MRA Consultants has been trading for over 20 years, during this time I have built up a reputation for service, reliability and value for money. A small sample of local business I serve include  Maryport Bodyworks Centre, ABI Motor body Repairs, Taylors Joinery And Plastics, West Cumbria domestic Violence, Distington Community Centre, Macs Removals Ltd .Engineering Pipework Services Ltd, Distington club for young people, Ewanrigg Community Centre, CMS, Robin Dargavel Ltd, Lake District Coast Aquarium as well as countless numbers of individuals. Over 99% of my business comes from referrals. I was the first in the area to pioneer no fix no fee and no call out charges.

Virus Bulletin news

Vawtrak trojan spread through malicious Office macros

Users easily tricked, but plenty of opportunity for the malware to be blocked.

Researchers at Trend Micro report that the 'Vawtrak' banking trojan now also spreads through Office macros, embedded in documents that are attached to spam emails.

Vawtrak rose to prominence late last year, when it broadened its scope from targeting Japanese banking users (only) to targeting users from banks in many other countries, leading to suggestions that it posed a challenge to Zeus for the title of 'king of botnets'. Last month, we published a thorough analysis of the malware by Fortinet researcher Raul Alvarez.

Last year, cybercriminals rediscovered the use of Office macros to spread malware. Prevalent in the late 1990s, macro viruses disappeared quickly when newer versions of Microsoft Office had macros disabled by default. However, malware authors have recently started to use social engineering to trick users into enabling macros, thus allowing the malicious code to be executed.

Sophos researcher Gabor Szappanos was one of the first to notice the resurgence of macro malware; he wrote an article for Virus Bulletin on the subject in July last year. Since then, the use of macros by malware has continued to increase.

Read more (8 paragraphs)

VB2014 paper: Caphaw - the advanced persistent pluginer

Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.

Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added 'Caphaw - the advanced persistent pluginer' by Fortinet researchers Micky Pun and Neo Tan.

Caphaw (also known as Shylock) is a bit of a rarity among today's botnets: its source code hasn't been leaked and the malware has never been offered for sale on underground forums, suggesting that the same group of people wrote the code and maintained the botnet.

Other than that, the banking trojan shows many similarities with other modern malware families: from anti-analysis techniques to the possibility of extending the malware by using plug-ins.

An overview of Caphaw; click for larger.

Read more (5 paragraphs)

M3AAWG releases BCP document on dealing with child sexual abuse material

Subject may make many feel uncomfortable, but it is essential that we know how to deal with it.

The mere mention of "child pornography" on the Internet makes many a security expert feel uncomfortable, and not just because of the natural human reaction to the idea of children being abused. It is often used, together with terrorism, as a trump card in discussions on government surveillance and encryption backdoors.

Yet child sexual abuse material (CSAM), as it is officially termed, does exist on the Internet. And there are real children who are abused and whose images are shared on the Internet. Hence for those whose jobs require them to access the shadier corners of the Internet, as well as for those who handle abuse reports, it is something they may well be exposed to at some point.

Exposure to such material can have a serious impact on the emotional wellbeing of the employee. It has also serious legal consequences: merely accessing such images is illegal in many jurisdictions.

Read more (2 paragraphs)

Hacker group takes over Lenovo's DNS

As emails were sent to wrong servers, DNSSEC might be worth looking into.

Although, after some initial hesitation, Lenovo was rather frank in its admission of messing up regarding the Superfish adware, it was too late for the damage to be undone and many have directed their 15 minutes of Internet rage at the laptop manufacturer.

Unsurprisingly, that included a group of hacktivists using the moniker 'Lizard Squad', who managed to take over the DNS of lenovo.com last night, thus sending visitors to the company's website to one controlled by the attackers instead. This isn't something one would normally pay a great deal of attention to, because it is fairly innocent as hacks go, and doesn't mean the hackers have obtained access to the victim's network.

Source: xkcd.

However, what makes this case both interesting and worrying is that the attackers not only changed the DNS A record -- which made the website point to a different IP address -- but they did the same to the MX records. This caused all email to @lenovo.com email addresses to be sent to a server controlled by the attackers as well. The potential for damage in this instance is far greater, even if the emails posted as proof on the group's Twitter account don't exactly reveal trade secrets and, as Ars Technica writes, the DNS was restored fairly quickly.

Read more (5 paragraphs)

Coordinated action takes down Ramnit botnet infrastructure

Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying.

A coordinated action from Anubisnetworks , Microsoft and Symantec , together with Europol has done serious damage to the infrastructure behind the 'Ramnit' botnet.

Ramnit is one of those botnets that lurk in the background of the Internet. Its infections mainly occur in countries where the security community tends to have less visibility, with the top three infected countries being India, Indonesia and Vietnam. It is believed to have infected more than 3 million computers in total, and the number of infected machines at the time of the takedown remained fairly high at around 350,000.

Ramnit stole banking credentials, cookies and other kinds of personal information from the machines it infected, while it could also open backdoors and steal FTP credentials. The latter were then used by the malware to propagate further.

While the botnet's current infrastructure has been taken down, the malware remains present on the machines. Time will tell whether the botnet owners will be able to revive it, but for now they have been delivered a significant blow.

Read more (2 paragraphs)

Telephone 01900516363
Visitors to this page : 8,505

Digital Solutions  for Cumbria

 

 

Mobile 07944982166