Friday, May 25, 2018

What is Stuxnet Virus and how does it work?

What is Stuxnet Virus?

Stuxnet worm is a rootkit exploit that targets supervisory control and data acquisition (SCADA) systems. SCADA systems are used widely for industrial control systems, such as power, water and sewage plants, as well as in telecommunications and oil and gas refining.
At the beginning, when this piece of malware was first discovered its purpose wasn't fully understood, but it was clear its design was complex, and it probably could not have been written without a team of expert programmers working over a period of several months.

How does it work?

Like most other viruses, Stuxnet spreads via the internet and on USB sticks. And the way it does this is not particularly clever or well hidden. To reach its target, Stuxnet needs to spread via USB sticks, allowing it to penetrate industrial systems disconnected from the Internet and thought to be safe from malware. However, apparent mistakes mean it also spreads via the internet.
Once Stuxnet had infected a computer, the worm could copy itself to any flash drives subsequently connected to the computer, and then spread from those flash drives to other computers.

What is so special about Stuxnet Virus?

Like the Zeus banking Trojan, Stuxnet code covered its tracks using stolen digital certificates to trick the operating system into letting Stuxnet install a rootkit. The malware could also avoid detection by traditional intrusion detection systems (IDS).
It is believed that Stuxnet was not designed for espionage, but rather to wipe out a large portion of Iran's nuclear centrifuges.
Stuxnet was designed to limit the acceleration of its spread by infecting a maximum of three computers from a single flash drive. Additionally, Stuxnet was very good at hiding on systems.

Who was Stuxnet aimed at?

Even though the Stuxnet makers included measures to limit its spread, something went wrong.
Stuxnet was aimed at a specific target list; it was designed to infiltrate heavy-duty industrial control programs that monitor and manage factories, oil pipelines, power plants and other critical installations, but somehow it spread to thousands of PCs outside Iran, in countries such as China and Germany, Kazakhstan and Indonesia.

How to remove Stuxnet from a PC?

To remove Stuxnet from your PC, try Zemana AntiMalware, which you can download it for free (it comes with 15-days free trial). It will successfully detect Stuxnet on your PC and remove it.

However, if you decide to continue using the Trial and do not wish to purchase the Premium subscription at the end of the trial, your Zemana AntiMalware program will disable premium features. All other (basic) features will remain unchanged.

Zemana AntiMalware as an Stuxnet removal tool for your PC

You have to remove Stuxnet permanently. Zemana AntiMalware will effectively detect and completely remove any piece of malware from your computer.

To do so, please follow the steps below:

STEP 1: Download and run Zemana Antimalware.
STEP 2: Once download, install the software on your PC. You can do this by double-clicking on ZAM program icon on your desktop or in your download files.
STEP 3: Press the "Scan" button.
STEP 4: When the scan is complete, click "Next".
STEP 5: Restart your computer if you are prompted to do so.

Wednesday, May 16, 2018

What you need to know about GDPR

GDPR stands for General Data Protection Regulation and it going to regulate personal data of EU citizens, which means collecting  or processing any information that can be used to identify a person.

It is supposed to :

- strengthen the rights of individuals over their own data                         
- make organizations accountable
- ensure equal protection of EU human rights

Who does GDPR applies to?

It applies to any data controller or data processor that is offering goods or services to the people in the European Union, as well as monitoring their behavior as far as their behavior takes place within the Union

The companies which are not located in EU but do business with clients or companies from EU must also comply with GDPR.

Data Controller is a company or an organization that collects and controls the data, makes the decisions about what is going to happen with it and how it is going to be used.

Data Processor is a company or an organization that works for and processes data on behalf of a data controller. A data controller decides the purpose and the manner in which the data will be processed, while data processors hold and process data, but do not have any responsibility or control over that data.

How does GDPR affect individuals?

Under GDPR Data subjects have the right to:

- Know what is going to be done with their data
- Have copies of all the data about them
- Have incorrect data corrected
- Have their data erased or forgotten
- Restrict processing
- Data portability
- Object to data being processed
- Not be subject to automated processing

What if you don't comply?

Companies that choose to ignore GDPR by not complying with it are going to pay high fines.

The companies who don't comply with core principles or data subject rights are going to pay administrative fines (20 million Euros or 4% of their annual turnover).

The companies who fail to comply data controller responsibilities are also going to pay administrative fines (10 million Euros or 2% of annual turnover).

Apart from material damage, these companies can risk losing their partners' and customers' trust.

Friday, May 11, 2018

How to prevent a Smurf attack

What is a Smurf attack?

