شماره: IRCNE2015112679
تاريخ: 08/19/94

Cryptowall، بدافزار رمزگذاري معروف كه فايل ها را براي گرفتن پول رمزگذاري مي كند، به روز رساني شده است.
نسخه جديد اين بدافزار گروگان گير به گونه اي عمل مي كند كه قرباني نمي تواند فايل ها را بازيابي كند. هم چنين اين بدافزار موارد مربوط به بازيابي سيستم را پاك مي كند تا هيچ راهي براي بازگرداندن سيستم به حالت ذخيره شده قبلي وجود نداشته باشد.
اين بدافزار از bitcoin براي دريافت وجه استفاده مي كند و مانند نسخه قبلي توسط سرور كنترل و فرمان مبتني بر Tor مديريت مي شود تا امكان ردگيري مهاجمان وجود نداشته باشد.
سيستم كاربران از طريق باز شدن يك فايل پيوست فشرده ارسال شده از كمپين هرزنامه اي به اين بدافزار آلوده مي شوند.
در حاليكه بدافزار Cryptowall به عنوان يكي از رايج ترين خانواده هاي بدافزاري فعاليت مي كند، موفقيت آن بواسطه انواع و خانواده هاي جديدتر افزايش يافته است.
اما تمامي بدافزارها به طور يكسان توليد نمي شوند و در برخي موارد خطاهايي در كدگذاري آن ها مشاهده مي شود. به عنوان مثال بدافزار شناسايي شده در ماه گذشته داراي خطايي بوده كه به كاربر اجازه مي داد بدون پرداخت وجه، فايل ها را رمزگشايي كرده و به آن ها دسترسي يابد.
تجزيه و تحليل هاي صورت گرفته نشان مي دهد كه در برخي از موارد نوشتن كد نادرست باعث مي شود تا داده قربانيان تخريب شده و از بين برود زيرا هنگام رمزگذاري فايل، كليدهاي مربوط به آن ذخيره نمي شود.
پشتيبان گيري از داده هاي سيستم باعث مي شود تا خسارت وارده از طريق بدافزارهاي گروگان گير كاهش يابد.

Number: IRCNE2015112679
Date: 2015/11/10

According to “zdnet”, Cryptowall, the now-infamous encryption malware that locks files for ransom, has been updated.
The ransomware, which upon install encrypts files making it almost impossible to regain access, now scrambles file names making it even harder for victims to know which files are which. System restore points are also erased, taking away the option of returning to a previously saved state.
The ransomware continues to use bitcoin as the means of payment, which like in previous versions is handled by a centralized Tor-based command-and-control server to store decryption keys, making the attackers almost impossible to trace.
Users are tricked into opening a zipped attachment from a spam campaign, which contains a malicious file, triggering an executable payload.
While Cryptowall remains by far one of the most common families of the malware, its success has given rise to new families and variants.
But not all malware is created equally, nor is coded correctly, which in some cases can cause devastating data loss.
New ransomware discovered late last month uses a single same master encryption key to encrypt files, making it easier for victims to share keys and regain access to files without paying the ransom. But analysis showed that badly-written code would destroy a victim's data because, when the files were encrypted, the key wasn't saved.
Storing a backup can mitigate the damage done by file-encrypting ransomware.

شماره: IRCNE2015112678
تاريخ: 08/18/94

محققان نوع جديدي از بدافزار اندرويد را در هزاران برنامه كاربردي شناسايي كردند كه از عناوين معروفي مانند فيس بوك، توييتر و Snapchat سوء استفاده مي كند. امكان حذف اين بدافزار تقريبا وجود ندارد و كاربر بايد كل دستگاه خود را تعويض كند.
شركت امنيتي تلفن همراه Lookout Security، تبليغ افزار جديد را "trojanized adware" ناميده است. بردارهاي خرابكار برنامه هاي كاربردي معتبر را از روي فروشگاه گوگل پلي برداشته و آن ها را همراه با اين تبليغ افزار بسته بندي مجدد مي كنند و بر روي فروشگاه هاي متفرقه قرار مي دهند.
كاربر برنامه مخرب را از روي فروشگاه متفرقه نصب مي كند و اين برنامه دسترسي كامل سيستم تلفن همراه را بدست مي آورد و راه هايي را براي هكرها باز مي كند تا بتوانند حملات جديدي را راه اندازي نمايند. اين برنامه ها ميزبان تبليغ افزارهايي مي باشند كه پول زيادي را براي مهاجمان جمع آوري مي كنند.
تاكنون آلودگي دستگاهي به اين تبليغ افزار گزارش نشده است. يك شركت امنيتي اعلام كرد كه حداقل سه خانواده بدافزار اندرويدي وجود دارند كه ميزبان تبليغ افزار مي باشند. اين سه خانواده عبارتند از Shuanet، Kemoge كه به عنوان ShiftyBug شناخته مي شود و Shudun يا GhostPush.

