ICT Security-Sécurité PC et Internet
87.2K views | +1 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
February 1, 2018 11:22 AM
Scoop.it!

Smominru! Half a million PCs hit by cryptomining botnet | #CyberSecurity #CryptoJacking #Malware #Updates #Awareness

Smominru! Half a million PCs hit by cryptomining botnet | #CyberSecurity #CryptoJacking #Malware #Updates #Awareness | ICT Security-Sécurité PC et Internet | Scoop.it
From www.tripwire.com - February 1, 2018 10:31 AM
Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves?

That way you don’t have to rely on a human victim buying some Bitcoin, and nervously making their way onto the dark web to make their ransom payment.

According to security researchers at Proofpoint, that’s exactly the reasoning shown by online criminals who are moving from regular ransomware to cryptomining.

A Monero-mining botnet called Smominru is said to have infected 526,000 Windows PCs since May 2017 – mostly in Russia, India, and Taiwan – and is earning millions of dollars for its operators.

 

In fact, the biggest clue that most users will have that their computers may be affected by a cryptominer is if they found the PC is slowing down, its battery running out at a quicker rate, or the fan blowing at full blast.

 

Don’t make the mistake of thinking that this is a victimless crime. If your computers get recruited into a cryptomining botnet like Smominru, it’s your electricity and computer power that is being stolen.

 

Keep your computers up-to-date with security patches, defended with layered security solutions, and your wits about you.

 

Learn more / En savoir plus / mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Coinhive

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=cryptojacking

 

Gust MEES's insight:
Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves?

That way you don’t have to rely on a human victim buying some Bitcoin, and nervously making their way onto the dark web to make their ransom payment.

According to security researchers at Proofpoint, that’s exactly the reasoning shown by online criminals who are moving from regular ransomware to cryptomining.

A Monero-mining botnet called Smominru is said to have infected 526,000 Windows PCs since May 2017 – mostly in Russia, India, and Taiwan – and is earning millions of dollars for its operators.

 

In fact, the biggest clue that most users will have that their computers may be affected by a cryptominer is if they found the PC is slowing down, its battery running out at a quicker rate, or the fan blowing at full blast.

 

Don’t make the mistake of thinking that this is a victimless crime. If your computers get recruited into a cryptomining botnet like Smominru, it’s your electricity and computer power that is being stolen.

 

Keep your computers up-to-date with security patches, defended with layered security solutions, and your wits about you.

 

Learn more / En savoir plus / mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Coinhive

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=cryptojacking

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
November 7, 2016 7:54 AM
Scoop.it!

Linux/Moose: Analysis finds IoT botnet malware favors Instagram fraud | #CyberSecurity #InternetOfThings

From www.scmagazine.com - November 2, 2016 7:22 PM
Not all Internet-of-Things botnets take down the Internet like Mirai did, but that doesn't necessarily mean they should be allowed to perpetuate. Yet that seems to be the case for Linux/Moose, a malware program that recruits IoT devices to engage in social media fraud, according to a pair of reports from ESET and GoSecure.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

 

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

 

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

 

Gust MEES's insight:
Not all Internet-of-Things botnets take down the Internet like Mirai did, but that doesn't necessarily mean they should be allowed to perpetuate. Yet that seems to be the case for Linux/Moose, a malware program that recruits IoT devices to engage in social media fraud, according to a pair of reports from ESET and GoSecure.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

 

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

 

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
January 14, 2015 12:17 PM
Scoop.it!

Sicherheits-Allianz gegen Dropperbot Malware | CyberSecurity | Botnets

Sicherheits-Allianz gegen Dropperbot Malware | CyberSecurity | Botnets | ICT Security-Sécurité PC et Internet | Scoop.it
From www.com-magazin.de - January 14, 2015 12:17 PM
Ein Zusammenschluss aus BKA, BSI, dem Frauenhofer-Institut sowie den IT-Sicherheitsfirmen Avira und G Data hat das Botnetz Dropperbot zerschlagen. Über 11.000 Systeme habe die Malware infiltriert.


Learn more:


http://www.scoop.it/t/securite-pc-et-internet/?tag=Botnet


Gust MEES's insight:
Ein Zusammenschluss aus BKA, BSI, dem Frauenhofer-Institut sowie den IT-Sicherheitsfirmen Avira und G Data hat das Botnetz Dropperbot zerschlagen. Über 11.000 Systeme habe die Malware infiltriert.


Learn more:


http://www.scoop.it/t/securite-pc-et-internet/?tag=Botnet

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
May 17, 2017 1:58 PM
Scoop.it!

Cryptocurrency-mining malware has been using WannaCry's NSA exploit for weeks | #Adylkuzz

Cryptocurrency-mining malware has been using WannaCry's NSA exploit for weeks | #Adylkuzz | ICT Security-Sécurité PC et Internet | Scoop.it
From www.grahamcluley.com - May 17, 2017 2:30 AM

A cryptocurrency-mining malware began exploiting a leaked NSA vulnerability several weeks before WannaCry sank its teeth into it.

The researchers expected to see the ransom message above when they looked at a lab machine vulnerable to EternalBlue. Instead they found a subtler threat: Adylkuzz.

 

This malware relies on virtual private servers scanning the Internet on TCP port 445 for distribution. If infection proves successful, it enlists victims in a cryptocurrency-mining botnet. But Adylkuzz isn't interested in sharing an affected computer that's capable of communicating over Microsoft's Microsoft Server Message Block (SMB).

Security researcher Kafeine elaborates on that point:

"Upon successful exploitation via EternalBlue, machines are infected with DoublePulsar. The DoublePulsar backdoor then downloads and runs Adylkuzz from another host. Once running, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and download the mining instructions, cryptominer, and cleanup tools."

