Wednesday, 30 April 2014

Russian Internet giant offers email service without a password

The Russian Internet giant Mail.Ru has a new e-mail service launched where users have no password. such as the e-mail service is called, is in fact only accessible via an app on the smartphone.Once users register they will receive a unique SMS code.
This registration code is used once, after which users never have to enter a password. The phone is namely as authentication."And you always have with you", so let the developers know. Our own research would show that often their email on their smartphone then check users on their desktop.
Furthermore, all sent and received e-mails should be encrypted, but specific details are not given. In addition, users of the free e-mail service to get 150 gigabytes of data storage, ten times as much as in the case of Gmail. is only available for iOS and Android users. The developers say that they keep an eye on Windows Phone, but due to limited resources and expertise will now focus on iOS and Android.

Spammers bypass spam filters with non-Latin characters

Spammers use a variety of ways, such as images and ASCII text, to bypass spam filters and get. As phishing emails and other messages delivered to the mailbox of Internet users but recently the use of non-Latin characters, a trend to be.
This allows anti-virus firm Kaspersky Lab. It concerns in particular Italian phishing emails, which spammers use certain non-Latin characters to replace. Latin characters This is possible thanks to the UTF-8 encoding system, in which characters from different writing systems can be combined in the same e-mails said analyst Maria Rubinstein. In the image below, several of the non-Latin characters underlined in red.

Tuesday, 29 April 2014

New ransomware Crypto Donkey hostage Files

There would be a new form of ransomware are called Crypto Donkey those files on infected computers for ransom encrypts, let the American television KFOX know. The malware would spread through e-mail and displays the image of a donkey if the computer is infected.
Then victims get five days to pay $ 500 or they lose their files. The malware that different users in Texas would have taken would also encrypt external drives. Further details about Crypto Donkey are not given, and also on the Internet is nothing to find. Regarding the alleged ransomware KFOX published or below photo of a screen of Crypto Donkey.

University advises password more than 20 characters

The Stanford University has implemented new password policy, which the students and employees advise to choose a password. Minimum of 20 characters Long passwords are safer because, according to the university to guess or crack them attackers need more time.
Easily guessed passwords would still be a problem for the university. While Stanford still accepts passwords of eight characters, users need this to various requirements, such as a combination of lowercase, uppercase, numbers and symbols.Passwords from 12 to 16 characters lowercase, uppercase and numbers are mandatory.
From 16 to 20 uppercase and lowercase characters are sufficient. As of 20 characters, there are no restrictions. Passwords longer than 20 characters describes the university in an infographic as the "gold standard" and would offer the most protection. To remember a password of 20 characters, the concept of passphrases advised, where users leave the password of several words exist.
"It is always wise to disguise by some strange, nonsensical or random elements to add simplicity," it says in the password policy explained. "Pizza with crispy Spaniels!" and "mangled Persimmon Therapy?" are two examples of passphrases that the university gives and consisting of more than 20 characters.

Monday, 28 April 2014

XP users should avoid Internet Explorer

Windows XP users should not use Internet Explorer now there is a new leak was discovered in the browser. That suggests Mikko Hypponen of the Finnish F-Secure. This weekend it was announced that a new leak in IE is present that is deployed. Limited extent in targeted attacks
The vulnerability in Internet Explorer 6 to 11 present, although the attacks were directed only. Against users of IE9, IE10 and IE11 Since Microsoft no longer supports Windows XP, except for organizations with an extended service contract available, run IE users on the platform risk because there is no patch will be released which fixes the leak more.
Symantec also recommends that XP users to use another browser, but notes that this is a temporary measure until Microsoft has released a patch. A notable addition, because most XP users will receive. No more updates For XP users that IE can not do without the use of Microsoft's free Enhanced Mitigation Experience Toolkit (EMET) 4.1 option.
This program adds additional security to the system and also works on Windows XP. The tool prevents attackers newly discovered IE vulnerability to exploit, according to Symantec. Besides XP users also users of other Windows versions can protect themselves through EMET against the vulnerability.

Warning of new vulnerability in Internet Explorer

There is a new and critical vulnerability in Internet Explorer discovers that actively used to infect computers with malware and cyber criminals which no update is available from Microsoft. The vulnerability affects Internet Explorer 6 to Internet Explorer 11.
The attacks that were observed, however, were directed against IE9, IE10 and IE11. According to the U.S. security firm FireEye is the exploit of the vulnerability abuse by an APT (advanced persistent threat) group "used in the past more zero-day vulnerabilities used, including Firefox and Adobe Flash Player.
"We think this is an important zero-day, because the vulnerable versions about a quarter of the browser market decide," said analyst Chen Xiaobo. The exploits that attackers use uses a technique known through Adobe Flash Player, the Windows security bypasses to attack the unknown. Leak in IE


Microsoft vulnerability has also been confirmed and suggests that it is deployed. in targeted attacks only on a limited scalePending a security IE users to take various measures to protect themselves. Enabling the Enhanced Protected Mode in IE10 and IE11 can prevent the attack. IE users on Windows 7 itself should enable this option. Windows 8 Enhanced Protected Mode is enabled only in the "Metro" version of IE. If the desktop version of the browser on Windows 8 should still enable the measure itself used.
Since the exploit Adobe Flash Player as a springboard to attack the causes browserlek to disable the Flash Player plug-in in Internet Explorer ensure that the attack does not work anymore. Finally IE users can protect themselves by installing the Enhanced Mitigation Experience Toolkit (EMET) version 4.1 or 5.0 Tech Preview .

Monday, 14 April 2014

Top 5 of imaginary viruses that would make the world more fun

Why bugs should always be evil? What if they would like you to reconcile with your ex fun and useful things, or that awful Tumblr account before you delete?
Stuart Heritage describes in The Guardian five imaginary viruses that would make the world. enjoyable. He calls virus creators to show another side of himself, and actively improve to helping people instead of harassing. Positive viruses the world

1. Facebook privacy virus

The privacy settings on Facebook are all an eyesore. Every few months, Facebook decision or something which leads to a sudden anyone 5 years old photo, where you say the least not too flattering on state, can be seen. Then you have to login again and again confirm what you want to share and what not. What if a virus would be that would ensure that all of your pictures remain private forever? Would not that be nice?

2. Spotify playlist virus

No one will just have to play Spotify playlists at a party. Sane Indeed, there is a high probability that a track is played where you actually die ashamed of you and so you end up with your tail between your legs to leave the party. But think of a virus scan on playlists of songs you could possibly embarrass and removes them for you before anyone else can hear? That way you'll never laughed!

3. Tumblr itself destroyer

The world is full of teenagers who cram their Tumblr account with hand-drawn Justin Bieber fan art or other bad things. There will come a day when these teens will apply. Their potential employer will google their name and find the Tumblr account, with all its consequences. Rising unemployment is the result. Why does no one a virus that all traces of your Tumblr account automatically deleted on the day of your 18th birthday? That would be the best for everyone!

4. Reconcile virus

Gmail still read all all emails. Why is there no peaceful virus maker who does something here? What if somehow the phrase "How could you cheat on me" pops up. Reconcile the virus would see this and immediately, of course with a stolen credit card, buy a huge bouquet and have it delivered. Indignant at the partner Bingo! Everyone is happy again because everyone loves flowers, regardless of the sender.

5. Reminder Flickr

Just a virus that sends emails to you to remind that the Flickr account that you created in 2004 still exists ...

New IDS notes deviant behavior

A team of researchers at Binghamton University has a new intrusion detection system that operates on the basis of monitoring the behaviour of systems and noticing when it is different from "normal" behaviour.
The project called "Intrusion Detection Systems: Object Access Graphs" was funded by the "Air Force Office of Scientific Research" was conducted by PhD Patricia Moat and Zachary Birnbaum and researcher Andrey Dolgikh. They were accompanied by Victor Skormin, professor of "electrical and computer engineering."


