Ransomware : A new kind of Maleware

Ransomware is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. 
Ransomware generates a pop-up window, webpage, or email warning from what looks like an official authority. It explains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your files and programs again.
e.g.

How do criminals install ransomware?

Ransomware is usually installed when you open a malicious email attachment or when you click a malicious link in an email message or instant message or on a social networking site or other website. Ransomware can even be installed when you visit a malicious website.

How do I avoid ransomware?

There are several free ways to help protect your computer against ransomware and other malware:
  • Keep all of the software on your computer up to date. Make sure automatic updating is turned on to get all the latest Microsoft security updates.
  • Keep your firewall turned on.
  • How do I remove a ransomware infection from my computer?
    Here are two methods on how you may be able to remove a ransomware infection from your computer.
    Method 1: Use the Microsoft Safety Scanner

    Before you begin, you will need to have access to a computer that is not infected and is connected to the Internet, so you can download a copy of the Microsoft Safety Scanner.

    Try to restart your computer in safe mode. Here's how:
    In Windows 7
    In Windows Vista
    In Windows XP
    If you are able to restart your computer in safe mode, run the Microsoft Safety Scanner in your computer.
    Restart your computer after running the Microsoft Safety Scanner.
    If this resolves your ransomware infection, follow these steps to take once your computer has been cleaned.
    If this does not resolve your ransomware infection, follow Method 2.
    Method 2: Use Windows Defender Offline

    Before you begin: you will need to have access to a computer that is not infected and is connected to the Internet, so you can download a copy of Windows Defender Offline.

    The way Windows Defender Offline works, is by allowing you to:

    Download a copy of the tool from a computer that has access to the Internet
    Save a copy of the recovery tool to a removable drive, in order to create bootable media
    Run the recovery tool on a compromised computer
    Note: Windows Defender Offline is not a replacement for a full antivirus solution providing ongoing protection. It is meant to be used in situations where you cannot start or scan your infected computer due to a virus or other malware actively running on the computer and impeding antimalware software.

    Here's how to use Windows Defender Offline:

    Determine if you require the 32-bit or 64-bit download. See the Microsoft Help and Support article for instructions on how to check if your infected computer is running a 32- or 64-bit version of Windows.
    Using a computer that can connect to the Internet, download the version of the Windows Defender Offline that applies to your infected computer.

    If your computer is a: 

    - 32-bit computer, then download the 32-bit version here. 
    - 64-bit computer, then download the 64-bit version here.

    Note: For the recovery tool to be effective, make sure you download the version that matches your infected computer. For example, if your 64-bit desktop is affected, you will need to download the 64-bit version of Windows Defender Offline and save it to a removable drive.
    Save the downloaded file to a local drive on your computer.
    Launch the downloaded file, and create a bootable device by following the instructions on the wizard. We recommend creating a bootable USB or CD; if you create a bootable USB, this can be updated for future use.
    From the infected computer, boot from the USB or CD you created in step 4. You may need to set the boot order in the BIOS to do this. This is device specific, so if you are unsure, refer to your system manual or manufacturer.
    Follow the prompts to run a full system scan. Depending on the outcome of the scan, your next steps will vary. Follow the prompts from Windows Defender Offline to manage any threat detections.
    If this resolves your ransomware infection, follow these steps to take once your computer has been cleaned.

A to Z about Tech Support Scams


In a recent twist, scam artists are using the phone to try to break into your computer. They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.
These scammers take advantage of your reasonable concerns about viruses and other threats. They know that computer users have heard time and again that it’s important to install security software. But the purpose behind their elaborate scheme isn’t to protect your computer; it’s to make money.

How Tech Support Scams Work

Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans, and send alarming messages to try to convince you that your computer is infected. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.
The latest version of the scam begins with a phone call. Scammers can get your name and other basic information from public directories. They might even guess what computer software you’re using.
Once they have you on the phone, they often try to gain your trust by pretending to be associated with well-known companies or confusing you with a barrage of technical terms. They may ask you to go to your computer and perform a series of complex tasks. Sometimes, they target legitimate computer files and claim that they are viruses. Their tactics are designed to scare you into believing they can help fix your “problem.”
Once they’ve gained your trust, they may:
  • ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable
  • try to enroll you in a worthless computer maintenance or warranty program
  • ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free
  • trick you into installing malware that could steal sensitive data, like user names and passwords
  • direct you to websites and ask you to enter your credit card number and other personal information
Regardless of the tactics they use, they have one purpose: to make money.

