Aceh Forex Business-Forex News, Business Finance News

Bateeilee blog admin will share What is a DDoS attack?. Trojans are often used to launch Distributed Denial of Service (DDoS) attacks against targeted systems, but just what is a DDoS attack and how are they performed?

At its most basic level, a Distributed Denial of Service (DDoS) attack overwhelms the target system with data, such that the response from the target system is either slowed or stopped altogether. In order to create the necessary amount of traffic, a network of zombie or bot computers is most often used.

Zombies or botnets are computers that have been compromised by attackers, generally through the use of Trojans, allowing these compromised systems to be remotely controlled. Collectively, these systems are manipulated to create the high traffic flow necessary to create a DDoS attack.

Use of these botnets are often auctioned and traded among attackers, thus a compromised system may be under the control of multiple criminals – each with a different purpose in mind. Some attackers may use the botnet as a spam-relay, others to act as a download site for malicious code, some to host phishing scams, and others for the aforementioned DDoS attacks.

Several techniques can be used to facilitate a Distributed Denial of Service attack. Two of the more common are HTTP GET requests and SYN Floods. One of the most notorious examples of an HTTP GET attack was from the MyDoom worm, which targeted the SCO.com website. The GET attack works as its name suggests – it sends a request for a specific page (generally the homepage) to the target server. In the case of the MyDoom worm, 64 requests were sent every second from every infected system. With tens of thousands of computers estimated to be infected by MyDoom, the attack quickly proved overwhelming to SCO.com, knocking it offline for several days.

A SYN Flood is basically an aborted handshake. Internet communications use a three-way handshake. The initiating client initiates with a SYN, the server responds with a SYN-ACK, and the client is then supposed to respond with an ACK. Using spoofed IP addresses, an attacker sends the SYN which results in the SYN-ACK being sent to a non-requesting (and often non-existing) address. The server then waits for the ACK response to no avail. When large numbers of these aborted SYN packets are sent to a target, the server resources are exhausted and the server succumbs to the SYN Flood DDoS.

Several other types of DDoS attacks can be launched, including UDP Fragment Attacks, ICMP Floods, and the Ping of Death. For further details on the types of DDoS attacks, visit the The Advanced Networking Management Lab (ANML) and review their Distributed Denial of Service Attacks (DDoS) Resources.

Bateeilee Blog will post Fake Antivirus Software. Have you ever installed an antivirus software thinking it was a legitimate program but you later found out you installed a fake application? If this has happened to you, chances are you installed a Trojan horse virus. This often happens when you visit a website that is infected with malware and are prompted with a pop-up message stating that your PC is infected. The pop-up window will include antivirus icons and will highlight a fake list of malware that has been detected on your machine. The fake antivirus window may even mimic the Windows Security Center. Consequently, you’re enticed to click on the scan button in order to quickly remove the infection. However, if you do, you will inadvertently install the Trojan horse virus. Furthermore, the Trojan horse virus may inform you that you have to pay to register the fake application in order to remove the false malware threats.

What is Winwebsec?

 

A variety of these fake antivirus applications exist. One of the most common Trojan horse viruses that fall under this category is called Winwebsec. Winwebsec has been distributed under several different names, which include:

• Disk Antivirus Professional
• Live Security Platinum
• MS Removal Tool
• Security Shield
• System Security
• Win 8 Security System

Please be aware that all of the above are fraudulent antivirus applications and you should avoid clicking and installing them.

Payload

 

When the fraudulent antivirus application is installed and executed, it performs a fake scan of your computer and reports false infected files. In addition, Winwebsec prevents you from launching your applications by displaying a message stating that the process is infected. It specifically targets and disables processes related to Windows Update, Windows Security Center, and antivirus software products. However, Winwebsec is sophisticated enough to allow Internet connectivity processes, which enables it to communicate to other infected hosts, download additional malware, contact the remote attacker, etc.

How to Protect Yourself from Winwebsec

 

Most users become infected with a Winwebsec variant by visiting an infected website. If you suddenly see an antivirus display box with a list of infected files after visiting a webpage, do not install, click on “scan”, or click on “remove all” if you are not 100% positive that the display is from your official antivirus program. Instead, access Windows Task Manager to view the running processes, applications, and services. Once on Windows Task Manager, I recommend closing your Internet browser application as well as anything associated with the suspicious antivirus program. Then, launch your antivirus application, install the latest virus definitions, and run a full-system scan of your PC to ensure that you did not become infected with the Winwebsec Trojan horse virus. In addition, you can take the following steps to prevent infection on your computer:

• Install the latest system updates -- Ensure you have the latest updates installed on your computer. System updates help protect your computer form malware. Use Automatic Updates in Windows to automatically download and install Microsoft security updates for your computer.
• Use an antivirus software application -- Once you install an antivirus software on your PC, you must update the application with the latest signature files. Configure your antivirus software to routinely check for updates and schedule your application to scan your machine on a regular basis.
• Enable your firewall -- Firewalls monitor the network and are capable of blocking suspicious traffic. You can enable the Microsoft Windows Internet Connection Firewall for your computer.
• Open email attachments with care -- Use extreme caution when handling emails and attachments you receive from unknown sources.

