email attachments Archives

Tech Optimizer

March 1, 2025

I compared Norton vs McAfee’s antivirus software to see which one is best

Norton 360 provides robust malware protection, including features to combat malicious email attachments, phishing attacks, and ransomware, with a Community Watch program for enhanced threat detection. McAfee uses a cloud-based infrastructure and machine learning for threat identification, with a malware scanner that analyzes suspicious code on its servers. Norton excels in malware detection but has some false positives, while McAfee achieved a perfect score in detecting existing malware and zero-day exploits, also with some false positives. Norton includes a two-way firewall, password manager, and 2GB of online storage, while McAfee focuses on phishing protection and personal data privacy tools, often at an additional cost. Benchmark tests show Norton has minimal system impact, while McAfee significantly slows down during full scans. Norton offers two interface options and is user-friendly, while McAfee's interface is simple but lacks customization. McAfee has a quick installation process under five minutes and 24/7 support, while Norton’s installation is longer but includes conflict checking and extensive support options. Ultimately, Norton is noted for comprehensive security features and performance, while McAfee is recognized for its user-friendly interface and quick installation.

Tech Optimizer

February 28, 2025

Evolving Snake Keylogger Variant Targets Windows Users

Cybersecurity researchers at Fortinet have identified a new variant of the Snake Keylogger malware, which has blocked over 280 million infection attempts globally. This malware captures sensitive user information, including credentials and browser data, and has the highest infection rates in China, Turkey, Indonesia, Taiwan, and Spain. The Snake Keylogger operates in three phases: distribution through phishing emails, data collection by capturing keystrokes and extracting credentials from browsers, and data transmission to command-and-control servers via encrypted channels. It employs advanced evasion techniques, such as process hollowing and persistence mechanisms, to operate stealthily. The malware uses obfuscation tools like AutoIt scripting to evade antivirus defenses and specifically targets browser-stored credentials. Security experts recommend caution with emails, using updated antivirus software, and regular patching of systems to mitigate risks.

Winsage

February 19, 2025

New Snake Keylogger infects Windows using AutoIt freeware

A new variant of the Snake Keylogger is targeting Windows users in Asia and Europe, utilizing the AutoIt scripting language for deployment to evade detection. This malware, built on the Microsoft .NET framework, infiltrates systems through spam email attachments, logging keystrokes, capturing screenshots, and collecting clipboard data to steal sensitive information like usernames, passwords, and credit card details from browsers such as Chrome, Edge, and Firefox. The keylogger transmits stolen data to its command-and-control server using methods like SMTP email, Telegram bots, and HTTP POST requests. The executable file is an AutoIt-compiled binary that unpacks and executes the keylogger upon opening. The keylogger replicates itself in the %Local_AppData%supergroup directory as ageless[.]exe and places a file named ageless[.]vbs in the Startup folder to ensure it runs automatically on system reboot. This persistence mechanism allows continued access to the infected machine without requiring administrative privileges. Once activated, the keylogger injects its payload into a legitimate .NET process, specifically targeting RegSvcs.exe through process hollowing. It logs keystrokes using the SetWindowsHookEx API with a low-level keyboard hook, capturing sensitive information. Additionally, it retrieves the victim's public IP address by pinging hxxp://checkip[.]dyndns[.]org for geolocation purposes.

Winsage

February 19, 2025

Hidden Microsoft Windows Threat Attacks When Your PC Restarts

A significant alert has been issued for Microsoft Windows users regarding the Snake Keylogger, an advanced keylogger capable of extracting sensitive information from web browsers like Chrome, Edge, and Firefox. It logs keystrokes, captures credentials, and monitors clipboard activity. The malware has already infiltrated millions of PCs and activates upon system restart, disguising itself among benign Windows processes. Fortinet reports that the Snake Keylogger has been circulating since 2020, infiltrating systems through malicious Office documents or PDFs attached to emails. If opened with macros enabled or using vulnerable software, the malware executes. It employs AutoIt scripting to obfuscate its operations and sets its attributes to hidden to complicate detection. The keylogger places a file in the Windows Startup folder to ensure it launches automatically with each restart, maintaining access to the compromised system. Once installed, it checks its environment to capture specific security credentials through keystrokes, clipboard data, or browser autofill information, transmitting this data to its handlers. Fortinet has observed the Snake Keylogger in various countries, including China, Turkey, Indonesia, Taiwan, and Spain. Users are advised to keep security software updated and exercise caution with email attachments from untrusted sources.

Tech Optimizer

February 11, 2025

Essential tips to protect your computer from malware

Malware includes various types of malicious software such as viruses, worms, Trojans, ransomware, and spyware. Email attachments and links are common methods for malware distribution, with cybercriminals often disguising malicious files as legitimate communications. Regular software updates are essential for protecting against security vulnerabilities. Pirated software frequently contains malware and poses risks to computer security. Installing antivirus and antimalware software is crucial for defense against attacks, with recommendations for programs like Windows Defender and Malwarebytes. Encrypting sensitive data can prevent unauthorized access, and maintaining cloud backups is vital for data recovery in case of ransomware attacks. Using a Virtual Private Network (VPN) is recommended when accessing the internet on public networks to protect personal information. Users should monitor their devices for suspicious activity, such as system slowdowns or unexpected pop-ups, and conduct malware scans if symptoms arise.

Tech Optimizer

December 16, 2024

Novel phishing campaign uses corrupted Word documents to evade security

A recent phishing campaign exploits Microsoft’s Word file recovery feature by sending corrupted Word documents as email attachments, which can bypass conventional security measures. Identified by the malware hunting firm Any.Run, these documents appear to be legitimate communications from payroll and human resources, featuring themes related to employee benefits and bonuses. The filenames of the attachments include variations such as "AnnualBenefits&Bonusfor[name]IyNURVhUTlVNUkFORE9NNDUjIw.docx" and "Due&Paymentfor[name]IyNURVhUTlVNUkFORE9NNDUjIw_.docx.bin." Each document contains a base64 encoded string that decodes to "##TEXTNUMRANDOM45##." When opened, Microsoft Word prompts the user about unreadable content and offers recovery options. Upon recovery, users are instructed to scan a QR code, which leads to a phishing site mimicking a Microsoft login page to harvest credentials. These documents often feature company logos to enhance credibility and have been successful due to their ability to evade detection by security solutions, with many returning "clean" results on VirusTotal. Users are advised to exercise caution with unknown emails and verify attachments' legitimacy.

Tech Optimizer

December 6, 2024

This sneaky phishing attack is a new take on a dirty old trick

Attackers are using a new phishing tactic involving Word documents that redirect users to a fake Microsoft login page to steal account credentials. This method can evade traditional antivirus detection due to the malicious content being difficult to scan. Users are advised to be cautious with email attachments, avoid clicking on links from unknown sources, consider using passkeys for account access, and enable two-factor authentication (2FA) for added security. Phishing attacks require user participation, so it's important to verify the legitimacy of requests before acting.