Ashley Madison Scams on the Rise

More than a million were registered in an online Adultery hook-up website Ashley Madison before it was hacked and of-late it continues to attract new members daily. eScan research team in a startling investigation found that cyber-criminals are using various means of extortion techniques, fake promises and emails mentioning about the infidelity website.

How Does Email Look Like?

Unlike typical extortion emails, Ashley Madison spam email doesn’t have broken English. The cyber-criminal proclaimed that he had personal information belonging to the recipient and demanded a bitcoin as a payment, which would prohibit him from sharing the information with recipient’s Facebook friends. The main objective of using Bitcoin was that it preserves recipient’s identity.

In another spam email campaign we came across a scenario where the email-recipients are lured to join a collective lawsuit against Avid Life Media (parental company of Ashley Madison) with the help of a link. When the link is opened the recipient gets a story of an unknown man who is scared of his Ashley Madison account getting public. This story is quite convincing and convinces the user to fall into the donation trap. At this point of time it opens a word-document mentioning about the story.  With the rise of Ransomware in the recent times, our researchers have every reason to believe that this Ashley Madison scam might also strategically take the same path in near future.

Ashley Madison hacking incident is a classic example of Privacy Breach and now the registered users are apparently going to have a bigger problem of Identity Theft. Along with information like names, addresses and the type of extramarital arrangements, the hack also exposed information on 9,693,860 credit and debit card transactions conducted on the site. The criminals might clone Ashley Madison user’s debit and credit cards to commit fraud or identity theft campaign. Hackers have also downloaded sensitive information such as names, email addresses of users, photos, financial data and message history. Detailed study of the privacy policy of the websites can also help the user asses about the security.

What can the users do?

Here are some tips provided by eScan to its readers:

1 Be extremely cautious of posting information in social networking website. Once posted, it is no longer private.

2 Customize privacy settings – This gives the option of sharing something with specific people or protecting it from specific people.

3 Avoid sharing personal information such as usernames, passwords, bank account numbers etc. with nobody.

4 Make use of strong passwords as mentioned here .

5 Personal Information Number (PIN) is one of the easiest targets for cyber-criminal. Make sure your PIN number doesn’t have birthdays, birth-years, consecutive numbers, repeated numbers etc.

6 Avoid clicking or shortened or unknown suspicious links as they may lead to installation of Malware or Spyware in your computer.

7 Avoid giving authorization to wary games and apps, which tend to access your private information.

8 Update your antivirus software (eScan) on regular basis, which will protect your system from all kinds of Malware attacks.

Posted in eScan 11, eScan 14, Security | Tagged , , , , , , , | Leave a comment

Beware of Ransomware disguised as Windows 10 Update

If you dare to update your system to Windows 10 based on fake emails from Microsoft, then you could be a victim of Cryptolocker Ransomware.  eScan research team has found that cyber-criminals are using various social engineering techniques to take advantage of  millions of people looking for a free system upgrade to Windows 10 which was officially launched on July 29 worldwide .

According to US-CERT, Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars and sometimes demands in virtual currency, such as Bitcoin.

What is Cryptolocker?

It is a kind of Ransomware which can prohibit Windows users accessing their photos, personal documents, zip files and host of other files. It makes use of asymmetric encryption i.e. Victims cannot access their files unless they have a private key, which is owned by the malware author and in order to obtain the key, the victim has to pay ransom amount to the cyber-criminal in virtual currency.

How does it work?

The malware enters into the user’s system through a fake email from Microsoft even though cyber-criminal makes use of well-crafted email address making it appear as a valid one along with a subject line ‘Windows 10 Free Update’ and an attachment. The attachment was downloaded and executed by our research team and found a warning message along with instruction to pay $600 for the private key within 96 hours. The malicious email was traced to spam servers located in countries such as India, Russia, Thailand, USA and France.

What to do?

