SignFlow engineers terminate menacing Bitcoin virus

Featured

pic for SignFlow bitcoin blogA dangerous Bitcoin-mining virus has been detected and disabled by two of our IT experts.

A potentially devastating Bitcoin-mining virus has been stopped in its tracks, thanks to the vigilance and quick actions of SignFlow (a PBSA brand) engineers William Vermaak and Morne Wilken.

Vermaak and Wilken detected malicious activity on one of their customer’s servers last week, immediately analysed the source of the virus and un-infected the server.

According to Vermaak, the virus had gone undetected by all available virus packages. “We submitted samples to ESET the next day and [the company] immediately responded from its virus lab in Denmark, confirming the virus was wild and that detection for the threat had been added to its latest definition updates.”

Founded in 1992, ESET is a Slovakia-based IT security company that offers anti-virus and firewall products such as ESET NOD32. The security company named the virus winlog.VBS – VBS/TrojanDownloader.Agent.QE trojan winlog.bat – BAT/CoinMiner.UG Trojan.

By the time of detection, the virus had already infected 0.04% of Windows computers in South Africa, while Russia was hardest hit, with 0.5% of all Windows computers infected. Windows is currently the most popular end-user operating system in the world.

Essentially a Bitcoin-mining virus, the Winlog Virus downloads a Bitcoin CPU miner on the victim’s computer, and then mines Bitcoins for the virus originator. Vermaak says this type of virus is particularly evasive. “It tries to make itself resilient and configures various system schedules to start it again if it’s stopped. The virus will also install itself on the system as a system service.

“The virus infiltrates the System Registry and changes some keys to make itself run again if it’s shut down. Shortcuts on the victims’s Desktop are modified to run the virus and these then run the original program, in an attempt to mask it’s presence. The virus also copies itself into various other files on the system – including Microsoft.exe – to try ensure resilience.”

Prevalent pest

According to Manuel Corregedor, chief operations officer at information security company Telspace Systems, Bitcoin-mining viruses have become rampant. “There has definitely, in recent times, been an increase in Bitcoin-mining viruses – in particular the diversification of the type of currencies they mine.”

Almost three months ago, Russian president Vladimir Putin’s Internet advisor, Herman Klimenko, issued a dire public warning that 20 to 30 percent of all computers in Russia were infected with computer malware designed to turn devices into Bitcoin-mining machines.

At the time Klimenko told Moscow-based news broadcaster RBC that viruses that install bitcoin-mining software are the “most common and most dangerous” type of computer malware in existence.

Corregedor says the main issue Bitcoin-mining malware creates, is that it negatively impacts the performance of the victim’s computer. “[The malware] does this by stealing/utilising the infected computer’s resources (CPU, GPU, RAM, etc). This may result, over time, in increased wear and tear, which may cause the computer to fail or cease.” On top of this destructive consequence, he adds, there are other costs associated with increased power consumption.

But this destructive malware goes even further. Apart from the said performance impact, Corregedor notes that – apart from mining Bitcoins – it  has also been seen launching web- and network-based attacks, such denial of service attacks, login brute force attacks and web application attacks.

“It should also be noted that the danger [with Bitcoin-mining malware] is further increased due to the fact that [it] has been found to be infecting Internet of Things devices i.e. web cameras, routers, Network Attached Storage devices, etc.  The infections have mainly occurred due to these devices having default credentials configured on them – for example user name admin and password admin on a router.”

Protection pointers

Corregedor says users can protect themselves against these kinds of malicious virtual attacks by ensuring their operating systems (Windows, Linux etc) are up to date with the latest security updates (patches).

He gives the following pointers:

  • Ensure you have anti-virus software installed and that it is up to date
  • Ensure your devices are not using any default login credentials and/or weak login credentials, in particular devices such as routers
  • Enable/install a Firewall
  • Install a HIPS (Host Intrusion Prevention System)
  • Be cautious/aware when it comes to receiving unexpected emails with attachments and/or installing potentially unwanted software

“Attackers are constantly scanning the internet looking for devices that are not up to date and/or are not configured securely (for example using default credentials).  Once such systems are identified, they are infected with malware,” he warns.

