Virus and spyware cleaning services Archives - CVTF Studios.net

15000 compromised servers

admin — Thu, 04 Jan 2018 17:56:38 +0000

Technical Writer, Security Blogger and IT Analyst.

She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Link: https://thehackernews.com/2017/05/cryptocurrency-mining-botnet.html

A new botnet consisting of more than 15,000 compromised servers has been used to mine various cryptocurrencies, earning its master around $25,000 per month.

Mining cryptocurrencies can be a costly investment, as it requires an enormous amount of computing power, but cybercriminals have found an easy money-making solution.

Dubbed BondNet, the botnet was first spotted in December 2016 by GuardiCore researchers, who traced back the botnet malware developer, using online handle Bond007.01, to China.

According to the GuardiCore researchers, Bond007.01 is currently using BondNet for mining cryptocurrencies

— primarily Monero, but also ByteCoin, RieCoin, and ZCash

— but they warn that the hacker could easily take full control of compromised servers for malicious purposes, like mounting Mirai-style DDoS attacks.

BondNet’s Botnet Infrastructure

One thing that’s worth noticing is that the botnet operator does not use all infected machines for mining cryptocurrencies. The operator has built its botnet infrastructure of compromised servers with various roles:

1. Some infected machines serve as scanning servers to check for vulnerable systems on the Internet by going through a list of IP addresses with open ports that have been compiled with the WinEggDrop TCP port scanner.

2. Some servers are used as file servers to host the mining software.

3. Other infected servers are turned into command-and-control (C&C) servers after they have been equipped with a fork of goup — a small open source HTTP server written in Golang.

“Building an attack infrastructure on top of victim machines helps conceal the attacker’s true identity and origin of the attack,” the GuardiCore researchers explained in their report published Thursday.

“It also provides high availability infrastructure, which is very helpful when relying on compromised servers, providing infinite backup options in case one of the servers fails or loses connectivity to the internet.”

BondNet has already infected more than 15,000 server machines at major institutions around the world, including high-profile global companies, universities, and city councils, while the majority of them runs Windows Server 2008 R2.

Additionally, the BondNet botnet adds around 500 new machines to its network each day, and an approximately the same number of servers are delisted.

Here’s How to Detect the Threat and How to Mitigate:

To prevent your machines from getting hacked, server admins are advised to secure their systems by regularly applying security patches for all software, updating the firmware, and employing stronger passwords.

Meanwhile, GuardiCore has also provided network and file indicators of compromise systems to help server administrators check whether their machines are among compromised ones.

The researchers have also released a detection & cleanup tool (registration is required to download it) to help admins find and remove BondNet bots from their servers, as well as instructions on how to clean the system manually, without using the script.

The post 15000 compromised servers appeared first on CVTF Studios.net.

Two critical vulnerabilities in Foxit Reader

admin — Tue, 03 Oct 2017 11:50:23 +0000

Using Foxit Reader? You might be vulnerable to network breaches
Desktop Central | August 25, 2017 | 2 min read

Cybersecurity and cyberattacks have become prominent topics lately. No matter how much you secure your network, vulnerabilities continue to emerge for different operating systems and applications. Most recently, security professionals have discovered two critical vulnerabilities in a third-party PDF reading application called Foxit Reader. These vulnerabilities allow hackers to execute arbitrarily-defined code on a user‘s computer when Foxit Reader is used without Safe Reading Mode enabled.

Two critical zero–day vulnerabilities

On August 17th, researchers Steven Seeley and Ariele Caltabiano discovered two vulnerabilities in Foxit Reader:

1. CVE-2017-10951, which acts as a command injection bug that resides in the app.launchURL function and executes strings provided by hackers. This vulnerability is mainly due to improper validation.

2. CVE-2017-10952, which exists in the saveAs function and allows hackers to execute an arbitrarily–specified file on user computers. If the arbitrary file is modified, then hackers can modify anything on the end user’s computer. Steven Seeley has tested a proof of concept and published it on Zero Day Initiative.

How can you keep Foxit Reader safe?

1.Take precautions: Avoid downloading attachments from email addresses you don’t know. Opening a PDF from a nefarious sender could compromise your entire system.

2.Manually change settings: Whether you’re using Foxit Reader or Foxit Phantom PDF, go to the settings menu and enable Safe Reading Mode and uncheck Enable JavaScript Actions.

3.Employ automatic patch management: Doing all the ground work manually is tiresome and complicated, especially since the number of vulnerabilities per application continually increases. Regularly updating your network is one of the best ways to remain free from zero-day vulnerabilities. Stay vigilant by employing patch management software like Desktop Central, which manages and deploys patches automatically.

How can ManageEngine help?

ManageEngine offers two types of support for these Foxit Reader vulnerabilities:

1.Patch deployment

Desktop Central can patch Windows, Mac, Linux, and over 250 third-party applications, all from a central location. We have released an update specifically for Foxit products to automatically enable Safe Reading Mode in Foxit PDF applications.

2.Registry configuration

With Desktop Central, you can deploy specific registry configurations, including the Foxit-specific keys below, to managed computers.

Key for enabling Safe Reading Mode:
HKEY_CURRENT_USER\Software\Foxit Software\Foxit Reader 8.0\Preferences\TrustManager
bSafeMode=1 (Enable Safe Reading Mode)
bSafeMode=0 (Disable Safe Reading Mode)

Key for unchecking Enable JavaScript Actions:
HKEY_CURRENT_USER\Software\Foxit Software\Foxit Reader 8.0\Preferences\Others
bEnableJS=1 (Enable JavaScript Actions)
bEnableJS=0 (Disable JavaScript Actions)

Start using Desktop Central today to evade vulnerabilities and breaches happening across any third–party application.
Related posts :

The post Two critical vulnerabilities in Foxit Reader appeared first on CVTF Studios.net.

Discover our virus and spyware cleaning services

admin — Fri, 01 Aug 2014 13:40:30 +0000

Discover our virus and spyware cleaning services

Clean virus infected websites within 24-48hrs.

We charge by the hour for system maintenance work.

Clean infected website(s) £45.00 per hr
Client must provide clean backups of website(s)

Except system backups in most backup formats – zip, rar, iso etc

We are able to inoculate most infected websites, whether database or filesystem in most cases.

Because infections vary so widely and each case differs, we will have to evaluate the issue before we can give a quotation for the work to be performed.

GET YOUR PROTECTION HERE…

[button type=”rounded” style=”border” size=”large” fullsize=”no” color=”#ed9e36″ align=”left” link=”https://cvtfstudios.net/product/clean-virus-infected-websites/” id=”web-cleaning-services”]Get your Web Cleaning Services HERE[/button]

The post Discover our virus and spyware cleaning services appeared first on CVTF Studios.net.