Things to Remember before Sharing your Information Online

Being online can put you under the scanner of cyber criminals looking for their victims round the clock. Now, exposing your basic and sensitive information on any platform might put you in the jaws of cyber predators just to be devoured. The constant fear of being a victim is as true as the earth we are living on. If your computer, laptop or smartphone is safe today, then you cannot be assured that it will be safe in future. Digitization has made Internet our constant companion and at the same time has increased the risk of drawing unwanted attention from the hackers. Staying alert is the only way to stay safe.

The following can ideate you about staying cautious while sharing your information online:

1. Open up Too Much on Facebook
Once you post something on your Facebook page as a status; it is out there for all to see. It is necessary to be cautious about what you are sharing on Facebook. If you have weak privacy settings, then you could actually make your identity vulnerable to online threats or even invite unexpected incidents like burglary (where your home address can be located easily).
• Never post any personal information on social media
• While you post something on Facebook, make sure you select your audience as ‘Friends’ and not ‘Public’ (if you are not sure of making it public.)
• Disable posting by others on your timeline.

2. Indulge into too much of Free Wi-Fi
Public Wi-Fi is the easiest access since anyone (including hackers) can access it. In addition, any information you send or receive over such networks can be intercepted by anyone with a fair amount of knowledge about hacking. For instance, if you are shopping online over an unsecured Wi-Fi connection, hackers can place themselves between you and the shopping portal, spying on all your information. This hacking technique is known as man-in-the-middle attack (MiTM).
• Try to avoid open Wi-Fi for sensitive activities like financial transactions, bank details, etc.
• Do confirm authenticity of the network from the service provider.
• Use VPN (Virtual Private Network) for an added safety measure.

3. Responding to emails from unknown senders
Unsurprisingly, email remains the most popular tool that hackers use to trap their victims. One skillfully crafted email bearing an urgent tone, something like ‘Your ATM is locked. Share your PIN and card number for security verification’, is good enough to trick an unsuspecting user into sharing this crucial piece of information with the scammer. This phishing technique has been laying waste to many businesses and individuals since long.
• Do not respond to unwanted, unknown or unexpected emails that ask you to download attachments or click on links.
• Even if such emails seem familiar, call up the sender and verify the situation first.
• Mark such emails as ‘spam’ or delete them from your inbox.

4. Weak Passwords
Choosing predictable and weak passwords are one of the common mistakes done by the users. Simple passwords ease our memory but throw our accounts at the risk of hackers. Very often, these passwords are used for multiple accounts, which make the situation worse. If a hacker cracks it, then it will not take much time for him/ her to steal the sensitive details.
• Passwords should be a mix of letters, numbers and special characters (or symbols).
• Use different passwords for different accounts, where there is no personal information.

5. Filling online forms
General details like name, contact number, email ID, residential address or even date of birth might seem to be basic information but these can be too important for scammers. For example, if you fill up any online form as a part of registration process to avail any services from a website, then the information you are sharing might be harmful unless you are sure of how this information is going to be used.
• Use a fictitious name, email ID and phone number while filling up similar forms as mentioned above.
• Disclose your correct details only if it is necessary and after you are assured of the privacy policy of the website.

Digitization has modernized our lives in many ways. Due to multiple online activities happening every now and then, it is quite common to lose track of how and which activities we do online frequently. This paves the way for cyber crooks to capitalize the opportunities. Nevertheless, the above-mentioned precautions can restrain you from being a victim.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , , , , | Leave a comment

Locky’s new sleeping pill .zzzzz Ransomware

Locky Ransomware's new extension (.zzz)

A new variant of Locky has been detected in the wild and this time the authors of Locky have decided to use “.zzzzz “ as the extension for all of the encrypted file. Moreover, researchers believe that it is using Geo-location for targeting its victims. Furthermore , this new variant appears to act as an adware , wherein Advertisements are displayed while the system is being infected.

It is interesting to note that Locky authors have been frequently changing the extensions, and this aspect might be contributed by various factors

1: Private Keys being used for encryption are changed with every campaign and this allows the authors to keep a track and also provide specific decryption routines/
2: The CNC are being regularly taken down, which effectively renders these Keys infective.

However, we are yet to receive any confirmation about such take-downs.

It also seems that Locky Authors have just found out an additional method of monetizing their efforts. By introducing an Adware , they have ensured that even the time spent by Locky during encryption, generates revenue for them. This is basically a win-win situation for the Locky Authors, since, they now have the ability to monetize and earn profits from those users too, who are unwilling to pay the ransom.

In near future, we may find, numerous Ransomware-authors adopting this new found strategy of monetization.

eScan users need not worry since, this frail encryption attempt by .zzzzz is defeated by our PBAE Technology.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , , , | Leave a comment

Security Warnings: Black Friday & Cyber Monday
As you might be endlessly waiting for Black Friday and Cyber Monday deals online, cyber-criminals are ready with their digitally well equipped conned trap which would take fist full of money from your pocket. eScan predicts some of the major threats which are likely to spoil your shopping spree.


From ‘Android.Trojan.SLocker.CV‘ to ‘Dharma’/ ‘Karma‘, 2016 has been the year of Ransomware and it refuses to die down as the hackers have added Ransomware as a weapon in their armory  . According to eScan research, cyber-crooks would be relying on social engineering techniques such as Phishing to lure innocent shoppers. According to the research, 93% of phishing emails contain Ransomware, which is spread through phishing emails with malicious attachments or through drive by downloads . eScan predicts that cyber criminals would be making use of phishing scams to lure victims into entering their sensitive information. eScan cautions its readers and users against such emails and also avoid clicking of attachment on Cyber Monday discount emails.

Blackhat SEO Campaigns

Cyber crooks would make use of aggressive SEO strategies, techniques and tactics to focus only on search engines and not on human audience, and usually does not obey search engines guidelines . By doing this they can infect users who are looking for Black Friday deals . eScan advises users and readers to go directly to a store’s official website instead of using search engines to look for deals

Watch out for HTTP

Never purchase goods from a site which have “http” at the start of the URL. Many shopping websites use SSL to encrypt information and a padlock icon. Proceed with online shopping only if you see https connection.

Fake Apps

As per the trends observed earlier, users need to be cautious from phony apps which offer access to Black Friday and Cyber Monday deals. These apps tend to misuse the data of the user and violate the privacy. Users need to download apps from legitimate app stores and websites.

With rapid rise of mobile e-commerce apps, the users need to be extremely cautious while installing the app. eScan has wide range of products for Mobile Security for both Android and iOS.

Untrusted Public Wi-Fi

Black Friday and Cyber Monday shopping should be avoided in public places such as Restaurant or Mall hotspots or Airports  as they are prime targets for hackers as they can seize the opportunity to defraud individuals or steal their identity or both. eScan advises its users and viewers to shop only from trusted wireless connections  such as home and cellular networks.

 POS Malware

Cyber-criminals are increasingly improving their methods to target innocent victims. Instead of infecting thousands of individual computers, cyber-criminals can now get the same output by attacking just a few POS systems with specially designed malware and with the holiday shopping season in full swing ahead,  eScan predicts new POS Malware on the rise considering statistics of third quarter of 2015, where POS malware was increased alarmingly. eScan advises users to make use of strong passwords for all their POS devices and change the default ones.  Apart from this, they must make use of reliable antivirus software which would keep their POS systems safe and keep their POS systems safe from any kind of infections. In addition to it, credit and debit card bank statements need to be checked to ensure there are no unusual or fraudulent transactions.

Stay Alert From Card Skimmers

At the time of withdrawal of your money from ATM, eScan advises you to inspect the card reader before swiping to ensure that it isn’t fake. Lately, 3.2 million Debit Cards from multiple banks have been compromised, belonging to Indian users. Based on this, we predict that cyber crooks may install card skimmers over ATM slots in order to trick people into providing their PIN and magnetic strip information.

Update your Security Software

Make sure that your operating system , Web browser and security software is up to date which would protect you from all kinds of Malware attack.

eScan wishes you and your loved ones a happy and safe shopping!


Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , , , , , , , , , , | Leave a comment

Dharma vs Karma


Its neither a new movie nor an upcoming sitcom,  its all about the new variants of Ransomware spreading in the wild. However, at the time of writing this blog-post, there doesn’t seem to be any relationship between the authors of these two Ransomware. Moreover, in past few days we have seen a rise in the number of variants of Ransomware, which makes us believe :

1: Skiddies have entered into the Ransomware market.
2: Open-source Ransomware eg. Hidden-tear are being used to learn the tricks / tips of the trade.
3: Ransomware Creation tool-kits or Ransomware As a Service might have been made available in underground networks and hopefully, one of the friendly security / malware researcher finds it.
4: Affiliate Networks for spreading Ransomware are on the rise.

Dharma Ransomware
Like all the other Ransomware, this one too encrypts a select set extensions in the below mentioned format.

Extension : .dharma
Pattern   : filename.ext.[emailid].dharma

The sample which was detected by eScan’s PBAE technology tried to encrypt files using [].dharma extension.

Karma Ransomware
Similar to Dharma Ransomware, Karma doesn’t add an email-id in the file-extension , it simply uses the .karma. Moreover karma disguises itself as a Windows Optimization Program called Windows Tune-Up utility. Moreover, its a part of the Pay-Per-Install software monetization schema and un-suspecting victims in order to grab a free software might end-up getting infected by Karma.

Extension : .karma
Pattern   : filename.ext.karma

Earlier, we were used to Fake Anti-viruses luring users with fake reports and then convincing the user to download and install their “Better than the Best Antivirus Solution”, Karma Ransomware creators/distributors are following the same track , since this is no longer an exclusive market , a market which which earlier ruled by the elite programmers.

Angler EK (Exploit Kit) used to distribute Locky , however in coming days we may observe a substantial rise in various Exploit Kits making a comeback with Ransomware being their major Payload, along with the other capabilities viz. stealing information, passwords etc. However, merging these Ransomware Infected systems into a botnet is not possible due to various practical reasons, viz. after the system gets infected, all the user can do is to either format the system or pay the ransom and the first thing which users do after getting infected is to isolate the infected system.

Usage of botnets to carry out Ransomware infection attacks by brute-forcing their way into the systems and exploiting vulnerabilities to gain execution privilege doesn’t seem an improbable notion. We have to simply wait and watch.

PBAE Technology has protected eScan users from Dhrama Ransomware, Karma Ransomware and all the other known Ransomware. Those users who haven’t yet updated eScan to the latest version should do so  immediately.

To know more about PBAE Technology, you may download it from here.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , , , , , , | 2 Comments