In that sense, Adylkuzz blocks other threats like WannaCry from leveraging ExternalBlue to infect vulnerable computers.

 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Adylkuzz

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=RANSOMWARE

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Phishing

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Botnet

 

Gust MEES's insight:

A cryptocurrency-mining malware began exploiting a leaked NSA vulnerability several weeks before WannaCry sank its teeth into it.

The researchers expected to see the ransom message above when they looked at a lab machine vulnerable to EternalBlue. Instead they found a subtler threat: Adylkuzz.

 

This malware relies on virtual private servers scanning the Internet on TCP port 445 for distribution. If infection proves successful, it enlists victims in a cryptocurrency-mining botnet. But Adylkuzz isn't interested in sharing an affected computer that's capable of communicating over Microsoft's Microsoft Server Message Block (SMB).

Security researcher Kafeine elaborates on that point:

"Upon successful exploitation via EternalBlue, machines are infected with DoublePulsar. The DoublePulsar backdoor then downloads and runs Adylkuzz from another host. Once running, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and download the mining instructions, cryptominer, and cleanup tools."

In that sense, Adylkuzz blocks other threats like WannaCry from leveraging ExternalBlue to infect vulnerable computers.

 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Adylkuzz

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=RANSOMWARE

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Phishing

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Botnet

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
March 30, 2016 7:36 PM
Scoop.it!

New Remaiten Malware Builds Botnet of Linux-Based Routers | #CyberSecurity #InternetOfThings #IoT

New Remaiten Malware Builds Botnet of Linux-Based Routers | #CyberSecurity #InternetOfThings #IoT | ICT Security-Sécurité PC et Internet | Scoop.it
From www.securityweek.com - March 30, 2016 7:36 PM
Remaiten Linux Bot Targets Routers and Potentially Other Embedded (IoT) Devices

A new piece of malware is targeting embedded systems with the mission to compromise and make them part of a botnet, ESET security researchers have discovered.

Dubbed “Remaiten” (Linux/ Remaiten), the new threat combines the capabilities of previously spotted Tsunami (also known as Kaiten) and Gafgyt malware and also brings a series of improvements and new features. According to ESET, three versions of Remaiten have already emerged, while the malware authors call their creation “KTN-Remastered” or “KTN-RM.”

One of the capabilities that Remaiten borrows from Gafgyt is telnet scanning, though Remaiten enjoys a series of improvements, ESET’s Michal Malik explains in a blog post. Both, however, rely on improperly secured devices to successfully infect them.

Gafgyt attempts to connect to random routers via port 23, which it then issues a shell command to download bot executables for multiple architectures and tries to run them. Remaiten, on the other hand, carries downloaders for CPU architectures commonly used in embedded Linux devices, then tries to trigger the device’s platform to drop only the appropriate downloader.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Linux

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Router

 

Gust MEES's insight:
Remaiten Linux Bot Targets Routers and Potentially Other Embedded (IoT) Devices

A new piece of malware is targeting embedded systems with the mission to compromise and make them part of a botnet, ESET security researchers have discovered.

Dubbed “Remaiten” (Linux/ Remaiten), the new threat combines the capabilities of previously spotted Tsunami (also known as Kaiten) and Gafgyt malware and also brings a series of improvements and new features. According to ESET, three versions of Remaiten have already emerged, while the malware authors call their creation “KTN-Remastered” or “KTN-RM.”

One of the capabilities that Remaiten borrows from Gafgyt is telnet scanning, though Remaiten enjoys a series of improvements, ESET’s Michal Malik explains in a blog post. Both, however, rely on improperly secured devices to successfully infect them.

Gafgyt attempts to connect to random routers via port 23, which it then issues a shell command to download bot executables for multiple architectures and tries to run them. Remaiten, on the other hand, carries downloaders for CPU architectures commonly used in embedded Linux devices, then tries to trigger the device’s platform to drop only the appropriate downloader.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Linux

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Router

 

 

more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from 21st Century Learning and Teaching
January 23, 2013 8:10 PM
Scoop.it!

Botnet Control Servers Span the Globe - Is Your country in there!?

Botnet Control Servers Span the Globe - Is Your country in there!? | ICT Security-Sécurité PC et Internet | Scoop.it
From blogs.mcafee.com - January 23, 2013 8:06 PM

McAfee Labs has long monitored botnet activities and their control servers as they plague the Internet.  With millions of McAfee endpoints and network security appliances sending information to McAfee Global Threat Intelligence (GTI) in the cloud, coupled with a vast collection of malicious binary and proactive research, McAfee Labs has a clear view of botnet threats around the world.

 

more...
Gust MEES's curator insight, January 23, 2013 8:06 PM

One sees every time the same countries on TOP of the BAD lists of Cyber-Security!!!

 

===> These countries SHOULD start to Teach the basics of Cyber-Security in Education to make sure that people from other countries will not get touched by malware as Internet doesn't have any borders!!! <===

 

Check ALSO:

 

TOP 20 countries with Malware Resources:

 

http://www.scoop.it/t/21st-century-learning-and-teaching?tag=TOP+20+countries+whit+malware+resources

 

 

 

https://gustmees.wordpress.com/2012/05/28/not-only-rights-but-also-responsibility/

 

https://gustmees.wordpress.com/2013/01/15/safer-internet-day-2013-sid2013-participation/

 

https://gustmees.wordpress.com/category/get-smart-with-5-minutes-tutorials/

 

https://gustmeesen.wordpress.com/2012/02/13/why-ict-security-why-the-need-to-secure-a-computer/

 

https://gustmeesen.wordpress.com/2012/03/16/beginners-it-security-guide/

 

https://gustmeesfr.wordpress.com/

 

 
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn