Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering 

Russian anti virus firm & security giant  Kaspersky Lab has released an anti-spam and anti-malware application called Linux Mail Security which can be integrated into different type of Linux-based mail server to fight spam and block malicious attachments. The latest spam-fighting features – including Reputation Filtering and Enforced Anti-Spam Updates Service  help to filter out zero-hour spam, while our new ZetaShield technology helps to shield businesses from zero-day and targeted attacks. Designed for integration with a range of Linux-based mail systems, Kaspersky Linux Mail Security delivers the security, flexibility and ease of management that businesses and ISPs demand. 

Key Features:- 

• Advanced antivirus engine- Kaspersky Linux Mail Security includes the latest version of Kaspersky Lab’s award-winning antivirus engine – with behaviour stream signatures – to help detect and remove malicious attachments from incoming emails.
• 
  
• Zero-Day Exploit and Targeted Attack (ZETA) Shield- Kaspersky’s ZetaShield offers protection against unknown malware and exploits – to defend you from zero-day and zero-hour attacks and APTs (Advanced Persistent Threats).
• 
  

Powerful Anti-Spam Engine- Kaspersky Linux Mail Security provides the latest version of Kaspersky’s anti-spam engine – including two powerful new technologies:

• Enforced Anti-Spam Updates Service – uses push technology, directly from the Kaspersky cloud, to deliver real-time updates. By reducing the ‘update window’ from 20 minutes to approximately 1 minute, the Enforced Anti-Spam Updates Service helps to defend businesses against zero-hour spam and spam epidemics.
• Cloud-assisted Reputation Filtering – fights against unknown spam, to enhance the spam capture rate and reduce the number of false positives.

Kaspersky Security Network -The cloud-based Kaspersky Security Network (KSN) gathers data from millions of participating users’ systems around the world to help defend your system from the very latest viruses and malware attacks. Potential threats are monitored and analysed – in real-time – to help block dangerous actions, before harm is caused.

Attachment filtering- The new Format Recogniser feature can filter attachments – using information about file type, name and message size. This helps businesses to enforce their email usage policy and can help to address corporate liability issues that can arise when users try to distribute illegal music or video files via the corporate email system.

Improved!Global Blacklists and Whitelists- In addition to creating corporate blacklists or whitelists, administrators can manage ‘allowed’ or ‘denied’ senders email – using IPv4 and IPv6, wildcards and regular expressions.

Personal Blacklists and Whitelists- Users also can create their own blacklists and whitelists.

Backup and personal backup with flexible search -Blocked email is quarantined in a backup system. If the system uses Microsoft Active Directory or OpenLDAP, individual users can access their personal backup via the web so they’re less likely to need to call your helpdesk.

Integration with most popular MTAs (Postfix, Sendmail, Exim, qmail and CommunigatePro)- Kaspersky Linux Mail Security lets you select the method of integration, depending on your choice of Mail Transfer Agent (MTA) – so you can integrate as a filter or using a Milter API.

Antivirus command line file scanner- The Kaspersky Anti-Virus On-Demand Scanner can be used for on-demand virus checking of objects – which can include directories, regular files and devices such as hard drives, flash drives and DVD-ROMs.

Amavisd-new- Kaspersky Linux Mail Security supports integration with Linux mail systems using the high-performance AMaViS interface.

Monitoring and Reporting features- 

• SNMP (Simple Network Management Protocol) support – any type of event can be monitored using SNMP events and traps
• A new dashboard gives an at-a-glance view of status and monitoring
• Detailed, flexible reporting in PDF format – for customisable reports that help in the monitoring and analysis of security and policies
• Notification system – informs administrators and document owners about policy violation incidents
• Detailed logs – on all product actions, to help in identifying problems

Easy to deploy, maintain and manage- 

• System administrators can run manual updates or set the rules for fully automatic updates of antivirus, anti-spam and ZetaShield
• Integration with Active Directory and OpenLDAP
• Rich email traffic management rules – administrators can create rules according to corporate security policies
• IPv6 support
• Scalable architecture – the entire system can be easily migrated from a test server to a production environment

Kaspersky Linux Mail Security will support the following Linux distributions - Red Hat Enterprise Linux 6.2 Server, Fedora 16, SUSE Linux Enterprise Server 11 SP2, Debian GNU/Linux 6.0.4 Squeeze, CentOS 6.2, openSUSE Linux 12.1, Ubuntu 10.04 LTS; 12.04 LTS, Mandriva Enterprise Server 5.2, FreeBSD 8.3, 9.0, Canaima 3.0, Asianux 4 SP1. 

