Отправляет email-рассылки с помощью сервиса Sendsay
  Все выпуски  

ALERT: Watch out for new Emotet Banking Malware!


Антивирусный "хостинг"

Клуб пользователей антивирусных услуг (Saas, Cloud)

добавить на Яндекс
Антивирусы и безопасность (SaaS, Cloud ...)
av-host.net

ALERT: Watch out for new Emotet Banking Malware!
2014-07-02 11:13

KMM поделился ссылкой

ALERT: Watch out for new Emotet Banking Malware!

blog_emotet

Malware Alert!

A new banking malware by the name of Emotet is circulating through malicious spam containing links which claim to lead to invoices for recent financial transactions or deliveries. The malware has been specifically crafted to target customers of multiple German banks, but variants that target North American and Asian banks have been found in the wild as well. Most alarmingly, research indicates that Emotet can even steal user credentials from HTTPS banking websites that would otherwise be protected by TLS encryption.

How Not to Get Emotet

Plain and simple: Do not click on links contained within unsolicited emails, especially if those links claim to lead to banking invoices or delivery receipts. The same can be said for mysterious attachments. Just don’t open them. Ever.

What Emotet Can Do

Although Emotet’s spam link propagation method is no different than that which is used by essentially every other banking malware that tries to dupe users into exposing their credentials, its technical capabilities are. Unlike most banking malware that propagates through spam, Emotet does not lead to your typical phishing page. Instead, Emotet spam links lead to drive-by download websites, which automatically infect your computer with a malicious program that can sniff network activity.

Network sniffing malware is dangerous because it operates without direct user interaction. The Emotet download comes with a list of popular banking URLs, most of which have been discovered to be owned by German banks. If an infected user visits one of the listed URLs, Emotet is designed to record all data that is transferred between the user and that website – even if it is an HTTPS website protected by TLS encryption.

Reports also indicate that Emotet spreads the storage of its component files into multiple registry entries, in an effort to avoid antivirus programs that rely solely on file-based detection.

Emsisoft and Emotet

New malware is born on a daily basis, but since many of our users reside in Germany, we felt an explicit need to raise the warning flag on a malware that targets German banking institutions. Remember: Don’t click on unsolicited links. The same advice (and same concern) goes for all of our other users, from countries across the world as well, as spam-link malware is a propagation technique that transcends national borders and as new Emotet variants targeting new banking institutions from around the world are likely to arise.

As always, anyone running Emsisoft Anti-Malware is automatically protected from this threat. Anyone who feels they may be infected by Emotet (i.e., anyone who may have recently clicked on a mysterious, emailed link and is now seriously starting to regret it) can and should reach out to our support forum as soon as possible. We like to get rid of malware, and we’ll do it for free – even if you are not an Emsisoft customer yet.

Have a Great (Emotet-Free) Day!

 



Обновление компонентов в Dr.Web Enterprise Security Suite 6.0
2014-07-02 13:35

KMM поделился ссылкой

Обновление компонентов в Dr.Web Enterprise Security Suite 6.0

2 июля 2014 года

Компания «Доктор Веб» сообщает об обновлении компонента Dr.Web Enterprise Suite Updater (6.0.5.06240) и скриптов агента в Dr.Web Enterprise Security Suite версии 6.0. Обновление связано с исправлением выявленных ошибок.

Был переработан алгоритм обновлений для исправления проблемы, которая в некоторых случаях могла возникать во время обновления агента Dr.Web Enterprise Security Suite на компьютерах под управлением ОС Windows при взаимодействии со сторонним ПО.

Устранена причина ошибки перезагрузки баз Офисного контроля и веб-антивируса SpIDer Gate.

Также было внесено изменение, устраняющее проблему перехвата трафика для приложений, запущенных через интерфейс Metro в Windows 8.

Обновление пройдет для пользователей автоматически.



В избранное