  • Users can update their current system to Windows 10 in two stages i.e. Reserve and Upgrade. In the first stage, users need to check whether they have got a notification in their taskbar from Windows which will reserve a free copy of Windows 10. On clicking the menu present on top left, it will check your system and run Windows Advisor to make sure that your hardware and software is compatible with Windows 10. Windows 10 will be downloaded once it is available. And the last stage is Installation where users will get a notification that Windows 10 is downloaded which needs to be installed.
  • Update your antivirus software (eScan) on regular basis, which will protect your system from all kinds of Malware attacks.
  • Configure your antivirus settings to automatic system updates.
  • Regularly backup your important files.
  • Make sure you either implement Mailscan at gateway level or enable Mail Anti-virus on endpoint in order to block extensions such as *.EXE, *.SCR,*.JS, *.VBE etc. These attachments would infect your system.
  • Open emails only if you are positive about the source.
Posted in eScan 11, eScan 14, Security | Tagged , , , , , | Leave a comment

eScan Supports Windows 10

At last the wait is over. Windows 10 is on the threshold of being practical and eScan is all geared up! All eScan range of SOHO products are compatible with Windows 10 with an absolutely hassle-free automatic update mechanism. The users of these products need not even worry of the versions and upgradations process.

Following is the list of products that are compatible with Windows 10:

SOHO Segment

  • eScan Internet Security Suite with Cloud Security.
  • eScan Antivirus with Cloud Security.
  • eScan Total Security Suite.
  • eScan Universal Security Suite (Antivirus for Windows).

SMB Segment

  • eScan Anti-Virus with Cloud Security for SMB.
  • eScan internet Security Suite with Cloud Security for SMB.

Enterprise Segment

  • eScan Corporate Edition (with Hybrid Network Support).
  • eScan Corporate 360 (with MDM & Hybrid Network Support).
  • eScan Endpoint Security (with MDM & Hybrid Network Support).
  • eScan Enterprise Edition (with Hybrid Network Support).
  • eScan Enterprise 360 (with MDM & Hybrid Network Support).

Following things are to be done before upgrading to Windows 10 with eScan older and newer versions:

  • If you have eScan older version, please make sure you download the latest updates, and cross check if eScan version is changed to 1x.0.xxxx.1780 and above.
  • Start the installation for Windows 10 and follow the instructions on screen.
  • Select “Download and install updates (recommended)” option, as shown below:


  • Once upgrade is complete, eScan will be migrated to Windows 10 to secure your digital life.

Please note that reactivating the existing license of eScan is not required. Also the current builds (1789 and above) are compatible with Windows 10 both fresh and upgrades. As far as Microsoft Edge browser is concerned, at present eScan supports virus scanning and Parental Control. In future eScan plans to add other features like Identity Theft. Stay tuned to or


Posted in eScan 11, eScan 14 | Tagged , , | 1 Comment

Indians Beware: Trojan Targeting your Banking Personal Information

A new variant of Malware which targets Indian Internet users using Windows have been discovered by eScan Security research team called Gen: Heur.MSIL.Krypt. In addition to it more than two aliases or pseudo-identities of the Malware have been found.

How does the Malware enter system?

It propagates as a Trojan that enters the system through spam emails having zipped archives or Microsoft Office document. This could be in form of a receipt for a payment or a delivery. It also enters when infected removable drives such as USB Pen Drives, External Hard Drives are plugged in to the system or by browsing a Compromised or Untrustworthy Website.

How does the Trojan Work?

Firstly after entering the system it gathers information about the victim such as system information which includes computer name, Local date and time, Internet Protocol Address (IP Address) and installed anti-virus solution. Secondly it kills the following processes Task Manager (taskmgr.exe), Command Prompt (cmd.exe), System Configuration (msconfig.exe) and Registry Editor (regedit.exe), which makes it difficult for the user to inspect and fix the problem. Thirdly the Trojan performs the following actions i.e. Log key strokes, capture screenshots, scrap web browsers for saved passwords, browsing history and more. Afterwards the Malware steals banking and financial transactions such as Credit Card Number belonging to the victim. In addition to it, Social networking credentials, Email accounts are also stolen.

What could a computer user do?

  • Update your antivirus software (eScan) on regular basis, which will protect your system from all kinds of Malware attacks.
  • Configure your firewall to default configuration, i.e. deny all incoming connections and only allow services which you explicitly want to offer to outside world.
  • Make use of strong passwords.
  • Turn off file sharing if not needed.
  • Implement a three dimensional security policy in your organization, i.e. firstly understand your requirement based on which IT Security policy would be prepared accordingly. Secondly, educate your staff about the policy and finally enforce the policy.
  • Make sure you either implement Mailscan at gateway level or enable Mail Anti-virus on endpoint in order to block extensions such as *.EXE, *.SCR, *.JS, *.VBE etc. These attachments would infect your system.
  • Open emails only if you are positive about the source.
  • Disable Auto-play to stop automatic launching of files from the network and removable drives.
Posted in Security | Tagged , , , | Leave a comment