July 2014
M T W T F S S
« May    
 123456
78910111213
14151617181920
21222324252627
28293031  

Malware

New Injection Campaign Peddling Rogue Software Downloads

A mass injection campaign has surfaced over the last two weeks that’s already compromised at least 40,000 web pages worldwide and is tricking victims into downloading rogue, unwanted software to their computer.

The campaign, dubbed GWload by researchers at Websense, relies on a Cost Per Action scam that convinces users into thinking the page they’ve navigated to has been locked and that they need a special version of VLC Player to open it.

A Cost Per Action scam is a social engineering ploy where the attacker locks content until a certain access is completed. In this case, attackers are using code to defeat browser-based ad-blocker software and then tricking users into downloading something they don’t need…

http://threatpost.com

AutoIt Increasingly Employed by Malware Developers

AutoIt, the BASIC-like automation language for Windows programmers, is becoming a favored tool among malware developers for the same reasons it attracts legitimate users: it’s free, flexible and easy to use.

Trend Micro TrendLabs’ Kyle Wilhoit wrote in today’s Security Intelligence Blog that there’s been an increase in “nefarious AutoIt tool code” — including keystroke loggers and remote-access Trojans — being uploaded to hacker hangouts like Pastebin and Pastie.

Threatpost article

MiniDuke Espionage Malware Hits Governments in Europe Using Adobe Exploits

New espionage malware has been discovered that targets a patched sandbox-bypass vulnerability in Adobe Reader. The attacks have hit a relatively small number of government victims in 23 countries, primarily in Europe, and rely on a string of unusual tactics, including the use of steganography to hide backdoor code, as well as the capability to reach out to Twitter accounts created by the attackers for links to command and control servers.

Dubbed MiniDuke by researchers at Kaspersky Labs and CrySyS Lab, these attacks were active as of one week ago. They rely on effective social engineering to deliver infected PDFs targeting Adobe Reader 9-11. The PDFs purport to be Ukraine’s foreign policy and NATO membership plans, as well as information for a phony human rights seminar. The victims are not geographically similar; Kaspersky Labs reports 59 victims, most throughout Europe, a few Middle Eastern countries, Brazil and the United States.

“This is a unique and very strange attack. The many different targets hit in separate countries, together with the high profile appearance of the decoy documents and the weird backdoor functionality indicate an unusual threat actor,” a Kaspersky and CrySyS report said. “Some of the elements remind us of both Duqu and Red October, such as the minimalistic approach, hacked servers, encrypted channels but also the typology of the victims.”…

http://threatpost.com

Where are you most likely to pick up drive-by malware?

All of you porn surfers out there can just relax. Despite what your momma told you, browsing a porn website isn’t the most sure-fire way to get malware put on your PC.

According to the 2013 Cisco Annual Security Report, many people (including security professionals) have preconceived notions about where they are most likely to encounter Web malware. Most people assume that websites that are associated with “risky” activities like crime, sin and sex are lurking with malware that is poised to be downloaded as soon as someone lands on a Web page. They also assume that websites associated with legitimate businesses, government agencies and educational institutions – in other words, “wholesome websites” – will do no harm to visiting PCs. Well, throw all these notions out the window.

According to Mary Landesman, Senior Security Researcher with Cisco, “Web malware encounters occur everywhere people visit on the Internet—including the most legitimate of websites that they visit frequently, even for business purposes. Indeed, business and industry sites are one of the top three categories visited when a malware encounter occurred.”

Cisco’s analysis indicates that the vast majority of Web malware encounters actually occur via legitimate browsing of mainstream websites. In other words…

http://www.securitybistro.com

Yes, that PC cleanup app you saw on TV at 3am is a waste

Maybe you’ve seen the ads on the Internet or on TV in the wee hours of the morning. They make lofty promises: get rid of blue screens and error messages! Increase your speed! Clean up your system! But even when these PC cleanup apps aren’t just malware in disguise, the things they’re doing for your PC are often dubious. Many either replicate tasks that can be handled by built-in utilities or do things that could cause more problems than they solve.

