Virus/Malware/Worms Archive

« Older Entries

‘FBI Virus’ Infects Monroe Residents’ Computers

Posted May 17, 2013 By National Cyber Security
Adam Gitow, owner of Computer Works in Monroe, works on a computer infected with the 'FBI Virus.'

A growing number of people are turning on their computers only to have what looks like an FBI webpage come up and effectively lockdown their machine. Those with a camera on their monitor see live video of themselves seated at their desks, and a message informs them they are in violation of U.S. codes or, worse, that they were involved in criminal activity — typically involving child pornography.

The only function their computer allows them to perform is to use PayPal to send in $300 through MoneyPak in order for their computer to be unlocked.

“It’s a virus,” said Adam Gitow, owner of Computer Works at 483 Monroe Turnpike. “We deal with this all the time. Do not get a PayPal MoneyPak. If you do, you’ve basically bought the virus.”

Though the maker of the virus sometimes pretends to represent agencies such as the Department of Homeland Security or the Department of Justice, Gitow said it’s universally known as the “FBI Virus”.

The FBI seal may look official and the IP address displayed may be correct, but Gitow reminds people that agencies like the IRS, FBI and Homeland Security “will never” contact you that way or via email.

Gitow said the origin of the computer virus is foreign, most likely from criminals in China.

The Monroe Police Department recently received two complaints from residents who fell victim to the scam.

“It’s been out there at least six months and we’ve had 150 computers since,” Gitow said. “But I’m sure it’s more than that.”

Computer Works was fixing a client’s computer with the “FBI Virus” when Gitow was interviewed for this story Thursday.

An Infected Machine

Those who manage to boot their computers in safe mode may be able to do a Windows System Restore — changing their computer’s settings to an earlier time before it was infected with the “FBI Virus”, according to Gitow, who said some make the mistake of doing a factory restore.

Even if that succeeds, Gitow said the computer needs to be attacked with anti-virus software. First, any existing anti-virus software must be either removed and re-installed or new software needs to be installed in its place, he said.

“Once you get a virus, any virus, it renders your anti-virus software useless,” Gitow explained.

“More is not better,” he added of anti-virus software. “They’ll fight each other and it won’t work. You only need one.”

Smart Criminals

When the techs at Computer Works locate and remove an infected file from a computer, Gitow said it has to be connected to another computer as a “slave” to the other machine. Because of self-preservation mechanisms of the virus, Gitow says it can be nearly impossible to fix a computer without the assistance of one that’s not infected.

Gitow said a virus is an executable file.

“It’s not a Word document or an email, but there could be attachments or links that are hijacked,” he said.

Gitow said the “FBI Virus” will eventually run its course, but then it will be replaced by something else.

“The virus writers are so far ahead of the anti-virus software,” he said. “They may be criminals, but they’re smart criminals and they’re always a step ahead. They know all the security holes.”

Avoiding Viruses

“When you’re on the Internet, use your judgement,” Gitow said. “Don’t click on everything you see.”

He said some online content may try to entice people by making free offers.

“Free isn’t necessarily good,” Gitow said. “Watch what you search for and click on. Use good judgement — that’s it in a nutshell.”

 

Source:  http://monroe.patch.com/groups/business-news/p/fbi-virus-infects-monroe-residents-computers

Filed in General, Virus/Malware/Worms

In a sea of malware, viruses make a small comeback

Posted May 17, 2013 By National Cyber Security
pc_virus_worm_trojan_malware_keyboard-100028393-gallery

DG News Service - The computer virus seems to be making a subtle comeback.

The term virus is frequently used as a catch-all for malicious software, but actually describes a very specific type of program that infects files and replicates, noticeable impairing a computer. Most malware these days tries to not be so obvious.

But Microsoft has noticed that viruses — which have been present on around 5 percent of the computers the company regularly polls — have increased in prevalence in some regions, wrote Tim Rains, director of the company’s Trustworthy Computing section.

In the fourth quarter of last year, viruses were present on about 7.8 percent of computers scanned by the company, he wrote. In some locations, such as Pakistan, Indonesia, Ethiopia, Bangladesh, Somalia, Egypt and Afghanistan, the percentage of computers with viruses ranged from 35 to 44 percent, he wrote.

Those developing nations all have a low percentage of broadband connections, which may contribute to those computers having fewer security protections.

“Although we don’t have complete data for all the aforementioned locations, we can see that 30 percent to 40 percent of computers in some of these locations do not have up-to-date real-time anti-virus software installed, compared to the worldwide average of 24 percent,” Rains wrote.

More than 8 million computers worldwide are infected with Sality, a virus that infects files with certain extensions such as “.scr” and “.exe” and can also shut down the processes and services of security software, he wrote. It mostly just affects computers still running Windows XP.

To infect computers, Sality has used a vulnerability that was also targeted by Stuxnet, the malware designed to wreck Siemens equipment used by Iran in its nuclear fuel refinement program.

“Sality’s success proves that file infectors can be still be successful,” Rains wrote. “Unlike viruses from yesteryear, attackers today are trying to steal information, sometimes by turning on computers’ microphones and cameras.”

 

Source:  http://www.computerworld.com/s/article/9239326/In_a_sea_of_malware_viruses_make_a_small_comeback

Filed in General, Virus/Malware/Worms

Why the Shamoon virus looms as destructive threat

Posted May 17, 2013 By National Cyber Security
1368722032000-Shutter-pearlharbor-1305161240_4_3_rx404_c534x401

It’s been nine months since the milestone Shamoon virus wreaked havoc at Aramco. Shamoon was not designed to steal data. Nor was it just another garden variety denial of service attack, intended to disrupt and embarrass. Shamoon’s express purpose was the crippling the Saudi Arabian national oil and natural gas company. It accomplished its mission, destroying data on some 30,000 desktops and servers at the oil company.

The U.S. Departmentof Homeland Security’s National Cyber Security Division has updated its standing alert, specifically recommending that IT organizations implement ways to detect propagation of viruses like Shamoon. CyberTruth asked Gord Boyce, ForeScout Technologies’ CEO, to frame the go-forward concerns:

CT: Why does concern remain heightened about Shamoon?

