The Simplocker ransomware is hidden in an app that presents itself as a pornography player under the name “Sex Xonix”. After launching the app, a message appears on the screen accusing the user of watching and distributing child pornography (among “other perversions”) and demands payment to decrypt the user’s now encrypted Android files. The user is asked to pay 260 UAH (Ukraine Hryvnia), around $22, via MoneXy, a money transferring service used mostly in Russia and Ukraine.
Users are tricked into downloading the file commbank.apk which disguises itself as a mobile authentication application. We’ve also seen other versions that look like Facebook or Gmail authentication apps and even a “malware scanner”.
When downloaded, the app looks surprisingly legitimate, in this case, similar to an app that might be issued by a well-known bank: Australia and New Zealand Banking Group Limited, commonly called ANZ. This app would normally provide mobile transaction authorization numbers (mTAN) or mTokens enabling login to the online banks using two-factor authentication.
The stolen data is stored in a SQLite database directly on the victim’s phone
So can Play Store downloads be malicious?
News reports later quoted the app’s developer as claiming that the app had been mistakenly released and was an early placeholder. This situation illustrates the struggles associated with scanning and evaluating the sheer number of Android apps appearing on the market.
Before we get started we though it would be interesting to get your opinion on which of these will grow in 2014.
All of the above pseudo-random domain names are now redirected to the IP address 142.0.36.234 which is a DNS Reply Sinkhole hosted by the FBI.
Kudos to the US Department of Justice, the FBI, Europol and the UK’s National Crime Agency, who have managed to disrupt the GameOver Zeus botnet. They have built a sinkhole that redirects the infected computers to the substitute servers under the control of the government as opposed to the Zbot servers.
All of the above pseudo-random domain names are now redirected to the IP address 142.0.36.234 which is a DNS Reply Sinkhole hosted by the FBI.
Kudos to the US Department of Justice, the FBI, Europol and the UK’s National Crime Agency, who have managed to disrupt the GameOver Zeus botnet. They have built a sinkhole that redirects the infected computers to the substitute servers under the control of the government as opposed to the Zbot servers.
Many users dismiss suggestions that these can be dangerous since they are “just text and images”. It is true that PDF files are not blocked by most email programs. But of course they can be malicious - as shown in this example.
9.303, 9.304, 9.4, 9.401, 9.402, 9.403, 9.404, 9.405, 9.406, 9.407, 9.5, 9.501, 9.502, 9.503, 9.504,10.101, 10.102, 10.103, 10.104, 10.105, 10.106, 11, 11.001
(The current version is 11.0.07)
If successfully exploited the malicious PDF then executes an embedded shellcode that downloads another malicious executable Backdoor from the following link which CYREN detects as W32/Androm.AQ:
Lastly, keep your software up-to-date especially for Adobe Reader to protect you from possible vulnerability attacks.
CVE-2010-3333 vulnerability even though it’s over a year old. Why do attackers still use this exploit? Mainly because it’s very simple to exploit and many users have still not applied the MS10-087 update (or maybe they are using cracked versions of MS Office).
Since winxp is EOL from an update point of view and potentially exposed as soon as the next vuln is made public we were curious…
Reasons for decrease
Pharma companies shutting down factories
Big spam affiliates shut down
In short – less monay in spam - more money elsewhere
“bioceutical” penny stock
he Wolf of Wall Street, you’ll be amused at this pump and dump schemers choice of pseudonym’s “Oakmont Stratton”. (Prosecuted in the 1990s for stock and investment fraud, the real owners of the firm Stratton Oakmont eventually pleaded guilty to 10 counts of securities fraud and money laundering.)
Countries – Spain 1st time number 1
Zombies – top 5 is generally the same
More hacked gmail accounts
Our data is sourced from our GlobalView security lab and based on huge volume of traffic seen in GlobalView cloud – 12 billion trans per day.
We have seen the big increase in web malware/explouit kits and PHISHING! So a cloud based solution is needed
WebSecurity – in the cloud web securiyt and web filtering , with CYREN protection, the simplest user interface, and muti-tier partner management – and all with white label options so that you can make it look like your own.
Our partners can co- brand our yearbook or the Q1 trend report