“Additionally, attackers are also constantly sending out spam/phishing emails that contain malicious attachments.”

Corregedor says, while South Africa is just as vulnerable as any country when it comes to infection, the country’s lack of a National Information Security Awareness campaign could render it in deeper danger.

SA experts stop bitcoin virus

Published by IT-Online on 17 October 2017

A dangerous Bitcoin-mining virus has been detected and disabled by two Johannesburg-based IT experts.

White hat ethical hacker William Vermaak, from PBSA’s digital arm pbDigital, and senior software developer Morne Wilken, detected malicious activity on one of their customer’s servers last week. The two immediately analysed the source of the virus and uninfected the server.

According to Vermaak, the virus had gone undetected by all available virus packages.

“We submitted samples to ESET the next day and [the company] immediately responded from its virus lab in Denmark, confirming the virus was wild and that detection for the threat had been added to its latest definition updates.”

By the time of detection, the virus had already infected 0,04% of Windows computers in South Africa. Russia was hardest hit, with 0,5% of all Windows computers infected.

Essentially a Bitcoin-mining virus, the Winlog Virus downloads a Bitcoin CPU miner on the victim’s computer, and then mines Bitcoins for the virus originator.

Vermaak says this type of virus is particularly evasive. “It tries to make itself resilient and configures various system schedules to start it again if it’s stopped. The virus will also install itself on the system as a system service.

“The virus infiltrates the System Registry and changes some keys to make itself run again if it’s shut down. Shortcuts on the victims’s Desktop are modified to run the virus and these then run the original program, in an attempt to mask it’s presence. The virus also copies itself into various other files on the system — including Microsoft.exe — to try ensure resilience.”

Almost three months ago, Russian president Vladimir Putin’s Internet advisor, Herman Klimenko, issued a dire public warning that 20% to 30% of all computers in Russia were infected with computer malware designed to turn devices into Bitcoin-mining machines.

At the time, Klimenko told Moscow-based news broadcaster RBC that viruses that install bitcoin-mining software are the “most common and most dangerous” type of computer malware in existence.

 

SA white hat hackers disable Bitcoin-mining virus

Published by ITWeb on 17 October 2017.

A dangerous Bitcoin-mining virus has been detected and disabled by two Johannesburg-based IT experts.

A potentially devastating Bitcoin-mining virus has been stopped in its tracks, thanks to the vigilance and quick actions of two local IT experts.

Although mining Bitcoin with regular computer hardware is no longer profitable, that isn’t keeping criminals from giving it a try. Over the past few years, there have been several types of Bitcoin-mining malware, infecting computers all over the world.

White hat ethical hacker William Vermaak, from PBSA’s digital arm pbDigital, and senior software developer, Morne Wilken, detected malicious activity on one of their customer’s servers last week.

The two immediately analysed the source of the virus and uninfected the server. “Unfortunately, the only trace left in the code by the originator is the Bitcoin wallet that the Bitcoins will be deposited into. To trace the Bitcoin wallet is extremely difficult and you will need a police warrant to get any information from the Bitcoin companies hosting the wallet,” says Vermaak.

According to Vermaak, the virus had gone undetected by all available virus packages. “We submitted samples to ESET the next day and [the company] immediately responded from its virus lab in Denmark, confirming the virus was wild and that detection for the threat had been added to its latest definition updates.”

Founded in 1992, ESET is a Slovakia-based IT security company that offers anti-virus and firewall products such as ESET NOD32. The security company named the virus winlog.VBS – VBS/TrojanDownloader.Agent.QE trojan winlog.bat – BAT/CoinMiner.UG Trojan.

By the time of detection, the virus had infected 0.04% of Windows computers in SA, while Russia was hardest hit, with 0.5% of all Windows computers infected. Windows is currently the most popular end-user operating system in the world.

