Security Awareness & Alerts
New Ransomware with a name as "Petya" is spreading widely. It encrypts the files on infected Windows systems.
The ransomware leverages etenalblue exploit, genuine psexec or wmic with appropriate credentials for a quick spread.
CERT-In has issued an advisory on its website (http://www.cert-in.org.in/) for detection and prevention of this Ransomware. The same has also been published on the Cyber Swachhta Kendra website. (http://www.cyberswachhtakendra.gov.in/alerts/petya_ransomware.html).
In May 2017, Ransomware named as “WannaCry” was in the news and have impacted many machines globally. Wannacry encrypts the files on infected Windows systems. This Ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems. This exploit is named as ETERNALBLUE.
The Ransomware called WannaCrypt or WannaCry encrypts the computer's hard disk drive and then spreads laterally between computers on the same LAN. The Ransomware also spreads through malicious attachments to emails.
CERT-In has issued an advisory on its website ( http://www.cert-in.org.in/) for detection and prevention of this Ransomware. The same has also been published on the Cyber Swachhta Kendra websit. (http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware..html).
CERT-In has issued a vulnerability note on its website ( http://www.cert-in.org.in/) with a Severity Rating of HIGH for possible remote exploitation of this vulnerability and to apply the patch released by Microsoft for the same.
Botnet Cleaning and Malware Analysis Centre (Cyber Swachhta Kendra): http://www.cyberswachhtakendra.gov.in has been setup by Government of India. subscribers are requested to disinfect their systems and take the directions as prescribed on the site.
Mobile devices like Laptops, Tablets and Smart phones are becoming increasingly popular and are rapidly becoming attractive targets for malicious attacks. In addition to facing same security challenges as traditional computing environment mobile devices are also exposed to new set of risks. Subscribers are recommended to visit “Security Tips for Common Users” at www.cert-in.org.in
on a regular basis and go through the training modules, security tips etc. to keep themselves updated with latest on security.
A botnet is a network of compromised machines called "bots" that can be remotely controlled by an attacker. These machines can be used by attackers for launching DDoS attacks, sending Spam messages, infecting other machines or to engage in various other kinds of malicious activities. Popular media for controlling botnets are IRC channel, P2P network and HTTP.
When the malware runs, it turns the infected system into a bot connecting to a C&C server. Bot infected systems connect to the C&C Servers on specific ports and listen for commands from remote attacker. The advisory from CERT-IN provides directions to check if the system is infected and, if so, enables to correct it. In view of the high damage potential of Botnet infected machines, subscribers are requested to disinfect their systems and take appropriate counter measures suggested below to prevent such incidents in future:-
1. Install and maintain updated anti-virus and antispyware software at desktop level.
2. Scan computer system with updated anti-virus for possible infections and disinfect the same.
3. Install and maintain personal desktop firewall.
4. Check for the suspicious network activities of infected computer system mentioned in list and disinfect the same if found.
5. Use only genuine software.
6. Keep up-to-date patches and fixes on the operating system and application software.
7. Exercise caution while opening email attachments.
8. Do not browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the links provided in any unsolicited emails.
Botnet Cleaning and Malware Analysis Centre (Cyber Swachhta Kendra):http://www.cyberswachhtakendra.gov.in has been setup by Government of India. subscribers are requested to disinfect their systems and take the directions as prescribed on the site.
For more information, please connect to CERT-IN website - http://www.cert-in.org.in
GameOver Zeus (GOZ) is a peer-to-peer variant of the well-known bank credential-stealing Trojan Zeus malware, which uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. GOZ is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim's computer. To date, GOZ activity has led to the loss of millions of dollars through fraudulent Automated Clearing House (ACH) transactions and wire transfers. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.
The Gameover malware majorly performs the following functions:
1. Steals banking, BitCoin exchange credentials, with a diverse set of features to capture information from a victim through keystroke logging, form grabbing, and credential scraping , HTML injection, etc
2. Implements decentralized P2P infrastructure for C2 communication (supports both IPv4 and IPv6)
3. Defends itself by installing kernel mode Rootkit.
4. Launches distributed denial-of-service (DDoS) attacks (with Dirt Jumper DDOS kit)
Due to the malicious payload of the GameOver Zeus trojan the infected systems may participate in large scale Spamming and other malicious activities, causing blocking of associated IPs in spam black-lists and downgrading reputation of related ASNs and ISP.