To highlight just why you and your loved ones should never let these applications anywhere near your PC, we picked one that we’d recently seen ads for: MyCleanPC. It’s the archetypal Windows cleanup app—and you probably shouldn’t install it….

http://arstechnica.com

Why Red October malware is the Swiss Army knife of espionage

The Red October malware that infected hundreds of computer networks in diplomatic, governmental, and scientific research organizations around the world was one of the most advanced espionage platforms ever discovered, researchers with antivirus provider Kaspersky Lab have concluded.

Its operators had more than 1,000 modules at their disposal, allowing them to craft highly advanced infections that were tailored to the unique configurations of infected machines and the profiles of those who used them. Most of the tasks the components carried out – including extracting e-mail passwords and cryptographically hashed account credentials, downloading files from available FTP servers, and collecting browsing history from Chrome, Firefox, Internet Explorer, and Opera – were one-time events. They relied on dynamic link library code that was received from an attacker server, executed in memory, and then immediately discarded. That plan of attack helps explain why the malware remained undetected by antivirus programs for more than five years…..

http://arstechnica.com

List of Online Malware Scanning Services

If you have downloaded a file that you aren’t sure is safe or malicious, you can have it scanned locally on your computer using your existing antivirus or anti malware programs. You probably have one or two or maybe even three such scanners at most, and except one single resident, real-time scanner, others are likely to be demand only since no two real-time scanners can exist together without killing each other and the system it resides on. This is why online malware scanning services are so handy, because it allows you to scan files with multiple scanners without installing any of them locally on your computer. Let us look at some of the online malware scanning services at our disposal.

Malware Scanners Aggregator

 

Zombie-animating malnets increase 300% in just 6 months

Crybercrooks are beefing up the infrastructure behind the delivery of botnets, a move that is leading towards more potent and numerous threats, say researchers.

Botnet infections are commonly spread though compromised websites seeded with malicious scripts and promoted via black hat SEO tactics such as link farms. These malware networks, or malnets, pose a growing threat, according to a new study by web security firm Blue Coat.

Malnets largely deal in mass market malware and as such are different from advanced persistent threats (APTs) associated with cyber-espionage attacks targeting large corporations and Western governments. Attacks will be updated and changed, but the underlying infrastructure used to lure in users and deliver these attacks is reused. The ease with which cyber criminals can launch attacks using malnets creates a vicious cycle, a process by which individuals are lured to malware, infected, and then used to infect others…..

http://www.theregister.co.uk/2012/10/03/malnets/

Is the death knell sounding for traditional antivirus?

Why the dependence?

The traditional antivirus client constantly refers to a database containing signatures of identified malware. Creating an entry for the signature database requires analyzing a copy of the malware. If that’s not possible, malware is free to do its dirty work and the antivirus client is none the wiser.

Next problem. Nefarious types create more than 50,000 new malware strains each day. Analyzing malware is labor-intensive, so antivirus companies have automated the analysis process in order to keep their databases reasonably up to date.

If it was no longer possible to analyze malware samples automatically, the sheer number of new malware strains would quickly render the signature database hopelessly out of date.

The bad news

http://www.techrepublic.com/blog/security/is-the-death-knell-sounding-for-traditional-antivirus/8317

The Biggest Security Vulnerability: The Wetware – Input Output

If you try to keep up on the latest in security developments, then you know those three dreaded words: Zero-day threat. It has become a commonly-used phrase, one that makes for great headlines.

A zero-day exploit is one where there is no time – zero days – between the time the vulnerability is discovered by hackers and when the first attack takes place. There is usually no defense against these security vulnerabilities since no one has invented a patch or other fix – or even knew, until today, that one was necessary.

So you’d think that with all the screaming headlines on tech news sites about new zero-day exploits found in the wild, along with reports about how Microsoft (or whichever company) is scrambling to find a fix, that these security breaches would be a major source of computer security problems IT has to deal with on a daily basis.

And you’d be wrong, says Microsoft.

Twice a year, the company releases…..

via The Biggest Security Vulnerability: The Wetware – Input Output.