Pandemiya: Entirely new trojan quietly wheeled into black hat forums, ATM “Hacked” by 14-year School Children and Gameover for CryptoLocker

Pandemiya: Entirely new trojan quietly wheeled into black hat forums
Pandemiya is nasty: it can steal data from forms, create fake web pages and take screen shots to send back to the botmasters who deploy it.

The software is modular and pervasive, and unique thanks to its ability to inject itself into all new processes via the Windows security registry function CreateProcess API… Like other trojans, Pandemiya is foisted on machines through exploit kits and drive-by infections that target vulnerabilities in buggy wares such as Java, Silverlight and Flash.


ATM “Hacked” by 14-year School Children
Two fourteen year old boys were able to access an ATM’s administrator mode using nothing but the default password they found in an online manual.

Although they were not able to access personal details (such as individual account details) or withdraw money, the boys were able to see how much cash was in the machine, how many transactions the machine had handled and other “off-limit” information. As a warning, or a prank, they were also able to change the ATM’s welcome message from “Welcome to the BMO ATM” to “Go away. This ATM has been hacked.”

After finding the weakness in the ATM’s security, the boys reported their findings to the Bank of Montreal’s local branch. After initial scepticism, the branch manager acted on the information and reported the flaw to the bank’s security department. He even gave the kids a letter to explain why they would be late returning to class.

Although fortunately, in this case, the kids were not malicious and no information or cash was stolen; it is an important reminder to us all to never leave those default passwords unchanged.


Gameover for CryptoLocker
Today the U.S Justice Department announced the successful takedown of the Gameover Zeus Botnet, which is a malware that steals bank credentials as well as acts as a distribution method for other malware. One of most well-known malware infections distributed by the Zeus Botnet, or ZBOT, malware was the ransomware called CryptoLocker. Through the combined efforts of the FBI, international law enforcement counterparts, and various private sector companies, the Gameover Zeus Botnet was successfully shutdown, servers seized, and the identity of one of its leaders, Evgeniy Mikhailovich Bogachev, was disclosed.

As was discovered back in September 2013, the main distribution method for CryptoLocker were ZBOT executables disguised as PDF files being mass emailed to company email addresses. These emails pretended to be from tax companies, Fedex, UPS, Xerox, and other business related organizations. Once a ZBOT attachment was opened, ZBOT would be installed and would eventually download and install CryptoLocker on the infected machine.

All in all, there is no doubt that this was a hugely successful operation and one that benefits everyone who uses a computer, but is it really the end of CryptoLocker? Furthermore, are the creators of the Zeus Botnet and CryptoLocker one and the same? What we do know is that McAfee, one of the companies involved with the takedown, prematurely posted a blog post about Operation Tovar before it was officially announced. This blog post was only public for a brief period before it was taken down. Unfortunately, it may have been enough time to let the Gameover or CryptoLocker developers know what was going on as the CryptoLocker Decryption Service page was replaced with a simple message. “stupid mcafee “. Unfortunately, this page is no longer accessible and showing a “Bad Gateway” message.

For now, more information about Operation Tovar can be found in the official United States Department of Justice complaint, their press release, and other court documents regarding Operation Tovar.

Posted in Antivirus | Tagged , , | Leave a comment

Avast Forum Taken Offline, Watch Dogs Launch Plagued and eBay Breach Affecting ~145MM and more..

Avast Forum Taken Offline
Today Avast posted a blog post detailing how their Avast Forum was hacked over the weekend and that it was taken offline as it is being rebuilt. According to the blog post less “than 0.2% of our 200 million users were affected.”, which means that hacker had access to approximately 400,000 user credentials. These credentials include nicknames, names, email addresses, and hashed (one-way encrypted) passwords. As it was only the forums that were hacked, no license or financial information was compromised.

Though the passwords were encrypted, it may still be possible for a hacker to crack the passwords. With that said, if you used the same password at the Avast Forums as other sites, please change the password immediately.


Watch Dogs Launch Plagued
The anticipated action-adventure game Watch Dogs launched today, but many people are not able to play due to problems with Ubisoft’s Uplay service. In order to play Watch Dogs, you need to login and connect to Uplay, which acts as the Digital Rights Management (DRM) for the game. Unfortunately, the Uplay service has been having issues for the past 2-3 hours leaving thousands without the ability to play their newly purchased game. Ubisoft has admitted to being aware of the issue, but has provided no details as to what the problem is or when the issues will be resolved.

