Warning: Parameter 1 to wp_default_scripts() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600

Warning: Cannot modify header information - headers already sent by (output started at /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php:600) in /home3/walife/public_html/kennyhart.com/geek/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 62

Warning: Parameter 1 to wp_default_scripts() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600

Warning: Parameter 1 to wp_default_styles() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600
Security Archives - Ask the Geek Ask the Geek


RSS feed

FileZilla Has an Evil Twin That Steals FTP Logins

Many people download FTP clients so that they can manage their websites and servers. FTP clients can be an easy way to upload, download and otherwise manage the files that exist on a person’s personal servers. Unfortunately, hackers have a way of transforming innocent FTP clients into harmful programs that damage the user’s credentials. Anyone who is thinking of downloading the FileZilla client should be aware of the following warning: FileZilla has an evil twin that steals FTP logins.

filezilla evil twin

People who download the malicious version of FileZilla are often unaware of its foul intention. The malware versions resemble the regular versions so closely that downloading them by mistake is easy. In fact, the user may not realize what has happened until someone steals his or her login information and begins making changes to the website. To avoid website destruction, theft and other mischievous activities, a user should pay close attention to the following clues:

Fake download URLs: The first clue to look out for is a download URL that looks suspicious. The person might notice pictures instead of the normal user comments and texts. He or she may also notice a slight difference in the version numbers. The official version number of a FileZilla download is v2.45. A malicious version may have a Unicode such as 2.46.3.

Suspicious dll libraries: Fake versions of FileZilla will have dll libraries that do not exist in the original versions. For example, bgcc_s_dw2-1.dll and libstdc++-6.dll are not in the real versions of FileZilla. Additionally, one might notice that the phony versions of FileZilla are smaller than the original versions, which are approximately 6-8 MB in size.

The best way to protect oneself from downloading malicious software is to visit the official websites to download FileZilla. One should avoid unfamiliar territory and websites that look suspicious in any way.

Filed in: Security, Software

Hackers Found New Ways to Infect Your Android Device

android antivirus
A malware is the combination of two words, malicious and software. It is a type of software that is used to hack into private computers or to gain access to private information. Recently, a link was posted on twitter by Phil Schiller to a report saying that 99% of all mobile malware is directed at android. Usually the malware does not come from PCs but in through the web as hackers find new ways to deliver Android malware through phishing or other tactics.

A new mobile banking program Trojan.Droidpak however attempts to install malware on android devices when connected to windows computers. Usually it is the android malware that infect the windows systems but this new malware seems to work the other way round.

Trojan.Droidpak installs a counterfeit version of the rather popular Google play store when the device is connected to a computer in the USB debugging mode. USB debugging is a setting on android devices mainly that is not directly related to running android versions or installing new firmware. This method is normally used by developers to install apps but it is also necessary for android devices’ rooting and installation of android firmware. It is not that useful but users may forget to turn it off after use and they don’t need it any more. This way of targeting the android system is very unusual because most hackers prefer using fake applications from third party app stores and social engineering.

Symantec has discovered that the malware seems to be directed at online bankers in Korea. Flora Liu a Symantec researcher wrote that the malicious APK i.e. android application package locates certain Korean online banking apps on the android device and if it finds them misleads the device user to delete them and install the fake versions.

Users are recommended by symantec to disable the USB debugging mode on their android devices and avoid connection of the devices to computers that are not trusted.


Bad News for Android (Malware)

A new malware was discovered by a security firm Lookout which has already infected millions of user phones via compromosed apps.

The malware called BadNews has spread through apps by pretending to be an ad platform to unsuspecting developers. As much as 32 apps from 4 developers have been affected and have since been removed from the Play store. It targets mostly Russian users.

BadNews is bad news because it fakes alerts in user’s phone and entice them to download more infected apps, subscribes them to premium sms services and sends the IMEI code to the malware creators.

