USB Thief Infects ‘Air-gapped’ Computers And Leaves No Trace

Malware (short for malicious software) is a type of program that is intended to cause harm to a system, be it in the form of ransomware, like that which has hit several hospitals in the US, or just you generic popup creating malware. A new malware named USB Thief, looks to break the chain of common threats by hiding itself and infecting systems even when they aren’t connected to the internet.

The internet is a wonderful thing but the problem with everyone being able to share and talk to one another is that sending something nasty is as easy as clicking a button (or in some cases, the software even does this for you). USB Thief avoids this by working on USB sticks, the very same ones you use to send information to and from your computer to your parents or even your friends.

The software hides by only executing under a certain set of rules, that is using a key created from the original USB drive it was created for. Even when it does spread it uses a unique key created using the ID of the USB stick and the time, meaning that traditional attempts to copy and discover the malware fail when suddenly it has unknown hardware in the mix.

Not only does it mean it won’t always execute, breaking the common rule of repeated behaviour is traceable behaviour, but it doesn’t leave any evidence on the infected computer, meaning your data could be stolen and you wouldn’t even know it. USB Thief lives up to the second part of its name, with it at the moment only working to steal data, but Tomáš Gardoň, a malware analyst with antivirus provider Ese says that “it would not be difficult to redesign the malware to change from a data-stealing payload to any other malicious payload”.

By avoiding the internet and focusing on the more traditional method of using USB drives, the virus is able to infect systems similar to how Stuxnet worked, enabling it to infect ‘air-gapped’ system (those which aren’t connected to the internet). With the USB lock in place, only the original USB created by its designers can infect systems, meaning if you didn’t create the original you won’t be able to use it.

If that wasn’t enough the USB Thief’s developer seems to have done its homework as it only runs as part of a command from portable versions of legitimate applications like Notepad++ and Firefox. If you’re running Kaspersky Lab or G Data though you should be okay as the malware won’t install itself on your system, a feature that was no doubt down to results from some initial testing.

The Unique World Of 2016 Cyber Security Predications

2016 is here and I still want my hoverboard, by this, I mean an authentic Back to the Future machine and not the cheap plastic device that is currently being marketed. Anyway, this year promises to be compelling for a number of reasons including Cyber Security and the nature of locking data away from the many threats that now lurk within the Cyber walls. Various individuals have had their predictions concerning the coming year’s potential cyber security issues and I thought it would be interesting to convey a selection of the many theories below.

A Cyber Attack will look to exploit the 2016 US presidential election
This may be classed as an outside possibility, even though it would be technically possible whether it will happen is a different matter, this prediction arrives courtesy of Ryan Olson, director of threat intelligence for Palo Alto Network who states that hackers could look to obtain private information from candidates via emails or social network accounts.  Any sensitive information that might be released could, in theory, sway an election, unless you’re Mr Trump who says what he thinks anyway.

Virtual Boarders that control access to the Internet
This theory is far from new, but could be a reality if certain powerful figures are able to exert major control over the internet.  According to Kaspersky Lab, we could see a development of Internet borders that divide access to information along country lines.

Hacked data could become a huge commodity
2015 became the year of the hack and included everything from Dating websites to the leaking of huge databases containing sensitive government details, according to Dmitri Alperovitch, CTO and co-founder of Crowdstrike, who states that hackers are aiming to build up huge stocks of information that contain multiple strands of data. This could lead to blackmailageddon, or something equally terrifying, whereby extortion attacks on individuals and companies are widespread.

Chinese VS Russian Hackers
This one sounds like an opening scene from Rush Hour, but no, according to experts with IID predict, as China’s economy stops growing, many cyber hackers might turn from Cyber espionage to cybercrime. This could then lead to criminal activity that is far bigger than that of Easton Europe.  Is it possible?  You never know considering the technical expertise many hackers possess in china.

Cyber attacks will destroy a major brand or product.  
This prediction from Mark Painter who is a security evangelist for Hewlett-Packard Enterprises is quite feasible considering the many holes which exist within certain tech products.  This individual states that “We are increasingly close to finding out in 2016 if a major product will shut down due to security issues”. Adobe Flash springs to mind considering we all know companies would quite happily cut their losses if a product becomes more trouble than it’s worth.

