Banking Trojan 2013 statistics

 

 

The State of Financial Trojans: 2013

 

Which Revealed that over 1400 financial institutions have been targeted and compromised millions of computers around the world and the mostly targeted banks were based in the USA with 71.5% of all analyzed Trojans.

 

 According to the report, the number of infections of the most common financial Trojans grew to 300 over percent in the first 9 months of 2013. Nearly 1,500 institutions in 88 countries were potential targets during 2013.

for the last 10 years to protect customers and online transactions from threat. Over the time those remote attackers adapted to these countermeasures and sophisticated banking Trojans began to emerge.

Two Dominant attack strategies are:

* Focus attack: This approach suits attackers with limited resources but also scales well to larger operations. if the distribution is accurate and the target institution has a sizeable client base, a focused attack can provide and adequate supply of targets. Shylock, Bebloh and Tilon all use this approach exclusively.

* Broad Strokes: In this attack strategy, Trojans are set to target large numbers of institutions. Tilon, Cridex, and Gameover adopt these tactics and Zeus also uses this approach in its default configuration.

Android Gaming app that steals WhatsApp conversations

Almost every other day friends have been asking me if it is possible to steal whatsapp chat messages, my reply to them is, Yes it can be achieved with the help of malware. Many of us thought would thought that many of the internet stuff are actually safe and sound but guess what you are wrong.
anything which was encrypt can be decrypt as well :) so yeah nothing is safe on internet.

Below image shows that with Android game " balloon pop 2 " It can steals whatsapp messages.  

Understanding Cryptolocker

What is CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted



CryptoLocker will then begin to scan all physical or mapped network drives on your computer for files with the following extensions: *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c. When it finds a files that matches one of these types,it will encrypt the file using the public encryption key and add the full path to the file and the filename as a value under the HKEY_CURRENT_USER\Software\CryptoLocker\Files Registry key.
When it has finished encrypting your data files it will then show the CryptoLocker screen as shown above and demand a ransom of either $100 or $300 dollars in order to decrypt your files. This ransom must be paid using Bitcoin or MoneyPak vouchers. It also states that you must pay this ransom within 96 hours or the private encryption key will be destroyed on the developer's servers.



How to increase the time you have to pay the ransom

When the CryptoLocker is first shown, you will see a timer that states you need to pay the ransom within 96 hours. Some people have reported that you can increase the time by rolling back the clock in your BIOS. So to increase the timer by 10 hours, you would change your clock in your BIOS to 10 hours earlier. The virus author has stated that using this method will not help. They have said that the private key required for decryption will be deleted from the Command & Control server after the allotted time regardless of how much time it says is left on the infected computer.

Knowledge about WMI / Query

Dear All,

We understood that many times end users often have questions like ?
What kind of software products was installed on my workstation ?
What are the type of windows patches that was install on my workstation ?
What kind of CPU chip am I using ?
What is my motherboard serial number ?
How Many users account were created on my workstation ?

Click Here to download the document.

The purpose of this document is to help user to familiarize WMI-Command line usage. Most of the information have been simplified. Should you have more questions please revert back to GuoWen.su@softwareone.com

Microsoft Licensing Umbrella

Dear All,
 

Click Here to download

The purpose of this document is to explain to customers who are new to Microsoft Licensing terms and various types of licensing agreement and processes.
Hopefully with this document it somehow provided you a basic understanding of what is all about.
inside the document. It also provide information about Open licenses, Select + and enterprise agreements.
 
Revert if you have any questions. guowen.su@microsoft.com - making sure client feeling satisfied !

Microsoft Cloud Licensing Changes

Dear All,

As we understood that Microsoft have recently added new licensing terms into the Microsoft licensing spectrum.

So I hope with the below document it will give you some vision on what microsoft have change :)

Click Here to download

Azure Active Directory Integration Methods

Azure Active Directory -Tips to AAD Integration Features

The purpose of this document is to further assist IT cloud administrators in integrating on premises AD users profile onto cloud Azure active directory services.

 

To download the user guide -- Click Here

The above document will assist you in setting up Azure Active Directory integration. Help yourself by downloading a copy it is free of charge.
Please click on the stars if you feel that my user guide is deem helpful to you.

What is Windows Azure Active Directory?

Windows Azure Active Directory is a service that provides identity and access management capabilities in the cloud. In much the same way that Active Directory is a service made available to customers through the Windows Server operating system for on-premises identity management, Windows Azure Active Directory (Windows Azure AD) is a service that is made available through Windows Azure for cloud-based identity management.

