Connect with us

Cyber Security

FROM THE COMODO LABS: What’s old is new again, as that e-fax could contain CryptoLocker

Avatar

Published

on

cybersecurityReading Time: 5 minutes

Since 2013, the CryptoLocker malware has been making its way across the Internet in various forms, in various iterations. CryptoLocker is a ransomware trojan which targets computers running Microsoft Windows and is especially popular among cybercriminals for its ability to read a file, encrypts that file, overwrite the original file with the encrypted file and the demand ransom for the return of the file.

Comodo updates

[Of note, it should be pointed out that Comodo’s containment technology protects customers from CryptoLocker, highlighted in a blog post back in 2013: https://blog.comodo.com/it-security/cryptolocker-virus-best-practices-to-ensure-100-immunity/]

Since CryptoLocker remains popular as the malware has evolved, the methods to evade security software has evolved as well, with new techniques being introduced by cyberthieves daily.

Enter the fax.

The engineers from the Comodo Threat Research Labs have discovered a recent phishing attack sending random emails to businesses and consumers across the globe with attachments marked as a fax.

The subject of the email is “You have new fax, document 00359970” and the content of the email is just a regular fax message (or so it seems)

A screen grab of the “fax” phishing emails is below.

What makes this new malware strain unique is that it is actually a two-part malware system that runs both an executable file and a batch file running together. According to the engineers at Comodo, the scripts are broken down into separate executable making the size of the encrypting executable less than 3KB – which allows the file size to pass through many security layers.

The original script does not terminate after downloading the encrypter, it continues the execution and also creates a batch file, and launches CryptoLocker.

The malicious behavior comes in the next step, and only shows itself with combination of both the executable and a batch file which is created in run time.

Using the fax or e-fax tagline, makes people both open the email and then click on the attachment to view the fax.

The Comodo Threat Research Lab team identified this phishing email campaign through IP, domain and URL analysis.

“This type of new malware strain is innovative – taking some simple programing ideas and combining them with negative intentions.  These cybercriminals are clearly dedicating a large amount of testing, research, analysis and programing to make it happen,” said Fatih Orhan, Comodo’s Director of Technology and lead for the Comodo Threat Research Lab. “Taking an older technology idea like the e-fax and using it with an updated code and malware strain like CryptoLocker is bringing two schools of thought together. The cybercriminals are continuing to try and take advantage of businesses and consumers so the word of caution to the public is beware of what you click on in an email like this – it may come with serious consequences.”

The Comodo Threat Research Labs team is made up of more than 40 IT security professionals, ethical hackers, computer scientists and engineers, all full time Comodo employees, analyzing and filtering spam, phishing and malware from across the globe. With offices in the U.S., Turkey, Ukraine, the Philippines and India, the team analyzes more than 1 million potential pieces of phishing, spam or other malicious/unwanted emails per day, using the insights and findings to secure and protect its current customer base and the at-large public, enterprise and Internet community.

If you feel your company’s IT environment is under attack from phishing, malware, spyware or cyberattacks, contact the security consultants at Comodo: https://enterprise.comodo.com/contact-us.php

A screen grab of the malicious email has been captured below:

eFax Cryptolocker

For the System Administrator and IT Directors, details on how the malware works are below:

The tricky part of the story for this phishing email lies inside the decoded. This script tries to download a file from one of “www.foulmouthedcatlady.com, kashfianlaw.com, totalpraisetrax.com” and save it under %temp% as 770646_crypt.exe (so for each user, it is something like C:/ Users/yourusername/AppData/Local/Temp/ and 770646 is just a random number).

The interesting part is that the downloaded executable file is not executed directly, because it is not a malware file by itself. It is just an executable that is used to perform encryption, and does not have anything else inside. And that makes it also exceptional because the size of the file is just 2560 bytes (less than 3KB!!!). The decompiled code contains merely 40-50 lines of code. This file may bypass through many security filters in different levels of network.