Will any of these come true?  Only time will tell, especially if Ronald McDonald becomes president.

Image courtesy of PCWorld

Kaspersky Faked Malware to Harm Rivals

Moscow-based computer security company Kaspersky Labs has been faking malware for the past decade to harm its rivals, two former employees have revealed. According to the allegations, Kaspersky’s duplicitous campaign was designed to trick Microsoft, AVG, Avast, and other anti-virus providers into quarantining or deleting important system files on users’ PCs. The scheme, in operation for over a decade, was at its peak between 2009 and 2013.

The attacks were ordered by company co-founder Eugene Kaspersky to spite rivals he thought were ripping off Kaspersky’s software rather than develop their own, the insiders claim. “Eugene considered this stealing,” one said.

“It was decided to provide some problems” for its rivals, one ex-employee said. “It is not only damaging for a competing company but also damaging for users’ computers.”

Microsoft, AVG, and Avast all claim that they have been aware of a number of false positives induced by unknown parties, but that they had no evidence that Kaspersky were responsible for them.

Kaspersky, of course, denies the accusations, issuing a retaliatory statement. “Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” Kaspersky told Reuters. “Such actions are unethical, dishonest and their legality is at least questionable.”

Thank you Reuters for providing us with this information.

Security Giant Kaspersky Lab Just Got Hacked

One of the best security experts in the field, the guys over at Kaspersky Lab, got hacked this Wednesday. They say that the method employed was so complex and stealthy that they believe the hackers originate from a government agency.

Kaspersky stated that no services were affected or data compromised prior to the attack, but that does not mean the hack itself is to be taken lightly. They named the attack Duqu 2.0, an upgraded version of the original Duqu attack from September 2011.

The original Duqu attack employed a variety of malware delivered through the so-called Stuxnet worm. The latest attack on Wednesday is also believed to take advantage of some zero-day vulnerabilities found in Microsoft’s operating system.

Kaspersky said that the hackers were interested in proprietary information such as ongoing investigations, detection methods and analytical capabilities. In addition, the company found that that the attackers previously spied on other targets such as participants in the international negotiations on Iran’s nuclear program and people attending the 70th anniversary event of the liberation of the Auschwitz concentration camp.

The investigation is still ongoing, but Kaspersky said it will take only a few weeks to figure out what the purpose of these attacks may be. However, the hackers may not be able to pull this off any longer, since Kaspersky already added a Duqu 2.0 detection tool in its latest update.

Kaspersky has also expressed no interest in getting involved in any political matter, but has notified relevant law enforcement agencies of the attack nevertheless. Also, the company forwarded the zero-day exploit to Microsoft so the company may patch the exploit in future updates.

Thank you Sci-Tech Today for providing us with this information

Kaspersky Develops Ransomware Decryption Tool

Ransomware is becoming more prevalent and taking user’s data hostage and demanding money for the release. Now with crime fighters getting their hands on a server Kaspersky has been able to make a decryption tool by using the decryption keys found on the machine.

Netherlands’ National High Tech Crime Unit (NHTCU) recently got ahold of a Coinvault command-and-control server. Coinvault is a type of ransomeware that has been infecting computers from around the world since last November. On that server, they found a database of decryption keys, which they shared with Kaspersky. Kaspersky took those decryption keys and used them to build Noramsomware decryption tool. The tool is a work in progress that should get more effective with more keys that the law enforcement community finds. This may possibly help you to take back your data from a Coinvault ransomware if you are lucky since the app isn’t fully effective yet.

Be proactive and take steps to prevent viruses and ransomware in the first place, use security tools and make sure that you do not open attachments of email that you do not know the sender. If you are one that torrents files be sure to use a virus scanner and check items regularly as well as looking at other user’s notes on the files to make sure they are clean.

Thank you Engadget for providing us with this information

Images courtesy of The University of Arizona

Has the NSA Been Hiding Viruses in Hard Drive Firmware?

