Security Alert: Handbrake Download Mirror was Compromised

HandBrake

From Handbrake.fr:

SECURITY WARNING

Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the SHA1 / 256 sum of the file before running it.

Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you’ve downloaded HandBrake during this period.”

If you have Handbrake installed on your Macs, you should check if it is compromised by this Trojan.

Also:

“Based on the information we have, you must also change all the passwords that may reside in your OSX KeyChain or any browser password stores.”

YIKES!

Synology Vulnerability and Ransomware

In the early Sunday morning of August 3, 2014, a tweet by Mike Evangelist was linked on Hacker News.

Lovely. My @Synology NAS has been hacked by ransomware calling itself Synolocker. Not what I wanted to do today. pic.twitter.com/YJ1VLeKqfY

Mike Evangelist Tweet Synology Synolocker

I was somewhat scared by this news as some users at Synology forums reported that they were also victims of  SynoLocker which is a CryptoLocker malware which specifically targets Synology NAS. I am managing numbers of Synology NAS for a few small offices and homes. Granted that none of them are directly connected to the Internet, but I have to make sure none of them would be hacked and crypto-locked.

Make sure your Synology NAS is running the latest DSM Operating System.

Synology Software Update

For now, disable the QuickConnect service.

Synology Disable QuickConnect

Disable all port-forwarding if your Synology DiskStation is behind a NAT Firewall. This is a definite inconvenience; better to be safe than sorry.

More importantly, back-up the content of your Synology NAS. Should anything happen, you still have your data. My colleague has a great advice on backing up:

As always, if you have data on your Synology that you consider irreplaceable, make sure that you have it backed up to. I’d recommend using the built in Amazon S3 client. It’s cheap and fairly easy to set up, and should help you in case of a disaster.

I personally also run a backup to another hard drive locally for rapid recovery.

Malware, Malware and more Malware.

For the past week I have been removing a lot of Malware from a lot of computers running Windows XP, Windows Vista, Windows 7 and Windows 8. Some are harder to remove than the others. In general I’d like to avoid the Scorched-Earth scenario whenever possible, as it is the last resort.

Malware Script

There are a lot of ways to remove Malware, there is not a single solution.

Whenever removing Malware from Windows computers I tend to boot to Safe mode with a Command prompt and remove any Malware reference from “Run” key in the registry and Start from Programs Menu.

Some tools/programs that I use:

I then use Microsoft’s Malicious Software Removal Tool and Safety Scanner to for the second run of Malware removal.

There are a lot of other tools/programs that I use to remove the Malware whenever necessary.

 

Just Another Day in Malware Removal

Another day, another computer infested with malware.

IMG_5078

Potentially Unwanted Programs (PUP) identified here:

  • BackupDutyLite
  • ImminentMessenger
  • ImproveSpeedPC
  • iYogiToolbar
  • SearchProtectAll
  • Starter (DriverGenius)