<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
    <channel>
        <atom:link href="https://staging.en.ain.ua/tag/cyber-police/feed/" rel="self" type="application/rss+xml" />
        <title><![CDATA[EN.AIN.UA retest]]></title>
        <link><![CDATA[https://staging.en.ain.ua/]]></link>
                <description><![CDATA[EN AIN]]></description>
        <language>en-US</language>
        <pubDate>Wed, 28 Jul 2021 15:06:59 +0300</pubDate>

                    <item>
                <title><![CDATA[Ukrainian authorities seize unencrypted Windscribe VPN servers]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/ukrainian-authorities-seize-windscribe-vpn-servers/</link>
                <description><![CDATA[On June 24, 2021, Windscribe reported that two of its VPN servers in Ukraine, which were running OpenVPN, were seized by Ukrainian authorities. The reasons for the confiscation of the servers are not yet known. The main problem is that]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">ukrainian-authorities-seize-windscribe-vpn-servers</guid>
                <pubDate>Wed, 28 Jul 2021 15:06:59 +0300</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/07/f88cbfa0c1434c2f209da478120b2929-dark-1024x538.jpg"
                                         />
                                    <category>News</category>
                                                    <content:encoded><![CDATA[<p>On June 24, 2021, Windscribe <a href="https://blog.windscribe.com/openvpn-security-improvements-and-changes-7b04ea49222" rel="nofollow">reported</a> that two of its VPN servers in Ukraine, which were running OpenVPN, were seized by Ukrainian authorities. The reasons for the confiscation of the servers are not yet known.</p>    <p>The main problem is that the servers in Ukraine were using a legacy stack instead of full-fledged encryption. As ArsTechnica <a href="https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/" rel="nofollow">notes</a>, this could lead to the possibility that the Ukrainian intelligence services might be able (there is no proof of this yet) to access information from the servers or even intercept and decrypt the traffic used by the system.</p>    <hr class="wp-block-separator is-style-dots">    <h3 class="wp-block-heading">Server seizure</h3>    <p>Windscribe <a href="https://blog.windscribe.com/openvpn-security-improvements-and-changes-7b04ea49222" rel="nofollow">reported</a> that two Ukrainian servers had gone offline on June 24. The company contacted its provider and found out that the servers had been seized by the the Ukrainian authorities investigating activity that occurred one year prior.</p>    <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>“The hosting provider failed to inform us of a preliminary hearing that took place earlier this year, during which a judgement was rendered to seize the two servers in question,” Windscribe says.</p></blockquote>    <p>The company also noted that there was no reason to believe that the servers were compromised or that anyone was able to gain unauthorized access to them before the seizure. Moreover, Windscribe stressed in the first release that it does not log VPN traffic and that no customer data from these servers are at risk during operation.</p>    <p>The editorial office of AIN.UA has sent a request to the Cyber Police regarding the seizure of the servers. But, at the time of writing, it has not received any response.</p>    <h3 class="wp-block-heading">Unencrypted VPN</h3>    <p>But after the seizure, the company had to admit that those two servers had an OpenVPN server certificate and its private key on the disk and that the servers themselves were not properly encrypted.</p>    <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>“Although we have encrypted servers in high sensitivity regions, the servers in question were running a legacy stack and were not encrypted,” Windscribe confirmed.</p></blockquote>    <p>Although the company said that the chance of user information falling into the hands of cybercriminals is virtually eliminated, despite the lack of encryption, ArsTechnica says that refusing to encrypt the servers goes against standard industry practice and practically means negating any security guarantees for users.</p>    <h3 class="wp-block-heading">How the servers might have been used after the seizure</h3>    <p>Although the company tried to minimize the impact by outlining the requirements that an attacker would have to satisfy to intercept user data, those conditions are precisely the ones VPNs are designed to protect against. Specifically, according to Windscribe, the conditions for intercepting traffic are as follows:</p>    <ul><li>The attacker controls your network and can intercept all communications (privileged position for a <a target="_blank" href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack" rel="nofollow">MITM attack</a>);</li><li>You are using a legacy DNS resolver (legacy DNS traffic is not encrypted and is vulnerable to MITM attacks);</li><li>The attacker can manipulate your unencrypted DNS requests (the DNS entries used to pick an IP address of one of our servers) and will be able to redirect it to a previously seized server;</li><li>You are <strong>NOT</strong> using Windscribe applications (the applications connect via IP, not DNS entries).</li></ul>    <p>The potential risks to the user if all of the above conditions are met are as follows:</p>    <ul><li>The attacker will be able to see unencrypted traffic inside your VPN tunnel;</li><li>Encrypted conversations like HTTPS web traffic or encrypted messaging services would not be affected;</li><li>The attacker would be able to see the source and destination of the traffic.</li></ul>    <h3 class="wp-block-heading">Actions and consequences</h3>    <p>One of the steps taken was replacing the current OpenVPN certificate authority with a brand new one that Windscribe says “follows industry best practices” and includes the use of an intermediate certificate authority, not just server certification.</p>    <p>Moreover, the company said it has also decided to move its servers completely to RAM, which means it will no longer have a hard drive backup, and all data will be erased if the server is rebooted or shut down.</p>    <p>However, the company was still unable to encrypt the VPN servers seized in Ukraine, and changes to the certification, which should close the vulnerability that appeared after the loss of the servers, were not completed until July 20, 2021 (the servers had been seized almost a month earlier – June 24).</p>    <p>As ArsTechnica notes, this allowed the current “holders” of the servers to easily impersonate Windscribe servers and capture and decrypt traffic passing through them.</p>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[Ukrainian police arrest a hacker group after stealing $500M from companies in South Korea and the US]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/ukrainian-police-arrest-a-hacker-group-after-stealing-500m/</link>
                <description><![CDATA[Cyber Police in together with the National Police, law enforcement officers of the Republic of Korea and the United States of America, exposed a hacker group that stole $500 million from companies in South Korea and the United States. As noted by]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">ukrainian-police-arrest-a-hacker-group-after-stealing-500m</guid>
                <pubDate>Fri, 18 Jun 2021 10:49:37 +0300</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/06/uue52q2xg9o3idjumdc6vcowk9oekgzhl47drqme-scaled.jpg"
                                         />
                                    <category>News</category>
                                                    <content:encoded><![CDATA[<p>Cyber Police in together with the National Police, law enforcement officers of the Republic of Korea and the United States of America, exposed a hacker group that stole $500 million from companies in South Korea and the United States.</p>    <p>As <a target="_blank" href="https://mvs.gov.ua/uk/press-center/news/kiberpoliciya-vikrila-xakerske-ugrupovannya-u-rozpovsyudzenni-virusu-sifruvalnika-ta-nanesenni-inozemnim-kompaniyam-piv-milyarda-dolariv-zbitkiv" rel="nofollow">noted</a> by the Ministry of Internal Affairs, with the help of the ransomware Clop, the hacker group encrypted the data from the Korean and the United States companies and later demanded money to restore access to files.</p>    <hr class="wp-block-separator is-style-dots">    <h3 class="wp-block-heading"><strong>How the hacker group worked</strong></h3>    <figure class="wp-block-image size-large"><img decoding="async" src="https://mvs.gov.ua/upload/images/origin/uUE52q2xg9o3IDJumdc6vcowk9OeKgZhl47DRqME.jpg" alt=""></figure>    <p>The Cyber Police found that six defendants carried out attacks of malicious software such as ‘ransomware’ on the servers of American and South Korean companies. They demanded a ransom for decrypting the data, and in case of non-payment, they threatened to disclose the victims’ confidential data.</p>    <p>The hackers sent out emails with a malicious file, after opening which the program carried out a complete infection of the victims’ computers with the remotely controlled program Flawed Ammyy RAT. Using remote access, the hackers activated the Cobalt Strike malicious software, which provided information about the vulnerabilities of the infected servers for further exploitation.</p>    <p>Thus, in 2019, four Korean companies were attacked by the Clop ransomware virus. As a result, 810 internal servers and personal computers of employees were blocked. Also, in 2021, the defendants carried out an attack and encrypted the personal data of employees and financial reports of the Stanford University School of Medicine, the University of Maryland, and the University of California.