A computer worm is the family member of malware and that spreads the copies of itself from computer to computer. This Worms can active and do the jobs itself without any human interaction and do not need to attach it with any software program in order to cause damage.

How Does it work?

Worms can be transmitted from the software vulnerabilities where some Worms could arrive as an attachment in spam emails or instant messages. When the file is open you could find a link to a malicious website or then automatically download the Worms. After that, the installation process started and it worked silently and the machine without the user’s knowledge.

The Worms can modify and delete the files and even it can inject the additional malicious software onto a computer. Sometimes we found that that the computer worm’s purpose is only to make copies of itself over and over which can block the size and speed of the hard drive space or bandwidth and create overloading tasks in a shared network. Some Worms can steal data and install a backdoor and allow hackers to gain the control of entire system setting.

Famous Computer Worm

Around July 2010, The first computer worm was found and used as the cyber weapon and discovered by the security researcher after a long string of incidents in Iran.

 The name of the worm is “Stuxnet”. This attracts the interest of high profile specialists around the world. After finding the details about this worm it comes that the “Worm” is designed to attack an Iranian power plant with the ultimate goal of sabotaging nuclear weapon production. But at last, it failed and the vulnerabilities are found.

How do you know about the Computer Worm in your system?

If you feel that your system is infected by the computer worm, run a scan immediately with an anti-virus. Even if the scan is not useful and the result is negative and then follow some steps below :

1. Keep an eye on your hard drive space: The worm can utilize the free space of your computer.
2. If you find some files are missing: Computer worm can delete and replace files on a computer.
3. Monitor the performance and speed: If you find lagging and crashing issues in the computer even the processing speed feels slow.

Found this article informative ? Follow Vednam on Facebook, Twitter, Mix, Tumbler and Linkedin to know more exclusive content we post.

The post What is Computer Worm? How does it work ? appeared first on Vednam.

Malware affects the entire system of airports.

Suspected Malware

According to researchers, the malware was discovered while installing Endpoint detection and response(EDR). EDR is the advanced behavioral detection and threat hunting platform which helps to detect the issues.

When the Endpoint Detection and Response (EDR) were rolled out from the International Airport in Europe then the researcher identified an interesting crypto mining infection where the cryptocurrency mining software was installed on more than 50% of the international airport workstation as the media reported.

The malware we are talking about is detected and it was associated with the anti-coinminer campaign as reported by the Zscaler in 2018. The behavior of implementing multiple processes over a short time frame and the malware was presumed to be the bitcoin miner.

The main path was not traceable right now and how the malware got into the workstations even though all the workstations at the airports run an industry-standard AV solution that also doesn’t detect the malicious activity.

The threat actor used the reflective DLL loading which is a typical evasion tactic that can mask the loading or installing of the malware files. The malware that was found is used for months before the installation of EDR.

According to the media “ the malware happens to be the cryptocurrency miner that can impact the business was relatively minor and also limited to the performance degradations which can lead to quality service and service interruptions which increase in power consumption through the airport.

Modified attackers

The Highest privileges that were possible to take emphasis on any application for the user of workstation resources. The threat actors are modified by malware techniques that they would be more challenging to get identified from the infected computer.

Followed

The best way to protect the systems, the company may have AV with EDR for the prevention and detection of malware rather than using AV alone.

If you find any suggestions for this Cryptocurrency Miners article. Let me know in the comment section. Thank You

The post Cryptocurrency Miners : Affect European Airport Workstation by 50% appeared first on Vednam.

According to the source, it was found that A1 Telekom, the largest internet service provider in Austria Which can admit to a security breach this week which whistleblower’s exposed.

The company admitted to suffering from the malware infection in November 2019 as the A1 security team detected a month later. The main issue is to remove the infection which is more problematic than it was at the initial anticipation.

It all from December 2019 to may 2020 where the security team had done all their jobs to take the malware operators in attempts which can remove all the hidden backdoor components which kick out the intruders.

A1 which has disclosed the nature of the malware which didn’t say if the intruders who are financially focused are a cybercrime gang.

