AutoIt, the BASIC-like automation language for Windows programmers, is becoming a favored tool among malware developers for the same reasons it attracts legitimate users: it’s free, flexible and easy to use.
Trend Micro TrendLabs’ Kyle Wilhoit wrote in today’s Security Intelligence Blog that there’s been an increase in “nefarious AutoIt tool code” — including keystroke loggers and remote-access Trojans — being uploaded to hacker hangouts like Pastebin and Pastie.
New espionage malware has been discovered that targets a patched sandbox-bypass vulnerability in Adobe Reader. The attacks have hit a relatively small number of government victims in 23 countries, primarily in Europe, and rely on a string of unusual tactics, including the use of steganography to hide backdoor code, as well as the capability to reach out to Twitter accounts created by the attackers for links to command and control servers.
Dubbed MiniDuke by researchers at Kaspersky Labs and CrySyS Lab, these attacks were active as of one week ago. They rely on effective social engineering to deliver infected PDFs targeting Adobe Reader 9-11. The PDFs purport to be Ukraine’s foreign policy and NATO membership plans, as well as information for a phony human rights seminar. The victims are not geographically similar; Kaspersky Labs reports 59 victims, most throughout Europe, a few Middle Eastern countries, Brazil and the United States.
“This is a unique and very strange attack. The many different targets hit in separate countries, together with the high profile appearance of the decoy documents and the weird backdoor functionality indicate an unusual threat actor,” a Kaspersky and CrySyS report said. “Some of the elements remind us of both Duqu and Red October, such as the minimalistic approach, hacked servers, encrypted channels but also the typology of the victims.”…
All of you porn surfers out there can just relax. Despite what your momma told you, browsing a porn website isn’t the most sure-fire way to get malware put on your PC.
According to the 2013 Cisco Annual Security Report, many people (including security professionals) have preconceived notions about where they are most likely to encounter Web malware. Most people assume that websites that are associated with “risky” activities like crime, sin and sex are lurking with malware that is poised to be downloaded as soon as someone lands on a Web page. They also assume that websites associated with legitimate businesses, government agencies and educational institutions – in other words, “wholesome websites” – will do no harm to visiting PCs. Well, throw all these notions out the window.
According to Mary Landesman, Senior Security Researcher with Cisco, “Web malware encounters occur everywhere people visit on the Internet—including the most legitimate of websites that they visit frequently, even for business purposes. Indeed, business and industry sites are one of the top three categories visited when a malware encounter occurred.”
Cisco’s analysis indicates that the vast majority of Web malware encounters actually occur via legitimate browsing of mainstream websites. In other words…
The Red October malware that infected hundreds of computer networks in diplomatic, governmental, and scientific research organizations around the world was one of the most advanced espionage platforms ever discovered, researchers with antivirus provider Kaspersky Lab have concluded.
Its operators had more than 1,000 modules at their disposal, allowing them to craft highly advanced infections that were tailored to the unique configurations of infected machines and the profiles of those who used them. Most of the tasks the components carried out – including extracting e-mail passwords and cryptographically hashed account credentials, downloading files from available FTP servers, and collecting browsing history from Chrome, Firefox, Internet Explorer, and Opera – were one-time events. They relied on dynamic link library code that was received from an attacker server, executed in memory, and then immediately discarded. That plan of attack helps explain why the malware remained undetected by antivirus programs for more than five years…..
If you have downloaded a file that you aren’t sure is safe or malicious, you can have it scanned locally on your computer using your existing antivirus or anti malware programs. You probably have one or two or maybe even three such scanners at most, and except one single resident, real-time scanner, others are likely to be demand only since no two real-time scanners can exist together without killing each other and the system it resides on. This is why online malware scanning services are so handy, because it allows you to scan files with multiple scanners without installing any of them locally on your computer. Let us look at some of the online malware scanning services at our disposal.
Crybercrooks are beefing up the infrastructure behind the delivery of botnets, a move that is leading towards more potent and numerous threats, say researchers.
Botnet infections are commonly spread though compromised websites seeded with malicious scripts and promoted via black hat SEO tactics such as link farms. These malware networks, or malnets, pose a growing threat, according to a new study by web security firm Blue Coat.
Malnets largely deal in mass market malware and as such are different from advanced persistent threats (APTs) associated with cyber-espionage attacks targeting large corporations and Western governments. Attacks will be updated and changed, but the underlying infrastructure used to lure in users and deliver these attacks is reused. The ease with which cyber criminals can launch attacks using malnets creates a vicious cycle, a process by which individuals are lured to malware, infected, and then used to infect others…..
Why the dependence?
The traditional antivirus client constantly refers to a database containing signatures of identified malware. Creating an entry for the signature database requires analyzing a copy of the malware. If that’s not possible, malware is free to do its dirty work and the antivirus client is none the wiser.
Next problem. Nefarious types create more than 50,000 new malware strains each day. Analyzing malware is labor-intensive, so antivirus companies have automated the analysis process in order to keep their databases reasonably up to date.
If it was no longer possible to analyze malware samples automatically, the sheer number of new malware strains would quickly render the signature database hopelessly out of date.
The bad news
If you try to keep up on the latest in security developments, then you know those three dreaded words: Zero-day threat. It has become a commonly-used phrase, one that makes for great headlines.
A zero-day exploit is one where there is no time – zero days – between the time the vulnerability is discovered by hackers and when the first attack takes place. There is usually no defense against these security vulnerabilities since no one has invented a patch or other fix – or even knew, until today, that one was necessary.
So you’d think that with all the screaming headlines on tech news sites about new zero-day exploits found in the wild, along with reports about how Microsoft (or whichever company) is scrambling to find a fix, that these security breaches would be a major source of computer security problems IT has to deal with on a daily basis.
And you’d be wrong, says Microsoft.
Twice a year, the company releases…..
One of the worlds stealthiest pieces of malware infected more than 4.5 million PCs in just three months, making it possible for its authors to force keyloggers, adware, and other malicious programs on the compromised machines at any time.The TDSS rootkit burst on the scene in 2008 and quickly earned the begrudging respect of security experts for its long list of highly advanced features. It is virtually undetectable by antivirus software, and its use of low-level instructions makes it extremely hard for researchers to conduct reconnaissance on it. A built-in encryption scheme prevents network monitoring tools from intercepting communications sent between control servers and infected machines……..
LiveCD, DVD, or USB -bootable media-
Microsoft Standalone System Sweeper Beta, a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC.