Is White House Computer Network Breached By Russian Hackers?

White house hackedCybercriminals have recently hacked the White House’s unclassified computer network, resulting in temporary disruptions of few services. Washington Post report says that Russia is behind the breach as it has already been accused of hacking the US military’s classified networks, which was discovered in 2008.

The Washington Post reported that the hackers thought to be working for the Russian government may have breached the unclassified White House computer networks in the recent weeks. The breach was discovered two to three weeks ago, after U.S. officials were alerted to it by an unnamed ally, says Washington post.

The White House official said that in the course of assessing recent threats, they identified activity of concern on the unclassified Executive Office of the President network. According to the same official, they took immediate actions to evaluate and mitigate the activity. However, while taking steps to address suspicious activity detected on its network, unfortunately some of it resulted in the disruption of regular services to users.

According to reports, Intranet or VPN access was shut off for a while, but the email system, apart from some minor delays, was working fine. Additionally, some staffers were asked to change their passwords too.

White House officials admitted that some elements of the unclassified network was affected and they dealt with the situation immediately, but the new measures have led to temporary shut-downs of the network and loss of connectivity for some White House employees. However, these activities did not damage any of the systems and that, till date, there is no evidence that the classified network was hacked.

They added that a variety of actors find their networks to be attractive targets and seek access to sensitive information. However, the White House declined to comment on a Washington Post report that says Russia was thought to be behind the breach.

Posted in eScan 11, eScan 14, Security | Tagged , , , | Leave a comment

Phishing Emails Spreading ‘Dyre’ Banking Malware

The Dyre malware is yet again targeting online bankers by stealing their user credentials. This time it is making use of a phishing campaign, says US-CERT.

phishing- Dyre banking malware

According US-CERT, a phishing campaign has targeted a wide variety of recipients by using the Dyre/Dyreza banking malware. The Phishing emails used in this campaign includes a PDF attachment named Invoice621785.pdf. These malicious PDF attachments take advantage of unpatched versions of Adobe Reader (CVE-2013-2729 and CVE-2010-0188), that is; it tries to exploit vulnerability in Adobe Reader.

If the exploit is successful, the malware copies itself under C:\Windows\[RandomName].exe. It also downloads additional malware on user’s system from hxxp://rlmclahore.com/Resources/Search/1510out[.]exe.

A system infected with Dyre banking malware will attempt to steal credentials used for online services, including banking services. This malware was first spotted by security researchers in June, then it was targeting large financial institutions world-wide. Last month, the malware was observed going after user credentials for Salesforce.com.

According to US-CERT, users and administrators should follow basic security steps to stay protected from this malware:

  • Maintain up-to-date anti-virus software.
  • Keep your operating system and software up-to-date with the latest patches.
  • Do not follow unsolicited web links in email.
  • Use caution when opening email attachments.
  • Follow safe practices when browsing the web.

eScan suggests following preventive measures that will save you from falling prey to such attacks.

  • Identify phishing emails, such mails are filled with countless grammatical errors and are often written in awkward English.
  • Never respond to emails or messages from unknown sender that have “undisclosed recipients” in the address line.
  • Do not click on the link mentioned in the mail, if required type it in another browser tab to see what it contains.
  • Never provide information related to your credit card, bank account numbers or passwords to any unknown site or a fake site.

However, for complete protection from spam and phishing emails get the free trial of eScan Total Security Suite with Cloud Security from here: http://bit.ly/1rLWjxg

Posted in eScan 11, eScan 14, Security | Tagged , , , , , , | Leave a comment

CryptoWall 2.0 Ransomware Targeting Major Websites

CryptoWall 2.0 Ransomware

Researchers have recently revealed that the CryptoWall 2.0 Ransomware was being used to target popular websites like 9Gag, AOL, Yahoo, etc; through a malvertising campaign. Around three million users were being exposed to this file-encrypting malware per day. However, websites themselves were not compromised but the network pushing the advertisements on these websites is the one being compromised. Researchers observed three major ad networks OpenX, Rubicon Project and Right Media/Yahoo Advertising that were delivering malvertisements to websites. They also estimate that the hackers have made about $25 000 in Bitcoins per day. The profit from the entire campaign is supposedly about $750, 000.

