Malware

The term Potentially Unwanted Programs or PUPs refers to software programs that contain possibly malicious adware or cause other unspecified objectives like installation of toolbars or nefarious programs.

The title was given to this type of software to distinguish it from malicious software (malware) because PUPs are voluntarily downloaded by computer users who don’t read and/or fully understand the true terms and conditions of download agreements that may include installation of other programs whether wanted or not.

Usually PUPS are adwares on websites you frequent which appear as coupons, underlined words, advertising banners or annoying pop-up ads. These ads are nefariously aimed at getting users to click on them after which malicious content is installed onto electronic devices that can include optimization tools, web browser toolbars and other unsafe cyber products.

These crafty PUPs do nothing but generate “pay-per-click” income for the PUPs’ creator from unsuspecting personal computer and hand-held electronic device operators who unknowingly download malicious programs onto their electronics. Most PUPS get into electronic systems via bundled installations of “freeware” software, PDF creators, download managers and video streaming or recording.

A lot of PUPs are bundled within customized installer tools on download websites like Brothersoft, Softonic and CNET that enable computer users to download various computer software programs.

Some signs of the presence of PUPs on electronic devices are completely stealth while others are blatantly obvious. For example if your electronic device is infected with Ransomware, you will know immediately because a pop-up window will appear on the computer screen demanding a specified amount of money in order to restore your stolen and encrypted data. Other symptoms are not as obvious and include the following common indications that PUPs may have infiltrated computers and other electronic devices:

Injection of advertising banners within website pages you visit.

Website text is randomly turned into hyperlinks, which are links to another location, document or file that are typically activated by clicking on a word or image that is highlighted on the computer screen.

Slow running computer (not caused by running too many programs or lack of hard drive or memory space).

Slow internet connection.

Frozen or unresponsive browser.

Cursor drags 10 seconds behind the mouse.

Different home page continually appears.

New toolbars appear that you can’t remove.

Pop-ups that recommend fake software or software updates.

Bombardment with pop-up ads; close one and another appears even when you’re not online.

Browser redirects repeatedly redirect users from the website they’re trying to access to a different one.

Lots of bounced back email (indicative of having been hacked).

Unfamiliar icons appear on desktop.

Constant computer crashing.

Cell phones and other electronic devices are not immune and are vulnerable to mobile malware, the symptoms of which may include short battery life (drains quickly) or cell phone bills that include charges for things you didn’t buy or messages you didn’t send.

Botnets and other types of malware are nearly impossible to detect unless you run a cyber security scan. Computer users can protect electronic devices from land and mobile cyber threats by using anti-malware security software designed specifically for personal computers, smartphones and/or tablets and other devices. Safeguards exist specifically designed to keep Android devices from infected applications, unauthorized surveillance and nefarious malware.

Inasmuch as Intel uncovers 245 new cyber threats per minute, it has never been more important to utilize up-to-date cyber security software to protect electronic devices from malicious infections that can turn one’s life upside down or completely halt business operations.

If you think you’ve been the victim of PUPs or other malicious computer infections, contact the professionals at Eyes Everywhere today to begin the process of locating, identifying and eradicating PUPs and other malware applications from your electronic devices.

Cyber criminals are continually devising new ways to invade electronic devices and computer networks in order to steal valuable confidential information that is exploited for nefarious purposes. The never ending introduction of new malicious software (malware) threats is almost impossible for IT professionals to keep pace with, much less prevent, so it is especially difficult for the average computer operator to follow.

Security software developers are also kept busy creating new ways to detect, identify, locate and eradicate malware threats, the ever changing nature of which requires the continual creation of new software programs or updates to existing programs in order to defend against invasive cyber crimes.

Cybercrime has become so prevalent that a standard has evolved for naming various malware threats that are known as “Common Vulnerabilities and Exposures” or CVEs and there are a lot of them.

The variety and number of computer viruses and malware that IT professionals deal with on a daily basis are staggering. In addition to viruses, ransomware and thousands of other malware security threats, the latest means of illicitly gathering information is known as “exploit kits” (EKs) which are software programs designed to run on web servers that are capable of finding and exploiting vulnerabilities in any and all electronic devices that are connected to and communicate through the server. This enables cybercriminals to upload nefarious software programs and execute malicious codes in multiple vulnerable machines.

It has never been more important to use security software and to install manufacturer updates as soon as they become available. In addition, precautionary measures should include backing up files, removing unused programs, avoiding random clicking, only opening attachments from reputable sources and updating all frequently used programs all of which are essential elements to protecting electronic devices from cyber invasions.

