977 resultados para cryptolocker malware threat virus ransomeware
Resumo:
Il Cryptolocker è un malware diffuso su scala globale appartenente alla categoria ransomware. La mia analisi consiste nel ripercorrere le origini dei software maligni alla ricerca di rappresentanti del genere con caratteristiche simili al virus che senza tregua persevera a partire dal 2013: il Cryptolocker. Per imparare di più sul comportamento di questa minaccia vengono esposte delle analisi del malware, quella statica e quella dinamica, eseguite sul Cryptolocker (2013), CryptoWall (2014) e TeslaCrypt (2015). In breve viene descritta la parte operativa per la concezione e la configurazione di un laboratorio virtuale per la successiva raccolta di tracce lasciate dal malware sul sistema e in rete. In seguito all’analisi pratica e alla concentrazione sui punti deboli di queste minacce, oltre che sugli aspetti tecnici alla base del funzionamento dei crypto, vengono presi in considerazione gli aspetti sociali e psicologici che caratterizzano un complesso background da cui il virus prolifica. Vengono confrontate fonti autorevoli e testimonianze per chiarire i dubbi rimasti dopo i test. Saranno questi ultimi a confermare la veridicità dei dati emersi dai miei esperimenti, ma anche a formare un quadro più completo sottolineando quanto la morfologia del malware sia in simbiosi con la tipologia di utente che va a colpire. Capito il funzionamento generale del crypto sono proprio le sue funzionalità e le sue particolarità a permettermi di stilare, anche con l’aiuto di fonti esterne al mio operato, una lista esauriente di mezzi e comportamenti difensivi per contrastarlo ed attenuare il rischio d’infezione. Vengono citati anche le possibili procedure di recupero per i dati compromessi, per i casi “fortunati”, in quanto il recupero non è sempre materialmente possibile. La mia relazione si conclude con una considerazione da parte mia inaspettata: il potenziale dei crypto, in tutte le loro forme, risiede per la maggior parte nel social engineering, senza il quale (se non per certe categorie del ransomware) l’infezione avrebbe percentuali di fallimento decisamente più elevate.
Resumo:
Nel mondo della sicurezza informatica, le tecnologie si evolvono per far fronte alle minacce. Non è possibile prescindere dalla prevenzione, ma occorre accettare il fatto che nessuna barriera risulterà impenetrabile e che la rilevazione, unitamente ad una pronta risposta, rappresenta una linea estremamente critica di difesa, ma l’unica veramente attuabile per poter guadagnare più tempo possibile o per limitare i danni. Introdurremo quindi un nuovo modello operativo composto da procedure capaci di affrontare le nuove sfide che il malware costantemente offre e allo stesso tempo di sollevare i comparti IT da attività onerose e sempre più complesse, ottimizzandone il processo di comunicazione e di risposta.
Resumo:
El Malware es una grave amenaza para la seguridad de los sistemas. Con el uso generalizado de la World Wide Web, ha habido un enorme aumento en los ataques de virus, haciendo que la seguridad informática sea esencial para todas las computadoras y se expandan las áreas de investigación sobre los nuevos incidentes que se generan, siendo una de éstas la clasificación del malware. Los “desarrolladores de malware” utilizan nuevas técnicas para generar malware polimórfico reutilizando los malware existentes, por lo cual es necesario agruparlos en familias para estudiar sus características y poder detectar nuevas variantes de los mismos. Este trabajo, además de presentar un detallado estado de la cuestión de la clasificación del malware de ficheros ejecutables PE, presenta un enfoque en el que se mejora el índice de la clasificación de la base de datos de Malware MALICIA utilizando las características estáticas de ficheros ejecutables Imphash y Pehash, utilizando dichas características se realiza un clustering con el algoritmo clustering agresivo el cual se cambia con la clasificación actual mediante el algoritmo de majority voting y la característica icon_label, obteniendo un Precision de 99,15% y un Recall de 99,32% mejorando la clasificación de MALICIA con un F-measure de 99,23%.---ABSTRACT---Malware is a serious threat to the security of systems. With the widespread use of the World Wide Web, there has been a huge increase in virus attacks, making the computer security essential for all computers. Near areas of research have append in this area including classifying malware into families, Malware developers use polymorphism to generate new variants of existing malware. Thus it is crucial to group variants of the same family, to study their characteristics and to detect new variants. This work, in addition to presenting a detailed analysis of the problem of classifying malware PE executable files, presents an approach in which the classification in the Malware database MALICIA is improved by using static characteristics of executable files, namely Imphash and Pehash. Both features are evaluated through clustering real malware with family labels with aggressive clustering algorithm and combining this with the current classification by Majority voting algorithm, obtaining a Precision of 99.15% and a Recall of 99.32%, improving the classification of MALICIA with an F-measure of 99,23%.