Boyce: A decade ago, we used to see viruses that were destructive like Shamoon. But by 2004, the people who write viruses shifted their intentions from notoriety to profit. Since then, most viruses have been designed to remain undetected and unobtrusive. The viruses quietly do their work, such as using your computer to send hundreds of spam messages without your
knowledge. Shamoon is a huge departure.

CT: Is there a consensus about who likely was responsible?

Boyce: No. Most security experts believe that the author of Shamoon was politically motivated. Strong anti-American sentiment was evident within the Shamoon code. For example, there was an image of a burning American flag. Some say that the author of the virus intended to send a message to the Saudi government for supporting controversial American foreign policy in the Middle East.

CT: Should the public be concerned that Shamoon’s creators/controllers are likely still active?

Boyce: Yes. After a terrorist event that makes an apparent change in the threat landscape, it is natural and prudent to have a heightened awareness and to exercise defense procedures designed to reduce the risk of a similar event. Shamoon is highly
destructive and an organization infected with this type of malware could experience operational impacts including loss of intellectual property and disruption of critical systems.

 

 

CT: What about copycats?

Boyce: Computer forensic experts who have inspected the Shamoon code have stated that Shamoon was not an especially difficult virus to create, so copycat viruses are quite possible.

CT: How would you summarize the go-forward concerns?

Boyce: Organizations have to assume copycat similar attacks might take place and protect against them. The concern is that from a single computer the virus infection can spread internally from computer to computer. And perimeter defenses like firewalls and network intrusion prevention cannot prevent the spread. Organizations need to upgrade their internal network defenses to
ensure even previously unknown malware cannot spread undetected.

CT: Anything else?

Boyce: Traditional measures such as antivirus are not enough to prevent 100 percent of fast-spreading infections. The main thrust of cyberthreats is continuously shifting inside organizational networks; IT security needs to follow suit, and deploy technologies that effectively address those threats over their internal network.

 

Source:  http://www.usatoday.com/story/cybertruth/2013/05/16/shamoon-cyber-warfare-hackers-anti-american/2166147/

Filed in General, Virus/Malware/Worms

CashU Virus Ransomware Designed to Extort Money from Unsuspecting Computer Users

Posted May 14, 2013 By National Cyber Security

 

 

CashU Virus is a ransomware threat that comes in the form of a message that is based on a local law enforcement agency. The message makes claims to officials detecting illegal activity on a computer and then asks that the PC user pay a fine through the CashU payment system on the Internet.

There are many variations of the CashU Virus where they are all ransomware messages that claim to be police entities in Arab nations or other local providences. CashU is a legitimate only payment system much like PayPal or Moneypak.

The fine asked by CashU Virus and other related ransomware messages is baseless and should never be paid. Even though CashU Virus will lock up a system by preventing access to some programs or the Internet, computer users should never willingly pay the assessed fine. The ransomware threats related to the CashU Virus, such as the CashU Computer Blocked Ransomware, International Cyber Security Protection Alliance Virus, Lebanese Internal Security Forces Virus and the Lebanon Police Ransomware, all share the basic idea of offering CashU as a payment system for collected a fine.

CashU Virus usually comes from a Trojan or other malware obtained from the Internet. At times a download file or application from a questionable source may load the CashU Virus, which will then prevent normal usage of your computer.

The newly released CashU removal report on EnigmaSoftware.comhttp://www.enigmasoftware.com/cashuvirus-removal/ has been updated to provide the necessary resource to detect and safely remove CashU Virus and all of its related malware files. Through the report, CashU Virus is identified as a Virus and Ransomware threat. The confusing pop-up alert of CashU Virus may look convincing but should never be treated as being legitimate under any conditions.

It is in a computer user’s best interest to become educated on threats like CashU Virus, so they are not willing to pay the assed fine. Payment of the fine will only repeat theCashU Virus message and keep the infected system locked up.

CashU Virus is a scam that was created and marked by cybercrooks who look to gain a payday at the expense of victimized computer users. Under no conditions should you ever trust a message like the CashU Virus pop-up notification. CashU Virus was designed exclusively to be a money extortion scam.

Source:  http://www.prleap.com/pr/203429/
Filed in General, Virus/Malware/Worms

Removal Guide for U.S. Department of Homeland Security Ransom Virus

Posted March 27, 2013 By National Cyber Security
comp virus 1

U.S. Department of Homeland Security
National Cyber Security Division
This computer has been blocked
THE WORK OF YOUR COMPUTER HAS BEEN SUSPENDED ON THE GROUNDS OF THE VIOLATION OF THE LAW OF THE UNITED STATES OF AMERICA.
(…)
Article 184. Pornography involving childrenImprisonment for the term of up to 10-15 years(The use or distribution of pornography material)
Artticle 171. CopyrightImprisonment for the term of up to 2-5 years. (The use or sharing copyrighted files)
Article 113. The use of unlicensed softwareImprisonment for the term of up to 2 years (The use of unlicensed software)
(…)
To unlock the computer you are obliged to pay a fine of $300. You must pay the fine through MoneyPAK.
You have 48 hours to pay the fine. If the fine has not been paid, you will become the subject of criminal prosecution without the right to pay the fine.
The Department for the Fight Against Cyberactivity will confiscate your computer and take You to Court.

Knowledge of Homeland Security virus
Homeland Security virus (Alias as U.S. Department of Homeland Security virus) is a destructive ransom virus which especially spreads fast in USA. To get stuck with such annoying ransomware virus, you will generally receive an announcement like above. In a simple explanation, all the contents will only be aimed to convince that you have done something illegal so that you need to pay fine $300 to release your blocked PC. Supposed that you wouldn’t pay fine timely, you would be taken to Court and get punishment. Once your computer is locked by such screen and displays those messages, the first thing you need to do is DO NOT PAY MONEY on it, as it is virus which will damage your PC and get your money only.

However, to handle this hazardous ransom virus, antivirus programs seem to be frail to clean up the virus from your PC. In fact, Homeland Security virus has the ability to block your security tools and antivirus programs so that to permeate into compromised machine smoothly. Usually, victims cannot do anything on affected machine, and the alert popup will cover the screen stubbornly. The longer Homeland Security virus exists in your PC, the more threats it will bring. To be more specific, it may even cut off the network of your PC and make some functions of system unusable. The worse results may also include Blue Screen and computer crash and etc. it is urgent to remove Homeland Security ransom virus from your computer before worse situation.

