Dr. Erdal Ozkaya
Search
  • Home
  • Cybersecurity, Windows
  • Free stuff from the net! Think twice ! Free Malware removal Guide 101

Free stuff from the net! Think twice ! Free Malware removal Guide 101

Erdal2022-01-18T15:40:28-04:00

Free stuff from the net! Think twice !

A friend of mine called me during the night, asking for help.

He was downloading “free stuff” (magazine) from the net and enjoying the FREE reading, next day when he wanted to log in back to his PC , guess what happened , his FREE anti virus did not protect him from not getting infected.

After my investigations I found out that this ”free magazine” web site had everything in it, the blog them was exactly same as mine Open-mouthed smile Anyway…

When I wanted to test the web site, i found the below activities :

First i typed the URL (don’t) , selected a category to download

Free stuff from the net
Free stuff from the net

While  I was browsing the list “ Microsoft Security Essentials” warned me!

image

At the same time I did check my Sysinternal TCP view application, and yes the PC started to get many TCP connections in unusual ports

SNAGHTMLb773f9a

Many different IP addresses ,diverting the traffic from the “harmless (!)” magazine download web site to the TROJAN hosting web sites… Trojan Hosting ? What do I mean with that ? Of course , the redirection from the “Harmless (!) magazine download website to the “website which hosts the attack” , in this example , The magazine website redirects the browser to a malicious website that contains an instance of the “Blackhole” exploit kit. The “Backhole” exploit kit may exploit vulnerabilities in certain software that may be installed the computer. If exploitation is successful, it could lead to the download and execution of arbitrary files.

Below are few screenshots from TCP view, which proofs the diversion of the traffic,

image

So many connections where happening, I was not able quick enough to take screen shotsSmile

image

What is this Trojan:JS/BlacoleRef.G ?

Trojan:JS/BlacoleRef.G is identified as dangerous Trojan infection. Trojan:JS/BlacoleRef.G makes use of computer vulnerability or network hole to get into the system. For example, it attaches to unknown email message and when you click on attachment, your computer gets infected. It exploits rootkit technique to shun security program. Once it gets executed, Trojan:JS/BlacoleRef.G will make the computer weaker for additional malware. It may drop rogue virus to your computer which is big threat to the system.

Let’s analyse the source of the traffic :

image

As you can see from the screenshots, the exploit will try to attack  your computer from, unusual ports and weird web URL’s as above.

If you search the attacking  IP address from your favorite Search Engine, you will also see most probably the IP is already known as BAD:

result from BING

image

result from GOOGLE

image

Free Malware removal guide 

IP & URL analysis :

SNAGHTMLbb482c3

This screen shot indicates that there is an attack launched from IP 173.241.242.4 via HTTP protocol, and its randomly scanning my computer ports during the attack to sneak in to my PC…

SNAGHTMLbb7ac33image

While the attack happens, the Trojan is trying to modify the MEMORY via the IEXPLORER.EXE process name, to get some allocated space.

image

During the infection phase, the trojan is also creating some files in the system “

%AllUsersProfile%\~
%UserProfile%\Desktop\Trojan:JS/BlacoleRef.G.lnk
%UserProfile%\Start Menu\Programs\Trojan:JS/BlacoleRef.G\

As many other Trojan’s, viruses it sits in the registry, too:

imageimage

and it does create a OUTBOUND traffic…

image

Please be aware that the Trojan is hosted in many different locations and even though its not a new Trojan, interestingly the Trojan hosting web sites are still not in a BLACK LIST. A ping, trace route , who is query is still responding as below:

image

and

imageimage

How to remove the Trojan?

