Showing posts sorted by relevance for query malware. Sort by date Show all posts
Showing posts sorted by relevance for query malware. Sort by date Show all posts

PandaLabs Exclusive Report: Privacy Violations Will Be The Biggest Security Threat in 2012

Posted by Avik Sarkar On 12/17/2011 12:47:00 pm



Panda Security anti-malware laboratory, today announced its predictions for top security trends to watch for in the coming year. Cyber-espionage, along with privacy violations and social networking attacks facilitated by the increased use of mobile and tablet devices, will be the source of increased security threats over the coming months.
Cyber-espionage targeting companies and government agencies around the world will dominate corporate and national information security landscapes, with the integrity of classified and other protected information on the line. Trojans are expected to be the weapon of choice for hackers focused on these highly-sensitive targets.
According to Luis Corrons, technical director of PandaLabs, “We live in a world where all information is in digital form and is easily accessible if you know how. Today’s spies no longer need to infiltrate a building to steal information. As long as they have the necessary computer skills, they can wreak havoc and access even the best-kept secrets of organizations without ever leaving their homes.”
Consumers will continue to be targeted by cyber-criminals as they find ever more sophisticated ways to target social media sites for stealing personal data. Social engineering techniques exploiting users’ naïveté have become the weapon of choice for hackers targeting personally-identifiable information. “Social networking sites provide a space where users feel safe as they interact with friends and family. The problem is that attackers are creating malware that takes advantage of that false sense of security to spread their creations,” says Corrons. “It is very easy for cyber-criminals to trick users with generic messages like ‘Look, you’re on this video,’ for example. Sometimes, curiosity can be our own worst enemy.”

Summary of what PandaLabs predicts as the major security trends of 2012:-

  • Mobile Malware:- A year ago, PandaLabs predicted a surge in cyber attacks on mobile phones, and the fact that Android has become the number one mobile target for cyber-crooks in 2011 confirms that prediction. That trend will continue in 2012, with a new focus on mobile payment methods using Near-Field Communications (NFC) as these applications become increasingly popular.
  • Malware for Tablets:- Since tablets share the same operating system as smartphones, they are likely be targeted by the same malware. In addition, tablets might draw a special interest from cyber-crooks since people are using them for an increasing number of activities and are more likely to store sensitive data.
  • Mac Malware:- As the market share of Mac users continues to grow, the number of threats will grow as well. Fortunately, Mac users are now more aware that they are not immune to malware attacks and are increasingly using antivirus programs to protect themselves. The number of malware specimens for Mac will continue to grow in 2012, although still at a slower rate than for PCs.
  • PC Malware:- PC malware has grown exponentially over the past few years, and everything indicates that the trend will continue in 2012. Trojans, designed to sit silently on users’ computers, stealing information and transmitting it back to their handlers will continue to be cyber-crooks’ weapon of choice; 75 percent of new malware strains in 2011 were Trojans.
  • SMBs Under Attack:- Financial institutions are fairly well protected these days against malware. But smaller businesses are easier and cheaper targets to attack, and their customer databases can be a real treasure trove for hackers, particularly if credit card and other financial data is stored “in the clear”. Unfortunately, many small to medium-sized companies do not have dedicated security teams, which makes them much more vulnerable.
  • Windows 8:- While not scheduled until November 2012, the anticipated next version of Microsoft’s operating system will offer cyber-crooks new opportunities to create malicious software. Windows 8 will allow users to develop malware applications for virtually any device (PCs, tablets and smartphones) running this platform, although this will likely not take place until 2013.

Corrons concludes, “The malware game continues. As new technologies advance, cyber-crooks develop new modes of attack, often by simply adapting old techniques to the new platforms – which is an area software vendors need to pay attention to. In the end, though, it’s users’ false sense of security that is the hacker’s best friend.”


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

McAfee Threats Report: Second Quarter 2011

Posted by Avik Sarkar On 8/25/2011 01:11:00 pm


McAffee released its security threat report  today, announcing that 2011 has seen spikes in several different types of online security threats. “The second quarter of the year was clearly a period of chaos, changes, and new challenges,” according to the report.

The Report Contents:-

  • Hacktivism
  • Mobile Threats
  • Cybercrime
  • Malware Threats
  • Adobe outpaces Microsoft in Attracting Exploits
  • Messaging Threats
  • Web Threats

