http://krebsonsecurity.com/2012/12/

http://krebsonsecurity.com/2012/12/

Symptoms of a system infection

1. Slowdown

It takes longer than normal for your operating system to boot up? Are you waiting too long for some of your programs to start?

It is a known fact that malware has the tendency to slow down your operating system, your Internet speed or the speed of your applications.

If you notice something like this and you are not using any resource-heavy program or application, check first for other causes. It may be a lack of RAM memory, a fragmented system, a lack of space on your hard drive or maybe a hardware issue affecting your drive.

If you have already verified these possible causes and all seemed fine, maybe you should start suspecting a malware issue on the system.

For additional reasons why your computer might be slow and how to fix it, take a look at this article.

2. Pop-ups

One of the most annoying signs of malware is represented by the unwanted pop-up windows. Unexpected pop-ups which appear on the system are a typical sign of a spyware infection.

In this particular case, the main issue is created not only by the numerous pop-up windows that affect your Internet navigation, but also because it is quite difficult to remove them from the system. Pop-ups are not only annoying, but they usually come together with other malware threats which are concealed from our eyes, and which could be far more destructive for our systems.

To avoid spyware and its negative consequences for our systems, keep in mind a few security practices:

• don’t click any suspicious pop-up windows
• don’t answer to unexpected answers
• be careful when downloading free applications

To remove this type of threat, you need a very good security product against spyware. A few popular products capable of removing spyware from your system are Malwarebytes, Spybot Search and Destroy, Lavasoft’s Ad-Awareand others.

You can find here more information on removing spyware.

3. Crashes

If your programs or your system regularly crash or the infamous BSOD (Blue Screen of Death) appears regularly, it is a clear warning that your system is not working properly and you should look into it.

We need to mention here the 2 particular cases which may cause this problem. You could be dealing with a technical issue caused by a potential incompatibility between your programs or it may be a malware issue.

If you suspect a technical issue, multiple software problems may lead to this.Are you running various programs which may conflict with each other? Is there any orphan registry keys which have not been removed slowing down and eventually crashing your system?

If you are checking for malware, simply run a complete scan on the system with a good antivirus product. It is important to have a reliable security solution on your system, which should include real-time scanning, automatic update and a firewall.

To find the best solution, check the antivirus test results run by big company names in the security industry, such as AV Comparatives, PC Magazine, AV-TEST or Virus Bulletin and select the best antivirus solution for your system.

4. Suspicious Hard drive activity

Another warning sign of a potential malware infection on your system is thehard drive activity. If you notice that your disk continues to have excessive activity even when you don’t use it anymore and there is no present program or download running at that moment, this could be the moment to check your system for malware.

We have to mention that another possible cause for the abnormal hard disk activity could be a hardware failure of the disk. This should also be taken into consideration.

5. Running out of hard drive space

Regarding the hard drive, you also need to check if your physical storage space has been increasing lately or if some of your files disappeared or changed their names. This is another sign of malware activity, since there are numerous types of malicious software which use various methods to fill up all the available space in the hard drive.

6. Unusual high network activity

There are cases where the user is not connected to the Internet with his browser and there is no program that may connect to online servers to download or upload any data,  but a high network activity can still be observed.

First of all, we need to check the following:

•  Is there any Windows update at that moment?
•  Is there any program or application that may be downloading or uploading any data?
•  Is there any update for a certain program running at that moment?
•  Is there a large download that you started and forgot about it and is still running in the background?

If the answer to all these questions is No, then maybe you should check where all that traffic is going.

• To monitor your network, you can use one of the following programs:GlassWire, Little Snitch or Wireshark.

• To check for a malware infection, use a good antivirus product to check your system.

• If you suspect that your computer has been infected by a dangerous financial malware, you need a specialized software designed to address these type of threats.

7. New Browser home page, new toolbars and/or your browser opens unwanted websites

Did you notice your home page has been changed and you don’t seem to know why? A new toolbar seems to be placed at top of your web browser? Have you tried to access your favorite blog, but you were sent to a different address?

This usually happens when you visit a website and you accidentaly click an online link or a pop-up window. This action triggers the download and install of a secondary software, which is not only annoying, but also malicious.