</p>    <p>Unlike common ransomware attacks, which encrypt large numbers of unidentified personal computers and servers, these attacks targeted a specific victim’s computer network and infected the entire system. The total amount of losses is $500 million.</p>    <h3 class="wp-block-heading"><strong>Law enforcement officers seized about UAH</strong><strong> 500,000 in cash</strong></h3>    <figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">  </div></figure>    <p>As part of the criminal proceedings, law enforcement officers conducted 21 searches in the defendants’ homes and cars in Kyiv and nearby regions. Computer equipment, cars, about UAH 500,000 in cash, and the property were seized from the suspects.</p>    <p>The criminal proceedings have been opened under Part 2 of Art. 361 (Unauthorized interference with computers, automated systems, computer networks or telecommunication networks) and Part 2 of Art. 209 (Legalization (laundering) of property obtained by criminal means) of the Criminal Code of Ukraine. The defendants face up to eight years in prison. Investigation activities are ongoing.</p>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[Cyber Police uncover Ukrainian hacker who developed world’s largest phishing service to attack financial institutions]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/cyber-police-uncover-ukrainian-hacker-developed-phishing-service/</link>
                <description><![CDATA[A resident of the Ternopil region is suspected of developing one of the world’s largest phishing services to attack financial institutions and email services. As a result, banks in 11 countries were affected. The losses have reached tens of millions]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">cyber-police-uncover-ukrainian-hacker-developed-phishing-service</guid>
                <pubDate>Mon, 05 Apr 2021 10:19:52 +0300</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/04/fee72abe5293ac30ddaef9aac5b43cbb-dark-1024x538.jpg"
                                         />
                                    <category>News</category>
                                                    <content:encoded><![CDATA[<p>A resident of the Ternopil region is suspected of developing one of the world’s largest phishing services to attack financial institutions and email services. As a result, banks in 11 countries were affected. The losses have reached tens of millions of dollars, as <a href="https://cyberpolice.gov.ua/news/xakeru-yakyj-rozrobyv-odyn-iz-najbilshyx-u-sviti-fishyngovyx-servisiv-dlya-atak-na-finustanovy-povidomleno-pro-pidozru---naczpolicziya-6626/" rel="nofollow">reported</a> by the Cyber Police.</p>    <p><strong>What happened</strong></p>    <ul><li>It is reported that the suspect has developed a phishing package and a special administration panel for it. They targeted the web resources of over a hundred banking institutions and their clients in Europe and Australia.</li><li>In particular, the admin panel made it possible to control the accounts of users registered on the compromised resources. The banking information that was entered by customers was then used by hacker groups for their purposes.</li></ul>    <div class="wp-block-image"><figure class="aligncenter size-large"><img decoding="async" src="https://cdn.ain.ua/ua/2021/03/screenshot-at-mar-29-11-41-49.png" alt=""><figcaption>Picture: Cyber Police</figcaption></figure></div>    <ul><li>The hacker showed and sold his developments through his online store on the darknet.</li><li>In addition to the phishing tools to attack financial institutions, the detainee was developing resources designed to hack mailing services used by over 1.5b people, the Cyber Police mention.</li><li>The suspect has been served with charge papers under Part 2 of Art. 361-1 of the Criminal Code of Ukraine, “Creation for the purpose of use, dissemination and distribution of harmful software or hardware, as well as their dissemination and distribution.” He faces up to five years of imprisonment. The investigation continues.</li></ul>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[Hackers who stole $2.5 billion from European banks exposed in Ukraine]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/cyber-police-exposes-hackers-who-stole-2-5-billion/</link>
                <description><![CDATA[The Cyber Police has exposed a transnational hacker group, which had been spreading the computer virus EMOTET. According to the statement by the Ministry of Internal Affairs’ (MIA) press office, this virus has caused $2.5 billion in damage to American and European]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">cyber-police-exposes-hackers-who-stole-2-5-billion</guid>
                <pubDate>Thu, 28 Jan 2021 15:20:34 +0200</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/01/208efbaa-a84c-4fac-8dd2-f22eeffa91bb-1024x538.jpg"
                                         />
                                    <category>News</category>