According to McAffee:-

"The threat landscape of 2011 is undergoing a year of chaos and change. We see chaos in the major challenges that hacktivist groups such as LulzSec and Anonymous pose, and change in the shifts in new malware classes and targeted devices. This quarter McAfee Labs saw major hacktivist activity—but in a very different way. The group Lulz Security, LulzSec for short, differs from other hacktivist groups in that they had no specific goals. They were in it, as they claimed, for the “lulz” (LOLs in text messagespeak, or “laugh out loud’s” ) but
showed an agility at compromising networks and servers, and stealing usernames, passwords, and other data. LulzSec committed multiple intrusions against a wide variety of companies, as well as attacks against police departments and intelligence agencies, and many other compromises. Although many of the outcomes and uses of these compromises are still in play (and we provide a helpful overview of the quarter’s activity) one thing has become clear: Many companies, both large and small, are more vulnerable than they may have suspected. Further, the security industry may need to reconsider some
of its fundamental assumptions, including “Are we really protecting users and companies?” Although LulzSec may have ceased its operations during this quarter, the questions they and other hacktivist groups have raised will be debated for a long time.
One significant change in the first quarter of 2011 was Android’s becoming the third-most targeted platform for mobile malware. This quarter the count of new Android-specific malware moved to number one, with J2ME (Java Micro Edition), coming in second while suffering only a third as many malware. This increase in threats to such a popular platform should make us evaluate our behavior on mobile devices and the security industry’s preparedness to combat this growth.
We also saw an increase in for-profit mobile malware, including simple SMS-sending Trojans and complex Trojans that use exploits to compromise smartphones. We offer an update of cybercrime “pricebooks” as well as some changes to toolkit and service prices. “Crimeware as a service” and the burgeoning “hacktivism as a service” continue to evolve as interests and targets change. On the positive side, there were some significant victories against cybercriminals this quarter.
Continuing the change theme, we observed a considerable decrease in both AutoRun and Koobface malware, offset by a strong rise in fake-anti-virus software that targets the Mac. Apple’s OS X has been mostly ignored by malware writers for years, so this represents a significant change of target
for cybercriminals. Malware continued its overall growth during the quarter as did rootkit malware. Rootkits, used primarily for stealth and resilience, makes malware more effective and persistent; its popularity is rising. Rootkits
such as Koutodoor and TDSS appear with increasing frequency. The amount of malware that attacks vulnerabilities in Adobe products continues to overwhelm those in Microsoft products.
Botnets and messaging threats, although still at historic lows, have begun to rise again. We expected this recovery after some recent botnet takedowns. Users and enterprises must plan for this growth and prepare their defenses and responses accordingly. We again examine social engineering subjects by both
geography and subject and botnets by geography and type.
We saw several spikes in malicious web activity this quarter as well as some serious growth in blogs and wikis with malicious reputations. Sites that deliver malware, potentially unwanted programs, and phishing sites also increased.
The second quarter of the year was clearly a period of chaos, changes, and new challenges."

To Download The Full report Click Here

-News Source (McAffee)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android becomes second most popular malware

Posted by Avik Sarkar On 6/02/2011 03:51:00 pm



The first quarter was the most active in malware history and mobile attacks are moving to the forefront, according to McAfee data. Android attacks are also picking up. McAfee’s first quarter threat report noted that attacks surged in the first quarter, but spam has fallen. In fact, there were 6 million unique malware samples in the first quarter, the highest ever for the first three months of the year. February had the most new malware samples—2.75 million. Fake anti-virus software—think Mac Defender—reached its highest levels in march with 350,000 unique samples. As for emerging threats, McAfee noted that Android devices are becoming malware havens. Android was the second most popular environment for mobile malware behind Symbian in the first quarter. Historically, Android remains No. 3.

McAfee Labs combats several developing families of malware that attack Android phones. One of the families, Android/DrdDream, comprises a variety of legitimate games and apps that have been injected with malicious code. These threats are unique and quite dangerous due to the use of two root exploits to gain greater control of those phones. The two exploits—Exploit/LVedu and Exploit/DiutesEx—were initially used by users trying to gain legitimate root access to their own devices, a process commonly referred to as rooting.1 In the PC world, malware often uses exploits to enable drive-by downloads that infect machines visiting specially designed or compromised websites. For mobile devices, much of the malware has required user interaction, but in the near future mobile exploits will certainly allow automatic malware installation. Like Android/DrdDream, the Android/Drad family is made up of maliciously modified applications.
This family sends device information to an attacker-controlled site. Just like in the PC malware world, Android/Drad listens for commands from the attacker. The malware can also download additional software, though it stops short of being a full-fledged mobile botnet. It appears that the malware uses blackhat search-engine optimization techniques, a process of manipulating search engine results to place dangerous sites higher than they should appear in lists of hits.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

MAC Defender Rogue Anti-Virus Analysis and Removal

Posted by Avik Sarkar On 5/03/2011 04:51:00 pm



SecureMac reports that a new privacy and security threat is targeting computers running Apple's Mac OS X disguised as an anti-virus program called MAC Defender. The rouge anti-virus program will "detect" nonexistent threats as being present on the user's system in an effort to persuade them to hand over their credit card information and purchase a "subscription" to the program. If that doesn't do enough to convince the user to buy the fake anti-virus program, it will start popping up pornographic websites to create an actual problem on the system
The malware, first reported on various discussion boards last week, initially appears in the web browser as a fake anti-virus scan (with graphics from Microsoft Windows) when the user clicks a web link. At the time of our initial analysis, the fake scan sites were appearing after the user clicked an infected link in Google image searches. Initial user reports indicate that a wide variety of keywords will show search results containing infected links. If the user clicks on various links or buttons on the fake scan webpage rather than closing it immediately, the actual malware will be downloaded to the user's system. The fake scan site checks the web browser settings to determine if the user is running Mac OS X or Microsoft Windows, and then downloads the appropriate installer for the user's operating system.
If the user has their web browser to automatically open 'safe' files such as zip archives, the installer for the malware will appear without further user interaction. Once the user runs the installer (and enters their admin password when prompted), the malware is installed to the Applications folder, sets itself as a login item, and starts to run. The malware appears as a menu bar item in OS X, but without a Dock icon or any way to exit the program. The program immediately starts to "scan" the infected system, alerts the user they are infected with various malware, and prompts them to purchase the program in order to remove the threats. If the user decides not to purchase a subscription, the malware will start displaying pornographic websites at random on the infected system.
MAC Defender uses Javascript to display the fake scan webpage and download the installer file, unlike the Boonana malware detected by SecureMac in October 2010, which uses Java as the technology behind infections. While disabling Java in the web browser was an easy solution to avoid Boonana infections, Javascript is used on a large number of websites, and disabling Javascript will result in a significantly degraded web browsing experience. Instead, SecureMac offers the following simple tips to avoid infection by MAC Defender:
Safe Browsing Tips
1. Watch where you surf. By sticking with safe, well-known websites, you will be less likely to visit a site that will attempt to infect you with this malware. When clicking on results from a search engine, be extra vigilant for websites that seem fishy.
2. Watch what you download. Download files only from trusted sources and safe sites. If a file automatically downloads or an installer randomly appears, be sure to determine if it is legitimate instead of blindly installing it. If you are unsure, err on the side of caution and don't install the program without further research.
3. Use the security features in OS X. Disable web browsers from automatically opening "safe" files. In Safari, you can disable this feature by clicking the "Safari" menu, then clicking "Preferences," then uncheck the "Open "safe" files after downloading" checkbox. Turn on the built-in Firewall, and consider legitimate security software, especially when a computer is shared by multiple users.
If you find yourself infected with this new malware, there are a number of alternatives for removal:
Removal Instructions
MacScan users can identify the new malware by running a spyware scan with the latest spyware definitions update, which was release May 2nd, 2011. A 30-day demo of MacScan can be downloaded from SecureMac at macscan.securemac.com. To update spyware definitions from within the program, click the "MacScan" menu and then click "Check for updates." Once the malware has been detected and isolated, users should drag the "MacScan Isolated Spyware" folder from their Desktop to the Trash in order to remove MAC Defender from their system.
For manual removal users should follow either of these two methods:
Method One
1. Open Activity Monitor from the Utilities folder. Make sure the drop-down menu is set to "all processes."
2. Use the search field in Activity Monitor to search for MacDefender.
3. Click on the MacDefender process. Click the "Quit Process" button. Click "Force Quit."
4. Drag the MacDefender program (installed in the Applications folder by default) to the Trash. Empty the Trash.
5. Remove MacDefender from the Login Items for your Account in the OS X System Preferences (if it exists).
Method Two (Advanced)
1. Open the Terminal application from the Utilities folder.
2. Type the following command in the terminal (without quotes) and hit the return key: 'ps -ax | grep -i MacDefender'
3. Note the process ID associated with the MacDefender program (the first digits listed in the result).
4. Type the following command in the terminal (without quotes, and substituting the process ID noted above for XXXX) and hit the return key: 'kill XXXX'
At this time the MAC Defender program will no longer be running. Continue with steps 4 and 5 from Method One for removal.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple releases anti-virus update for infected 120,000 Mac users

Posted by Avik Sarkar On 5/26/2011 12:26:00 pm


Apple has finally come clean and admitted that its software can be turned over by a virus.
The malware has been confusing Mac users for more than a week because it is a central belief in the dogma of Apple that only Windows users suffer from malware and get recruited into botnets.  We guess some of them must believe that they accidently downloaded Windows and became instantly infected as Steve said they would.
Matters have been made worse because Apple instructed its customer care teams to fudge the problem if customers rang them up.  The Tame Apple Press has also been in full swing trying to downplay the matter.  Apple fanboys have been targeting hacks who write about it, claiming that it was software that people were tricked into downloading, it was not malware, which shows how ignorant Apple followers are when it comes to security matters,
The Malware, MacProtector and MacSecurity, warns a victim that his or her computer is infected and goes through a complex installation process. It spends most of its life trying to snuffle for credit card information.
Zdnet  believes that more than 120,000 of Apple's US followers have been infected by a credit card stealing virus and dubbed Apple's approach to the problem as Orwellian.
Now Apple has said that it will deal with the malware using a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.
The update will also help protect users by providing an explicit warning if they download this malware.
Jobs' Mob have posted instructions on how to avoid installing the Mac Defender malware as well as how to remove it from an affected computer.
Given the success of the malware it would appear that Apple followers are a soft touch. The malware plague was caused by enough of them downloading the bogus software and not being aware that there was something wrong.
For years security experts have been worried that the lack of security on Apple machines would eventually result in hackers trying to turn it over. While Windows 7 has had years of security proofing, under stress, Apple has not focused on this problem and its much needed onboard security scanner only finds one bit of malware,

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Another OS X Malware App Pops Up, But Danger is Still Limited

Posted by Avik Sarkar On 5/03/2011 12:03:00 am


Cyber criminal community's interest in attacking Apple users is growing, but still lacks discipline
According to a handful of dedicated hackers of Apple, Inc.'s (AAPL) computer operating system, OS X, the OS is actually less secure than Microsoft Corp.'s (MSFT) Windows.  But thanks to the OS's small market share (traditionally 5 percent or less) most cybercriminals haven't felt it worthwhile to target the platform.  Also, some hackers have misgivings about attacking Unix-like operating systems (e.g. Linux, OS X).


Still, Apple's growing market share and boastful claims of security have lead to an increased interest in attacks and some OS X malware has been popping up of late.

The latest malware to target OS X is dubbed "MACDefender".  Attack pages for the new malware exploit the way Apple's default Safari browser handles Javascript, running a script that auto-initiates the download of a script file.  If the user has opted to open "safe" files, the archive will then auto-open and initiate an install dialogue.

The risk is minimal as users must approve of this dialogue and enter an administrative password to complete the installation.  Still it may be a bit more widespread as the attack pages have boosted themselves to near the top of many search results, thanks to search engine optimization (SEO) poisoning.

