" trojan "

pattern_unlock

New Android Ransomware Changes Lock Screen PIN

Dubbed Android/Lockerpin.A, the new trojan app tricks users into granting it device administrator privileges. To achieve this it mimics a patch installation window on top of an activation notice. When victims click on the continue button, they actually grant the malicious app rights that allow it to make changes to the Android settings. Lockerpin the sets or resets the PIN that unlocks the screen lock, effectively requiring users to perform a factory reset to regain control over the device. By contrast, earlier forms of Android ransomware generally were thwarted, usually by deactivating administrator privileges and then uninstalling the app after the infected device is booted into safe mode.

(more…)

Police-Virus

Cyber Police Virus Strikes Again

The Cyber Police Virus is malware that attacks Android devices. Designed by cyber criminals who focus primarily on phone markets to collect money from unwary users, using counterfeit fines and violations.  The virus locks users’ phones and displays a fake fine on the screen, demanding a fee be paid. Although this virus does not encrypt data, as with ransomware for PC’s, the message remains on the screen and the virus is somewhat difficult to remove.  This Trojan is targeting users from 31 different countries around the world; 23 of which are European countries and is one of many new malware samples attacking Android devices. This is just more evidence that mobile devices are no longer considered “safe” and that users can start looking at protection for all their devices.

 

(more…)

Facebook, favourite bait of cyber-crooks in 2011

–       In just three days, two new malicious codes using Facebook have been discovered

The recent trend for developing computer threats designed to spread by exploiting the most popular social media continues to gather pace, reports global IT vendor Panda Security. In the last three days alone, two new malicious codes that use Facebook to ensnare victims have been wreaking havoc.

One of these, Asprox.N, is a Trojan that reaches potential victims via email. It deceives users by telling them that their Facebook account is being used to distribute spam and that, for their security, the login credentials have been changed. It includes a fake Word document supposedly containing the new password.

The email attachment has an unusual Word icon, and is called Facebook_details.exe. This file is really the Trojan which, when run, downloads a .doc file that runs Word to make users think the original file has opened.

The Trojan, when run, downloads another file designed to open all available ports, connecting to various mail service providers in an attempt to spam as many users as possible.

The other, Lolbot.Q, is distributed across IM applications such as MSN and Yahoo!, displaying a message with a malicious link. This link downloads a worm designed to hijack Facebook accounts and prevent users from accessing them. If users then try to login to Facebook, a message appears informing that the account has been suspended and that to reactivate them they must complete a questionnaire, with the offer of prizes –including laptops, iPads, etc.– to encourage users to take part.

After several questions, users are asked to enter their cell phone number, where they will receive data download credits for a cost of R83 a week. On subscribing to the service, victims will receive a password with which they can recover access to their Facebook account.

“Once again cyber-criminals are using social engineering to trick victims and infect them with malware” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “Given the increasing popularity of social media, it is no surprise that it is being exploited to lure potential victims”.

PandaLabs advises all users to be wary of any messages with unusually eye-catching subjects, whether via email or IM or any other channel; and to be careful when clicking on external links in Web pages. Obviously, we also warn users not to enter any personal data in applications attempting to sell any type of test.

For more information visit: www.pandalabs.com

Follow Panda Security South Africa on Facebook and Twitter @PandaSecurityZA

10 tell-tale signs of PC infection

  • Does your computer talk to you? Can’t use the Internet? Have your files disappeared? You might be infected…

Users are often advised to use an antivirus to check if their systems are infected, but with the current cyber-crime scenario, this is simply not enough.

“It takes a least a basic grasp of security issues to work out if a computer is infected, and many first-time users have little or no idea” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “However, while many of today’s threats are specifically designed to go undetected, there are still some tell-tale signs if a system has been compromised.”

Global IT vendor Panda Security has produced a simple guide to the 10 most common symptoms of infection, to help users identify if their systems are at risk:

1. My computer speaks to me: There are all types of pop-ups and messages on the desktop either advertising things, saying that the PC is infected and needs protection etc. This is a typical, surefire case of an infection. There is either spyware on the computer, or it has been infected by a fake antivirus also known as “rogueware”.

2. My computer is running extremely slowly: This could be a symptom of many things, including infection by a virus. If it has been infected by a virus, worm or Trojan, among other things, which are running on the computer, they could be running tasks that consume a lot of resources, making the system run more slowly than usual.

3. Applications won’t start: How many times have you tried to run an application from the start menu or desktop and nothing happens? Sometimes another program might even run. This could be another type of problem, but it’s a symptom that tells you that something is wrong.

4. I cannot connect to the Internet or it runs very slowly: Loss of Internet communication is another common symptom of infection, although it could also be due to a problem with your service provider or router. You might also have a connection that runs much more slowly than usual. If you have been infected, the malware could be connecting to a URL or opening separate connection sessions, thereby reducing your available bandwidth or making it impossible to use the Internet.

5. When I connect to the Internet, all types of windows open or the browser displays pages I have not requested: This is certain sign of infection. Many threats are designed to redirect traffic to certain websites against the user’s will, and can even spoof Web pages, making you think you are on a legitimate site when really you have been taken to a malicious imitation. 

6. Where have my files gone? Hopefully nobody will be asking this type of question, although there are still some threats around designed to delete or encrypt information and to move documents from one place to another. If you find yourself in this situation, get help as quickly as possible.

 7. My antivirus has disappeared, my firewall is disabled: Another typical characteristic of many threats is that they disable security systems (antivirus, firewall, etc.) installed on computers. Perhaps if one thing shuts down it might just be a specific software failure; but if all your security components are disabled, you are almost certainly infected.

 8. My computer is speaking a strange language: If the language of certain applications changes, the screen appears back-to-front or strange insects start ‘eating’ the desktop; it is likely that you have an infected system.

 9. Library files for running games, programs, etc. have disappeared from my computer: Once again, this could be a sign of infection, although it could also be down to incomplete or incorrect installation of programs.

10. My computer has gone mad… literally: If the computer starts acting on its own, you suddenly find your system has been sending emails without your knowledge, Internet sessions or applications open sporadically on their own, your system is probably compromised by malware.

Panda advises all users, who have identified with one or more of the scenarios above, to look for alternative security applications to the one (if any) they have installed. Users don’t need to uninstall their existing application; but can simply use a free, online antivirus such as Panda ActiveScan. Alternatively, they can install an antivirus that is compatible with other engines, such as Panda Cloud Antivirus, which is also free.

“Getting a second opinion on the health of your PC could save your data, your privacy and in many cases, your money”, concludes Matthews.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.