Number: IRCNE2015112678
Date: 2015/11/09

According to “zdnet”, researchers have found a new type of Android malware found in thousands of apps, posing as popular titles -- including Facebook, Snapchat, Twitter, and more.
Making matters worse, it's almost impossible to remove, forcing a user to replace their device entirely.
Lookout Security, a mobile security firm, discovered the new so-called "trojanized adware," which puts a new twist on how cybercriminals are generating money.
By taking legitimate apps from the Google Play store, malicious actors will repackage the app with baked-in adware, and serve it to a third-party app store.
It works like this: the user installs an app from a third-party store, and the app auto-roots gaining access to the entire phone's system -- an act alone that punches a hole in Android's security, opening up more ways for hackers to launch their attacks. Periodically from there, the app will serve ads, which generates money for the attacker.
The good news is that the company said there is no indication that users who install apps from Google Play, Android's official app store, are affected.
The San Francisco, Calif.-based security firm said there exists at least three similar families of Android-based trojanized adware, which serve ads -- Shuanet, Kemoge (known as ShiftyBug), and Shudun (or GhostPush).

شماره: IRCNE2015112677
تاريخ: 08/16/94

شركت اندرويد از اوايل سال تاكنون با چندين آسيب پذيري جدي مقابله كرده است. از جمله اين آسي پذيري ها مي توان به Stagefright 1.0 و Stagefright 2.0 اشاره كرد. در اين ميان بعضا اصلاحيه هايي منتشر شده و راهكارهاي امنيتي براي مقابله با اين آسيب پذيري ها ارائه شده است. اما تشخيص آنكه كدام دستگاه آسيب پذير بوده و در معرض خطر قرار دارد بسي دشوار است.
اما در حال حاضر شركت امنيتي NowSecure ابزار جديدي را با نام Android Vulnerability Test Suite منتشر كرده است كه با اسكن دستگاه كاربر نشان مي دهد كه دستگاه او نسبت به كدام مشكلات آسيب پذير است و در معرض خطر كدام حملات قرار دارد.
در پياده سازي اين برنامه سعي شده است تا هر دو خطاي مثبت و منفي كاذب بدون تاثير بر پايداري سيستم تقليل يابد. اين برنامه، دستگاه را براي يافتن رايج ترين آسيب پذيري ها اسكن مي كند.
اين برنامه بر روي فروشگاه گوگل عرضه مي شود و كد آن بر روي Github در دسترس عموم قرار دارد.

شماره: IRCNE2015112676
تاريخ: 08/16/94

محققان دانشگاه MIT، هاروارد و كارنگي ملون دريافتند كه برنامه هاي محبوب موقعيت مكاني كاربران را ردگيري كرده و آدرس ايميل آن ها را نيز با موجوديت هاي ثالث به اشتراك مي گذارند.
اين محققان داده هاي به اشتراك گذارده شده توسط 110 برنامه موجود بر روي فروشگاه گوگل پلي و فروشگاه اپل از جمله برنامه هاي شبكه اجتماعي، برنامه هاي تناسب اندام، موتورهاي جستجو و برنامه هاي رايج پيام رساني را مورد بررسي قرار دادند تا مشخص شود كه چگونه داده ها را مديريت مي كنند.
يافته هاي بدست آمده نشان مي دهد كه 73 درصد از برنامه هاي اندرويد آدرس ايميل را به اشتراك مي گذارند در حالي كه 47 درصد از برنامه هاي اپل موقعيت مكاني كاربر را به اشتراك مي گذارند. هم چنين برنامه هاي اندرويد اطلاعات شخصي افراد را از قبيل نام كاربر (49 درصد) و آدرس (25 درصد) به اشتراك مي گذارند در مقابل برنامه هاي اپل عملكرد بهتري در خصوص پنهان نگه داشتن اطلاعات دارند.
به هر حال اين برنامه ها در زمره برنامه هاي مخرب به حساب نمي آيند و در واقع 55 درصد از برنامه هاي محبوب و معروف را شامل مي شوند.
نكته مشكوكي كه محققان قادر به حل آن نيستند آن است كه 93 درصد از برنامه هاي اندرويد داده ها را با دامنه safemovedm.com كه ظاهرا وجود ندارد به اشتراك مي گذارند.