It is unclear what the software does when active, though it appears to be logging user activities.  Users who accidentally installed the software can still delete it by killing its process and dragging it from the Applications folder to the Trash bin.

Members of the Apple Support community first noted the malware last Saturday.

On Monday, security firm Intego released an advisory, calling the risk of the malware "low".  Intego writes:
When a user clicks a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file," Intego said. "In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open 'safe' files after downloading in Safari, for example), will open.
The malware unfortunately shares its name with a legitimate OS X software firm.  MacDefender is a small software firm that makes geocaching software, including GCStatistic and DTmatrix.  The company has released a statement emphatically saying that it is not affiliated with the rogue software.

The company writes:
IMPORTANT NOTE: As it seams (sic) someone wrote a virus/malware application named mac defender (MacDefender.app) for OS X. If you see an application named like this DO NOT DOWNLOAD/INSTALL it. I would never release an application named like this.
In recent months botnet-forming worms and trojans have targeted OS X.  Most of these pieces of malware have been amateurish efforts, though, or works in progress.  Nonetheless it remains a very real possibility that Apple could one day see a serious attack.

For its part Apple has suggested users get an antivirus program, though it still claims in advertisements that its platform does not suffer from malware like Windows.  Apple has refused to provide customers with free antimalware software like Microsoft does, so security firm Sophos Plc. has picked up the ball offering free basic protection to Mac users.  Some other smaller firms also offer free Mac antimalware suite

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback Trojan Targeting Mac OS X in VMware Fusion

Posted by Avik Sarkar On 10/18/2011 05:48:00 pm

Underscoring the growing sophistication of Mac-based malware, a trojan preying on OS X users has adopted several stealth techniques since it was discovered last month.
Updates to the Flashback trojan, which gets installed by disguising itself as an Adobe Flash update, now prevent the malware from running on Macs that use VMware Fusion. Such virtual machine software is routinely used by security researchers to test the behavior of a malware sample because it's easier to delete a virtual instance when they're finished than it is to wipe the hard drive clean and reinstall the operating system.
According to MAC Security Blog:-
The latest version, Flashback.D, has gotten a bit sneakier. First, it checks to see if the user is running Mac OS X in VMware Fusion. If so, it does not execute. It does this because many malware researchers test malware in virtual machines, rather than infect full installations, as it is easier to delete them and start over with clean copies. This means that security researchers analyzing and looking for this malware need to be running regular Macs.
Next, the installer for the malware downloads the payload when running the postinstall script.

Finally, it no longer installs the easy-to-spot ~/Library/Preferences/Preferences.dylib. Instead, it installs the backdoor inside Safari, and does so in two ways. It adds information to Safari’s info.plist file, with the location of the backdoor, and it adds the actual backdoor module at /Applications/Safari.app/Contents/Resources/UnHackMeBuild.


Even if a user removes the above file (UnHackMeBuild), they need to edit Safari’s info.plist file; if not, Safari will look for the backdoor on launch, and, if it is not found, Safari will quit.

-News Source (Intego Blog, The Register)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Malware targeting OS X users

Posted by Avik Sarkar On 5/14/2011 03:19:00 pm


If you ever see a message or window in Safari or your e-mail client about your system's security being compromised, ignore it! Malware developers and scammers are increasingly focusing on OS X and working to trick Mac users with highly developed Trojan horse attempts, using both software and ominous-looking messages generated in Web browsers and e-mail clients. Recently some rather sophisticated Trojan horse scam software called Mac Defender was discovered for OS X, and a similar attempt has surfaced with a Web-based malware-detection facade that tries to get you to download and install malware on your system.
If you ever see a message or window in Safari or your e-mail client about your system's security being compromised, ignore it! Malware developers and scammers are increasingly focusing on OS X and working to trick Mac users with highly developed Trojan horse attempts, using both software and ominous-looking messages generated in Web browsers and e-mail clients. Recently some rather sophisticated Trojan horse scam software called Mac Defender was discovered for OS X, and a similar attempt has surfaced with a Web-based malware-detection facade that tries to get you to download and install malware on your system.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flame -The "Super Spy" Even On Offline Computers Turning Users into Data Mules

Posted by Avik Sarkar On 6/17/2012 02:48:00 am

Flame -The "Super Spy" Even On Offline Computers Turning Users into Data Mules

The program known as Flame has fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Now researchers have discovered another unexpected tool in its data-stealing arsenal: You.
Malware analysts at the security firm Bitdefender say they’ve found a unique capability within Flame’s code that would potentially allow it to steal data even from computers that aren’t connected to the Internet or to other networked machines. Instead of simply uploading stolen data to a remote server as traditional spyware does, Flame can also move the target information–along with a copy of itself–onto a USB memory stick plugged into an infected machine, wait for an unwitting user to plug that storage device into an Internet-connected PC, infect the networked machine, copy the target data from the USB drive to the networked computer and finally siphon it to a faraway server.
Spreading itself over an infected USB device is hardly a new trick for malware. But Bitdefender’s researchers say they’ve never before seen a cyberespionage program that can also move its stolen digital booty onto the USB stick of an oblivious user and patiently wait for the opportunity to upload it to the malware’s controllers.
“It turns users into data mules,” says Bitdefender senior malware analyst Bogdan Botezatu. “Chances are, at some point, a user with an infected flash drive will plug it into a secure computer in a contained environment, and Flame will carry the target’s information from the protected environment to the outside world…It uses its ability to infect to ensure an escape route for the data. This is is somewhat revolutionary for a piece of malware.”
Flame was designed to use the same .lnk autorun vulnerability first exploited by the NSA-built Stuxnet malware to invisibly install itself on USB devices. To hide its trove of stolen data on the user’s device, Flame copies both itself and its data to a folder labelled with a single “.” symbol, which Windows fails to interpret as a folder name and thus renders as invisible to the user. “What we have here is a little hack/exploit performed on how the operating system is interpreting file names,” Bitdefender’s researchers wrote in a blog post on Flame last week.
When an infected USB is plugged into a networked machine, Flame checks that it can contact its command and control server through that computer. Then it moves its target data off the USB to the PC, compresses it, and sends it to the remote server via HTTPS, according to Bitdefender’s analysis. The researchers found that while Flame is capable of infecting networked PCs for the purpose of exfiltrating its data, the version they analyzed had rendered that infection capability inactive, perhaps to avoid the spyware spreading too far, so that only PCs already infected with Flame would be capable of acting as gateways back to the malware controller’s server. The fact that the spyware’s infection technique was turned off may be evidence that the “data mule” in the Flame operation may in fact have been aware of his or her role as an data smuggler.