Run a complete scan with your security solution as soon as possible.Because these type of threats don’t easily go away, make sure you run additional scans with specialized software, such as anti-spyware programs mentioned above.

8. Unusual messages or programs starting automatically

If, all of a sudden, you see programs opening and closing automatically, your Windows operating system shutting down without reason or you havestrange windows in the booting process and Windows lets you know that you lost access to some of your drives, this is something you should worry about.

Though it may be a technical issue, it is also a sign that malware could be present on the system. If this is the case and you lost access to some important areas of your operating system, you need to prepare for the worst. These are the cases when a complete wipe and reinstall of the operating system is taken into consideration.

9. Your security solution is disabled

Your antivirus solution doesn’t seem to work anymore or the Update module seems to be disabled. You should know that some malware programs are specially designed to disable security programs, leaving you without any defense. If you already tried to reboot your computer, close and open the security solution and all other normal troubleshooting steps resulted in no positive outcome, you may consider that your computer has been affected by malware.

Though we prepare for the worst, we complement our online security by employing advanced anti-spyware solutions and security programs specially designed to keep our money safe, there are cases when a powerful malware gets beyond our defenses and compromises our security solution.

10. Your friends say they receive strange messages or e-mails from you

Are your friends telling you that they received suspicious e-mails from you or instant messages from your social media account containing attachments or links?

First of all, you need to verify whether those e-mails or messages were sent from one of your accounts (so check your Sent Items folder in your e-mail account) or if those messages were delivered from an application which is out of your control.

If you discover the messages were sent from one of your accounts, make sure of the following:

• Make sure you logged out from all your accounts. We access the same accounts on our work computers, on our home laptops and of course, on our mobile devices. Since we log in to our favorite online accounts on so many mobile devices, it is quite possible that sometimes we forget to log out. Therefore, always make sure to log out from your online accounts on all the devices.

• Set strong passwords for your accounts. Don’t forget to combine upper and lowercase letters, numbers, and symbols. Don’t use the same password for all your accounts. Even if you are hacked, having different passwords for each account will help you limit a potential loss. Make a habit of changing your main passwords every 30 days.  Use a strong and secure password manager as LastPass.

• Use two-factor authentication. Use this method to make sure your online accounts or your e-mail address are not accessed by somebody else. Using this option means that, besides entering your credentials, you will also need to enter a code sent to your phone.

Knowledge is our best weapon

Knowing how malicious software behaves on a regular system may just prove to be the key element between staying safe and having your system wrecked or your online identity stolen.

Since we live in a threat environment, online security means not only to install a series of security programs and forget about them, but to understand how malware manifests itself on the system and thus to know our enemy.

In the end, it is our knowledge of malware tools and methods that keeps us safe, because it is far easier to prevent a threat from becoming reality than to take actions against it when it’s already too late.

The Top 10 Most Dangerous Malware That Can Empty Your Bank Account

Most dangerous pieces of financial malware

 1.  Zbot/Zeus

Zeus, also known as Zbot, is a notorious Trojan which infects Windows users and tries to retrieve confidential information from the infected computers. Once it is installed, it also tries to download configuration files and updates from the Internet. The Zeus files are created and customized using a Trojan-building toolkit, which is available online for cybercriminals.

Zeus has been created to steal private data from the infected systems, such as system information, passwords, banking credentials or other financial details and it can be customized to gather banking details in specific countries and by using various methods. Using the retrieved information,cybercriminals log into banking accounts and make unauthorized money transfers through a complex network of computers.

Zbot/Zeus is based on the client-server model and requires a Command and Control server to send and receive information across the network. The single Command and Control server is considered to be the weak point in the malware architecture and it is the target of law enforcement agencies when dealing with Zeus.

To counter this weak point, the latest variant of Zeus/Zbot have included aDGA (domain generation algorithm), which makes the Command and Control servers resistant to takedown attempts. The DGA generates a list of domain names to which the bots try to connect in case the Command and Control server cannot be reached.