For Detailed Information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering"https://www.voiceofgreyhat.com/2012/09/Kaspersky-Releases-Linux-Mail-Security.html</a>

Kaspersky Unveils Internet Security 2013, A Unique Tool To Combat Against Cyber-Crime

Kaspersky Unveils Internet Security 2013, A Unique Tool To Combat Against Cyber-Crime

kaspersky lab on Monday has unveiled Kaspersky Internet Security 2013 and promises to help combat the slew of new cyber threats that have emerged this year. This new release is boasting a host of new features including a new anti-spam module, a new Safe Money Mode, antivirus engine, and a simplified user interface.  These include a new Safe Browser mode that activates automatically when the user logs onto a banking sites and isolates the payment operation from other online activities to ensure any transaction made is not monitored. Kaspersky Internet Security 2013 also adds new Secure Keyboard technology to the company's existing Virtual Keyboard tool. The tool is designed to protect the most sensitive data against keyloggers when in Safe Money mode. Kaspersky claims the tool also features a "unique Automatic Exploit Prevention technology targets the most sophisticated threats utilising vulnerabilities in popular software", and a "new antivirus engine with better detection rates for the entire scope of emerging cyber threats".

The new tool also promises to offer protection from zero-day exploits adding "Automatic Exploit Prevention technology" that is designed to address some of the most sophisticated threats. 

"When developing the new versions of our home user products we paid particular attention to the users' needs as well as the threats they face," said Eugene Kaspersky, chief executive of Kaspersky. Kaspersky Internet Security 2013 and Kaspersky Anti-Virus 2013 are set to be released on 28 August, costing £39.99 and £29.99 respectively. Final Versions of Kaspersky Internet Security and Kaspersky Anti-Virus, that fully support Windows 8, will be available immediately upon the release of Windows 8. Meanwhile, for testing purposes, the Technical Preview of Kaspersky Internet Security has been released  that is designed for Windows Consumer Preview. This version of the product is exclusively intended for installation on Windows Consumer Preview, and the product has only been distributed to the most active testers. 

To Download Kaspersky Internet Security 2013 Build (Compatible with Windows 8) Click Here

-Source (Kaspersky & V3)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kaspersky Unveils Internet Security 2013, A Unique Tool To Combat Against Cyber-Crime"https://www.voiceofgreyhat.com/2012/08/Kaspersky-Unveils-Internet-Security-2013.html</a>

Cybercrime can ruin the entire economies

Russian anti-virus guru Eugene Kaspersky does a quick calculation in his head as he blinks at the ceiling.Satisfied, he announces: "About 200000."

That's the number of virus-infected computers in a targeted attack on SA's internet infrastructure that would shut it off from the rest of the world. No e-mail. No electronic transactions. No web searches. No e-government. No Skype, Twitter or Facebook. Nothing.

He's not being alarmist - it happened in Estonia in 2007.
And 200000 rogue computers is not a huge number. Organised syndicates or loners with modest technical know-how and resources can harness millions of virus-infected machines they effectively control to add muscle to their efforts - from stealing money and identities to managing online corporate espionage or collapsing the infrastructure and function of a country's economy and government.
Kaspersky is CEO and founder of Kaspersky Lab, one of the world's top four anti-virus software companies and Europe's biggest. Worldwide, the software anti-virus industry is worth about $7-billion a year in profit for firms in the sector. His fortune is estimated at $800-million and Forbes rates him as Russia's 125th-richest person. He was in SA to talk to business executives and security experts about the rising cybercrime threat to business, governments and organisations of all types.
"There are literally millions of computer viruses in the wild," he says. "Last year alone we collected 20million of them. Most are variations on a theme and can be dealt with automatically in our labs. However, there are teams of experts at anti-virus organisations around the world that work against new threats round the clock. Once a virus is discovered, it can be reverse-engineered and countered with an antidote pretty quickly," says Kaspersky.
He worries about the ability of viruses, or malware (malicious software) to perform increasingly sophisticated and sinister attacks. Typically, these are denial of service (DOS) assaults using networks of computers infected by malware to bring down websites or online services by bombarding them with data. People who control these botnets can trigger a destructive payload at will.
The 2007 Estonian attack showed a botnet with enough resources could shut down banks, government departments, education networks, the media - just about any organisation with an online presence.
DOS attacks are just one aspect of the destructiveness of modern malware. Malware can also help with identity theft and data theft. The damage can be devastating.
"Estimates put the cost to business of cybercrime at anything between $100-billion to $1-trillion," he says . "One of the reasons it's so hard to put a figure on it is organisations that have been compromised are reluctant to talk about it."
Another is they don't know about it. Data theft is big business but differs from other forms of pilfering in that the original data stays where it is while a copy is spirited away, often undetected, via the ether.
"Some businesses are aware and active in countering virus attacks. Banks, for example, now build losses from cybercrime into the cost of doing business - they have a budget for it which includes defending against it and compensating for it when breaches occur. Computer viruses have permeated every part of society," he says.
In August 2008, a Spanair airliner crashed just after taking off from Madrid. It was that year's deadliest aviation accident and 154 people died.
Kaspersky says the airline found the computer system used to monitor aircraft technical problems was infected with malware that probably prevented detection of a system failure.
Last year marked the appearance of the Stuxnet virus, a virus so complicated to produce and dispatch it was probably at least partly the work of, or funded by, a nation state. Speculation is Stuxnet's purpose was to sabotage an Iranian nuclear reactor, although it can damage a variety of industrial systems.
Computer viruses have come a long way since the first, written in 1982 by US schoolboy Rich Skrenta, 15. Called Elk Cloner and written for early Apple II systems, it replicated itself on floppy disks and displayed a poem, sometimes corrupting disks it infected.
Brain was the first virus to infect IBM PCs and was released in 1986. It was written by two Pakistani brothers and distributed with their medical software to prevent piracy. It replicated itself and slowed systems.
The advent of the commercial internet in the early 1990s provided the ideal vehicle to spread viruses.
More advanced techniques used by virus writers meant they could be used to do anything from data theft and identity fraud to corporate espionage, blackmail and extortion.
Kaspersky says a Swedish bank was attacked in February and the remote access Trojan fooled operators into thinking that the screens they were monitoring had been frozen by a Windows blue screen computer error.
"The first rule when this happens is don't touch anything. They didn't. But the machine wasn't frozen, the virus had generated the blue screen and was diverting funds in the background from a perfectly functioning system that the operators thought wasn't working.
"Now malware writers are using social networks like Facebook and Twitter to spread their work." Organisations were threatened from within by disgruntled staff or criminals as shown by malware found on organisations' computers not connected to the internet.
Kaspersky says the computer virus threat is on the rise and inadequately protected businesses are vulnerable.
"Cybercrime is an industry now. Governments are finding it difficult to fight it because any laws they make regarding cybercrime are difficult if not impossible to enforce in the online world where attacks may come from networks made up of computers in different countries.
"Even on home soil, laws are difficult to keep relevant as the nature of attacks change. And in Japan, for example, there's simply no law against writing computer viruses.
"Lack of understanding the real threat of viruses is a dangerous game for businesses and organisations of all sizes to play," he says.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cybercrime can ruin the entire economies"https://www.voiceofgreyhat.com/2011/05/cybercrime-can-ruin-entire-economies.html</a>