Regardless, Botezatu says Flame’s USB-piggybacking trick fits with its profile as a highly sophisticated spying tool meant to steal a target’s most protected secrets–not just another cybercriminal keylogger designed to catch credit card numbers. “Most of the infrastructure it targets is highly contained, often without Internet access,” says Botezatu. “It’s natural for Flame to have a mechanism for moving data from one environment to another that doesn’t rely on Internet or network communications.” For additional details can be found here

-Source (Forbes)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Willysy Malware Infects More than 6 Million WeSites

Posted by Avik Sarkar On 8/08/2011 02:00:00 pm

 
In less than two weeks, a malware injection that targets e-commerce Web pages has ballooned from 90,000 infected pages to more than 6 million. Malware willysy The malware, called willysy, exploits a vulnerability in a popular online merchant platform, osCommerce, according to Web application security provider Armorize, of San Francisco.
When the company initially reported the injection on July 24, it found 90,000 infected pages. When it took another look at the malware on August 3, it found the injection had spread to some 6.3 million pages.

Although the identity of the perpetrators of the attacks by the malware could not be identified by Armorize, the company did trace the forays to eight IP addresses, all located in the Ukraine.
Armorize explainedthat the attacks exploit three known vulnerabilities in version 2.2 of osCommerce. The exploits allow the attackers to place an invisible frame (iFrame) on the page and then inject malicious code (JavaScript) into the page, where it will infect visitors to the online store.
Once the infection makes it to shopper's computer, it targets vulnerabilities in Java, Adobe Reader, Windows Help Center and Internet Explorer. Although the flaws in those programs targeted by the infection are known and have been patched, the attackers are betting that the user hasn't patched all the programs.
Even the exploitation of osCommerce itself depends on lax patch management by the shopping site, since the holes in the program used by the attackers were patched in version 2.3 of the software released in November of last year. Since that time, two versions of the offering have been released, 2.3.1 and 3.0.1.

According to osCommerce, the open source software is used by some 249,000 store owners, developers, service providers and enthusiasts.
Attacks like the one discovered by Armorize can be especially harmful to small and medium-size businesses (SMB), asserts Frank Kenney, a former Gartner analyst and vice president of Global Strategy at Ipswitch, a file transfer security company in Lexington. Malware willysyWillysy's progress Those companies typically don't have the financial resources of larger firms so they're attracted to open source programs like osCommerce and use off-the-shelf software in their operations. "Whenever you use off-the-shelf software, you have to understand there are data issues and all types of security vulnerabilities that exist," he told
While the makers of off-the-shelf software patch their programs often, he continued, the business still has to invest in the resources to insure that proper patch work is done. "That requires an outlay of capital that SMBs are not willing to deal with or don't have within their margins," he says.
Such lack of diligence can hurt a business in the long run, because security breaches can invite scrutiny from credit card companies, he explained. A credit card company may refuse to allow the business to use its services until it shows a certain level of security compliance that is out of the reach of the business from a financial or time and resource point of view.
That would have dire consequences for an SMB, he maintains. "The ability to process cards is the difference between a small business or a chain of mom-and-pop stores being open today and being closed tomorrow," he says.
 
-News Source (PC World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Hacked By The Same Group Who Attacked Facebook

Posted by Avik Sarkar On 2/20/2013 06:52:00 pm

Apple Hacked, Macintosh Computers Infected  By The Same Group Who Attacked Facebook 

The month of February is not going good for cyber space, specially for giant organization. Last week the social networking giant Facebook fallen victim of a devastating cyber attack which did effected a number of  systems. Facebook admitted that it faced a "sophisticated attack" on computers where it has been found the attackers used a zero-day Java exploit to initiate the attack, but that no user data was compromised. The same thing happened to micro blogging site Twitter and New York Times. And now it was the turn for Apple. The California based multinational company acknowledged that recently their systems has been attacked by hackers who infected Macintosh computers of some employees. Like Facebook here also no data has been effected, "there was no evidence that any data left Apple." -said Apple. 
According to an exclusive report of Reuters -some unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers. The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault. Experts are presuming that all these cyber attacks of February, that is Twitter, New York Times, Facebook & Lastly Apple Inc was originated from China, and executed by the same hacker group. On the other side few experts are also saying that the group responsible for the hack, has been identified as "Unit 61398" of the People's Liberation Army. But so far there is no proof. 
Apple also revealed that it plans to release a software tool later Tuesday that will protect customers against the same type of software that was used against its employees. 