Zeus/Zbot, known by many names including PRG and Infostealer, has already infected as many as 3.6 million systems in the United States. In 2009, security analysts found that the Zeus spread on more than 70,000 accounts of banks and businesses including NASA and the Bank of America.

For more information about the Zbot/Zeus malware, check out this article.

2. Zeus Gameover (P2P) (Zeus family)

Zeus Gameover is a variant of the Zeus family – the infamous family of financial stealing malware – which relies upon a peer-to-peer botnet infrastructure.

The network configuration removes the need for a centralized Command and Control server, including a DGA (Domain Generation Algorithm) whichproduces new domains in case the peers cannot be reached. The generated peers in the botnet can act as independent Command and Control serversand are able to download commands or configuration files between them, finally sending the stolen data to the malicious servers.

Zeus Gameover is used by cybercriminals to collect financial information, targeting various user data from credentials, credit card numbers and passwords to any other private information which might prove useful in retrieving a victim’s banking information. GameOver Zeus is estimated to have infected 1 million users around the world.

For more infos about the Zeus P2P Gameover malware, check out thisarticle.

3. SpyEye (Zeus family)

SpyEye is a data-stealing malware (similar to Zeus) created to steal money from online bank accounts. This malicious software is capable of stealing bank account credentials, social security numbers and financial information that could be used to empty bank accounts.

This banking Trojan contains a keylogger that tries to retrieve login credentials for online bank account. The attack toolkit is popular among cybercriminals because it can be customized to attack specific institutions or target certain financial data.

SpyEye is able to start a financial transaction as soon as a targeted user initiates an online operation from his bank account.

For more information about the SpyEye malware, check this article.

4. Ice IX (Zeus family)

Ice IX is a modified variant of Zeus, the infamous banking Trojan, one of the most sophisticated pieces of financial malware out there.

This modified variant is used by cybercriminals with the same malicious purpose of stealing personal and financial information, such as credentials or passwords for the e-mail or the online bank accounts.

Like Zeus, Ice IX can control the displayed content in a browser used for online banking websites. The injected web forms are used to extract banking credentials and other private security information.

Ice IX, the modified version of Zeus, improved a few Zeus capabilities. The most important one is a defense mechanism to evade tracker sites, which monitor at present most Command and Control servers controlled by Zeus.

For more information about the Ice IX malware, check out this article.

5. Citadel (Zeus family)

Citadel appeared after the source code of the infamous Zeus leaked in 2011. Due to its open source character, the software code has been reviewed and improved by IT criminals for various malware attacks.

For cybercriminals, it is an advanced toolkit which they can use to trick users into revealing confidential information and steal banking credentials. The stolen credentials are then used by cybercriminals into accessing online accounts and running fraudulent transactions.

For more information about the Citadel malware, check out this article.

6. Carberp (Zeus family)

Carberp is a Trojan designed to give attackers the ability to steal private information from online banking platforms accessed by the infected PCs.

This Trojan’s behavior is similar to the other financial malware in the Zeus family and displays stealth abilities from antimalware applications. Carberp is able to steal sensitive data from infected machines and download new data from command-and-control servers.

This Trojan is one of the most widely spread financial stealing malware in Russia. Primarily targeting banking systems and companies which perform a high number of financial transactions, Carberp is not only injecting a code into web pages, but it also tries to exploit several vulnerabilities in the target system so as to escalate to administrative privileges.

Distributed through the typical methods of using malicious e-mail attachments, drive-by downloads or by clicking on a deceptive pop-up window, what is different at this financial malware is the high number of legitimate web resources used to collect information and potentially make fraudulent transactions. It is indicated that cybercriminals have deployed botnets on over 25,000 infected machines.

For more information the Carperb malware, check out this article.

7. Bugat (Zeus family)

Bugat is another banking Trojan, with similar capabilities to Zeus – the notorious data-stealing Trojan – which is used by IT criminals to steal financial credentials.

Bugat targets an infected user’s browsing activity and harvests information during online banking sessions. It can upload files from an infected computer, download and execute a list of running processes or steal FTP credentials.

Bugat communicates with a command and control server from where it receives instructions and updates to the list of financial websites it targets.

