Zyxel Threat Intelligence (Release Date: 2022-03-01)
ZyWALLs latest virus/malware signature update protects you against more malware and threats. See how ZyWALL defends against these threats.
Part 1 – Virus/Malware Spotlight
Part 2 – Intrusion Detection Highlight
Part 3 – Application Patrol HighlightThis article focuses on TeslaCrypt. Part 2 and 3 will be included in the March Monthly Threat Report covering Intrusion Detection and Application Patrol update. You can view more about their details, history, and signature information in Zyxel Encyclopedia.
(Number of updated Virus/Malware signatures:51,126)
Zyxel keeps malware detection up-to-date. Currently, Zyxel detects and removes the threats including Gen.Variant.TeslaCrypt and Backdoor/Aimbot.
What is TeslaCrypt?
TeslaCrypt ransomware is a copycat of the CryptoLocker, encrypting files with the AES-256 encryption algorithm. Unlike other types of ransomware, TeslaCrypt has a special focus on popular games like Minecraft, World of Warcraft, and Steam. Demands for a ransom of $250 to $1000 to get the decryption key to access the affected files.
How it works
TeslaCrypt ransomware uses website drive-by download and e-mail to transmit. When a victim is infected, the pop-up window shows the warning indicating the computer’s files have been encrypted. They are provided with several methods to access the TeslaCrypt website with instructions on how to pay the ransom. They often require the payment in bitcoin because it is less traceable than other form of payments.
How can I protect myself?
Individuals and small businesses should create copies of all your important files on a regular basis, update your software and firmware to the latest version especially with web browsers and their plugins.
Backdoor/Aimbot is a backdoor that exploits Kazaa sharing and mIRC propagation. The "Aimbot" spreads to users' computers that have been infected with backdoors. Create a shared folder under Kazaa, naming as same as common software to deceive others to download it.
Connect to the specified IRC server and follow hacker commands to upload or download specific files. Additionally, it terminates some of the processes in anti-virus software and conduct DoS attacks on specified targets, etc.
Search for characters related to “online banking” and “online payment” in the browser window. Once found, it starts recording keystrokes and stealing user’s account passwords. Prohibits users from conducting online transactions through legitimate accounts.
(Updated: 2/Cover Total: 5510)
Microsoft RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption Vulnerability
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. (Source: NIST)
Wordpress Massimo Theme Full Path Disclosure Vulnerability
Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path. From PHP error messages information, the attacker may learn the file system structure from the web server. The attackers may abuse the knowledge to conduct further attacks.
(Added Application:12/ All Application: 3854)
To make your life easier in managing your licenses for your devices, the Marketplace has been opened to buy licenses conveniently and securely.
These are the three major benefits for you as a customer when using the Marketplace:
- 8.1K All Categories
- 1.6K Nebula
- 59 Nebula Ideas
- 54 Nebula Status and Incidents
- 4.3K Security
- 222 Security Ideas
- 936 Switch
- 42 Switch Ideas
- 818 WirelessLAN
- 19 WLAN Ideas
- 5K Consumer Product
- 136 Service & License
- 266 News and Release
- 90 Success Stories
- 52 Security Advisories
- 13 Education Center
- 536 FAQ
- 252 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 66 About Community
- 44 Security Highlight