                                                    <content:encoded><![CDATA[<p>The Cyber Police has exposed a transnational hacker group, which had been spreading the computer virus EMOTET.</p>    <p>According to the <a target="_blank" href="https://mvs.gov.ua/ua/news/38267_Kiberpoliciya_vikrila_transnacionalne_ugrupovannya_hakeriv_u_rozpovsyudzhenni_naynebezpechnishogo_v_sviti_kompyuternogo_virusu_EMOTET.htm" rel="nofollow">statement</a> by the Ministry of Internal Affairs’ (MIA) press office, this virus has caused $2.5 billion in damage to American and European banks and financial institutions.</p>    <hr class="wp-block-separator is-style-dots">    <h3 class="wp-block-heading"><strong>How the scheme worked</strong></h3>    <figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="1152" height="864" data-attachment-id="814588" data-permalink="https://en.ain.ua/2021/01/28/cyber-police-exposes-hackers-who-stole-2-5-billion/4cdbc5ea-9e27-41f4-8358-dc02189d9092/" data-orig-file="https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092.jpg" data-orig-size="1152,864" data-comments-opened="1" data-image-meta='{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}' data-image-title="4cdbc5ea-9e27-41f4-8358-dc02189d9092" data-image-description="" data-image-caption="" data-medium-file="https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092-800x533.jpg" data-large-file="https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092-1024x538.jpg" src="https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092.jpg" alt="" class="wp-image-814588" srcset="https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092.jpg 1152w, https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092-768x576.jpg 768w" sizes="(max-width: 1152px) 100vw, 1152px"></figure>    <p>As <a target="_blank" href="https://www.gp.gov.ua/ua/news?_m=publications&amp;_c=view&amp;_t=rec&amp;id=287756&amp;fbclid=IwAR2JQbZP5Qq_02g6EVfhYN21ib-AVJyidmppDPJiacVfDq0FHxYoVSWzTC8" rel="nofollow">reported</a> by the Attorney General’s Office, since 2014, a group of Ukrainian hackers using a piece of malware, the so-called encryption virus (“banking Trojan”), designed to steal personal data (passwords, logins, and payment details), has carried out massive interferences in the functioning of servers of both private and state-run banking institutions.</p>    <p>EMOTET’s infrastructure included servers around the world and was effectively a botnet. The “virus” was spread via spam mailouts, Word documents, Excel tables, and email messages.</p>    <p>After penetrating the target software, the virus used the “infected” device for further spamming, as well as install additional viruses. Consequently, the malware stole users’ personal data, including passwords, logins, browsing history, payment and banking details, etc. Later on, the perpetrators would transfer the money to their controlled accounts.</p>    <h3 class="wp-block-heading"><strong>Simultaneous searches in eight countries</strong></h3>    <figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="1280" height="958" data-attachment-id="814590" data-permalink="https://en.ain.ua/2021/01/28/cyber-police-exposes-hackers-who-stole-2-5-billion/285fe858-e3e6-43c8-8da0-363eafee0e2d/" data-orig-file="https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d.jpg" data-orig-size="1280,958" data-comments-opened="1" data-image-meta='{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}' data-image-title="285fe858-e3e6-43c8-8da0-363eafee0e2d" data-image-description="" data-image-caption="" data-medium-file="https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d-800x533.jpg" data-large-file="https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d-1024x538.jpg" src="https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d.jpg" alt="" class="wp-image-814590" srcset="https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d.jpg 1280w, https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d-768x574.jpg 768w" sizes="(max-width: 1280px) 100vw, 1280px"></figure>    <p>The Cyber Police, along with local law enforcement agencies, has conducted simultaneous searches in Ukraine, the Netherlands, Germany, France, Lithuania, Canada, the USA, and the UK.</p>    <p>As a result, the enforcers seized server equipment, computer hardware, and data storage media containing information about the companies targeted by the cyber-attacks. Banking cards, money, and secret ledgers with passwords, logins, and keys to services were also seized.</p>    <p>“Criminal proceedings are being conducted under Art. 361 (Unauthorized interference in the functioning of computers, automated systems, computer networks, or telecommunication networks), Art. 361-1 (Creation of malicious software or hardware with the purpose of usage, distribution, or sale), and Art. 190 (Fraud) of the Criminal Code of Ukraine. The attackers face up to 12 years of imprisonment, with confiscation of property,” the MIA comments.</p>    <p>Now, the activity of the EMOTET network, which was distributed across more than 90 servers in many countries, is completely blocked.</p>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[Hacker whose DarkComet virus infected thousands of computers around the world was detained in Ukraine]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/darkcomet-virus/</link>