When people are trying to login to Uplay they are instead being greeted with a message that states:

“A Ubisoft service is not available at the moment. You can Try again later or switch to Offline Mode”

When users attempt to switch to Offline Mode, some people are reporting success while others are unable to find Watch Dogs in their list of games. As you can imagine users are becoming frustrated with Ubisoft’s DRM that requires “always online” play for their titles.


eBay Breach Affecting ~145MM
eBay breach Affecting ~145 MM Cyber-attack, security breach, or a bug? They may all be essentially the same thing, however, the outcome is always the same. Change your password.

eBay has been hacked, and it will affect anywhere from 12 to 145 million users. PayPal, a subsidiary of eBay, has announced it was unaffected by the breach.

According to several sources on the Internet today, eBay will be issuing notices to ask people to change passwords. eBays stock plummeted this morning to 50.30 (the 52-week low was 48.06) before starting to rise.

At the time of this writing, many portions of the Investor Relations corporate website for eBay were not available. After attempting to access the In The News section of the site, it was not available most of the day (many times that is fed by Bloomberg to the IR portion of publically-traded companies). It appeared analysts were most likely updating the buy, sell or hold recommendations, and Bloomberg had difficulty keeping up with the traffic.

Posted in Antivirus | Tagged , , | Leave a comment

Windows Internet Guard, Key-Finder.com Browser Hijacker and WebsSearches.com Browser Hijacker Removal Guide

Windows Internet Guard Removal Guide
Windows Internet Guard is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Internet Guard is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Internet Guard is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

To protect itself from being removed, Windows Internet Guard will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it.


Key-Finder.com Browser Hijacker Removal Guide
The Key-find.com adware from the Adware.LinkHijacker family of browser hijackers that are bundled with certain free programs that you can download off of the Internet. This adware is considered a browser hijacker because it changes your web browser’s home page and default search provider to Key-find.com without your permission. Furthermore, this adware will append the argument http://www.key-find.com/?type=hp&ts=<timestamp>&from=<affiliate_id>&uid=<disk_id> to various web browser shortcuts and sometimes non-internet related programs. This causes the Key-find.com web page to open when you launch one of these hijacked shortcuts. Unfortunately, there is no Uninstall Programs entry that uninstalls Key-Find from your computer and instead you need to use the specialized tools found in this guide to clean your computer.

It is important to note that this program is installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Without a doubt, this adware was created to promote the Key-Find website without giving you the option to remove it and revert back to your original browser settings.


WebsSearches.com Browser Hijacker Removal Guide
The WebsSearches.com adware from the Adware.LinkHijacker family of browser hijackers that are bundled with certain free programs that you can download off of the Internet. This adware is considered a browser hijacker because it changes your web browser’s home page and default search provider to WebsSearches.com without your permission. Furthermore, this adware will append the argument http://istart.webssearches.com/?type=sc&ts=<timestamp>&from=<affiliate_id>&uid=<disk_id> to various web browser shortcuts and sometimes non-internet related programs. This causes the WebsSearches.com web page to open when you launch one of these hijacked shortcuts. Unfortunately, there is no Uninstall Programs entry that uninstalls WebsSearches from your computer and instead you need to use the specialized tools found in this guide to clean your computer.

It is important to note that this program is installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Without a doubt, this adware was created to promote the WebsSearches website without giving you the option to remove it and revert back to your original browser settings

Contact ResolutionsMSP for help resolving any computers that have been infected from this virus.

Posted in Antivirus | Tagged , | Leave a comment

Windows Web Watchdog, Windows AntiBreach Patrol and Windows Antivirus Patrol Removal Guide

Windows Web Watchdog Removal Guide
Windows Web Watchdog is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Web Watchdog is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Web Watchdog is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

To protect itself from being removed, Windows Web Watchdog will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it.


Windows AntiBreach Patrol Removal Guide
Windows AntiBreach Patrol is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows AntiBreach Patrol is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows AntiBreach Patrol is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

To protect itself from being removed, Windows AntiBreach Patrol will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it.


Windows Antivirus Patrol Removal Guide
Windows Antivirus Patrol is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Antivirus Patrol is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Antivirus Patrol is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

To protect itself from being removed, Windows Antivirus Patrol will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it.

Contact ResolutionsMSP for help resolving any computers that have been infected from these virus.

Posted in Antivirus | Tagged , | Leave a comment

Windows Antivirus Helper, Sweet-page.com Browser Hijacker and Windows AntiVirus Tool Removal Guides

Windows Antivirus Helper Removal Guide
Windows Antivirus Helper is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Antivirus Helper is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Antivirus Helper is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.


Sweet-page.com Browser Hijacker Removal Guide
The Sweet-page.com adware from the Adware.LinkHijacker family of browser hijackers that are bundled with certain free programs that you can download off of the Internet. This adware is considered a browser hijacker because it changes your web browser’s home page and default search provider to Sweet-page.com without your permission. Furthermore, this adware will append the argument http://www.sweet-page.com/?type=hp&ts=<timestamp>&from=tugs&uid =<hard-disk-id> to various web browser shortcuts and sometimes non-internet related programs. This causes the Sweet-page.com web page to open when you launch one of these hijacked shortcuts. Unfortunately, there is no Uninstall Programs entry that uninstalls Sweet-page from your computer and instead you need to use the specialized tools found in this guide to clean your computer.