Malicious properties of Homeland Security virus
1. It downloads and installs rogue software without your permission.
2. It disables executable applications and antivirus on your computer.
3. It gives fake warnings to mislead you to pay for it.
4. It blocks opening legitimate websites but its purchase page.
5. It causes your computer slowing down and even crashing from time to time.

Detailed removal guide step by step
1) Boot your computer into Safe Mode with Networking

To perform this procedure, please restart your computer. -> As your computer restarts but before Windows launches, tap “F8? key constantly. -> Use the arrow keys to highlight the “Safe Mode with Networking” option and then press ENTER. -> If you don’t get the Safe Mode with Networking option, please restart the computer again and keep tapping “F8? key immediately.

2) Show hiden files of Homeland Security Ransom virus:
Open Folder Options: clicking the Start button> Control Panel> Appearance and Personalization, and then clicking Folder Options.   After that clicking the View tab.

Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.

3) In order to get rid of Homeland Security virus thoroughly from your infected machine, you need to end its related processes, search and remove associated registry values, DLL and then other relevant files.

1. The associated processes of Homeland Security virus to be stopped are listed below:
[random].exe

2. The associated files of Homeland Security virus to be deleted are listed below:
%Documents and Settings%\All Users\Application Data\[random]\
%Documents and Settings%\All Users\Application Data\[random]\[random].exe
%Documents and Settings%\All Users\Application Data\[random]\[random].mof
%Documents and Settings%\All Users\Application Data\[random]\[random].dll
%Documents and Settings%\All Users\Application Data\[random]\[random].ocx
%Documents and Settings%\All Users\Application Data\[random]\[random]\
%UserProfile%\Application Data\Anti-Malware Lab\
%UserProfile%\Application Data\Anti-Malware Lab\cookies.sqlite
%UserProfile%\Application Data\Anti-Malware Lab\Instructions.ini

3. The registry entries of Homeland Security virus that need to be removed are listed as follows:
HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Anti-Malware Lab?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options “Debugger” = “svchost.exe”.

Source: http://fixingcomputervirus.blogspot.in/2013/03/removal-guide-for-us-department-of.html

High Tech Crime Solutions

Filed in Cyber Security Alert, General, Security News, Virus/Malware/Worms

Computer Virus Prevention: 3 Things you can do

Posted March 27, 2013 By National Cyber Security
com virus

Performing basic computer safety maintenance is your first step to preventing nasty viruses from infecting your computer.
3 things you can do to protect your computer:

1.Install anti-virus and anti-spyware software.

At Carleton, all computer labs and staff/faculty workstations have Symantec installed.   Symantec is available to staff and faculty for home use and to students in residence -> Download Symantec here

2.Keep up with software, operating system and security updates.

When you get a notification to install the latest upgrade, do it.  Upgrades often contain patches that address security breaches and additional enhancements to security/functionality.

3.Configure your computer’s built-in firewall.

Firewalls can detect and prevent unauthorized traffic coming in from the internet.  Here is an article on how to set up a firewall on your home computer.

As a Precaution: Back up your Computer

As a further preventative measure, back your computer up on a regular basis.  This way, if you are infected with a virus, it may not be quite so painful.

For staff and faculty, this means backing your work up on the W: drive.  The data on your computer is not backed up, whereas the W: drive is backed up on a regular basis.

For students, if you use a laptop or a home computer for your school work, you may want to invest in an external hard drive as a means to back up your work, pictures, music and files.

Source: http://www6.carleton.ca/ccs/2013/computer-virus-prevention-3-things-you-can-do

Hi Tech Crime Solutions

Filed in Anti-Virus, General, Virus/Malware/Worms

How to Avoid Android Malware and Other Android Security Threats

Posted March 26, 2013 By National Cyber Security
And Malware

Antiviruses aren’t essential on Android, like they are on Windows. However, proper security practices like not downloading and installing suspicious programs also apply on Android.
Exercise Caution When Sideloading Apps

Unlike Apple’s iOS, Android allows you to install apps from outside Google Play. While Google may remove apps from Google Play, you still have the option of getting them from elsewhere. Installing apps from outside the device’s app store is referred to as “sideloading.”

Of course, with great power comes great responsibility. Sideloading is disabled by default for security reasons. Enabling it is just a matter of enabling the Unknown sources check box in your Settings screen. There are good reasons to enable sideloading – perhaps you want to use the Amazon App Store, install Android games purchased from the Humble Bundle, or just install apps that aren’t yet available in Google Play, like XBMC for Android.

 

And 1

 

 

 

 

 

 

However, there are also bad reasons to enable sideloading. If you’re installing pirated APK files to avoid having to pay for games and other types of Android apps, you’re taking a serious security risk. It’s possible to locate APK files claiming to be pirated apps on the web and install them, but this is a significant risk, just as downloading pirated applications can be on Windows.

As we mentioned in HTG Explains: Does Your Android Phone Need an Antivirus?, a study by McAfee found that over 60% of the Android malware samples they received were from a family known as “Fakeinstaller.” FakeInstaller malware disguises itself as a legitimate app and sends premium-rate SMS messages in the background once installed, costing you real money. This malware likely comes from pirated apps downloaded from suspicious websites or disreputable third-party app stores.

In short, only install apps from sources you trust. The official apps from Amazon, Humble Bundle, and XBMC shouldn’t be a problem, but a pirated game app from a third-party website may be stuffed with malware. If you’re using Android 4.2 or a newer version of Android, Android will offer to scan sideloaded apps for malware.

 

And 2

 

 

 

 

 

 

 

 

Avoid Suspicious Third-Party App Stores

Malware may also come from third-party app stores whose owners either don’t inspect the apps in their store for malware or don’t care that malware is being pushed through their store.

Studies have found that some third-party Android markets in countries like China host some types of malware not found elsewhere. Lookout Security found that third-party markets in China contained a Trojan named Gemini, which runs in the background, collecting a phone’s location information and other unique identifiers and sending it to remote servers.

To be infected with this Trojan, you’d have to be using a third-party market from China or install an app that came from there.
Watch the Apps You Install From Google Play

Some studies by antivirus companies – the same antivirus companies that want to sell you an Android antivirus solution – classify certain types of apps as malicious when they’re not. Some studies have scanned Google Play and concluded that certain apps are “high-risk” because they have access to permissions like viewing your phone’s device information. While this may be a privacy concern, such studies are overly sensational and lumping such apps in with malicious apps only serves to confuse the issue.

Still, when installing apps from Google Play you should exercise some caution. Don’t install suspicious-looking apps with bad reviews (or few reviews), apps that require too many permissions (like games with permission to send SMS messages), and other suspicious-looking apps. If an app needs a permission like the “Send SMS messages” permission, make sure it has a legitimate reason for requesting that permission. Most malware comes from outside Google Play, but exercising caution is always helpful.

 

And 3

 

 

 

 

 

 

 

 

 

 

Watch Out for Phishing

Malware isn’t the only security threat. Social-engineering techniques like phishing through email, SMS messages, or web browsers can be attempted against Android users, just as they can against desktop PC users. If you get a suspicious email claiming to be from your bank, open a link from it, and enter your online banking credentials into a fake website, it doesn’t matter whether you were using Windows or Android – either way, you gave away your sensitive information.

Update Your Phone or Tablet

Just like on another operating systems, security problems are occasionally found with the Android operating system and devices using it. Updates to the Android operating system often fix these problems, and device manufacturers can release patches to fix problems unique to their device.

Unfortunately, Google isn’t responsible for rolling out updates to all Android devices. Device manufacturers and carriers are responsible, and they often drag their feet and may never even get around to releasing operating system security updates – especially for older or less-popular devices.

For the same reasons your Android phone or tablet doesn’t get OS updates in general, it may not get important OS security updates, either. Google does directly update its Nexus devices, but security updates for devices like the Samsung Galaxy S III could potentially take months to trickle down through all carriers worldwide. Cheaper and less popular phones will be worse off.

Luckily, the sheer variety of different Android devices and operating system versions out there has meant that no significant attack against old, unpatched versions of Android has yet occurred. However, the lack of Android operating system security updates for many devices could result in wider-scale attacks in the future. This may just be another good reason to buy a Nexus device or use a custom ROM like Cyanogenmod until manufacturers and carriers get serious about updates.

While we’re harsh on the supposed necessity of all Android users paying for a battery-sucking antivirus app, these security apps do have some useful features. For example, they often include “Find My Android” features that allow you to locate your phone if you ever lose it. Android doesn’t come with this feature built-in, so this feature can be very nice to have.

Source: http://www.howtogeek.com/140900/how-to-avoid-android-malware-and-other-android-security-threats/

Hi Tech Crime Solutions

Filed in Anti-Virus, General, Security Threats, Virus/Malware/Worms

Credit report breach has link to Zeus banking malware

Posted March 26, 2013 By National Cyber Security
Zeus

A website that leaked credit reports of celebrities and government officials last week appears to have a curious link to the malicious banking software known as “Zeus.”

Scot A. Terban, an independent information security analyst known by his blogging pseudonym Krypt3ia, used a software tool called Maltego to research “Exposed.su,” which caused a stir last week by posting personal information and credit reports for Federal Bureau of Investigation Director Robert Mueller and singer Beyonce, among others. The FBI and U.S. Secret Service are investigating.

Exposed.su is no longer online. But by using Maltego, which is an advanced tool for tracking down digital information scattered about the internet, Terban put together an interesting snapshot of who may be behind it.

The domain registration for Exposed.su listed an email address “exposed.su@allperson.su.” Terban researched the “allperson.su” domain, looking at email addresses and other domains affiliated with the address.

He found “a pattern of behavior showing that most of these email addresses were for scam sites, free MP3 or video sites,” according to a writeup on his blog.

One of the most interesting finds is a related email address: demand.su@allperson.ru. That email address is listed in a civil suit filed by Microsoft in U.S. District Court for the Eastern District of New York in March 2012.

The lawsuit lists as plaintiffs 39 unnamed defendants who are accused of running the Zeus botnet, a long-running scheme believed to have stolen up to US$100 million from online bank accounts over at least five years. Microsoft later named two defendants already in prison in the U.K.

The particular email address was affiliated with a domain, now offline, that was one of thousands Microsoft alleged were used as part of the Zeus botnet.

Information in whois, a global address book of website owners, showed that allperson.su was registered by “Andrej V. Punegov” in 2007. Information in the whois, however, is notoriously inaccurate and contains false information.

Nonetheless, Terban’s work shows that a bit of research can show surprising information. Cybercriminals are known at times to make mistakes in covering their digital tracks.

Terban said in an interview on Monday that the data breach appeared to have the tone of a bunch of teenage hackers. “It seems like somebody just tried to show off, maybe with a bit of an axe to grind against certain people,” Terban said.

Even after the data breach had generated significant media coverage, the website continued to add data on more celebrities. But Terban noted the links to government officials became inoperable, even though the links to celebrity data still worked, indicating some sort of intervention was occurring before it fell offline.

For some time, Exposed.su used CloudFlare, a company that provides a service that speeds delivery of web pages by using a network of worldwide data centers to deliver a website’s content.

The company offers a free service, which appears to be attractive to legitimate websites and more nefarious ones. CloudFlare, which would not comment on Exposed.su, will disconnect a site if it violates its terms of service.

The source of some of the credit reports was “Annualcreditreport.com,” a site setup by TransUnion, Experian and Equifax, the three main U.S. credit-rating agencies. Hackers obtained the reports by correctly guessing security questions, such as the cost of a person’s mortgage payment.

A credit report released on Exposed.su for celebrity Paris Hilton listed the source as Freecreditreport.com, which is administered by Experian.

The Freecreditreport.com website was rejecting visitors from outside the U.S. on Monday. A customer service representative confirmed people from outside the U.S. are blocked from accessing the site. It was unclear if the site’s configuration is related to the latest data breach.

Source: http://www.techworld.com.au/article/456653/credit_report_breach_has_link_zeus_banking_malware/

High Tech Crime Solutions

Filed in Cyber Crime, General, Hackers vs. Banks, Hacking, Virus/Malware/Worms

Sierraware Introduces ARM TrustZone-based Malware Protection and Integrity Management

Posted March 26, 2013 By National Cyber Security
Malware Production

Sierraware, the embedded virtualization company, announced it has released SierraDefense to combat mobile malware. Built for the SierraTEE secure operating system, SierraDefense detects malware by examining the metadata and the behavior of applications running on a high-level operating system such as Linux or Android.