The researchers have chosen to focus on the behaviour of the system instead of detecting malware. This choice was made because malware can change there may be new definitions. Designed for faster
"We take a photo from your computer, and then we compare it with a picture of a computer that behaves normally a picture of an infected computer. Then we look at the differences," says Birnbaum. "On the basis of the differences we can see that the computer is infected and to what kind of infection it is. Soon as you know you are infected, you can take action."
"System calls that are made under normal circumstances be converted to" graph components "which are used as the basis of the profile of a computer again normally," the researchers explain.
Source: Intrusion Detection Using N-Grams or Graph Object Access Components

"Our results show that an efficient detection of abnormal behaviour is made possible by a clever use of" graph processing "algorithms to make system behaviour profiles."
The PDF with details about the project you can here find.

Sunday, 13 April 2014

U.S. sues nine people for spreading Zeus Trojan

The U.S. Justice Department has nine alleged members of a criminal organization accused of distributing and using the Zeus Trojan.
According to the prosecutor, they are responsible for infecting thousands of corporate computers with malware. Most of the suspects are from Ukraine.
Two of the suspects, Yuriy Konovalenko (31) and Yevhen Kulibaba (36) were arrested. The Ukrainians were arrested in the UK and have recently been extradited to the United States. Three other Ukrainians and Russian are also indicted but remain at large. The rest of the indicted individuals are not identified and included in the indictment. As "John Doe".


All defendants are accused of conspiring to computer fraud and identity theft, conspiracy to commit extortion, several cases of bank fraud and identity theft qualified.
The suspects are accused of using Zeus or ZBot order bank account numbers, passwords, personal identification numbers, RSA SecureID token codes and similar information needed to log in to steal. On online bank accounts In the indictment was read to the accused banks were wise they were employees of the victims and were authorized to make transfers from the bank accounts of the victims.
Among the victims of the scam Zeus were the Bank of America, First National Bank of Omaha, Nebraska and the Franciscan Sisters of Chicago and Key Bank.


The suspects reportedly used U.S. citizens as straw men. The straw men took the money and then returns to a foreign bank account of the criminals.
Kulibaba ran allegedly laundering network in the UK, while Konovalenko would have settled and was responsible for forwarding the information to Kulibaba. Straw men and the bank details The other members of the organization were responsible for the development of the malware and the financial and technical management.
"The Zeus Trojan is one of the most damaging financial malware ever used," said Assistant Attorney General David O'Neil. "As the charges demonstrate, we are determined to make the Internet safer and protect. Personal data and bank accounts of American consumers".


The British police, the Dutch High Tech Crime Team and the Ukrainian Secret Service have the U.S. Department of Justice assisted with the investigation.
In 2007 Zeus botnet infected millions of computers worldwide. In 2010, a study by security firm RSA that almost all the "Fortune 500" companies have some form of a Zeus infection showed. From 2011 Zeus is sold as a commercial product.

Saturday, 12 April 2014

NSA for 2 years at the height of Heart Bleed

According to the U.S. News Agency Bloomberg NSA was familiar with the Heart Bleed bug for 2 years and she has the vulnerability in OpenSSL frequently used to gather information. Bloomberg cites sources that are "aware of the situation" are.
The decision of the NSA to keep the secret bug in the framework of national security interests, the debate about the role of computer experts from the U.S. government, revived considerably. Again
Heart Bleed seems one of the biggest leak in the history of the Internet to have. As many as two-thirds of the world's websites is touched. The discovery and the advisory that five days ago was published by researchers has led to massive consumers have changed their passwords, the Canadian government has postponed the electronic tax return and that large technology companies such as Cisco Systems and Juniper Networks patches for their systems released. There are also a lot of new SSL certificates issued.
The Heart Bleed bug quietly adding to the arsenal, the NSA has been able to obtain. Passwords and other important information The price for this was high. Millions of ordinary users are left to their own and all that time was vulnerable to attack by secret services and cyber criminals.
Jason Healey, director of the "cyber statecraft initiative at the Atlantic Council" and a former Air Force officer explains: "The security community will not chip them really leave after this revelation."
The NSA has just been denied before the vulnerability became public last week. Bleed Heart of informed on twitter

Google Android security improves with continuous scanning app

A new feature of Google now scan already installed apps. Because although Google apps checks before they come into the Google Play store it sometimes happens that still change their permissions after installing apps, or other things that they should not be changed after installation.
The "Bouncer" security scan is not infallible. There are plenty of third party apps that know the scan in one way or another to evade. In addition, there is still plenty of Android users that before the "Verify apps" or "Bouncer" security feature was installed on their smartphone apps are introduced.