A Smurf attack is a type of denial of service attack in which a system is flooded with spoofed ping messages. This creates high computer network traffic on the victim’s network, overwhelming the target.

The intended result is to slow down the target’s system to the point that it is inoperable, and vulnerable. The Smurf program accomplishes this by exploiting vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP).

How does it work?

It's possible to accidentally download the Smurf Trojan from an unverified website or via an infected email link. Usually, the program will remain dormant on a computer until activated by a remote user;
Smurf attacks target a router that interacts with a high number of devices. 

The attacker then deploys large ICMP requests to the router, causing the connected devices to respond to the ping. The spoofed IP address that is attached to these packets is forced to absorb the echoes, which is a result of connected devices responding to the ping.

Any device connected to this router that is trained to respond to the ping will be unable to recognize the spoofed IP addresses.

Hackers gain access to the systems that are connected to their original target, slowing down a larger subset of the - this would not be possible by attacking just one victim.

How to prevent a Smurf attack?

Dealing with Smurf and similar DDoS attacks requires a prevention strategy that can monitor network traffic and detect any oddities, for example packet volume, behavior and signature. The right security service can help shut down a Smurf or other DDoS attack before it begins.

Therefore, you should install an antivirus and an anti-malware protection on time to effectively prevent all types of attacks.

You can protect yourself from a Smurf attack by blocking directed broadcast traffic that is coming into the network.

You should also disable IP broadcast addressing at each network router since it is seldom used. Make sure to configure hosts and routers not to respond to ICMP echo requests.

Stay safe with Zemana :)

Thursday, May 10, 2018

Surprise your mother with online protection for this Mother's Day!

Internet data shows that men use security software more than women because they are more aware of the dangers of online world. Security software companies usually have more male users than female, which means that men are protected online more than women.

Zemana team wants to try and change this by increasing the number of women who have the necessary protection, so we prepared a new treat for our users!

Mother's Day is coming soon and one of the best things you can do for your mother this year is keep her safe online!

Some moms know a lot about online safety, some moms have technical background and some moms ask for their children's help whenever they need to use the Internet :D. What we all can agree on is that every mother is unique and special in their own way.

Help us increase the number of women, who are safe online by surprising your mother with FREE ZEMANA PROTECTION this year on Mother's Day!

All you have to do is send us a photo of you and your mother with Zemana elements.

Some ideas you can use to make the photo:

- You can take a photo of you and your mom wearing Zemana T-shirts
- You can take a photo of you and your mom scanning your PC with one of Zemana products
- You can take a photo of you and your mom scanning your phone with Zemana Mobile Antivirus...

These are just some of the ideas, we are sure you will come up with even more interesting ones! Good luck!

You can send your photos to:

Deadline: May 13, 2018

Stay safe with Zemana :)

Wednesday, May 9, 2018

How to Remove Svchost.exe Virus?

What is SvcHost.exe?

Generally, svchost.exe is a non-malicious program required for Windows. It is a process used to host one or more Windows operating system services.

Because svchost.exe is used as a common system process, some malware often uses a process name of “svchost.exe” to disguise itself. The original system file svchost.exe is located in C:\Windows\System32 folder. Any file named “svchost.exe” located in other folder can be considered as malware.

How does it work?

Because svchost.exe is a common process in the Task Manager, malware programs sometimes mask themselves by running under the same process name of svchost.exe. Other times, a malware program may run, or inject, its service into an already running svchost.exe process. In either case, this masking action can make it difficult to detect and remove these malware programs.

What is so special about SvcHost.exe?

Even though svchost.exe is a common process in the Task Manager and malware programs sometimes masquerade themselves by running under its name, sometimes a malware program may run into an already running clean svchost.exe process. This corrupts the original process and turns it into a virus.

The Svchost.exe may often duplicate or copy their executable to the Windows system folders and later alter the registry to run this file every time you start your system.

To remove this process, you need to delete its segments or components. However, if you remove a genuine svchost.exe process from your machine, your machine may crash down instantly. Therefore, you need to install an antivirus or an antimalware software on time (it would be the best to have both), because they are prepared to remedy such circumstances.

How did I get infected with SvcHost.exe?

The Svchost.exe virus can be distributed in several ways. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this Trojan without your permission or knowledge.

Another way of spreading this malware is spam email containing infected attachments or links to malicious websites. Usually, you would receive an email telling you that a shipping company failed at delivering a package for you.

If you open the attached file (or click on a link embedded inside the email) your computer gets infected with the Svchost.exe virus.

How to remove SvcHost.exe from a PC?

