How To Prevent a Smurf Attack

What is a Smurf Attack?

A Smurf attack is a type of denial of service attack in which a system is flooded with spoofed ping messages. This creates high computer network traffic on the victim’s network, overwhelming the target.
The intended result is to slow down the target’s system to the point that it is inoperable, and vulnerable. The Smurf program accomplishes this by exploiting vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP).

How Does It Work?

It’s possible to accidentally download the Smurf Trojan from an unverified website or via an infected email link. Usually, the program will remain dormant on a computer until activated by a remote user. Smurf attacks target a router that interacts with a high number of devices.
The attacker then deploys large ICMP requests to the router, causing the connected devices to respond to the ping. The spoofed IP address that is attached to these packets is forced to absorb the echoes, which is a result of connected devices responding to the ping.
Any device connected to this router that is trained to respond to the ping will be unable to recognize the spoofed IP addresses.
Hackers gain access to the systems that are connected to their original target, slowing down a larger subset of the – this would not be possible by attacking just one victim.

How To Prevent a Smurf Attack?

Dealing with Smurf and similar DDoS attacks requires a prevention strategy that can monitor network traffic and detect any oddities, for example packet volume, behavior and signature. The right security service can help shut down a Smurf or other DDoS attack before it begins.
Therefore, you should install an antivirus and an anti-malware protection on time to effectively prevent all types of attacks.
You can protect yourself from a Smurf attack by blocking directed broadcast traffic that is coming into the network.

You should also disable IP broadcast addressing at each network router since it is seldom used. Make sure to configure hosts and routers not to respond to ICMP echo requests.

Stay safe with Zemana 🙂


Surprise Your Mother With Online Protection For This Mother’s Day!

Internet data shows that men use security software more than women because they are more aware of the dangers of online world. Security software companies usually have more male users than female, which means that men are protected online more than women.
Zemana team wants to try and change this by increasing the number of women who have the necessary protection, so we prepared a new treat for our users!
Mother’s Day is coming soon and one of the best things you can do for your mother this year is keep her safe online!
Some moms know a lot about online safety, some moms have technical background and some moms ask for their children’s help whenever they need to use the Internet :D. What we all can agree on is that every mother is unique and special in their own way.
Help us increase the number of women, who are safe online by surprising your mother with FREE ZEMANA PROTECTION this year on Mother’s Day!
All you have to do is send us a photo of you and your mother with Zemana elements.

Some Ideas You Can Use To Make The Photo:

  • You can take a photo of you and your mom wearing Zemana T-shirts
  • You can take a photo of you and your mom scanning your PC with one of Zemana products
  • You can take a photo of you and your mom scanning your phone with Zemana Mobile Antivirus…
These are just some of the ideas, we are sure you will come up with even more interesting ones! Good luck!
You can send your photos to:
Deadline: May 13, 2018
Stay safe with Zemana 🙂


How To Remove Svchost.exe Virus?

What Is SvcHost.exe?

Generally, svchost.exe is a non-malicious program required for Windows. It is a process used to host one or more Windows operating system services.
Because it is used as a common system process, some malware often uses a process name of “svchost.exe” to disguise itself. The original system file is located in C:\Windows\System32 folder. Any file named “svchost.exe” located in other folder can be considered as malware.

How Does It Work?

Because svchost.exe is a common process in the Task Manager, malware programs sometimes mask themselves by running under the same process name. Other times, a malware program may run, or inject, its service into an already running svchost.exe process. In either case, this masking action can make it difficult to detect and remove these malware programs.

What Is So Special About SvcHost.exe?

Even though it is a common process in the Task Manager and malware programs sometimes masquerade themselves by running under its name, sometimes a malware program may run into an already running clean svchost.exe process. This corrupts the original process and turns it into a virus.
It may often duplicate or copy their executable to the Windows system folders and later alter the registry to run this file every time you start your system.
To remove this process, you need to delete its segments or components. However, if you remove a genuine svchost.exe process from your machine, your machine may crash down instantly. Therefore, you need to install an antivirus or an antimalware software on time (it would be the best to have both), because they are prepared to remedy such circumstances.

How Did I Get Infected With SvcHost.exe?

The Svchost.exe virus can be distributed in several ways. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this Trojan without your permission or knowledge.
Another way of spreading this malware is spam email containing infected attachments or links to malicious websites. Usually, you would receive an email telling you that a shipping company failed at delivering a package for you.
If you open the attached file (or click on a link embedded inside the email) your computer gets infected.

How To Remove SvcHost.exe From a PC?

One of the best SvcHost.exe remover is Zemana AntiMalware and you can download it for free (it comes with 15-days free trial). It will detect spyware on your PC and remove it.
However, if you decide to continue using the Trial and do not wish to purchase the Premium subscription at the end of the trial, your Zemana AntiMalware program will disable premium features. All other (basic) features will remain unchanged.

Zemana AntiMalware as a SvcHost.exe removal tool for your PC

Manually removing can be quite complicated and you might not remove it completely. Therefore, you might need the help of an antivirus or anti-malware software.
Please follow the steps below to remove it completely with our Zemana AntiMalware:
STEP 1: Download and run Zemana Antimalware.
STEP 2: Once download, install the software on your PC. You can do this by double-clicking on ZAM program icon on your desktop or in your download files.
STEP 3: Press the “Scan” button.
STEP 4: When the scan is complete, click “Next”.
STEP 5: Restart your computer if you are prompted to do so.

Stay safe with Zemana 🙂

What is Cryptography?

Definition of Cryptography

Cryptography is associated with the process of converting ordinary plain text into unintelligible text and vice-versa.

It is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography protects data from theft or alteration.

History of Cryptography

Earlier cryptography was effectively synonymous with encryption but nowadays cryptography is mainly based on mathematical theory and computer science practice.

Before the modern era, cryptography focused on message confidentiality — conversion of messages from a comprehensible form into an incomprehensible one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without the key needed for decryption of that message.

Encryption attempted to ensure secrecy in communications, such as those of spies, military leaders, and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, etc.

Though it has been used for thousands of years to hide secret messages, systematic study of cryptology as a science started around one hundred years ago.

At the end of World War I, Arthur Scherbius, a German engineer invented The Enigma machine, which was a piece of spook hardware heavily used by the German forces during the World War II. Later, it was used by Britain’s code-breakers as a way of deciphering German signals traffic.

Modern Cryptography 

Modern cryptography is the cornerstone of computer and communications security. It is based on various concepts of mathematics such as number theory, computational-complexity theory, and probability theory.

There are three major characteristics that separate modern cryptography from the classical approach. It operates on binary bit sequences and it relies on publicly known mathematical algorithms for coding the information.

Secrecy is obtained through a secret key which is used as the seed for the algorithms. The computational difficulty of algorithms, the absence of a secret key, etc. make it impossible for an attacker to obtain the original information even if he knows the algorithm used for coding.

Symmetric Encryption

In symmetric encryption, you use the same key for both encryption and decryption of your data or message. Both of you need to have the same key in order to encrypt and decrypt the messages that you may exchange with each other.

Symmetrical encryption is an old and best-known technique. It uses a secret key that can either be a number, a word or a string of random letters.

The main disadvantage of the symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it.

Image source:

Image source:

Asymmetric Encryption

Asymmetric encryption is quite opposite of the symmetric encryption because it doesn’t use a single key but a pair of keys: a private one and a public one.

You use one to encrypt your data, which is called public key, and the other to decrypt the encrypted message, which is called the private key.

Your private key is yours and it must be kept private, because it is the only key that can decrypt any message that was encrypted with your public key.

Public keys are public and thus no security is required – it needs to be publicly available and can be passed over the Internet.

The public key is used to encrypt a message that can only be decrypted using its private counterpart.

Designed by, can be found on ''''

Image source:


Cryptography has played an enormous role in the shaping and development of many societies and cultures.

Today, cryptography takes a new shift, new algorithms are being developed to catch up with the eavesdroppers and secure information to enhance confidentiality.


GDPR in the Cyber Security World

What Is GDPR?

We have all heard talks about GDPR. But some of you might still have questions about what it really is. In this blog post, we are going to explain shortly what GDPR is all about. Later, in our future posts, you will be able to learn more about it.

General Data Protection Regulation is a European privacy regulation that is going to be implemented on May 25, 2018, across the entire EU and EEA region.

Why Do We Need It?

GDPR will provide citizens with better control over their personal data and giving them certainty that their information is being protected. They will have an insight to how their data is used, and they will know who has access to their data. Every gathering of data by companies will be possible only if an individual has been informed about it.

To implement GDPR, companies should constantly invest in their technology to improve their security against cyber-attacks, rapidly detect and respond to malicious threats, and minimize security risks.

GDPR will give people more power over their personal data. On the other hand, it will decrease the power of some organizations who collect and use such data for monetary gain. Even though GDPR does create challenges and efforts for companies, it also creates opportunities.

Will It Be Difficult For Companies to Adjust to These Requirements?

For many companies it will probably be difficult. However, they will have to adjust because EU has set up very tough penalties for all those companies that do not comply – a fine of 20 million euros.

Man-in-the-middle Attack

Often, we have conversations where there’s confidential information flow between two parties. A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late.

In other words, man-in-the-middle attacks are a common type of cybersecurity attack that allows attackers to eavesdrop on the communication between two targets.

A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.

In a man-in-the-middle-attack, the attacker becomes an intermediary between all communications happening between victim systems and the gateway. He can easily sniff and modify information at will. A man in the middle attack happens in both wired and wireless networks.

How Does It Work?

Here is an example of how it goes:

Jane and Peter are having a conversation; Eve wants to eavesdrop on the conversation but also remain transparent. Eve could tell Jane that she was Peter and tell Peter that she was Jane. This would lead Jane to believe she’s speaking to Peter, while revealing her part of the conversation to Jane. Jane could then gather information from this, alter the response, and pass the message along to Peter (who thinks he’s talking to Alice). As a result, Eve can transparently hijack their conversation.

Different Types of Man-in-the-middle Attack

There is not just simply one type of man-in-the-middle-attack. Rather, there are several types of MITM attacks:

  •          ARP poisoning
  •          WiFi WEP/ WPA/2 Hacking
  •          DNS spoofing
  •          STP mangling
  •          Port stealing

ARP Poisoning

A successful ARP spoofing (poisoning) attack allows an attacker to alter routing on a network, effectively enabling a man-in-the-middle attack.

In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network.

Generally, the aim is to associate the attacker’s MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

WiFi WEP/ WPA/2 Hacking

Once the WEP or WPA encryption process starts, the attacker can commence his own operation by using a sniffer program to find wireless gadgets running in peer mode. This should enable him to gain root access to a system in the long run – he has already bypassed the main defenses of your mobile or wireless connection).

After that, he can deploy a key logger or a precisely placed Trojan horse that will allow him to gain complete control over your network system, exploiting every weakness that’s been outlined thus far.

The WiFi client hacking attack described above can be done even if the victim is traveling and only using his laptop at an airport or hotel lobby. It will have to expose itself to hackers as well; that’s the true price of using a complimentary WiFi service. 

DNS Spoofing

DNS Spoofing is a type of computer attack wherein a user is forced to visit a fake website disguised to look like a real one, with the intention of diverting traffic or stealing credentials of the users. Spoofing attacks can go on for an extended period without being detected and can cause serious security issues.

DNS spoofing is done by replacing the IP addresses stored in the DNS server with the ones under control of the attacker.

Therefore, every time users try to go to a certain website, they get directed to the false websites placed by the attacker in the spoofed DNS server. This way your computer is convinced that the attacker’s site is to be trusted and that it is the site you requested.

STP Mangling

STP (Spanning-Tree Protocol) mangling refers to the technique used by the attacker host to be elected as the new root bridge of the spanning tree.

The attacker may start either by creating BPDUs (Bridge Protocol Data Units) with high priority assuming to be the new root, or by broadcasting STP Configuration/Topology Change Acknowledgement BPDUs to get his host elected as the new root bridge.

By taking over the root bridge, the attacker will be able to intercept most of the traffic.

Port stealing

Port stealing is a kind of attack where someone “steals” traffic that is directed to another port of an Ethernet switch. This attack allows someone to receive packets that were originally directed to another computer.

It does so by making the switch believe that the attacker’s port is the correct destination for the packet.

This is how the port stealing technique works:

  1. Steal the port,
  2. Receive some data,
  3. Give the port back,
  4. Forward the data to the real destination,
  5. Go back in step 1 by stealing the port again.

Man-in-the-middle Attack Prevention 

Your best defense against man-in-the-middle attack is to be very cautious when connecting to free or unsecured Wi-Fi networks. When visiting a website, make sure “HTTPS” is always in the URL bar of the websites you visit.

Be aware of the potential phishing emails from attackers asking you to update your password or any other log in credentials. Instead of clicking in the link provided in the email, you can manually type the website in questions address into the URL bar of your browser and proceed from there.

The best way to protect your PC from any type of malware on time is installing an antivirus solution, as a basic protection tool and an anti-malware solution as a necessary additional layer of protection. Be sure to keep the programs up to date.

To protect against man-in-the-middle attacks, you can consider using an anti-keylogger or rootkit detection software as well.

You can try our Zemana AntiLogger, a pioneer in anti-keylogging software or our Zemana AntiMalware, which proved to be the best anti-ransomware tool and the best rootkit and bootkit remediator according to MRG Effitas.

The Most Famous Man-in-the-middle Attack

It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom.

The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. The malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers.

Documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, code-named Operation Socialist.

The Biggest Cyber Crimes in Our Recent History

What Is a Cyber-Attack?

A cyber-attack is an attempt by hackers to damage or destroy a computer network or system. It is a deliberate exploitation of computer systems, technology-dependent enterprises and networks.
Cyber-attacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cyber-crimes, such as information and identity theft.
There are many forms of a cyber-attack and ransomware is just one of them. Cyber-attacks usually occur when hackers create a malicious code known as malware and distribute it through spam email campaigns or phishing campaigns.
Cyber-attacks might be divided into two broad types:
  • Attacks where the goal is to disable the target computer or knock it offline, or
  • Attacks where the goal is to get access to the target computer’s data and perhaps gain admin privileges on it
Victims of cyber -attacks can be random or targeted, depending on cyber criminals’ intentions.

Biggest Cyber-Crimes In History

Cyber-crime is on the up and today it’s more prevalent than ever. As cyber-crime becomes more of an issue many organizations seek to protect themselves using courses to train employees in the very real risks of the online world.
Check out some of the biggest cyber attacks in the last 5 years.

Target Breach in 2013

In 2013 personal data from 70 million Target customers got stolen before Christmas. Personal data included customers’ names and their credit cards and debit cards information. After this, Target experienced a decrease in their sales.

Yahoo Breach in 2013

One of the largest data thefts occurred in 2013 when personal information such as names, phone numbers, passwords and email addresses from one billion users got stolen.
Then in 2014, another 500 million accounts were compromised. The Yahoo hacking scandal is without a doubt one of the largest security breaches of the modern day.
Sony Pictures Virus Attack In 2014
Sony Pictures Entertainment got hit with a virus in 2014 by hackers allegedly connected with North Korea. They stole employee e-mails, information on executive salaries and copies of unreleased movies.
There was a widespread speculation that the group was trying to disrupt release of the film, The Interview, a comedy depicting a plot to assassinate North Korean leader Kim Jong-un.
JP Morgan Breach In 2014
Hackers hijacked one of ­JPMorgan Chase’s servers and stole data about millions of the bank’s accounts and thought to have made hundred million dollars in illegal profits.
Along with personal data, the hacking group also stole information related to company performance and news, which allowed them to manipulate stock prices and make enormous financial gain.
NHS Virus Attack In 2017
Ransomware named “WannaCry” was delivered via email in the form of an attachment and caused chaos among the UK’s medical system.
Once a user clicked on the attachment, the virus was spread through their computer, locking up all their files and demanding money before they could be accessed again.
This became one of the most widespread cyber attacks ever leaving the NHS system disabled for weeks.