Number: IRCNE2015112677
Date: 2015/11/07

According to “zdnet”, Android has taken a few serious beatings in the mobile security world this year.
From Stagefright 1.0 to Stagefright 2.0, not to mention LTE flaws, and even trojanized malware and app hijacks, there have been a slew of issues that have plagued device makers and users alike.
And with a fragmented market of Android versions and patches that don't arrive because the carriers haven't approved their release, it's hard to know which devices are vulnerable to what. Now it's relatively easy to do.
Developed by mobile security firm NowSecure, the tool -- dubbed the Android Vulnerability Test Suite (VTS) -- is "meant to show the end user the attack surface that a given device is susceptible to," says its website.
"In implementing these checks we attempt to minimize or eliminate both false positives/false negatives without negatively affecting system stability," it says.
Simply put, it tests some of the most common flaws to determine whether or not your Android device is vulnerable.
The app is available on Google Play, and its code available on Github.

Number: IRCNE2015112676
Date: 2015/11/07

According to “itpro”, research by the Massachusetts Institute of Technology (MIT), Harvard, and Carnegie-Mellon universities in the US has revealed many everyday, popular apps are tracking your movements and sharing your email address with third parties.
The universities examined the data shared by 110 apps on Android's Google Play and the Apple App Store to see how they handle data, including social networking apps, fitness apps, search engines and free messaging apps.
It revealed 73 per cent of Android apps share email addresses, while 47 per cent of iOS apps share the user's location, often without permission. Android apps were most likely to share personal information such as the name of the user (49 per cent) and address (25 per cent) while iOS apps were much better at hiding this information.
But these apps aren't regarded as malicious by Google or Apple in any way - in fact, they're 55 of the most popular apps available on the platforms, including Google, Instagram, Pinterest, Kayak, MyFitnessPal and many more.
One mystery the researchers were unable to solve was that 93 per cent of Android apps shared data with the safemovedm.com domain, which doesn't seem to exist.

Number: IRCNE2015102675
Date: 2015/10/25

According to “zdnet”, over 900 CCTV cameras have become slaves in a global botnet used to disrupt online services, researchers have discovered. According to Incapsula's research team, CCTV cameras are a common element of IoT-based botnets.
Now, a fresh attack is poised to disrupt online services. First discovered when investigating a HTTP Get Flood attack -- a type of distributed denial-of-service (DDoS) campaign -- which peaked at around 20,000 requests per second, the researchers found that within the list of attacking IPs, many of them belonging to CCTV cameras.
All of the compromised devices were running BusyBox, a lightweight Unix utility bundle designed for systems with limited resources. Once an attacker gained access to a camera through the default credentials, they installed a variation of the ELF Bashlite malware, a type of malicious code which scans for network devices running BusyBox.
If devices are discovered, the malware then searches for open Telnet/SSH services which are susceptible to brute force dictionary attacks. This particular variant, however, was also equipped with the power to launch DDoS attacks.
A simple method to prevent hackers from gaining access to these cameras is to change the default username and passwords associated with your devices.

Number: IRCNE2015102674
Date: 2015/10/25

According to “computerworlduk”, if your computer was infected with the CoinVault or Bitcryptor ransomware programs you're in luck -- at least compared to other ransomware victims. Chances are high that you can now recover your encrypted files for free, if you still have them.
Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor, two related ransomware threats.
Those keys have been uploaded to Kaspersky's ransomware decryptor service that was originally set up in April with a set of around 750 keys recovered from servers hosted in the Netherlands.
The CoinVault file-encrypting ransomware program was first documented by Kaspersky researchers in November 2014. Then in April the National High Tech Crime Unit (NHTCU) of the Dutch police recovered some decryption keys from a seized CoinVault server.