Apple also provided a statement as follows:-
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found..."




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback.G Trojan Targeting Mac Users While Stealing Passwords

Posted by Avik Sarkar On 2/26/2012 10:44:00 pm

 Flashback.G Trojan Targeting Mac Users While Stealing Passwords
Remember earlier MAC Security Blog reported that the latest version, Flashback.D, has gotten a bit sneakier. First, it checks to see if the user is running Mac OS X in VMware Fusion. If so, it does not execute. It does this because many malware researchers test malware in virtual machines, rather than infect full installations, as it is easier to delete them and start over with clean copies. This means that security researchers analyzing and looking for this malware need to be running regular Macs.
 Yet again Mac users became the victim of another trojan. This new Trojan virus is capable of infecting their computers and stealing passwords to services such as Google, PayPal, online banking & so on. This virus is using a new installation method When a user visits a crafted web page, the new variant either tries to exploit two old security vulnerabilities or deploys a Java Applet which tries to trick the user into believing it has been certified by Apple. According to Mac Security Blog (Intego):- This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.
It is worth noting that Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac in question. It does this to avoid detection. It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected.
Earlier also Mac users faced such attacks where OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Malware Named "Gameover" Targeting Bank Accounts

Posted by Avik Sarkar On 1/07/2012 09:31:00 pm


Another malware named "Gameover" is targeting bank accounts via phishing emails. Cyber criminals have found yet another way to steal your hard-earned money: a recent phishing scheme involves spam e-mails—purportedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC)—that can infect recipients’ computers with malware and allow access to their bank accounts.
The malware is appropriately called “Gameover” because once it’s on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. And once the crooks get into your bank account, it’s definitely “game over.” Gameover is a newer variant of the Zeus malware, which was created several months ago and specifically targeted banking information. Few days ago Ramnit worm did the same thing. It steals more than 45K Facebook Login details not only that but also more than 250K PC has been infected by Ramnit worm. It clearly showing that the rate of this cyber threat is going high and high. 

How The Gameover Malware Is Working:- 
Typically, you receive an unsolicited e-mail from NACHA, the Federal Reserve, or the FDIC telling you that there’s a problem with your bank account or a recent ACH transaction. (ACH stands for Automated Clearing House, a network for a wide variety of financial transactions in the U.S.) The sender has included a link in the e-mail for you that will supposedly help you resolve whatever the issue is. Unfortunately, the link goes to a phony website, and once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information.
After the perpetrators access your account, they conduct what’s called a distributed denial of service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site—probably in an attempt to deflect attention from what the bad guys are doing.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSS Said : IE9 Blocks Virtually all Socially Engineered Malware, Rather Than Other Browsers

Posted by Avik Sarkar On 8/18/2011 04:28:00 pm


A study prepared by NSS Labs concludes that Microsoft's Internet Explorer 9 blocks virtually all socially engineered malware, far more than rival browsers.
The study was designed to examine one aspect of security: how a browser handled a malicious URL, such as one received in a posting on a social network or an email. The NSS goal was to find the browser which identified, warned, and/or blocked malicious URLs from being viewed by the user.
As it did in 2010, Microsoft's IE9 with Smart Screen URL detection and Application Reputation topped the field, blocking 99.2 percent of all malicious emails. Google's Chrome 12 finished far behind, blocking 13.2 percent of all malicious URLs. Apple's Safari 5 and Mozilla Firefox 4 tied at 7.4 percent, with Opera 11 finishing dead last at 6.1 percent.

 

The NSS Labs study showed that, globally, all of the browsers tested showed improvement over an NSS study performed last year, with two exceptions: Safari and Mozilla's Firefox. A year ago, Microsoft IE9 blocked 99 percent of the malicious URLs, followed by Chrome 6 (3%), Safari 5 (11%), Firefox 3.6.15 (19%), and Opera 10 (0%).
NSS attributed Microsoft's success to its Application Reputation technology, which has attempted to categorize applications across the Internet.
"The significance of Microsoft's new application reputation technology cannot be overstated," the NSS report found. "Application reputation is the first attempt by any vendor to create a definitive list of every application on the Internet. This new capability helps users discern malware, and potentially unsafe software from actual good software. The list is dynamically created and maintained, much the same way Google, (or Bing) is continuously building and maintaining a library of content for search purposes."
The NSS tests sliced the potential for malware along one specific axis, socially engineered malware, a distinction Google objected to during the 2010 tests. ""Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities," a spokeswoman said then.
NSS also found that the combination of SmartScreen and Application Reputation means that IE9 blocked new malware in just over half and hour, while Safari 5 and Firefox 4 required 4.91 and 6.07 hours, on average, to detect a new malicious URL. Chrome 12 and Opera 11, by contrast, required 17.7 and 18.4 hours, respectively. Over time, as the malicious URLs changed in response to detection, the browsers maintained their level of protection fairly consistently, NSS found.
"Not only has the effectiveness of the technology improved, but so has the speed at which it is able to identify socially engineered malware," Roger Capriotta, director of Internet Explorer product marketing, wrote in a blog post Monday. "For our Windows customers, this means fewer infections and headaches for you."
In its report, NSS said its findings were independent, and that it had not received funding from any vendor. 