Kaspersky Vulnerability Underscores Users' Poor Updating Habits

Over the past year, Adobe has taken a lot of heat for vulnerabilities in its products -- specifically the Flash plug-in and Adobe Reader. Now, however, there's a fresh new round of finger-pointing in the wake of Kaspersky's first quarter 2011 threat analysis, in which Adobe apps accounted for the top three of the ten most prevalent vulnerabilities on consumer computers.

As is the case with so many reports like this, however, the numbers don't tell the whole story. The top vulnerability, which was in Adobe Reader, wasoriginally posted by Adobe on September 8, 2010 -- and a patch has been available since October 5, 2010. While I'm not impressed that it took a full month for Adobe to issue a critical patch, I'm less impressed that millions of users still hadn't bothered to update by the end of this quarter -- especially when the vastly superior Adode Reader X is available to replace infinitely less-secure 9.X versions.

In fact, only two of the vulnerabilities Kaspersky lists actually surfaced in Q1 2011 -- one in Java and one in Flash. As for the other two Adobe listings, are we to blame the company when end users opt out of an update? In my years as a technician, I've seen countless systems with Adobe Reader, Flash, and Java update icons resting in the tray and periodically tossing out system notifications that an update is available. Much as I would like it to be the case, Adobe and Sun can't make a user follow good security practices.

Should Microsoft take the blame for a flaw in OneNote which was revealed in2007 and has long since been patched? Certainly not. Yes, vendors implementing a transparent, auto-update system like the one in Google Chrome would help, but end users also need to take responsibility for their own security.

Since Kaspersky's list doesn't specify the actual Adobe IDs connected with the flaws, I decided to dig a bit deeper into the report. That process was complicated by the fact that Kaspersky's links point to the wrong vulnerabilities -- and the Secunia IDs provided don't match up either. The top vulnerability, for example, is listed as an Adobe Reader flaw. Clicking through on the link took me to a report about Axigen Mail Server and the Secunia ID (38805) points to one for Microsoft Office. Number three, a Flash vulnerability, links to Fedora update for TexMacs.

For a security vendor to call out another company's products for security shortcomings and not bother to error-check prior to publishing is unacceptable. Such missteps show a disdainful lack of care and cast doubts upon the report's veracity and value.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kaspersky Vulnerability Underscores Users' Poor Updating Habits"https://www.voiceofgreyhat.com/2011/05/kaspersky-vulnerability-underscores.html</a>

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Recently security firm Kaspersky lab has published a new report on the sophisticated nation-state sponsored Flame cyber-espionage campaign. During the research, conducted by Kaspersky Lab in partnership with International Telecommunication Union’s cybersecurity executing arm - IMPACT, CERT-Bund/BSI and Symantec, a number of Command and Control (C&C) servers used by Flame’s creators were analyzed in detail. The analysis revealed new, groundbreaking facts about Flame. Particularly, traces of three yet undiscovered malicious programs were found, and it was discovered that the development of the Flame platform dates back to 2006.

