Citadel Ransomware Summary

A variation of a new version of the Citadel malware is on the internet and allows fraudsters to extort money from unsuspecting users. Based on the Zeus malware, Revetron gets installed on the victim's computer. Once it is installed, it freezes the computer and a warning message pops up that the user has been viewing child pornography in addition to other illegal media and must pay a fine to the US Department of Justice (DOJ) in order to unlock the computer. The warning message declares that the user's IP address has been identified by the Computer Crimes and Intellectual Property Section and that they must pay a $100 fine to the DOJ using prepaid money card services. Since it is based upon an open source development model, customized versions of this malware are being developed everyday and could get more lethal in terms of ransomware and other types of monetary fraud.

In order to prevent such malware to be installed, users must keep up to date on the latest updates and patches for their operating systems. Many infections are often a result of criminals exploiting vulnerabilities in outdated software. Anti-virus software can also prevent malware from getting installed on user's computers; any warnings that are raised by anti-virus software must be taken seriously and no chances must be taken. Any adds or banners to which the user does know the origin of must not be clicked; more often than not, these can direct one to the website from where the malware is downloaded. If one is unfortunate enough to get Revetron on their system, contact your anti-virus provider; they can guide users on how to safely remove the malware off of their computers. In any case, do not pay the requested fine and immediately contact the authorities to prevent more users from getting victimized.

LinkedIn Article Summary

Various security firms have confirmed that over six million LinkedIn passwords have been stolen and uploaded onto a Russian-language web forum. LinkedIn is currently investigating the claims made regarding the stolen passwords. The article recommends users of LinkedIn to change their passwords as soon as possible. It also reminds users to change their passwords for other sites if the passwords that are used are the same as the ones used in their LinkedIn accounts. Later on, LinkedIn had confirmed that the security breach had, in fact, occured and outlined details on their website's blog on how they will proceed to deal with this breach.

There are a number of measures that can be undertaken in order to prevent or to minimize the damage caused by stolen passwords. Corporations must hash user passwords with a strong hashing algorithm so that it is not easy for attackers to crack the passwords. LinkedIn had used the weak SHA-1 hashing algorithm to encrypt its passwords, which probably has allowed its attackers to crack the passwords in a short amount of time. LinkedIn also did not 'salt' its passwords, which appends a series of random digits to the end of each hashed value, in order to make it very difficult to crack the passwords. Companies who extensively use the internet to interact with its customers/clients must also consider the option of buying insurance to reduce or eliminate the financial impact of a class action lawsuit (LinkedIn is currently being sued by users for five million dollars). Companies must also provide strict guidelines for setting up passwords. The passwords used for LinkedIn include phrases such as "God" and numeric sequences such as "12345". They should force users to make their passwords a little more random and to use special characters as well as a combination of letters and numbers. Common phrases and swear words (see last article) are at the top of the list in most brute force dictionaries and make it very easy for attackers to crack passwords.