When some bloggers came in contact with the Austrian ISP they discussed the malware which only infected the computers on its office network which consist of more than 15,000 workstations, 12,000 servers, and thousands of applications.

The threat actor wants to tool manual control of the malware and attempted to expand the foothold on the few systems to check the company’s entire network. The company security expert also said that the attackers are able to manage or compromised some database and even ran database queries in order to learn the companies internal network

With the talk with the Austrian press,” A1 which has a complex of its internal network which helped to prevent the threat actor from affecting the other systems and this happens because the thousands of the databases and their relationship are by no means for an outsider to understand.

The A1 mentioned to heise that the serious compromise that the lasted more than six months which can be attackers did not get the hands-on the sensitive customer data.according to the claims it was coming out with the queries of location, phone number and the other customer data for the certain private A1 customers

From the company, it was assured that the password of 8,000+ employees has changed the password and all access keys of the servers.

If you have any suggestions for the article. let me know in the comment section.

The post The Austria’s largest ISP Data breached by Hacker appeared first on Vednam.

The Storm worm is from the trojan horse family. The worm creates payload to the other program through but not always the same one. Some of the storm worms turn the computer into zombies or bots.

When the computer is vulnerable then it takes the remote control by the person behind the attack.

Some of the hackers utilize them to create a botnet and use it to send spam mail across the internet and vulnerable the entire machines connected with that network.

The Storm is specially used for the current situation subject in their mail and then sent to the victim’s mail. For example “ this time COVID-19 is creating so many issues then the mail you receive are also related to the coronavirus”,” earthquake and more the recent issue in the subject line. After that you got a link in the email body basically that is connected to a link and that downloads the storm worm in your machine and your whole machine is under control of a cyber hacker.

Several news headlines and bloggers mention that this virus is the worst virus attack in years.

Although the security expert also said that the virus spreads frequently and this is most difficult to detect or remove from a computer system.

How to remove this virus from your PC?

The main thing you have to do please don’t turn off your antivirus or windows defender that mainly checks the changes happening and track if any trojan installed in your PC’

You can have to take some advantage to figure out with this issue :

• Install a Good antivirus which helps you to protect the computer and if possible check the right antivirus online and then make decisions.
• The Antivirus updated is also important because the virus changes the code and then it tries to harm your PC or machine.
• Always try to ON the protection of antivirus and Windows defenders.

The post Storm Worm : Family member of Trojan appeared first on Vednam.

The Moscow headquarter vendor has not been in the working state of the companies for the past few months. The reports come from the Washington Post and Wall Street Journal that basically claimed that the product may be used by the Russian intelligence to harvest the data potentially with the Pc firms.

The New york times has another story that in the past month “the Kaspersky Lab software was compromised by the kremlin hacker and using the software as a tool. After that, the federal bureau banned all the products.

Kaspersky lab denied the media point and released a statement “ The media is circulating the older incidents that happened in 2015”.

Now the question arises on the NSA team, who took all the classified data and first how they were able to disable the Kaspersky Lab Software when they detected the new versions of APT-malware which is associated with the US Spy agency.

Let’s Go Deep 

The story does not end here” The detection for the malware, the user downloaded and installed the pirated software on his machine as it was indicated as illegal according to the cyber law but they did it. Every Pirated software carries a keygen with him to crack the activation but the keygen also activates the backdoor for the cyber attacker to enter in the machine.

Kaspersky claims” If malware or keygen runs on the system with Kaspersky security enabled then it is not possible that software will never detect that. If you want to run the keygen first you need to disable the Kaspersky security. The third-party access make the user’s machine to open the backdoor and the attacker get open path”

If the same user re-enables the Kaspersky lab software that detects the new malicious code which is sent to the vendor servers for analysis. When the suspected malicious source code found from the analyst the archive was deleted from the systems and it was not shared with the third party.

The Company also claimed that no further detections were received from the user in 2015 and there is no more incident happening after that date, except “Duqu 2.0”.

