We have already emphasized enough on the importance of updates for computers regularly, in our previous articles. However, in the past few months the number of updates have been growing oddly burdensome to the average user. The number has grown to such extent that keeping up with the updates is turning into a second job. The Patch Tuesday is no more significant as you may expect a critical security update releasing today midnight or a set of updates the next day, giving you no time to plan. You miss them and might fall prey to the security breach – and the software vendor will simply point out your failure of not staying updated.

The software vulnerability and the updates
The updates are too technical to understand. But in simple words – a software, like the windows or the browser, is made of millions of lines of programming code. The more the features in the software, the more it adds upto to the programming code. Errors are inevitably made, while typing out these millions of lines or patching them to work together, thus leaving vulnerabilities in the software. Hackers, these days, have become more sophisticated in finding out these vulnerabilities proactively. The software vendor also works proactively to patch up the vulnerability before the hacker exploits it. These patches are released as security updates of the software.

Increasing number of updates
For the lack of a better metric lets compare the number of security bulletins released for Windows between January and April in the past 3 years, respectively. It was 16 in 2009, 29 in 2010 and 34 in 2011. As you can see, they kept increasing every year. This is not the case with just Windows. A typical Windows user will be using the following applications in common:

• Mozilla Firefox
• Mozilla Thunderbird
• Adobe Flash
• Adobe Reader
• Java Console
• Google Chrome
• And then an antivirus or a PC protection software

And all these applications are as vulnerable as the Windows itself. And their vendors are also as proactive to release patches. And every time each of them releases an update the user will have to first download it from Internet and then patch it up with the main application. Of course each of them has a user friendly mechanism to update, but do you know what it takes to patch them all? Apart from time taken to patch, they will also consume your broadband till they are downloaded and the CPU memory till they patch up. The average sizes of each of these software updates and the number of times they were released this year are as follows:

• Mozilla Firefox – 1.6 to 2.8 Mb (Updated 4 times in 2011 till date)
• Mozilla Thunderbird – 1.6 to 2.8 Mb (Updated 3 times in 2011 till date)
• Adobe Flash – 2.0 to 3.0 Mb (Updated 4 times in 2011 till date)
• Adobe Reader – 10.0 to 18.0 Mb (Updated 1 time in 2011 till date)
• Java Console – 17.0 Mb approximately (Updated 2 times in 2011 till date)

Windows updates range from 17 Mb to around 900 Mb and above. Google Chrome is little tricky to measure. It is even little creepy to have an application like Chrome that connects to its maker, downloads and patches up – all by itself, without even the knowledge of the user. But it still consumes your broadband and CPU memory.

The antivirus or PC protection software updates are little different from the above. They download security definitions everyday. Few vendors like Norton Internet Security, provide real time updates which keep updating more than 10 times a day. However, if all the software applications installed in your PC are perfect, why will one require to maintain a PC protection software or update its definitions daily.

Overall, we can see that lots of time and energy of the user is consumed here, apart from the broadband. In previous year, a report released by Secunia says that a typical Windows user patches for every 5 days. The days might remain the same, but the amount of time taken has definitely increased. Few times, multiple updates may come up within one week itself.

More and more people are finding it uncomfortable to track and do the updates continuously. Where could be the actual problem? Are the hackers getting intelligent or the software vendors getting stupid? Whatever it may be, the updates job is very exhausting and getting even worse.

A person may be using a genuine operating system, applications and of course a world class antivirus software – all of them purchased for few thousands of rupees or hundreds of dollars and nothing for free. But still he is not 100% safe in the wild west of Internet today. Because it is not just virus, trojan or any such malware – it is social engineering.

With the robust and genuine software and hardware security applications the cost of computing is going too high. The vendors are no more struck in pleasing their consumers with just the usability features. They have tightened the technology and even releasing numerous updates though they seem overwhelming to their customers. In this kind of situation, finding out new vulnerabilities in software and them trying to exploit them with viruses and trojans are not viable for the hackers. It is here where they figured a new strategy – exploiting the weakest link of a sturdy technical security system. Guess who? The human of course… It can be the administrator of the PC or a corporate network. Even luring a small employee of a corporate network into downloading something infects the network.

