On Monday (3rd of July), it was discovered that CIA still had some tricks up their sleeves. Naturally, Wikileaks felt the urge to publicly disclose such valuable information and make sure that everyone would be aware of the improper activity that CIA initiated. According to the leaked manual, Central Intelligence Agency had a plan to inject harmful applications into vulnerable Linux operating systems. The malware was generated to have the capacity of redirecting devices’ traffic to the servers that belonged to CIA. Thanks to this seemingly-minor modification, the agency was able to spy on users and stay informed about every user’s move online. While the manual reveals the purpose and other important details about the CIA’s plans, it is still unknown how the malware was implanted into Linux operating systems. It has been distinguished that the most common distribution techniques are not relevant. More at: 2-viruses.com.
On the same day we have noticed that Launchpage.org virus is on the rise again, especially among users speaking Spanish or Portuguese, as we have received various questions and complaints about El virus Launchpage.org and vírus Launchpage.org. It is a typical browser hijacker – advertised as useful and free tool that can enhance web browsing experience, but in reality just displaying sponsored content in order to make money. If you have noticed that it is operating on your computer, we suggest to eliminate it right now. More at: 2-viruses.com.
On Tuesday (4th of July), we wished to announce about a new flaw in WordPress publishing platform which could lead to a successful SQL injection into websites. It appears, that WordPress Statistics was the bugged plugin: if your website has this provider of statistical information about domain’s web traffic, we urge you to install its latest update. This renewal of WordPress Statistics should be treated as crucial. Why? Websites that have this plugin installed but do not receive a necessary update, will be an easy-game for hackers to attack. SQL attack can allow a hacker to procure privileges of an administrator. This means that a crook will be allowed to steal and modify information, or completely. disrupt the functionality of a vulnerable webpage. More at: 2-viruses.com.
Startfenster.de – german version of startfenster.com virus is beginning to spread in Germany again. It is yet another homepage hijacker, that might look like a useful tool at a first sight, but won’t bring any actual value to users. Vice versa, it can cause some cyber security problems therefore using this website is considered to be dangerous. If you have have encountered this browser hijacker on your internet browser and have no idea how to get rid of it, you can read our issue regarding this topic and solve this problem. More at: 2-viruses.com.
On Wednesday (5th of July), we debated whether installing a Creators Update for Windows 10 operating system was a clever idea. You might have already the endless concerns that users had about the Windows OS. Almost anyone can agree that Microsoft pushed this new OS more forcefully than it is appropriate. In many cases, devices were updated to the newest version even though a user had not provided permission. Creators Update was created for the purpose of putting these concerns to bed. Recently, Microsoft started to urge people to install the update. Before that, the corporation recommends that people would review their Privacy Settings and readjust anything that is not to their liking. Users can refuse the automatic installation of Creators Update five times: after that, the old Privacy Settings will remain and the update will be prepared. More at: 2-viruses.com.
Also on Wednesday the Internet was stormed by the video from the Ukraine – take a look at it yourself –
In this video you can see how Ukrainian special forces raid the office of software company that is believed to be related to NotPetya ransomware virus. The virus was implemented into the update of M.E.Doc software and a company seen on the video called “Intellect Service” contributed to the delivery of mentioned update. More at: thehackernews.com.
On Thursday (6th of July), we discovered news about the NotPetya ransomware infection. M.E.Doc service was forced to give in their servers to respectable authorities as appropriate investigation could be commenced. It is already known that a dubious update for M.E.Doc was the one to deliver NotPetya infection. Hackers were able to release a tainted update because of a backdoor in the services. From the looks of it, this attack was in no way random and crooks had some time to prepare for it. In addition to this news, Thursday was marked with a fact that creators of NotPetya were caught sending bitcoins to specific services. This was probably an attempt to retrieve the revenue they managed to receive from NotPetya victims. In addition to that, their attempts to sell the private key of the user-mode encryption module. More at: 2-viruses.com.
On Friday (7th of July), it was announced that the creators of Petya, the original version, released a master decryption key to recover files that were encrypted by a list of Petya variants. This includes such variants like GoldenEye and Mischa. Since NotPetya is not generated by the same people that introduced the authentic version, the released master key is not in any way beneficial to the victims of NotPetya. Nevertheless, the authenticity of the private decryption key has been confirmed. More at: tomshardware.com.