Essentially, a Bitcoin-mining virus, the Winlog Virus downloads a Bitcoin CPU miner on the victim’s computer, and then mines Bitcoins for the virus originator. Vermaak says this type of virus is particularly evasive.

“It tries to make itself resilient and configures various system schedules to start it again if it’s stopped. The virus will also install itself on the system as a system service. It infiltrates the System Registry and changes some keys to make itself run again if it’s shut down,” Vermaak explains.

“Shortcuts on the victim’s desktop are modified to run the virus and these then run the original program, in an attempt to mask its presence. The virus also copies itself into various other files on the system – including Microsoft.exe – to ensure resilience.”

Bitcoin-mining machines

Almost three months ago, Russian president Vladimir Putin’s Internet advisor, Herman Klimenko, issued a dire public warning that 20% to 30% of all computers in Russia were infected with computer malware designed to turn devices into Bitcoin-mining machines.

At the time Klimenko told Moscow-based news broadcaster RBC that viruses that install bitcoin-mining software are the “most common and most dangerous” type of computer malware in existence.

With the surge in Bitcoin-mining viruses, Vermaak says: “You need to keep your anti-virus software updated, and your operating system on the latest updates.

“With the growing demand for Bitcoin, this is sure to escalate in the near future, but it is still very new so hopefully we’ve stopped this method of infection for now.

“These days there is no such thing as a bulletproof system. Everything has got some weakness whether it’s a known or unknown vulnerability. Someone will find a vector that no one will think of to gain access to a system and use it to their advantage. The only thing you can do is to minimise the risk by using a good anti-virus package and to do backups regularly,” Vermaak concludes.

Delta State tackles land ownership with SA tech

Featured

itologo

Published by IT-Online on 29 June 2016

 

Nigeria’s oil and agricultural producing state Delta State makes a major breakthrough in land title acquisition using new digital signature technology.

New, locally-developed, digital signature technology sits behind a major breakthrough for Nigeria’s Delta State government, which kicks off its “Fast Track 90” scheme – a new digital system for the acquisition of legal titles for landed property.

Historically an onerous process fraught with bottlenecks, bureaucracy and prone to fraud, the issuance of Certificate-of-Occupancy (C-of-O) to property owners in Delta State will, going forward, be fast tracked to 90 days and fraud-proofed – thanks to a system written by pbDigital, a division of South African customer communications firm PBSA.

Delta State governor, Senator Ifeanyi Okowa, unveiled the Fast Track 90 scheme at the end of March, saying one of the biggest hindrances to investors was the high cost and delays associated with acquiring the legal titles to landed property in Delta State, Nigeria’s oil and agricultural producing state.

“Fast Track 90, an innovative policy of this administration designed to enhance ease of business in the state, has been initiated to overcome the bottlenecks that have become a recurring decimal in obtaining C-of-Os, it will take a maximum of ninety days for land owners to obtain their C-of-Os from the Ministry of Lands and Surveys and the new system is fast, transparent and in line with global best practices,” says Okowa.

The solution was positioned as having significant benefits for Delta State, including much faster turnaround times, considerably reduced C-of-O fees, security surety and, ultimately, increased investment in the state

Fast Track 90 relies on a software platform – recently developed specifically for the project – which connects to PBSA’s High Security Module Cloud Server infrastructure in South Africa. The solution is a hybrid, digital certificate issuing and verification solution for certificates that also need to be printed on paper.

Leon van der Merwe, head of pbDigital, explains: “Smatforms, a channel partner of PBSA in Nigeria, approached PBSA for a solution to digitise the paper-based issuing process for Delta State C-of-O documents. The solution-platform is built on pbDigital’s cloud technology that uses state-of-the-art cryptography to embed digital signatures in PDF documents.  The system is an end-to-end solution for issuing these documents.”

The software system features four main fully integrated platforms:

* Certificate Creator – a platform to import the variable data of the citizen that appears on the certificate.

