The computer and software security thread

Technology, computers, internet, websites, mobiles, cameras, audio and video.
SPONSORS: Hua Hin Web Design
Post Reply
laser
Specialist
Specialist
Posts: 131
Joined: Sun Oct 26, 2014 5:17 pm
Location: here & there

Over 98% of All WannaCry Victims Were Using Windows 7

Post by laser »

Numbers released by Kaspersky Lab on Friday reveal that over 98% of all documented WannaCry infections were running versions of the Windows 7 operating system.
Out of all Windows 7 users, the worst hit were users running Windows 7 64-bit edition, accounting for more than 60% of all infections.
The second and third most targeted OS versions were Windows Server 2008 R2, and Windows 10, respectively.

So! XP wasn't to blame after all

The statistics come to disprove popular belief that WannaCry hit mostly Windows XP machines. "The Windows XP count is insignificant," said Costin Raiu, director of Global Research and Analysis Team at Kaspersky Lab.
To infect all these computers, the WannaCry ransomware used an SMB worm that spread on its own to new computers that ran vulnerable SMB services.
That SMB worm was powered by an exploit named ETERNALBLUE. The exploit is part of a collection of hacking tools a group of hackers calling themselves The Shadow Brokers have stolen from the NSA and leaked online in April 2017.

ETERNALBLUE never worked properly on XP, only on Windows 7

Initial analysis of ETERNALBLUE revealed the worm could run on platforms from Windows XP up to Windows 8.1 and Server 2012.
It was during the WannaCry outbreak that researchers discovered the worm only worked reliably on Windows 7, causing errors on other platforms, including Windows XP, on which most infosec talking heads falsely blamed for most WannaCry infections.
Following this discovery, a user has patched the ETERNALBLUE exploit to work without errors on 64-bit editions of Windows 8/8.1 and Windows Server 2012.
Currently, WannaCry's worm modules are still searching for new victims. The latest tally of computers that have been touched by this worm is 416,989, albeit not all computers have had their files encrypted, as WannaCry's ransomware payload has been defanged by a clever British researcher.

Bleeping Computer has reached out to Kaspersky Labs to inquire on why we see Windows 10 machines in the chart, and any possible scenarios that WannaCry could have used to infect those systems.


Source: https://www.bleepingcomputer.com/news/s ... windows-7/

This is largely about yet again closing the stable door, and more important questions remain. Above all that what PC (and in general, connected users) can and should do for their own good.
User avatar
buksida
Moderator
Moderator
Posts: 22476
Joined: Tue Dec 31, 2002 12:25 pm
Location: south of sanity

Re: The computer and software security thread

Post by buksida »

Thailand in top 10 for malware in Asia
Thailand ranks among the top 10 countries in Asia-Pacific for the number of malware attacks because of high rates of software piracy and internet use, Microsoft says.

"Thailand is still one of the countries across the region most at risk of malware threats, behind Bangladesh, Indonesia and Vietnam," said Keshav Dhakad, assistant general counsel and regional director for the digital crimes unit of Microsoft Asia.

The threat risk here is comparable to conditions in the Philippines and Bangladesh, he said, while Hong Kong, Japan and Singapore are at the lowest risk of malware attacks.

Citing a National University of Singapore study entitled "Cybersecurity Risks From Non-Genuine Software", Mr Dhakad said cyber criminals are compromising computers by embedding malware in pirated software CDs and DVDs and online channels such as BitTorrent, which is a highly effective way to transfer files over the internet.

The study analysed about 90 new PCs running pirated software in Thailand and seven other countries.

It found that 92% of new computers installed with non-genuine software were infected by malware.

http://www.bangkokpost.com/business/new ... re-in-asia

Thought: obviously no mention of all the dodgy Thai websites out there disseminating the stuff ...
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
User avatar
Spitfire
Addict
Addict
Posts: 5248
Joined: Thu Apr 10, 2008 1:17 pm
Location: Thailand

Re: The computer and software security thread

Post by Spitfire »

Yeah, coupled with the refusal to use original software and the idea that they can still 'skim it' with a pirate version of XP...haha
Resolve dissolves in alcohol
User avatar
Spitfire
Addict
Addict
Posts: 5248
Joined: Thu Apr 10, 2008 1:17 pm
Location: Thailand

Re: The computer and software security thread

Post by Spitfire »

With this new ransomware attack breaking, the following advice should help secure PCs running on older operating systems of the type you find here in Thailand all the time, especially if update is turned off for whatever reason.

