message and the file name of the attached document is a giveaway,” Microsoft wrote.

The email is well crafted in that it uses the actual victims name in a few places. Also, the attachment is password protected which Microsoft’s researchers said it may also make the document appear more legitimate to the target.

Source: SCMagazine 

Source: Majorgeeks.com