It is important to note that this program is installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Without a doubt, this adware was created to promote the Sweet-page website without giving you the option to remove it and revert back to your original browser settings. To remove this browser hijacker and clean the affected shortcuts, please use the removal guide below.


Windows AntiVirus Tool Removal Guide
Windows AntiVirus Tool is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows AntiVirus Tool is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows AntiVirus Tool is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

Contact ResolutionsMSP for help resolving any computers that have been infected from this virus.

Posted in Antivirus | Tagged , | Leave a comment

Awesomehp.com Browser Hijacker, LiveSupport and Windows Ultimate Booster Removal Guides

Awesomehp.com Browser Hijacker Removal Guide
The Awesomehp.com is a program that is part of the Adware.LinkHijacker family of adware. This program is bundled with various software that you can download for free and when installed will hijack your web browser and search engine so that it is set to Awesomehp.com. This adware is considered a browser hijacker because it changes your web browser’s home page and default search provider to Awesomehp.com without your permission. Furthermore, this adware will append the argument http://www.awesomehp.com/?type=hp&ts=<timestamp>&from=air&uid=<hard drive id> to various web browser shortcuts and sometimes non-internet related programs. This causes the Awesomehp.com web page to open when you launch one of these hijacked shortcuts. Unfortunately, there is no Uninstall Programs entry that uninstalls Awesome from your computer and instead you need to use the specialized tools found in this guide to clean your shortcuts so your programs start normally.


LiveSupport Removal Guide
The LiveSupport program is a small program that displays contact information for a remote support company and suggests that you download a variety of security programs to protect your computer. This program is commonly bundled with free programs that you can download off of the Internet. These free programs bundle adware programs like LiveSupport in order to generate revenue even though the program you wanted is free. Once installed, Live Support will automatically start when you login to Windows and display an icon of a remote-support person’s head on the title bar of the active Window. When you click on this head icon, you will be shown a screen that offers a remote support number, which is currently 1-855-544-6024, as well as a tab that pretends to perform a system check and recommends two of four programs. The programs it promotes are Driver Pro, Optimizer Pro, Driver Updater, and System Performance Optimizer.


Windows Ultimate Booster Removal Guide
Windows Ultimate Booster is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays fake scan results, fake security warnings, and does not allow you to run programs on your computer. Windows Ultimate Booster is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

When Windows Ultimate Booster is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

Contact ResolutionsMSP for help resolving any computers that have been infected from this virus

Posted in Antivirus | Tagged , | Leave a comment

Windows Accelerator Pro, Prime Shield and Prime Booster Removal Guides

Windows Accelerator Pro Removal Guide
Windows Accelerator Pro is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Accelerator Pro is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Accelerator Pro is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

Windows Prime Shield is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Prime Shield is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.


Windows Prime Booster Removal Guide
Once Windows Prime Shield is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.


Windows Accelerator Pro Removal Guide
Windows Prime Booster is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered a rogue anti-spyware program because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Prime Booster is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Prime Booster is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

Contact ResolutionsMSP for help resolving any computers that have been infected from this virus.

Posted in Antivirus | Leave a comment

Small Business Saturday Sale; November 30, 2013

resolutionsoffer

Resolutions is giving an amazing 35% off on Cloud Technology Products!

Cloud Anti-Virus Software - Save $24.48

buynow

Cloud Anti-Virus Software  - Save 10.50

buynow

http://www.ResolutionsMSP.com

Posted in Antivirus, Cloud Backup, Promotions | Leave a comment

Receive 35% off Cloud Anti-Virus & Cloud Backup Products on Small Business Saturday, November 30, 2013

Security > Delivery > Backup

Security > Delivery > Backup

Resolutions hopes everyone has a Happy Thanksgiving! Keep a look out for our Small Business Saturday sale on November 30, 2013. Save 35% off all cloud anti-virus and back-up and data recovery products!

http://www.ResolutionsMSP.com

Posted in Antivirus, Cloud Backup, Promotions | Tagged , , | Leave a comment

Resolutions is offering 35% off Cloud Anti-Virus and Cloud Backup Products

resolutionsoffer

On November 30, 2013 Resolutions is offering 35% off Cloud Anti-Virus and Cloud Backup products in support of Small Business Saturday.

http://www.ResolutionsMSP.com

Posted in Antivirus, Cloud Backup, Promotions | Tagged , , | Leave a comment