So, if this file is not malware, and just a encrypter, what’s the malicious behavior? The original script (not the exactly first script, but de-obfuscated one) does not terminate after downloading the encrypter. It continues its execution and also creates another batch file. It names this new batch file as 770646_tree.cmd and saves it under the same directory (%temp%). In fact this batch file, is the actual source of malicious behavior. It first looks through all the drives (checks the whole alphabet from A to Z), and searches for each directory in each drive, traverses all of the children directories, and finds document files, pdfs, archive files, source codes, multimedia data, configuration files, drawing files and many other file types.

The list of file types it is searching is more than 70, including (but not limited to):

*.zip *.rar *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.jpg *.tif *.avi *.mpg etc…

When a file matching one of these extensions is found, the encrypter (the downloaded executable) is executed for that file. The encrypter does not change the file extension or anything else, it just encrypts the content and leaves the file. After the encryption of all files in all folders and all drives are finished, the encrypter file is deleted by the batch file.

The batch file, then creates a Readme file also (named as 770646_readme.txt), and writes the following text in it:

ATTENTION:

All your documents, photos, databases and other important personal files were encrypted using strong RSA-1024 algorithm with a unique key.

To restore your files you have to pay 0.5 BTC (bitcoins). To do this:

1. Create Bitcoin wallet here:

https://blockchain.info/wallet/new

2. Buy 0.5 BTC with cash, using search here:

https://localbitcoins.com/buy_bitcoins

3. Send 0.5 BTC to this Bitcoin address:

1CWG5JHDZqHPF1W8sAnUw9vD8xsBcNZavJ

4. Send any e-mail to:

keybtc@inbox.com

After that you will receive e-mail with detailed instructions how to restore your files.

Remember: nobody can help you except us. It is useless to reinstall Windows, rename files, etc.

Your files will be decrypted as quick as you make payment.

It first open this file in notepad editor, then also copies this file in the user’s desktop as a new file named DECRYPT_YOUR_FILES.txt . The batch file also adds an entry into registry for an autorun in startup of Windows, that shows the same readme message when the computer first opens. Lastly, the batch file deletes itself also.

Summary from the Comodo engineers:

As it can be seen from the analysis, the goal of encrypting files is regular, and known by all security experts. But the selected method to infiltrate and exhibit the encryption behavior here is different as the downloaded executable is not malicious by itself, and performs only part of the total goal. The other part, is performed by a batch script, which is created in runtime (so doesn’t exist at the beginning). The combination of both files execution creates the final malicious intent, which is encrypting all files. This method may sureley bypass some of the security filters and products, due to two factors:

    1. the content, and size of the executable being to low (less than 3KB), and not eventually containing a malicious behavior.
  1. The malicious behavior is shown only with the combination of both the executable and a batch file together which is created in runtime.

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/comodo-news/e-fax-contain-cryptolocker/

Cyber Security

Best Moon Lamp Reviews and Buying Guide

Avatar

Published

on

Moon Lamps

You need to get a moon lamp if you want to enjoy a moonlit evening, but don’t want to leave your living room’s cosy nook. But you need to get the ideal moon lamp for your home in order to enjoy the ideal moonlight. Not only does the ideal one emit perfect light; it also looks exactly like the moon and has many other characteristics.

It wants to be the same as the moon in texture and appearance. People buy them for the visual beauty concealed in them, not just for the sun. They act as both light and home decor. Here is a list of the best moon lamps to help you pick the best light.

Table of Contents

Best Reviews on Moon Lamps

BRIGHTWORLD 7.1 IN 3D Night Light Moon Lamp

A broad moon lamp with a USB port for charging, rechargeable batteries, and touch control for brightness and warmth is the Brightworld 3D printed 7.1 inch moon lamp.

Features The Features
It provides cool white light that mimics the moonlight experience.

It is made entirely of plant extracts of natural origin. It is also completely eco-friendly.

Based on NASA astronomical data, the crests and troughs on the surface were planned. This, combined with cutting-edge 3D printing technology, helps to view the surface of the moon on the lamp vividly.

