Self Defence Security Tips:

Set your folder options to “show known file types”

We have seen lot of users infected by opening email attachments. where they think that the attachment is a file which they are expecting from someone. User need to enable this option "show file types" because we can never depend on just the icon, because that can be faked very easily.

User always need to check the file extension at every time. Any time user see the files with.DOC, XLS, PDF icon but that file having .EXE .COM, .JS, or .SCR extension, That time user need to remember that the programs will be run on user computer and that are not a picture, video, document or other file that user just look it.

Computer options set at the default that it comes PC, which is not to show known file types, then user are seriously at risk of being infected.

In this situation

if User will download that attachment file and try to open it, then User will see the files like this

Now If user do a simple change in settings and Set your folder options to “show known file types”.  then  user get these  slightly different looking files. when user open the email attachment's

Now user can clearly see that the alleged PDF or DOC or XLS file is not what it pretends to be. It is a .exe , that is a program that will run on your computer.  when user will click on zip file it will give you a message for to extract the contents, extracted content will be a fake file. BUT user cannot be sure unless user pc have “show known file types” option enabled.

This doesn’t just apply to email attachments. Its to be apply when User will follow a link from an email, Facebook link or personal message any other web link, that tells user to download a picture, pdf file, word document, video or sound clip.

Remember this :

• Never open any file directly from a website, always save it on your computer and verify that file extension carefully and don’t believe on icon.
• Make sure you have enable this option "show known file types".
• Always check file extension.

Be careful and do not open any emails if you do not know the sender and specifically do not open any attachments unless you are expecting from someone.

SPAM MALWARE: You got a voice message! 

WhatsApp delivers #Locky

An email with contain this subject "You got a voice message!" pretending to come from  WhatsApp <Cleo477@gmx.de>  with a zip attachment is another one spam mail who delivered Locky Ransomware.

They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. they has not been hacked or had their email or other servers compromised. They are not sending the emails to you.They are just innocent victims in exactly the same way as every recipient of these emails.

One of the  emails looks like:

{
From: WhatsApp <Cleo477@gmx.de>

Date: Thu 19/05/2016 10:58

Subject: You got a voice message!

Attachment: MSG0002959373787821.wav.zip

Body content:



Attachment:
MSG0002959373787821.wav (08:06 AM)
}





Screenshot of mail

These malicious attachments normally have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. A very high proportion are Ransomware versions that encrypt your files and demand money ( about £350/$400) to recover the files.

Never just blindly click on the file in your email program. Always save the file to your downloads folder, so you can check it first. Many malicious files that are attached to emails will have a faked extension.

So we suggested if you see .JS, .EXE, .COM, .PIF,  .SCR, .HTA at the end of the file name DO NOT click on it or try to open it, it will infect your machine or hacked your password...

Android Users Need To Know : "Viking Horde" A New Type of Android Malware on Google Play

Tens of thousands of Android users are thought to have fallen victim to a newly-discovered malware, which enlists devices as part of a hacker-controlled botnet.

Researchers who discovered the malware, said that the malware is "persistent," and is "difficult or even impossible to remove manually.

The malware is dubbed "Viking Horde," after one of the popular apps it poses as. The sophisticated malware campaign consists of a number of games and apps that are readily available through Google Play, the app store for Android devices.

When the user installs the app, it will automatically join a botnet -- a network of devices controlled by an attacker -- which disguise ad clicks to generate money.

The app also has full access to parts of the devices it infects, potentially leading to theft of personal data.

Some user reviews claim the app also sends premium text messages, which can be used to make money but also conduct distributed denial-of-service (DDoS) attacks against users through persistent message sending.

Most Android phones aren't rooted, which allow the owner to deeply customize the device by opening up access to parts of the operating system that are usually locked down. But if the Android phone is rooted, the malware will download additional components that makes the malware almost impossible to remove.

But the researchers warn that the malware can be used for far more nefarious purposes, such as remote code execution, which allows an attacker to compromise the data on the device.

So far, the malware-ridden apps have been downloaded tens of thousands of times -- likely more. According to the researchers, one of the apps made it as a top free app in the Google Play store.

At the time of writing, the apps are still in the Google Play store -- albeit with a considerable 1-star rating from the user reviewing community.

PORN APPS BEHIND WAVE OF ANDROID LOCKSCREEN ATTACKS

Infection Cycle 

Upon installation the app requests for Device Administrator privileges. On clicking the application or opening the System Settings app we see a screen as shown in the figure below. This screen appears to be the ransom/lockscreen but the user can easily come out of this view by clicking the Home or Recent Apps buttons. 

Traditionally lockscreens cover the entire screen of the device and "lock" the users in a position where the device becomes unusable as the users cannot come out of the lockscreen view. In this campaign, at the moment the victim cannot view contents of the System Settings as the lockscreen is shown. It is interesting to note that there is no demand for ransom of any kind, also the fact that the victim can come out of this view gives an indication that this mechanism might not be completely implemented. 

Once the application starts running, encoded data is transmitted to multiple domains in the background. The encoding routine is present in each application that is part of this campaign: 

We observed data being sent to the following domains:

routstreetcars.com

highlevelzend.com

girlszendarno.com

artflowerstreet.net

raspberryfog.net

MALWARE SPAM: Multiple subjects and attachments deliverid Locky ransomware

Loads and loads of Locky ransomware emails overnight  with varying subjects all  pretending to come from  random senders  with either  zip attachments or word doc macro attachments.

They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Some of these as usual appear to come from your own email addres

Some of the subjects seen include:

• Your .pdf document is attached
• Re:
• Hedy Castaneda
• Dara Keith

One of the  emails with a word doc attachment looks like:

From: Dara Keith <admin@hk-mst.com>

Date: Tue 17/05/2016 04:49

Subject: Dara Keith

Attachment: 706-d4390-lncnvy.dotm

Body content:

Hello

Please find the report attached to this message. The Payment should appear in 1-2 days.  

Dara Keith

Alternative body content

Please review the report attached to this email. The Transfer will be posted within one day.  

Best regards

Sandra Kline

Or

Please review the document attached to this email. The Payment will be posted in 2 days.  

Kindest regards

Aurora Holland

Or

Greetings

Please check the report attached to this email. The Transfer will be posted in 2 days.  

Maia Peterson

These malicious attachments normally have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. A very high proportion are Ransomware versions that encrypt your files and demand money ( about £350/$400) to recover the files.

All the alleged senders, amounts, reference numbers, Bank codes, companies, names of employees, employee positions, email addresses and phone numbers mentioned in the emails are all random. Some of these companies will exist and some won’t.  Don’t try to respond by phone or email, all you will do is end up with an innocent person or company who have had their details spoofed and picked at random from a long list that the bad guys have previously found. The bad guys choose companies, Government departments and organisations  with subjects that are designed to entice you or alarm you into blindly opening the attachment or clicking the link in the email to see what is happening.