Categories
Security solutions and antivirus software

Kaspersky VirusDesk

Today we’re presenting Kaspersky VirusDesk, a free service developed by the Russian security firm. The service allows you to scan files or links for viruses or other threats.

Some of you might agree into having a resident antivirus solution installed. Especially on Windows operating systems, since they are more vulnerable to attacks like WannaCry etc. That doesn’t mean that online file scanners are not good as a second opinion regarding a file or link. Most of the online scanners have integrated multiple antivirus engines, an even better estimation of a file’s threat level.

Kaspersky VirusDesk description

Kaspersky VirusDesk

The two main functions of Kaspersky VirusDesk are:

  • scanning of one or multiple files (included archives)
  • the option to look up of the reputation of links

The status of threats are either safe, infected or suspicious.

  • if Kaspersky detects no threats, then the link or file(s) are Safe.
  • a file or link “may pose a threat in some cases”, then the Suspicious status may appear.
  • the link or file is marked as Infected if a threat has been identified.

You can drag and drop files directly into the web page, or use the attachment icon to use a file browser to load one. The scan uses the exact same engine as Kaspersky Antivirus solution for Windows. Another interesting feature of Kaspersky VirusDesk is the option to “disagree with the scan”. This might come handy for software developers who had their program identified as a threat by the online scanner. That way they can submit the file using the disagree option, leaving the Kaspersky Security Labs to analize it further.

If you want to scan multiple files, a better way to do that is to put them all into a password protected zip file.

There’s a downside though, since the maximum file size is limited to 50 MB. If by any chance you have a bigger file to scan, please use VirusTotal scanner, since it supports a 128 MB file size.

Conclusions about Kaspersky VirusDesk

The service is let down somewhat by the relatively low maximum file size it supports. Webmasters and software developers on the other hand may find it useful to deal with false positives that Kaspersky may identify in sites or programs. Use it wisely!

Categories
News

Kaspersky’s RakhniDecryptor can now recover the files infected by the Jaff ransomware

As you may know, the ransomware is that type of malware that encrypts all your personal data and asks for a ransom, in order to get the decryption key.

This kind of internet infection has spread a lot lately, the WannaCry being the largest cyber attack from internet history. Fortunately, a lot of big companies, tech teams and security researchers worked together and stopped WannaCry, for now.

Well, this article brings good news to ransomware victims. The guys from Kaspersky have updated their RakhniDecryptor tool to version 1.21.2.1, bringing support for decrypting files infected by the Jaff ransomware. The researchers have discovered a weakness in the virus’ code and exploited it, being able to create a decrypting tool.

The Jaff ransomware is distributed with the help of Necurs botnet, the same botnet that distributed the Dridex Banking Trojan and the Locky ransomware, in the past.

The Jaff ransomware (found by antivirus software as Trojan-Ransom.Win32.Jaff) spreads via spam emails with infected PDF files that opens a Word file with a malicious macro script that downloads and executes the ransomware.

A few usage instructions, for Kaspersky’s RakhniDecryptor:

The Kaspersky RakhniDecryptor is a lightweight and portable decryption tool, capable of recovering data affected by different types of ransomware, and does not require advanced technical skills to decrypt the files.

  • You need to download the latest version of the RakhniDecryptor from here.
  • Extract the archive and run the RakhniDecryptor.exe on an infected system.
  • Use the Change parameters option to select the locations you want to scan.
  • Browse to the exact path of the infected files.
  • Next, the tool with recover the decryption password to unlock the files.

Due to the fact that I don’t have encrypted files on my hard drive, I could not create a full tutorial, but the tools is very easy to use.

Kaspersky's RakhniDecryptor can now recover the files infected by the Jaff ransomware

In order to keep your system safe from ransomware infections, I recommend you to read this article. It provides you 4 security tips that can save your business from ransomware. Or, if you manage to perform your regular tasks only with apps from the Microsoft Store, use Windows 10 S, which is 100% ransomware-proof.