By touching the metal button at the bottom, you can adjust the colour of the light. You can switch colours between warm and cool white colours. You need to click the button for a long time to adjust the brightness of the light.

Reasonable for room lighting, bedside lamp, night light, etc.

It can also build an atmosphere that is warm.

It has a rechargeable built-in battery that takes a maximum of 3 hours to fully charge and can deliver power for a minimum of 8 hours. Via the USB port, it can be charged.

In addition, the bottom of the lamp is just 0.7 inches in diameter. The regulation is not influenced by charging.

For friends, children, and family members, it can be a fun gift. A valuable Christmas, birthday, or housewarming gift can also be made.

It looks like the real moon with the light turned on and has a charming and soothing effect. As a reading lamp, you can also use it.

You can also get warm as well as soft yellow lighting, apart from the classic cool white hue. Moreover, as appropriate, you can change the brightness of the colour.

ZgmdaHOME 7 inch Moon Lamp with stand, LED touch control

This is a compact and cordless moon lamp for home and outdoor decor.

Features 

It has a surface texture that is moon-like and natural.

It is available in 16 distinct colors that can flash and fade as well as change from one to another seamlessly.

Using a remote control as well as a touch control, you can control the color and brightness of the display.

It is made entirely from PLA, a substance that is biodegradable and derived from plants.

It includes an energy-efficient LED light and an integrated lithium rechargeable battery that can be recharged via the regular USB port.

You may use the lamp for charging purposes.

The lamp is powered by an integrated rechargeable battery that can provide a maximum charge for up to 48 hours of illumination. Even if you run it at full luminosity, it will retain its luminosity for 8 hours. In order to get a full charge, the battery takes about 3 hours.

For adjusting light color as well as turning the lamp on or off, it has a touch control.

You can also remotely control it from a distance of up to 35 feet. You can adjust colour as well as the mode of lighting with the remote control.

The colors are able to flash as well as fade.

SUPER3DMALL 7.1 Inch 16 Color Full Moon LED Lamp With Touch and Remote Control

A practical lunar surface and 16 color lighting choices come with this moderate-size luna moon lamp. This makes it not only an elegant night light, but also a trendy home décor and a family party decoration piece.

Features

This moon lamp is not made from moulds and is 3D printed. This has given it a lunar surface texture that is realistic.

Also, it is safe to use and accurate.

It is made of PLA material that is durable and eco-friendly. Therefore, you can use it for a long time and dispose of it in non-toxic ways as well.

3000k of light is emitted by the energy-efficient LED lamp, which does not damage the eyes but can be bright enough to read books.

It comprises one battery with a rechargeable life of 10000 hours.

There are 16 colors the lamp can emit. By simply pressing the touch button for less than a second, you can change from one color to another. Throughout its range of 16 colors, you can constantly shift from one to another by just doing this. It changes the luminosity if you touch it for more than one second. Using this touch button, you can also turn it on and off.

It operates for remote controls as well. So, from the comfort of your couch or bed, you can run it.

5.9 inch LED moon lamp Segoal 3D with wood stand

The Segoal 3D 5.9 inch LED moon lamp comes with a wood stand and touch & remote controls. It will build a perfect gift piece.

Features

The lamp ‘s surface includes craters that were mapped with satellite images from NASA.

It is made from durable PLA which, by lowering it from a height of 6.5 feet, has undergone a high altitude test. So, even if you drop it from a height of 6.5 feet or less, it won’t harm your moon nightlight bulb.

With a touch button as well as a remote control, it can be controlled. So, with both a touch control and a remote control, you can change the tone.

In four different modes, it can emit 16 different RGB colors. So, by touching a button, you can make the mood of the room romantic, comfortable, peaceful, or beautiful.

There is a USB charging cable that can be used for other charging needs, such as smartphone charging, charging for laptops, etc.

If you run it in blue light and soft mode, it has a 500mAh battery capacity that can last for 15 hours.