The Kaspersky lab software never created any detection method for the non-malicious document based on keywords like “top secret” and “classified “.

The main point is still doubtable that Kaspersky claimed that the incident happened in 2014 and most different reports claimed the incident in 2015.

After all the Kaspersky lab put their efforts to prove it’s being clean. So the company decided to launch the Global Transparency Initiative under which its plan to offer the source code for the independent third party review.

The post Kaspersky Lab : NSA contractor Victimizes the PC appeared first on Vednam.

Messenger Apps of Android are targeted by WolfRAT Malware

The team of Cisco Talos Intelligence has found this android malware in the wild. This malware especially targets the Messenger apps of android phones. The most popular apps are used these days as a messenger are Facebook, Messenger, WhatsApp, and line.

The details shared by researchers on their blog is this malware loosely based on the leaked malware DenDroid.Time to time the malware seems to have gone in the improvement stage to target the users. Time to time the improvement is done in the code script of this malware but the old code blocks, classes are still inside the android package.

How?

Firstly the malware targets the messaging and chat apps on android. The data steal being done by the screenshot of the chats whenever the apps are open. Most new Malware that exploits Android Accessibility suite to access data. The Screenshots are then uploaded to the C2 Server of the Malware.

The virus reaches the devices through fake and malicious updates done on the targeted devices. There are tricks to mimic the Google service to install the malware in the victim machine.

If Fail, what next?

The Malware will start the main service if all the request permissions and the devices admin privileges are granted. If not, then it launches an ACTION_APPLICATION_SETTING to activate the Plan B access to the user permissions.

Which Country Affected Right Now?

According to the researcher and news, It is currently active in Thailand. The researcher thinks that WolfRAT malware is still active but from the organization it was declared Inactive. 

At present, the malware is actively targeting the android user in Thailand. The threat actors have released open-source platforms for codes and packages. After finding the roots of this malware we consider that it has capabilities of data-stealing in larger mass and it will be a big threat in the future.

The post WolfRAT Malware affects Android Apps target Messenger Apps appeared first on Vednam.

What is happening?

According to researcher observation an upsurge in scams targeting LogMeIn which provides cloud-based remote connectivity services for IT management, collaboration, and customer engagement.  LogMeIn provides single sign-on capabilities with the last pass which means that victims who get duped may lose access to their password manager as well.

Incidents impacting remote working tools

• Slack suffered a data breach where hackers stole user names, email addresses, skype IDs, phone numbers, and passwords.
• This year April,500,000 Zoom accounts were sold on the dark web, while zoombombing Continued.

What the experts are saying

• Organizations these days are increasingly adopting popular online collaboration tools such as Zoom, Slack and malicious attackers to choose their targets.
• The most concerning things that cyberattackers are capable of taking max advantage of the APIs used by this application to gain the total access of an organization’s data with the help of remote software.
• According to the chief product officer of Xypro “These apps have third-party integrations to just about every other enterprise app for this purpose. The challenge becomes to secure and the data what we share are at risk”

What to worry about 

• These are worrying factors that the advancement of AI and ML may affect future attacks more difficult to defend and that may create virtual attackers.
• Third parties always found guilty in sharing sensitive data with other organizations and doing fraud.

Point to be a note

The usage of collaboration software since the onset of the global pandemic.

Most of these platforms are connected with other logins, such as office 365 and G Suite, which can be leveraged by threat actors to gain access to business or personal accounts.

For any Queries, Drop mail @ info@vednam.com

The post New Phishing Campaign theft LogMeIn Credentials appeared first on Vednam.

Malware is transferred or delivered in the form of a link or file over email and requires the user to click on the link to open or execute it.
Malware has actually been a threat to a specific user or organization It started in the early 1970s when the creeper virus came into the market.

According to the Technology company Intel, the world has been under attack from thousands of different and functioning its variants, all it causes the most disruption and damage as possible.

Let’s Talk Malware Do :

It Delivers payload in different ways It depends on the attackers who want to steal sensitive data and ask for Ransom to give it back. The Cyber attackers know what to steal if the malware is working on your system and its effects through the network.

Malware Types:

VIRUS: The most common word used or all malware. It all works as a biological Virus where the virus needs to get intact with your system and spread in between the code to get all access to your systems. It corrupts your files and affects the core functionality of systems and also locks the user computers. The virus always carries executable files.

WORMS: Worms work the way it gets named by the attackers. When a system in your network gets infected by Worm, then it uses your network to infect the other machines in order to continue the spread of infections. The process of spreading is faster from others if the entire machines are on the same network.

SPYWARE: Spyware name says it all that this member of malware is meant to spy on your machines and it hides the background of your system and collects all your activities performed on your machine. This spyware collects your credit card details, password, and other sensitive data.

TROJANS: You heard the story of Greek Soldiers hiding in a giant horse and attacking enemies. It uses the same method with machines. It hides with legitimate software. It will attack the system security by creating a backdoor that gives other malware variants easy access.

RANSOMWARE: Another name is called scareware, this scares people a lot in the year 2017. This Malware locks your system and start time and asks to pay Ransom in the form of bitcoin. It happens with lots of big organizations -the result was worse and expensive.

How Does Malware Spread in Your Machines? 

Every malware doesn’t work the same and they all have their own unique way of causing havoc and relying on user action. Some attackers use Emails and links to transfer it and execute them in your machine. Even these days mobile phones are vulnerable to attack. The organization Mainly takes all effective methods to lay down the attack of malware.

How Do You Protect your machines From Malware attacks?

There are two methods you can get aware of the malware : 
First, is often the easiest way to implement the malware protection tools to manage the attacks on your machines. The other way is to stop visiting the website which is having no secured link. Check email and other links you got from mail and other stuff. Verify every step you take to not cause root problems related to it.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post What is Malware ? What are the Types ? appeared first on Vednam.

The three malware CCOPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH. According to a joint advisory released by the Cybersecurity and Infrastructure Security Agency(CISA), the Federal Bureau of Investigation (FBI) and the department of defense(DoD), the malware is capable of remote reconnaissance and exfiltration of the most important information or you call it sensitive data from the targeted host systems.

That is not the end if you leave this three malware more than 20 malware are also in the list including SLICK SHOES,  BISTROMATH, HOPLIGHT, and ELECTRICFISH and among others. The Agencies have been identified and originating as part of a series of malicious cyber activity which was done by the North Korean Government which they called Hidden Cobra or moniker Lazarus Group.

Let’s Discuss on:

TAINTEDSCRIBE: It performs as a backdoor implant and pretends to be not available but itself as Microsoft narrator and uses screen reader utility to download malicious payloads from command and control server that upload and execute the files and even create and terminate the process going on.

COPPERHEDGE: When talking about the first three malware that is full-featured Remote Access Tool(RAT) which are capable of running arbitrary commands, performing system reconnaissance, and data exfiltrating. The above all is used to act and treat the target cryptocurrency exchanges and related entities. six different types of COPPERHEDGE are identified to date.

After that, PEBBLEDASH is similar to TAINTEDSCRIBE which normally a family member of trojan which has capabilities to download, upload, delete and execute files and it also enables CLI access which helps to terminate the process.

Cyber Spying Threat Significant Role

Have you guys remembered about the WannaCry ransomware infection outrage in 2017 which is also known as Wanna Decryptor, with this outrage hackers hack system and forcefully extract a Windows SMB exploit, dubbed Etrenalblue that may help to take a remote hacker to hijack unpatched windows computer and in return, they usually demand more than $600 in Ransome? The attack has been traced to Hidden Cobra.

The Lazarus Group is responsible for all that stuff and they almost $571 million worth of cryptocurrency from online exchanges.

In March 2020, The US Department of Justice(DoJ) charged two Chinese nationals working on behalf of North Korean threats to allegedly launder over 100$ million worth of stolen cryptocurrency by using Apple iTunes Gift cards.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post North Korean Hackers Used 3 New Malware : US appeared first on Vednam.