Main findings:

• The development of Flame’s Command and Control platform started as early as December 2006.
• The C&C servers were disguised to look like a common Content Management System, to hide the true nature of the project from hosting providers or random investigations.
• The servers were able to receive data from infected machines using four different protocols; only one of them servicing computers attacked with Flame.
• The existence of three additional protocols not used by Flame provides proof that at least three other Flame-related malicious programs were created; their nature is currently unknown.
• One of these Flame-related unknown malicious objects is currently operating in the wild.
• There were signs that the C&C platform was still under development; one communication scheme named “Red Protocol” is mentioned but not yet implemented.
• There is no sign that the Flame C&Cs were used to control other known malware such as Stuxnet or Gauss.

The Flame cyber-espionage campaign was originally discovered in May 2012 by Kaspersky Lab during an investigation initiated by the International Communication Union. Following this discovery, ITU-IMPACT acted swiftly to issue an alert to its 144 member nations accompanied with the appropriate remediation and cleaning procedures. The complexity of the code and confirmed links to developers of Stuxnet all point to the fact that Flame is yet another example of a sophisticated nation-state sponsored cyber operation. Originally it was estimated that Flame started operations in 2010, but the first analysis of its Command and Control infrastructure (covered by at least 80 known domains names) shifted this date two years earlier.

The findings in this particular investigation are based on the analysis of the content retrieved from several C&C servers used by Flame. This information was recovered despite the fact that Flame’s control infrastructure went offline immediately after Kaspersky Lab disclosed the existence of malware. All servers were running the 64-bit version of the Debian operating system, virtualized using OpenVZ containers. Most of the servers’ code was written in the PHP programming language. Flame’s creators used certain measures to make the C&C server look like an ordinary Content Management System, in order to avoid attention from the hosting provider.

Sophisticated encryption methods were utilized so that no one, but the attackers, could obtain the data uploaded from infected machines. The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame. It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild. These unknown malicious programs are yet to be discovered.

Another important result of the analysis is that the development of the Flame C&C platform started as early as December 2006. There are signs that the platform is still in the process of development, since a new, yet not implemented protocol called the “Red Protocol” was found on the servers. The latest modification of the servers’ code was made on May 18, 2012 by one of the programmers.

“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers. Flame’s creators are good at covering their tracks. But one mistake of the attackers helped us to discover more data that one server was intended to keep. Based on this we can see that more than five gigabytes of data was uploaded to this particular server a week, from more than 5,000 infected machines. This is certainly an example of cyber espionage conducted on a massive scale,” commented Alexander Gostev, Chief Security Expert, Kaspersky Lab. 

Here we want to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 

For detailed analysis on Flame's command and control (C&C) servers click Here

-Source (Kaspersky)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled"https://www.voiceofgreyhat.com/2012/09/Full-Analysis-of-Flame-Command-and-Control-Servers-Unraveled.html</a>

Duqu Mystery Finally Solved By Researcher at Kaspersky Lab

Duqu Mystery Finally Solved By Researcher at Kaspersky Lab

After so many drama finally the deep mystery of DUQU solved. Researcher at kaspersky lab has found out that this dangerous stuxnet was written by custom object oriented C called “OO C”. The mystery began earlier this month, when Kaspersky researchers struggled to determine what programming language had been used to develop the Duqu. So the researchers have taken the help of programming community to find out the truth. They got a wild feed back, 200 comments and 60+ e-mail messages with suggestions about possible languages and frameworks that could have been used for generating the Duqu Framework code. 

Let us review the most popular suggestions:-

• Variants of LISP
• Forth
• Erlang
• Google Go
• Delphi
• OO C
• Old compilers for C++ and other languages

There are two main possibilities. The code was either written using a custom OO C framework, or it was entirely written in OO C manually, without any language extensions.No matter which of these two variants is true, the implications are impressive. The Payload DLL contains 95 Kbytes of event-driven code written with OO C, a language that has no automatic memory management or safe pointers was pointed out by Kaspersky’s Igor Soumenkov.“This kind of programming is more commonly found in complex ‘civil’ software projects, rather than contemporary malware. Additionally, the whole event-driven architecture must have been developed as a part of the Duqu code or its OOC extension.” said Mr Igor

This made an assumption that the developers are old school and don’t trust C++. That’s why they relied on C. Another reason for using OO C is because back in the good old days it was more portable than C++. Duqu was created by a professional team that wrote the framework based on old code. To know the full story click here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Duqu Mystery Finally Solved By Researcher at Kaspersky Lab"https://www.voiceofgreyhat.com/2012/03/duqu-mystery-finally-solved-by.html</a>

Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers

Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers

Massive Flashback botnet that hit more than 60K Mac PC world wide originated from hacked and malware-rigged WordPress blog sites. Researchers figure out there were between 30,000 and 100,000 WordPress sites infected in late February and early March, 85% of which are in the United States.

Kaspersky Lab researchers say the infected WordPress blog sites were rigged with code that silently redirected visitors to a malicious server. "When the connection was made to the malicious server, that server would determine which OS was running and serve exploits accordingly," says Roel Schouwenberg, senior researcher for Kaspersky. It was a pay-per-install scheme to spread malware, including the Flashback Trojan.

