06Dec15 – DoctorLaptop’s News

The End of Flash Player

For many years Adobe Flash facilitated slick graphics and animation on games, websites and applications, but it has grown old and is being retired. Of course, Flash has been plagued with various stability and security issues, which is why developers grew to hate the technology. So now it’s time to say goodbye to Adobe Flash, and welcome Adobe Animate. However, on closer examination we find the new replacement, Adobe Animate, very similar to the old Flash, and still prone to security breeches. Adobe has officially announced that “over a third of all content created in Flash Professional today uses HTML5,” so the company is acknowledging the shift in formats with the new name. Animate just looks like an update to the Flash Professional software. It will still support Adobe Flash (SWF) and AIR formats, along with other animation and video formats, including HTML5 canvas, 4K and WebGL output.

Free Windows 10 Security Settings Control Tool

Win 10 security feature settings are distributed in many different places making it a huge chore to turn off all those you don’t want running. This tool places all the settings in one easy to navigate screen making this chore much easier.

W10Privacy is without doubt one of the most comprehensive privacy-focused tweaking tools for Microsoft’s Windows 10 operating system. Recent updates introduced new tweaks and support for changes introduced in the November 2015 update of Windows 10. The program creates a system restore point on start, and displays tweaks in tabs named privacy, telemetry or OneDrive that reveal their focus and are color-coded for easier access. Green preferences are recommended and have no side-effects usually, while yellow and red tweaks need to be checked out individually before they are applied as they may have side-effects and may even affect the system negatively. Read more and get the program for free at: http://www.winprivacy.de/english-home/

Love Chrome Browser But Hate The Targeted Ads, Data Collectors and Trackers? Want A Fast Browser For Secure Daily On-Line Purchases/Banking? Then EPIC Browser Is For You!

I have been testing out the new version of the EPIC WEB BROWSER, and am quite pleased. Very secure and free, the way the internet was supposed to be. It is Chrome with all the bad Google data tracker stuff removed and several premium security features added in. “One-click to surf via Epic’s encrypted proxy” to hide your IP address and to encrypt your browsing. It also serves as a USA based VPN. Your searches are private in Epic. When you visit any of the world’s leading search engines in Epic, your searches are automatically routed via proxy to prevent search engines from saving your searches by your IP address. This provides privacy protection against network snoops like your employer, your ISP (internet service provider), and governments. Please note that while installing Chrome plugins is possible, these may leak your actual IP address; for stronger IP protection, either don’t install any plugins or set them to “click-to-play” in Epic’s settings.

Visit the Epic website for more info:


New Ransomware Steals Your Passwords Before Encrypting All Your Files

Introducing the new upgrade to the World’s worst Exploit Kit – Angler, which lets hackers develop and conduct their own “drive-by attacks” (tech talk for “when a website infects you”) on visitors’ computers with relative ease. Often these traps are hidden in pictures in adverts on an infected website, and you don’t even need to click on them to be infected, simply visiting the site can activate them. So now many poorly-secured websites, or those selling advertizing space to unscrupulous clients, are targeting Windows users with a new “Cocktail” of malware that steals users’ passwords before locking them out from their machines for ransom.

Here’s How the New Threat Works:

Once the Angler exploit kit finds a vulnerable application, such as Adobe Flash, in a visitor’s computer, the kit delivers it’s malicious payloads, according to a blog post published by Heimdal Security. The First Payload infects the victim’s PC with a widely used data thief exploit known as Pony that systematically harvests all login usernames and passwords stored on the infected system and then sends them to servers controlled by hackers. This allows attackers to obtain working logins for a number of websites, e-commerce sites, and even corporate applications, from which the hackers could steal more data. The Second Payload drops the widely-used CryptoWall 4.0 ransomware that locks user files until the ransom is paid.

The campaign is “extensive” and originates from a secure hosting environment located in Ukraine, the researchers say. Over 100 web pages in Denmark have been “injected with the malicious scripts…” Ransomware attacks hit thousands of Internet users every week, and costs them a total of $18 Million in losses, according to the FBI. Moreover, a recent report dated back to last month suggested that the Cryptowall family alone has managed to raise over $325 Million in revenue in the past year alone.

Once your system gets affected by Cryptowall 4.0, unfortunately, there’s not much you can do, as the encryption the ransomware uses is very strong.

So, the only options you are left with are:

-Format your hard drive, re-install system and restore your data from the backup.

-Pay the Ransom money for the decryption key. 300-1500 euros (in Bitcoin e-money only) is typical.

However, I don’t advise anyone to pay ransom as it doesn’t guarantee that you will actually receive the decryption keys. These are criminals after all, and besides, it only encourages them.

Where Does It Come From?

Most malware and viruses are introduced by clicking on links usually contained in spam emails, or by opening attachments from unknown sources. So, DO NOT CLICK on any suspicious link provided in the emails and attachments from unknown sources.

How Can I Avoid It?

Simple answer: The easiest to use program that provides any real degree of protection from this threat is Hitman Pro Alert with Cryptoguard. This easy to install program recently went thru a transitional updating, and while there were some stability problems earlier this year and I recommended avoiding it, it is once again stable and reliable. But it is no longer free. Get it here: http://www.surfright.nl/en/cryptoguard

Malwarebytes Anti-malware (MBAM) claims their “pro” version can offer some protection against Cryptowall, yet I have worked on PCs running MBAM that were still infected with Cryptowall. They all had failed to get this additional tool Malwarebytes Anti-Exploit (MBAE). So while MBAM remains a great malware removal tool and anti-virus, I would not consider it a Cryptowall blocker unless you are running both MBAM + MBAE.

Detailed answer (Danger! Geek-speak ahead): The best defensive strategy is a comprehensive approach…make sure you are running an updated anti-virus and anti-malware product, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, update all vulnerable software and routinely backup your data. You should also rely on behavior detection programs (also called heuristics)rather then simple anti-virus definition (signature) detection software only. Most of the major anti-virus programs now incorporate this feature, but you need to activate it. Look in your anti-virus program’s settings for HEURISTIC ANALYSIS, and turn it on. Heuristics can detect when malware is in the act of modifying/encrypting files rather than just detecting the malicious files.

For example, Emsisoft Anti-Malware uses advanced behavior blocking analysis which is extremely difficult to penetrate…it continually monitors the behavior of all active programs looking for any anomalies that may be indicative of malicious activity and raises an alert as soon as something suspicious occurs. Emsisoft also has the ability to detect unknown zero-day attacks without signatures. ESET Antivirus and Smart Security uses Exploit Blocker which is designed to fortify applications that are often exploited, such as web browsers, PDF readers, email clients or MS Office components.

Ransomware Prevention Tools:

Backing up your data and disk imaging are among the most important maintenance tasks users should perform on a regular basis, yet it’s one of the most neglected areas.

Related Resources:

Note: Some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can hamper the effectiveness of Return-oriented programming (ROP) and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running. (source, http://www.bleepingcomputer.com)







Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s