Since a week i see these events 400 in the application log:
Web Attack: Malicious Scan Request 2 attack blocked. Traffic has been blocked for this application: SYSTEM
Since system is the windows kernel i worry what this could mean.
The symantec signature description doesn’t bring any clarity, it only makes me worry more:
Does somebody know what is happening here and if action is needed and what?
Just raising awareness:
Symantec Launches Quick Online Tool to Help Consumers and Enterprises Detect Recent VPNFilter Malware on Routers
That free online tool:
Check Your Router for VPNFilter
Security Response blog- much good detail:
VPNFilter: New Router Malware with Destructive Capabilities
AV and IPS signatures designed to block VPNFilter:
System Infected: VPNfilter Activity 2
I have a user that keeps running into a Trojan Horse popup every other week and sometimes weekly. The Trojan Horse has the following information:
Risk: Trojan Horse
Any help would be greatly appreciated. Thank you.
July 20, 2017Amman, Jordan—For veteran observers in the Middle East, the revelation that the UAE may have hacked Qatar’s news agency, precipitating a diplomatic crisis, reads like the rejected plot for a spy novel. Yet for democracy and human rights activists across the Arab world, the scenario is all too familiar – and all too real.
Since the so-called Arab Spring erupted seven years ago, Arab governments and intelligence agencies have spent millions on spyware, malware, and hacking services, experts and analysts say, waging a digital battle against their own citizens.
Regimes are using spyware from Western companies to take down those who dare to demand democracy and human rights, often by infiltrating the same technologies that activists used to take down dictatorial regimes – such as Facebook and Skype.
Arab activists in the Gulf and North Africa tell of receiving urgent text messages and emails from colleagues asking for information or setting up meetings – messages that their colleagues never typed – setting traps that would lead to meetings being busted, protests averted, and activists arrested.
“The hacking industry … has become a very big, billion-dollar business, and these governments are doing what they have always done, using technology to keep track of their citizens,” says Fred Kaplan, author of “Dark Territory: The Secret History of Cyber War.”
“On the one hand activists can talk to each other more and amass crowds like we saw in the Arab Spring,” he says. “But once communications are open, they are open both ways.”
Response to protests
As protests erupted across the Arab world in 2011, several Arab governments opened million-dollar contracts with Western companies to provide surveillance and hacking solutions, according to experts and releases by WikiLeaks.
Milan-based Hacking Team has signed two different contracts in Egypt, three in Saudi Arabia, and one each in Bahrain, the UAE, and Oman, according to experts and WikiLeaks.
In June, BBC Arabic revealed that UK-based defense giant BAE used a Danish subsidiary to sell its Evident surveillance systems to Saudi Arabia, the UAE, Qatar, Oman, Morocco, and Algeria. Evident allows users to monitor and track users at a national level and decrypt messaging software previously thought to be impervious to such snooping.
Activists and experts say Arab regimes often go after high-profile opposition leaders, human rights activists, and lawyers. But they are not the intended target of such surveillance.
Arab intelligence services likely already have detailed files on such figures, compiled through traditional intelligence-gathering methods. What they are truly after, say experts, are activists’ personal contacts, chat history, and anything else that leads to lower-profile sympathizers.
“People who are not publicly against the government, but who are silently supporting the cause, are almost always the target,” says Bill Marczak, senior research fellow at Citizen Lab at the University of Toronto, which tracks governments’ cyberwarfare and provides technical support for beleaguered activists across the world.
“They can be tracked through personal email contacts, phone contacts, chats – that is the goal.”
‘Guns for hire’
As Arab governments’ technological capabilities are still nascent, they rely almost exclusively on spyware, phishing, and hacking services from Western companies described by tech experts as “guns for hire,” which are able to take advantage of legal loopholes to sell to authoritarian governments.
A sampling of cases from the past seven years reveals how vital Western firms’ tools have been to autocratic regimes – and how little success human rights activists have had in pressuring those firms not to sell their technology for such uses.
Bahrain, which is embroiled in a bloody crackdown against its Shiite population and dissidents, has used spyware known as FinFisher. Targets would be sent emails with politically charged subject lines, and attachments purporting to contain information about the status of an arrested activist, or on the opposition, but in fact containing malicious spyware that would access activists’ devices and take all their contacts and data. Activists analyzing WikiLeaks-released conversations between Bahrain and Anglo-German firm Gamma Group, which sells FinFisher, matched the targets’ IP addresses with Bahraini activists in Britain.
The UAE used Israeli spyware to infect the iPhone of Emirati dissident Ahmed Mansoor, experts who tested his phone say, believing that the information gathered from his phone likely led to his rearrest by Emirati authorities this April. The spyware, sold by NSO Group, transmits all communications and location of the targeted iPhone, including communications on WhatsApp, Telegram, and Skype – encrypted messaging services favored by activists – along with iMessage, Gmail, Viber, and Facebook.
Egypt entered a 1 million euro ($1.16 million) contract with Milan-based Hacking Team for its Remote Controlled System, according to the UK-based civil liberties advocate Privacy International. Egypt has reportedly used RCS to monitor and hack not only Apple computers and iPhones, but pirated copies of Microsoft Windows – favored by an estimated 90 percent of computer users in Egypt.
According to Citizen Lab, a recent phishing campaign allegedly led by Egyptian authorities has targeted seven NGOs and several Egyptian lawyers, journalists and independent activists – all of whom have been named and implicated in the Case 173, the legal case brought by the Egyptian government against NGOs over foreign funding.
Arab security officials from two different countries, who declined to be quoted, defended the purchase of surveillance system as an “essential tool in the fight against terrorism.” In order to bust sleeper cells and foil IS-inspired terror plots, they claim they need mass surveillance – a claim they reportedly use to justify the use of such tools to their Western allies.
Human rights groups have tried to hold Western firms accountable. In 2014, Privacy International, acting on behalf of Bahraini activists residing in Britain, sent a criminal complaint against Gamma to the National Cyber Crime Unit of the British National Crime Agency.
However, to date no legal action has been taken against the firm, and despite pressure from human rights groups, experts claim companies such as Gamma and Hacking Team continue to sell their products to governments while distancing themselves from how their products are being used.
How activists have changed their methods
Egyptian activists say they now meet behind closed doors, leaving their mobiles and laptops behind. In the Gulf, human rights activists – who refused to allow their names or locations to be revealed due to security concerns – are forced to use “key words” and code to discuss any issue in the country.
Although they are unlikely to gain a technical edge over Western spyware for hire, experts say human rights activists recognize that the tactic behind all the diverse attacks: social engineering that makes the ultimate “click-bait.” And that is something that can be guarded against, to some extent.
“These messages are crafted to appeal to a person’s emotions and curiosity; they create a sense of urgency and tell users, ‘Click the link soon or there will be consequences,’” says Mr. Marczak.
“The key is for people to be aware for how this happens and look for the signs.”