Most researchers say a gradual decline in machines infected by the Trojan is still underway: As of Thursday, there were about 140,000 infected Macs still out there, according to Symantec, and Kaspersky says it sees only about 30,629 Flashback-infected bots in its sinkhole. Still on the horizon, too, is the possibility of a Flashback comeback, with the command-and-control servers sending their bots updates. "We are watching the command-and-control domains used to control this botnet for any updates ... We haven't seen any new updates being delivered," said Liam O Murchu, manager of operations for Symantec Security Response. "Flashback generates new domains every day, which shows us the attackers have probably written malicious code before. They are aware that their botnet could be taken down with a single domain, so they generate a new one every day." To see the full story click here. 

Earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers"https://www.voiceofgreyhat.com/2012/04/flashback-botnet-originated-from-hacked.html</a>

Duqu is Still in Operation, Researcher Found New Duqu Variant

Duqu is Still in Operation, Researcher Found New Duqu Variant 

Last month researchers at Kaspersky Lab managed to solve the Duqu Mystery. They discovered that this dangerous stuxnet was written by custom object oriented C called “OO C”. But was the sufficient to stop this dangerous cyber weapon? The answer is big no, and today a new Duqu variant rise up, which clearly indicating that the attacks are still ongoing and still security experts failed to put a solid brick between Duqu & cyber space. The latest Duqu driver was compiled in February 2012, more than four months after Duqu was first flagged as a unique piece of malware “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran. 

Symantec identified the newly compiled Duqu driver as mcd9×86.sys and said it contains no new functionality beyond spying and collecting data from infected machines. Kaspersky Lab’s Costin Raiu says the latest variant has been engineered to escape detection by the open-source Duqu detector toolkit released by CrySyS Lab.

-Source (ZDnet) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Duqu is Still in Operation, Researcher Found New Duqu Variant"https://www.voiceofgreyhat.com/2012/04/duqu-is-still-in-operation-researcher.html</a>

TDL is Targeting Windows PC, Experts are saying that "it is almost indestructible"

More than four million PCs have been enrolled in a botnet security experts say is almost "indestructible". The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down. targeting

Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.

Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation.

The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus. The changes introduced in TDL-4 made it the "most sophisticated threat today," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus. "The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," wrote the researchers.

Recent successes by security companies and law enforcement against botnets have led to spam levels dropping to about 75% of all e-mail sent, shows analysis by Symantec.

A botnet is a network of computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims' PCs or use the machines to send out spam or carry out other attacks.

The TDL virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files. The virus installs itself in a system file known as the master boot record. This holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.

The biggest proportion of victims, 28%, are in the US but significant numbers are in India (7%) and the UK (5%). Smaller numbers, 3%, are found in France, Germany and Canada.

However, wrote the researchers, it is the way the botnet operates that makes it so hard to tackle and shut down.

The makers of TDL-4 have cooked up their own encryption system to protect communication between those controlling the botnet. This makes it hard to do any significant analysis of traffic between hijacked PCs and the botnet's controllers.

In addition, TDL-4 sends out instructions to infected machines using a public peer-to-peer network rather than centralised command systems. This foils analysis because it removes the need for command servers that regularly communicate with infected machines.

"For all intents and purposes, [TDL-4] is very tough to remove," said Joe Stewart, director of malware research at Dell SecureWorks to Computerworld. "It's definitely one of the most sophisticated botnets out there."

However, the sophistication of TDL-4 might aid in its downfall, said the Kaspersky researchers who found bugs in the complex code. This let them pry on databases logging how many infections TDL-4 had racked up and was aiding their investigation into its creators.

-News Source (BBC)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">TDL is Targeting Windows PC, Experts are saying that "it is almost indestructible""https://www.voiceofgreyhat.com/2011/07/tdl-is-targeting-windows-pc-experts-are.html</a>

Java-Based Multi-platform Backdoor Targeting Windows, Mac & Linux Computers

Java-Based  Multi-platform Backdoor Targeting Windows, Mac & Linux Computers 

Security researcher at Kaspersky Lab have revealed a new java-based web vulnerability which is targeting Windows, Linux & Mac computers while installing backdoor. Mainly the whole thing is a Web-based social engineering attack that relies on malicious Java applets. According to security researchers from antivirus vendors F-Secure - the attack was detected on a compromised website in Colombia. When users visit the site, they are prompted to run a Java applet that hasn't been signed by a trusted certificate authority.

If allowed to run, the applet checks which operating system is running on the user's computer -- Windows, Mac OS X or Linux -- and drops a malicious binary file for the corresponding platform.

The JAR file checks if the user's machine is running in Windows, Mac or Linux then downloads the appropriate files for the platform. All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux, and Windows respectively.