* PDF and QR Code Creator – a platform that produces the digital certificates, each with its own unique QR code for printing.

* Digital Signature Workflow – a platform that allows the certificates to go through a digital approval and sign-off process.

* Certificate Manager – a platform that gives management full visibility throughout the certificate creation, sign-off and post certificate management processes.

Certificate verification

The printed certificate that is issued to the citizen contains an embedded QR code, explains Van der Merwe. “When the QR code is scanned with any generic, free QR code scanner using an online smart device, the original electronic document is opened from a secure cloud location. The electronic version of the document and the printed paper copy presented by the citizen can be compared and must have exactly the same content.

“The authenticity of the electronic document can also be verified by using a free version of Adobe PDF Reader to verify the signatures.

“The digital signatures on the document that were applied by the official authorities when the document was produced, carry X.509 personal cryptographic properties. During the verification process, these signature properties will have the verified personal information and Adobe AATL (Adobe Approved Trust List) certificate information embedded in each digital signature.”

Although developed for Delta State’s new C-of-O scheme, pbDigital’s digital certificate software can be used in any process involving the issuance of printed documents in need of future verification. “The software speeds up business processes, digitises workflow – creating a full audit trail – and completely eradicates fraud,” Van der Merwe adds.

SA tech underpins Delta State’s ‘Fast Track 90’ system

Featured

itweb africa logo

Published by ITWeb Africa on 29 June 2016

 

Nigeria’s Delta State has launched the ‘Fast Track 90’ digital system designed for the acquisition of legal titles for landed property.

Historically an onerous process fraught with bottlenecks, bureaucracy and prone to fraud, the issuance of Certificate-of-Occupancy (C-of-O) to property owners in Delta State will, going forward, be fast tracked to 90 days and fraud-proofed, claims pbDigital, a division of South African customer communications firm PBSA, and the company that developed the technology behind the digital system.

Delta State Governor, Senator Ifeanyi Okowa, unveiled the Fast Track 90 scheme at the end of March, saying one of the biggest hindrances to investors was the high cost and delays associated with acquiring the legal titles to landed property.

“Fast Track 90, an innovative policy of this administration designed to enhance ease of business in the state, has been initiated to overcome the bottlenecks that have become a recurring decimal in obtaining C-of-Os, it will take a maximum of ninety days for land owners to obtain their C-of-Os from the Ministry of Lands and Surveys and the new system is fast, transparent and in line with global best practices,” said Okowa.

Fast Track 90 relies on a software platform – recently developed specifically for the project – which connects to PBSA’s High Security Module Cloud Server infrastructure in South Africa. The solution is a hybrid, digital certificate issuing and verification solution for certificates that also need to be printed on paper.

Leon van der Merwe, head of pbDigital, explains: “Smatforms, a channel partner of PBSA in Nigeria, approached PBSA for a solution to digitise the paper-based issuing process for Delta State C-of-O documents. The solution-platform is built on pbDigital’s cloud technology that uses state-of-the-art cryptography to embed digital signatures in PDF documents. The system is an end-to-end solution for issuing these documents.”

Certificate verification

The printed certificate that is issued to the citizen contains an embedded QR code, explains Van der Merwe. “When the QR code is scanned with any generic, free QR code scanner using an online smart device, the original electronic document is opened from a secure cloud location. The electronic version of the document and the printed paper copy presented by the citizen can be compared and must have exactly the same content.

“The authenticity of the electronic document can also be verified by using a free version of Adobe PDF Reader to verify the signatures.

“The digital signatures on the document that were applied by the official authorities when the document was produced, carry X.509 personal cryptographic properties. During the verification process, these signature properties will have the verified personal information and Adobe AATL (Adobe Approved Trust List) certificate information embedded in each digital signature.”

