Posts tagged “Malware”

Clean up begins after massive website attack

“The Lizamoon attack was first detected by security firm Websense on 29 March and initially the rogue domains were only showing up on about 28,000 websites.

However, as Websense began tracking Lizamoon the sheer scale of the attack became apparent. By late on 3 April, Google was reporting that more than four million webpages were showing links to the domains involved in the attack.”

From BBC News

The RSA Hack: How They Did It

“How did a hacker manage to infiltrate one of the world’s top computer-security companies? And could the data that was stolen be used to impair its SecurID products, which are used by 40 million businesses that are trying to keep their own networks safe from intruders?

In the attack on RSA, the attacker sent “phishing” e-mails with the subject line “2011 Recruitment Plan” to two small groups of employees over the course of two days. Unfortunately, one was interested enough to retrieve one of these messages from his or her junk mail and open the attached Excel file. The spreadsheet contained malware that used a previously unknown, or “zero-day,” flaw in Adobe’s Flash software to install a backdoor. RSA said that Adobe had since released a patch to fix that hole.”

From The New York Times

Microsoft helps take down spam e-mail network

“Microsoft Corp. claimed credit Thursday for taking down one of the biggest producers of spam e-mail in a joint effort with federal authorities across the United States.

The world’s biggest software company said its legal action against the operator of the Rustock ‘botnet’ – or network of infected computers programmed to send spam e-mail – led to raids across the country Thursday which effectively shut the network down.

Microsoft thinks there may be a million computers infected with Rustock malware, sending out as many as 30 billion spam e-mails per day, without their users’ knowledge.”

From The Globe and Mail

How safe is your smartphone?

“Smartphones are getting pretty clever these days but it is unlikely they will outwit the cybercriminals as fraudsters increasingly go mobile.

Last week Android Market, the shop front for applications aimed at Android smartphones, was hit by around 60 malicious apps.

It is thought that they did little real damage other than to Android’s reputation, but the incident put the issue of mobile security back in the headlines.”

From BBC News

Iran launches cyber attack on ‘enemies’ of state: report

“Iranian hackers working for the powerful Revolutionary Guard’s paramilitary Basij group have launched attacks on websites of the “enemies,” a state-owned newspaper reported Monday in a rare acknowledgment from Iran that it’s involved in cyber warfare.

The report followed an announcement in January that Iran had formed its first cyber police unit in an attempt by authorities to gain an edge in the digital world.”

From The Globe and Mail

Threats to Traveling Data

“With small and fast laptops, powerful smartphones, tablets and readily available Wi-Fi, working on the road — on planes, in airports and hotel rooms — has never been easier. But security experts say these conveniences also make the offices away from home more vulnerable to serious security threats.

Laptops and mobile devices have numerous vulnerabilities, starting with loss and theft. McAfee, a security technology company, also noted, in a report last month, a 46 percent increase in the amount of malware created for mobile devices from 2009 to 2010. To limit exposure of particularly sensitive information, some companies switch mobile devices when employees travel, Mr. McIndoe said. “Older versions could be more vulnerable,” he said, as criminals have had time to learn how to hack them. And criminal access to mobile networks may be easier in certain foreign countries, because of lax security and corruption.”

From The New York Times


“So Google released a security solution to deal with the mess that Trojan:Android/DroidDream.A created in the last few days.

A trojanized version of the tool has also emerged (we detect it as Trojan:Android/Bgserv.A). Interesting preliminary analysis of the trojan is available in Symantec’s blog.”

From F-Secure

Dear ISP, it’s time to quarantine your malware-infected customers

“Are you infected with malware, that is unknowingly wasting your bandwidth to spread more malware/spam and phishing attacks, in fact even host the majority of these?

In a perfect world, you will not just get a notification from your ISP about your participation in a botnet, you may easily get “quarantined” until you meet certain “security awareness” requirements combined with proof that you’re no longer infected.

What’s the current international attitude towards this approach? What are the pros and cons of such an action taking into consideration? What do key security experts and cybercrime fighters think about it? Let’s find out.”

From ZDNet

Egypt, FinFisher Intrusion Tools and Ethics

“There’s unrest in Egypt, Tunisia, Libya, Bahrain and elsewhere in the Arab world.

Two days ago, protesters in Nasr, Egypt took over the Headquarters of the Egyptian State Security.

Inside the HQ, the protesters gained access to loads of confidential state documents.”

From F-Secure

DDoS Attack Aims Korean Website

“DDoS(Distributed Denial of Service) attack is now on Korean websites including government webpages. We’re on emergency response with our all resources including ASEC and CERT, providing emergency antivirus solution.

This case is very similar to DDoS attack on July 7, 2009 which hit all over Korea. Identified malicious codes are as below: ntcm63.dll, SBUpdate.exe, ntds50.dll, watcsvc.dll, soetsvc.dll, mopxsvc.dll, SBUpdate.exe

AhnLab predicted that there is strong possibility of occuring one more time on 18:00 today in Korean Time.”

From Ahnlab Security Blog