The files are detected as:
Trojan-Downloader:Java/GetShell.A (sha1: 4a52bb43ff4ae19816e1b97453835da3565387b7)
Backdoor:OSX/GetShell.A (sha1: b05b11bc8520e73a9d62a3dc1d5854d3b4a52cef)
Backdoor:Linux/GetShell.A (sha1: 359a996b841bc02d339279d29112fe980637bf88)
Backdoor:W32/GetShell.A (sha1: 26fcc7d3106ab231ba0ed2cba34b7611dcf5fc0a)

However, since F-Secure researchers began monitoring the attack, the remote control server hasn't pushed any additional code. It appears that the attack uses the Social Engineer Toolkit (SET), a publicly available tool designed for penetration testers, Aquino said Tuesday via email. However, the chances of this being a penetration test sanctioned by the website's owner are relatively low.

Kaspersky's researchers are in the process of analyzing the backdoor-type malware downloaded by the malicious shell code on Windows and Linux. "The Win32 backdoor is large, about 600KB; the Linux backdoor is over 1MB in size, both appear to contact very complex code which communicates encrypted with other servers."

-Source (CW & F-Secure) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Java-Based Multi-platform Backdoor Targeting Windows, Mac & Linux Computers"https://www.voiceofgreyhat.com/2012/07/java-based-multi-platform-backdoor.html</a>

Twitter Stimulates Online Crime

 

According to Kaspersky Lab the security company, ever-since the micro-blogging website Twitter was introduced during July 2006, numerous people have been utilizing it in their daily lives for communicating messages crafted within the standard 140 characters, published ITWeb in news on April 14, 2011.

Yet, in spite of the many flashy demographics along with an increased growth of Twitter, the website has had to fight a large number of malware incidences. These incidences are as varied as click-jacking, account compromising, Trojans, and hacks that have enabled cyber-criminals to use the service widely for launching assaults across the Web.

Says security researcher Timothy Armstrong at Kaspersky Lab, there has been many historical developments in the security of Twitter despite it being more-or-less young. Attacks on it have been varied such as hacked admins, trending topics and account compromises amongst others, he adds. ITWeb published this on April 14, 2011.

Further according to Timothy, during August 2008, cyber-criminals attacked Twitter wherein they crafted a malicious web-page containing an advertisement promoting one erotic film. So when anyone clicked on it, he became contaminated with a Trojan-downloader that disguised as an Adobe Flash update.

Also, during 2009, several versions of a Cross-Site Scripting (XSS) virus attacked Twitter. Innumerable messages apparently, signed off from Mikey emerged as the virus spread. Again in 2009, online crooks compromised Twitter trending subjects for delivering malicious software.

Thereafter, one fresh Koobface variant shortly facilitated in propagating its infection via Twitter accounts. Thus, when a contaminated member tried to access the website, Koobface compromised the communication session following which it masqueraded as that member and tweeted in contaminating his contacts.

Meanwhile, even with the lot of security measures adopted for aiding in lessening security threats, it appears that different stages of assaults will continue to hit social-networking websites. For, hackers still manage to invade the broadcasting arena easily because of its ready availability on social websites by abusing trending topics.

Given this, Armstrong concludes that it's thus important that users remain wary of the different kinds of malware, which Twitter has encountered owing to cyber-criminals' active exploitation of the site, reported ITWeb.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Twitter Stimulates Online Crime"https://www.voiceofgreyhat.com/2011/04/twitter-stimulates-online-crime.html</a>

Brazilian ISP Under Massive DNS Poisoning Attack, Redirecting Users To Malicious Sites

Major Cyber Attack on Brazilian Internet Services Provider. The attackers are performing massive DNS poisoning attack to redirect their account holders into the malicious websites. 

According to Kaspersky's SecureList:-

"In the past few days several Brazilian ISPs have fallen victim to a series of DNS cache poisoning attacks. These attacks see users being redirected to install malware before connecting to popular sites. Some incidents have also featured attacks on network devices, where routers or modems are compromised remotely. Brazil has some big ISPs. Official statistics suggest the country has 73 million computers connected to the Internet, and the major ISPs average 3 or 4 million customers each. If a cybercriminal can change the DNS cache in just one server, the number of potential victims is huge.
Last week Brazil’s web forums were alive with desperate cries for help from users who faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened..."'

For more information click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Brazilian ISP Under Massive DNS Poisoning Attack, Redirecting Users To Malicious Sites"https://www.voiceofgreyhat.com/2011/11/brazilian-isp-under-massive-dns.html</a>

Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime

Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime 

All of us, who are associated or directly involved in this cyber domain know very well that its almost impossible to stand against the rising cyber crime & cyber criminals. Then the very first question will arise and that is, what is the solution? The answer will be tie-up collaboration, unity in diversity. That means if we stand together and help each other, then definitely we can control cyber crime, not only that but also we can have a safe and secure cyber space. While talking about co-operation and collaboration then a live instance is here for you. It is your favorite social network, Facebook who stand against cyber criminals and donate $250,000 to help fight cyber crime. According to UAB News - The Center for Information Assurance and Joint Forensics Research at the University of Alabama at Birmingham has received a $250,000 donation from Facebook in recognition of the center’s role in tracking international criminals behind social-media botnet Koobface as well as other spammers. The donation, which comes from money Facebook has recovered from spammers located around the world, will be used to expand the new CIA|JFR headquarters. 