Other than the obvious ones like backing up/using up to date anti-virus etc., these will help too:

1 - Use a VPN (even Opera browser lets you use a free one which is fairly good), much safer and should be a no-brainer these days.

2 - Use a free ransomware blocker like the Malwarebytes one.

3 - Block TCP port 445 and if using Windows 7 or before you will really have to block ports 135, 137, 138 and 139 as well.

If you are on Windows 10 then should be fine with the updates. Amazing how many places are still running XP or Win 7 because it's very hard/impossible to have system downtime.

Edit - I also like the boot scan option that some anti-virus like Avast offer as that scans stuff as it launches because some stuff can hide from normal scans.
Resolve dissolves in alcohol
User avatar
buksida
Moderator
Moderator
Posts: 22476
Joined: Tue Dec 31, 2002 12:25 pm
Location: south of sanity

Re: The computer and software security thread

Post by buksida »

Most of these attacks are socially engineered, meaning that the user has to do something - open an attachment, or click a dodgy link in an email or on feckbook - to infect the system.

A bit more vigilence with what you click will go a long way!
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
User avatar
Spitfire
Addict
Addict
Posts: 5248
Joined: Thu Apr 10, 2008 1:17 pm
Location: Thailand

Re: The computer and software security thread

Post by Spitfire »

A bit more vigilence with what you click will go a long way!
Amen to that.
Resolve dissolves in alcohol
laser
Specialist
Specialist
Posts: 131
Joined: Sun Oct 26, 2014 5:17 pm
Location: here & there

The NotPetya malware

Post by laser »

Some information on (Not)Petya with a helpful solution:
http://www.bleepingcomputer.com/news/se ... the-globe/
Fortunately it's quite simple to deal with it:
https://www.bleepingcomputer.com/news/s ... -outbreak/
The 'vaccination' merely involves creating a file called "perfc" (without extension) in the C:\Windows directory.
Pleng
Legend
Legend
Posts: 2798
Joined: Fri Apr 08, 2011 2:04 am
Location: Hua Hin

Re: The computer and software security thread

Post by Pleng »

buksida wrote: Wed Jun 28, 2017 3:33 pm Most of these attacks are socially engineered, meaning that the user has to do something - open an attachment, or click a dodgy link in an email or on feckbook - to infect the system.

A bit more vigilence with what you click will go a long way!
Except the last two big attacks did not require any input from the user at all.
User avatar
buksida
Moderator
Moderator
Posts: 22476
Joined: Tue Dec 31, 2002 12:25 pm
Location: south of sanity

Re: The computer and software security thread

Post by buksida »

No need to be a pedant, if you read it you'll find I said "most" of these attacks, no mention of the specific last two. Social engineering attacks now out number automatic methods of computer infiltration.
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
hhinner
Rock Star
Rock Star
Posts: 4291
Joined: Fri Nov 09, 2012 2:17 pm

Re: RE: Re: The computer and software security thread

Post by hhinner »

Pleng wrote:
buksida wrote: Wed Jun 28, 2017 3:33 pm Most of these attacks are socially engineered, meaning that the user has to do something - open an attachment, or click a dodgy link in an email or on feckbook - to infect the system.

A bit more vigilence with what you click will go a long way!
Except the last two big attacks did not require any input from the user at all.
The recent ransomware attacks probably did start with someone clicking on an attachment in an email and thus installing the malware. Worm functionality in the malware would allow it to spread in the local network. It only needs one PC on a network to get the ball rolling.
User avatar
pharvey
Moderator
Moderator
Posts: 13699
Joined: Sat Aug 29, 2009 10:21 am
Location: Sir Fynwy - God's Country

Re: The computer and software security thread

Post by pharvey »

"Hackers can be heroes or villains depending on your perspective. Some want to fight the system while others are motivated by money, politics or boredom. In the wake of high-profile hacks and tragic terrorist attacks, politicians on all sides of the debate want to introduce tighter regulation on the internet. But will it work?"

A statement in "Focus Magazine" - superb publication IMHO.

Question is, what is the opinion of others? I'm a gadget nut, but certainly know my limitations and know the dangers of "Hackers" and the like over the Internet and Bluetooth. Thankfully those I bank with have been quick to deal with threats and despite recently person or persons taking money from my card, all was returned with no loss to myself.

I will add that I'm very careful with regards to online payments, online banking, secure passwords et al, but what do you do?

Mods - if this post is in the wrong place please move.

:cheers: :cheers:
"Hope is a good thing, maybe the best of things" - Yma o Hyd.
Bluesky
Guru
Guru
Posts: 769
Joined: Sat Sep 26, 2015 1:56 pm
Location: Hua Hin, Outback Queensland

CCleaner hacked with malware

Post by Bluesky »

More than 2 million users possibly at risk.

By Michael Simon
Staff Writer, PCWorld | SEP 18, 2017 7:33 AM PT

It seems that CCleaner, one of PCWorld’s recommendations for the best free software for new PCs, might not have been keeping your PC so clean after all. In an in-depth probe of the popular optimization and scrubbing software, Cisco Talos has discovered a malicious bit of code injected by hackers that could have affected more than 2 million users who downloaded the most recent update.

On Sept. 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data.

Cisco Talon suspects that the attacker “compromised a portion of (CCleaner’s) development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization.” As such, customers’ personal information was not at risk.

According to Avast, the malware doesn’t seem to have affected any machines in the wild. In a blog post by vice president of products Paul Yung, he states that the company identified the attack on Sept. 12 and had taken the appropriate action even before Cisco Talos notified them of their discovery. Yung says the attack was limited to CCleaner and CCleaner Cloud on 32-bit Windows systems—fortunately, most modern PCs will likely be running the 64-bit version.

Yung assures customers that the threat has been resolved and the “rogue server” has been taken down. He also says Piriform has shut down the hackers’ access to other servers. Additionally, the company is moving all users to the latest version of the software, which is already available on the company’s website (though the release notes only mention “minor big fixes.”)

Most reassuringly, Yung states that Avast was seemingly able to disarm the threat before it was able to do any harm. The intent of the attack is unclear at this time, though Avast says the code was able to collect information about the local system.

Users can download CCleaner 5.34 from Avast’s website if they haven’t already done so. Previous releases are also still available on the company’s website, but the infected version has been removed from the company’s servers. You’ll also want to perform an antivirus scan on your computer. If you're affected, Cisco Talos recommends using a backup to restore your PC to a state prior to August 15, 2017, which is when the hacked version was released.

The impact on you at home: While users within the target area shouldn’t see any impact from this attempted attack, it’s still a scary notion. While Avast got in front of the issue and resolved it without incident, smaller companies might not be able to react so quickly. For example, earlier this year, it was found that a breach at Ukranian software company MeDoc was responsible for the NotPetya ransomware. Ransomware is becoming a troubling trend, and if hackers are able to infect infect update servers they can spread malware to as many machines as possible.

https://www.pcworld.com/article/3225407 ... lware.html
'Diplomacy is the art of telling people to go to hell in such a way they ask for directions'. -Winston Churchill-
HHTel
Hero
Hero
Posts: 10806
Joined: Mon Feb 12, 2007 7:44 pm

E-mail scam

Post by HHTel »

I've just received an 'E-Mail Alert' supposedly from the Outlook Team. Anyone clicking 'Update your account' will be asked for your email user and password. Looks quite authentic but check out the sender. Be warned.
Account Update
EA
Email Alert <spaninc@hotmail.com>


Reply|
Today, 6:04 PM
This message was sent with high importance.


Microsοft

Your Services Agreement and Privαcy Statement made clearer
Dear User,

This is to inform you that Microsοft Outloοk will discontinue suppοrt on your accοunt and security.

and you will no longer have access to many of the latest features for improved, conversations, contacts and attαchments.

Take a minute to updαte your accοunt for a faster, safer and full-featured Microsοft Outloοk experience.

Updαte Your Accοunt

Sincerely

Outloοk.com Team

Microsοft respects your privαcy. Review our οnline Privαcy Statement
hhinner
Rock Star
Rock Star
Posts: 4291
Joined: Fri Nov 09, 2012 2:17 pm

Re: E-mail scam

Post by hhinner »

^^ Apart from the sender, I think the crap grammar is a bit of a giveaway.
User avatar
buksida
Moderator
Moderator
Posts: 22476
Joined: Tue Dec 31, 2002 12:25 pm
Location: south of sanity

Re: The computer and software security thread

Post by buksida »

It is a phish poor phishing attempt.

Here is how to identify more of them: https://www.sonicwall.com/en-us/phishing-iq-test
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
Post Reply