If you are using Up to Date Anti Virus & Windows , you should be fine, if not! Try one of the below steps and you should be fine:

1)http://answers.microsoft.com/en-us/protect/forum/protect_scanning/how-do-i-delete-an-item-that-is-saying-allowed/a198b2e5-9245-45c0-b8ae-d59ad44943ea

To get an Enterprise ready Anti Virus and much more 

After cleaning the Trojan from my friends PC, i did recommend him to subscribe to his favourite magazines, as there is really noting for FREE on the internet. Sooner or later you will need to pay to the FREE STUFF , either with a PC virus or Trojan which will steal your information from your PC or with loosing your valuables or dealing with a virus…

Next time think twice before you download.

Erdal

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


Related Posts

How to learn cyber security here are the necessary basics

How to learn cybersecurity, Great Tips from Italy

How to learn cybersecurity, Great Tips from Italy My books are getting recommended by teh popular Italian Security Web site thanks... read more
Hacking Trends 2023

Cybersecurity Predictions for 2023 : free video tutorial

Cybersecurity Predictions for 2023 The world of cybersecurity is rapidly changing, and it's important for the industry to accurately forecast the... read more

ENCRYPTION PACKAGE INFORMATION

ENCRYPTION PACKAGE INFORMATION When confidential or important information is transmitted over non-secure networks such as the Internet it is often sensible... read more
Windows Server 2016 Administration

Windows Server 2016 Administration Fundamentals – Best New Network Administration book

Windows Server 2016 Administration Fundamentals -Best New Network Administration book This time not me but a book which I have written the... read more
Heroes happen here Erdal Ozkaya

Heroes happen here – Honored to be awarded 2008

Heroes happen here At the Sydney Exhibition Centre, Martin Gregory, director Server and Tools, Microsoft Australia stated that the launch represents... read more

Recommended by Hacker News – 1

Recommended by Hacker News The Hacker News has just recommended, our book "Cybersecurity Attack and Defense Strategies" which we wrote with... read more
International Cyber Warfare Erdal Ozkaya

International Cyber Warfare Conference

International Cyber Warfare Conference , proud to be awarded ! It was an honor speaking at The International Cyber Warfare Conference... read more
Privacy in Social Media

Privacy in Social Media – Important for your online safety (2019)

Privacy in Social Media My new research about Privacy of "Social Media" has been accepted to get published in a journal... read more
update on the current cyber security threat profile

Erdal’s update on the current cyber security threat profile Free Webinar :

update on the current cyber security threat profile Join Microsoft #Cybersecurity Architect Dr Erdal Ozkaya tonight (7-8:30pm AEST) to hear about... read more
Hacking Windows with BackTrack

Hacking Windows with BackTrack – Highly Effective Meth0d

Hacking Windows with BackTrack  A presentation on how Windows 7 can be hacked via the Free Back Track   Hacking Windows with BackTrack... read more

Categories

  • About Dr Erdal Ozkaya (300)
    • Awards (97)
    • Erdal in the news (121)
    • Feedback (88)
    • My Books (53)
    • Who is Dr Erdal Ozkaya ? (2)
  • Announcemets (305)
  • Artificial Intelligence AI (11)
  • Certification (52)
  • Cloud Computing (73)
  • Cybersecurity (325)
  • Cybersecurity Leadership (58)
  • Digital Transformation (2)
  • Financial Sector (31)
  • Forensics (17)
  • Free Events (166)
  • General (138)
  • How to …? (61)
  • ISO 2700x (12)
  • News (38)
  • Reviews (77)
    • Book Reviews (32)
    • Free E-Books (14)
    • Hardware Review (9)
    • Security Review / Reports (10)
    • Software Review (8)
  • Siber Güvenlik (17)
  • Video Tutorials (101)
  • What is new? (27)
  • Windows (30)

Recent Comments

  • Sabri Kızmaz on Finans Sektörü Odaklı Siber Tatbikat
  • celal bayar on Finans Sektörü Odaklı Siber Tatbikat
  • Erdal on Free EDR Certification Training
  • SANDEEP SHRIVASTAV on Free EDR Certification Training
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)

Archives

Dr. Erdal Ozkaya © Copyright 2023. All Rights Reserved.