SierraDefense leverages the hardware security extensions of ARM TrustZone to protect itself from attacks by malware and rootkits. This means that malicious code running in the standard operating system cannot disable SierraDefense, which is installed in the Trusted Execution Environment (TEE).

Mobile security is a growing concern for consumers and businesses. Consumers want to access applications, play videos, and purchase goods from their phones without worrying about malware. Businesses must contend with an increasingly mobile workforce that uses phones and tablets to access enterprise data. SierraDefense can allay the fears of consumers and businesses alike by hardening mobile devices against attack. With SierraDefense, manufacturers can embed ironclad malware protection into their devices.

“Security will be a key differentiator for phone vendors in 2014,” said Gopal Jayaraman, CEO of Sierraware. “Vendors that offer secure platforms with anti-malware software built into every device will be able set themselves apart from their peers. SierraDefense can provide that protection. It is specially designed to run on mobile platforms.”

SierraDefense combines an offline file scanner, a live application scanner, a kernel rootkit scanner, and keylogger detection that together can capture and eliminate malware. It can be configured to scan systems, generate reports, and quarantine undesirable applications.

Availability

To access an evaluation version of the SierraDefense software, contact support@sierraware.com.

About Sierraware

Sierraware, founded in 2010, is a leading provider of virtualization and security solutions for ARM processors. Sierraware offers the SierraVisor Hypervisor, the SierraTEE Trusted Execution Environment, and communications and media toolkits for a wide range of ARM architectures. For more information, visit www.sierraware.com.

Source: http://www.design-reuse.com/news/31667/sierraware-arm-trustzone-based-malware-protection-integrity-management.html

High Tech Crime Solutions


http://www.Locatepc.net, AmIHackerProof.com, http://computer-security-expert.com, http://www.hackerforhireusa.com

Filed in Cell Phone Security, General, Security News, Virus/Malware/Worms

NotCompatible’ Android malware bounces back

Posted March 26, 2013 By National Cyber Security
Android Malware

The “NotCompatible” malware, designed to infect Android devices and turn them into unwitting Web proxies, is suddenly showing a sharp uptick in activity, according to mobile security vendor Lookout.

The malware is essentially a simple network proxy, which pretends to be a system update in order to get unwitting users to install it. The idea seems to be gaining access to protected networks through victims’ infected Android devices. It was named for its apparent command-and-control server, at notcompatibleapp.eu.

Last weekend saw the number of detections for NotCompatible rise to 20,000 per day, wrote researcher Tim Strazzere, who said that the malware had been largely dormant since it was discovered in May 2012.

But while the initial discovery saw the malware being installed by hacked websites, the latest wave of NotCompatible is being spread by email spam. The usual subject line is “hot news,” and the infected messages appear to contain links to fake weight-loss articles.

“Depending on the user’s Android OS Version and browser, they may be prompted about the download. Many stock browsers will transparently trigger a download to the device /Downloads folder whereas Chrome displays a confirmation dialog,” wrote Strazzere.

Lookout said there is little chance of direct harm to infected devices, and victims must allow NotCompatible to be installed for it to function, further minimizing the overall threat to the majority of Android users. The best advice for safety is simply to never allow any .apk whose provenance you’re even a little bit unsure of to be installed on your phone.

Source: http://www.computerworlduk.com/news/security/3435572/notcompatible-android-malware-bounces-back/

Hi Tech Crime Solutions

Filed in Cell Phone Security, General, Security Threats, Virus/Malware/Worms

Malware places personal info of 25k at Massachusetts university at risk

Posted March 26, 2013 By National Cyber Security
Malware Places

A worm that struck a Salem State University server may have compromised the data of several thousand current and former employees.

How many victims? 25,000 employees.

What type of personal information? A spokesman for the Massachusetts school declined to give specifics on the data that could have been accessed by intruders, other than to say it was personal information

What happened? Last month, a server was infected with a worm, which may have made the information of anyone that received a paycheck from the school – from full-time staff to student employees – accessible to intruders.

What was the response? The 25,000 affected employees were notified by letter last week. Salem State also offered those individuals one year of identity theft protection services and set up a call center to answer the questions of the impacted.

Details: Tom Torello, a Salem State spokesman, told SCMagazine.com in a Monday email that the worm was identified as “Vobfus.” According to security firm Trend Micro, worms in the Vobfus family function as “downloaders of other malware,” which can be leveraged by attackers to remotely steal data on compromised machines.

Quote: “At this point we don’t know if anyone’s information has been used in any type of illegal way, so we don’t know if anyone’s information is out there,” Torello said.

Source: http://www.scmagazine.com/malware-places-personal-info-of-25k-at-massachusetts-university-at-risk/article/284918/
http://TheCyberWars.com, http://HackerForHireinternational.com, AmIHackerProof.com, http://ParentSecurityOnline.com

High Tech Crime Solutions

Filed in General, Virus/Malware/Worms

Becoming a malware analyst

Posted March 25, 2013 By National Cyber Security
Malware Ana

There are few jobs in this industry that seem as appealing and interesting to me as that of a malware analyst. In my mind, these professionals were waking up each day to continue a complex game not unlike the Glass Bead Game from the eponymous novel by Herman Hesse – a pure pursuit of the mind that makes connections where there are seemingly none, all for the sake of solving intricate puzzles in order to satisfy their curiosity and cravings for intellectual challenges. But I was wrong!

To satisfy my own personal craving to know what it was all about, I decided to contact a number of malware analysts working for some of the most high-profile security companies out there and ask them a few questions.

The traits and skills of good malware analysts

Some malware researchers, like McAfee Lab’s Principal Research Architect Igor Muttik, entered the field in the ’80s, when the anti-virus programs were only appearing and there was no multi-billion AV industry yet. Others, like Jana Barborikova, a Junior Virus Analyst at Avast, have been in it for less than a year.

But the one thing they all have in common – beside insatiable curiosity – is the satisfaction of knowing that they are keeping users safe. In fact, the willingness to help people is one of the main qualities of a good malware researcher according to Muttik. “In this regard what we do is very similar to the work of the doctors, police and firefighters,” he muses.

“What are the others?” I asked. A high IQ, he says. “Anyone can be a good programmer but to successful in computer security one has to be smarter than the best of the attackers. This requires dedication and the more brain cells you can contribute – the better!”