It provides comfortable light that is flicker-free, which is ideal for reading and lighting in the bed, home party, courtyard, coffee shop, etc.

You may get a complete replacement for a broken USB cable or remote control. · The direction of light is adjustable.

Elstey 3D Moon Star Sky Lamp

Moon Light measures 5.9 inches in diameter and comes with a stand and LED light for the Elstey 16 Color, Touch, and Remote Control. It is a great piece for a home decoration object, a birthday present, and more.

Features

The decorative, romantic, and warm night light can give rise to unique colored patterns.

Energy-efficient LED light that can be connected to any Power Bank, USB adapter, laptop or phone.

Crafted from durable ABS + PLA and unbreakable. Due to the durable nature of the content, even if you operate it for a long time, it poses no danger. In the space or on the kid’s reading desk, it appears to cast a light.

16 customized colors and 4 lighting effects are available to choose from. Your favorite color and hue can certainly be found in these. You also obtain four light modes, including Flash, Strobe, Fade, and Smooth.

This light can be controlled by touch as well as by a remote control. Near the charging port, the touch control is mounted. Apart from the touch control, you can also turn the lamp on and off by means of a remote control.

For your bedroom, study table, café, desk, and even office, it can be an ideal decoration object as well as a lamp. A beautiful atmosphere can be created by the shining moon lamp.

The brightness can be dimmed.

The direction of light can be changed.

Stroboscopic light can be obtained in 7 colors that change gradually.

You can also get 3 colors of stroboscopic light that change gradually.

Glowing 3D Moon Lamp Ehobroc 5.9 Inch with a tap to change 3 colours

The Ehobroc 5.9 Inch Glowing 3D Moon Lamp comes in 3 colors, i.e. cool, yellow, and warm white, with tap control to adjust the light. It is a good one for home décor, children’s light reading, bedside night lamp, and birthday gift reading.

Features

The moon lamp ‘s surface has a bright lunar look. It consists of curves, craters, and mountains carefully built to resemble the surface of the moon. What makes the lamp extremely practical is this.

For children, it is environmentally friendly and healthy. The lamp is made of PVC, while the outer shell is made of non-toxic and environmentally-friendly ABS. The lamp is unbreakable and robust, too, due to the use of these materials.

It has a high burning point that, if you light it for a long time, helps to stop the chance of burning. So, with complete protection, you can simply place the moon lamp on the stand and enjoy a calming moon light or a romantic dining light for hours.

It can be turned into three shades, i.e. cool white, warm white, and yellow. Tap the lamp and the colours will change. On successive clicks, it will begin to change colour and will turn off at the fourth tap.

It has a gentle LED light that saves massive amounts of energy. On a complete charge of the rechargeable battery, it can emit light continuously for 8 hours.

It takes approx. 2 hours for the battery to completely charge and can be charged through a USB port. So, from your laptop or power bank, you can charge it.

For children, women, parents, and more, it is a great gift. It can also be a great gift for Valentine or birthday, as well as a good decoration piece for the bedroom, table, cafe, desk, and even office. It can build an atmosphere that is wonderful and cosy.

The business also provides reliable after-sale service.

4.7 Inch Moon Light Lamp Baby ACED 3D Printing

For multipurpose use, this is a dimmable and colour-changing, touch-operated LED moonlight lamp. It can be a cool gift item for kids , teenagers, lovers, and more for Christmas. As a cool decorative lamp for your home, you can also use it.

Features

The lamp has been 3D printed in such a way that the moon ‘s presence is vividly imitated.

For the children’s bedroom, living room , dining room, office, etc., this will offer good ambient light. It can also be donated to children for use as a toy.

There is an integrated and rechargeable battery that, depending on the brightness you set, can provide up to 20 hours of illumination.

Source: https://cybersguards.com/best-moon-lamp-reviews-and-buying-guide/

Continue Reading

Cyber Security

Guilford Technical Community College Continues to Investigate a Ransomware Cyberattack

Avatar

Published

on

Cyberattack

Many of the present and former students could have been impacted by a data leak at a North Carolina community college.

