How to remove “Ads Powered by Spoutable” pop-ups (Removal Guide)

If your web browser is randomly being redirected to the Ads Powered by Spoutable advertisements then it is possible that your computer is infected with an adware program. The Ads Powered by Spoutable ads that are displayed by adware will typically be shown in the header in strange positions or overlaying the content of the web page. Spoutable is […]

The post How to remove “Ads Powered by Spoutable” pop-ups (Removal Guide) appeared first on MalwareTips Blog.

Read More »

Would you plug in a USB that you got in the mail?

I am not sure about you, but [sarcasm on] my ABSOLUTE FAVORITE THING is opening my mailbox to find unsolicited mail. You know, junk mail [sarcasm off].

Raise your hand if you are with me.

Would you plug in a USB that you got in the mail?

OK, all kidding aside, no one likes to find unwanted things in their virtual or physical mailbox. Even so, marketing wonks will show that direct mail — even untargeted direct mail — will convert some people to paying customers.

So why are we talking marketing on a security blog?

Glad you asked. You see, police in Melbourne, Australia recently began warning citizens not to plug USB sticks that show up in mailboxes into their computers.

“The USB drives are believed to be extremely harmful, and members of the public are urged to avoid plugging them into their computers or other devices,” the police warned.

I guess the criminals thought, hey, it worked for AOL, when planning out this strategy to get people to install malware on their machines without having to resort to traditional cybercrime methods.

The tactic may seem quite old-fashioned, but it is actually not uncommon for businesses to be infected with targeted malware via a malicious USB dropped by an attacker in a parking lot. Earlier this year, we reported on a similar experiment researcher Elie Bursztein conducted to examine the results of dropping USB sticks around a college campus. A surprising 48% of those dropped were inserted into a computer.

By playing a numbers game, the criminals could have a good success rate. We hope the warning from the police came in time.

Although this story happens to center on a city in Australia, it still highlights a piece of personal security that needs reinforcing now and then: Never plug unknown devices into your computer.

Sure, it may be easy to stereotype the people who would plug in these devices: uneducated, elderly, or non-savvy. That’s simply not the case. Bursztein’s test shows even digital natives on college campuses will give in to temptation and plug in a seemingly free device.

Autorun settings may take USB-borne malware to another level, too. If a computer is set up to run programs on USB drives automatically, plugging one in can start a chain reaction. If the payload is ransomware, for example, it will automatically lock files and leave the user looking for a ransomware decryptor or paying the crooks.

Other types of malware log keystrokes, steal sensitive information, or just bombard them with adware. Then there are the system killers.

Aside from the aforementioned bad things, people who plug found devices into their computers could also be setting themselves back a pretty penny by killing their devices.

It may sound quite the piece of science fiction, but it’s true: A USB device can fry a computer through the port. This month saw reports that USB Killer 2.0 was out for physical destruction. In principle, the device draws power into the device through the USB port and then shoots it back into the computer, causing the circuitry to fail. Computer pricing varies by model and power, but it’s safe to say no one really wants to have to buy a new one immediately.

But I have AV and will scan the device first…

Sure, antivirus software provides critical defense against malware. But we can’t let you go without sharing another problem with surprise USB drives: Malware may not be the only danger lurking on that piece of removable media.

As the old saying goes, possession is nine-tenths of the law. In the case of the found USB, this can have grave implications for the finder. Removable media could hold illegally obtained documents, illicit pictures, bank account information, and more. And though the finder may simply see things that, well, they cannot unsee, simply possessing some kinds of files could make them an accessory to a crime.

So: A quick show of digital hands, here. Who likes opening junk mail? Who thrills to the mystery of found media?

The real question should really be: Is it worth it?

If you have friends, family or coworkers who would insert the USB, please share this post with them. After all, they will probably be reaching out to you to help fix it.

Read More »

What Is Disk Cleanup and What Are its Benefits?

what-is-disk-cleanup-and-what-are-its-benefits

Cleaning up and organizing your disk space is an essential maintenance task to keep your system functions in optimum working condition. It also helps you recover considerable amounts of disk space and keeps your RAM from overclocking. Although there are several benefits of regular disk cleanup of your Mac or windows system, there are somethings that you should consider before performing a disk cleanup. In this article we shall take a look at the do’s and don’ts of disk cleanup.

What Does Disk Cleanup Do?

Know More:How to Fix Your Startup Disk is Almost Full on Mac OS X

In a nutshell, disk cleanup searches for old temporary files, obsolete installation files, log files, internet history and cache, error reports, save offline content and error logs etc. on your computer. All these files might have been used or created by your system at some point, but are no longer necessary and can be removed. It also scans for any old updates that were downloaded by your operating system, which could take up significant amount of space on your hard disk.