“As a result of numerous collaborations over the years, Facebook recognizes the center as both a partner in fighting Internet abuse, and as a critical player in developing future experts who will become dedicated cybersecurity professionals,” says Joe Sullivan, chief security officer at Facebook. “The center has earned this gift for their successes in fighting cybercrime and because of the need for formal cybersecurity education to better secure everyone’s data across the world.”  

Here we want to remind our readers that 'Koobface' was the most dangerous malware ever made to infiltrate Facebook made by few Russian hacker. The hackers, known as the Koobface gang, sent Facebook users attractive invitations to watch a funny or sexy video. When the unsuspecting users clicked the link, the message appeared saying that their computer’s Flash software needed updating. The “update” was in fact malware that hijacked the user’s clicks and delivered them to advertisers, making the hackers money -to the tune of over $2 million annually. According to Kaspersky Labs the network of infected computers included between 400,000 and 800,000 PC. Earlier in this year the entire Koobface gang was exposed and the C&C server of Koobface has been stopped prenatally by few German Researchers. 

With this story here we, the entire VOGH Team would like to congratulate the team at the University of Alabama at Birmingham on the donation from Facebook. More power to them and similar experts around the world, helping investigate cybercrime and making the online world a safer place! 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime"https://www.voiceofgreyhat.com/2012/10/Facebook-awarded-University-of-Alabama-to-Fight-Against-Cybercrime.html</a>

Another Mac Trojan "Backdoor.OSX.SabPub" Discovered, Exploiting Java Vulnerability

Another Mac Trojan "Backdoor.OSX.SabPub" Discovered, Exploiting Java Vulnerability 

Few weeks ago security experts found Flashback Trojan infected more than 60,000 Mac users around the world. Immediately after this incident Apple issued patches that curb the vulnerability. Yet again it has been found that another Mac trojan that is also spread through Java exploits. The malware, called Backdoor.OSX.SabPub, can take screen-shots of a user’s current session, execute commands on an infected machine and connect to a remote website to transmit the data. It is not clear how users get infected with the trojan, but because of the low number of instances and the trojan’s backdoor functionality, Securelist speculates that it is most likely used in targeted attacks, possibly launched through emails containing a URL pointing to two one of websites hosting the exploit. Two versions of SabPub were discovered in the wild this past weekend, flying undedected for about two months now. Kaspersky's Costin Raiu wrote in a blog post that SabPub was probably written by the LuckyCat authors.

Version 1: Microsoft Office
One version of SabPub traps Mac (and potentially Windows) users with booby-trapped Microsoft Word documents which exploit the vulnerability 'MSWord.CVE-2009-00563.a.'
The spear-phishing emails containment a malicious Word attachment entitled '10thMarch Statemnet' (with typo) to Tibet sympathizers. March 10, 2011 refers to the day the Dalai Lama delivered his annual speech observing the Tibetan Uprising of 1959. The Word doc was created in August 2010 and updated in February with SabPub thrown in; "quite normal" for such attacks and seen in other APT's like Duqu, Raiu notes.
Version 2: Java
A March version of Sabpub also discovered last weekend exploits the same drive-by Java vulnerability seen in Flashback, one of the biggest botnet attacks seen in OS X. Once the backdoor Trojan is downloaded, a victim's system is connected to a command-and-control center via HTTP. From there the botnet can grab screenshots, upload/download files, and remotely execute commands, Sophos' Graham Cluley writes. SabPub drops the following two files on a user's system, so if you are concerned about infection Cluley recommends searching for these files:
/Users//Library/Preferences/com.apple.PubSabAgent.pfile
/Users//Library/LaunchAgents/com.apple.PubSabAGent.plist

Earlier also Mac users faced such attacks where OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations. 

-Source (Securelist & PC Mag)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Another Mac Trojan "Backdoor.OSX.SabPub" Discovered, Exploiting Java Vulnerability"https://www.voiceofgreyhat.com/2012/04/another-mac-trojan-backdoorosxsabpub.html</a>

Koobface Malware Gang Exposed & Comamnd and Control (C&C) Servers Stopped

We are quite sure that Facebook user will never forget the dangerous malware named "Koobface". According to facebook security team it was the most dangerous malware ever made to infiltrate Facebook made by few Russian hacker. The hackers, known as the Koobface gang, sent Facebook users attractive invitations to watch a funny or sexy video. When the unsuspecting users clicked the link, the message appeared saying that their computer’s Flash software needed updating. The “update” was in fact malware that hijacked the user’s clicks and delivered them to advertisers, making the hackers money -to the tune of over $2 million annually. According to Kaspersky Labs the network of infected computers included between 400,000 and 800,000 PC. 

Now facebook take decision to expose the five men alleged to be behind the malware told Ryan McGeehan, Facebook security official. "The thing that we are most excited about is that the botnet is down." said McGeehan. Yesterday, Facebook decided to publish the names of alleged gang members based on details of research carried out in 2009-2010 by two German researchers. One of the researchers works for Security company Sophos. 

To know who was behind the koobface malware or in short to know the exposed Koobface malware gang click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Koobface Malware Gang Exposed & Comamnd and Control (C&C) Servers Stopped"https://www.voiceofgreyhat.com/2012/01/koobface-malware-gang-exposed-comamnd.html</a>

ESET Released Antivirus for Android in Beta

ESET is well-known in the PC arena for its NOD32 antivirus and ESET Smart Security suite. The company's existing mobile security product supports Windows Mobile and Symbian devices. ESET Mobile Security for Android Beta (free, direct) extends the same protection to the Android realm.

ESET Mobile naturally includes protection against Android malware. It checks processes and new apps in real time and also scans for threats on demand. Some mobile security products eliminate almost all antivirus configuration settings. Lookout Mobile Security is an example. ESET includes a full set of configuration choices, much like what you'd find in a PC-based antivirus. It uses heuristic analysis, it can quarantine suspect files, and it optionally scans inside archives, among other things.

Like Kaspersky Mobile Security 9, Norton Mobile Security 2.0 Beta, and others ESET Mobile can respond to coded SMS messages by locking the phone, transmitting its GPS location, or wiping all data from the phone. You can't track the phone by logging in to a Web site the way you can with GadgetTrak Mobile Security for Android & Blackberry 3.1, Mobile Superhero, and others, but ESET's SMS response to a location request includes a Google Maps link.

A thief who attempts to evade ESET's protection by swapping out the SIM card won't get far. Insertion of a SIM card not already marked as trusted will cause the phone to automatically lock and secretly send an alert SMS to one or more predefined contacts. The alert SMS contains the new SIM card's phone number, the IMSI (International Mobile Subscriber Identity) number and the phone's IMEI (International Mobile Equipment Identity) number. ESET also protects against uninstallation on Android 2.2 and later.

ESET's antispam feature isn't as ambitious as that of PrivacyStar and Mr. Mr. Number, which use crowdsourcing to block known spam callers. You can set ESET to block specific blacklisted numbers or to block all incoming calls and texts that don't come from your contacts. The app retains information about blocked contact attempts, so you can review the contact log and make any necessary adjustments.

The most unusual feature ESET offers is the security audit. This isn't an audit of app permissions like that found in Lookout and in Webroot Mobile Security for Android. ESET audits the device daily and automatically fixes everything it can. You can also manually run an audit at any time. ESET alerts if battery power or free disk space are too low. It reports security problems with Bluetooth, GPS, and GSM Network as well as with installed applications and stored data. The included Task Manager lets you view running processes and terminate non-system processes.

This app, currently in beta testing, can be downloaded from the Android Market or directly from the ESET Web site.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">ESET Released Antivirus for Android in Beta"https://www.voiceofgreyhat.com/2011/06/eset-released-antivirus-for-android-in.html</a>

VMWare Source Code Was Stolen at The Time of CEIEC Breach

VMWare Source Code Was Stolen at The Time of CEIEC Breach 

In the official blog VMWare, the visualization software company has revealed that a hacker associated with hacktivist calling himself "Hardcore Charlie" has stolen at least one and possibly many more source files for its software - and has begun posting them on line. VMware on Tuesday announced that a single file from its ESX server hypervisor source code has been posted online, and it held out the possibility that more proprietary files could be leaked in the future. The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers, Said by VMWare official. Earlier we covered that Hardcore Charlie claimed to breach China NationalElectronics Import-Export Corporation (CEIEC), based in Beijing, he got inside CEIEC and posted documents ranging from purported U.S. military transport information to internal reports about business matters on several file-sharing sites, but the authenticity of the documents could not be independently confirmed. Hacker Charlie' claims to have found program files for virtualisation software on CEIEC. In a conversation with Kaspersky Lab, the hacker claimed to have 300MB of VMWare source code. 

The hacker also claimed to have cracked cryptographic hashes on the credentials of hundreds of thousands of sina.com email accounts with the help of another hacker, who goes by the name of @Yamatough and who is thought to have been involved in the distribution of documents suggesting that the Indian government had put in monitoring systems for Nokia, RIM and Apple smartphones. The companies all denied the claim, and the documents were later shown to be faked.

VMWare insisted that the code dated back to 2003-04, though it did not say whether that section of the code had been changed since then. "We will continue to provide updates to the VMware community if and when additional information is available," said Iain Mulholland, director of VMware's security response centre in a statement. VMWare didn't indicate whether its own systems had been breached, and seemed to widen the number of potential targets to include commercial partners.  

Like VMWare, a hacker group named The Lords of Dharmaraja has managed to steal the source code of Norton anti-virus, Symantec. There also hacker leaked the source code and hacktivist Anonymous take the responsibility of the entire phenomena

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VMWare Source Code Was Stolen at The Time of CEIEC Breach"https://www.voiceofgreyhat.com/2012/04/vmware-source-code-was-stolen-at-time.html</a>