Categories
Hackers and hacks

Hacker drained $800.000 from two Russian banks by using fileless malware

As you may know, fileless malware uses legitimate tools on ATM machines, permitting hackers to install viruses on the RAM memory, which disappear after the first reboot. These non-malware attacks permit the users to gain access on existing software, initiate allowed protocols without downloading any malicious file.

Recently, Kaspersky’s Sergey Golavanov discovered that two Russian banks were targeted by such an attack, the hackers stealing $800.000 in a single night.

The ATMs did not have any malware installed on them and the CCTV cameras have recorded the hacker leaving with stacks of bills, as if it was normal. In less than 20 minutes, the hacker took $100.000 worth of cash. The only clue left behind was a log file, which included one line in English: “Take the money.”

This type of attack gets more and more frequent, according to Kaspersky, fileless attacks have targeted more than 140 backs in Europe, United States and elsewhere, but the full details of the technique are not yet known.

Categories
News

According to WikiLeaks’ Vault 7 article, CIA had a hard time bypassing the Bitdefender and AVG protection

As you may know, WikiLeaks has published the article recently, revealing a lot of information about how CIA spies the users and their hacking capabilities. The article is called Vault 7 and provides a lot of interesting information.

The CIA uses 0-day exploits and spreads malware in order to perform mass espionage. Some ideas, from the WikiLeaks article:

  • CIA is capable of hacking into all the Android and iOS phones that have (or had) the Twitter app installed.
  • CIA can spy the users by using the Android and iOS phones, the internet of things devices and the smart TVs as microphones.
  • CIA can decrypt all the encrypted messages from WhatsApp, Signal and Telegram.
  • CIA can hack almost every system that’s available online, because it has both hardware resources and smart people that can do that.

The article does not contain anything about Windows Phones, this meaning that either it does not represent any interest or the government has some kind of deal with Microsoft.

In order to hack into different computers, the CIA hackers had to make their hacking tools bypass the security offered by antivirus software. This article from APNews.com tells us how much the CIA struggled to trick a bunch of antivirus solutions:

Comodo:

A CIA hacker said about Comodo that it is “a colossal pain in the posterior. It literally catches everything until you tell it not to.”. Același hacker a anunțat că ultimele versiuni Comodo sunt mai ușor de ocolit decât cele mai vechi, dar unul dintre angajații Comodo a anunțat că exploit-ul folosit de CIA nu mai este de actualitate de multă vreme.

Kaspersky:

Due to the fact that the antivirus has a flaw in its source code, CIA has managed to easily bypass Kaspersky’s protection. Eugene Kaspersky a anunțat că cele două vulnerabilitați folosite de către CIA au fost deja descoperite și eliminate.

Avira:

The CIA hacker has announced that he has bypassed Avira protected systems easily. The firm announced that they have patched the flaw a few hours after the vulnerability has been leaked and that there isn’t any proof that the users were affected by the bug.

AVG:

CIA had a trick to theoretically bypass AVG, but one of the technology officers at AVG announced that the flaw CIA would be using is obsolete today.

F-Secure:

The same as Avira, the CIA hackers did not have to work hard in order to bypass this AV’s security.

Bitdefender:

It looks like CIA had a hard time trying to crack Bitdefender’s security and it’s not certain if the agency managed to bypass it or not.

Categories
Hackers and hacks News

StoneDrill Malware destroys the data on the infected computers

Kaspersky Lab has recently discovered StoneDrill, a new type of malware that destroys all the files on the infected computer for good. The malware features anti-detection techniques and espionage tools and has infected computers in the Middle East and Europe.

It is similar to Shamoon, which wiped clean about 35.000 computers in an oil and gas company in the Middle East, back in 2012, and left 10% of the world’s oil at risk.

Shamoon 2.0 has reappeared in 2016 and StoneDrill is very similar to it, but has extra features. The virus infects th computer, injects itself into the memory process of the default browser, fools the security solutions present with two anti-emulation techniques and after it has successfully disguised, it start destroying files.

Kaspersky Lab also found a StoneDrill backdoor, used for espionage purposes. For now, the security researchers did not discover how the malware spread.

The best way to protect against all sorts of attacks is to use security software, strong password rules and be paranoid enough to think that your security will be breached and implement a backup solution, so that everything destroyed or infected can be successfully restored.

For more information, see this article from Kaspersky’s securelist.com website.

StoneDrill Malware destroys the data on the infected computers

Categories
Editorials and informational articles Security solutions and antivirus software

Kaspersky, ESET and Avast have released Dharma ransomware decryptors

All the security firms fight together in order to create decryption keys for ransomware viruses. The folks from BleepingComputer have added the master keys for the Dharma ransomware (Crysis variant) on their website and soon after that, ESET, Avast and Kaspersky have added the keys to their decryptor tools.

Kaspersky integrated it into its Rakhni decryptor tool, ESET added the same keys into their ESET Crysis Decryptor tool, while Avast added it to Crysis ransomware decryptor.

This means that the users that got infected with this ransomware malware and got their files encrypted with the .dharma extension can now recover their files for free, without having to pay the ransom.

Decryption tools are also available on No More Ransom, a campaign site run by Europol, Dutch National Police, Intel and Kaspersky.

If you don’t know this yet, the ransomware malware is a type of virus that encrypts all the data on the infected computer and leaves an instruction file on the desktop, to offer the necesarry information to contact the hacker and pay for the decryption key in bitcoin.

It is hard to protect your computers against it because every person with a little computer skills can create its own ransomware virus and harm others.

Personally, I use Cyberfree Anti Ransomware and I have both a Zemana antimalware license, to keep my computer safe from such viruses.

 

Categories
Editorials and informational articles News

2016′ best antivirus was Avira Antivirus Pro, while Kaspersky Virus Removal Tool is the best for cleaning infected computers

The folks from AV-Test have conducted a 12-month endurance test, involving 897 evaluations for each security software for Windows 10 and took a conclusion.

They performed their research on two different stages: installed virus removal tools on infected systems and evaluated the results and disabled the security software so that the systems can get infected and again, evaluated the results.

Four of the tested solutions were capable of eliminating all the malware samples: Avira Antivirus Pro, Kaspersky Internet Security 2016/2017, Malwarebytes Anti-Malware and Avast! Free Antivirus 2016. Avira Antivirus Pro has also managed to remove all the registry keys so it scored best in all the tests.

Bitdefender Internet Security 2016/2017, Symantec Norton Security and G Data Internet Security have provided good performance as well, but missed malware in a few cases.

Among the bootable antimalware/recovery software, Kaspersky Virus Removal Tool ruled them all and managed to remove all the malware samples, while the others failed.

The screenshots below are self explanatory.

2016' best antivirus was Avira Antivirus Pro, while Kaspersky Virus Removal Tool is the best for cleaning infected computers

2016' best antivirus was Avira Antivirus Pro, while Kaspersky Virus Removal Tool is the best for cleaning infected computers

Personally, I am a fan of Malwarebytes Anti Malware when it comes to cleaning up infected computers, but I also use AdwCleaner, Zemana and HitmanPro, hoping to remove all the leftovers that were not spotted by my first virus scan. My favorite free antivirus is Avast!, because it is lightweight and has a lot of features.

Categories
News

Avast created 3 new ransomware decryption tools

As you may know, the number of ransomware infections has increased a lot in the last six months, despite the fact that antivirus companies fight it. Last year, more than 200 new ransomware malware were discovered.

For example, Avast has released 14 decryption tool so far, in order to help users to recover their infected data for free. The latest 3 decryption tools created by Avast can decrypt the files infected by Jigsaw, HiddenTear and Philadelphia/Stampado.

Due to the fact that the ransomware gets updated frequently, the security firms need to update their decrypting tools as well.

For example, HiddenTear’s source code is hosted on GitHub and can be used and modified by everyone. It encrypts files under the extensions: .34xxx, .locked, .BUGSECCCC,.bloccato, .lock, .saeid, .unlockit, .Hollycrypt,.monstro, .lok, .razy, .mecpt, .암호화됨, .flyper, .kratos, .8lock8, .fucked,.CAZZO, .krypted, .doomed et cetera.

The antivirus companies fight side by side against this kind of threats, due to the fact that there is no tool to offer 100% safety. So far, decryption keys from Avast, AVG, Kaspersky, Emsisoft, McAfee, Trendmicro.

For more information, see this blog post from the Avast website.

We will keep you posted. Stay tuned.

Categories
News

KasperskyOS has been officially released

A while ago, Eugene Kaspersky has announced that they have created its own operating system designed for embedded devices and used it on Kraftway Layer 3 switch.

Well, KasperskyOS has been officially released, specially created to secure embedded devices. It is designed with security in mind and prevents the execution of malicious code by its design.

The guys from Kaspersky have worked 15 years for KasperskyOS and now it has been released for software developers and IT equipment manufacturers from the entire world. It is ideal for the telecom and transport industries.

KasperskyOS was designed to secure the IoT devices and uses a kernel built in-house. A few top class security engineers have gathered and discussed about security and came to the conclusion that regular operating systems cannot be too secured because the way they are designed. So, the engineers have started to create their security-focuses operating system, running their own kernel.

KasperskyOS permits the software to make only predefined operations, so the software developers have to respect a strict security policy. While the Kaspersky engineers have struggled a lot to implement this concept, it is really useful to the developers. If a software has a bug, the operating system stops it from doing other things that it is not designed to do, due to its security policy. The security policy can be customized by the company’s needs and not the other way around.

While there is no 100% security, KasperskyOS guarantees 99%. Technically speaking, injecting malicious code in such a complex medium would not succeed. Due to the fact that the malware activities are not included to the security policy, malware applications or software that contain malware are harmless. So, KasperskyOS is immune to cyber threats by the way it has been designed.

KasperskyOS is a universal operating system, created for businesses in telecom, logistics and industry, but the Russian company is also working at special packages for the financial businesses, in order to security the POS terminals and to consolidate the security operations of Linux systems.

KasperskyOS can be used as an IoT operating system running on networking equipment, including routers, switches and IP cameras. The applications are launched inside Kaspersky Secure Hypervisor, which is an isolated and secured medium. The operating system is available for network equipment vendors and other producers and is not free. The price depends on the client’s needs.

For more information, read this article.

Categories
Editorials and informational articles

Kaspersky and ESET are very popular on both desktop and mobile devices

According to AV-Comparatives, a security firm, ESET and Kaspersky are the most popular two antivirus solutions for desktop computers and laptops, featuring in the top four of every continent. Kaspersky is the most popular antivirus for mobile devices, also.

35.4% of the people use free desktop security solutions, but despite that, the number of paid antivirus solutions did not change. The number of people that do not use security solutions at all has decreased to 1.8%.

86% of the people that use security solutions say that their system was not been infected by malware, while 35% of them say that the security software blocked malware within the last week.

58.2% of the users have Windows 10 and 26.6% use Windows 7. On the mobile side, 71.8% of users use Android, 17% use iOS and 6.8% still use the rusty Windows Mobile.

Due to the fact that I also work from home with sensitive information, I am a little paranoid with security. I am a computer geek capable of restoring everything and cleaning up the computer if it gets infected, but I am afraid of ransomware malware.

So, in order to stay safe, I use ESET Antivirus, Zemana AntiMalware and Cybereason RansomFree. While ESET has both computer and internet protection, Zemana is a highly capable, cheap, anti malware software famous for finding and stopping ransomware viruses from encrypting data. On top of that, there is the free Cybereason RansomFree radar that has created a bunch of dummy files to keep them as bait for ransomware and to kill the encryption process in time, before it eats all the data.