Focusing on just one type of cybercrime, the following is a list of the top 10 EKs that Intel has identified as the most prevalent during the first few months of 2017, each of which includes multiple CVEs in the particular class of Exploit Kit:

1 – Neutrino Exploit Kit
Neutrino EK and its predecessor Neutrino-v surged in popularity in the middle of 2016 and are known for infecting compromised sites and malvertising with various malware applications. The creators and distributors of this kit are known as Operation Afraidgate and Operation ShadowGate and there are over 30 CVEs dating back to 2013 that have been identified as current potential threats in this category of Exploit Kits.

2 – RIG Exploit Kit
Created and distributed by Operation Deep Panda, Operation DragonFly, Operation Pitty Tiger and Operation Afraidgate, the latest VIP version of RIG EK is called RIG-v and uses new URL patterns. RIG is spread through advertisements that have been inserted into websites which are legitimate and unknowingly feature those suspicious ads. This EK has been around since 2012 and the nearly 50 updated versions that have been introduced since then keep RIG at the top of the list of biggest cyber threats.

3 – Empire Pack Exploit Kit
The Empire Pack Exploit Kit is also known as RIG-E and was introduced in 2016 to take advantage of flaws in Adobe and Microsoft software applications and 5 different CVEs have been found in this category of EKs.

4 – Sundown Exploit Kit
Operation ShadowGate introduced the Sundown EK which is also known as Beta Exploit Pack and was last updated at the end of 2016. This EK distributes remote-access Trojans (RATs) to malicious links using phishing emails sent directly to computer users who unknowingly click on those malicious links. Sundown EK is known to use steganography (a non-secret data or text used to conceal information) to hide exploitation codes contained within the malware. This EK dates back to 2014 and 17 CVEs have since been identified in this category of EK.

5 – Bizarro Sundown Exploit Kit
This EK is the predecessor of the Sundown EK and was first discovered in October, 2016. Intel has found 5 CVEs in this category dating back to 2014 that were distributed by Operation ShadowGate.

6 – Magnitude Exploit Kit
The Magnitude EK is also known as Popads and uses malvertising attacks to infect a plethora of victims who visit compromised websites. Intel has discovered 25 different CVEs dating back to 2011 in this category of EK.

7 – Astrum Exploit Kit
Astrum EK is also known as Stegano and hides in malicious advertising banners that are used by many websites. Intel has identified 12 CVEs dating back to 2010 in this category of EK.

8 – Sweet Orange Exploit Kit
The Sweet Orange EK uses phishing emails containing malicious links or attachments to spread various malware applications. To date 14 different CVEs have been found in this EK category that date back to 2012.

9 – Sednit Exploit Kit
Three different CVEs dating back to 2013 have been found in this category of EKs which are distributed by a hacking group that calls itself “Sednit” and creates malware that targets flaws contained in Microsoft’s Internet Explorer.

10 – CK Exploit Kit
The CK EK was first discovered in 2012 and affected primarily Korean and Chinese websites with “drive-by” downloads that infected users’ electronic devices. To date 7 different CVEs dating back to 2011 have been identified in this category of EK.

For as long as there have been computers, there have been hackers devoting their time to invading personal privacy and stealing valuable information that is then exploited for nefarious purposes. The types and numbers of viruses, malware, exploit kits and other invasive tools continue to expand exponentially, not only in type and number, but also in sophistication and frequency. It’s never been more important to use up-to-date security software and to maintain a good working relationship with an IT professional who stays abreast of the latest threats and ways to combat them to protect privacy and confidential information.

More information can be found on each of the above-identified EKs as well as multiple other potential cyber threats at Intel’s website (http://tld.mcafee.com/) that is devoted completely to cyber security. This informative site offers a wealth of information about multiple campaigns, vulnerabilities, ransomware and exploit kits that have been and continue to be used to gather confidential information for nefarious purposes.

Computer operators around the world devote more and more time to fending off nefarious invasions into their electronic devices and computer networks. The ever changing list of viruses, campaigns, vulnerabilities, exploit kits, malicious software (malware) and a plethora of other cyber threats also keep cyber security companies busy keeping track of them so they can manufacture and provide customers up-to-date security software to locate, identify and eradicate cyber threats that are becoming more and more sophisticated and numerous.