How to establish connectivity with Azure Platform with Office365

Author: Su Guowen | Technical Evangelist | Microsoft Community Contributor
Email: guowen.su@microsoft.com
Blog: http://geeky-gw.blogspot.sg/


Tips: Follow the Red box

Note: Pre-requisite -You must have an existing O365 Subscription with Microsoft in-order to establish the connectivity.
Link On How to setup O365 -- Watch Video Here

Download the User Guide by click Here 

How many of you out there are having plans in enrolling into a Azure subscription ?

The step by step document can enable users who are having difficulties in enrolling Azure subscription.
In the document i will also show you how to ensure the O365 platform establish a connectivity with Azure Platform.
Should you have any questions. Please feedback at guowen.su@softwareone.com

Power-Shell Scripts to build Win2012 Hyper V Cluster

 
  

Power-Shell Scripts to build Win2012 Hyper V Cluster

How will it happen ?

1. A new cluster is built with no attached SAN.
2. It will perform naming on the cluster networks. Note that I’ve used converged fabrics via a virtual switch.
3. Execution via called Add-VMsToCluster which will then scan all the cluster nodes for existing VMs to make them HA mode. 
4. Add-VMsToCluster will run a workflow which will in turn add VMs to the cluster in parallel.

##########################################
# Written by GuoWen Su, geeky-gw.blogspot.com
#  
#
# Copyright
##########################################
# You may use and modify this script free of charge and without permission.
# You may not reproduce or share this script. Please forward people to this
# this page instead.
#   
Workflow Invoke-AddVMToCluster
{
Param (
[parameter(Mandatory=$true)][String[]] $VMList,
[parameter(Mandatory=$true)][String[]] $ClusterName
)
[string]$TheCluster = $ClusterName
ForEach -Parallel ($VM in $VMList)
    {
    Add-ClusterVirtualMachineRole -VMName $VM -Cluster $TheCluster
    }
# End of workflow
}
Function Add-VMsToCluster ($ClusterName)
{
$ClusterNodes = Get-ClusterNode -Cluster $ClusterName
ForEach ($AddNode in $ClusterNodes)
    {
    $VMList = Get-VM -Name * -ComputerName $AddNode
    If ($VMList -ne $null)
        {
        Invoke-AddVMToCluster -VMList $VMList.Name $ClusterName
        }
    }
# End of function
}
# The script starts here
CLS
Write-Host "Creating the cluster"
New-Cluster -Name demo-hvc1 -StaticAddress 192.168.1.61 -Node demo-host1, demo-host2 -NoStorage
Write-Host "Waiting 10 seconds for the cluster to initialise"
Start-Sleep -s 10
# This cluster is using storage provided by a Scale-Out File Server instead of traditional SAN
Write-Host "Configuring quorum to use file share witness"
Set-ClusterQuorum -NodeAndFileShareMajority \\demo-sofs1\HVC1-Witness
Write-Host "Renaming the cluster networks"
(Get-ClusterNetwork | where-object {$_.Address -eq "172.16.1.0"}).Name = "vEthernet (Host-Cluster)"
(Get-ClusterNetwork | where-object {$_.Address -eq "172.16.2.0"}).Name = "vEthernet (Host-LiveMigration)"
(Get-ClusterNetwork | where-object {$_.Address -eq "192.168.1.0"}).Name = "vEthernet (Host-Parent)"
Write-Host "Adding any existing VMs to the cluster"
Add-VMsToCluster "demo-hvc1"
####

How to “Delete administrator Password” without any software in windows 8

Step 1. Put your hard disk of your computer in any other pc .
Step 2. Boot that computer and use your hard disk as a secondary hard disk (D’nt boot as primary hard disk ).
Step 3. Then open that drive in which the victim’s window(or your window) is installed.
Step 4. Go to location windows->system32->config
Step 5. And delete SAM.exe and SAM.log
Step 6. Now remove hard disk and put in your computer.
Step 7. And boot your computer

How to delete Undeletable virus file ?

1] Open Notepad.exe
2] Click File>Save As..>
3] locate the folder where ur undeletable file is
4] Choose ‘All files’ from the file type box
5] click once on the file u wanna delete so its name appears in the ‘filename’ box
6] put a ” at the start and end of the filename
(the filename should have the extension of the undeletable file so it will overwrite it)
7] Cick save,
It should ask u to overwrite the existing file, choose yes and u can delete it as normal