Kevin Metnick, a security consultant, mentions in his CSEPS Course Workbook that it is much easier to trick someone into giving a password for a system than to spend the effort to crack into the system.

Social engineering explained
The concept of Social Engineering is to directly trick the user of the computer to download malware or to reveal sensitive information under the auspice that they are doing something perfectly innocent. The task is too simple and many fall out for it for the lack of awareness on the scams being played on.

With a world class antivirus that gets 1st rank in all AV-tests and a best team releasing realtime AV definitions everyday or a robust firewall from the industry leader, is simply not helping the administrator of the computer. Because it is himself who is infecting the PC. The job of the attacker is to simply lure him to do it. However, it may not be downloading malware that the attacker wants every time. He may just lure the user into giving away some sensitive information. It ranges from SSN to credit card number.

The hacker hijacks a genuine domain or creates a genuine-looking one by himself. It is a part of website spoofing. Once the user enters the domain they are either lured into providing their personal details or download something. Selling scareware is also a part of social engineering. In fact Google reported that 90% of all domains involved in distributing fake antivirus software used social engineering techniques.

Why your antivirus can’t keep up?
Each hacker holds a number of domains under him. If one is identified and taken down, the other goes up. The malware mutation used here is also rapid. Though you have the latest version of antivirus called Internet security suite, it may be too late before the vendor identifies and releases a fresh virus definition. Microsoft has gathered information about few billions of downloads over the past two years, and roughly 1 out of every 14 program downloads are later identified as malware. In few cases, just clicking on the background of the malicious site will initiate a download.

Anti social engineering: Should it be from your computer and AV or You?
You computer security is only as robust as your security awareness. Any computer, be it running on Windows XP, Vista or Windows 7, the software will not allow any data to enter your system unless you permit it by initiating its download. And if somebody tries upload any corruptive data to your system, it wouldn’t work because you never initiated it in the first place.

The popular browsers today are designed not to download blindly anything, even if it is initiated by the user himself. The browser does its job perfectly by alerting the user with details of the initiated download. (You might remember the classic pop up of the browser with a OK and Cancel options on it.)

But the hacker is clever enough to give a set of instructions including a message saying “You will receive a warning about this control. Ignore the warning and click OK”. The user unaware of the situation clicks OK and downloads the malware. The PC is now infected under the full authorization of its administrator.

In other situation, the user might get an email saying its from his bank (email spoofing from the hacker) informing that he has withdrew a huge amount from his account and a link to site what looks like his banking website. The scared user is now tricked into typing his account details and the password. In the next few hours, the account gets emptied by the hacker.

Most of the social engineering techniques run in the same way. Agreed that genuine antivirus is required to protect your PC, but it is not designed to tackle situations like this.

Here are few tips that help you help from preventing social engineering to some extent:

• The awareness of the user is the key here. Keep yourself updated on the online scams.
• Avoid using administrator privileged account for PC, unless for updating the security patches.
• Beware of unknown websites and emails that prompt you for personal information.

Most of the people fall victim for social engineering tactics either out of stupidity or greed. And unfortunately, we don’t have patches or hot-fixes for either of them. The person should also have a proper mindset to deal with social engineering tactics. A mature person is less likely to get enticed and fall for online scams.

Today almost every user browsing Internet is at risk. The increase in threats related to social networking sites, banking security, botnets, and attacks targeting users, businesses, and even applications made Internet a risky landscape. Many industry consultants and analysts refer Internet as ‘Wild West’ because of its huge insecurity, where nobody or no website can be trusted. Every year, cyber crime costs billions of dollars to repair systems hit by attacks and loss in productivity because of disruptions. According to the Federal Bureau of Investigation (FBI), consumers and businesses lost $5.8 billion in 2009 due to cyber crime.