It has never been more important to maintain up-to-date security software than today when cyber criminals continue to devise new cleverly deceptive ways to steal valuable information for purposes of exploitation. To help protect against nefarious invaders it is important to install manufacturer updates for all programs (especially those related to cyber security) used frequently and to remove from computers those programs that are seldom or never used in order to eliminate possible vulnerabilities. It’s also advisable to back up important files frequently and to avoid clicking on advertising and other types of links and attachments included in emails unless you are sure of their authenticity.

The U.S. Department of Homeland Security (DHS) divides cyber threats into two categories (vulnerabilities and exposures) and created the standard for security vulnerability names that’s known as Common Vulnerabilities and Exposures (CVE). In depth information about multiple CVEs can be found at https://cve.mitre.org.

The following is by no means a comprehensive list but comprises the current top ten cyber threats discovered by Intel Corporation which maintains a website devoted solely to cyber security known as the Threat Landscape Dashboard which can be viewed by visiting http://tld.mcafee.com.

1 – CVE-2016-7200

Microsoft Edge’s Chakra JavaScript engine lets remote hackers execute arbitrary code or cause denial of services via memory corruption in crafted websites.

2 – CVE-2016-7201

Operates the same way as CVE-2016-7200.

3 – CVE-2016-4190

Allows hackers to execute arbitrary code or cause denial of services using memory corruption via unspecified vectors on Adobe Flash Player, Windows and Linux.

4 – Cerber Ransomware

Cerber ransomware is sold to distributors in underground Russian forums and targets Office 365 users by encrypting files and playing an audio file that demands ransom to unlock the stolen data.

5 – Locky Ransomware

The continually evolving Locky ransomware does not infect computers using the Russian language but targets Windows users by encrypting files in multiple local and remote locations, as well as removable drives, mapped drives and unmapped networking.

6 – Satan Ransomware

This ransomware is hosted on the Dark Web and is provided free of charge for hackers to use as a “ransomware-as-a-service” (RaaS). Developers of the ransomware require 30% (of the ransom) to use the service and will reduce the amount based on funds actually received.

7 – RIG Exploit Kit

RIG is spread using suspicious ads that have been inserted into legitimate websites.

8 – Neutrino Exploit Kit

This EK and its predecessor Neutrino-v surged in popularity in 2016 and use compromised websites and malvertising to infect computers with various malware.

9 – Operation Shamoon 2

This cyber attack used seemingly legitimate credentials to spread malware across networks targeted in Saudi Arabia in late 2016 and used components similar to attacks perpetrated in 2012.

10 – Operation Methbot

This fraud campaign was discovered in 2016 and uses a bot net that spoofs thousands of name brand website domains to fraudulently net between three and five million dollars every day.

This is only one of multiple lists of top ten threats discovered by Intel and the lists are always changing and the information therein always valuable. It behooves computer operators everywhere to make themselves aware of various cyber threats and to take measures to protect against them.

As if we don’t have enough to worry about these days the personal computer and Internet which most of us use daily in both our personal and professional lives have become a lucrative source of income realized nefariously by cyber criminals who are always looking for new ways to steal your valuable personal information for resale to other hackers not to mention your hard earned money. These cyber criminals use a variety of malicious software (malware) to accomplish their fraudulent activities including ransomware and encryption that is extremely difficult to decrypt.

The global cyber security firm Kaspersky Lab reported that the number of computer users who experienced attacks by invasive malware increased 22.49% in the fourth quarter of 2016 compared to the same time period in 2015. This indicates that malware is doing its job so well that more and more cyber thieves are using it to gain access to information to which they are not entitled which they use against targeted individuals, business entities and government agencies to steal private information and millions of dollars.

The researchers at Kaspersky Lab conducted an analysis of the cyber threats that were prevalent during the entire holiday period from the first of October through the end of December, 2016. These analysts observed an increase in the number of cyber attacks on Black Friday, Cyber Monday and throughout the entire Christmas holiday period.

Their research for the month of November revealed a spike in the number of invasive attacks on Cyber Monday, the first Monday after the Thanksgiving holiday observed in the United States on the fourth Thursday of every November. This spike in malicious malware attacks affected twice as many computer users than on the previous day.

Different patterns were indicated as far as Black Friday and the entire Yuletide season inasmuch as malicious attacks occurred one or two days before the actual holidays. Since Cyber Monday is all about online sales offered by e-commerce which greatly impacts credit card companies and financial institutions, Cyber Monday has proven to be a more lucrative time for hackers and has become their main focus for delivering malware to unsuspecting individuals and businesses alike.

