Skip to main content

Posts

Showing posts from December, 2015

Trojan distributed as 8 Ball Pool game hack

The Dell SonicWALL Threats Research team has received a sample of a backdoor Trojan posing as a game hack. Cheats for games often contain malware and that might not come as a surprise to many. But as a game becomes more popular, cybercriminals take advantage of eager gamers with a promise to help unlock abilities or perhaps accumulate enough credits to buy something to progress in a game and these shortcuts make them more appealing. The sample we received is posing as a cheat to a top ranking free sports game. In fact, searching for 8 Ball Pool game online yields keywords suggestions such as "hack" and "cheats." Infection Cycle The Trojan arrives as a file named "hack 8 ball pool.exe." Upon execution, it copies itself to the following directory: %TEMP%\chrome.exe In order to start after reboot the Trojan adds the following keys to the registry: HKLM\software\microsoft\windows\currentversion\run[8ce73491bf190a3fd7028c92bd3331b1]

Allowing WeChat to Sign Up and to get QR Code for login in SonicWall

SonicWall's Application Control block some required Application for WeChat Application. So that Mobile Device users using WeChat will not be able to Sign Up in you network and they will get "Connection error. Check your network settings." For those who already has account also will not able to sign in by using QR code. Laptop/Desktop WeChat user also will encounter the error as below. To solve these issue, you need to Unblock/Allow the Applications from below Application Signature List in your SonicWall. Application Category : Proxy-Access (27) Application : Proxy-Access HTTP (966) Application Signature : Proxy-Access HTTP Proxy -- HTTP Proxy POST (9685) You still need to Allow/Exclude below IP Address lists from Application Control List of your SonicWall.(In fact, WeChat used many IP Addresses and need to check logs and add some more if your issue not resolve yet by adding below list.) 203.205.129.101 203.205.147.168 203.205.151.160 140.206.1

Increased Online Shopping and Increased Malicious Email Threats

As usual, online shopping website are discounting for year ends after ThanksGiving Day, Black Friday and Cyber Monday. As a result, spammer also launch spam campaign to find the victim via online shopping. Below are guide for "How to stay safe" at online and "Best practices for avoiding email scams". How to Stay Safe An important skill to stay safe online is how to identify fraudulent domain names used in malicious links in emails. Scammers will usually try to deceive end users by disguising the true second-level domain, by prepending legitimate, familiar names to the beginning of hostnames. Appearing to come from a legitimate sources, the malicious email will contain links to sites that host exploit code with the hope that the user have unpatched systems and vulnerable web browsers, and the goal of compromising the user's system. Other attack vectors come directly in email attachments--word docs, executables, and other infected files. Best practices for avoid