                <description><![CDATA[The Carpathian Cyber Police closed in on a hacker who managed to infect thousands of computers with the DarkComet virus in 50 countries. The modified virus was created for remote access and control of the victim’s computer. The criminal proceedings]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">darkcomet-virus</guid>
                <pubDate>Mon, 26 Nov 2018 18:30:33 +0200</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2018/11/46507317_930662773724553_22.jpg"
                                         />
                                    <category>Countries</category>
                                                    <content:encoded><![CDATA[<p>The Carpathian Cyber Police closed in on a hacker who managed to infect thousands of computers with the DarkComet virus in 50 countries. The modified virus was created for remote access and control of the victim’s computer.</p> <p>The criminal proceedings for violation was initiated under part 2 of Article 361 of the Criminal Code of Ukraine (computers hacking) and part 1 Article 361-1 (creation and distribution of harmful software).</p> <p>During the investigation, the Cyber Police officers closed in on 42-year-old resident of Lviv region, who installed a Trojan control center on his own computer and modified it. The place of residence of the hacker was searched, and a laptop with a virus and a PC were seized. During the inspection of the devices, they found an admin panel for access to infected computers, installation files of the virus, screenshots of from the controlled computers.</p> <p><img loading="lazy" decoding="async" data-attachment-id="804968" data-permalink="https://en.ain.ua/2018/11/26/darkcomet-virus/46507317_930662773724553_22/" data-orig-file="https://cdn.ain.ua/en/2018/11/46507317_930662773724553_22.jpg" data-orig-size="960,522" data-comments-opened="1" data-image-meta='{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}' data-image-title="46507317_930662773724553_22" data-image-description="" data-image-caption="" data-medium-file="https://cdn.ain.ua/en/2018/11/46507317_930662773724553_22-300x163.jpg" data-large-file="https://cdn.ain.ua/en/2018/11/46507317_930662773724553_22.jpg" class="aligncenter wp-image-804968 size-full" src="https://cdn.ain.ua/en/2018/11/46507317_930662773724553_22.jpg" alt="" width="960" height="522" srcset="https://cdn.ain.ua/en/2018/11/46507317_930662773724553_22.jpg 960w, https://cdn.ain.ua/en/2018/11/46507317_930662773724553_22-300x163.jpg 300w, https://cdn.ain.ua/en/2018/11/46507317_930662773724553_22-768x418.jpg 768w, https://cdn.ain.ua/en/2018/11/46507317_930662773724553_22-460x250.jpg 460w, https://cdn.ain.ua/en/2018/11/46507317_930662773724553_22-120x65.jpg 120w" sizes="(max-width: 960px) 100vw, 960px"></p> <p>The department reported that DarkComet provides full remote access to controlled computers, in particular, the ability to upload and download files, manage autoloads and services, take screenshots, intercept microphone audio and video from cameras. It also has a keylogger (keystroke monitoring), clipboard monitor, network utilities, and the ability to shut down and restart a remote computer.</p> <p>The Сyber Police recommends to check your own computers, despite the small number of computers that have been infected (about 2000). To do this on Windows computers, you need to run cmd console and enter the command for monitoring active netstat-nao network connections.</p> <p><img loading="lazy" decoding="async" data-attachment-id="804969" data-permalink="https://en.ain.ua/2018/11/26/darkcomet-virus/46505879_93066120/" data-orig-file="https://cdn.ain.ua/en/2018/11/46505879_93066120.jpg" data-orig-size="600,283" data-comments-opened="1" data-image-meta='{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}' data-image-title="46505879_93066120" data-image-description="" data-image-caption="" data-medium-file="https://cdn.ain.ua/en/2018/11/46505879_93066120-300x142.jpg" data-large-file="https://cdn.ain.ua/en/2018/11/46505879_93066120.jpg" class="aligncenter wp-image-804969 size-full" src="https://cdn.ain.ua/en/2018/11/46505879_93066120.jpg" alt="" width="600" height="283" srcset="https://cdn.ain.ua/en/2018/11/46505879_93066120.jpg 600w, https://cdn.ain.ua/en/2018/11/46505879_93066120-300x142.jpg 300w, https://cdn.ain.ua/en/2018/11/46505879_93066120-120x57.jpg 120w" sizes="(max-width: 600px) 100vw, 600px"></p> <p>If you see a connection to host 193.53.83.233 and port 1604 or 81 in the list of connections, the computer is infected.</p>]]></content:encoded>
                            </item>
            </channel>
</rss>
