Category Archives: virus

Understanding viruses, how to avoid them? Our tips will help you avoid getting having it.

NotPetya – understanding the global cyberattack in 6 questions

On June 27, 2017, computer systems around the world met a new malware called NotPetya.

The attack begins in Ukraine's epicenter, and then spreads around the world. It is one of the most devastating cyberattacks the world has ever seen.

This article will also interest you: Ransomware: Maersk says he has learned an important lesson in his fight against NotPetya

Today in 2019 we will try to make a new understanding of this problem and try to better understand it. Through a relevant analysis conducted by the security company Kaspersky, we will understand the case in 6 questions.

1- What happened?

all June 27, 2017, 65 countries around the world, from around the world, millions of infected terminals Ransonware-type malware. Ukraine, the epicentre of Russia are the two countries most affected. Some large French companies also suffered the blow of this particularly Saint-Gobain and SNCF, which led to the opening up of an investigation by the Crown.

According to Kaspersky's analysis, when the computer or a training system is infected with the NotPetya malware, it encrypts the computer data of this terminal based on the algorithms AES 128 and RSA 2048. The computer is blocked. A message appears on the screen asking the user to $300 in Bitcoin format.

2- How is this attack named?

Several names have been circulated. But in the end, they all finished by opting for the name known today "NotPetya" to detach it Petya malware from which it draws a few straps of code.

3 – How the terminals were infected with NotPetya ?

Like its predecessor WannaCry, the NotPetya was a particular target for companies and Organizations. Unlike WannaCry, it is not transmitted via the Internet messy way. According to Microsoft, it is essentially based on a update procedure developed for accounting software, 'MEDoc', to bring malware into systems companies. Kaspersky also discovered that there was another that allowed programs to spread. This vector is the official website of a Ukrainian city Bakhmut in the Donetsk region. The home page of the site internet has been corrupted by hackers in such a way that any anyone accessing it automatically downloaded a camouflaged executable under Windows update form.

4 – How does it spread through a computer network?

Once this program infects a machine within a company affiliated with the this one, he's going to try to spread using the internal network in order to trap others machinery. To achieve this, NotPetya will use hacking tools that were stolen from NASA, then published by a group of hackers called ShadowBrokers. These tools control are called EternalBlue and EternalRomance. And in principle, their function is to allow you to control a machine using fairly good protocols especially. The advantage of using its tools is that it will allow the program to be able to take control of a machine even if the machine updates, which is supposed to make it easier to take control

5- Is the data recovered once the ransom is paid?

Not. Since the German host Posteo deactivated the email address identifying those who are making the payments, it was impossible for hackers to know who to send the script to decipherment. This makes the process totally inoperative. which is to say that even if hackers intended to return the encrypted data, they couldn't have. However, according to cybersecurity researcher Matt Suiche, the ransom message was merely a façade because apparently the real purpose of this hacking was the sabotage. According to his analysis, the hard drive of the terminals corrupted by the program was unrecoverable because the data did not appear to have been backed up any part. "The current version of Petya has been rewritten to be a wiper, not ransomware," explained the expert.

How can we protect yourself from it?

The virus could be detected from a moment by almost all antivirus solutions. on the other hand, it is impossible to stop the spread if network administrators decide to block SMBv1 traffic and some of the administrative tools including PSEXEC and WMIC. In addition, it was discovered by a computer security researcher named Amit Serper, a file, which once present on the terminal prevented the NotPetya program from running properly.

Now access an unlimited number of passwords:

Check out our hacking software



How does spyware work?

Spyware is a computer program that collects information about a computer user without their knowledge for the purpose of either monitoring or stealing it. This computer program is also called in certain context snitch.

The information it tends to collect is the traceability of the digital addresses of websites, the spying of keywords used in search engines; Financial information such as bank IDs, credit card numbers, visas or access codes; login credentials such as passwords and usernames.

This article will also interest you: ESET discovers a spy software called "Varenyky"

But first of all, all spyware are not illegal as there is a license to use for some. Often these software are installed in the terminals with the intention of protect the user or these are side effects of other applications that a lot of people don't bother to check before install on the device.

Generally, spyware is installed same time as other fairly normal software. This may be for the software developer, the cost-effectiveness of its application by the marketing certain statistical data, as using a application means habits that can be very expensive in the market. It's for this reason you are told that spyware is not necessarily Illegal. Often these applications with a purpose for development as well as in some cases a purely unhealthy purpose.