Tuesday, the Greensboro News & Records reported that a ransomware cyberattack struck Guilford Technical Community College in mid-September.

The college said it is reviewing the cyber attack “to assess what occurred and to remediate compromised networks.” Assistance was offered by state departments, intelligence experts and the Federal Bureau of Investigation.

The college said it has approached potentially impacted students , faculty and staff members. It said it will have one year of credit management and identity repair services.

“Due to the continuing nature of this inquiry, the college declined further comment.”

The GTCC found the Sept. 14 data leak.

Source: https://cybersguards.com/community-college-continues-to-investigate-a-ransomware-cyberattack/

Continue Reading

Cyber Security

IOTW: Will There Be An Incident Of Impact On Tuesday’s Election?

Avatar

Published

on

The United States presidential election is four days away. Last Wednesday, government officials released a statement about Russian and Iranian hacking threats. The next day, more information followed. What global corporate enteprise lessons can be learned?

Facts

On October 21, Director of National Intelligence John Ratcliffe informed the public that Russia and Iran stole voter registration information for the sake of election interference. While the data was publicly available, theories were floated that stealing the data was simply cheaper than buying it or that voter-related breaches help put into question the legitimacy of election results.

A day later, the FBI and the Cyber Security and Infrastructure Security Agency (CISA) released two joint statements providing additional detail to Wednesday’s rushed press conference. Included were some of the strategies deployed by Iran, such as using the stolen data to send fake Proud Boy emails to registered Democrats. Ratcliffe claims that by doing so, Iran attempted to turn voters away from Donald Trump. Some of his colleagues disagree. The same alerts accused Russia of penetrating dozens of state and local government infrastructures, including aviation networks.

Related: Nation-State Security Trends Report 2019

Sowing election uncertainty is a known practice of Russian and Iranian hackers, though both countries vehemently deny the claim. As a response, the Treasury Department imposed sanctions on Iran. Russia remains unpunished. It is important to note that US election and voter systems themselves have not been hacked.

Lessons Learned

Currently, the main cyber threat leading up to election day come in the form of misinformation campaigns and sowing doubt in the legitimacy of election results. It is extremely difficult for foreign operatives to hack into election systems and physically add, remove, or change votes. Instead, these foreign operators hack the minds of Americans. They leak false information that looks legitimate and open lines of questioning on social media that leave some people unsure of its accuracy.

Additionally, campaign staff devices, campaign websites, and other pop-up election infrastructure are prone to weakness. Enterprise infrastructure isn’t immune to cyber crime, and their resources far surpass that of election IT resources.

Related: ‘Not Going To Automate Our Way Out’: Fbi’s David Wallace

In June, the US Treasury Department warned that the Russian hacking group known as Evil Corp.—who also has ties to the Russian government—was taking advantage of new cyber security weaknesses as people increasingly started to work from home. The same infrastructure these hackers use to commit run-of-the mill cyber crimes through ransomware can also be used to wipe out data or spread infections from computer to computer, department to department, and organization to organization using interconnected servers. It is possible the seeds planted for a ransomware attack could pivot into election tampering territory.

Ultimately, widespread distrust around voting accuracy could cause just the right amount of damage. John Hultquist, FireEye director of threat intelligence, made this observation in June: “The disruption may have little effect on the outcome. It may be entirely insignificant to the outcome — but it could be perceived as proof that the election outcome is in question. Just by getting access to these systems they may be preying on fears of the insecurity of the election.”

Read More: Incident Of The Week

Source: https://www.cshub.com/attacks/articles/iotw-will-there-be-an-incident-of-impact-on-tuesdays-election

Continue Reading
zephyrnet10 mins ago

Trends, Insights & Startups from The Fintech 250

Cannabis5 hours ago

Current Research on Effect Specific Uses of Cannabis

Covid196 hours ago

How Telemedicine Can Help Keep Your Health on Track

Start Ups6 hours ago

Website Packages – Good or Evil?

