Tag: spam

Why you need to know about the Poweliks threat

Most of us have suffered the horrors of a computer virus at some point, and we know the damage that can be caused by these security infections. Our work gets disrupted as IT systems go down and, if we’re really unlucky, sensitive and valuable data might be lost or even leaked. But there’s a silver lining to most viruses, worms and other such malware, in that they can at least be tracked down and removed. Well, not always – enter the invisible Poweliks, which even your most sophisticated anti-virus software might not be able to protect you against. So, what do you need to know and how can you protect yourself?

What is Poweliks?

Security firm Symantec describes Poweliks as a trojan horse that performs malicious activities on the compromised computer. But it’s no ordinary trojan – unlike the majority, which infect your computer with malicious files, Poweliks is a silent and invisible threat that hides away in the memory registry of your system. It’s not entirely new for a virus to seek to cover its tracks by making itself “file-less” but, in contrast with Poweliks, most are wiped when you restart your computer and its memory is cleared. Worse still, Poweliks hijacks the legitimate processes and applications running on your network, inserting its code into them where it can largely evade detection.

First discovered back in August 2014, Poweliks has therefore created something of a headache for firms behind conventional security solutions like anti-virus software. Symantec and others have admittedly managed a number of updates to their protection in response to the threat posed by Poweliks. But although very minor records of the presence of the trojan are left behind by way, for instance, of registry logs, the signs of its destructive presence are much lower key than the computer world is used to, meaning Poweliks is unlikely to show up on most system scans.

Poweliks has links to Kazakhstan, the home of two servers the malware connects to once it is up and running from within your computer. The servers in Kazakhstan then send commands to the bug to tell it what to do next. In theory, this then makes way for the tool to be used to download other undesirable programs that could infect your system without your knowledge. It could equally be used to steal and disseminate data from your network.

How can I best protect myself?

As well as the anti-virus updates that have gradually been released – but which are still likely to have only a limited impact on threats of this type compared with those of the past – a number of Poweliks removal guides are now available online. Nevertheless, prevention as ever, remains better than cure. One method reported to have been employed in the distribution of the Poweliks infection is embedding it in a Microsoft Word document, which is then sent as an attachment to spam emails, and which the attackers hope your curiosity will lead you to open. Among the senders that these spam messages have masqueraded as being from are the United States Postal Service and Canada Post. Of course the best advice remains to be suspicious of any and every email attachment you open, particularly if you weren’t expecting mail or it’s from someone you don’t know.

Should I be concerned?

In fact, revisiting your everyday security precautions is probably pretty good advice all round, since experts predict that this type of threat is likely to become ever more common as attackers seek to exploit the techniques of Poweliks in order for their infiltration to remain unnoticed for as long as possible. Sure enough, a number of copycat threats have already been detected by security specialists as of the start of 2015.

General awareness around web sites you choose to visit is also recommendable in particular, since others have also reported the bug making its way onto their systems thanks to so-called ‘drive-by download attacks’ – whereby simply visiting a malicious web site is enough to trigger the infection, and actively downloading a file isn’t even necessary. As a result, organizations may wish to consider more comprehensive filtering of internet access, or at the very least reactive blocking of known malicious sites, in order to prevent employees from inadvertently infecting a company network.

To find out more about IT security solutions and protecting your technology from attack, contact us today.

Published with permission from TechAdvisory.org. Source.

Sick of spam? So are we. But what is it?

2012Nov21_Security_B how to deal with spam how to identify spam QS_3 security spam types of spam

Lessons Learned from the World Cup

The recent fever over the FIFA World Cup made unsuspecting victims an easy target for malware makers, spammes, and scammers using the sport as a means to spread nefarious software or lure users into money-making scams. It seems the entire world was in the grip of the 2010 FIFA World Cup fever as several countries vied for football supremacy in South Africa. Unfortunately, malware makers, spammers, and scammers capitalized on the fever as well, using references to the event as a means to spread nefarious software or lure unsuspecting users into money-making scams. Some of the threats included 419-style scams , lures selling fake tickets, even fake products and business opportunities related to the World Cup. One particular ploy involved a couple of websites selling a bogus filter to cancel out the sound of noisy “Vuvuzela” trumpets in TV broadcasts. Scammers had even used legitimate websites to sell them—such as eBay and other auction sites. Several spammers used sophisticated techniques to confuse SPAM filters by using tools to automatically scrape the text from hundreds of websites (including news sites) and using them to spray random bits of this text into their messages. Another new development that was seen were targeted attacks on top executives of international manufacturing companies and government agencies. With the 2010 World Cup behind us, what does this mean to us now? Everyone should always be on guard against websites, links, or messages that seem too good to be true (because most likely they are), but understanding that scammers and spammers especially thrive during popular events helps everyone to be on extra high alert.

2010aug09 general articles malware spam

Protect Yourself from Outbound Spam

A recent report , released by Osterman Research and sponsored by software vendor Commtouch, reports that the incidents of outbound spam is getting worse. The research firm interviewed 266 end users of internet service providers and 100 web hosting companies. Almost 40% of respondents have had their IP addresses listed on Real Time Blackhole Lists (RBLs) in the past 12 months alone – and the number could be far greater considering those who may not be aware that they have been listed. RBLs tag machines or networks of machines as being sources of SPAM, causing their emails to be filtered out by many mail servers. This can result in legitimate emails not reaching their intended destination, and can victims’ reputations. In addition, having an infected machine or network of machines can waste bandwidth and slow down outbound connections. The cause of outbound spam varies, but can including everything from compromised email accounts to “zombie” machines – machines infected with malware sending out spam unbeknownst to the user. There are multiple ways of protecting computers and networks against the risk of outbound spam, and our Managed Services clients benefit from our proactive protection and filtering. Contact us to find out more.

2010jul10 general articles security spam

Are You Opening Your Spam Email Messages?

A survey conducted by the Messaging Anti-Abuse Working Group or MAAWG reveals that a almost half of computer users in North America and Western Europe not only open spam emails, but also click on the links and open attachments found within these messages intentionally. This not only invites more spam, but potentially exposes them to a large number of security risks as well. Data from the survey revealed that: Nearly half of those who have accessed spam (46%) have done so intentionally – to unsubscribe, out of curiosity, or out of interest in the products or services being offered. Four in ten (43%) say that they have opened an email that they suspected was spam. Among those who have opened a suspicious email, over half (57%) say they have done so because they weren’t sure it was spam and one third (33%) say they have done so by accident. 84% were aware of the concept of bots. Yet, most think that they are immune from these viruses, with only a third saying they consider it likely that they could get a bot on their computer. Spammers have mechanisms which allow them to track whether their emails are accessed or not. Opening or even unsubscribing from spam messages further invites them to send even more spam. Furthermore, Spam messages these days are not only vehicles to solicit or sell goods and services of dubious source and value, but are increasingly being used as vectors to spread malicious software or malware. Clicking on a link, opening an attachment, or just viewing it can potentially open users’ computers to vulnerabilities in the operating system or installed applications. This in turn can turn compromised systems into “bots”, or unwitting accomplices in spreading more spam or malware. It pays to be aware of this next time you receive suspicious email – and make sure that your employees understand the risks as well. Sometimes even your antivirus software isn’t enough to protect you – so please ask us about our Managed Security Services and how we can help you not only fight spam but prevent it from reaching your Inbox in the first place. Related articles: Survey: Millions of users open spam emails, click on links (zdnet.com) Twitter spam drops to under 1 percent (networkworld.com) ‎ Brazil-originated spam levels topping 13% says Panda Security (infosecurity.com)

general articles security spam