Malvertising campaign involves a malicious advertisement inserted in an ad network that is eventually used on the client webpages. What makes the attack difficult to detect is the fact that these websites showcase different ads depending on user’s interests and location. These malicious advertisements contain ransomware, which when clicked, automatically downloads the malware onto user’s system. Experts say that just like other ransomware, CryptoWall then encrypts the end-users’ hard drive and does not allow user to access until he/she pays a fee over the Internet for the decryption key. Failure to pay within a period of time results in user’s hard drives being permanently encrypted.

According to researchers, 85 000 attacks trying to deliver the ransomware have been recorded since CryptoWall 2.0 has been released. Most of them are delivered through emails with malicious attachments.

CryptoWall 2.0 ransomware that spreads through email mostly appear in the form of as PDF files inside a ZIP archive. When the receiver of the email opens this attachment, a drive-by download gets executed on his/her system.  CryptoWall basically scans all drives on the compromised machine for files such as documents, songs, images, presentations, and videos. It then encrypts these files with RSA-2048 algorithm, which makes the data inaccessible without a private decryption key.

What can a user do to mitigate this malware?

  • Use a reliable security software like eScan that can easily restrict such malware from getting downloaded on the computer system.
  • Keep your computer’s security settings to a higher level. Configure your computer’s AV settings to perform automatic system updates.
  • Regularly scan the system with automatic security software so that threats are left inside Windows Registry and other locations.
  • Avoid clicking on any pop-up that appears, especially pop-ups which are displayed on an unknown website.
  • Keep all of the software installed on your computer up-to-date. Especially software from Microsoft, Adobe, Oracle Java, and others.
  • Configure your email server to block email that contains malicious file attachments.
  • Think before opening an email attachment sent from an unknown sender, open it only if you are positive about the source.
  • Disable AutoPlay to stop automatic launching of files from the network and removable external drives.
  • Keep a backup of the information stored on your machine.

The best way to know whether your PC has a malware infection is to run a free scan. Use the Free eScan tool kit from here. No installation required. http://www.escanav.com/english/content/products/MWAV/escan_mwav.asp

Posted in eScan 11, eScan 14, Security | Tagged , , , , , | Leave a comment

Security Of Your PC Is At Risk

Software and Operating systems (OS) sometimes are vulnerable to attacks. These vulnerability can be extremely harmful for our computer system.

The US-CERT Cyber Security Bulletin provides a summary of latest vulnerabilities that have been recorded by its research department for the Week of October 13, 2014

The National Institute of Standards and Technology (NIST) have found vulnerabilities that can make a system prone to malware attacks and unauthorized access.

Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:

  • Vulnerability in the DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service attacks via crafted DNS packets. Find out other vulnerable versions from here: http://1.usa.gov/10gX7zB
  • Microsoft Word file format vulnerability in Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document. Find out other vulnerable versions from here: http://1.usa.gov/1w0JQYY
  • Internet Explorer’s memory corruption vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malicious web site. Find out other vulnerable versions from here: http://1.usa.gov/122jSrC
  • Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Find out the other vulnerable versions from here: http://1.usa.gov/1t3LUNV
  • Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via malicious URL. Find out other vulnerable versions from here: http://1.usa.gov/10gZgLL
  • NET Framework Remote Code Execution Vulnerability in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application. Find out other vulnerable versions from here: http://1.usa.gov/1COUMrB

There are many such vulnerable software ranked in the division of high, medium, and low severities.

To know more about these vulnerable software and the affected versions read the US-CERT Cyber Security Bulletin from here: http://1.usa.gov/1t3MgE4

Posted in eScan 11, eScan 14, Security | Tagged , , , , , , | Leave a comment