But let's not kid ourselves about spy apps simply used to spy. And this can lead to serious damage such as the disclosure of personal data. Apart from that, a spyware can also have adverse effects on our devices and this can be seen through various symptoms.

How spyware works on particularly visible because it is a program like any other in the past. actions will be manifested by certain well-defined details such as:

  • The occupancy of space on the hard drive.
  • The consumption of part of the living memory.
  • A significant mobilization of processor resources.
  • It can also happen that your applications crash by spy software effect.
  • An ergonomic problem with the use of the device as a whole. Not to mention an irregular consumption of internet data.

The types of spyware

There are two types of spyware. we Have:

  • Internal spyware. Those that are integrated into the very heart of the device or a third-party application.
  • We also have external spyware that is either installed as a result of downloading or that are being affected by other applications.

How does it go protect?

To protect yourself from spyware, you must first have preventive measures:

  • First, never install an application that you're not 100% sure where it came from or the reliability of its designer. That's why he recommended that you always download your applications in the blinds dedicated specifically to its brands.
  • If it is particularly difficult to detect the spyware once installed, remain constantly vigilant because, no program of this kind can work without posing a direct problem to the Terminal in question.
  • In addition, there are many antivirus viruses that will allow you to protect yourself from spyware. The most famous are BitDefender and Kaspersky. These are the programs that are known for their strength and reliability of their protection but also their effectiveness according to recent computer security tests.

Now access an unlimited number of passwords:

Check out our hacking software

What is a rootkit?

A rootkit is malware that hackers use on Linux, Unix, Windows or even on the computers of their victims' staff.

These are programs that are almost impossible to detect once installed on the terminal.

This article will also interest you: Malware that puts our computer security at risk

The usefulness of the Rootkit is to allow its designer or user to have access to a computer system (system operating a PC or server) without the administrator's permission, with the total power to edit, destroy or even collate data Digital. It can also be used to add other files that were not step. Text files or other malware such as Trojan hair, a backdoor or a classic spyware.

It is simply note that the Rootkit is not malware, even if the use of it today is much more in that momentum. The Rootkit can also be used for a user or search engine for development purposes. he will be used in cases to ensure the proper functioning of a system. the monitoring software that is used to manage certain applications or servers, which are the nanny programs rely on rootkits for actions.

The malicious rootkits will be used in a purely criminal purpose. They are mostly cases set up by hackers (hacker and cracker) remote terminal from the moment it is online or, a remote terminal server Permanently. They use rootkit to infect the affected device, installing other malware such as keystroke recorders or backdoors to steal personal information, information bank data etc.

The installation of the rootkit

There are several steps to be followed before installing rootkit on a computer. The most common method is sending prelude to a Trojan horse that is hiding in a file via email or via installing a plug-in to gain access to a full page blank. Then the useful program a security flaw present in the server, either through an unprotected form or through a passage created by the database.

This protect against rootkits

To protect yourself from rootkits, what's the better than a good antivirus that you will constantly update. the Regular installation of security patches to help a lot. Because he it is not uncommon for information system manufacturers to discover themselves even continually flaws, to which they design security.

To protect you, the safer and more protector is to never open an unknown file, never download and install software or any other tire program not from the designer's official platform. Never allow the installation of plug-in from an unknown site. And finally, never use a basic data you don't have to control. Keep in mind that every action, even one innocuous click can install a rootkit and make your program ineffective protector

Detect a rootkit

There is software that can detect rootkits today. Some are free others paid. However you must admit that there are rootkits that no software can detect. The only way to get rid of it is to completely redo your operating system. Because that's the only way. So be vigilant.

Now access an unlimited number of passwords:

Check out our hacking software

How do I use a Trojan horse?

The Trojan horse, or the Trojan or Trojan in English is a malicious computer program designed for the purpose of espionage and illegal data collection.

In most cases, this program is installed by the victim herself inadvertently or even without his or her knowledge. This software allows its designer to control the terminal in which it is installed.

This article will interest you too: Malware that puts our computer security at risk

To get him into terminal, the hacker sends it to his victim in the form of an e-mail, in the majority of cases. The software is in the attachment and the user will have to open it. The file goes so discreetly that the victim will not go account. Once installed, the spyware will move into the less visible from the operating system.