Risks increased exponentially
Today, any user can get affected by cyber threats through browsing, searching or merely visiting legitimate sites than ever before in the Internet history. Malicious web links are sprouting at a rapid pace. According to CA Internet Security Business Unit (ISBU), 78% of threats came from online interaction during the first six months of 2009. IBM’s ‘X-Force 2009 Mid-Year Trend and Risk Report’, states that there was more than 500% increase in new malicious web links in the first six months of 2009. The vulnerability towards the threats seems to have reached the peak point. In the first half of the year 2009 alone, nearly 3,240 new vulnerabilities were discovered.

New threats
With the evolution of web based communities and explosion of Internet services, users are spending more time online and engaging in social networking activities on the Internet than ever before. This is resulting in new threats that exploit these services and communities. When a reputed website hosts third-party content, users often let down their guard while following hyperlinks in the third-party content or installing applications offered by them. Malware authors follow social networking buzz and the most popular activities online to attack the users. They are always ready to exploit significant and popular news stories to trap the netizens. Thus many people become victims of cyber traps.

The attackers are constantly upgrading their tools to attack the unwary users. This criminal activity is scaling new peaks constantly. According to IBM, the SQL injection attacks almost doubled from first quarter to second quarter of 2009. Through SQL attacks, malicious code is injected into genuine web sites to infect the visitors.

For the past few years, Botnets are the primary tools for many cyber criminals. They are always a challenge to the cyber security professionals as it is very difficult to track them down. Botnets can launch almost every type of cyber attack including data exfiltration, sophisticated espionage, and spam.

Targeted attacks
Although targeted attacks were rare earlier, they are seen often these days. Apart from the common people, top management of companies, governments, industries and even journalists are being targeted for private information. Emails with Malware attachments is the popular and preferred method for targeted attacks. According to CA (ISBU), 17% of the infections are distributed through E-mail. There is also an increase in attacks targeting client software using Adobe products including Flash and Acrobat Reader.

Criminals are adapting more effective methods to target online banking system. Trojans are the result of new tactics that go beyond the simple key logging-with-screenshots efforts, which prevailed earlier. CA (ISBU) reported that Trojans were the most common threats representing 71% of the total infections in the first half of 2009. When it comes to Phishing, IBM says that 66% of the phishing attacks targeted financial industry and 31% targeted online payment in the first half of 2009.

Over the years, Internet security issues have been growing. Initially, virus was the only problem. Later with the explosion of Internet, many newer threats have evolved increasing the security vulnerability such as malicious domains or untrusted web sites, presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, mainstream news sites and online magazines. Today you are in a high-risk zone as soon as you are online. It is always advisable to be alert while you are browsing.

Many new and sophisticated threats are spreading fast online that can infect your computer. IBM calls the Internet as ‘Wild West’. Risks have increased exponentially. According to its X-Force 2009 Mid-Year Trend and Risk Report, the problem is no longer limited to virus or malicious domains or suspicious websites. There has been increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal web sites, mainstream news sites and online magazines.

However, the pricing trends are changing in India as some new PC security software companies like Kaspersky and old horse Norton offering PC security suites at reasonable prices.

The following is a brief description about these Internet security suites-

Kaspersky Internet Security 2010
Kaspersky provides more than what you expect from a security suite for the price you pay. Some of its salient features are:

• It has a unique safe run mode for potential threatening applications or websites
• It gives full picture on programs installed on your system through
• It warns you about infected or unsafe websites
• It has a secure virtual keyboard to protect from identity theft

Kaspersky priced this security suit at just Rs.350. A PC user who buys his PC at around Rs.20,000 should not hesitate to buy this software to get protected from Internet threats. This is very cheap compared to its MRP in USA i.e Rs.2746 ($ 59.95).

Norton Internet Security 2010
Norton is the best overall security suite available in the market. It is even better than Kaspersky and is a bit expensive. Some of its major features are:

• It provides up-to-the minute protection by updating every 5 to 15 minutes
• It filters unwanted email
• It blocks phishing websites and also authenticates trusted sites
• It prevents hackers from spying and stealing the information as you type

Norton Internet Security 2010 is priced at Rs.950. This is very cheap compared to its MRP in USA i.e around Rs.1557 ($33.99).

Bit Defender
If you are looking just for an anti-virus consider ‘Bit Defender anti-virus 2009’, which costs only Rs.200 and is reasonably good.

In order to protect yourself from these threats online, you also need to have original OS. But, the pricing of the OS is too high to purchase a genuine copy. The price of the Windows genuine OS software almost equals to a branded LCD monitor. In India, a majority of the PC buyers buy assembled systems rather than branded systems. They then get pirated OS and software without much hassle since many local technicians take care of this part.

Pragmatic pricing of Operating Systems: Needed for Safer Internet in India
Though the GDP and PPP in India are far less than US, there is not much difference in the prices of the PC software. The concept of PPP is to equalize the purchasing power of two currencies. For example, the price for a normal hair cut in India costs around Rs.40 but the same thing in U.S costs around $ 8, nearly Rs.366. This shows that we can get a lot better items at low cost in India. But PPP is not working with some companies like Microsoft in India.

The professional version of Windows 7 is available for Rs.12,116 ($264.49) in US, and the same in India costs around Rs.7,900 in the local market. It should be somewhere around Rs.1,500 if adjusted according to PPP. To buy a genuine operating system it costs nearly Rs.8,000 for a typical PC buyer. This is the reason why many home users in India opt for pirated versions and become vulnerable to attacks.

Though most of the PC users in India know the dire consequences of pirated software, many of them are unable to use the genuine versions as they are over priced. However, the above-mentioned PC security software companies are providing the best Internet security software in their class at a reasonable price. ‘Kaspersky Internet Security 2010’ costs around Rs.2746 in US, but it is available just for Rs.350 in India. ‘Norton Internet Security 2010’ costs around Rs.1557 in US, which costs only Rs.950 in India. The pragmatic pricing of these brands is appreciable. These kinds of initiatives encourage at least the new generation users to buy genuine software. Industry leaders like Microsoft should do a lot of rethinking on their pricing in India. After all, this is just to make Internet safer to browse.

Republished with permission from Search-marketing.in.
Read the rest of this entry »

The major factor that makes Microsoft win over Linux or Unix in OS wars, is its ease in usability. Windows has made operating computer an easy thing even for a non-techie. The reason why we still bear the vulnerabilities in Windows and Microsoft’s overwhelming patches without complaining, is definitely that you cannot get an alternative for an easily operatable OS as Windows.

However, after Windows XP, Microsoft seems to be kind of losing track somewhere. That certainly explains the failure of Vista, despite the success of its preceding version – XP. Windows 7 was released with much hype. In fact the methods used by Microsoft to shift users from Windows XP to Windows 7 seemed exotic. Still many of them, due to unbearable number of patches and vulnerabilities reported for XP, migrated to Windows 7 hoping for more security rather than improvised features.

However, after a few days you see the number of people who want to stick to XP increasing, rather than the number of people who want to shift. The reason behind this is that Microsoft has replaced many functional features in Win 7 with fancy ones. The search feature is one of them. Microsoft should have reconsidered before bluntly replacing a very friendly search box of Windows XP with the dysfunctional Win 7 search box.

Windows XP Search

Here is the list of differences between Win 7 and Win XP search:
Windows XP search feature was the best of all Windows versions. Firstly we will start with the 2 text boxes in Windows XP search (refer to the Win XP Search image given) – one for searching all or part of a file name and the other to search for a word or phrase in the file. This was replaced with a universal search box (refer to Windows 7 Search image below) which searches only the file names for the parameters given.

And what should you do to search for a word or phrase inside the file? Well thats a lengthy process where you will have to change the settings in folder options. However, after changing the settings, the search bar will start searching the contents in your files – every time, consuming lots of time and the PC process.

The date-modified criteria and the size criteria were retained in Windows 7. However, in Win 7 you cannot search for files modified between specific dates.

The More advanced options in XP with options – search system folders, search hidden files and folders, case sensitive, search tape backup were favorites of Win XP users. All these check boxes, drop down menus and radio buttons which used to help in customizing search, were replaced with nothing.

Windows 7 Search

Now Microsoft asks you to use syntaxes to narrow down your Win 7 search results. These include kind (for specifying type of file), genre, property, etc. If someone were to learn syntaxes to use Windows OS, can’t they learn syntaxes of Linux or Unix operations instead? At least they will get rid off vulnerabilities and additional work of updating Windows by doing so.

These operators often remind me the Google search operators. But Google itself is now trying to improve user-friendly interface with one-click links (refer to the Google Search image here), which will narrow the search results. We don’t understand why Microsoft, instead of improving interface, is trying to go fancy with looks and losing features.

Overall, several features were removed from Windows XP to trim down Windows 7 search box. Isn’t it the obese people that try to trim their excess fat. If a normal person becomes slim, he looks diseased. Were Windows XP search features obese? Definitely not.

If you have already shifted to Windows 7 or are forced to move to Windows 7, and are concerned about the deprived search features, you can use search software like Copernic. However, this will cost you extra, apart from the charges of an authentic license of Win 7. If you are planning to install any free software, it will be a riskier step. Thanks to the vulnerable operating systems of Microsoft.

Ultimately, if one would like to stick or shift back to Windows XP from Windows 7, the search feature will be one of the prominent reasons. Most of other changes made in Windows 7, along with the search feature, seemed to be made for the sake of change rather than for enhancing usability.

Displaying the information which is useful for your friends to search you online is equally important to limiting the visibility of the information which is more personal, which let the hackers hack your page quiet easily. Following are the few tips which helps you to make you profile page of Facebook more secured.

Besides, all the privacy setting you made for your profile there are few things which cannot be hidden by any user, that is they will be displayed for every profile. They are called as Publicly Available Information (PAI) according to Facebook, which includes full name, profile picture, gender, and networks. These things are commonly visible to any facebook user.

However, you can reduce the visibility of the remaining information by making the necessary settings. Let us see how to choose the options that makes your profile more secure.

• It is always better to use your full names which are hard for others to guess, but are easy for friends to recognize. It also limits the search results related to your usual name. Coming to the settings, ‘Search for me on facebook’ is available so that you can choose the people who can search for you. It is better to go for ‘Friends only’ if you want yourself limit to your friends.
• ‘Send me friend request’ – this option doesn’t make much difference because unless you accept the request of that person you cannot view your information. So, choose ‘any/every one’ or ‘friends of friends’ since the final decisions rests on you.
• ‘Send me a message’, ‘See my friends list’, ‘See my education and work’, See my interests and other pages’- reserve these rights only for your friends by choosing ‘Friends only’ in order to make your information more secure.
• Finally ‘see my current city and home town’ – it is better to choose ‘only me’ or not entering that info is better.

These are the few recommendations which can help you secure your account.

Read the rest of this entry »

In the security bulletin released on 12 May 2011, Adobe announced to have fixed critical Flash player bugs of version 10.2.159.1 and earlier for Windows, Macintosh, Linux and Solaris, 10.2.154.28 and earlier for Chrome and 10.2.157.51 and earlier versions for Android. These vulnerabilities could cause the application to crash and also potentially allow an attacker to take control of the affected system.

Adobe also reported to have heard about a malware exploit, through a Flash (.swf) file embedded in a MS Word (.doc) or MS Excel (.xls) file delivered as an email attachment, targeting the systems running on Windows OS. So make sure you are not opening attachments from unknown emails until you update flash.

The new versions for various platforms are as follows:

• For Windows, Macintosh, Linux and Solaris OS – 10.3.181.14
• For Android – 10.3.185.21

The Flash player for Chrome has been updated via the new version 11.0.696.68. Other users can use Flash Player Download Center to get the latest version. For Android users, the update is available in Android market place.

Adobe rates the severity of the vulnerabilities as critical and recommends to update newer versions at the earliest possible.

Read the rest of this entry »

As expected, Google released its new version v11.0.696.68, after the claims from VUPEN security researchers to have pwned Chrome. The new version of Chrome comes with the updated Adobe Flash Player 10.3.

As a reply to the claims on pwn of Chrome, security researcher Dan Kaminksy said that if VUPEN used vulnerability in Flash to bypass sandbox, then it is not the Chrome hack alone. Another security researcher from Google Tavis Ormandy said in a Twitter post that “VUPEN misunderstood how sandboxing worked in chrome, and only had a flash bug.” Google is still researching on VUPEN claims.

The new Chrome version addresses two high risk security vulnerabilities – corrects integer overflows in VSG filters and bad casts in Chromium WebKit glue and the bug fixing of Flash player plugin. Google also added the new ClearSiteData API in Chrome, so that users can manage and remove Flash cookies (Local Shared Objects).

The most secure features of Google Chrome, including Sandbox, ASLR and DEP, were simply bypassed by VUPEN security researchers. The vulnerability is for the most latest version of Google Chrome (v11.0.696.65) for Windows.

The vulnerability is found to be impacting all Windows based computers running 32 bit as well as 64 bit OS. The vulnerability was exploited by just making the user visit a specially prepared web page containing a sophisticated code that will execute various payloads to ultimately download and start any program. The program runs silently without even crashing Google Chrome after executing the payload. The program launches outside the sandbox but at medium integrity level. However, most malware today doesn’t necessarily need to have a high integrity level to run.

As the vulnerability is not publicized, Chrome users can stay out of panic.

A recent report from Websense shows the alarming rate of increase in cyber crime activity in Canada. While US still stands as the major hub of hosting phishing websites, Canada occupies second place followed by Egypt. Comparing with the Opendns report published recently on top countries hosting phishing websites in 2010, Germany falls back to forth position from second.

The following are top countries hosting phishing websites in first part of 2011 (i.e., January 2011 to May 2011):

1. United States
2. Canada
3. Egypt
4. Germany
5. UK
6. Netherlands
7. Russia
8. South Korea
9. France
10. Brazil

The intense evaluation of IP addresses in China and Eastern Europe seems to be the major reason for the shift in cybercrime activities to Canada. Canada has now jumped to #6 position in the world, in terms of hosting cybercrime, from #13 in 2010.

The anti-spam law, been introduced in Canada recently in December 2010, will come into effect from September 2011. It was the last of the G8 countries to introduce its very own anti-spam law, which addresses a number of online threats, including spyware, malware, pharming, phishing and even gives individuals the private right to sue spammers.

Read the rest of this entry »

On contrary to the gigantic updates on the previous Patch Tuesday, Microsoft has released only 2 critical updates this month – one of the lightest Patch Tuesdays in recent years.

What seems interesting here is the fix for Windows Internet Name Service, which allows the NETBIOS devices to communicate on the network. As per the bulletin MS11-035, the flaw in WINS (Windows Internet Name Service) enables malformed WINS packets to allow remote code execution attacks. The flaw is on both Windows Server 2003 and 2008 servers, but only if they are running WINS. Most of the servers these days are not running WINS anymore, as it is not considered as safe as DNS. It is not even installed by default on these operating systems. Thus, the update is for only those who installed it manually.

Another bulletin MS11-036, releases patch for two vulnerabilities in MS PowerPoint that could allow remote code execution attacks if a user opens a malicious ppt file. Though the attacker is limited to the locally logged on user’s privileges, it is important to patch this up too.

Overall, 3 vulnerabilities are taken care of with the 2 security bulletins released on this Patch Tuesday. Read the rest of this entry »

A new mutation of ransomware, which asks for reactivation of Windows, has been reported by F-secure. The user gets a blue screen, saying that the Windows license has been locked. The message screen exactly looks like the Windows screen during installation of OS. There is even a Windows logo on the top-right corner of the screen, to make the message look authentic.

It then prompts the victim to complete activation by calling one of the numbers listed on the screen and get a code. It even says that the phone call is free of charge. However, the call is not free and the victim is charged a hefty bill for the call. The hacker is paid for the call via a technique called short stopping, which involves rogue phone operators routing expensive calls to cheaper countries.

The victim is given the unlock code after 3 minutes of waiting on the call. The unlock code is found out to be 1351236 always. So, the victims can directly use this code number to unlock their PCs without calling the phone numbers.

The mutation of malware is happening very rapidly where new types of techniques are evolving to raise money for hackers. Ransomware is a mutation of scareware, where the hacker hijacks a PC by encrypting all its files and demands ransom to unlock or decrypt the files. The infected PC may not send spam mails or track sensitive information for its creator. It is worse than that.

The ransomware came into radar screen of security researchers in 2009, where a Vundo Trojan is found to encrypt all personal files and the users are asked to pay for the key to decrypt them. The earliest form of scareware just used to make people pay for useless software and fake antivirus. The hackers were able to make it sophisticated enough to hold a PC for ransom. Apart from encryption, the ransomware might just block access to all the applications of the system, asking the user to buy a license in order to fix the problem. The hacker might even entice with a 30-day-money-back guarantee message, which is false.

Techniques used to install Ransomware:
Ransomware is just one kind of malware. So all the methods been used to install it in your PC are similar to that of any virus or trojan infection. However, the actual talent of the hacker lies in making the victim to pay the ransom. Heavy techniques of social engineering are used here. The following are a few techniques used by hackers of ransomware:

• Spam emails with malicious files. The malicious files contain code that exploits the vulnerabilities in the software applications. The code then takes control of the PC denying the access to applications and files.
• The exploitation of the vulnerabilities in browser due to opening malicious web pages. Then an in-line adult advertisement, is shown in every web page the user opens. It covers main part of the web page which the user can’t get rid off. The text written on the banner will be in a foreign language. The user is also asked to send SMS to a premium rate phone number, to get special code that will make the ad disappear and also receive access to an archive of explicit videos.
• The user visiting a spoofed site may suddenly see a message that his PC is infected and to download a tool to get rid off it. The downloaded file actually contains ransomware.
• A malicious .dll file is smuggled into the PC, which manipulates the working of parental controls or Web content filtering features of the PC. When the user tries to open even legitimate sites like Youtube, Facebook, etc from browser, a message in red background is displayed saying: “Restricted Site! This web site is restricted based on your security preferences. Your system is infected. Please activate your antivirus software.” The domains will be allowed to access only of the user purchases a fake AV from the hacker.
• Another technique includes manipulation of the master boot record, preventing the booting into operating system. A message is displayed saying that the access to the PC is blocked and the user is asked to visit a site. In the site, he will be asked to pay for getting back access to the PC. However, in such cases, the user can just bypass the prompt and restore the master boot record. Rescue disks are very much helpful in these cases.
• An Instant messaging worm is found to block access to the Facebook account in the infected PC. The message looks as if Facebook itself has blocked the account. The victim is asked to complete answers for a survey within a short period of time. Amid of the survey the victim is tricked to subscribe premium rate services on their mobile phones.
• Adult websites are main hub for the malware downloads. For example, a piece of ransomware identified as WORM_RIXBOT.A, was downloaded over 137,000 times from a single adult website, in December alone. This worm prevents users from accessing their desktops and asks them to send a text message to a premium number in order to receive unlock code.
• The recent Japan earthquake also triggered few ransomware infections. The emails sent to the users contain links to fake news articles from where the malware installs in the PC. Then the access to the desktop is seized with a message claiming to be from Federal police saying that some illegal activities are discovered on PC and pay some fine within the given time of they don’t want their hard drive erased.
• The recent technique of ransomware involves display of a windows reactivation message. The victim is given a toll-free phone number for getting the reactivation code. However, the call will not be free and the hacker is paid indirectly from the victim’s pocket.

In most of the above instances, the files on the hard drive are encrypted. For decrypting the files, a private key is required from the hacker. In such cases, the users must plug off their PC, immediately after seeing the encryption message to stop further encryption of files. This makes sure to save at least some amount of data from getting encrypted. The hard drive should then be removed and installed as a secondary drive in another PC to copy unaffected files into some other storage device. Regular backups are key here to minimize the impact. The encryption can then be cracked down with the help of some security expert.