-News Source (PC Mag)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Koobface Malware Gang Exposed & Comamnd and Control (C&C) Servers Stopped

Posted by Avik Sarkar On 1/20/2012 12:16:00 am


We are quite sure that Facebook user will never forget the dangerous malware named "Koobface". According to facebook security team it was the most dangerous malware ever made to infiltrate Facebook made by few Russian hacker. The hackers, known as the Koobface gang, sent Facebook users attractive invitations to watch a funny or sexy video. When the unsuspecting users clicked the link, the message appeared saying that their computer’s Flash software needed updating. The “update” was in fact malware that hijacked the user’s clicks and delivered them to advertisers, making the hackers money -to the tune of over $2 million annually. According to Kaspersky Labs the network of infected computers included between 400,000 and 800,000 PC
Now facebook take decision to expose the five men alleged to be behind the malware told Ryan McGeehan, Facebook security official. "The thing that we are most excited about is that the botnet is down." said McGeehan. Yesterday, Facebook decided to publish the names of alleged gang members based on details of research carried out in 2009-2010 by two German researchers. One of the researchers works for Security company Sophos

To know who was behind the koobface malware or in short to know the exposed Koobface malware gang click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DHS Issues Malware Warning Impersonating FBI & US Cyber Command

Posted by Avik Sarkar On 8/31/2012 06:05:00 pm


DHS Issues Malware Warning Impersonating FBI & US Cyber Command

If you think that only innocent computer users are just the only target of cyber criminals, then you are absolutely wrong. Recently United States Computer Emergency Readiness Team, widely known as US-CERT; which is a part of Depertment of Homeland Security's (DHS) National Cyber Security Division has issued an emergency alert wile announcing a new effort by cyber criminals to spread Malware that impersonates Federal law enforcement (FBI) and other government agencies. The malware is a malicious software that installs itself on a users computer without a users permission or knowledge, “displays a screen claiming that a Federal Government agency has identified the user’s computer as being associated with one of more crimes,” reports the US-CERT alert. Explaining further, the malware then instructs the victim “to pay a fine to regain the use of the computer, usually through prepaid money card services.” The appearance of the message displayed on a users screen is intended to seem like a legitimate and official looking warning from the FBI or US Cyber Command. In turn, the impersonation effort by the cyber criminals seeks to leverage this to scare victims into paying the so-called fine immediately.
“Affected users should not follow the payment instructions,” US-CERT recommends, adding, “Users may also choose to file a complaint with the FBI’s Internet Crime Complaint Center.” 


In their release US-CERT states:-
“US-CERT is aware of multiple malware campaigns impersonating multiple U.S. government agencies, including the United States Cyber Command (USCYBERCOM) and the Federal Bureau of Investigation (FBI). Once installed on a system, the malware displays a screen claiming that a Federal Government agency has identified the user's computer as being associated with one or more crimes. The user is told to pay a fine to regain the use of the computer, usually through prepaid money card services.”








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple admits THAT MALWARE ATTACK ON MAC OS 'getting worse'

Posted by Avik Sarkar On 5/19/2011 10:38:00 pm



Malware Threats for Apple Inc.’s Macintosh operating system are getting worse, and Apple’s official policy is not to help get rid of the problem.

These were the admissions of an AppleCare call center representative who spoke to tech website ZDNet’s Ed Bott, who posted the transcript of the conversation on ZDNet’s site.

“We started getting a trickle of calls a couple weeks ago. However, this last week over 50 percent of our calls have been about it. In two days last week I personally took 60 calls that referred to Mac Defender," said the representative.

Mac Defender is a rogue software masquerading as an anti-malware program for computers running the Mac OSX operating system.

It presents bogus messages and charges users to pay for the program.

'We're not supposed to help customers:-

But the representative said that they had been advised to adopt a passive stance against Mac Defender and any other such malware. “we’re not supposed to help customers remove malware from their computer," the representative said.

“The reason for the rule, they say, is that even though Mac Defender is easy to remove, we can’t set the expectation to customers that we will be able to remove all malware in the future. That’s what antivirus is for," the representative said.

But the representative admitted some call center representatives still try to help, despite an agreement for AppleCare that they are not supposed to help with malware.

“Indeed we are monitored, but I can’t personally justify telling a father who’s freaking out about what his 6-year-old daughter just saw that I can’t help him out. Our on-floor managers and QA guys do their best to let it slide, but if they start getting pushed from higher-ups, we could face write-ups and even termination," the representative said.

'It's getting worse':-

The representative also said the problem with Mac Defender is getting worse.

“It started with one call a day two weeks ago, now it’s every other call. It’s getting worse. And quick," the rep said.

The rep added they would also give callers whose computers were hit links to antivirus software makers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Wisconsin University Hacked (75,000 social security numbers, Student Credentials Exposed)

Posted by Avik Sarkar On 8/12/2011 04:15:00 pm


The University of Wisconsin’s Milwaukee campus has been subject to a malware attack, which has exposed names and social security numbers of students — past and present — and staff alike.
Malware was discovered on a database server, which contained 75,000 social security numbers, and was shut down immediately after the malware was found.
While law enforcement and school investigators have yet to find evidence that data was stolen, the university sent out a letter to those who may have been affected by the breach.
In a statement, the vice-chancellor — the university boss — believes that the motive was theft of research project data; data and research programmes the university itself excels in. Staff found back-door malware, which can scan and view documents on a server, which is used by many of the university’s departments to store crucial research.
One of the concerns is that the malware could have had access to other servers, indicating the likelihood of a wider hack.
The malware is thought to have been installed on May 25th, and local and federal law enforcement were called in to investigate. On June 30th, however, it was discovered that the database containing social security numbers was compromised, also.
University officials, via a notice on their website, warn students to monitor their financial information and credit card statements to be on the safe side.
This news comes only days after it was discovered that users’ data, including social security numbers — predictable in nature — can be taken from sites like Facebook and other publicly government sites.
While data in this case may not have been downloaded — only exposed to hackers by malware — it once again calls questions on the data that universities have on its students.
It is, however, another reminder to users of Facebook and other social networking sites not to make birthday and date of birth data available on the web. While though it may be benign on in singular form, hacks like these, which include your full name, make you even more vulnerable to identity theft and bank account hacks more likely.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cybercrime can ruin the entire economies