Google makes the process of scanning, verifying and warn easier by the introduction of a new expansion of its "Verify apps" service. The Android overlord will now continuously and fully automatically, go check to make sure that "all apps to behave safely, even after installation."
"In the past year, the year Verify Apps was launched, the service uses more than 4 billion times to check at the time of installation. The new feature, which uses the powerful Android scanning system developed by apps Android security and SafeBrowsing teams, will further extend the protection, "said Rich Cannings Android security engineer on his blog.
Cannings further says that less than 0.18 percent of app installations in the past year went ahead after receiving a warning from the user malware apps Verify service.
The new feature is officially launched today as a free Google Play update for those with Android 2.3 or higher. The announcement comes shortly after the discovery of the Shield Virus scam.

Friday, 11 April 2014

Condoleezza Rice joins Dropbox, discussion widely

Last Wednesday, the cloud storage service Dropbox known that former foreign minister of the United States, Condoleezza Rice, joins the board of directors of the company. The company called Rice "a leader who can help expand. Global presence from us"


The addition of Rice took somewhat different than planned because since the arrival of Rice is Dropbox under fire and the discussion flared up. There is a campaign "Drop Dropbox" started calling to make the service any longer.
The main objection that is mentioned on this site is that Rice was actively involved in the decision to start the war. Iraq Rice also performed according to the website a central role in legitimizing torture under the Bush administration. It is stated that a report by the Senate shows that Rice verbally gave permission to torture suspects and later lied about the extent to which she was involved in this decision.
It is also claimed that Rice was not only a supporter of the extensive domestic spying program under the Bush administration, but they also gave permission without judicial warrant to eavesdrop. Members of the UN Security Council.
"Why in God's name, given what we now know about the secret spying program of the U.S. and the role of rice in there playing, like someone if she is involved in Dropbox, an organization that we trust with our most important business and personal data? "
Finally the website gives an overview of alternatives to Dropbox.


The discussion about the arrival of Rice is widespread. Many websites have a negative sound. Also on twitter are many negative comments found.

The Ins and Outs of ransomware

Malware researcher Bart Blaze has published an extensive article about ransomware on his blog. In the article he interviews a number of anti-malware experts who give their opinion on the current trends and the evolution of ransomware.
The following experts shared their insights:
  • Malware researcher Malekal
  • Adam Kujawa - Malwarebytes Head of Malware Intelligence
  • Fabio Assolini - Kaspersky Senior Security Researcher
  • Fabian Wosar - Emsisoft GmbH Administration / Development
  • Hendrik Adrian - MalwareMustDie Security Research Group


The experts will discuss, among other things: their first acquaintance with ransomware, the psychological aspect of ransomware, how ransomware spreads, how effective it is in practice, and last but not least, how can one protect against this specific type of malware.
The experts agree on one thing: the first versions of ransomware were quite primitive but very effective. Over the years it has evolved greatly ransomware and cybercriminals are earning millions of dollars with it. The reason that this type of malware is so fast becoming popular is the fact that ransomware savings than "rogueware" (fake antivirus software), and in particular the variants encrypt files, such as Crypto Locker more money.
"Ransomware as Crypto Locker is currently more efficient than the FBI called Ransomware because almost everyone knows this form now. When the FBI was everyone thought it was legitimate, variant first spotted" explains Adam Kujawa out. "I can not give you exact percentages because I do not have it, but the golden rule is that when a particular attack vector of attack strategy is reused, meaning that the tactic is effective and therefore works. We now identify malware like Prison Locker (or Power Locker ) due to the success of Crypto Locker, just as we saw hundreds of variants and families of the FBI Ransomware in 2012. "


The article also contains several recommendations for both end users and companies. How can one protect against ransomware and what can one do when a computer is infected.

End users

For end users, it comes down to the following: keep all your software up to date, install an antivirus program, remove unused software (eg Java), install security add-ons such as NoScript in the browser (and update it also ), no download applications via spam or suspicious or unknown websites and make backups (and disconnect the external drive after taking the backup).