Nigeria: Delta State tackles land ownership bane with SA tech

Featured

ITNewsAfrica_logo

Published by IT News Africa on 28 June 2016

 

New, South African developed digital signature technology sits behind a major breakthrough for Nigeria’s Delta State government, which kicks off its “Fast Track 90” scheme – a new digital system for the acquisition of legal titles for landed property.

Historically an onerous process fraught with bottlenecks, bureaucracy and prone to fraud, the issuance of Certificate-of-Occupancy (C-of-O) to property owners in Delta State will, going forward, be fast tracked to 90 days and fraud-proofed – thanks to a system written by pbDigital, a division of South African customer communications firm PBSA.

Delta State Governor, Senator Ifeanyi Okowa, unveiled the Fast Track 90 scheme at the end of March, saying one of the biggest hindrances to investors was the high cost and delays associated with acquiring the legal titles to landed property in Delta State, Nigeria’s oil and agricultural producing state.

“Fast Track 90, an innovative policy of this administration designed to enhance ease of business in the state, has been initiated to overcome the bottlenecks that have become a recurring decimal in obtaining C-of-Os, it will take a maximum of ninety days for land owners to obtain their C-of-Os from the Ministry of Lands and Surveys and the new system is fast, transparent and in line with global best practices,” said Okowa.

The solution was positioned as having significant benefits for Delta State, including much faster turnaround times, considerably reduced C-of-O fees, security surety and, ultimately, increased investment in the state.

The tech behind Fast Track 90
Fast Track 90 relies on a software platform – recently developed specifically for the project – which connects to PBSA’s High Security Module Cloud Server infrastructure in South Africa. The solution is a hybrid, digital certificate issuing and verification solution for certificates that also need to be printed on paper.

Leon van der Merwe, head of pbDigital, explains: “Smatforms, a channel partner of PBSA in Nigeria, approached PBSA for a solution to digitise the paper-based issuing process for Delta State C-of-O documents. The solution-platform is built on pbDigital’s cloud technology that uses state-of-the-art cryptography to embed digital signatures in PDF documents.  The system is an end-to-end solution for issuing these documents.”

The software system features four main fully integrated platforms:

  1. Certificate Creator – a platform to import the variable data of the citizen that appears on the certificate.
  2. PDF and QR Code Creator – a platform that produces the digital certificates, each with its own unique QR code for printing.
  3. Digital Signature Workflow – a platform that allows the certificates to go through a digital approval and sign-off process.
  4. Certificate Manager – a platform that gives management full visibility throughout the certificate creation, sign-off and post certificate management processes.

Certificate verification
The printed certificate that is issued to the citizen contains an embedded QR code, explains Van der Merwe. “When the QR code is scanned with any generic, free QR code scanner using an online smart device, the original electronic document is opened from a secure cloud location. The electronic version of the document and the printed paper copy presented by the citizen can be compared and must have exactly the same content.

“The authenticity of the electronic document can also be verified by using a free version of Adobe PDF Reader to verify the signatures.

“The digital signatures on the document that were applied by the official authorities when the document was produced, carry X.509 personal cryptographic properties. During the verification process, these signature properties will have the verified personal information and Adobe AATL (Adobe Approved Trust List) certificate information embedded in each digital signature.”

Although developed for Delta State’s new C-of-O scheme, pbDigital’s digital certificate software can be used in any process involving the issuance of printed documents in need of future verification. “The software speeds up business processes, digitises workflow – creating a full audit trail – and completely eradicates fraud,” concludes Van der Merwe.

PBSA unveils new digital signature technology

Featured

itologoPosted by IT Online on 17 February 2016

Up to 80% paper resources reduction, an 80% decrease in power consumption, up to 90% time savings and a largely reduced usage of petroleum and diesel are all reasons PBSA (formerly Pitney Bowes SA) has launched digital signing and electronic workflow solution SignFlow.

This is according to PBSA business development manager and SignFlow co-founder Leon van der Merwe, who notes the software product – “a first in South Africa” – has now officially launched, following its BETA release in October.