If You Get a Call

If you get a call from someone who claims to be a tech support person, hang up and call the company yourself on a phone number you know to be genuine. A caller who creates a sense of urgency or uses high-pressure tactics is probably a scam artist.
Keep these other tips in mind:
  • Don’t give control of your computer to a third party who calls you out of the blue.
  • Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. They may appear to be calling from a legitimate company or a local number, when they’re not even in the same country as you.
  • Online search results might not be the best way to find technical support or get a company’s contact information. Scammers sometimes place online ads to convince you to call them. They pay to boost their ranking in search results so their websites and phone numbers appear above those of legitimate companies. If you want tech support, look for a company’s contact information on their software package or on your receipt.
  • Never provide your credit card or financial information to someone who calls and claims to be from tech support.
  • If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you’re concerned about your computer, call your security software company directly and ask for help.
  • Never give your password on the phone. No legitimate organization calls you and asks for your password.
  • Put your phone number on the National Do Not Call Registry, and then report illegal sales calls.

If You’ve Responded to a Scam

If you think you might have downloaded malware from a scam site or allowed a cybercriminal to access your computer, don’t panic. Instead:
  • Get rid of malware. Update or download legitimate security software and scan your computer. Delete anything it identifies as a problem. 
  • Change any passwords that you gave out. If you use these passwords for other accounts, change those accounts, too.
  • If you paid for bogus services with a credit card, call your credit card provider and ask to reverse the charges. Check your statements for any other charges you didn’t make, and ask to reverse those, too.
  • If you believe that someone may have accessed your personal or financial information, visit the FTC’s identity theft website. You can minimize your risk of further damage and repair any problems already in place.
  • File a complaint with the FTC at ftc.gov/complaint.


taken form : http://www.consumer.ftc.gov/articles/0346-tech-support-scams

Government and media websites shut down as cyber-attack fears plague region on 63rd anniversary of Korean war


Several government and media websites in South and North Korea were shut for several hours on the 63rd anniversary of Korean war, and Seoul said its sites were hacked and alerted people to take security measures against cyber-attacks.
It was not immediately clear whether the shutdown of North Korean websites, including those belonging to Air Koryo and the Rodong Sinmun newspaper, was triggered by hacking. Rodong Sinmun, Uriminzokkiri and Naenara websites were operational a few hours later.
South Korean national intelligence service officials were investigating the cause of the shutdown of the North Korean websites. Pyongyang did not make any immediate comment.
Seoul said it was also investigating attacks on the websites of the presidential Blue House and the prime minister's office as well as some media servers.
The attacks in South Korea did not appear to be as serious as a cyber-attack in March, which shut down tens of thousands of computers and servers at broadcasters and banks. There were no initial reports that banks had been hit or that sensitive military or other key infrastructure had been compromised.
It was not immediately clear who was responsible, and the neighbours have long traded accusations over cyber-attacks.
Several Twitter users who purported to be part of a global hackers' collective claimed they attacked North Korean websites. Shin Hong-soon, an official at South Korea's science ministry in charge of online security, said the government was not able to confirm whether these hackers were linked to the attack on South Korean websites.
Officials in Seoul blamed Pyongyang for the attacks in March and said an initial investigation pointed to a North Korean military-run spy agency as the culprit.
In recent weeks the North has pushed for talks with Washington amid soaring tensions on the Korean peninsula, culminating in Pyongyang making threats over UN sanctions and US-South Korean military drills.
Investigators detected similarities between the cyber-attack in March and previous hacking attributed to the North Korean spy agency, including the recycling of 30 of 76 malware programs used in the attack, South Korea's internet security agency said.
The cyber-attack on 20 March struck 48,000 computers and servers, hampering banks for two to five days. Officials said no bank records or personal data were compromised. Staff at the TV broadcasters KBS, MBC and YTN were unable to log on to news systems for several days, although coverage continued. No government, military or infrastructure targets had been affected.
South Korea's national intelligence service said the North was behind a denial of service attack in 2009 that affected dozens of websites, including that of the presidential office. Seoul also believes Pyongyang was responsible for attacks on servers of Nonghyup bank in 2011 and Joongang Ilbo, a national daily newspaper, in 2012.
Pyongyang blamed its neighbour and the US for cyber-attacks in March that temporarily disabled internet access and websites in North Korea.
Experts believe North Korea trains large teams of "cyber-warriors", and say the South and its allies should be braced for attacks on infrastructure and military systems. If the inter-Korean conflict were to move into cyberspace, South Korea's deeply wired society would be more widely affected than North Korea's, which largely remains offline.
taken from;http://www.guardian.co.uk/world/2013/jun/25/north-korea-south-websites-hacking-cyber-attack

