Are you hit by the Ransomware that demands ‘Paypal My Cash Cards’?

Mahatma Gandhi once said, “There is sufficiency in the world for man’s need but not for man’s greed.”Even in today’s times, these words are so true, especially when it concerns a criminal!

Are you a video gamer, who plays games such as Call of Duty,Star Craft 2, Fallout 3 on frequent basis?If yes, then you surely need to read this.Even if you don’t, you still need to know this.

According to a new research, a new file encrypting program has been discovered, which is used by hackers to extort money from users called TelsaCrypt Ransomware, which is the new version of Ransomware.

According to US-CERT, Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars and is sometimes demanded in virtual currency, such as Bitcoin.

What is TelsaCrypt Ransomware?

A variant of CryptoLocker Ransomware which can prohibit users accessing their photos, personal documents and most importantly game files, making it unique when in comparison with Cryptolocker Ransomware. It is also called as Cryptolocker- v3, which will encrypt files present in user system. The private key is owned by the hacker and the victim has to pay a ransom demanded by the cyber-criminal to regain the access.

How does TelsaCrypt Ransomware work?

It typically propagates as a spam email attachment or as a Trojan that enters system bundled with a freeware or a downloaded file from Internet. Once entered the user’s system, it starts the process of encryption, i.e. encrypting document files, photos and gaming files present in hard drive.

Cryptolocker-v3 uses AES encryption, which encrypts following extensions: .xlsm, .syncdb, .pptm, .doc and .mdbackup files. To every extension which is encrypted extension, .Ecc is added. When the encryption of files is complete, all Shadow Volume Copies and restore points are deleted from victim’s system. This is to ensure that the victim is unable to restore data from System Restore Points.

After successful deletion of Shadow Volume Copy and restore points, victim’s desktop wallpaper is changed to a ransom note along with a text file that consists of instructions how victim can recover their encrypted files.

Researchers have also found that TelsaCrypt Ransomware might kill processes related to System Configuration (msconfig), Command Prompt (cmd.exe), Task Manager (taskmgr.exe), Registry Editor (regedit.exe) and Process Explorer (procexp.exe) which may make it difficult for user to remove the Ransomware. This type of Ransomware accepts Bitcoins as ransom payment and but also accepts ‘Paypal My Cash Cards’ making it a peculiar of its kind.

So how can we safeguard ourselves against TelsaCrypt Ransomware? Below are some tips suggested for same:

  • Update your antivirus software (eScan) on regular basis, which will protect your system from all kinds of Malware attacks.
  • Ensure that all software’s installed in your system are updated frequently, including Oracle Java and Adobe.
  • Avoid clicking pop-ups, especially displayed on an unknown website as it may lead to unintentional download of a Virus or Malware onto your system.
  • Never send or reply to emails which ask for sensitive information such as Credit card number, PIN (Personal Identification Numbers) and Bank account number to an unauthorized person.
  • Disable Auto-play of USB and Optical drives such as Pen drive, External Hard Disk and CD/DVD.
  • Make sure that pop-up blocker is running in your web browser.
  • Regularly backup your important files.
Posted in Security | Leave a comment

‘Work From Home’ Scams – A Business of Fake Opportunities

In today’s world, everybody wants to do a job and make their future bright by earning some money and the simplest way is to ‘Work From Home’. Working from home is kind of a rescue option for mainly jobless at home, the sick, the old aged people, parents and people who are looking forward to earn money.

Work from home schemes are on a rise, not just in India but worldwide and are attracting thousands of people who are looking for opportunities to earn by doing online work. Internet is a boon in such situations that has made it possible. However, a lot of internet frauds have come into existence such as the Rs. 2,000 crore Speak Asia online survey fraud, multi-level marketing (MLM) schemes, pyramid and Ponzi schemes, to name a few.

It has been reported that the very popular website ‘GroupDealTools’ of home profit system and another website, named ‘Kavita Mehra’s Online Profits Course’ as promoted were apparently selling fraud schemes through their websites.

work_at_home_digital_scamSuch internet frauds are often conducted through spam emails. Cyber criminals send scam emails to innocent users offering a job wherein the user needs to provide bank account details to receive and pass on payments to the company. These job offers claim to give their employee a percentage of commission for each payment the user has passed on. Users might also be offered stuffing envelopes or promotional jobs to earn better payments. These schemes are only meant to cheat innocent users. Many of these schemes are either money laundering scam, an upfront payment scam or a pyramid scheme.

Cyber criminals prey on jobs such as handling medical insurance claims, assembly job, pyramid schemes, chain letters, envelope stuffing, and many more. Users take up these jobs as they get attracted to larger than life offers. They start by filing a registration form, potential members are then asked to provide their credit card details so that membership cost can be deducted. To earn more on a regular basis, users give away their confidential details and get trapped in the net.

Many such scamming sites which are banned in US are now targeting Indians by using a localized version of their website. According to the cybercrimes cell, around 300 such scams at any given time are posted on the internet to tempt internet users for Work from Home opportunity. Most of these scams are mainly targeting working women in India who wish to make some money from home or retired people.

As scammers are getting more sophisticated, it has become really difficult to differentiate between legitimate and scammed opportunity. Identifying whether the opportunity is genuine or a scam can be a tough task, however proper measures and alertness can be very helpful for users to identify.

Be careful:

  • if a job offer promises to help you make too much money with little effort by using your home computer
  • if an offer requests you to pay a registration fee
  • if the job provider asks you to provide your bank details
  • if a job requires you to transfer money for someone else to get double in return

Few tips to be kept in mind as precautions are:

  • Never open suspicious or unsolicited emails. They can be a scam. Delete them.
  • Never reply to suspicious mails. This may trap you in the scammers net.
  • Never provide your credit card or online account details to anyone you do not know.
  • Remember, making quick money schemes are hoax: scammers are the only people who make money out of it.
  • Be careful of schemes that promise money back or offer double the money on task completion.
  • Beware of schemes that assure income or exclusive prices.
  • Be cautious if the job offer requests you to pay membership or an upfront fee.
  • If you are asked to transfer money for someone else, do not get involved in it. It leads to Money laundering.

Unfortunately, these scams can be spotted everywhere online, where claims are made to earn easy money or double the invested amount.  Do not allow yourself to be a victim of such internet fraud. Be careful and proactive. Don’t lose hope and keep searching for a genuine work from home job. They definitely do exist! Your dream of working from home and making some money can be fulfilled with little awareness, through research and lots of hope. The bottom line is, working from home can be an easy method of earning some money—if the business is genuine.

As they say that there is short-cut to success. But many of us fall prey in pursuit of this success of earning money. To protect yourself against the growing ‘Work From Home’ scams is completely in your hands!

Posted in Security | Tagged | 4 Comments

As Cyber-threats Only Continue to Increase…

The frequency and intensity of cyber-threats has increased exponentially and as IT security experts predict, they will only continue to increase. Hence, be it businesses or end users, all need to increase cyber vigilance and share threat information in order to detect and stay secured from these breaches.

The US-CERT Cyber Security Bulletin provides a summary of latest vulnerabilities that have been recorded by its research department for the week of March 02, 2015. The National Institute of Standards and Technology (NIST) has found vulnerabilities that can make a system prone to malware attacks and unauthorized access.

Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:

  • Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. Find out other vulnerable versions from here:
  • The Auditing service in SAP BussinessObjects Edge 4.0 allows remote attackers to obtains sensitive information by reading an audit event, aka SAP Note 2011395. Find out other vulnerable versions from here:
  • An unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. Find out other vulnerable versions from here:
  • SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. Find out other vulnerable versions from here:
  • The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message. Find out other vulnerable versions from here:
  • Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. Find out other vulnerable versions from here:
  • Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php. Find out other vulnerable versions from here:
  • SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Find out other vulnerable versions from here:
  • Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. Find out other vulnerable versions from here:
  • Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue. Find out other vulnerable versions from here:
  • KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors. Find out other vulnerable versions from here:

There are many such vulnerable software ranked in the division of high, medium, and low severities. To know more about these vulnerable software and the affected versions, please read the US-CERT Cyber Security Bulletin from here:

Posted in Security | Tagged , , , , , , , , , , | Leave a comment

Did you receive an invite to check out WhatsApp’s new ‘calling feature’?

Recently, I got the below message on my cellphone from a friend in one of the Whatsapp groups of which I am a member.

