Wednesday, February 11, 2015

New Rampant Ransom that fakes a Chrome update



------------------------------------------Important Blog Update!!!!!!!--------------------------------------------

                                                 EXPLOIT/MALWARE ALERT


This is breaking news from the Awesome Uno Management Center in ITGeeks HQ. I have just received news that a new way of delivering malware to your PC has been discovered. More info as follows:

Beware of emails appearing to come from Google warning you that “Your version of Google Chrome is potentially vulnerable and out of date”.
In this latest spam wave, cyber crooks are tricking users into downloading the well-known browser, except that it’s a dangerous Trojan that will encrypt your personal files and demand a hefty ransom to decrypt them back. The ransom is called CTB-Locker and it's deadly.
The payload is not attached to the email but instead gets downloaded from various websites that appear to have been compromised.
One particular domain appears to serve as the dynamic redirection mechanism:
assetdigitalmarketing.com/redirect.php
It then directs the user to one of the following sites where the fake installer is hosted:
hxxp://www.thelastxmas.com/ChromeSetup.exe
hxxp://www.baddadsclub.com/ChromeSetup.exe
hxxp://cognacbrown.co.uk/ChromeSetup.exe
hxxp://www.geordie.land/ChromeSetup.exe
hxxp://www.goodtobeloved.com/ChromeSetup.exe
Running “ChromeSetup.exe” will not install Google Chrome. Instead the Windows wallpaper will change to this:

This is not just a fake warning. The files on the systems are indeed encrypted:
The bad guys demand a ransom that can be paid using Bitcoins:
Malwarebytes Anti-Malware detect this ransomware as Trojan.ZBAgent.NS and will eradicate it.



The problem with ransomware is that while the active Trojans can be removed, it is much more difficult and sometimes impossible to recover the encrypted files.
The folks at BleepingComputer have some tips on how to restore your encrypted files. However, as is often the case, prevention is critical to avoid a nasty ransomware infection.
Social engineering remains a powerful technique to trick people into running programs they shouldn’t. As a rule of thumb you should always only download files from their official website rather than from some unknown site.
Further reading:

Saturday, October 25, 2014

Windows 10 Technical Preview now available!!!!

Hello guys!!! I have just found out that the Windows 10 Technical Preview is now available!!!!


 You can get the preview from the following website:

 Windows Insider Program Home

 Be sure to register with your Microsoft account to become a "Insider" to download the preview.

 For more info and for help go to this hyperlink:

LifeHacker: How to install Windows 10 right now

 Hope to see or hear from you soon!!!

Tuesday, September 30, 2014

New website created using 1&1

    I have created a new domain using 1&1.

To visit my new webpage that is part of my domain, go to this hyperlink:

Xtreme Malware Security + :: Home

I hope you enjoy and I will be adding more and more things to my new domain.

BTW, this domain IS protected with SiteLock.

SiteLock says the domain that you go to when you click(ed) the above hyperlink is Malware-Free!!!

I WILL STILL USE BLOGSPOT BUT I WON'T POST AS OFTEN!!!!!!

Monday, August 11, 2014

SHORTENED WEBSITE URL



----------------------------------------ATTENTION VISITORS!!!!!-------------------------------------

I, THE OWNER AND CREATOR OF MALWARE SHIELD HAVE SHORTENED THE LINK (URL) FOR THIS BLOG. THE ORIGINAL SITE ADDRESS malwareshield2.blogspot.com WILL STILL BE ACTIVE!!! BELOW ARE THE WEBSITES YOU CAN VISIT TO SEE THIS OFFICIAL BLOG:

1.  malwareshield2.blogspot.com
2.  http://adf.ly/r388s
3.  http://goo.gl/kRTKt2


THANKS FOR YOUR COOPERATION IN THIS ADDITION/CHANGE TO THIS BLOG!!!!!

P.S.  YOU WILL NEED TO CLICK SKIP AD IN THE adf.ly URL TO VISIT MY BLOG USING THE SHORTENED URL!!!