For companies, the recommendations are as follows: Use strong passwords for servers, RDP switch off if possible, use a spam filter, using group policies, limit the rights of users, instruct your users and also applies here: make backups.

Never pay

Victims of ransomware should certainly never proceed to payment. There is no guarantee that the cyber criminals the files or accessing the computer will recover. Maybe you even more vulnerable to a new attack, the cyber criminals will know after all that you will pay. By following the recommendations, however, you reduce the chance of becoming a victim already drastically.
Do you want more information, detailed advice and tips, then read the article at Blaze's Security Blog.

Thursday, 10 April 2014

Serious flaw found in OpenSSL

Programmers create code and hackers find errors in it and use them. Discovered a hole in the most widespread cryptographic the OpenSSL could potentially lead to data theft almost all Internet users.

Seventh of April came security bulletin CVE-2014-0160, from which it became aware of the continued existence of a critical vulnerability in the cryptographic package OpenSSL.

Found that implementation algorithms TLS and SSL are used today in most versions of OpenSSL properly handle expansion packs Heartbeat (because of what the error was called HeartBleed). This allows hackers to gain remote access to confidential information from RAM active network process outside the buffer.

An error in the system has learned the Finnish-American company Codenomicon, what hastened to inform the world through a special website Heart Bleed - is the name given error experts, loosely translated it means "bleeding heart."

Such dramatic name was not chosen randomly. An error was detected in the package heartbeat (heart beat, heart rate) used for fault detection and resource management server cluster. The result was a play on words in the heart of the leak occurred.

Surprisingly, the critical vulnerability did not notice for two years. It affects all versions from 1.0.1 to OpenSSL 1.0.1f inclusive and 1.0.2-beta1.

As a result of that error in them is not checked  in the recording of the actual length of SSLv3. This allows you to read without authorization to 64 Kbytes of RAM process on the connected client or server for each request. In many cases this is enough to get the keys, passwords or other sensitive data. Vulnerable versions of OpenSSL cryptographic package from March 2012 are included in many distributions and BSD OS family of almost all branches of the Linux Debian, RedHat and Slackware. 

The first error affects servers Apache, nginx, project Tor (via the web server, as well as many websites that use the HTTPS, even if access to them is carried out by VPN.

Unlike all the other "helpers hackers» Heart Bleed intercepts encryption keys - the cornerstone of secure connections, which encrypts the data transmission between servers. By themselves, the captured data is not worth anything, because the same encrypted PIN bank card might look like, «dkgh # k87u». Without the key, which will allow to decipher the code, it's just a set of symbols. But if the key will be in the hands of criminals, then get the raw data for them there is no trouble.

The greatest danger lies in the fact that this hack does not leave absolutely no trace in the case of data theft is not possible to know about this.

It would seem, what's this, because such errors are almost every day. However encryption package OpenSSL - the most widespread in the world. It is used mostly in the Apache web server and nginx. According to research company Netcraft, on these architectures employ about 66% of all sites on the Internet. Thus, only every third site does not represent a potential threat in terms of data theft. Among the endangered sites include such popular services like Twitter, Dropbox, Yahoo!, Steam and others. OpenSSL packages are used to everything else for the operation of e-mail servers and diverse client software.

To determine the degree of risk of error Codenomicon tried to kidnap their own data as it would make professional hackers.

As a result, they managed to make an attack on their own servers, without leaving any traces. Using only a hole in the system, Codenomicon received encryption keys. Using them, experts have collected from servers usernames and passwords, correspondence employees through messengers and email, as well as confidential company records stored on your computer.

Of course, such a dangerous hole could not remain uncovered. As a result, on April 7 was released a new version of OpenSSL, in which the error is no longer present. However, a simple upgrade package is not enough. If criminals have stolen encryption keys, they can use them in the same way as in the previous version, and for security administrators need to get a new security certificates and to generate new keys.

Of course, for large projects should not worry, because the price of their negligence administrators too great. It can be assumed that the relevant work already done on the servers.