‘Hey, I am inviting you to try whatsapp calling click here to activate now –

I was happy to read that now the most popular cross-mobile messaging platform, WhatsApp has a calling feature. Just the way it has made messaging as well as sharing files/videos free and convenient, calling would also be free. So, my mobile bill will again drop (It really dropped when they launched the messaging app J). I was curious to know more about this new facility of Whatsapp, so I visited their website. However, I was surprised to see no mention of it. I checked on goggle and realized that WhatsApp has not yet announced any calling feature officially. Though, many of its users claim to have used it.

As soon as I once again went back to the group to check that message, I saw one more message from another friend that said - ‘DO NOT DOWNLOAD (WhatsApp calling) SOFTWARE… IT’S A FAKE THING TO HACK YOUR CONTACTS.’

Reading the message, the next thing that my mind said was, “Saved!!!!”

WhatsApp’s calling was the most talked about feature during 2014. However, it was not launched. Currently, WhatsApp developers were testing the calling feature by inviting a group of random users to test out the calling mode. It is claimed that the testing involves the amount of data used for a conventional VoIP call using WhatsApp via the internet, the call quality and the security involved while calling.  The testing team says that in order to get the WhatsApp calling feature activated on the Smartphone, the user must have an updated version of WhatsApp.

Many WhatsApp users are requesting other users who have the calling feature enabled on their handsets, to make a call to them in order to get the service activated. It’s like passing the invitation to another user by simply making a call. However, the fact is that even if you receive a voice call from a WhatsApp user/friend, you may not get activated to make future calls as it all depends on the servers at WhatsApp. Currently, WhatsApp has this feature available to only limited number of users/devices.

The leading mobile-messaging application company has even declared a notice that says;

‘Do not entertain any WhatsApp message or email that states he/she has invited you to get the WhatsApp feature enabled. Many of these messages are fake and you could end up with a virus or malware on your smartphone and risk your privacy.’

WhatsApp has more than 450 million users across the globe. Its 70% of users are active each day, thus making it having one of the highest daily active user bases in the world. So it is obvious that this popularity of app has given rise to various cyber-criminal activities mainly targeting its users.

This fake message that is circulating all over the WhatsApp space and inviting its users to test the new calling feature is a trick by hackers. In case, you click on the link, it will redirect you to another website where you will be asked to take a survey on behalf of the popular messaging service. The survey forces IT users to download applications and software that might carry malicious malware onto your phone. And then, all that data which is confidential to you as of now will be in the hands of hackers.

I realized that this was one more time that I was saved from being hacked or my data being compromised. But the very next moment a thought came to mind saying that for ‘how many more times you will be lucky?’ It is so true. Any of us can anytime be a victim of such scams initiated by hackers.

So as it is said that prevention is better than cure, below are few pointer to be kept in mind for everyone who uses Smartphones and downloads various applications;

  • Always read the description of the app before you are installing.
  • In the app, there is a ‘Developer’ section which includes ‘Visit Webpage’ column. It includes the link for the official webpage of the company. Read the information carefully before installing any app.
  • In case you come across any app that is malicious, flag it as inappropriate. This will help the developers in re-verifying the app. Moreover, you might prevent another user like you from being compromised.
  • Whenever downloading any app onto your Smartphone, read the ‘privacy policy’ and ‘access right’ information before you install the app. There are many apps that does not require access to many of your information to operate, but still they ask right to access for it.
  • Do not click on any link mentioned in the message. In case you are too curious to know about it, type the link/URL in another browser tab to check what it contains.
  • In case you happen to click on any such link and your banking credentials or other details are asked for, never provide.
  • Beware of phishing websites that contain identical looking logos, pictures and banners that are designed by hackers to target you.
  • Pay close attention to the URL (Internet address) of the link mentioned in the message.
  • There are few websites that automatically download Malware onto your computer, beware of such questionable websites. Hence, to mitigate such attacks, an Antivirus in your device is a must.
  • It is always wise to use a reliable Anti-Virus and content security software to protect your computer/mobile/tablet from harmful viruses.
  • Keep the security settings of your digital device to a higher level. Configure its anti-virus settings to perform automatic system updates.

Remember, after all it is our responsibility to secure our personal information. By being extra cautious and vigilant, we can minimize the chances of becoming a victim of such scams.

Posted in Security | Tagged , , , , | Leave a comment