Offshore Outsourcing & Scammer
Blog about offshore outsourcing and scammer in the outsourcing industry
Rombertik: Malware deletes itself during discovery - together with the hard drive content
by Rudolf Faix Wednesday, May 6, 2015 1:43 PM

Rombertik VirusOne tricky and complex programmed malicious software collects data from Internet users. if she gets discovered she swallows a digital cyanide pill.

Security researchers of the Talos Group, a division of the network equipment supplier Cisco Systems have discovered a Windows malware that has taken great care to cover up traces of their activities. "Rombertik", as the malware gets called from the experts, captures everything a user is doing with his computer on the Internet. If the malware believes that she got discovered, she makes the hard drive of the affected computer unusable and destroyed so herself.

Another feature of the digital pest is that it's not only searching for user name / password combinations of bank accounts. The malware is recording characterized obviously completely unfiltered everything what the respective users is doing with the infected computers on the Internet.

The distribution channel is not new: Rombertik gets distributed as an e-mail attachment from spam or phishing mails. According to the Talos Group, this emails are especially clever constructed and fooling the users easily. The infected emails mimics the sender "Windows Corporation" as shown by one example of the report

Camouflage by deleting

Noticeable is the elaborate camouflage with which the pest trying to protect themselves from detection. It works on several levels: If a user installs unconsciously the pest, Rombertik analyzes first the environment and checks if it is running in a "Sandbox" environment, an isolated area or the PC, which has no impact to the rest of the computer. Antivirus software uses such a sandbox to analyze suspicious software.

Only when this is excluded, the malware continues her installation. Before the malware starts her work, she is testing if she gets watched by a virus scanner. If so, she attempts to delete the so-called master boot record on the hard disk of the computer to make it unusable. If that does not work, Rombertik encrypts all user data on the boot hard drive of the computer for making them useless and brings the PC to fall into an endless loop of reboots.

Fogging by deflecting

Even if it does not come so far, Rombertik makes the work analysis software difficult: In order not to attract attention, the malware hides itself. Is the 28 kB small installation package gets unpacked, it is 1264 kilobytes long and leads to believe of 8000 program features. Although these are not getting used but makes the analysis extremely complex.

To ensure that the program does not get discovered or it is supposed to run in a sandbox, it uses another perfidious trick: Rombertik writes a file from one byte in a memory sector - 960 million times. Only by logging these processes would result in a log file of 100 gigabyte size explains Talos.

The report of the Talos group says nothing about the spread of Rombertik. User should follow the common recommendations:

Don’t click on links or attachments in emails from unknown senders and use an up to date security software.

 

Tags: , , , , , , , , ,

Security

Microsoft does not send unsolicited communication about security updates
by Rudolf Faix Wednesday, April 29, 2015 7:17 AM

MicrosoftWhen Microsoft release information about a security software update or a security incident, Microsoft sends email messages only to subscribers of their security communications program.

Unfortunately, cybercriminals have exploited this program by sending fake security communications that appear to be from Microsoft. Some messages lure recipients to websites to download spyware or other malicious software. Others include a file attachment that contains a virus. Delete the message. Do not open the attachment.

Legitimate security communications from Microsoft

  • Legitimate communications do not include software updates as attachments. Microsoft never attach software updates to their security communications. Rather, Microsoft refers customers to their website for complete information about the software update or security incident. 

  • Legitimate communications are also on the Microsoft websites. If Microsoft provide any information about a security update, you can also find that information on their websites. 

Source: https://www.microsoft.com/en-us/safety/online-privacy/avoid-phone-scams.aspx
(you need to switch your country setting to US/English for following this link)

 

Tags: , , , ,

Fraud and Scam

SCAM: Windows pop up calls - the best way to end up in jail
by Rudolf Faix Tuesday, April 7, 2015 4:43 AM

Not one company will call, email, or pop up on a web page saying you are infected with a virus

If software detects a virus or a malware or a virus then it will remove the suspicious files or put them in quarantine and block the access to it. That is the way virus and maleware scanners are working. There is no need to call someone and pay some extra money.

If you are buying such calls, then you are supporting the malware programmers with your payment. You are in this case the accomplice of the fraudster. As computer fraud is a crime, you’ll get prosecuted and can end up in jail.

Don’t forget that VoIP calls can get the same way traced like the money flow. Even if you are booking a “high risk payment gateway” you’ll get prosecuted, because before someone will go into jail instead of you he will tell to whom he has forwarded the money and give all his documentation to the investigating officers.

THERE IS NO WAY TO HIDE YOURSELF IN FRONT OF THE LAW!!!

For you are only this “Tech support calls” secure, where you get paid from your client and not where you get paid directly from the caller!!!

 

Windows Pop-Up calls source

 

Tags: , , , , , , , , ,

Fraud and Scam

360 Total Security - powerful and free of charge
by Rudolf Faix Tuesday, March 31, 2015 9:12 AM

"360 Total Security" is a free security suite of China company Qihu (also called Qihoo), which will protect your PC from viruses, trojans, other emerging threats from the network and ensures better performance of your system.

QihooThe essential component is the virus scanner: With up to five different engines - including the Bitdefender and Avira. Real-time protection ensures that harmful files not reach your computer.

Whether you are shopping online, downloading files or chatting with your friends you can be sure that 360 Total Security is there to keep you safe and your computer optimized. Clean-up utility is just one click away to keep your PC in optimal condition.

 

  • Virus Scan
    Integrating award winning antivirus engines from 360 Cloud Engine,360 QVMII, Avira and Bitdefender to provide you with the ultimate in Virus detection and protection capabilities.

  • Protection
    Protection offers 4 different user selectable modes - Performance/Balanced/Security and Custom. Each mode offers a different level of protection from malware, phishing attacks and backdoors.

  • Cleanup
    Cleanup frees your disk space by removing junk files and plugin which can improve system performance - With cleanup you can decide which areas and files to clean.

  • Speedup
    Manage and optimize your system services, boot up items and plugins - Shorten your boot time and get going sooner!

 

You can download 360 Total Security from http://www.360totalsecurity.com/en/download-free-antivirus/360-total-security/

 

 

Tags: , , , , ,

Security

Apple kicks anti-virus apps from the app store
by Rudolf Faix Tuesday, March 24, 2015 5:45 AM

The reason given for sacking from the App Store called the producers is that users may believe that there are viruses on iOS.

Apple has removed over the past few days, several anti-virus apps from the App Store. Among them was VirusBarrier for iOS by the manufacturer Intego. The app was located since 2011 in the App Store.

Once the app has been removed, Jeff Erwin, the CEO from Intego, has asked Apple for their reasons. According to Apple, the description of his app was misleading, since users might think there would be viruses on iOS. After he had changed the description of the app to make it clear that the app scans emails and downloads, Erwin has taken the case to the executive suite of Apple - without success.

Apple has not only thrown VirusBarrier, several apps and also the corresponding category from the App Store. Some apps are still online, such as Avira Mobile Security, Lookout Antivirus & Security and McAfee Security. These apps are free, VirusBarrier cost $ 0.99. What criteria exactly Apple classifies an antivirus app misleading, is not known.

Apple has been always arrogant. Arrogance comes sooner or later to a fall off.

Apple with Worm 

Thank god, we don't need that crap on iOS or on Macs. Plain and simple, you don't need antivirus on Apple platforms. Period. I've used Macs since 1990 and not once have I ever conceived of the notion of installing antivirus on my Macs.

You are doing yourself and all Mac users here a disservice by saying stuff like this. It is widely known in the industry, especially with companies like Sophos and Kaspersky, that there are definitely Mac viruses in the wild that can infect Mac computers that do not have antivirus installed.

Just because you have a Mac does NOT mean you are immune to viruses. It is a very dangerous misconception that you are 100% protected because you use a Mac.

Mac Virus & Malware Threats: http://www.kaspersky.com/internet-security-center/threats/mac

Mac Virus Lets Hackers Control Thousands Of Computers, Through Reddit: http://www.ibtimes.com/mac-virus-lets-hackers-control-thousands-computers-through-reddit-1699227

http://www.huffingtonpost.com/news/mac-virus/

Apple Vows To Fight Flashback Virus, Mac Users Receive Wake-Up Call: http://www.huffingtonpost.com/2012/04/11/apple-flashback-virus_n_1417886.html

Apple Stops Boasting That Macs Are Virus Free: http://www.huffingtonpost.com/2012/06/25/mac-virus-apple_n_1625110.html

Security Firm: Microsoft Ahead Of Apple: http://www.huffingtonpost.com/2012/04/26/microsoft-security-apple_n_1456073.html

Surprising Number Of Macs Infected With Malware: http://www.huffingtonpost.com/2012/04/24/mac-malware_n_1448561.html

Be safe out there, everyone. Don't believe the hype that you're protected just because you use Mac. With Apple's growing marketshare comes the greater possibility that Macs will be targeted. Especially when its a common belief among Mac users that they're invincible.

 

Tags: , , , , , ,

Security

Filter by APML

AboutMe

I'm since more then 35 years in the computer business (programming and technical support) and using the Internet since it has started. Since 2002 I'm programming solutions for Asterisk and since 2004 I'm in the call center industry.

Disclaimer

All data and information provided on this site is for informational purposes only. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis and is only representing my own opinion. By browsing or using content from this site you accept the full legal disclaimer of this website.