Apple Forsakes QuickTime For Windows, Stops Security Patches

quicktime security issue

quicktime security issue

Looks like Apple has given up on its QuickTime media player for Windows – for good. It’s been a long time coming and the company will no longer be issuing updates for the media player. Security vendor Trend Micro is urging QuickTime for Windows users to uninstall the program after finding two zero day vulnerabilities on it. Here are the details.

QuickTime comes with OS X and it has been available for download for Windows operating systems for some time although Apple never officially supported the software for Windows 8 and 10. The company has now ceased providing updates for QuickTime for Windows which is particularly concerning for existing users given there are known securities on it that won’t be patched.

This is why Trend Micro is recommending QuickTime for Windows users to uninstall the media player. The security company has identified two critical vulnerabilities affecting the program. Here’s what Trend Micro had to say about the security flaws:

“We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it.”
There are plenty of alternative media players to QuickTime such, such as VLC, so users who do uninstall it won’t be left in the lurch. Full instructions on how to uninstall QuickTime for Windows can be found onApple’s support page.

 

Windows 10 FREE Upgrade For A Year!

At today’s Windows 10 press event Terry Myerson, Microsoft’s Executive Vice President of Operating Systems, announced that Windows 10 would be a free upgrade for all user’s of Windows 7, Windows 8.1, and Windows Phone 8.1 who upgrade during the first year of launch. This is a significant move by Microsoft and aims to deliver the OS into as many hands as possible. This is especially profitable for coporations who typically take a long time to upgrade to new versions in order to ensure compatibility with legacy programs and procedures. By providing a free upgrade path, the cost savings may be to large for organizations to ignore.

windows-10

A New Ransomware Called CoinVault Has Been Released!

CoinVault is a new ransomware from the same family as CryptoGraphic Locker. Once infected, CoinVault will encrypt all of your data files and then demand a .7 bitcoin ransom to decrypt your files. If you do not pay the ransom within 24 hours, the ransom price will increase.

coinvault virus

When you become infected with CoinVault it will configure itself to start automatically when you login to Windows by setting an autostart in the Registry called Vault. The application will then scan your drives for data files and encrypt any that are detected. It will store the path to each file it encrypts in the %Temp%\CoinVaultFileList.txt file. The file extensions that CoinVault targets are:

.odt, .ods, .odp, .odm, .odc, .odb, .doc, .docx, .docm, .wps, .xls, .xlsx, .xlsm, .xlsb, .xlk, .ppt, .pptx, .pptm, .mdb, .accdb, .pst, .dwg, .dxf, .dxg, .wpd, .rtf, .wb2, .mdf, .dbf, .psd, .pdd, .pdf, .eps, .ai, .indd, .cdr, .dng, .3fr, .arw, .srf, .sr2, .mp3, .bay, .crw, .cr2,.dcr, .kdc, .erf, .mef, .mrw, .nef, .nrw, .orf, .raf, .raw, .rwl, .rw2, .r3d, .ptx, .pef, .srw, .x3f, .lnk, .der, .cer, .crt, .pem, .pfx,.p12, .p7b, .p7c, .jpg, .png, .jfif, .jpeg, .gif, .bmp, .exif, .txt

When it has finished encrypting your data it will then display a ransom screen that explains how you can pay a ransom to decrypt your files. Each infected user will also be assigned a different bitcoin address to make it harder to monitor payments for this malware. Unlike most other ransomware, CoinVault does not use a decryption site and instead the malware itself acts as the decrypter and payment system. This infection will also terminate almost all executables that are started to make it harder to remove.

Finally, this infection will change your Windows wallpaper to the background below:

coinvault virus wallpaper

BEWARE Of CryptoWall 2.0 VIRUS

What is CryptoWall?

The CryptoWall ransomware virus infiltrates users’ operating systems via infected email messages and fake downloads (for example, rogue video players or fake Flash updates). After successful infiltration, this malicious program encrypts files stored on users’ computers (*.doc, *.docx, *.xls, *.ppt, *.psd, *.pdf, *.eps, *.ai, *.cdr, *.jpg, etc.) and demands payment of a $500 ransom (in Bitcoins) to decrypt them. Cyber criminals responsible for releasing this rogue program, ensure that it executes on all Windows versions (Windows XP, Windows Vista, Windows 7, and Windows 8). CryptoWall ransomware creates DECRYPT_INSTRUCTION.txt, DECRYPT_INSTRUCTION.html, and DECRYPT_INSTRUCTION.url files within each folder containing the encrypted files.

These files contain instructions detailing how users may decrypt their files, and on use of the Tor browser (an anonymous web browser). Cyber criminals use Tor to hide their identities. PC users should beware that while the infection itself is not complicated to remove, decryption of files (encrypted using RSA 2048 encryption) affected by this malicious program is impossible without paying the ransom. At time of research, there were no tools or solutions capable of decrypting files encrypted by CryptoWall. Note that the private key required to decrypt the files is stored by the CryptoWall command-and-control servers, which is managed by cyber criminals. Therefore, the ideal solution is to remove this ransomware virus and then restore your data from a backup.

Screenshot of a message presented within the DECRYPT_INSTRUCTION.txt, DECRYPT_INSTRUCTION.html and DECRYPT_INSTRUCTION.url files:

cryptowall decrypt instructions

Ransomware infections such as CryptoWall (including CryptoDefense, CryptorBit, and Cryptolocker) present a strong argument to maintain regular backups of your stored data. Note that paying the ransom as demanded by this ransomware is equivalent to sending your money to cyber criminals – you will support their malicious business model and there is no guarantee that your files will ever be decrypted. To avoid computer infection with ransomware infections such as this, express caution when opening email messages since cyber criminals use various catchy titles to trick PC users into opening infected email attachments (for example, “UPS Exception Notification”). Research shows that cyber criminals also use P2P networks and fake downloads, which contain bundled ransomware infections to proliferate CryptoWall.

Message presented in DECRYPT_INSTRUCTION.txt, DECRYPT_INSTRUCTION.html and DECRYPT_INSTRUCTION.url files:

What happened to your files?

All of your files were protected by a strong encryption with RSA-2048 using CryptoWall. More information about the encryption keys using RSA-2048 can be found here: en.wikipedia.org/wiki/RSA_(crypto system)

What does this mean?

This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen?

Especially for you, on our server was generated the secret key pair RSA-2048 – public and private. All your files were encrypted with the public key, which has been transferred to your computer via the Internet. Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do?

Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed. If you really value your data, then we suggest you do not waste valuable time searching for the solutions because they do not exist.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:

1. hxxps://kpai7ycr7jxqkilp.torexplorer.com/3koe
2. hxxps://kpai7ycr7jxqkilp.tor2web.org/3koe
3. hxxps://kpai7ycr7jxqkilp.onion.to/3koe

If for some reasons the addresses are not available, follow these steps:

1. Download and install tor-browser: hxxp://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: kpai7ycr7jxqkilp.onion/3koe
4. Follow the instructions on the site.
Update 2014 October 2 – Cyber criminals have updated CryptoWall ransomware which is now known as CryptoWall 2.0 While the core elements of this ransomware is left unchanged cyber criminals have applied these updates:

Cyber criminals responsible for releasing CryptoWall 2.0 now uses their own Web-to-TOR gateways (pay2tor.com, tor2pay.com, pay4tor.com and tor4pay.com) – this allow them to stay hidden from authorities.
CryptoWall 2.0 creates a unique bitcoin payment address for each victim (original version used one bitcoin payment address for all compromised computers).
The new version deletes original data files – victims no longer can use data recovery tools to regain control of their encrypted files.
Screenshot of CryptoWall 2.0 ransomware:

cryptowall20-ransomware

cryptowall 2.0 ransomware

Screenshot of an infected email message used in CryptoWall distribution:

cryptowall-ups-spam

cryptowall distribution through UPS spam emails

Text presented in the infected email messages:

From: UPS Quantum View [auto-notify (at) ups.com]
Subject: UPS Exception Notification, Tracking Number 1Z522A9A6892487822
Discover more about UPS: Visit ups.com
At the request of the shipper, please be advised that delivery of the following shipment has been rescheduled.
Important Delivery Information
Tracking Number: 1Z522A9A6892487822
Rescheduled Delivery Date: 14-April-2014
Exception Reason: THE CUSTOMER WAS NOT AVAILABLE ON THE 1ST ATTEMPT. A 2ND ATTEMPT WILL BE MADE PACKAGE WILL BE DELIVERED NEXT BUSINESS DAY.
Shipment Detail: 1Z522A9A6892487822

A New Internet Explorer Security Flaw Leaves One-Quarter Of Web Browsers Vulnerable

APRIL 27, 2014

More bad news for online security, especially if you use Internet Explorer to browse the web.