The list of affected apps is available so you can check your installed apps against it to make sure your phone is not infected.


Microsoft’s Two-step Authentication

Microsoft has been rolling out a two step authentication process for their products starting April 17th. A two step authentication process already employed by companies like PayPal, Facbook, Google, Apple, is a process that besides the user password requires a one time verification code that could be sent to user’s phone via app or text message.

Microsoft is rolling out this option to such products as Office, Windows, Windows Phone, Xbox, and others. It improves the security against account hijacking and identity theft.

Filed in: Microsoft, Security

Oracle Released 128 Security Patches

Oracle has released 128 security patches to a number of their products, including Java for web browsers. Most of the fixes relate to remote exploitation.

A few months ago Java web browser plugin has been exposed to have a zero-day vulnerability, and many end users were affected, including corporate networks.

It’s a good idea to keep the plugin up to date, however my tip would be to remove it from your computer entirely. Few websites use Java functionality and it’s not necessary to most users. Install it only if you really must use it.

Filed in: Security

Massive Botnet Attack on WordPress Websites

There’s been a massive attack originating from a botnet of about 90,000 IPs that targets WordPress installations all over the internet, regardless of the host being used. The attack brute forces the admin password of a WordPress installation and installs a backdoor, presumably for a later attack. CloudFlare says it has blocked 60 million requests against this attack. And that’s just one hosting provider, so you can imagine the extent of the attack.

Attack such as this uses infected PCs but once the botnet has a huge number of hacked websites it could do a lot more damage.

It’s difficult to protect a website from brute force attacks such as this, but for starters you can use a more complicated password for your WordPress site.

Filed in: Security

Skype Malware Mines Bitcoin

There’s been an outbreak in malware that once infected a computer uses its resources to mine bitcoin.

Bitcoin is a digital currency based on a P2P network that uses user machines to solve transactions and reward the user with some of the currency. The malware creators can abuse a big number of computers to generate this currency much faster. There’s an obvious monetary incentive.

The virus infects the computer via Skype messages by sending a link and enticing the victim to click it. The messages usually say something like “here’s a picture of you”. Once on the computer it launches the bitcoin mining process which uses the CPU and slows down your machine significantly.

You can read more about this virus on the Kaspersky Lab blog.

Be careful and never click suspicious links!

Filed in: Security

AT&T Bans Obscene Passwords

Besides the usual password complexity requirements AT&T now won’t also accept passwords that contain obscene language (as first noted by @janinda). This seems funny enough while harmless, however, is it?

This raises a question as to why it is necessary when passwords should never be seen by anyone but the user in first place.

Passwords are stored in the database in an encrypted form and they are compared during authentication in this form as well. Technically no one should ever see them.

Perhaps AT&T is afraid that in case of a hacked database a list of obscenities would be revealed.

Filed in: Security

How to Remove a win32 Trojan Virus?

The win32 Trojan viruses are pretty common so you need to know how to remove them in case your computer gets infected. This virus infects your hard drive, and may cause your computer to run slowly, take a longer amount of time to launch your programs, and the virus can even install unwanted software on your system. This makes it a good idea to remove any software that has installed itself recently onto your computer and to unregister the files from your computer that are harboring the virus.

(Continue reading…)

Filed in: Computers, Malware, Security

What to Do If Your Computer is Infected with Sality Virus?

One of the nastiest computer viruses out there is the Sality virus, which is a virus that allows hackers to remotely access your computer, steal information, download additional viruses into your computer, and cause your computer to perform at a low level. If your computer is infected with this virus, you will notice that it runs slowly, has less available memory, and that you are being flooded with pop-up ads. This virus can also alter your desktop settings and Internet settings. It is important to eradicate this virus as soon as possible after you detect that it has invaded your system. Usually, the sality virus is downloaded via email.

(Continue reading…)

Filed in: Computers, Malware, Security
© 2018 Ask the Geek. All rights reserved.