The collected information is sent to the cybercriminal’s remote server.

Cybercriminals spreads the malware mostly by inserting malicious links in the e-mails they send to the targeted users. When a user clicks a malicious link, he is directed to a fraudulent website where the Bugat executable downloads on the system.

For more information about the Bugat malware, check out this article.

8. Shylock (Zeus family)

Shylock is a banking malware, designed to retrieve user’s banking credentials for fraudulent purposes.

As soon as it is installed, Shylock communicates with the remote Command and Control servers controlled by the cybercriminals, sending and receiving data to and from the infected PCs.

Similar to Zeus Gameover, this malware makes use of a (DGA) Domain generation algorithm which is used to generate a number of domain names that can be used receive commands between the malicious servers and the infected systems.

The Trojan is delivered mostly through drive-by downloads on compromised websites and via malvertising, where malicious code is inserted in adverts that are then placed on legitimate websites.

Another popular method of spreading this financial malware is by insertingmalicious JavaScript into a web page. This technique produces a pop-up which pushes the user to download a plugin, apparently necessary for the media display on the website.

For more information about the Shylock malware, check this article.

9. Torpig (Zeus family)

Torpig is a sophisticated type of malware program designed to harvest sensitive information, such as bank account and credit card information from its victims.

The Torpig botnet – the network of compromised PCs – which are under the control of cybercriminals are the main means for sending spam e-mails or stealing private information or credentials for the online bank accounts. Torpig also uses a DGA (domain generation algorithm) to generate a list of domains names and locate the Command and Control servers used by hackers.

Users are typically infected through drive-by downloads; a web page on a legitimate website is modified to ask the user for JavaScript code from a web location controlled by the IT criminals. The infected computers run phishing attacks to obtain sensitive data from its victims.

For more information about the Torpig malware, check out this article.

10. CryptoLocker

This malware encrypts your data and displays a message which states that your private information can be decrypted for a sum of money in a limited period of time. Though CryptoLocker can be removed by various security solutions, there isn’t any way yet to decrypt the locked files.

CryptoLocker is one of the nastiest pieces of malware ever created. It’s not just because it takes money from you or because it can access your private data, but once it manages to encrypt your information, there is no way for you to decrypt those files. This ransomware is so dangerous because the affected users have their private information disclosed (and taken advantage from) and they also lose the files without having any chance of recovering them.

CryptoLocker is a ransomware Trojan which can infect your system in different ways, but usually this happens through the means of an apparently legitimate e-mail attachment, from a well-known company or institution. Because it spreads through e-mail attachments, this ransomware is known to target companies and institutions through phishing attacks.

How do I stay safe from CryptoLocker?

To stay safe from CryptoLocker, follow these steps:

1. Install a specialized security solution, such as Heimdal Pro.
2. Be careful at the e-mails you receive and don’t download or run e-mail attachments from unknown e-mail senders. Also, don’t click the links in these types of e-mails.
3. Back up your important documents and files. Create backup copies of your data in multiple locations.
4. Keep your software up to date, using the latest security patches available.

How can Heimdal protect me from CryptoLocker?

Heimdal blocks malicious websites which distribute CryptoLocker by making sure that users do not establish untrusted connections. Heimdal can shield a PC from an attacker’s domain and it can prevent CryptoLocker from downloading its encryption keys, even if a PC has already been infected.

An example on how Heimdal protects users from financially exploiting malware, such as Cryptolocker, can be seen below.

Source:

https://heimdalsecurity.com/blog/top-financial-malware/

41 Amazing Internet Security Blogs You Should Be Reading

1. Krebs on Security

Brian Krebs is the man behind Krebs on Security. Being hacked himself in 2001, he takes a personal interest in online security and is one of the well-known names in today’s security landscape. He covers topics from latest threats, privacy breaches and cyber-criminals to major security news.

2. Schneier on Security

Bruce Schneider is probably the most well-known name that you can recognize in our list, and was even called a “security guru” by The Economist. He wrote books, hundreds of articles, essays and security papers on security matters. At the same time, he is a known figure in the media environment which recognize him as an important voice for the online security, not only for his knowledge on the matter, but also because he knows how to express his opinions.