This comes three years after PBSA introduced digital signatures into South Africa with its CoSign digital signature solutions. Van der Merwe says the advantage of the solution was immediately evident. “We saw the potential to drastically cut down on costs associated with printing.” He adds that about 80% of businesses’ printing is as a direct result of the need to archive and wet-ink sign documents.

But while the CoSign solution solved the problem of businesses having to print, sign, scan and email documents for signing, it did not solve the problem of documents having to be signed by multiple parties, notes Van der Merwe.

He says this is where SignFlow plugs the gap. “SignFlow was designed, using the latest X.509 cryptographic digital signature technology, to workflow documents to multiple parties that all need to sign or action a document.

“[This means] the document originator/owner can, by using SignFlow, automatically and sequentially distribute any document to multiple parties to legally sign a document through an intelligent workflow system or from any popular document management platform like Microsoft SharePoint Online or Office 365.

“By signing documents electronically with SignFlow, the electronic version of the document becomes the original,” explains Van der Merwe. “This has a huge impact on archiving of documents as it is not required at any stage to print these documents for long term archiving.

Extensive application

“The amount of money and time that businesses spend on getting documents approved and signed is staggering. Signflow bridges this gap by offering a secure digital signature workflow solution so powerful, it eliminates all the inefficient, costly processes relying on print, scan, fax, email and courier completely.”

PBSA’s SignFlow product is designed to benefit any business that signs documents or has others sign documents, contracts, mandates, agreements, etc, with the main verticals to have benefitted thus far being the financial, auditing, engineering, legal and government sectors.

While the solution has seen interest and “extremely positive” feedback primarily from the corporate world, consumers stand to benefit just as much, says Van der Merwe. “Every consumer in South Africa that has ever been asked to sign a document will benefit,” he says, citing the end of brick and mortar banks and the need to print, scan and email or fax documents as obvious advantages. He adds that there is no cost to the consumer to sign documents using SignFlow.

Ultimately, he says, PBSA would like to see every individual consumer, as well as business and government department in South Africa having access to this technology.

All-round impact

Should this goal be realised, Van der Merwe says, the implications would be immense.

According to The Paperless Project – a grassroots coalition of companies focused on transforming the way organisations work with paper and electronic content – the world produces over 300 million tons of paper each year.

“This will eradicate the need for anyone to print documents for signing ever again. [As far as the environment is concerned], this would mean paper usage in a business being cut down by up to 80%, while power consumption [will be reduced] by 80% on the devices (printers, copiers, scanning machines, etc.) that are being used to produce paper documents.”

On a macro scale, he adds, documents would be able to be electronically distributed anywhere in the world, so there would be no need for courier services – which in turn would mean reduced usage of petroleum and diesel.

On the IT infrastructure side, universal adoption of the technology would mean a significant reduction of file replication. “At present, a document in need of four signatures is typically printed and scanned four times, but it is also emailed eight times, which means there are eight different versions of the document. With SignFlow there is always just one instance of the document.

“In addition, not having to print, scan and courier documents would result in an estimated time reduction of up to 90%, noticeably increased business efficiency and an easy means of tracking progress.”

According to a survey by UK-based research company YouGov, the UK’s SMEs waste over £42,2-million per day in revenues just looking for documents.

Local tech

SignFlow comprises two core technologies, both of local origin. The cryptographic public key infrastructure was launched by PBSA in South Africa in 2014 and forms the core X.509 cryptographic infrastructure that allows users to sign digitally in SignFlow.

Secondly, the SignFlow platform itself was 100% developed in South Africa by South African developers in partnership with Jena Solutions using the latest Microsoft .Net technologies.

Speaking about the challenges of launching a new technology, Van der Merwe says – as with any new technology – the market takes time to get to understand the technology. “The technology has an impact on legal, infrastructure, security and business departments within a corporate environment, so all these departments need to be involved in the decision to implement the solution, which is something that takes time.

“We are a pinnacle point in South Africa, where the realisation of the benefits have become the new driving force, rather than just seeking latest tech.”