Dok Malware is the Disease that Ailes You

Currently, there is NO cure...

Malware – and specifically ransomware – is probably the most compelling reason I know of to completely abandon personal computing. Depending on where you are, what bug(s) you get, and how badly it affects you, I can totally understand the urge some people must feel to leave the computer age behind. Ransomware, or the type of computer virus that encrypts your hard drive without any way of recovering your data unless and until you cough up a payment or two to a hacker, who is then supposed to send you a key that removes the encryption from your hard drive, allowing you to recover your data, can be especially damaging if you don’t have the data backed up or if your backup(s) also gets infected. Infections like these are especially harmful to small businesses that simply don’t have the cash or resources to remove the infection or pay the ransom.

In order to prevent infections like these, regardless of what operating system or computer type you use, its highly recommended that you use a reputable malware scanner. Like I said… anyone can get malware… (Part 1, Part 2). Problems start when the malware scanner you’re using can’t detect the latest, greatest bug to be declared in the wild – case in point: Dok is the latest critter to move into the macOS space, and it targets ALL versions of OS X and macOS; and will take complete control of your Mac if you let it.

Before we go any further, there is a silver lining to this massive, malware cloud of doom – it’s a phishing attack that requires the user to open a ZIP archive that’s attached to an email message. This should be a warning sign to just about everyone – opening ZIP attachments in an email is likely NOT a good idea, regardless of where they’re coming from or who is sending them.

So, what exactly is phishing? According to Wikipedia, phishing is

“the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. [Phishing] is a neologism created as a homophone of fishing due to the similarity of using bait in an attempt to catch a victim.”

Most phishing attempts usually occur via email or instant messaging (so you have to be careful with IM apps as well…) and the “attack” occurs when you open a specific attachment or open an active web page that executes code that directs you to enter personal information on to a page that looks and feels like the real thing. Phishing messages are often sent by imitations of auction sites, credit card and bank sites, online payment processing sites, or from an “IT administrator” from any of those places. The idea is to fool you into thinking that the website or service you’re using/ viewing is legitimate so the hacker can install or execute some other program that will steal financial or other information from you that will provide them with financial gain.

The best and worst thing about phishing attacks is that most users can prevent them by not clicking on suspicious links or opening dubious email attachments sent from people or places you don’t know or recognize or aren’t expecting to receive messages from.

According to Check Point Software, a leading antimalware software publisher, Dok isn’t detectable by any malware scanner from any vendor as of this writing. While this is likely to change quickly, it still represents a huge problem. Dok uses a signed developer certificate. This means that your Mac will allow it to install despite having Gatekeeper active. That signed developer cert is authenticated by Apple, and because of THAT, if you open a ZIP file on your Mac, you could be risking infection.

Once Dok is installed on your Mac, the malware has elevated privileges that will provide access to all communication methods, even those sent over SSL connections, by redirecting all of your traffic through a malicious proxy server. All of your traffic will be monitored, and the person(s) monitoring that data can look through the details, saving what they want. This information could include access to the financial and other PMI based accounts you opened while infected.

The best way to keep yourself infection free at this point is to stay uninfected. In other words, don’t open any ZIP files from anyone. Period. Just delete the email. If you think the sender is a trusted party, email them back and make other arrangements to retrieve the attachments. Services like Dropbox, Google Drive and Microsoft OneDrive all have ways to send secure links to files you want to share with others. Look into those.
Additional information on Dok can be found at Check Point’s Advisories archive. If you’re running Check Point Antivirus R75 – R77, you can prevent unauthorized remote access by following these instructions. If you suspect you already have Dok, you need to take a look at this article by Lory Gil over at iMore. All the folks there are awesome; and this article is especially helpful.

As I mentioned earlier, the best way to keep yourself infection free is to not open attachments in email, especially attachments from someone you don’t know; or if you get unexpected attachments from someone you do know.

In the case of the latter, a quick phone call or text message asking if they did send you something can save you a huge headache. Err on the side of caution, kids. It’s better to be safe than sorry…

You should also make certain you’re running a good antimalware app. If you’re running macOS, you can find one here. If you’re running a Windows machine, you can find one here.

Related Posts:

Browse secure with Comodo Dragon

Comodo Dragon is a free browser based on the Chromium technology that offers all the basic Google’s Chrome features plus an additional level of security and privacy. For instance if you visit a site that has a domain certificate, Comodo browser can make the difference between a superior and an inferior SSL certificate and notifies the user about this. From the privacy point of view, the Comodo browser will not connect to remote servers to report errors from your computer. Instead it returns error messages found on your computer so that it prevents the download tracking.

Besides its additional security and privacy modules, Comodo Dragon looks good using some fresh new browsing icons that improves not only the look of it but also increases simplicity. Without any extensions support or live bookmark sync, Comodo has a reduced memory footprint compared to the standard version of Chrome. But if you decide to choose simplicity and usability against complexity, the lack of these Chromium features is excusable.

If you are not sure if this browser is worth enough to try it out you should take in consideration two other important things. When installing the application you have the option to choose for a portable version of the program. You can also import your history, password, cookies and other settings from your current browser into Comodo. So there is nothing to make you not want it.

download Comodo Dragon 14.0

Related Posts:

Social networking creates big vulnerabilities

After an eight-month study, Palo Alto Networks (an enterprise security and firewall company) released a report that provides a global view into application usage by assessing 28 exabytes of application traffic from 1,253 enterprises between October 2010 and April 2011.

More than 40% of the 1,042 applications that Palo Alto Networks identified on enterprise networks can now use SSL or hop ports to increase their availability within corporate networks. This segment of applications will continue to grow as more applications follow Twitter, Facebook, and Gmail, who all have enabled SSL either as a standard setting or as a user-selectable option in an effort to create the perception of improved security for its end-users.

Contrary to popular opinion, social networking has not meant the death knell of webmail and instant messenger (IM). Compared with 12 months ago, IM traffic, as a percentage of overall traffic has more than doubled, while webmail and social networking increased nearly five times.

As browser-based file sharing applications now use peer-based technology and add clients as a “premium”, the question arises: will the business and security risks introduced by browser-based file sharing follow the same path as those that were introduced by P2P? The frequency of file transfer applications – 92% of FTP, 82% of P2P, and 91% browser-based file sharing—each provide business value, but represent security and business risks that may include exploits, malware vectors, and data loss.

Rene Bonvanie, vice-president of marketing at Palo Alto Networks declared:

“This data should be a wake-up call for IT teams who assume encrypted traffic is mainly HTTPS or for those who still believe that social networking usage is not taking place on their corporate networks.”

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox

Find us on Facebook