Advantages of Disk Cleanup

Prevents Hard Disk from Over clogging – A fully occupied disk space not only keeps you from storing more data, but also puts a considerable amount of load on your system performance. By removing junk from your computer you’re literally providing the RAM, more room to breathe. This in turn results in faster system functions and fewer application crashes.

Old Files Can Interfere with New Programs – Whenever we choose to uninstall or update an application to its latest version, there are several files that are left behind by the older version. While the files are mostly harmless, they could interfere with your program’s functioning. Such redundant files should be deleted regularly from your system for best results.

Cyber Crime Security – Not many computer users might be aware of this, but hackers and cyber criminals can easily retrieve your personal information and other details from your computer. Even if you do not store these details directly on your computer, your internet history, system cache and other such files can be easily targeted by criminals to get hold of your sensitive data. Cleaning your disk regularly will keep your system free from such files from where your sensitive information could be leaked.

Read Also: 10 Best Mac Cleaner Software to speed up your Mac

Disk Cleanup On Mac

While windows users can do a disk cleanup by directly using the inbuilt disk cleanup feature, Mac users might have to do some manual searching. Removing temporary files, system cache, OS updates, and obsolete files that you don’t need might be monolithic task depending on your system and data size. You could also use cleanup tools such as the Disk Analyzer Pro, which can actually reduce the amount of time and effort required for a thorough cleanup.

Why Use Disk Analyzer Pro?

  1. Time Saving – Manual disk cleanup could take from 10 minutes to an entire day, depending on the amount of data to be cleaned. Disk Analyzer Pro automatically scans for any files and programs that are no longer required by your system. This not only helps save time, but will keep you from searching frantically prevent frustration.
  2. Space Analyzer – Even if your system is free from any obsolete any temporary files, there could still be a lot of data that could be deleted for extra space. Disk analyzer pro’s smart scan algorithms identifies all the scanned file types and displays them to the user. This would help the user get a better idea of file types that take more space.
  3. Organized Folder View – Personally locating folders for removable files is certainly a tedious task especially when dealing with voluminous data. Disk Analyzer Pro puts all these folders and subfolders in an organized view with their size, name, path. You can also check the last modified date to know what files are old and can be deleted.
  4. Custom Views – You could view the scanned data according to various tags such as size unit, size, location, file type and date etc. to pinpoint the bulky and useless files. You can also choose or omit a particular folder from being scanned by the software.

Even though there are plenty of programs and software that could free up disk space on your Mac, not many of them pack as many features and user-friendly interface as Disk Analyzer Pro. If you still want to check other options, here’s our list of 10 Best Mac Cleaner Software to speed up your mac.

Read More »

Tip of the week: Block unwanted software and system changes

Some unwanted software announces itself, demanding ransom, tying your computer in knots, crashing the system. By comparison, software that merely installs browser toolbars or other extras, or changes your default search engine, seems mild. But such changes, which may come from slightly shady freeware or even mainstream apps, can cause system slowdown, compromise your privacy, or worse.

Whose computer is it, anyway?

Tip of the week: Block unwanted software and system changes

At first glance, a few extra utilities and browser extensions might not seem so bad. Some people even use these programs and get accustomed to a new start page and search engine. But let’s be clear: Good software doesn’t need to sneak onto your computer.

As for performance, unnecessary extensions slow down your browser. And if you’re really unlucky, your new free program may come with actual malware. You can read about that in BitGuard: a System of Forced Searches and Getting Rid of Shady Toolbars.

How to secure your system

With the help of Kaspersky Internet Security 2017, you can forget about unwanted programs forever. In particular, Application Manager blocks certain changes to your operating system and browser settings.

You’ll find Application Manager in Kaspersky Internet Security’s Settings interface. Within Settings, click Protection → Application Manager and confirm that the Application Manager is turned on.

How to block changes in OS and browser settings

Then open the Application Manager settings.

How to block changes in OS and browser settings

This component includes three modules.

System Changes

This module blocks unwanted changes to operating system, browser, and network settings. We recommend turning it on before installing or updating software.

https://1qto3g40rh2j1n43ebvoa7h1cmu-wpengine.netdna-ssl.com/files/2016/09/3_RU-1.png

When you install a program, Application Manager checks to see if the installer is covertly trying to change certain system settings, such as homepage, search engine, and proxy server settings, or install plugins, extensions, or toolbars. If it does, the security component will ask whether you want to block or allow the changes.

How to block changes in OS and browser settings

Installation Assistant

Freeware developers often build additional steps with ads into their installation wizards. Our Installation Assistant module saves you a few clicks by removing the steps with ads and pop-ups that offer to install additional software.

Software Cleaner
We’re assuming you already have some software installed — mostly software you actually want, but some crapware, adware, and the like is probably lurking on your hard drive. Our Software Cleaner module analyzes your installed software and offers to delete adware, suspicious programs, unwanted software that was installed without your permission, and rarely used programs.

