Sunday, June 7, 2015

CryptoWall 3.0


Threat –

CryptoWall 3.0

          Is a malware spyware/ransom ware that can steal the victim’s information and ask for the payment from users to release it. It uses Tor ( hidden Internet) to execute its online payment process.

 

How it spreads

Spam/Phishing Emails

It comes as an attachment in an spam or phishing mail (generally in zip file) and once user opens the zip file. It prompts the user to download the PDF file pretending to be harmless “Resume” etc.

  

Protection

Spam filtering 
Internet Firewall 
User awareness 
 

NjRat Malware


Threat –

NjRAT – A remote access Trojan complied in .Net 4.0 capable of  taking complete control of an infected device. The malware is capable of logging keystrokes, downloading and executing files, providing remote desktop access, stealing application credentials, and accessing the infected computer’s webcam and microphone.

 

How it spreads

1.       Spam/Phishing Emails offer users to install video game (need for speed etc.), video games cracks, application key generator and Antivirus etc.

2.       By visiting a compromised website which again asks to download antivirus etc.



Protection  

Internet Firewall
Spam filtering
End Point Protection
User awareness  

 
 

DYRE MALWARE



Threat –

DYRE MALWARE

·         A Trojan with Man in the middle (MITM) attack capabilities and coveted VNC Session,  designed to steal login credentials by grabbing the whole HTTPS POST packet, which contains the login credentials sent to a server  during the authentication process, and forwarding it to its own server.

·         It can then compromise the victim’s Bank /others account and can block the user to access his own account.

·         It has VNC capability as well to perform DoS or DDoS attack through the victim machine once the system is affected with the malware.

·         It works through a configuration file  and currently there are 90 target Banks  (mainly from Romania, United Kingdom, Ireland, USA, and UAE)  in that configuration file  


How it spreads

Spam/Phishing Emails

It comes as an attachment in an spam or phishing mail and once user invokes it, the Trojan executes itself and gets installed on  victim’s computer.

 

How to Protection

Spam Filtering
End Point Protection  
            User awareness  
                  1.       User not to fall prey to unsolicited mails.
                  2.       User  not to open email attachments if sender is unknown or unfamiliar.