Windows 10 Upgrade Spam Carries CTB-Locker Ransomware

August 3, 2015 – 8:12 PM

In the week since a free upgrade to Windows 10 was made available, users have learned a of about a host of built-in privacy and security issues, the most troubling being a native feature called Wi-Fi Sense that grants access to your Wi-Fi network to contacts stored in a host of online services.

Now hackers are in on the game. The inevitable Windows 10 spam and phishing emails have surfaced, including a serious threat via a spam campaign spoofing Microsoft and ultimately dropping ransomware on users’ machines.

Researchers at Cisco TALOS said on Friday they spotted spam carrying an archived attachment from an email address in Thailand spoofing update at Microsoft[.]com. Users who download and execute the files inside the zip archive are hit by the CTB-Locker brand of ransomware. CTB-Locker behaves like most strains of crypto-ransomware; it’s spread via email, exploit kits or drive-by downloads, encrypts documents stored on the computers and demands a ransom paid in Bitcoin in exchange for the encryption key. This campaign gives users a 96-hour window to deliver payment, which is shorter than other campaigns making use of CTB-Locker.

CTB—also known as Critroni—stands for Curve-Tor-Bitcoin, and uses elliptic curve cryptography to encrypt files, and uses the Tor anonymity network for command and control operations.

The current Windows 10 spam campaign has a chance to be quite lucrative, given the thirst most consumers have for the latest and greatest technology. Users, however, must first reserve their spot in a queue in order to get the free upgrade to Windows 10. The spam emails may trick victims into thinking this is their notification from Microsoft to upgrade; legitimate upgrades are done via download, not email, Microsoft said.

Source:
https://threatpost.com/windows-10-upgrade-spam-carries-ctb-locker-ransomware/114114

Flash/HTML5 in Firefox

July 31, 2015 – 9:01 PM

I’ve been asked a lot lately about uninstalling Flash in Firefox and why users are still being served the Flash versions on Youtube, for example, and requiring them to install it before displaying the video.  I was asked again today and thought I would quickly post something about it.

The easiest way is to install the User Agent Switcher add-on and pick a user-agent string that is not compatible with Flash (iPad or iPhone strings work well).  This will force the HTML5 version of the pages/videos.

Major Flaw In Android Phones Would Let Hackers In With Just A Text

July 27, 2015 – 7:24 PM

Android is the most popular mobile operating system on Earth: About 80 percent of smartphones run on it. And, according to mobile security experts at the firm Zimperium, there’s a gaping hole in the software — one that would let hackers break into someone’s phone and take over, just by knowing the phone’s number.

Just A Text

In this attack, the target would not need to goof up — open an attachment or download a file that’s corrupt. The malicious code would take over instantly, the moment you receive a text message.

“This happens even before the sound that you’ve received a message has even occurred,” says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker’s Handbook. “That’s what makes it so dangerous. [It] could be absolutely silent. You may not even see anything.”

Here’s how the attack would work: The bad guy creates a short video, hides the malware inside it and texts it to your number. As soon as it’s received by the phone, Drake says, “it does its initial processing, which triggers the vulnerability.”

Source:
http://www.npr.org/sections/alltechconsidered/2015/07/27/426613020/major-flaw-in-android-phones-would-let-hackers-in-with-just-a-text

Windows 10 automatic updates are mandatory for Home users

July 18, 2015 – 8:18 AM

Microsoft has always struggled to get consumers to install important Windows updates, but it’s pulling out the big guns with Windows 10. The company has confirmed that Home users of Windows 10 will have to agree to receive system updates automatically as part of the terms and conditions. So you’re going to be up-to-date whether you like it or not.

Windows 10 is supposed to be the last distinct version of Windows, so Microsoft wants to get everyone upgraded. This is probably why it’s making the upgrade free at first (it’s a trap!). Once Microsoft has you on the new version, you can be kept current forever with the automatic updates. Automatic updating was the default behavior in past versions of Windows, but now the updates will just happen in the background. Business users and IT departments will have the option of disabling that, though.

The sting of the Windows XP era is still fresh for Microsoft. It tried several times to end support for the now-ancient OS, but had to push the date back because there were still so many instances of XP running. Microsoft finally managed to leave XP behind a few years ago, but it still runs paid custom support programs. Upgrades to Windows 8 have been sluggish as well. In fact, most Windows users are still on Windows 7.

Microsoft hasn’t mentioned if the update scheme will be improved at all in Windows 10. One of the reasons everyone shut off automatic updates in past versions is that so many updates require a restart. If Microsoft starts forcing everyone to restart constantly with no way to opt out, it might have some very upset customers on its hands. On the plus side, there will be fewer vulnerable computers out there.

Source:
http://www.geek.com/microsoft/windows-10-automatic-updates-are-mandatory-for-home-users-1628305/

New Version of TeslaCrypt Changes Encryption Scheme

July 14, 2015 – 5:26 PM

A new version of the nasty TeslaCrypt ransomware is making the rounds, and the creators have added several new features, including an improved encryption scheme and some details designed to mimic CryptoWall.

TeslaCrypt is among the more recent variants of ransomware to emerge and the malware, which is a variant of CryptoLocker, is unique in that it targets files from gaming platforms as well as other common file types. Version 2.0.0 of TeslaCrypt, discovered recently by researchers at Kaspersky Lab, no longer uses a typical GUI to show users the warning about their files being encrypted. Instead, the malware opens a page in the user’s browser to display a warning message that is taken directly from CryptoWall.

That change, researchers speculated, could be a way to make TeslaCrypt seem more intimidating.

“Why use this false front? We can only guess – perhaps the attackers wanted to impress the gravity of the situation on their victims: files encrypted by CryptoWall still cannot be decrypted, which is not true of many TeslaCrypt infections,” Fedor Sinitsyn of Kaspersky Lab wrote in an analysis of the new ransomware.

But the more significant modification in version 2.0.0 is the inclusion of an updated encryption method. TeslaCrypt, like many other ransomware variants, encrypts the files on victims’ machines and demands a payment in order to obtain the decryption key. The payment typically must be in Bitcoin and the attackers using crypto ransomware have been quite successful in running their scams. Estimates of the revenue generated by variants such as CryptoLocker run into the millions of dollars per month.

Source:
https://threatpost.com/new-version-of-teslacrypt-changes-encryption-scheme/113786