Saturday, November 16, 2013

Find your stolen iPhone

Find My iPhone
The technology available at iCloud it's now possible to locate your device provided it still has access to some sort of data connection (cellular or Wi-Fi). This won't work if your device is not using the Find My Phone service, has run out of battery or was last seen in Airplane Mode, but it's certainly worth a shot.

Open iCloud.com, login with your Apple ID and the same password you use to authorize app purchases and click on Find My iPhone. iCloud will attempt to locate your device, if found you can take a note of whether it's moving, whether it's down the back of the sofa or indeed whether it appears somewhere entirely different to you last had it in which case, it's probably been stolen.

Using iCloud.com it's possible to initiate a remote wipe of the phone, which will cause the phone to reset itself to factory settings and preserve your data. To do this by logging in, clicking on Find My iPhone then selecting the device and enabling Lost Mode. Don't forget to leave a message and a phone number in the hope that whoever took it might actually return it.If your phone has been stolen but remains traceable, you may want to hand the information over to the police. There have been a few examples, law enforcement have used Apple's Find My iPhone location data to recover stolen devices, though be prepared that this may not be the case.

If your phone has been updated to iOS 7, you've got another safety net in place in the form of Activation Lock. Even after wiping the device, it will require your own personal Apple ID and password to be usable. Until these credentials are provided, the phone will refuse to work as intended. It's useless to the thief, and not even Apple will unlock it.

You can tell if your phone has been updated to iOS 7 first and foremost by the graphical style. Apple introduced a new, cleaner interface. You can see the difference at-a-glance in the screenshot above (iOS 7 is on the right). You can also head over to Settings > General > About and look at the number under Version.
Author at
Labels:

Thursday, November 14, 2013

CryptoLocker Ransomware Infections

Systems Affected
Microsoft Windows systems running Windows 8, Windows 7, Vista, and XP operating systems

Description
CryptoLocker appears to have been spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. In addition, there have been reports that some victims saw the malware appear following after a previous infection from one of several botnets frequently leveraged in the cyber-criminal underground.

Impact
The malware has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives. If one computer on a network becomes infected, mapped network drives could also become infected. CryptoLocker then connects to the attackers’ command and control (C2) server to deposit the asymmetric private encryption key out of the victim’s reach.

Victim files are encrypted using asymmetric encryption. Asymmetric encryption uses two different keys for encrypting and decrypting messages. Asymmetric encryption is a more secure form of encryption as only one party is aware of the private key, while both sides know the public key.

While victims are told they have three days to pay the attacker through a third-party payment method (MoneyPak, Bitcoin), some victims have claimed online that they paid the attackers and did not receive the promised decryption key.

Following preventative measures to protect computer networks from a CryptoLocker infection: 
  • Do not follow unsolicited web links in email messages or submit any information to web pages in links 
  • Use caution when opening email attachments. Refer to the Security Tip Using Caution with Email Attachments for more information on safely handling email attachments 
  • Maintain up-to-date anti-virus software 
  • Perform regular backups of all systems to limit the impact of data and/or system loss 
  • Apply changes to your Intrusion Detection/Prevention Systems and Firewalls to detect any known malicious activity 
  • Secure open-share drives by only allowing connections from authorized users 
  • Keep your operating system and software up-to-date with the latest patches 
  • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams 
  • Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks 
Mitigation
Following possible mitigation steps that users and administrators can implement, if you believe your computer has been infected with CryptoLocker malware:
  • Immediately disconnect the infected system from the wireless or wired network. This may prevent the malware from further encrypting any more files on the network 
  • Users who are infected should change all passwords AFTER removing the malware from their system 
  • Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware, or users can retrieve encrypted files by the following methods: 
  • Restore from backup, 
  • Restore from a shadow copy or 
  • Perform a system restore.

Source from: https://www.us-cert.gov/ncas/alerts/TA13-309A
Author at
Labels:

Friday, November 8, 2013

Malicious Software and Security

There are many types of malicious software, outside of your typical viruses, attack systems every day. The following sections outline other types of malicious software but understand that they are all considered types of viruses.

Trojan horses
Trojan horses virus are special designed and bundled in an exe file, when some one click on this exe file then it executes the virus program and takes control of the system. For example, NetBus is a very popular Trojan virus that ships as a file called patch.exe. A hacker e-mails the file called patch.exe and explains in the e-mail that this is a security patch you need to apply to make sure your system is secure. Unfortunately, patch.exe is the security hole! When you run patch.exe, it opens your system up to the hacker by opening a port so that the hacker can connect to the port at any time and control your system. Trojan viruses are normally loaded on your system by the hacker tricking you into running the program on the system. You can remove the Trojan with virus-protection software.

Worms
A worm is a self-replicating virus. By self-replicating, I mean that the worm doesn't need to be activated by the user opening the file. A worm is a virus that runs on a system and also tries to infect other systems on the network. The Nimda virus is an example of a worm virus. Worms are loaded on your system by connecting to your system from across the Internet. The worm is usually designed to infect the system by connecting through a specific piece of software.

Spyware and adware
Spyware is software that loads on your system and then monitors your Internet activity, while adware is software that creates pop-ups from time to time advertising a particular product or service. Both of these types of viruses infect your system when you surf the wrong Internet site. Spyware and adware have become a huge negative result of the Internet, so a number of products are available to eliminate spyware and adware.

The most popular products used to eliminate spyware and adware are:
  • Spybot Search & Destroy
  • Ad-Aware
  • Microsoft’s Windows Defender
Author at
Labels:
Subscribe to: Comments (Atom)