Blockchain7 hours ago

Self-Sovereign Decentralized Digital Identity

Cyber Security13 hours ago

Best Moon Lamp Reviews and Buying Guide

Cyber Security16 hours ago

Guilford Technical Community College Continues to Investigate a Ransomware Cyberattack

Cyber Security19 hours ago

IOTW: Will There Be An Incident Of Impact On Tuesday’s Election?

Blockchain News22 hours ago

Mastercard and GrainChain Bring Blockchain Provenance to Commodity Supply Chain in Americas

AR/VR1 day ago

Win a Copy of Affected: The Manor for Oculus Quest

AR/VR1 day ago

The Steam Halloween Sale has Begun With Themed Activities and Updates

AR/VR1 day ago

Warhammer Age of Sigmar: Tempestfall Announced for PC VR & Oculus Quest, Arrives 2021

Crowdfunding1 day ago

I Dare You to Ignore This Trend

Blockchain News1 day ago

Bitcoin Price Flashes $750M Warning Sign As 60,000 BTC Options Set To Expire

AR/VR1 day ago

Star Wars: Tales from the Galaxy’s Edge to Include VR Short ‘Temple of Darkness’

Blockchain News1 day ago

Bitcoin Suffers Mild Drop but Analyst Who Predicted Decoupling Expects BTC Price to See Bullish Uptrend

Blockchain News1 day ago

AMD Purchases Xilinx in All-Stock Transaction to Develop Mining Devices

Cyber Security1 day ago

Newly Launched Cybersecurity Company Stairwell

AI1 day ago

How 5G Will Impact Customer Experience?

AR/VR1 day ago

You can now Request the PlayStation VR Camera Adaptor for PS5

Blockchain News1 day ago

HSBC and Wave Facilitate Blockchain-Powered Trade Between New Zealand and China

Blockchain News1 day ago

Aave Makes History as Core Developers Transfer Governance to Token Holders

Blockchain News1 day ago

Caitlin Long’s Avanti Becomes the Second Crypto Bank in the US, Open for Commercial Clients in Early 2021

Blockchain News1 day ago

KPMG Partners with Coin Metrics to Boost Institutional Crypto Adoption

Blockchain News1 day ago

US SEC Executive Who said Ethereum is Not a Security to Leave the Agency

Blockchain News1 day ago

MicroStrategy Plans to Purchase Additional Bitcoin Reserves With Excess Cash

Covid191 day ago

How followers on Instagram can help to navigate your brand during a pandemic

Cyber Security2 days ago

StackRox Announced the Release of KubeLinter to Identify Misconfigurations in Kubernetes

Cyber Security2 days ago

How Was 2020 Cyber Security Awareness Month?

Ecommerce2 days ago

Masks and More Outlet Donates Face Masks For Children In Local…

Ecommerce2 days ago

Clicks Overtake Bricks: PrizeLogic & SmartCommerce Bring Shoppable…

Ecommerce2 days ago

Footwear Sales in the U.S. Expected to Stabilize and Bounce Back…

Ecommerce2 days ago

Celerant Technology® Expands NILS™ Integration Enabling Retailers…

Ecommerce2 days ago

The COVID-19 Pandemic Causes Eating Patterns in America to Take a…

Ecommerce2 days ago

MyJane Collaborates with Hedger Humor to Bring Wellness and Laughter…

AR/VR2 days ago

Sci-fi Shooter Hive Slayer is Free, Asks Players for Louisiana Hurricane Relief Donations Instead

AR/VR2 days ago

AMD Announces Radeon RX 6000-series GPUs with USB-C “for a modern VR experience”

AI2 days ago

Resiliency And Security: Future-Proofing Our AI Future

AI2 days ago

AI Projects Progressing Across Federal Government Agencies

Blockchain2 days ago

Kucoin and Revain Announce Partnership

Trending