Kaspersky Lab’s researchers also determined that Zbot, Shiotob, Gozi, Neurevt and Nymaim Trojan malware accounted for 92.35% of cyber attacks conducted during the holiday period.

Network security has become a real headache for Internet Technology (IT) professionals because malware continues to get more and more complicated, sophisticated and harder to locate, identify and eradicate.

A host of hacking tools were just released on the Internet and are believed to have been designed by the United States’ National Security Agency (NSA). These tools consist of 61 files that target computers and other electronic devices that utilize Microsoft Windows applications (Word, Excel, PowerPoint) and are available for free downloading by anyone who wishes to use the tools to help fight cyber attacks via Windows.

The recent release of these hacking tools was apparently made by a Russian hacking group that calls itself The Shadow Brokers, which previously declared that it would be selling those tools to the highest bidder but then backed off that announcement because of a lack of interest by computer users worldwide probably because of the hackers’ ridiculous request of at least 10,000 bitcoins which represents about 8.2 million U.S. dollars.

Shortly thereafter the hacking group announced that it was ceasing its nefarious operations and going “dark” which means they are suddenly terminating communications. The Shadow Brokers released a bewildering statement in broken English that said “TheShadowBrokers is deleting accounts and moving on so don’t be trying communications. Despite theories, it always being about bitcoins for TheShadowBrokers. You are being disappointed? Nobody is being more disappointed than TheShadowBrokers.”

That puzzling post didn’t clarify why the group was taking such action, but referenced “political talk” and the increased risk involved with its high profile hacking cyber crimes.

Nobody can assuredly conclude that The Shadow Brokers really got those hacking tools from the NSA but it is assumed they did originate from there because programming codes were the same as those that whistleblower Edward Snowden (who is now exiled from the U.S. and living in Russia) apparently unlawfully obtained when he worked for that organization. Cyber experts think the hacking tools were designed and produced by an organization called The Equation Group, which many believe is also a team of hackers and is supported by the NSA.

The Shadow Brokers indicated that their dirty deeds may not actually be over inasmuch as it has stolen passwords that may be released at a later date if nobody comes forward with the ridiculous amount of money requested in order to prevent them from being released.

Although intelligence experts are not sure why the group is relinquishing its most powerful tools to date, it appears that the group is connected to Russian intelligence agencies and the move was made in an attempt to warn the new U.S. Trump administration to not escalate the ongoing cyber war between the two superpowers.

Another well known Russian hacking group that calls itself Guccifer 2.0 was responsible for hacking emails of the Democratic party’s Presidential nominee Hillary Clinton and releasing them to WikiLeaks during the period before the U.S. 2016 Presidential election. In an announcement made on the same day that The Shadow Brokers released its malware tools the Guccifer hacking group denied any affiliation with the Russian government.

One of the most successful cyber criminal groups that has ever operated is called the Carbanak Gang whose malware has helped the hacking group steal over a billion dollars from banks and financial institutions worldwide. Since most large businesses employ up-to-date security systems and trained IT security personnel to block communications with questionable organizations and websites in an attempt to prevent inadvertent downloading of malicious software, the group had to figure out another way to get into computers.

Since Google services are popularly used worldwide and Google domains are very unlikely to be blocked the Carbanak Gang developed a new way to deliver their malicious software and commands used to send and receive data from the computers they’ve infected by using Google Spreadsheets and Google Forms. This use of an authentic third party service provider enables cyber criminals to hide in plain sight which increases the chances of their successfully conducting even more lucrative cyber heists.

This is not a novel way to introduce malware since the security firm Symantec discovered a Trojan in 2012 they named “Makadocs” which was using Google Docs to transmit communications.

The Carbanak malicious threat is delivered and spread using a phishing attack in the form of an attachment to Google Docs. This kind of cyber crime has proven to be an effective hacking tool since even the best security experts can be tricked into opening phishing emails and malicious attachments if they look legitimate enough.

Google is aware of the new Carbanak threats and its official spokesperson said “We’re constantly working to protect people from all forms of malware and other types of attacks. We’re aware of this particular issue and taking the appropriate actions.”

Since malicious invasions increase every day it is imperative that all computers and other electronic devices utilize up-to-date security software and that they are set up to automatically receive updated versions of every computer software application they use. Users should also remove any software programs they rarely or never use from their computers and backup all computer files frequently if not every day.

There are so many malicious threats utilized to steal information and money and it is extremely important that individuals, businesses and government agencies worldwide take precautionary measures to prevent such attacks and maintain a good working relationship with an IT company or individual who keeps abreast of the latest threats.