Resumo:
The BlackEnergy malware targeting critical infrastructures has a long history. It evolved over time from a simple DDoS platform to a quite sophisticated plug-in based malware. The plug-in architecture has a persistent malware core with easily installable attack specific modules for DDoS, spamming, info-stealing, remote access, boot-sector formatting etc. BlackEnergy has been involved in several high profile cyber physical attacks including the recent Ukraine power grid attack in December 2015. This paper investigates the evolution of BlackEnergy and its cyber attack capabilities. It presents a basic cyber attack model used by BlackEnergy for targeting industrial control systems. In particular, the paper analyzes cyber threats of BlackEnergy for synchrophasor based systems which are used for real-time control and monitoring functionalities in smart grid. Several BlackEnergy based attack scenarios have been investigated by exploiting the vulnerabilities in two widely used synchrophasor communication standards: (i) IEEE C37.118 and (ii) IEC 61850-90-5. Specifically, the paper addresses reconnaissance, DDoS, man-in-the-middle and replay/reflection attacks on IEEE C37.118 and IEC 61850-90-5. Further, the paper also investigates protection strategies for detection and prevention of BlackEnergy based cyber physical attacks.
Resumo:
One of the faba bean viruses found in West Asia and North Africa was identified as broad bean mottle virus (BBMV) by host reactions, particle morphology and size, serology, and granular, often vesiculated cytoplasmic inclusions. Detailed research on four isolates, one each from Morocco, Tunisia, Sudan and Syria, provided new information on the virus. The isolates, though indistinguishable in ELISA or gel-diffusion tests, differed slightly in host range and symptoms. Twenty-one species (12 legumes and 9 non-legumes) out of 27 tested were systemically infected, and 14 of these by all four isolates. Infection in several species was symptomless, but major legumes such as chickpea, lentil and especially pea, suffered severely from infection. All 23 genotypes of faba bean, 2 of chickpea, 4 of lentil, 11 out of 21 of Phaseolus bean, and 16 out of 17 of pea were systemically sensitive to the virus. Twelve plant species were found to be new potential hosts and cucumber a new local-lesion test plant of the virus. BBMV particles occurred in faba bean plants in very high concentrations and seed transmission in this species (1.37%) was confirmed. An isolate from Syria was purified and two antisera were produced, one of which was used in ELISA to detect BBMV in faba bean field samples. Two hundred and three out of the 789 samples with symptoms suggestive of virus infection collected in 1985, 1986 and 1987, were found infected with BBMV: 4 out of 70 (4/70) tested samples from Egypt, 0/44 from Lebanon, 1/15 from Morocco, 46/254 from Sudan, 72/269 from Syria and 80/137 from Tunisia. This is the first report on its occurrence in Egypt, Syria and Tunisia. The virus is a potential threat to crop improvement in the region.
Resumo:
Maize streak virus (MSV; family Geminiviridae, genus Mastrevirus), the causal agent of maize streak disease, ranks amongst the most serious biological threats to food security in subSaharan Africa. Although five distinct MSV strains have been currently described, only one of these - MSV-A - causes severe disease in maize. Due primarily to their not being an obvious threat to agriculture, very little is known about the 'grass-adapted' MSV strains, MSV-B, -C, -D and -E. Since comparing the genetic diversities, geographical distributions and natural host ranges of MSV-A with the other MSV strains could provide valuable information on the epidemiology, evolution and emergence of MSV-A, we carried out a phylogeographical analysis of MSVs found in uncultivated indigenous African grasses. Amongst the 83 new MSV genomes presented here, we report the discovery of six new MSV strains (MSV-F to -K). The non-random recombination breakpoint distributions detectable with these and other available mastrevirus sequences partially mirror those seen in begomoviruses, implying that the forces shaping these breakpoint patterns have been largely conserved since the earliest geminivirus ancestors. We present evidence that the ancestor of all MSV-A variants was the recombinant progeny of ancestral MSV-B and MSV-G/-F variants. While it remains unknown whether recombination influenced the emergence of MSV-A in maize, our discovery that MSV-A variants may both move between and become established in different regions of Africa with greater ease, and infect more grass species than other MSV strains, goes some way towards explaining why MSV-A is such a successful maize pathogen. © 2008 SGM.