Posted by Avik Sarkar On 5/22/2011 12:51:00 pm



Russian anti-virus guru Eugene Kaspersky does a quick calculation in his head as he blinks at the ceiling.Satisfied, he announces: "About 200000."

That's the number of virus-infected computers in a targeted attack on SA's internet infrastructure that would shut it off from the rest of the world. No e-mail. No electronic transactions. No web searches. No e-government. No Skype, Twitter or Facebook. Nothing.

He's not being alarmist - it happened in Estonia in 2007.
And 200000 rogue computers is not a huge number. Organised syndicates or loners with modest technical know-how and resources can harness millions of virus-infected machines they effectively control to add muscle to their efforts - from stealing money and identities to managing online corporate espionage or collapsing the infrastructure and function of a country's economy and government.
Kaspersky is CEO and founder of Kaspersky Lab, one of the world's top four anti-virus software companies and Europe's biggest. Worldwide, the software anti-virus industry is worth about $7-billion a year in profit for firms in the sector. His fortune is estimated at $800-million and Forbes rates him as Russia's 125th-richest person. He was in SA to talk to business executives and security experts about the rising cybercrime threat to business, governments and organisations of all types.
"There are literally millions of computer viruses in the wild," he says. "Last year alone we collected 20million of them. Most are variations on a theme and can be dealt with automatically in our labs. However, there are teams of experts at anti-virus organisations around the world that work against new threats round the clock. Once a virus is discovered, it can be reverse-engineered and countered with an antidote pretty quickly," says Kaspersky.
He worries about the ability of viruses, or malware (malicious software) to perform increasingly sophisticated and sinister attacks. Typically, these are denial of service (DOS) assaults using networks of computers infected by malware to bring down websites or online services by bombarding them with data. People who control these botnets can trigger a destructive payload at will.
The 2007 Estonian attack showed a botnet with enough resources could shut down banks, government departments, education networks, the media - just about any organisation with an online presence.
DOS attacks are just one aspect of the destructiveness of modern malware. Malware can also help with identity theft and data theft. The damage can be devastating.
"Estimates put the cost to business of cybercrime at anything between $100-billion to $1-trillion," he says . "One of the reasons it's so hard to put a figure on it is organisations that have been compromised are reluctant to talk about it."
Another is they don't know about it. Data theft is big business but differs from other forms of pilfering in that the original data stays where it is while a copy is spirited away, often undetected, via the ether.
"Some businesses are aware and active in countering virus attacks. Banks, for example, now build losses from cybercrime into the cost of doing business - they have a budget for it which includes defending against it and compensating for it when breaches occur. Computer viruses have permeated every part of society," he says.
In August 2008, a Spanair airliner crashed just after taking off from Madrid. It was that year's deadliest aviation accident and 154 people died.
Kaspersky says the airline found the computer system used to monitor aircraft technical problems was infected with malware that probably prevented detection of a system failure.
Last year marked the appearance of the Stuxnet virus, a virus so complicated to produce and dispatch it was probably at least partly the work of, or funded by, a nation state. Speculation is Stuxnet's purpose was to sabotage an Iranian nuclear reactor, although it can damage a variety of industrial systems.
Computer viruses have come a long way since the first, written in 1982 by US schoolboy Rich Skrenta, 15. Called Elk Cloner and written for early Apple II systems, it replicated itself on floppy disks and displayed a poem, sometimes corrupting disks it infected.
Brain was the first virus to infect IBM PCs and was released in 1986. It was written by two Pakistani brothers and distributed with their medical software to prevent piracy. It replicated itself and slowed systems.
The advent of the commercial internet in the early 1990s provided the ideal vehicle to spread viruses.
More advanced techniques used by virus writers meant they could be used to do anything from data theft and identity fraud to corporate espionage, blackmail and extortion.
Kaspersky says a Swedish bank was attacked in February and the remote access Trojan fooled operators into thinking that the screens they were monitoring had been frozen by a Windows blue screen computer error.
"The first rule when this happens is don't touch anything. They didn't. But the machine wasn't frozen, the virus had generated the blue screen and was diverting funds in the background from a perfectly functioning system that the operators thought wasn't working.
"Now malware writers are using social networks like Facebook and Twitter to spread their work." Organisations were threatened from within by disgruntled staff or criminals as shown by malware found on organisations' computers not connected to the internet.
Kaspersky says the computer virus threat is on the rise and inadequately protected businesses are vulnerable.
"Cybercrime is an industry now. Governments are finding it difficult to fight it because any laws they make regarding cybercrime are difficult if not impossible to enforce in the online world where attacks may come from networks made up of computers in different countries.
"Even on home soil, laws are difficult to keep relevant as the nature of attacks change. And in Japan, for example, there's simply no law against writing computer viruses.
"Lack of understanding the real threat of viruses is a dangerous game for businesses and organisations of all sizes to play," he says.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search