OPSWAT, AV-Test and AV-Comparatives: partners in testing

OPSWAT press release:

OPSWAT Partners with AV-TEST and AV-Comparatives for Enhanced Certification Program

More information about the *programme here.

*What, you expected me to use the US spelling?

David Harley

AV-Test looks at Android parental control apps

Here are the results of a recent test by AV-Test asking (and answering) the question  'Is security software for Android with parental control functions sufficient to protect our children or is it better to have a special parental control app?'

Test: Parental Control Apps for Android

David Harley
ESET Senior Research Fellow 
(This isn't an ESET blog, but since ESET did well in the test I guess I should point out that I work with ESET as a consultant, though I have nothing to do with their marketing or product development.)

VMWorld commentary from ESET

Cameron Camp for ESET:

VMWorld: Do you know where your data is?

David Harley
ESET Senior Research Fellow

OSX/Keydnap spread via Transmission app

ESET researchers say:

‘During the last hours, OSX/Keydnap was distributed on a trusted website, which turned out to be “something else”. It spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website.’

OSX/Keydnap spreads via signed Transmission application

Trend Micro: Locky as encrypted DLLs

Trend Micro: Locky Ransomware Now Downloaded as Encrypted DLLs

Added to AVIEN resource page.

David Harley
ESET Senior Research Fellow

'Fairware' Linux Ransomware

Reported on Bleeping Computer here.

Description by David Bisson for Tripwire: Website Down? New FairWare Ransomware Could Be Responsible

Added to AVIEN ransomware families page and platforms and devices page.

David Harley
ESET Senior Research Fellow

Support Scammers Taking the Shine off Chrome

For Malwarebytes, Jérôme Segura gives details of some tricks currently used by tech support scammers to deceive Chrome users. Tech support scams and Google Chrome tricks

Commentary from Help Net Security: Google Chrome users targeted by tech support scammers 

Added to the AVIEN support scam resources page.

David Harley
ESET Senior Research Fellow

Ransomware - reorganized AVIEN resource page

I’ve intended for a while to break out some of the scattered information in the ransomware resource page and sub-pages into its own Ransomware Recovery and Prevention page.

And finally got around to it.

Much of the same information (and more) remains in the Ransomware Resources page and/or sub-pages. (Sorry, but I’m happy to duplicate information where appropriate. If I had more time to spend on this page, there’d probably be less duplication, but I haven’t…)

However, the new(-ish) page is better organized and more immediately useful (I hope) for people who are interested in barebones recovery and prevention information.

David Harley
ESET Senior Research Fellow

SC Magazine & paying ransomware

In an article called Ransomware locks experts in debate over ethics of paying, Bradley Barth picks up on a point I made in my blog article for ESET - Ransomware: To pay or not to pay?. He quotes both my article for ESET and some subsequent commentary by my friend and colleague Stephen Cobb. I may come back to this elsewhere, possibly AVIEN.

David Harley
ESET Senior Research Fellow

Google: easier access to content on mobile

Google: Helping users easily access content on mobile

Takes two approaches, the latter maybe more security-related.

• One relates to the removal of the  mobile-friendly label, since most sites now meet that criterion, so the removal is seen as reducing clutter.
• The other introduces measures to reduce the impact of intrusive pop-ups and standalone interstitials that obscure the content. 

Commentary from the BBC here.  

HT to BPB

David Harley
ESET Senior Research Fellow

Quick round of ransomware links on AVIEN

Ransomware links posted on AVIEN: http://avien.net/blog/quick-links-roundup/

Also added to ransomware resources pages.

• Alma
• Globe
• Wildfire

David Harley

ESET Senior Research Fellow

Lysa Myers: staying safe on social media

Lysa Myers for ESET on how to improve privacy and security on social media: http://www.welivesecurity.com/2016/08/25/give-social-media-security-boost/

David Harley
ESET Senior Research Fellow

'Next-gen' survey fails to convince

Kevin Townsend: Vendor Survey Fails to Convey Prevalence and Effect of Ransomware

Next-gen propaganda marketing impersonating a survey... I suspect I'll be coming back to this.

DH

Android botnet controlled via Twitter

ESET: First Twitter-controlled Android botnet discovered

'Detected by ESET as Android/Twitoor, this malware is unique because of its resilience mechanism. Instead of being controlled by a traditional command-and-control server, it receives instructions via tweets.'