Resumo:
Background: Panicum streak virus (PanSV; Family Geminiviridae; Genus Mastrevirus) is a close relative of Maize streak virus (MSV), the most serious viral threat to maize production in Africa. PanSV and MSV have the same leafhopper vector species, largely overlapping natural host ranges and similar geographical distributions across Africa and its associated Indian Ocean Islands. Unlike MSV, however, PanSV has no known economic relevance. Results: Here we report on 16 new PanSV full genome sequences sampled throughout Africa and use these together with others in public databases to reveal that PanSV and MSV populations in general share very similar patterns of genetic exchange and geographically structured diversity. A potentially important difference between the species, however, is that the movement of MSV strains throughout Africa is apparently less constrained than that of PanSV strains. Interestingly the MSV-A strain which causes maize streak disease is apparently the most mobile of all the PanSV and MSV strains investigated. Conclusion: We therefore hypothesize that the generally increased mobility of MSV relative to other closely related species such as PanSV, may have been an important evolutionary step in the eventual emergence of MSV-A as a serious agricultural pathogen. The GenBank accession numbers for the sequences reported in this paper are GQ415386-GQ415401. © 2009 Varsani et al; licensee BioMed Central Ltd.
Resumo:
Ross River virus is a mosquito-borne alphavirus that causes approximately 5000 cases of epidemic polyarthritis in Australia each year and has direct medical-associated costs of approximately US$15 million annually. While mosquito control programs are able, at best, to contain rather than prevent this disease, natural infection with Ross River virus confers lifelong protection against subsequent clinical infection. A killed-virus vaccine has been developed, which is in Phase III clinical trials. Analyses of intra-host genetic diversity and of long-term evolutionary changes in Ross River virus populations suggest that antigenic variation is unlikely to pose a threat to the efficacy of this vaccine.
Resumo:
The Oceania region, which includes Australia, New Zealand, Papua New Guinea and the islands of the tropical Pacific Ocean, has historically been free from chikungunya. However, the 2011 outbreak in New Caledonia and the ongoing outbreak in Papua New Guinea have highlighted the risk to other communities in Oceania where there are competent mosquito vectors and permissive social factors and environmental conditions. In this article we discuss the threat to this region that is posed by the recent evolution of the E1:A226V mutant strains of chikungunya virus (CHIKV).
Resumo:
Although monocotyledonous-plant-infecting mastreviruses (in the family Geminiviridae) are known to cause economically significant crop losses in certain areas of the world, in Australia, they pose no obvious threat to agriculture. Consequently, only a few Australian monocot-infecting mastreviruses have been described, and only two have had their genomes fully sequenced. Here, we present the third full-genome sequence of an Australian monocot-infecting mastrevirus from Bromus catharticus belonging to a distinct species, which we have tentatively named Bromus catharticus striate mosaic virus (BCSMV). Although the genome of this new virus shares only 57.7% sequence similarity with that of its nearest known relative, Digitaria didactyla striate mosaic virus (DDSMV; also from Australia), it has features typical of all other known mastrevirus genomes. Phylogenetic analysis showed that both the full genome and each of its probable expressed proteins group with the two other characterised Australian monocot-infecting mastreviruses. Besides the BCSMV genome sequence revealing that Australian monocot-infecting mastrevirus diversity rivals that seen in Africa, it has enabled us, for the first, to time detect evidence of recombination amongst the Australian viruses. Specifically, it appears that DDSMV possesses a short intergenic region sequence that has been recombinationally derived from either BCSMV or a close relative that has not yet been identified.
Resumo:
Emerging zoonoses threaten global health, yet the processes by which they emerge are complex and poorly understood. Nipah virus (NiV) is an important threat owing to its broad host and geographical range, high case fatality, potential for human-to-human transmission and lack of effective prevention or therapies. Here, we investigate the origin of the first identified outbreak of NiV encephalitis in Malaysia and Singapore. We analyse data on livestock production from the index site (a commercial pig farm in Malaysia) prior to and during the outbreak, on Malaysian agricultural production, and from surveys of NiV's wildlife reservoir (flying foxes). Our analyses suggest that repeated introduction of NiV from wildlife changed infection dynamics in pigs. Initial viral introduction produced an explosive epizootic that drove itself to extinction but primed the population for enzootic persistence upon reintroduction of the virus. The resultant within-farm persistence permitted regional spread and increased the number of human infections. This study refutes an earlier hypothesis that anomalous El Nino Southern Oscillation-related climatic conditions drove emergence and suggests that priming for persistence drove the emergence of a novel zoonotic pathogen. Thus, we provide empirical evidence for a causative mechanism previously proposed as a precursor to widespread infection with H5N1 avian influenza and other emerging pathogens.
