Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On April 13, 2016

April 12, SecurityWeek – (International) Ramdo Click-Fraud malware continues to evolve. Security researchers from Dell SecureWorks and Palo Alto Networks released an analysis on the Ramdo click-fraud malware, also known as Redyms, which stated that the Ramdo malware was capable of downloading and installing additional malicious software on infected devices after it tricks users into selecting an online ad from other infection systems. The report stated that while the malware was not very sophisticated, its operators were actively working on implementing new features and methods to avoid detection and prevent analysis. Source

April 11, SecurityWeek – (International) pushes free HTTPS to all hosted sites. WordPress reported that it will host all free Hypertext Transfer Protocol Secure (HTTPS) traffic for all custom domains including blogs and Web sites which will ensure users are provided with only secured, HTTPS traffic. Source

April 11, SecurityWeek – (International) Malware found in IoT cameras sold by Amazon. The co-founder of Proctorio discovered that a set of security cameras sold from, Inc., were infected with malware after finding that an iframe, brenz_pl/rc/, was linked to a malicious Web site when connecting to a personal computer that could potentially allow attackers remote control, remote access, and to control components in a targets’ home. Source

April 11, Softpedia – (International) “ID Ransomware” website helps identify ransomware infections. An independent security researcher launched a new Web site named ID Ransomware that will help ransomware victims recover their encrypted files without paying the ransomware fee by allowing users to upload their encrypted files to the Web site where a thorough analysis will be conducted to notify victims which ransomware variant has locked their computers or files. Once the Web site detects the ransomware type, users will receive a link to download a decrypter to unlock encrypted files. Source

April 11, Softpedia – (International) Jigsaw ransomware threatens to delete your files, free decrypter available. Security researchers from @MalwareHunterTeam discovered a new ransomware dubbed Jigsaw was infecting computers with an unknown infection method and threatening victims to pay the ransomware fee by targeting 226 different file types, encrypting each file with an Advanced Encryption Standard (AES) algorithm, and adding the .fun extension at the end of each file name. Researchers advised victims to download the JigSawDecrypter to decrypt locked files. Source

April 8, SecurityWeek – (International) Google improves safe browsing for Network Admins. Google reported that it made improvements to its Safe Browsing Alerts for Network Administrators service that will inform administrators about Universal Resource Language (URL) related to malicious software, potentially unwanted programs (PUPs), and social engineering, as well as inform users about compromised pages on their networks that can allegedly harm users via drive-by downloads or exploits. Source

April 11, SecurityWeek – (International) Malware changes router DNS settings via mobile devices. Security researchers from Trend Micro discovered a JavaScript malware dubbed, JS_JITON can allow attackers to access a home router’s device and change its Doman Name Server (DNS) settings as the malware’s code includes 1,4000 combinations of common credential and was seen distributed via compromised Web sites from a mobile device. Researchers noted that only the ZTE modem exploit was active and the malware is executed solely from a mobile device. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.