Home Tags Bulgarian

Tag: Bulgarian

WannaCry ransomware used in widespread attacks all over the world

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world.
In these attacks, data is encrypted with the extension “.WCRYrdquo; added to the filenames. Our analysis indicates the attack, dubbed “WannaCryrdquo;, is initiated through an SMBv2 remote code execution in Microsoft Windows.

Wikileaks: 'State Party' Cut Off Assange's Internet Access

"We have activated the appropriate contingency plans," Wikileaks said without elaborating. A "state party" has cut off Wikileaks founder Julian Assange's Internet access, the organization announced on Twitter today. Assange, who said in August that U...

Assange Tries To Downplay Malware In WikiLeaks Archive

On Tuesday, Wikileaks celebrated its 10th anniversary with a press conference in Berlin. In addition to reflecting on the publisher’s various releases over the years, Wikileaks editor Julian Assange hinted that more disclosures around the US election would come soon. But recently, one researcher found that Wikileaks’ site is hosting tens of thousands of malicious files within its archives, potentially infecting visitors who execute them. At the press conference, Assange downplayed the risk to users, talking via video-link from London. “The [Hillary] Clinton campaign has been going around saying ‘don’t read Wikileaks, because there’s malware,'” Assange said in response to a general question about malware on the site from Motherboard. Talking specifically about malicious files that were included within a recent dump of emails from Turkey, Assange emphasised that there wasn’t an issue for users who just visited the site, and that people needed to download the files themselves. “However this same risk exists for most '.exe' or '.doc' files downloaded elsewhere from the internet or received by email. As time goes by we flag documents to alert readers,” a print-out given to journalists at the press conference reads. Assange even thought that the presence of malware itself was noteworthy. “There was malware sent to [the ruling Turkish party] AKP, either from criminals or from state attacks on the AKP. That’s extremely interesting,” he said. Dr. Vesselin Bontchev, the Bulgarian researcher who has monitored malware on Wikileaks, told Motherboard that the site contains at least 33,000 malicious files. These are within the Turkish email dump, he said. Once a visitor has downloaded one of the files, perhaps not knowing what it contains, “the user will be just a single click away from infecting their machine,” Bontchev wrote in an email. Bontchev also disagreed with Wikileaks’ assertion that the risk of opening malware from Wikileaks is just like downloading files from anywhere else on the internet. “Most websites don't make tens of thousands of malicious files available for download. Unless, of course, we are talking about malware distribution sites, but I have a hard time thinking of even one of those that has so many malicious files available!” Bontchev wrote. Bontchev said in, response to his work, Wikileaks has replaced around 300 malicious files with text. But even with that, it is still possible for users to download the malware, Bontchev added. “Wikileaks readers ARE at risk, because the Wikileaks website makes it way too easy for them to download malware on their desktops and doesn't adequately warn them about its presence,” he added.

Watch Out for Malware in Those Wikileaks Email Dumps

A security researcher found more than 300 instances of malware available for download on Wikileaks. Amid the vast treasure trove of state secrets that Wikileaks has released are quite a few emails containing malware, a Bulgarian security researcher discovered this week. Vesselin Bontchev, an engineer at Bulgaria's National Laboratory of Computer Virology, found that the Wikileaks database currently contains more than 300 emails with malicious attachments, The Register reports. Bontchev posted links to each of the emails on Github, as well as the URLs on the Wikileaks site that host the malware. Most of the emails are garden-variety phishing scams—the type that alert you to an important shipment or bank transfer coming your way and ask you to enter your personal details to confirm it. One appeared to be imitating shipping giant Maersk, and purported to have an invoice confirmation attached. Many others originated from or were sent to email addresses with Turkish domain names, possibly linking them to the more than 300,000 emails Wikileaks published following the failed military coup in Turkey last month. For each email, Bontchev included a link to online virus-scanning tool VirusTotal to confirm that the included attachment is indeed malware. "The list is by no means exhaustive; I am just starting with the analysis," he wrote on Github. "But what is listed below is definitely malware; no doubts about it." Wikileaks appears to offer no warnings on its website about potential malware contained in the emails it posts.

A spokesperson did not immediately respond to PCMag's request for comment on how it screens email attachments. After its 2010 release of American diplomatic cables propelled Wikileaks to international attention, the organization again generated controversy in the US last month when it posted hacked emails from the Democratic National Committee.

Founder Julian Assange has refused to identify the source of those emails, though many security experts—and the FBI—believe they may have been hacked by Russian cybercriminals.

WikiLeaks uploads 300+ pieces of malware among email dumps

Freedom. Justice. Openness.

And some entirely avoidable p0wnage for good luck WikiLeaks is hosting 324 confirmed instances of malware among its caches of dumped emails, a top Bulgarian anti-malware veteran says. Random checks of reported malware hashes find the trojans are flagged as malware by Virus Total's static analysis checks. Much of the malware appear to be attachments emailed by black hats in a bid to compromise the various parties affected in the WikiLeaks dumps. Dr Vesselin Bontchev (@bontchev) says the instances of malware are only those confirmed and found in an initial search effort. Dr Bontchev, an antivirus researcher of nearly 30 years and former founder of the National Laboratory of Computer Virology in Bulgaria, said there were "no doubts" that the malware hosted on WikiLeaks was indeed malware. "The list is by no means exhaustive; I am just starting with the analysis," Bontchev says. "But what is listed below is definitely malware; no doubts about it." The document dumpster uploads attachments for the emails it releases but offers no warning about the security implications of downloading macro-enabled documents, executables, and other potentially malicious files. A feasibly simple antivirus check would have cleared a lot if not all of the attachment malware given the huge 80 to 100 percent hit rate Virus Total returned when testing files selected randomly from Dr Bontchev's list. ® Sponsored: 2016 Cyberthreat defense report