“Crucial for malware analysts is the ability to get a full overview of what modern malware does, how it does it and why it’s doing it,” Bogdan Botezatu, Senior E-Threat Analyst with Bitdefender, tells me.

“Patience is also mandatory. Decrypting a piece of malware with server-side polymorphism or tracking down its behavior in a virtualized environment can get extremely frustrating. Last but not least is a strong sense of ethics. The lack of affiliation with black-hat or cybercriminal groups is just a start. Since we’re trusted with lots of confidential information and access to zero-day samples or still unpatched exploit code, we need to know that no employee would use the code for malicious purposes.”

He sees the job more as a vocation. “I know quite a few antivirus researchers who are designated economists, MDs or, as in my case, historians or journalists, but are experts on cybercrime. Of course, IT-related educational backgrounds make it easier to learn how computers, operating systems, network communication and applications work, but it is not mandatory.”

Kaspersky Lab Senior Malware Analyst Denis Maslennikov agrees. “The most important thing is to be interested in this field, because if you are, this interest will drive you and guide you while you search for new knowledge and experience. It’s more about the knowledge you have than about the diploma. If you have some basic background and are able to learn new stuff you can become malware analyst.”

He also reiterates Botezatu’s opinion on ethics. “Stay out of the black / grey area. No antivirus company will hire you or trust you with zero-day code if you have worked for or have been affiliated with exploit writers, black hat hackers or unauthorized pen-testers. Most disclosure about ongoing operations follows a strict vouching process in which the candidate receives approval or denial from peers in the industry.”

The ability of not letting failure to put you off is another crucial trait according to Barborikova. “An analyst cannot be afraid to try new approaches and think outside of the box.”

Finally, you need to be ready and able to communicate. “The best reverse engineer in the world is useless if she cannot report her findings in a clear and concise way,” points out Guillaume Lovet, Senior Manager FortiGuard’s Labs in EMEA at Fortinet.

But what kind of base knowledge is a must-have? Or, at least, is highly recommended?

“Most malware nowadays requires analysts to understand assembly languages. Learning and understanding this will unlock many doors in the field of malware analysis,” says Liam O’Murchu, Manager of Operations, Symantec Security Response.

Barborikova concurs, and that is why she’s currently focusing on learning them. “The analyst does nothing without some programming skills, fundamentals of networking and a basic knowledge of operating systems,” she adds.

“Reverse engineering – although the focus of antivirus research – is not everything a candidate needs to understand. Most of the time, you will need to build your own tools and extend them to suit your new purposes,” Botezatu weighs in.

“If you already understand assembly language, you should start learning a programming language (such as C++ and Python), as you’re going to use it to automate day-to-day tasks, write custom scripts to help you with your work or develop state-of-the-art disinfection routines that will reach millions of customers on the next update.”

Lovet agrees, and considers some developer skills in scripting languages almost mandatory. He also points out that – unlike him – not all analysts have been professional C++ developers before becoming analysts, and that he finds this a significant advantage when it comes down to reverse-engineering malware pieces, which are usually coded in C++.

What none of them (or the companies they work for) consider important is having certifications.

“We do not require any certifications for new malware engineers joining our team. The most important thing is to have hands on experience analyzing malware or performing security investigations,” says O’Murchu.

How does one become a malware researcher?

The roads that lead to this are many and various. Maslennikov and O’Murchu studied, respectively, information security and computer engineering at college. For the former, the road was very straight – while still at university, he got a call from Kaspersky Lab and was offered a malware analyst position.

The latter went through several jobs such as a security tester for an internet kiosk company and working at an anti-spam company that was ultimately bought by Symantec. “We were given a tour of the new Symantec offices and as soon as I entered the malware analysis lab I knew that was the job I wanted. I was fortunate to have the opportunity to transfer into that department and short time later and have been here since,” he says.

Muttik and Barborikova have an education in natural and formal sciences. Both were interested in a career in information security, and Muttik practiced reverse-engineering viruses as a hobby.

A previously mentioned, Botezatu studied history and journalism, but was also interested in reverse-engineering malware since he was a teenager. Following a stint as a network administrator for his university, he applied for a job at Bitdefender two times. After having overslept and missed the interview the first time, he worked half a year as a tech journalist before trying his luck again. This time, he was recruited by the company’s communication team.

“Since joining Bitdefender, I’ve worked in a multitude of fields, from technical communication to anti-malware research and new product development. I grew to understand security from tracking down malicious activity to actually developing solutions to mitigate it, and speaking about developments in the industry at international conferences. As part of a cross-disciplinary team, we’re exposed to everything that happens in the anti-malware field, so we have a full perspective on the industry,” he shared.

Lovet became a malware analyst after a 2-year-long developer experience. “Being a developer satisfied my analytic and synthetic mind, as well as my creativity, yet it lacked the ‘passion’ component,” he says, adding that he began working as a Malware Analyst at Fortinet in 2004.

“At the beginning, we’d manually process loads of legacy DOS viruses – because we needed to have detection for those to earn some certifications. These were fun times: studying 20+ viruses per day is the equivalent of playing poker online, at 5 different tables at once: you play a LOT of hands, and gain experience faster,” he shares.

After becoming the AV Team leader, he turned more toward researcher and presenting at international conferences such as AVAR, EICAR, and Virus Bulletin.

“Eventually, I got promoted to AV and IPS team manager, then senior manager. Today, I still do my share of research (last year I presented 2 papers at BlackHat in Amsterdam), and some management of people. This was my choice, in order to diversify my skills. It is perfectly possible to stick to purely technical tasks and progress in the company aside of the management ladder, up to the rank of Fellow, which equates a VP rank in the management career,” he points out.

Malware researchers’ typical working day and the tools they use

“During my work I deal mainly with web malware,” shares Barborikova. “I go through a list of potentially dangerous URLs and select domains which are actually malicious. Then I analyze samples, especially HTML and PHP files. Apart from handy internal tools developed in our virus lab department I use freeware tools like VirtualBox, Process Monitor or Wireshark and online deobfuscators and decoders.”

“We use IDA Pro and OllyDbg for reverse engineering. And our own tools for intelligence and monitoring (probes and honeypots), says Lovet. “On the secluded replication machines, where we safely run viruses to study their behavior, we don’t use virtual machines, as some malware spots those. On the mobile malware side, we have our own in-lab, secluded GSM network.

We built a base-station with a modified USRP board. The software part is OpenBTS, an open source system. When we register infected phones to that network, we can therefore trace what they do on the network: send SMS, place calls, etc.”

IDA and OllyDbg are O’Murchu’s “weapons of choice,” as well, since they are standards for the two primary tools any malware analyst needs: a disassembler and a debugger.

“We have separate machines that we use for malware analysis. In addition to having all the tools needed for analysis installed, these machines are also isolated with no Internet connection. This prevents any malware from escaping when we are testing it,” he says.

“We generally run the threat to look at observable behaviors first, then dig deeper as needed. Using hex editors and file format parsers and learning about different file formats is also a big part of a malware analyst’s role. For example if a PDF file is being used to distribute a piece of malware, then analyst will need to become familiar with how PDF files are created and how to break them apart.”

Botezatu says that he is not sure where his typical day ends and where it starts. “Antivirus research is a 24-hour mission – if your phone rings or the SMS alert beeps in the middle of the night, you take off to work, or at least VPN into the company immediately,” he notes. “If an outbreak has been detected, we start developing a removal tool for computer users who are not running a Bitdefender solution.

If everything is running normally, we proceed to solving support tickets, clustering new malware and improving heuristics, while keeping an eye on security (highly private) mailing lists for new samples and developments. You know – the save-the-world-while-having-coffee activities.”

“As far as tools are concerned, we’re using a lot of readily available tools such as Far Manager, IDA, Process Explorer, Process Monitor, Malzilla, and Wireshark. But the heavy lifting is done with proprietary tools built in-house, tools that don’t even have names. In the fight against malware, it’s every man for himself, we’re mostly using tools that we develop ad-hoc, ranging from unpackers to utilities for clustering files, rebooting remote machines or controlling operations off-site,” he concludes.

Maslennikov says that there is really no typical working day, as there is always something new and / or urgent going on. He does his testing on two desktops with Windows and Linux and a lot of smartphones with different OS, and can’t do without the Far file manager, IDA, Hiew and a number of various internal tools. Oh, and coffee – plenty of it, and often.

Finally, I asked them:

What surprised them the most during their current career?

“I have been in the security industry for almost 10 years, and I am continuously surprised by the new attacks the malware cyber criminals dream up,” says O’Murchu. “Although the vast majority of attacks are predictable and nothing out of the ordinary, there is always a small number of threats that push the boundaries of what is possible.”

The threat that has amazed him the most was Stuxnet. “We had never seen a piece of malware capable of changing how physical machinery works. That was a threat that really pushed the boundaries of what malware can do,” he added.

Botezatu has been most surprised by the success of the Slammer worm, the virality of Conficker, the way cyber-crooks made easy money with the Rogue AV campaigns and the complexity of the TDSS family.

“But the piece of malware that went through our hands and surprised the entire world was Flamer, a piece so elegantly designed that it tricked the user into acting as a mule for the stolen data,” he shares. “It took espionage to a whole new level: the ability to prioritize importance of stolen data, the way it carried the data to a gateway and the fact that it lacked compression and obfuscation, hiding its code in plain sight. This was clearly not the result of a single man, but rather the work of a team of specialists.”

And while Barborikova, who has only been doing this for a year, says that she naturally often encounter things that are new for her, Lovet says that the thing that fascinates him the most is that cybercriminals have not begun exploiting mobile phones earlier.

“Back in 2006, I predicted that they would, since a smartphone was basically a computer with something more: an integrated payment system (i.e. premium numbers). It’d simplify a lot the business model you need to set up to turn infected machines into cash,” he pointed out.

Nevertheless, it didn’t really happen before 2011, and even now, he says, the scale on which it’s happening is still moderate as compared to the PC world.

Source: http://www.net-security.org/secworld.php?id=14608

Hi Tech Crime Solutions

Filed in General, PCI and Compliance, Security News, Virus/Malware/Worms

ThreatTrack Security, Inc. Launches To Compete With FireEye In Advanced Malware Detection

Posted March 25, 2013 By National Cyber Security
Threat

Clearwater, Fla. – March 18, 2013 – ThreatTrack Security Inc. – formerly the Security Business Unit of GFI Software – today launched operations as an independent company dedicated to the analysis, detection and remediation of advanced malware threats. ThreatTrack Security enables organizations to identify and prevent Advanced Persistent Threats (APTs), targeted attacks and sophisticated malware designed to evade the traditional cyber-defenses deployed by enterprises, government agencies, and small and medium-sized businesses (SMBs) around the world.

“It’s time for a new approach to malware defense,” said Julian Waits, CEO of ThreatTrack Security. “APTs and other complex malware attacks have enterprises – especially those in globally competitive industries like finance, aerospace, healthcare, technology, and oil and gas exploration – struggling to ensure the integrity of their networks and intellectual property. Moreover, many enterprises lack the necessary tools to know with certainty if they are a victim of an APT or other advanced malware strike. ThreatTrack Security was established to help enterprises bolster their cybersecurity readiness right now.”

Experience That Counts

ThreatTrack Security is different from the string of recent start-ups proposing untried security solutions and strategies to combat advanced cyber-threats. The company has more than a decade of experience analyzing and remediating malware, developing proven solutions that defend against the escalating sophistication of cybercrime, and it has built a proven track record of satisfying demanding customers on a global scale.

“In the coming months, ThreatTrack Security will unveil a new product roadmap that will augment our existing security solutions and enable us to deliver on our promise of a stronger, more secure enterprise cyber-defense,” added Waits.

ThreatTrack Security solutions include:

ThreatAnalyzer&trade (formerly GFI SandBox) is an automated malware analysis sandbox that provides detailed malware behavioral reports to help enterprises defend against APTs, Zero-day threats and targeted attacks by analyzing files and URLs for malicious activity in a controlled, customizable environment. ThreatAnalyzer – increasingly deployed by enterprises nationwide – is used by government security, defense and intelligence agencies, making it an integral component of the U.S. cybersecurity infrastructure.

VIPRE® Business Premium is the company’s most robust business antivirus solution that combines antivirus, integrated patch management, Mobile Device Management (MDM) and more to centrally manage and defend PCs, Macs, iPhones, iPads and Android devices. VIPRE Internet Security is the company’s premier home antivirus software with anti-spyware and malware protection, automated updates for unpatched software, a firewall to stop malicious web traffic, an anti-spam filter and malicious website blocker. Millions of users worldwide trust VIPRE for their endpoint security.

