- Generates pop-up, coupon, pop-under and other similar ads on your screen
- Placing other advertisements into your web pages
- Redirects you to malicious websites containing bogus contents
- Tracking your movements on the web to help nefarious marketers send more crap your way to generating revenue
Security researchers at Symantec have been tracking a malware tool that, for a change, most victims wouldn’t actually mind have infecting their systems–or almost, anyway.
The threat dubbed Linux.Wifatch compromises home routers and other Internet-connected consumer devices. But unlike other malware, this one does not steal data, snoop silently on victims, or engage in other similar malicious activity.
Instead, the author or authors of the malware appear to be using it to actually secure infected devices. Symanetc believes the malware has infected tens of thousands of routers and other IoT systems around the world. Yet, in the two months that the security vendor has been tracking Linux.Wifatch it has not seen the malware tool being used maliciously even once.
“In fact all the hardcoded routines seem to have been implemented in order to harden compromised devices,” Symantec security researcher Mario Ballano wrote in a blog post published Thursday.
Wifatch has one module that attempts to detect and remediate any other malware infections that might be present on a device that it has infected. “Some of the threats it tries to remove are well known families of malware targeting embedded devices,” Ballano wrote.
I see this documented around the interwebs quite a bit and always with the same limitation of only working correctly with files that contain no spaces in the filename. This is an easy fix so I’ll go over it all again below.
Create a new file in /usr/share/nemo/actions (you must maintain the .nemo_action file ending). Let’s create a new file called shred.nemo_action with the following contents:
Comment=Securely Delete File
Exec=shred –force –remove –verbose –zero %F
The key part that most people miss is the “Quote=double” option. This is what allows the action to run successfully on files with spaces in the filename.
Your web browser is under attack. Aside from simply tricking you into downloading and running malicious software, attackers mainly target flaws in your browser and its plug-ins to compromise your PC.
Use these tips to secure your web browser from attackers, whether they’re using malvertising attacks, compromising websites, or just directing you to malicious websites they’ve created.
Keep Your Browser Updated
Use a current web browser and keep automatic updates enabled. Don’t use an outdated web browser like Apple’s Safari for Windows or old versions of Microsoft’s Internet Explorer.
Use Google Chrome or Mozilla Firefox and leave automatic updates enabled, use a current version of Internet Explorer on a modern version of Windows and install Windows updates, or use Microsoft Edge on Windows 10.
WSCC is a free, portable program that allows you to install, update, execute and organize the utilities from various system utility suites. WSCC can install and update the supported utilities automatically. Alternatively, WSCC can use the http protocol to download and run the programs. WSCC is portable, installation is not required. Extract the content of the downloaded zip archive to any directory on your computer.