David Harley

DetoxCrypto ransomware

DetoxCrypto ransomware - AVIEN

Lawrence Abrams for Bleeping Computer: New DetoxCrypto Ransomware pretends to be PokemonGo or uploads a Picture of your Screen

Commentary by David Bisson for Graham Cluley’s blog: DetoxCrypto ransomware-as-a-service rears its ugly head

Info added to resources pages.

David Harley
ESET Senior Research Fellow

Equation Group - NSA dumper native English speaker?

Darren Pauli for The Register: 'NSA' hack okshun woz writ by Inglish speeker trieing to hyde - Linguist says perps of zero day dump wanted to pose as gramatically-incorrect aliens.

He's summarizing linguistic analysis by Shlomo Argamon of text from 'ShadowBroker' as posted on Pastebin. Argamon concludes that '...the author is most likely a native speaker of US English who is attempting to sound like a non-native speaker by inserting a variety of random grammatical errors.'

You may not be convinced by the conclusion, especially if you're as wary of attribution as I am, but you may well find the analysis interesting nonetheless, if you're not familiar with textual analysis methodologies. And the theory would dovetail with the speculation that the perpetrator was actually an insider: Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump.

David Harley
ESET Senior Research Fellow

Ransomware: Paying v. Not Paying

An article by me for ESET, sparked off by a conversation with Kevin Townsend, in the wake of research commissioned by Malwarebytes, on the pros and cons of paying to get your data back after a ransomware attack.

Read more here: Ransomware: To pay or not to pay?

David Harley
ESET Senior Research Fellow

Socket to Me: More IoT Insecurity

Bitdefender: Hackers Can Use Smart Sockets to Shut Down Critical Systems

Richard Chirgwin for The Register:

I got the power – over your IoT power-point - It never gets better, does it?

‘… a “smart” electrical outlet that's actually a whole-of-network attack vector.’

David Harley

ESET Senior Research Fellow

AV-Test on Android security apps

Davey Winder asks some interesting questions about AV-Test's latest test of Android security apps. Is Android as easy to secure as the latest AV-TEST results appear to suggest?

A number of people, including ESET's Mark James, attempt to answer those questions, but unfortunately the article boils them down to soundbites. Maybe I'll come back to this one.

David Harley
ESET Senior Research Fellow

Marcher Trojan Impersonating Android Update

David Bisson for Graham Cluley's blog on Marcher Trojan impersonating Android update: New firmware update? No, it's the devious Marcher Android trojan up to no good - Android-based malware comes with new tricks, bells, and whistles.

Based on ZScaler research: Android Marcher: Continuously Evolving Mobile Malware.

David Harley
ESET Senior Researcher

Apteligent Evaluating Android

https://macviruscom.wordpress.com/2016/08/19/apteligent-evaluating-android/

Prompt updating, crash rates...

David Harley
ESET Senior Research Fellow

ESET: Nemucod serves nasty package: Ransomware and ad-clickers

ESET: Nemucod serves nasty package: Ransomware and ad-clickers

David Harley

ESET Senior Research Fellow

Text fraud - parents told their child in hospital

SC Magazine: Text scam victimises parents, claiming kids have been in an accident

'Action Fraud says victims receive a text from a loved one saying they're in
a hospital and the only way to make contact is via text message.'

Commentary by David Bisson for Graham Cluley: A new low! SMS scammers prey on parents' fears to make a few bucks

David Harley
ESET Senior Research Fellow
Wheal Alice Music

AVIEN ransomware updates

As I'm a little busy elsewhere right now, this is just a roundup of
ransomware-related links:
http://avien.net/blog/ransomware-linksarticles-roundup/

David Harley
ESET Senior Research Fellow

New Amazon author page

Not sure what happened to my old author page on Amazon, but there's now another. Not that I plan on writing any more books right now.

David Harley
ESET Senior Research Fellow

Malwarebytes: Decrypting Chimera ransomware

Extract: 'We’ve recently wrote about the leak of keys for Chimera ransomware. In this, more technical post, we will describe how to utilize the leaked keys to decrypt files. Also, we will perform some tests in order to validate the leaked material.'

Decrypting Chimera Ransomware

Added to the AVIEN ransomware resources pages.

David Harley

ESET Senior Research Fellow

Cylance on the Satana ransomware

Interesting blog from Cylance on the Satana Ransomware – Devil in a Black Screen (of Death)

HT to Juan Carlos Vázquez

David Harley, ESET Senior Research Fellow