Phishing Attack


Phishing is a type of Internet fraud, the criminal counterfeit copy of a popular Internet service (no email service, internet banking website and social networking sites) to create and make them attractive to users.
                           According to reports around the world last year, averaging 1.02 million phishing attacks every day. The report stated, '2012-13 102 100 phishing attacks worldwide internet users every day have to face. Every day, 19,000 in Russia, 12,000 in the U.S., 10,000 in India, 6,000 in Germany, 3,000 in France and 3,000 phishing attacks in the UK. "
               The report said that in 2011-12 the figure was just 52,000. Of this, 12,000 phishing attacks in Russia, 5 thousand in the U.S., four thousand in India, 3 in Germany thousand, two thousand one thousand attacks in France and in the UK

About Tech support phone scams


Cyber criminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

  • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
  • Take control of your computer remotely and adjust settings to leave your computer vulnerable.
  • Request credit card information so they can bill you for phony services.
  • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

What you Need to Know
Cybercriminals often use publicly available phone directories so they might know your name and other personal information when they call you. They might even guess what operating system you're using.
Once they've gained your trust, they might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.

Do not trust unsolicited calls. Do not provide any personal information.

Here are some of the organizations that cybercriminals claim to be from:
  1. Windows Helpdesk
  2. Windows Service Center
  3. Microsoft Tech Support
  4. Microsoft Support
  5. Windows Technical Department Support Group
  6. Microsoft Research and Development Team (Microsoft R & D Team)
How to Protect Yourself from such phone call:-
If someone claiming to be from Microsoft tech support calls you:
  • Do not purchase any software or services.
  • Ask if there is a fee or subscription associated with the "service." If there is, hang up.
  • Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
  • Take the caller's information down and immediately report it to your local authorities.
  • Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.
What to do if you already gave information to scam tech support team:- 

If you think that you might have downloaded malware from a phone tech support scam website or allowed a cybercriminal to access your computer, take these steps:

  • Change your computer's password, change the password on your main email account, and change the password for any financial accounts, especially your bank and credit card.
  • Scan your computer with the Microsoft Safety Scanner to find out if you have malware installed on your computer.
  • Install Microsoft Security Essentials. (Microsoft Security Essentials is a free program. If someone calls you to install this product and then charge you for it, this is also a scam.)
Taken from http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

India's share of the worldwide Internet phishing attacks in April 2013


India's share of the worldwide Internet phishing attacks has risen to around 8 per cent. The number of Internet users in the country of 137 million. Phishing attacks in India in April 2152. In April, as phishing attacks worldwide Internet network in India at 8 per cent of them were. According to EMC Storage Solutions IT firm, phishing attacks, India's position in the U.S., UK and South Africa to the fourth position.

NYSE listed by EMC's RSA security division may report fraud that in April of 2013, total 26 902 cases of phishing. Such phishing attacks compared to March grew by 10 percent. 46 per cent of all phishing attacks on the U.S. and the way he is ranked first in the list. In Britain, 11 percent and 9 percent of the total phishing attacks in South Africa.
Taken from http://hindi.business-standard.com/storypage.php?autono=73660