One of the best SvcHost.exe remover is Zemana AntiMalware and you can download it for free (it comes with 15-days free trial). It will detect spyware on your PC and remove it.

However, if you decide to continue using the Trial and do not wish to purchase the Premium subscription at the end of the trial, your Zemana AntiMalware program will disable premium features. All other (basic) features will remain unchanged.

Zemana AntiMalware as a SvcHost.exe removal tool for your PC

Manually removing SvcHost.exe can be quite complicated and you might not remove it completely. Therefore, you might need the help of an antivirus or anti-malware software.

Please follow the steps below to remove it completely with our Zemana AntiMalware:

STEP 1: Download and run Zemana Antimalware.
STEP 2: Once download, install the software on your PC. You can do this by double-clicking on ZAM program icon on your desktop or in your download files.

STEP 3: Press the "Scan" button.

STEP 4: When the scan is complete, click "Next".
STEP 5: Restart your computer if you are prompted to do so.

Stay safe with Zemana :)

Monday, May 7, 2018

What is Cryptography?

Definition of Cryptography

Cryptography is associated with the process of converting ordinary plain text into unintelligible text and vice-versa. It is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography protects data from theft or alteration.

History of Cryptography

Earlier cryptography was effectively synonymous with encryption but nowadays cryptography is mainly based on mathematical theory and computer science practice.

Before the modern era, cryptography focused on message confidentiality — conversion of messages from a comprehensible form into an incomprehensible one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without the key needed for decryption of that message. Encryption attempted to ensure secrecy in communications, such as those of spies, military leaders, and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, etc.

Though it has been used for thousands of years to hide secret messages, systematic study of cryptology as a science started around one hundred years ago. At the end of World War I, Arthur Scherbius, a German engineer invented The Enigma machine, which was a piece of spook hardware heavily used by the German forces during the World War II. Later, it was used by Britain's codebreakers as a way of deciphering German signals traffic.

Modern Cryptography 

Modern cryptography is the cornerstone of computer and communications security. It is based on various concepts of mathematics such as number theory, computational-complexity theory, and probability theory. There are three major characteristics that separate modern cryptography from the classical approach. It operates on binary bit sequences and it relies on publicly known mathematical algorithms for coding the information. Secrecy is obtained through a secret key which is used as the seed for the algorithms. The computational difficulty of algorithms, the absence of a secret key, etc. make it impossible for an attacker to obtain the original information even if he knows the algorithm used for coding.

Symmetric encryption

In symmetric encryption, you use the same key for both encryption and decryption of your data or message. Both of you need to have the same key in order to encrypt and decrypt the messages that you may exchange with each other. Symmetrical encryption is an old and best-known technique. It uses a secret key that can either be a number, a word or a string of random letters. The main disadvantage of the symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it.

Asymmetric encryption

Asymmetric encryption is quite opposite of the symmetric encryption because it doesn't use a single key but a pair of keys: a private one and a public one. You use one to encrypt your data, which is called public key, and the other to decrypt the encrypted message, which is called the private key. Your private key is yours and it must be kept private, because it is the only key that can decrypt any message that was encrypted with your public key. Public keys are public and thus no security is required - it needs to be publicly available and can be passed over the Internet. The public key is used to encrypt a message that can only be decrypted using its private counterpart.


Cryptography has played an enormous role in the shaping and development of many societies and cultures. Today, cryptography takes a new shift, new algorithms are being developed to catch up with the eavesdroppers and secure information to enhance confidentiality.

Thursday, April 26, 2018

GDPR in the Cyber Security World

What is GDPR?

We have all heard talks about GDPR. But some of you might still have questions about what it really is. In this blog post, we are going to explain shortly what GDPR is all about. Later, in our future posts, you will be able to learn more about it.

General Data Protection Regulation is a European privacy regulation that is going to be implemented on May 25, 2018, across the entire EU and EEA region.

Why do we need it?

GDPR will provide citizens with better control over their personal data and giving them certainty that their information is being protected. They will have an insight to how their data is used, and they will know who has access to their data. Every gathering of data by companies will be possible only if an individual has been informed about it.

To implement GDPR, companies should constantly invest in their technology to improve their security against cyber-attacks, rapidly detect and respond to malicious threats, and minimize security risks.

GDPR will give people more power over their personal data. On the other hand, it will decrease the power of some organizations who collect and use such data for monetary gain. Even though GDPR does create challenges and efforts for companies, it also creates opportunities.

Will it be difficult for companies to adjust to these requirements?

For many companies it will probably be difficult. However, they will have to adjust because EU has set up very tough penalties for all those companies that do not comply – a fine of 20 million euros.