To manually launch a scan of your software, open Kaspersky Internet Security → Software Cleaner and click Run.

How to block changes in OS and browser settings

Alert!

Our Application Manager will notify you every time suspicious software tries to sneak onto your PC. You can read more about this component in our Knowledge Base.

Read More »

The banker that can steal anything

no-image

In the past, we’ve seen superuser rights exploit advertising applications such as Leech, Guerrilla, Ztorg. This use of root privileges is not typical, however, for banking malware attacks, because money can be stolen in numerous other ways that don’t require exclusive rights. However, in early February 2016, Kaspersky Lab discovered Trojan-Banker.AndroidOS.Tordow.a, whose creators decided that root privileges would come in handy. We had been watching the development of this malicious program closely and found that Tordow’s capabilities had significantly exceeded the functionality of most other banking malware, and this allowed cybercriminals to carry out new types of attacks.

Penetration

A Tordow Infection begins with the installation of a popular app, such as VKontakte, DrugVokrug, Pokemon Go, Telegram, Odnoklassniki or Subway Surf. In this particular case, we’re not talking about the original apps but copies that are distributed outside the official Google Play store. Malware writers download legitimate applications, disassemble them and add new code and new files.

The banker that can steal anything

Code added to a legitimate application

Anyone who possesses even a little knowledge of Android development can do it. The result is a new app that is very similar to the original, performs all the stated legitimate functions, but that also has the malicious functionality that the attackers need.

How it works

In the case in question, the code embedded in the legitimate app decrypts the file added by the cybercriminals in the app’s resources and launches it.

The launched file calls the attacker’s server and downloads the main part of Tordow, which contains links to download several more files – an exploit to gain root privileges, new versions of malware, and so on. The number of links may vary depending on the criminals’ intentions; moreover, each downloaded file can also download from the server, decrypt and run new components. As a result, the infected device is loaded with several malicious modules; their number and functionality also depend on what the Tordow owners want to do. Either way, the attackers get the chance to remotely control the device by sending commands from the C&C.

As a result, cybercriminals get a full set of functions for stealing money from users by applying the methods that have already become traditional for mobile bankers and ransomware. The functionality of the malicious app includes:

  • Sending, stealing, deleting SMS.
  • Recording, redirecting, blocking calls.
  • Checking the balance.
  • Stealing contacts.
  • Making calls.
  • Changing the C&C.
  • Downloading and running files.
  • Installing and removing applications.
  • Blocking the device and displaying a web page specified by a malicious server.
  • Generating and sending a list of files contained on the device; sending and renaming of files.
  • Rebooting a phone.

Superuser rights

In addition to downloading modules belonging to the banking Trojan, Tordow (within the prescribed load chain of modules) also downloads a popular exploit pack to gain root privileges, which provides the malware with a new attack vector and unique features.

Firstly, the Trojan installs one of the downloaded modules in the system folder, which makes it difficult to remove.

Secondly, using superuser rights the attackers steal the database of the default Android browser and the Google Chrome browser if it’s installed.

The banker that can steal anything

Code for sending data from browsers to the server

These databases contain all the logins and passwords stored by the user in the browser, browsing history, cookies, and sometimes even saved bank card details.

The banker that can steal anything

Login and password from a specific site in the browser database

As a result, the attackers can gain access to several of the victim’s accounts on different sites.

And thirdly, the superuser rights make it possible to steal almost any file in the system – from photos and documents to files containing mobile app account data.

These attacks can result in the theft of huge amounts of critical user data. We recommend that users do not install apps from unofficial sources and use antivirus solutions to protect Android-based devices.

MD5

06CBA6FF7E9BCF2C61EF2DD8B5E73A30
3C1B589DA2F8DB972E358DD96F9B54B0
5F5906017C6F7D7DE5BD50440969E532
8E00657A004F3040E850CA361DE64D64
ACF114BB47A624438ADA26B8D449C06D

Read More »

Watch now – Sophos Intercept X in two minutes!

sophos-intercept-x-icon-150Today’s cybercriminals are more sophisticated than ever, and next-generation attacks call for next-generation solutions.

Launched last week, Sophos Intercept X is a completely new approach to endpoint security.

It features signatureless anti-exploit, anti-ransomware and anti-hacker technology that includes visual root-cause analysis and advanced malware cleanup – all managed via the Sophos Central Admin console.

No other solution on the market offers so many features in a single package.

Want to know more? Watch our video!

If you’re interested in learning more about Intercept X, as well as seeing a live demo of the product, please sign up for our webinar on 4 October at 2.00pm-3.00pm EDT.

If you’d like to try the product yourself, you can sign up for a free trial of Intercept X here.


Filed under: Enduser Tagged: Intercept X, ransomware, Sophos Intercept X

Read More »