A new report from Kaspersky Lab suggests that the NSA might just have developed quite an interesting way to hide viruses. They say that they may well be hiding malicious software inside the firmware of Hard Drives, including those made by a host of famous manufacturers, such as Seagate, Western Digital, Maxtor, Hitachi, Toshiba and Samsung.

The ‘Equation’ report says that the malware included on the drives would be almost impossible to detect and to remove, giving the NSA an unprecedented way to access many millions of computers across the globe. The report also ponders how the organisation would be able to install such malware, suggesting that while the NSA could full well reverse engineer hard drive firmware, they say that it may be possible that the US government has secretly approached the hard drive manufacturers and worked with them to include the malware with their products.

So far, only Western Digital has spoken out about the report, denying to Reuters that they have any involvement with the NSA. The others all declined to comment.

This makes quite a significant story, with repercussions that will surely develop over time.

Source: Reuters

Up to $900 Million Stolen Online in Biggest Bank Robbery Ever

In a 21st Century bank job, thieves don’t even need to step foot on the premises, let alone have a getaway car primed: all you need is a computer and the right software. According to a report from The New York Times, tech security firm Kaspersky has been tracking a monumental bank heist that could have netted thieves up to $900 million.

A group of unknown hackers from Russia, China, and Europe targeted a series of banks over a number of years with a bespoke sophisticated software program to siphon over $300 million from accounts. The banks in question have been made aware of the theft, but have chosen not to disclose them. Kaspersky suggests that over 100 banks could have been targeted, and that the total bounty could amount to a figure beyond $900 million.

Chris Doggett, Managing Director of Kaspersky North America, said, “This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.”

Source: BGR

Microsoft Is Leading PC Anti-Virus Vendor According To Report

New research figures by software and IT solutions company OPSWAT suggest that Microsoft dominates the desktop and laptop anti-virus markets with its free Microsoft Security Essentials offering. Microsoft has an impressive 25.4% of the market with all its products combined, though this is mainly comprised of MSE and Windows Defender. Microsoft is followed closely behind by Avast who manage to rack up an impressive 23.6% mainly through their free anti-virus offering. AVG, Symantec, ESET, Avira and Kaspersky also made the list with market shares between 6.5 and 8.3%.

In terms of the single most popular programs well Avast lead the way with their free antivirus followed closely behind by MSE. Windows Defender, Avira and AVG come in third, fourth and fifth respectively meaning the entire top 5 is comprised of free anti-virus solutions – which is hardly surprising. The leading paid anti-virus solutions are produced by ESET, Kaspersky, Norton, Avast and AVG respectively.

For more details and in depth graphs on the current state of the PC anti-virus market, see here.

Image courtesy of OPSWAT

41% Of Online Fraud Victims Never Recover Lost Funds Says Kaspersky Report

According to a recent Kaspersky Labs report and survey, things do not look good for online fraud victims. Apparently 41% of victims did not recover any of the lost funds while 45% recovered them all and 14% partially recovered them. 33% of victims had the money stolen during an e-Payment checkout operation, 17% during online banking sessions and 13% while online shopping.

Sadly only 12% of online store customers who were defrauded received full compensation, for online banking the figure was 15%. Of course Kaspersky Labs says that this means only one thing – that companies, consumers and businesses should all take more care in using appropriate protection when dealing with money online.

As expected the majority of consumers assume that their bank or retailer is responsible for protecting them. 34% of respondents take no security measures when using public WiFi while 45% believe the bank will return any stolen money. Despite the relative prevalence of these incidents, around 62% of respondents experienced an incident where attempts to steal financial details were encountered, the average cost of an attack was only about $74 per person.

Image courtesy of Kaspersky Labs

99.9% Of New Mobile Malware Is For Android

It is funny yet worrying that if you talk to your “average Joe” about malware/viruses on Android, most of them believe that Android devices can’t get malware/viruses. This is one of those common misconceptions on the same level as the “Macs don’t get viruses” myth. Yet it is totally incorrect and if anything the situation is the total opposite.

A new report published by Kaspersy Labs suggested that “99.9%” of all new mobile malware is for the Android OS.  The vast majority of these malware(s) are Trojan Viruses which can be used to target Android devices in a number of ways. The most common of which is to use the “SMS Trojan” which hacks your phone and forces it to send texts to premium rate numbers. This makes up 63% of total infections, suggesting that most hackers are just after your money.

Kaspersky notes that in 25% of the duration of 2013 they saw the same amount of malware as in 50% of the duration of 2012, suggesting that we are seeing an exponential growth in malware production for Android.

Other interesting facts about mobile malware suggest that 91% is delivered through clicking malicious links (a simple link scanning anti-virus would solve this). In addition the top three host countries for Android malware are the USA (25%), Russia (19%) and the Netherlands (14%).

With all that said, have you ever had malware on your Android device? Do you run internet security on your Android device?

Source, Via

Bitdefender Is Best Windows 8 Internet Security, AVG is Best Free Security

According to the well respected, comprehensive and independent test of internet security packages, done by AV Test, Bitdefender has come out on top as the best overall internet security package. Bitdefender received 17 out of 18 points, followed closely by BullGuard with 16.5 points and Kaspersky with 16.

The test applies to the Windows 8 operating system only and is the most comprehensive and up-to-date internet security test currently available. The results are probably quite similar to what you’d expect to find on Windows 7 too. So as a general rule if you are looking to invest in Internet Security for your Windows 7 or 8 computer you will get the best protection from Bitdefender.

If we take a look at the freely available internet securities, which a lot of people use because they offer nearly as good protection, we can see AVG Free Edition 2013 does the best scoring 15.5 points. AVG Free is followed closely by Avast Free Antivirus 7.0 with 15 points and Panda Security Cloud Antivirus Free 2.1 with 14.5 points. Microsoft’s free included Windows Defender 4.0 does badly scoring 11.5 with the joint lowest protection score.

Funnily enough some paid Internet Security packages like McAfee, with 12.5 points, Comodo Premium, with 10 points, AhnLab V3, with 10 points and Norman Security Suite Pro 10, with 12 points, all did worse than the three best free Internet Security packages.

So we can pull some conclusions from these tests, which are that if you pick the right paid-internet security (Bitdefender, BullGuard or Kaspersky) packages you can get the best security.However, you can get nearly as good free internet security from Avast or AVG and this is very often better than a lot of paid internet security packages on the market today.

To see the full details of the AV Test Internet Security testing then please visit here.

New Skype Malware Uses Its Victim’s System To Mine Bitcoins


It is recently being found that there’s a new type of malware which is spread via Skype has been discovered. This works once the recipient clicks on a link that he receives via Skype. Once this is done, the malicious code installs a Bitcoin miner application on the victims’s system on behalf of the programmer to mine bitcoins.

Bitcoins are a digital currency which gained its popularity as it did not have a central issuer or a single authority, therefore was not possible to lock out a certain user or country out of the Bitcoin network. The best past is that it can be used to use it to pay for anything online and offline.

The mining operation is done by mining nodes that manage the Bitcoin network. The mining nodes use the system to find a solution to solve a difficult problem and rewards it in exchange for coins. The malware uses the computers’ processing power to do just that, but it do so without the end- user’ knowledge and the person who programmed it is the one getting all the profits. The end result is that due to the processing power Bitcoin mining operation requires, the victims’ systems slow down, even at times becoming unstable and/ or unusable.

Security company Kaspersky were the ones who have made the discovery of this malware program on Thursday night, and named it iTrojan.Win32.Jorik.IRCbot.xkt’. During that time, it was found that the victims originated from many European nations such as Italy, Russia, Poland, Costa Rica, Spain, Germany and Ukraine, with a surprising average clicking rate of about 2,000 per hour.

It is been found that the malware was initially download from a server in India. Many Anti-Malware programs failed to detect this malware at the time, therefore it was easier for the malware to spread very quickly. Once the end user’s system, it uses Hotfile to grab the bitcoins and connects to a server which is now believed to be in Germany and acts according to the instructions given by the programmer.

What’s the best fix? Prevention is better than cure. All you have to do is to resist the urge to click random links you get from other people via Skype. It should be noted that by doing so you’re reducing the chance of letting the malware spread to your contacts in Skype, therefore not allowing any systems of the people you know to be infected.

Source: The Next Web