The installation file will be hidden in a other file that is quite normal such as a game or a player multimedia.

Automatically, the spear software. he can run immediately or later. It all depends on the programming made by the designer. It borrows a generic name to melt into the program mass and don't draw attention to it.

The Trojan horse will send a signal to his designer or its user. In this way, the latter will be able to set up other programs created a data collection machine that will collect to the new program

In accordance with the program, the hacker will be able to:

– explore and monitor the victim's device for information such as login credentials (passwords, usernames) or bank identifiers such as bank codes, etc.) and ship them to any outside terminal;

– damage data to put the data into harm how a PC works or renders it ineffective;

– launch automatic actions of the terminal, for example examples, mass spamming messages;

– create a backdoor for the hacker who can then break into the device to study documents or even take control of the machine.

Note that the original Trojans are quite to bypass anti-virus programs. These are programs that do not replicate unlike worms and will not infect others Programs. Anti-viruses still have a hard time detecting Trojans because their design is quite special.

A famous Trojan horse has been making a name for itself lately. This is the "Pegasus" malware famous for its sophistication. Because once set up in a mobile, be it iOS or Android, this malware is able to copy all the data desired by its user, using different servers.

Apparently he's able to impersonate even the phone and access the hack victim's cloud. The power is at the level where it is even able to bypass the famous dual-factor authentication system. Even if its designers claim to have created it only for governments to fight terrorism, it does not prevent that such software could be used for many other things.

Now access an unlimited number of passwords:

Check out our hacking software



Malware that puts our computer security at risk

They are called "computer viruses," spywares, "Trojan horses" etc… There are many of them and can destroy your device in the blink of an eye, or very slowly, without your knowledge.

Spyware

Spyware, called "spyware" or spyware is a software or sub-program, created with the intention of collect personal data on its users and to bring it to its creator, or to any person concerned via the network Internet or any other computer networks, without having in any way obtained any authorisation from those users beforehand. In other words, it's software that allows people to steal information without even if they don't notice.

However, there is software to help delete. Among many others, we have the Ad-Aware software and the Spybot can delete them.

Computer viruses

The most famous of all, the computer virus is a pernicious computer program bridle created and developed for it will happen again. This ability to duplicate itself can greatly affect your device (computer, phone without requiring your permission and much without your knowledge. More technically, let's say that the virus it will add to one of your executable software and replicate automatically on any other executable program you launch.

Computer worms

A worm or worm in English, is a particular type Viruses. In addition to duplicated in the system, computer worms will undermine the integrity of the system or terminal. They are known to be destructive and you can protect yourself from them by installing antivirus.

Trojans

A Trojan horse or trojan in English, is a program that, once introduced into the system of any terminal, transforms into valid software. But in practice, it contains a hidden illegal functionality. Thanks to this feature, the mechanisms security of the terminal's system are bypassed, which will allow the manipulator of the Trojan horse, to penetrate without the user's knowledge of the system, in files to soak them, modify them, steal them or steal them destroy. Unlike a computer worm, the Trojan horse does not duplicate itself it can remain safe for the system, within a system software until the date scheduled for activation.

Keyloggers or keystroke recorders

A keylogger, a keylogger in French is a program that records users' keystrokes. Generally, it is used to steal example login credentials, usernames or a password. This software is very discreet but remains ineffective against biometric security systems.

The dialers

Dialers are software that use certain numbers they dial to connect your device to the Internet.

Dialers are still not used by ill-intentioned people. Indeed, they may not pose a danger and be justified if they are from your internet service provider. However, some dialers are malware and may in some cases some cases set up without you even noticing. On your and dial a very expensive number. To protect you, there's nothing like that prevention. Always download on sites Regulatory

Rootkits

A rootkit is a program, let's say a "kit" to become a machine administrator.

It is a very complex malicious code that attaches to a terminal and sometimes to the core of the operating system.

In this way, he may be able to take control of even a computer he had you trace. Plus it is very difficult to detect. It is used by hackers to take control of the machines, passing not a pre-existing flaw. As soon as it is installed, this program works as the true master of the system. Even anti-viruses are forced to go through it to run properly.

Now access an unlimited number of passwords:

Check out our hacking software