Resumo:
Cotton bunchy top virus (CBTV) and the related Cotton leafroll dwarf virus (CLRDV) have caused sporadic disease outbreaks in most cotton regions of the world. Until recently, little was known about the diversity of CBTV or its natural host range. Seven natural field hosts and one experimental host of CBTV have now been identified. These include cotton, Malva parviflora (Marshmallow weed), Abutilon theophrasti (Velvetleaf), Anoda cristata (Spurred anoda), Hibiscus sabdariffa (Rosella), Sida rhombifolia (Paddy’s lucerne), Chamaesyce hirta (Asthma plant) and Gossypium australe. These are currently the only eight known hosts of CBTV. However the virus may have a wider host range than originally thought and include further non-Malvaceae species like asthma plant (family Euphorbiaceae). There are two distinct strains of CBTV in Australia, -A and -B, which have been detected in cotton from numerous locations across almost all growing regions. From 105 samples of cotton that have been positive for CBTV, 6 were infections of strain A only, 60 were strain B only and 64 were a mixed infection of strains A and B. These results indicate the symptoms of cotton bunchy top disease are closely associated with the presence of strain CBTV-B. A diagnostic assay for Cotton leafroll dwarf virus (CLRDV - cotton blue disease) is being developed and applied successfully for the detection of CLRDV samples from Brazil and Thailand. This is the first confirmation of CLRDV from SE-Asia, which may pose an increased biosecurity threat to the Australian industry.
Resumo:
Chronic hepatitis C virus (HCV) infection represents a major health threat to global population. In India, approximately 15-20% of cases of chronic liver diseases are caused by HCV infection. Although, new drug treatments hold great promise for HCV eradication in infected individuals, the treatments are highly expensive. A vaccine for preventing or treating HCV infection would be of great value, particularly in developing countries. Several preclinical trials of virus-like particle (VLP) based vaccine strategies are in progress throughout the world. Previously, using baculovirus based system, we have reported the production of hepatitis C virus-like particles (HCV-LPs) encoding structural proteins for genotype 3a, which is prevalent in India. In the present study, we have generated HCV-LPs using adenovirus based system and tried different immunization strategies by using combinations of both kinds of HCV-LPs with other genotype 3a-based immunogens. HCV-LPs and peptides based ELISAs were used to evaluate antibody responses generated by these combinations. Cell-mediated immune responses were measured by using T-cell proliferation assay and intracellular cytokine staining. We observed that administration of recombinant adenoviruses expressing HCV structural proteins as final booster enhances both antibody as well as T-cell responses. Additionally, reduction of binding of VLP and JFH1 virus to human hepatocellular carcinoma cells demonstrated the presence of neutralizing antibodies in immunized sera. Taken together, our results suggest that the combined regimen of VLP followed by recombinant adenovirus could more effectively inhibit HCV infection, endorsing the novel vaccine strategy. (C) 2015 Elsevier Ltd. All rights reserved.
Resumo:
The Zhikong Scallop, Chlamys farreri, is one of the most Important bivalve mollusks cultured in northern China However, mass mortality of the cultured C farreri has posed a serious threat to the maricultural Industry in recent years. Acute Viral Necrobiotic Virus (AVNV) is believed as an important etiological agent causing the scallop mass mortalities To understand the mechanism behind the AVNV associated scallop disease and mortality, we assessed the physiological and immune responses of C farreri to the virus infection using oxygen consumption rate, ammonium-nitrogen excretion rate, hemocyte copper, zinc superoxide dismutase gene expression, and plasma superoxide dismutase activity and alkaline phosphatase activity as indicators Scallops challenged by AVNV at 25 C developed typical disease signs 2 days after virus injection Before the disease manifested, scallop oxygen consumption and NH4+-N excretion rates rose and then fell back. Real-time PCR revealed that the hemocyte cytosol Cu, Zn SOD gene expression was upregulated followed by recovery The plasma SOD activity, however, augmented consistently following virus injection Moreover, plasma AKP activity first lowered and then elevated gradually to the highest level at 24 h post virus injection Scallops challenged by AVNV at 17 degrees C neither developed notable disease nor showed obvious responses that could be associated with the virus infection. While the results suggested a correlation between the elevated seawater temperature and the AVNV infection associated C farreri mortalities, they also indicated that the viral infection provoked multiple physiological and immune responses in the host scallops (C) 2010 Elsevier Ltd All rights reserved