Last night, Microsoft announced that all versions of Internet Explorer have been affected by a “zero day” security flaw (a “zero day” flaw is a vulnerability that gives victims zero days of warning before attack). According to the security company FireEye, the flaw leaves 26.25% of the browser market vulnerable to attack. This, of course, comes just weeks after the OpenSSL flaw Heartbleed left over two-thirds of the internet vulnerable to potential attacks.

Plainly speaking, the flaw allows attackers to corrupt and steal data after users are lured to fake websites, meaning anyone using Internet Explorer should be extra vigilant clicking suspicious links that might come through email or other spam sites.

 

Here’s a description of the flaw according to Microsoft’s Tech Security Center:

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

So far, Microsoft says it’s only seen “limited, targeted attacks” as a result of the vulnerability, with most of the attacks coming through IE versions 9 and 11. The company hasn’t released a patch for the flaw yet, but we will continue to update when one becomes available.

Correction: A previous version of this story cited an Adobe security patch as a fix for the Internet Explorer flaw. That patch was unrelated to the specific Internet Explorer error. So far, no patch has been issued.

Ransomware Programs

Ransomware Virus Programs

A Ransomware Program is a program that literally ransoms the data or functionality of your computer until you perform an action, which is typically to purchase the program or send someone money. Don’t panic nothing about this is true or going to get you into trouble call us now to schedule a Virus Removal!

Detailed description:

FBI Virus

 Ransomware are programs that take your computer hostage in order to force you to give them money so that your computer operates properly again. These programs typically change the behavior of your computer in the following ways:

  •  Make it so that you can not execute programs other than ones required to pay the ransom.
  •  Terminate any non-essential programs that may be running.
  •  Encrypt your data so that you can no longer access it or open it with programs.
  •  Remove your ability to browse the Internet other than to locations that will allow you to pay the ransom

Once you pay the requested ransom, the criminals may send you a code that you can input into the Ransomware program that will then allow you to use your computer or decrypt your data. In some situations, though, even if you do pay the ransom, the criminals will just take your money and run, with you being left with your problem unresolved.

Homeland Security Virus

 Though the loss of your data and computer can be devastating, sending the ransom could be even more so. Depending on how the criminals want you to pay the ransom could put you at risk for Identity Theft as the information you send may contain personal information. Therefore, we suggest that you never pay these ransoms as in almost all situations a solution will be found that will allow you to remove the ransomware or restore your data without you having to pay the ransom. Therefore, if you ever run into a ransomware, please do not send the payment, and instead you should ask around in our forum or research your situation through Google, as the answer will most likely be published or at least being worked on.

24×7 Help

24×7 Help

Remove ProgramThis Add or Remove Programs entry corresponds to a program that is either malware, installs malware, or is bundled with malware.

24x7 Help Icon

Description: Uninstall Programs entry for 24×7 Help. This program is commonly installed with other free software and promotes its remote support and security products.

It is advised that you uninstall this program from your computer due to the above reasons. If this program gave you the option to not install the malware or adware during setup, and you chose that option, then it should be safe to leave the program installed. Please note that not all programs listed here will actually be uninstalled when you attempt to do so.

In situations like this it is advised that you bring your computer into us to receive proper help cleaning your computer without causing any instability issues with your PC.

 

Uninstallation Command: C:\ProgramFiles\24x7Help\unins000.exe

AntivirXP08

AntivirXP08

 

Remove ProgramThis Add or Remove Programs entry corresponds to a program that is either malware, installs malware, or is bundled with malware.

 

Antivirus XP 2008

Description: Add or Remove Programs entry for Antivirus XP 2008. Antivirus XP 2008 is a rogue anti-spyware program that displays fake results to scare you into purchasing their software.

It is advised that you uninstall this program from your computer due to the above reasons. If this program gave you the option to not install the malware or adware during setup, and you chose that option, then it should be safe to leave the program installed. Please note that not all programs listed here will actually be uninstalled when you attempt to do so.

In situations like this it is advised that you bring your computer into us to receive proper help cleaning your computer without causing any instability issues with your PC.

Uninstallation Command: C:\ProgramFiles\rhcnkrj0etfg\uninstall.exe