3. TaoSecurity

This security blog is run by Richard Bejtlich, Chief Security Officer at Mandiant and author of many books on security. With an extensive background on cyber-criminal world and malicious attacks on enterprise networks, he shares his experience on digital defense, network monitoring and detection on his security blog. Since a great number of network attacks come from China, he is specialized on Chinese online criminals.

4. US-CERT

This is the official website of the Department of Homeland Security, from USA.

Though it is not a classical security blog, its purpose is to improve Internet security by providing specialized and well detailed information on cyber-criminal activities, malware, phishing attempts and online threats. To use their own words: “US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cyber-security information with trusted partners around the world.”

5. Dark Reading

Dark Reading is a widely-read cyber security site that addresses professionals from the IT environment, security researchers and technology specialists. They use their experience and knowledge to provide articles, recommendations, news and information on IT security.

6. CIO

CIO is the place where you find news, information technology articles, insight and analysis on major data breaches and online threats. Covering multiple aspects of world wide web, it provides in-depth, content rich information for IT professionals and normal users.

7. Network Security Blog

Martin McKeay is the voice of this security blog, where you can find information and news on privacy and security issues. As Martin says: “I took up blogging as a means to extend my knowledge and test my ideas about security…”.

8. Security Watch with Neil Rubenking

Known for his direct and witty style, Neil Rubenking is the man you have to listen if you search for technical advice on the main security solutions, from firewalls, antivirus and antispam products to full security suites. Detailed reports and sharp analysis of security programs place him be on your follow list if you look for this type if information.

9. Paul’s Security Weekly

Paul’s Security Weekly, founded by Paul Asadoorian, brings you security news, useful technical articles, research studies and valuable information on hacking and cyber-crime through various channels, from blog posts, videos to podcasts.

10. PCMag.com

One of the most popular sites in the software industry, PC Magazine comes with reviews and studies on the latest products for online security. For an objective analysis of a product you may be looking, don’t forget to look for the dedicated article on this website.

11. Wired

One of the classical North American publications reporting on technology and its role in culture, economy and politics, Wired approaches topics on online privacy, cyber-criminal threats, systems security and the latest alerts.

12. Forbe’s Firewall

Forbe’s Firewall comes from one of the leading media company in the online environment and provides strong analysis, reliable tools and real-time reports for cyber-security news and information on the latest online threats.

13. TechRepublic

TechRepublic provides large resources for the online industry, such as blog articles, forums, technical papers and security data. All the valuable information available helps IT professionals and technology leaders to come with the best decissions on their business processes.

14. Zero Day

The Zero Day security blog is important for all the people which are part of the IT industry and you should follow it to stay up-to-date with the latest security analysis, software vulnerabilities, malware attacks and network threats.

15. Securosis

Securosis is a security research and advisory company that offers security services for companies and organizations. At the same time, you can find on their security blog some useful articles and insight on managing and protecting online data.

16. The Guardian Information Security Hub

Known for its quality articles on world news, Guardian offers a section dedicated to information security for companies and individuals. To stay up-to-date with the latest articles and news on cyber security, make sure you follow this site.

17. Help Net Security

This security site is a popular place for data and security news and you can find here the latest information and articles related to the IT industry.

18. Techworld Security

The section dedicated to security on this site analyzes the latest malware threats and zero-day exploits. You can find here other important topics and subjects, such as security articles, how-to documents and software reviews.

19. Fox IT Security Blog

This security blog is a very good source of information on online security, technology news and cyber crime defense.

20. SC Magazine

SC Magazine comes in the IT environment with technical information and data analysis to fight the present online security threats. Their site provides testing results for e-mail security, mobile devices, cloud and web security.

21. Network Computing

The content of this security blog focuses on cloud technology and enterprise infrastructure systems. Its published articles cover security solutions on how to deliver applications and services for an increasingly large threat environment in the business world, news and expert advice.

22. Infosecurity Magazine

Infosecurity Magazine is an online magazine which covers not only security articles on popular topics, but is also dedicated to security strategy, valuable insights and technical approaches for the online industry.

23. SANS Institute AppSec Blog

This security site addresses the growing malware threats in the online world by providing training, research, certification and educational resources for IT specialists.

24. Threat Track Security

This security blog keeps you up-to-date with the latest innovations and developments in the IT industry, from security exploits to software vulnerabilities and cyber-criminal attempts.

25. CSO Online

CSO focuses on information technology, access management for enterprise servers, loss prevention, cybercriminal threats and software vulnerabilities.

Security blogs from software providers in the IT industry

26. Sophos security blog

Naked Security is Sophos’s award-winning threat news room, giving you news, opinion, advice and research on computer security issues and the latest internet threats. Naked Security is the blog of security company SOPHOS and the place where you can find news, research studies, advices and opinions. Categories range from mobile security threats to operating systems and malware articles. Naked Security is updated multiple times per day and receives around 1.5 million pageviews per month. It has won numerous awards and it is considered one of the best security blogs.

27. Kaspersky Lab’s ThreatPost

Threatpost is the leading security news website that is part of The Kaspersky Lab. Their articles cover important stories and relevant security news for the online world. They are recognized as an important source of news for online security in important newspapers and publications, such as New York Times, USA Today or The Wall Street Journal.

28. Kaspersky Lab’s Securelist

Securelist is a security blog run by Kaspersky Lab and it addresses a large audience, providing some of the best security subjects on cybercriminal activities and data stealing malware. You can find here security information that focuses on malware, phishing and other threats from the cyber security world.

29. Symantec Weblog

Symantec Weblog is a security blog from one of the biggest providers of security solutions world wide, Symantec. Using their technical knowledge and data collected along the years, they come with strong analysis reports and articles on security threats, online criminals, data stealing malware, system vulnerbilities and many others.

30. Google Online Security Blog

We are surrounded by Google products and services, from their search engine to their web browser, so it is normal to include their security blog in our list. It is a reliable security blog and even more, a reference point on online security and privacy we need to acknowledge.

31. Zone Alarm Cyber Security Blog

The security blog from ZoneAlarm, one of the well-known vendors of security products, provides valuable information on malware defense and online security. Using their experience on malware, this security blog generates malware alerts, practical security tips and the latest news in the IT industry.

32. F-Secure Safe & Savvy Blog

A security blog from F-Secure, a company dedicated to online content and privacy protection. On this security blog you will find helpful tips and advises on security issues, from protecting your personal identity to keeping your system safe.

33. HotforSecurity

The security blog from Bitdefender – one of the leading companies on online security solutions, covers various subjects from the IT world, from Internet scams, online spam and phishing to malware and data stealing software.

34. McAfee security blog

McAfee security blog provides the latest tips and techniques from security experts to keep you up-to-date with the latest malware trends in the online environment.

35. Microsoft Malware Protection Center

The Microsoft Malware Protection Center analyzes data from all over the world to provide insight and valuable information on fighting online threats in order to protect users from malware attacks and online crime.

36. SpiderLabs Security Blog

Investigators and researchers at Trustwave cover the latest technology news on this security blog. Gathering information from research and testing, they publish articles and security studies to fight online hackers and cyber-criminal threats.

37. Dell SecureWorks

The security blog from Dell SecureWorks provides the latest news and information for IT professionals and users that need to stay up-to-date with online threats and malware attacks.

38. Malwarebytes Security Blog

The Malwarebytes security blog articles cover the latest malware threats and cyber criminal attempts from the online world. You can find their articles on categories, from cyber-crime, exploits, hacking and malware analysis.

39. Trend Micro Simply Security

Trend Micro Simply Security site offers expert insights on cloud security, data safety, privacy protection and threat intelligence.

40. We Live Security

We Live Security, the Eset blog, is an online resource for cyber security articles and this blog covers a large network of security topics from emerging online threats to zero-day exploits.

41. CSIS Security Group Blog

The security blog from CSIS Security Group provides valuable information on malware attacks and online threats. Using the internal research data from their own security labs, their studies help users fight cyber-criminal threats.

Source:

https://heimdalsecurity.com/blog/best-internet-security-blogs/