The advisory from CERT-IN provides directions to check if the system is infected and, if so, enables to correct it. In view of this, subscribers are requested to disinfect their systems and take appropriate counter measures suggested below to prevent such incidents in future:-
1. Keep antivirus, operating system, and browser software up to date.
2. Do not follow unsolicited web links or attachments in emails messages.
Filter email / scan email file attachment contents and consider blocking executable file types
3. Deploy advanced malware protection devices in-line with incoming email streams containing malicious file attachments as well as subsequent file downloads.
4. Implement end-point controls on users computers to help limit opening of malicious file attachments and to catch malware installation / execution.
5. Apply post-infection controls such as firewall policies, web proxies, file downloads over HTTPS, and associated log monitoring to identify anomalies.
6. Protect yourself against social engineering attacks.
7. Exercise caution while visiting websites.
8. Enable firewall at Desktop and gateway level.
For cleaning GameOver Zeus infected systems you may advise your customers to clean their systems with the following removal tools:-
1. http://www.f-secure.com/en/web/home_global/online- scanner (Windows Vista,7 and 8)
2. http://www.f-secure.com/en/web/labs_global/removal- tools/-/carousel/view/142 (Windows XP)
3. http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)
4. http://www.microsoft.com/security/scanner/en- us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista,
and Windows XP)
5. http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)
6. http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)
7. http://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)
For more information, please connect to CERT-IN website - http://www.cert-in.org.in
The fraudulent calls claiming the recipient customer as being a prize/lottery winner are on a rise. A general advisory is used to caution Indian telecom subscribers who are being arbitrarily targeted by such type of calls. It is found that in these types of phone frauds, the customer returns a missed call to a +92 or +375 country code and inadvertently reaches a fraudster pretending to be representative of Aircel or any other Indian Telecom Operator providing mobile services and informs the customer of having won some lottery/prize money. The fraudster then attempts to trick the customer into divulging sensitive personal information and to pay a commission to receive the winnings.
In our endeavour to protect the mobile subscribers from such malicious activities, following Do's and Don't's are advised to be followed -
1. Please be extra vigilant and exercise utmost caution while surfing Internet sites using your phone. Be cautious about the messages you receive on social networking sites that contain links. Even links that look like they come from friends can sometimes be harmful or fraudulent.
2. Always be sure of the sites and content while browising. Avoid going from your mobile browser to sites that offer unreliable and questionable content. If you inadvertently access any of these sites, close any/all pop-up windows that may have opened.
4. Please be aware that certain websites use mobile or fixed line number to make outgoing calls. This is an illegal activity. Do not post your mobile number or fixed line number on the websites unless you are very sure that the site is secure.
5. Delete the browsing history and cookies on periodic basis to keep the machine clean.
6. Keep Bluetooth connectivity off when not required. Keep the security feature of your handset on high mode.
7. Periodically check the icons on your handset and ensure that no new icons have appeared which have not been consciously installed by you.
8. Check your Mobile bill regularly for any anomaly
1. Do not respond to any unexpected calls from a number with the +92 or +375 country code.
2. Do not respond to any suspicious missed calls from unknown numbers. Refrain from calling back numbers with prefix other than +91 (India's Country Code). For Example (+355,+375,+229,+257,+242,+670,+372,+241,+882,+224,+509,+504,+882,+187,+371,
3. Do not get lured into any financial transactions or divulge any personal information like IMEI, Bank Account number and other information to callers offering prize money or lottery winnings. Also do not respond to any instructions to dial an international number to get the prize money.
4. Do not use your mobile device to store sensitive personal information or bank account numbers
5. Luring may also be done through SMS messages offering prize money and seeking personal details on a specified email ID. Please do not respond to these.
6. Do not respond to any SMS/Email from unknown sources prompting you to call on a number or go to a site offering free download of content/movie clips/pictures.
7. Do not share any personal information, identity proof or make any payments to people promising lottery or other unexpected awards or strangers.
8. TRAI prohibits using personal numbers for telemarketing purposes. Please ensure your number is not involved in such activities.
"Disclaimer: The information contained herein above is provided by Aircel Limited (us / we) for general information purposes only. This information is provided by CERT-IN and we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability with respect to the above content or the information, products, services, contained herein above for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this information. The inclusion of any web links does not necessarily imply a recommendation or endorse the views expressed within them by us, and we do not take any responsibility for, and will not be liable for, the web links mentioned above being temporarily unavailable due to technical issues beyond our control."