In Codenomicon even see the positive side of Heart Bleed: because administrators can not ignore the fact that hole detection, they have to update the system data encryption on their servers. Along with them are likely to be installed, and other updates that have been postponed for a certain period.

While common in the bulletin and news reports officially recommend the following steps:

  • Install a patched version of OpenSSL 1.0.1g or 1.0.2-beta2 or recompile OpenSSL package with key OPENSSL_NO_HEARTBEATS;
  • reissue the SSL-certificate;
  • lures (honeypot), simulating the presence of a vulnerable server package OpenSSL, and check to connect to them.

We recommend that if you do not use in public places WiFi network, then try to put this kind of functionality is temporarily closed.

Personal use of computers when not readily allow strangers remote control of their computer to prevent personal information from being stolen.

Once the leakage of information to remind consumers to timely remedy, keep relevant evidence, take the initiative to safeguard their rights.

Wednesday, 9 April 2014

Fake poll as a lure for Facebook Phishing Scam

The Facebook application asks users to register their votes

Cyber criminals have again found a new way to Facebook to trick users into entering their login details. They run a fake online poll for the purpose of luring. Potential victims to a phishing site.

A pop-up window requesting for user account information

Symantec reports that the scammers run an online poll with the question: "Who better boys or girls" Once the visitor has cast his vote will be prompted to log in to the Facebook account and asked whether the visitor is male or female. After logging the victim sees the message that his voice has been sent. Scammers host the site on a subdomain ([http://] Smart Apps. [deleted]. com) to indicate that it is an application and the to appear. matter professionally in this context is the number of voters also raised periodically.

A comparison of the previous vote count and the current vote count

While it does seem that way at first glance Facebook has nothing to do with the campaign. When visitors log in reality they give their login information to the cyber criminals.

The scammers probably realize only too well that many Facebook users, this kind of thing every day without too much thought do. It is not inconceivable that they have already succeeded in many account data store.

To a victim of a Facebook scam to be, it is important that you never put your password on domain other than enter. The real login page of Facebook is secured with an SSL certificate which can be used by the padlock in the address bar of the browser and the HTTPS recognized connection.

Tuesday, 8 April 2014

Symantec: New era of mega-data leaks' has arrived

According to Symantec, a new era of "mega-data leaks' dawned. Cyber ​​attacks are becoming larger and cost tens of millions of dollars in damage.

At the end of 2013, the most damaging cyber attacks occurred in history, according to the annual Internet Security Threat Report (ISTR) from Symantec. The report shows a significant change seen in the way cybercriminals operate. Kept criminals rather mainly with fast attacks that had a small profit result, now they take months to prepare that generate a lot of money. Larger data leaks for
"A mega attack produces sometimes the same as 50 smaller attacks," said Tom Welling, Security Expert at Symantec Benelux. "Although the level of attacks continues to rise, more and more criminals have more patience and they wait until they can commit to deliver more money with a major attack."

The report also reveals that cyber criminals often use networks in the Netherlands to commit cyber attacks. If so-called "threat-source country rises Netherlands internationally from place to place 7 4. In the top ten of threat-source countries, only the Netherlands and Russia increased relatively strongly in 2013.

The number of data breaches in 2013 increased by 62 percent compared with 2012. As a result, more than 552 million online identities exposed to cyber criminals. So Cybercrime remains a real and damaging threat to both consumers and businesses. In the Netherlands, the favorite sector of cybercriminals each attack varies. The telecom industry is the biggest target for spam (77 percent), followed by the financial sector (64 percent). When it comes to malware, it is the largest retail target.

Compared to 2012, targeted attacks increased by 91 percent in 2013. Moreover, the attacks in 2013 lasted on average three times as long. Looking at occupations, personal assistants and PR staff are most attacked, because they are often a prelude to prominent figures such as celebrities or executives of large corporations.

According to Symantec, there are certain steps that businesses and consumers can take to protect against possible data leaks, targeted attacks, or general spam better.

Tips for Business
Know your data: information should be the focus of protection are not the devices or the data center. Knowing where sensitive information is located and where it is flowing, helps determine the best policy and the best procedures to protect the data.

Inform employees supervised workers in protecting their information. Give them an insight into the corporate policies and procedures for protecting sensitive data on personal and corporate devices.
Implement proper security infrastructure: strengthen the security infrastructure through prevention practices aimed at data loss, network security, endpoint security, encryption, strong authentication and defensive measures, such as reputation-based technologies.

Tips for consumers
Be smart in the field of security: Choose a strong password and update all your devices with the latest security software.
Pay attention: check bank and credit card statements for irregularities and be careful when responding to unsolicited or unexpected emails. Also be alert for online deals that seem too good to be true, because usually they are just that.
Know with whom you work, make sure you are familiar with the policies of retailers and online services that can retrieve bank or personal information. If this information should be shared, please do so via the official website of the company and not through an email link.

Detailed Report

Monday, 7 April 2014

Popular Virus Shield App apparent scam

Security conscious Android users were disappointed this week when it emerged that their Virus Shield anti-virus app was nothing more than a simple image on the screen of their mobile phone or device.
According maker Deviant Solutions Virus Shield prevents malicious apps end up on the mobile device of the user. In addition, the apps, settings, files, and media in real time would scan the app and would protect the private information of the owner. All this, with minimal impact on battery and without showing ads.

Google Play Store
The app received a whopping 4.7 stars in the official Google Play Store, cost $ 3.99 and was within a week of the best-selling paid app in the Store.

Unfortunately, the promise proved too good to be true. When the Android Police glanced at the source code, it was found that the only functionality of the app consisted of a picture of a shield with a cross and a shield with a check mark where the user could switch by tapping on the screen. between This would produce the so-called security should be off. Or in Deviant Solutions, however, proved "failed" to have an effective anti-virus application after the on-off button to hang up.
Virus Shield has been removed from the Google Play Store.

Wednesday, 2 April 2014

Ransomware Crypto Defense allows decryption key behind computer victim

Ransomware Crypto Defense contains a crucial mistake: it allows the decryption key back to the computer of the victim.

Symantec analyzed Crypto Defense. The ransomware is part of the extended family of malware programs that encrypt files of victims until a ransom is paid. Crypto Defense uses Microsoft and Windows API to generate Encryption and decryption keys.

Defense Crypto encrypts files using a 2048-bit RSA key. The secret key needed to de-crypt the files will be sent back to the server, the attacker until the ransom is paid again. Apparently the developers did not know that the secret key on the computer of the victim is in a directory containing application data. This key can decrypt the victim his data without the intervention of the cyber criminals. Itself, Unfortunately, the average user will not have enough knowledge to make this actually perform.

Symantec estimates that have received, which shows the effectiveness of the scam. Cyber criminals within one month, more than $ 34,000 in bitcoins.
Symantec has blocked 11,000 Defense Crypto infection attempts in more than 100 countries. The majority of infection attempts were in the U.S., followed by Britain, Canada, Australia, Japan, India, Italy and the Netherlands.

MD5: f57d188c4667fab46208396af20badd2 (Virus Total Permalink)
         60f302b88160c27263c61c7e91dcb94e (Virus Total Permalink)

Tinder plagued by spam bots

A number of users of dating app Tinder reports that they are matched a fake profile of an attractive woman.In reality the automated bots that users want to download. Mobile game "Castle Clash"
The bots display a link to the game via the URL "", making it seem like Tinder is the owner of the URL, or is involved in any case in one way or another to the action. This is not the case.
A Reddit user realized what was happening and posted a screenshot. This post now has a handful of responses from others who say they have experienced the same. Also on Twitter More and more reports from people who claim they are matched with a fake profile.
The bot first sends innocent messages like "hey" and "how are you?" then they tell the unsuspecting user that they have such a fun game on their phone, "Castle Clash, have you heard of?" The bot then informs the URL, no matter what was the response of the user.
It is still unclear who exactly is behind the fake accounts, even though the app developer course obvious. The company offers dozens of games on the App Store and Google Play. However, it is also possible that the developer himself the victim of an aggressive promotional network as previously happened with the on-demand ride service Uber .
Tinder shows himself to be aware of the problem and said the necessary steps to remove the spam.

Symantec Detailed Report