P.P.S  THANKS!!!!
                                                                                                                                 Sincerely,
                                                                                                                            Sanel Kukic
                                                                                                                            Blog Admin

Tuesday, August 5, 2014

ANDROID MALWARE UPDATE!!!!!!



-----------------------------------IMPORTANT BLOG UPDATE----------------------------------------

--------------------------------------FRAUD/SCAM ALERT!--------------------------------------------

I HAVE JUST RECIEVED BREAKING NEWS THAT ANDROID FEATURES ARE BEING USED MALICIOUSLY!!!!!   I DO HAVE MORE INFO AS SHOWN BELOW:


We hear a lot about the high amount of Android malware running rampant. An interesting tidbit is a vast majority of malware doesn’t need any special ‘magic’ to behave maliciously. They use existing functionality to attack users, functionality available to all developers.

We’ll take a look at a couple of these methods in which malware is able utilize,  once their permission request is granted and the app is installed.


SMS Receivers

This first method is monitoring incoming SMS. Malware can use SMS to send premium messages, sign you up for paid services, send spam, and a lot more.

Let’s look at the RECEIVE_SMS permission, used heavily by bank Trojans to capture authentication codes and other information related to an account. With this permission granted the malware will create a ‘Receiver’ to monitor incoming SMS.

Once an SMS message is captured, it can do a variety of things like abort the message notification, delete, and collect the contents of the message.

The example here shows how a Korean bank Trojan collects an incoming SMS message, sends to a remote server, and then aborts the notification. The data sent includes the compromised device’s phone number, incoming number, and message contents.

http://blog.malwarebytes.org/wp-content/uploads/2014/07/sms03b.jpg?w=564

Many apps request to send or receive SMS so the permission request can often be overlooked when installing. The challenge is we can’t see what goes on behind the scenes so SMS could be sent, received, deleted, and contents sniffed without our knowledge. We just have to hope Google is keeping us secure.

Device Administrator

Another feature exploited is the security setting “Device Administrators.” Introduced in Android 2.2 it was put in place to help IT department’s better secure corporate Android devices. When an app is defined here, system administrators can enforce policies for devices such as password strength, locking device, and remote wipe.

When an app is listed as an administrator it needs additional steps to uninstall, the app must first be deactivated from Device Administrators.

Malware authors typically use this functionality to prevent an app from being uninstalled.

In this example, Device Administrator is used to prevent uninstalling as usual, but by monitoring events such as the Action DEVICE_ADMIN_DISABLE_REQUESTED, this ransomware is able to block the deactivation attempt. Even in Safe Mode, where only system apps should be started it is able to block deactivation, making this guy even more difficult to remove.

http://blog.malwarebytes.org/wp-content/uploads/2014/07/device_admin02.jpg?w=564

Ransomware, like Koler, SimpLocker, and FBILocker, are becoming more of a nuisance incorporating methods like this, making them even more difficult to remove. Early variants would not block a users access to the device, so if you didn’t fall for the scam you could easily uninstall.

You can review which apps you have installed that are Device Administrators through your Android settings. Settings -> Security -> Device Administrators.

These are just a couple of examples of how malware uses existing Android’s features in malicious ways. We suggest you review permissions before installing apps and backing up your data.

Give a second thought to apps requesting to be Device Administrators.

NEW BLOG GRAND OPENING!!!!!!!! YAY!!!!!!!!!! :D XD



--------------------------------------GRAND OPENING NOTICE!!!!!---------------------------------

Hello everyone and welcome to sanel kukic's new blog!!!!!  I am sanel kukic, the owner of Keep Jacksonville Awesome!!!!!! and now Malware Shield!!! In this blog, I will be describing malware of all kinds and tips on protecting yourself and I will also be rating different kinds of anti-malware software. Here are my blog websites:

1. keepjaxawesome1.blogspot.com
2. malwareshield2.blogspot.com  (NEW!!!!!)

Be sure that you visit both of my blogs!!! I will be posting as soon as I get any info about malware running rampant. Have fun!!!!


                                                                                                                 Sincerely,
                   
                                                                                                              Sanel Kukic
                                                                                                      Blog Creator of 2 blogs