Tag Archive for: antivirus

Ransomwared health insurer wasn’t using anti-virus software • The Register

/in


A recent ransomware attack on the Philippine Health Insurance Corporation (PhilHealth) occurred while the organization’s antivirus software subscription had expired.

PhilHealth was attacked around September 22 and shut down many of its systems to battle an infection for which the Medusa ransomware gang claimed responsibility.

The incident saw a huge leak of personal information. PhilHealth was also slow to restore service, delaying medical matters for many.

Filipinos are justifiably outraged that their national health insurer was attacked and disrupted.

But they can express stronger emotions still – because on Monday local media outlet GMA’s 24 Oras program reported the attack took place while PhilHealth was not running antivirus software. The insurer’s license had apparently lapsed several months before, but government procurement regulations made it impossible to renew.

It’s not unusual for government agencies in developing nations to use unlicensed software, when commercial licenses are often priced beyond their means. In 2021, for example, The Register covered an outage at Pakistan’s Federal Board of Revenue that it swore could not have been caused by unpaid licenses because it caught up on its bills. Your correspondent also once spoke to a major vendor of design software that had 500 people show up to a conference in India – a nation in which it had sold no licenses and in which users felt they could pirate with impunity.

Whatever the reason for PhilHealth’s security fail, its repercussions are serious: personal information has reached the dark web.

The insurer on Sunday posted a press release warning customers to ignore unexpected calls, messages, and emails asking for passwords and other information.

The insurer also “appealed to refrain from further circulating leaked data as it has dire consequences under the law,” including up to 20 years in jail.

As if that will scare ransomware and phishing scum.

PhilHealth is presently using antivirus software – reportedly a trial license that expires in 30 days. ®

Source…

A New Polyglot Attack Allowing Attackers to Evade Antivirus

/in


MalDoc in PDF

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file.

The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.

“A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF,” researchers Yuma Masubuchi and Kota Kino said. “If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors.”

Such specially crafted files are called polyglots as they are a legitimate form of multiple different file types, in this case, both PDF and Word (DOC).

This entails adding an MHT file created in Word and with a macro attached after the PDF file object. The end result is a valid PDF file that can also be opened in the Word application.

Put differently; the PDF document embeds within itself a Word document with a VBS macro that’s designed to download and install an MSI malware file if opened as a .DOC file in Microsoft Office. It’s not immediately clear what malware was distributed in this fashion.

Cybersecurity

“When a document is downloaded from the internet or email, it’ll carry a MotW,” security researcher Will Dormann said. “As such, the user will have to click ‘Enable Editing’ to exit Protected View. At which point they’ll be learn [sic] that macros are disabled.”

While real-world attacks leveraging MalDoc in PDF were observed a little over a month ago, there’s evidence to suggest that it was being experimented (“DummymhtmldocmacroDoc.doc“) as early as May, Dormann highlighted.

The development comes amid a spike in phishing campaigns using QR codes to propagate malicious URLs, a technique called qishing.

“The samples we have observed using this technique are primarily disguised as multi-factor authentication (MFA) notifications, which lure their victims into scanning the QR code with their mobile phones to gain access,” Trustwave said last week.

MalDoc in PDF

“However, instead of going to the target’s desired location, the QR code leads them to the threat actor’s phishing page.”

One such campaign targeting the Microsoft credentials of users has witnessed an…

Source…

Best Antivirus Apps For Android Smartphones In 2023

/in


Your smartphone isn’t just a tool to make calls or stay in touch with popular trends but also your portable wallet, mobile bank, your password locker, and whatever it is you’d like it to be including being your personal portable computer.

It’s crucial to protect your smartphones from the growing threats of malware, viruses, and other malicious activities.

This post will explore the best antivirus apps for Android smartphones in 2023. We’ll begin by understanding what antivirus apps are, why they are necessary, and the differences between free and paid antivirus apps. Additionally, we’ll discuss how antivirus apps differ from VPNs, ensuring you have a comprehensive understanding of mobile security.

So without any further ado, here’s everything you need to know about AntiVirus applications which will serve as the first part of this lengthy post.

Part 1: Everything you should know about Anti-Virus apps

What Are Antivirus Apps?

Antivirus apps are software programs designed to detect, prevent, and remove malicious software from your Android smartphone. These apps protect your device by scanning files, apps, and system vulnerabilities to identify and eliminate potential threats.

Android-based smartphones can be very susceptible to viruses because of the fact that you can literally side-load applications and games which may have been infected on your device.

Even though Google Play Protect, which is essentially Google’s own Anti-virus service to detect malicious applications is there to help, sometimes, many of these malware can slide under the radar without the former knowing what’s happening behind the scenes on your smartphone.

With applications dedicated to simply rooting out malicious software and applications, the need for anti-virus applications becomes a very necessary tool to safeguard your data on your Android smartphone.

And if you think because you don’t visit malicious websites, think again. Your smartphone can literally be hacked via a spam email message or even a text message. You can also be hacked via community Wi-Fi.

The point is that as technology continues to evolve so are blackhat hackers. So it’s always good to be a step ahead in the…

Source…

What is Antivirus software? Getting started with PC security

/in


As our lives become more and more digital, keeping our information and devices secure has become more important than ever. And that starts with good security software. An antivirus program is a piece of software that keeps your computer (or phone, tablet, etc.) safe from other software that tries to attack it. This includes detecting and blocking viruses, a very specific type of program, but also a wide variety of other digital threats.

PCWorld is constantly covering the latest news in viruses and other threats, and how to defend against them. For the best antivirus software in 2023, be sure to check out our extensive roundup of the best antivirus programs.

What is a computer virus?

To understand what antivirus software does, you need to know what a computer virus is. “Virus” in this context has a broad definition, but to put it simply, it’s a program that gets installed on your computer, then automatically spreads itself to other computers across a network or the internet, mimicking the spread of a biological virus spreading through an organism’s cells.

What precisely a virus does depends on the specific virus, but it’s never good. In the early days of personal computers, a lot of viruses were designed merely to damage your computer for the sake of pure mischief. The famous “ILOVEYOU” virus spread through email downloads and merely overwrote files on the hard drive with junk data, until the computer became unstable and had to be completely wiped.

Then there are viruses designed to take remote control of your computer, often without you realizing it, in order to create a secret network called a “botnet.” Botnets like MyDoom can be used to spread spam or scams, or attack other computers with distributed traffic designed to shut down web services.

Someone using a desktop PC

Dominik Tomaszewski / Foundry

But the most insidious and personally dangerous type of virus, and the more common one in the modern world, is designed to steal from users themselves. This can be done several ways. A “spyware” or “spybot” program searches the files on your computer for your personal information like login passwords or bank accounts, while “ransomware” locks…

Source…