Bitcoin Malware

Bitcoin, and other crypto-currencies, seem to be the way technology is heading. It’s changing fast. And of course this has spawned a new breed of malware from people wanting to steal from you.

There’s some malware called CryptoShuffler that gets installed on your computer. Then it sits there monitoring your computer’s clipboard.

One day when you want to transfer Bitcoin (e.g. to make a purchase), you might copy and paste an address. The CryptoShuffler malware detects a Bitcoin address in your clipboard, then it gets to work.

The destination address is silently changed to the address of the hackers running CryptoShuffler.

When you paste the address in your transaction, you’re pasting the wrong address. Most people won’t realise this. The transaction goes ahead, and the hackers get your money. You won’t realise until you start to question why your transaction didn’t go as planned, but then it’s too late.

More details can be found here, https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/

Ransomware

Ransomware is a very large problem these days. It happens when someone tricks you into downloading and running some code (like in an attachment). Usually the email or website will tell you something scary (like you’ve been fined for something you didn’t do), or promise to show you a funny or interesting video.

The downloaded software immediately encrypts your documents with a secret password, and a message asks you to pay money to receive the password to unlock your files.

Apparently many people pay the ransom, totalling about $18 million in 2016. That’s crazy. If this happens to you please don’t pay. Don’t encourage this kind of crime. You have other options.

Firstly, keep a backup of all your documents. This is the most useful thing you can do today. You have so many good options for backups, including some good cloud storage services. If anything happens to your files you can just restore the backups instead of paying huge amounts of money.

Next, if you are affected by ransomware there are many free tools to decrypt your files without paying. Begin by going to this website:

https://www.nomoreransom.org/

This website is run by some very good security companies: Europol, the Dutch National Police, Intel Security, Kaspersky Lab, Bitdefender, Check Point, Emsisoft and Trend Micro. So you can trust their advice.

Notice to appear in court

The following email is part of a scam, it includes an attachment that most likely contains a virus, you should not open. Delete the email if you see it.

Notice to Appear in Court,

This is to advise that you are required to attend
the court of Los Angeles in January 8, 2014 for the hearing of your case.

Please, kindly prepare and bring the documents related to this case to Court on the date mentioned above.
Attendance is compulsory.

The copy of the court notice is attached to this letter, please, download and read it thoroughly.

WILKINS ALSTON
Clerk to the Court.

Google vs Bing

A company called AV Test has been testing Google and Bing, and has found that Google is better with filtering out dangerous websites.

They tested 10.9 million searches on both search engines and found that:

  • Google included 272 websites that were infected with malware
  • Bing included 1285 websites that were infected with malware

This is bad. If you’re searching for something, both Google and Bing test every website and hide any website that have been infected. This protects you from clicking on a website with malware. They found that Google is better at filtering infected sites. So if you want the best security possible, do your searches in Google. Full details here.

Other tips I can add are:

  • Use Google’s Chrome browser. It’s fairly good at blocking malware and resisting hacks
  • Keep your computer updates (e.g. run Windows Update frequently)
  • use a good antivirus program
  • be cautious what you click on
  • don’t believe everything you read in Facebook, emails, Twitter, etc

 

New PCs

It used to be that a new PC was safe and couldn’t have malware. This is no longer true. New PCs, straight from the shop or distributor and just unpacked, can contain malware.

In the past few days an investigation of PC manufacturers in China has found that some PCs came with some nasty malware already installed. Investigators bought 20 computers from different manufacturers and suppliers and found 4 were infected.

The manufacturer isn’t to blame here – the malware was installed by other parties along the supply chain. A supply chain includes delivery companies, companies that rebrand generic devices, distributors and shops. There are many opportunities to infect a computer these days – even before you turn it on.

In this investigation the malware was part of the Nitol botnet, which keeps installing more malware once the computer is connected to the internet. This makes it especially hard to clean. And it does things including turning on the computer’s camera and recording keystrokes (and recording passwords you type in).