ThreatIQ&trade provides the real-time malware intelligence that most enterprises lack. The service helps ensure that an enterprise’s perimeter security defenses – such as firewalls, IDS/IPS, web filters and anti-spam products – identify and stop threats as they emerge. Customers receive continuous streams of malicious URLs and IP address, suspected files, phishing links and other malware data as it’s discovered by ThreatTrack Security Labs.

In addition to a wide array of end-user customers – including large enterprises, government agencies, educational institutions, SMBs and consumers – dozens of OEMs and ISVs partner with ThreatTrack Security to harden their products with integrated malware defenses.

To learn more about ThreatTrack Security, visit www.ThreatTrackSecurity.com, call +1 888-243-4329 or send email to Sales@ThreatTrack.com.

About ThreatTrack Security Inc.

ThreatTrack Security specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware that are designed to evade the traditional cyber-defenses deployed by enterprises, and small and medium-sized businesses (SMBs) around the world. The company develops advanced cybersecurity solutions that analyze, detect and remediate the latest malicious threats, including its ThreatAnalyzer malware behavioral analysis sandbox, VIPRE business and consumer antivirus software, and ThreatIQ real-time threat awareness service. Visit www.ThreatTrackSecurity.com to learn more.

Source: http://www.darkreading.com/advanced-threats/167901091/security/news/240151026/threattrack-security-inc-launches-to-compete-with-fireeye-in-advanced-malware-detection

High Tech Crime Solutions


http://TheCyberWars.com, http://www.hackerforhireusa.com, http://computer-security-expert.com, http://HackerForHireinternational.com

Filed in General, Security Threats, Virus/Malware/Worms

Express Shipment Notification emails contain malware

Posted March 25, 2013 By National Cyber Security
Express 2jpg

Have you received an email with the subject line “Express Shipment Notification”?

If so, be on your guard – you could be at risk of infecting your Windows computers.

Online criminals have spammed out a large number of messages, claiming to come from DHL Express International, that are designed to install malware onto the computers of unsuspecting PC users.

Here is what a typical example of an email spammed out in the attack looks like:

 

express1jpg

 

 

 

 

 

 

 

 

DHL Express
Tracking Notification: 449762627

Custom Reference: 594078O440
Tracking Number: XFLNH94244
Pickup Date: Mon, 18 Mar 2013 12:39:03 +0100
Service: AIR
Pieces: 1

Mon, 18 Mar 2013 12:39:03 +0100 – Processing complete successfully
Refer to attached report for full details.

Attached to the emails is a ZIP file, containing malware. The filename of the ZIP file can vary, but takes the form “DHL reportXXXXXX.zip” (where the ‘X’s are a random code).

Sophos products detect the malicious attachment as the Troj/BredoZp-S Trojan horse.

Of course, the emails don’t really come from DHL – and the fact that you may have received an email which has DHL in its “From:” field does not mean that any computer systems at DHL have been compromised, but just that the attackers have forged the email headers.

Time and time again we have seen cybercriminals using the disguise of shipping companies like DHL and FedEx to spread their malware attacks and hijack the computers of the unwary.

Your best protection is to not just run an up-to-date anti-virus, but also to live and breathe computer security in your every day life.

How do you do that? Well, you can start by learning to never open attachments in unsolicited emails – however tempted you might be.

Source: http://nakedsecurity.sophos.com/2013/03/18/express-shipment-notification-emails-malware/

Hi Tech Crime Solutions

Filed in General, Spyware and Malware, Virus/Malware/Worms

Beware Infrared X-Ray: Latest Android Malware Spams Victim’s Contacts

Posted March 25, 2013 By National Cyber Security
spam

The latest malware targeting users of Android devices is trying to lure victims into downloading an app called Infrared X-Ray, and is spreading quickly by tapping into victims’ contacts and spamming them with SMS messages.

The new SMS Trojan was analyzed by Symantec (NSDQ:SYMC) researchers in Japan. The cybercriminals behind the campaign are using a malicious application to tap into the victim’s contacts rather than sending out text messages themselves, wrote Joji Hamada, a Symantec threat researcher in the company blog.

“This allows the recipients of the spam to be tricked easier because the invitation to download the app is coming from someone they know rather than from an unknown sender,” Hamada said.

[Related: Malware Rising: Trojans Dominate Rankings, Study Finds ]

The app steals all details in the device’s contact list. “Not surprisingly, the app does not work as per advertised and a picture of man holding up his middle finger stating that the victim is a pervert is displayed,” Hamada wrote.

Several variants of the malware exist and some versions attempt one-click fraud, Hamada said. Victims are given details about pornographic websites while their contact information is uploaded to a remote server. The app attempts to charge a registration fee and threatens the victim that it will send a message to every person in the contact list if the fee isn’t paid promptly.

“In order to make it difficult for the victim to uninstall the app, it removes itself from the launcher after it is initially executed, although it can be removed in Applications under Settings,” Hamada wrote.

SMS Trojans are among the most virulent threats on Android devices, according to studies provided by security firms. A recent mobile threat report issued by antivirus vendor F-Secure found that nearly 80 percent of all mobile malware targeted Android devices in 2012, primarily driven by malicious apps in third-party app stores.

F-Secure warned that malware authors are developing more sophisticated attack techniques for mobile devices, using encryption and randomization or hiding malicious code in image files. Malware also was discovered on bootleg copies of the Angry Bird game, the firm said.

“Over the year, Android threats have continued to improve their techniques in evading detection and their methods of infection, yet nothing much has changed in their operation in collecting profit,” F-Secure said. “The majority of malware discovered in Android markets are SMS-sending malware that reap profit from sending messages to premium numbers.”

Symantec’s Hamada said all device owners should refrain from clicking links in emails and SMS messages that aren’t expected. Only download apps from trustworthy sources, he said.

Source: http://www.crn.com/news/security/240150979/beware-infrared-x-ray-latest-android-malware-spams-victims-contacts.htm

High Tech Crime Solutions

Filed in Cell Phone Security, General, Security Threats, Spyware and Malware, Virus/Malware/Worms
« Older Entries

Join the mailing list

Check your email and confirm the subscription