By following these steps, you significantly decrease your chances on becoming infected with Winwebsed. In addition, these steps will also protect you from other high risk malware threats.

Bateeilee Blog admin will post What is a Trojan Horse virus?. A Trojan Horse is an email virus usually released by an email attachment. If opened, it will scour your hard drive for any personal and financial information such as your social security, account, and PIN numbers. Once it has collected your info, it is sent to a thief’s database. 
 
Now, there are Trojan Horses and there are viruses, but there's no such thing as a Trojan Horse virus. In fact, the very definition of each precludes any chance of there being such a thing. A Trojan does not replicate. Viruses do. That fact alone means there can never be a "Trojan Horse virus".

The Visa description continues with, "A Trojan Horse is an email virus usually released by an email attachment." Not so. A Trojan may be sent as an attachment in email, but it's certainly not an email virus. (In fact there are few true email viruses, but that's a whole other topic). So it may or may not arrive in email, and it's equally likely to have been downloaded from a website or resulted from a P2P file transfer. In other words, vector has nothing to do with whether something is or isn't a Trojan.

Just what is a Trojan then? A Trojan is a program that appears to be legitimate, but in fact does something malicious. Quite often, that something malicious involves gaining remote, surreptitious access to a user's system. Unlike viruses, a Trojan does not replicate (i.e. infect other files), nor does it make copies of itself as worms do.

There are several different types of Trojans. Some of these include: remote access Trojans (RATs), backdoor Trojans (backdoors), IRC Trojans (IRCbots), and keylogging Trojans. Many Trojan encompass multiple types. For example, a Trojan may install both a keylogger and a backdoor. IRC Trojans are often combined with backdoors and RATs to create collections of infected computers known as botnets.

But one thing you probably won't find a Trojan doing is scouring your hard drive for personal details, as the Visa description alleges. Contextually, that would be a bit of a trick for a Trojan. Instead, this is where the keylogging functionality most often comes into play - capturing the user's keystrokes as they type and sending the logs to the attackers. Some of these keyloggers can be pretty sophisticated, targeting only certain websites (for example) and capturing any keystrokes involved with that particular session.

But why is it important to know the difference between a virus, a worm, and a Trojan? Because a virus infects legitimate files, thus if antivirus software detects a virus, that file should be cleaned. Conversely, if antivirus software detects a worm or a Trojan, there is no legitimate file involved and action should be to delete the file.

Bateeilee Blog admin will post Magna Carta Holy Grail Fake App.  Android users have been vulnerable to a malware attack disguising itself to be Jay-Z’s Magna Carta Holy Grail. This Trojan horse targets Android users who want to purchase Jay-Z’s album on their Samsung Galaxy device. A Trojan horse is a program that appears to be legitimate, but in fact does something malicious. For example, a Trojan horse may appear to be a game or a screensaver (in this case, Jay-Z’s legitimate app). A deceived user will download the application and the Trojan horse is released once the user executes the program. Quite often, the Trojan will process malicious attacks involving gaining remote, stealthy access to your system or device.

The Jay-Z’s Magna Carta Holy Grail Trojan horse app was discovered by McAfee Mobile Security. This Android Trojan horse hides within a pirated copy of the Jay-Z app. Samsung users were targeted because the legitimate app was released exclusively for Samsung devices on Google Play.

How To Detect the Fake App

 

If you downloaded the Trojan application, you would realize that the infected app functions identically like Jay-Z’s legitimate app. However, in the background, the Trojan horse transmits data about your infected device to the attacker every time your phone is initiated. Like most malware, this Trojan horse attempts to download and install additional malicious packages. If you had this fake application installed on your Samsung device, you suddenly had your background wallpaper image changed to an image of President Barack Obama on July 4th. The attacker designed a time-trigger event with the Trojan horse app to swap your wallpaper image with the President Barack Obama image.

This vulnerability is a reminder of how Google Play allows apps to be published on their app store. Google attempts to keep the installation approach as open as possible. With Android, you are able to conveniently install apps through multiple means, which include Google Play, non-Android stores, and sideloading. There’s hardly any red tape a developer must encounter when compared to Apple, and consequently, this is how the bad guys submit their malicious apps.

Google launched an Android security feature called Bouncer. Bouncer scans Google Play for malware and eliminates malicious apps before they reach our Android devices. However, some security experts are not too impressed with Bouncer as they have found flaws within the system. An attacker can disguise an app from being malicious, while Bouncer is running, and deploy the malware on a user’s device. Whether Bouncer is safe or not, it’s best to download from a legitimate app store such as Google Play. Jay-Z’s Magna Carta Holy Grail Fake App was downloaded from a pirated album copy that has been found in several other sites.

How To Stay Safe from Malware

 

You should always be cautious about the apps you download and install on your device. The malware payload can cause damage to your mobile device, as well as intrude on your privacy and personal information. You can take the following preventive measures for installing infected apps:

• Only download from a reputable app store, such as Google Play or Amazon Appstore.
• Glance at app reviews -- People will often rate an infected app poorly and will usually warn others through the app reviews.
• Avoid downloading unofficial apps -- It's always safer to install official apps from an official app store.
• Keep your mobile device up-to-date -- Ensure you have the latest updates installed on your device.
• Don't download pirated software.
• Use strong antivirus protection such as McAfee Mobile Security