So what should you do?

Install a good antivirus package from day one. This generally costs a bit of money but it isn’t much compared to the cost of the PC. Most computers come with a trial version of antivirus software – you can use this or go buy something else.

You should also run Windows Update as soon as you connect the computer to the internet.

There’s more information on the investigation here.

75 Million Unique Malware

At the end of 2011 (just recently) the total number of unique malware (viruses, spyware, etc) reached 75 million. That’s 75 million different threats people created to cause havoc, steal passwords and steal money from you. The internet can be a dangerous place.

The figure comes from a report by McAfee. They also report that malware for Macs are becoming less common, and malware for Android are becoming more common.  You can read more details here, it’s pretty grim.

Some tips to avoid being a victim:

  • Use a good antivirus product on your computer. Paid ones are usually better. Keep it updated
  • Use Google Chrome
  • Don’t click on every link you see in Facebook, Twitter, etc.
  • Sometimes people’s accounts get hacked, so something they wrote online might not really be from them
  • Don’t believe every sensational headline you see
  • Don’t believe every alarming email you receive, especially emails that sound urgent and have poor spelling and grammar
  • Use common sense (why would a stranger in an African country want to give you millions of dollars, or did you really enter the Spanish lottery?)
  • Use Google to check if something you read is true

 

Scary emails with malware

Malware infected emails are getting scarier with subjects about wanting to sue you. Take the email below, it suggests that your email is sending spam and that you’re going to be sued. This kind of tactic is called social engineering, the words have been carefully crafted to add a sense of urgency, which in most people causes irrational decisions to be made such as opening the attachment in the email.

The email says,

Hello. Your email is sending spam messages! If you don’t stop sending spam, we will be impelled to sue you! We’ve attached a scanned copy of the document assembled by our security service to this letter. Please carefully read through the document and stop sending spam messages. This is the final warning!

The subject is one of

  • You are sending ad messages
  • We are going to sue you
  • This is the final warning
  • We’ve sent you a copy of a complaint
  • A message from our security service

If you see an email like this don’t click on the attachment. Delete the email. The attachment is a trojan that then installs viruses every time you reboot the PC.

 

Hotel “Wrong Transaction” Spam

Lately there have been some spam emails claiming to have details about an incorrect hotel transaction. The email is a ploy to install malware on your computer. Here’s how it works,

  • You receive an email telling you that a hotel has incorrectly charged your credit card
  • The email also says that you should fill out an attached form for a refund (i.e. open an attachment and get some money)
  • The attachment installs a fake antivirus program
  • The fake antivirus program asks you to pay money to clean your PC (even though there’s really nothing wrong with it)
This spam email has many variants but they all seem to be based on a hotel transaction. Below are some example subject lines
Hotel Renaissance Chicago made wrong transaction
Hotel Westin St. Francis made wrong transaction
Wrong transaction from your credit card in Woodrun V Townhomes
If you see an email like these just delete it, or mark it as spam. Don’t open the attachment.

Facebook Videos

In the last few days there have been some malicious videos posted on Facebook. If you use Facebook and see any of the following videos, don’t click on them.,

  • a video of disgraced former International Monetary Fund Managing Director Dominique Strauss-Kahn and a hotel maid
  • an X-rated video of celebrities Rihanna and Hayden Panettiere

These videos are not actual videos, but are links to a website that installs malware. Note that it affects both Windows and Mac computers. On Windows, the malware tells people to install a new version of Adobe Flash Player, but instead installs a fake antivirus program. On a Mac the malware brings up a fake security warning and asks people to install a fake “fix” to the problem. In both cases the malware then wreaks havoc with the computer, shows pornographic images, and asks the user to pay money to stop it happening. After (real) money is paid the malware remains. So overall it’s quite a nasty bit of work.

If you come across anything like this in Facebook please let the person who posted it know it’s malicious. The sooner they remove the post the less damage it will do.