Malware

Posts tagged “Malware”

Blackhole exploit posted on US Postal Service site

“The US Postal Service has pulled down a site hosting malicious code that was earlier used in a sophisticated multi-stage attack featuring the Blackhole Exploit kit.

The infected site – http://ribbs.usps.gov – which is involved in the delivery of USPS’s business mail-focused barcode-based Intelligent Mail services – was infiltrated with malicious JavaScript. This malicious script redirected through a relay of other sites to an attack portal.

The drive-by download attack was ultimately aimed at using software vulnerabilities to install Trojans onto the machines of surfers visiting the particular USPS domain the miscreants managed to compromise.”

From The Register

Internet Security Threat Report: Mobile Attacks on the Rise

“Every day cybercriminals and hackers are launching increasingly sophisticated, targeted attacks. In its Internet Security Threat Report, Volume 16, Symantec Corp. finds that, in addition to an increase in targeted enterprise attacks, mobile attacks are on the rise and hackers are increasingly using Java as a way into your network. Symantec identified more than 286 million new threats in its report, chronicling incidents between Jan. 1, 2010 and Dec. 31, 2010.

“While we didn’t see the number of attacks this year really grow, what we did see was a 93% increase in the number of web-based attacks. People tend to think of attachments in email, and if you click on that attachment, you’re going to get infected, but the real growth area, where they’re moving, is into Web sites,” says Kevin Haley, director at Symantec Security Response.”

From CIO Insight

Popular open source DHCP program open to hack attacks

“The makers of the internet’s most popular open source DHCP program have warned that it’s vulnerable to hacks that allow attackers to remotely execute malicious code on underlying machines.

The flaw, which is present in Internet Systems Consortium’s DHCP versions prior to 3.1-ESV-R1, 4.1-ESV-R2, and 4.2.1-P1, stems from the program’s failure to block commands that contain certain meta-characters. The vulnerability makes it possible for rogue servers on a targeted network to remotely execute malicious code on the client, the non-profit ISC warned on Tuesday.”

From The Register

Clean up begins after massive website attack

“The Lizamoon attack was first detected by security firm Websense on 29 March and initially the rogue domains were only showing up on about 28,000 websites.

However, as Websense began tracking Lizamoon the sheer scale of the attack became apparent. By late on 3 April, Google was reporting that more than four million webpages were showing links to the domains involved in the attack.”

From BBC News

The RSA Hack: How They Did It

“How did a hacker manage to infiltrate one of the world’s top computer-security companies? And could the data that was stolen be used to impair its SecurID products, which are used by 40 million businesses that are trying to keep their own networks safe from intruders?

In the attack on RSA, the attacker sent “phishing” e-mails with the subject line “2011 Recruitment Plan” to two small groups of employees over the course of two days. Unfortunately, one was interested enough to retrieve one of these messages from his or her junk mail and open the attached Excel file. The spreadsheet contained malware that used a previously unknown, or “zero-day,” flaw in Adobe’s Flash software to install a backdoor. RSA said that Adobe had since released a patch to fix that hole.”

From The New York Times

Microsoft helps take down spam e-mail network

“Microsoft Corp. claimed credit Thursday for taking down one of the biggest producers of spam e-mail in a joint effort with federal authorities across the United States.

The world’s biggest software company said its legal action against the operator of the Rustock ‘botnet’ – or network of infected computers programmed to send spam e-mail – led to raids across the country Thursday which effectively shut the network down.

Microsoft thinks there may be a million computers infected with Rustock malware, sending out as many as 30 billion spam e-mails per day, without their users’ knowledge.”

From The Globe and Mail

How safe is your smartphone?

“Smartphones are getting pretty clever these days but it is unlikely they will outwit the cybercriminals as fraudsters increasingly go mobile.

Last week Android Market, the shop front for applications aimed at Android smartphones, was hit by around 60 malicious apps.

It is thought that they did little real damage other than to Android’s reputation, but the incident put the issue of mobile security back in the headlines.”

From BBC News

Iran launches cyber attack on ‘enemies’ of state: report

“Iranian hackers working for the powerful Revolutionary Guard’s paramilitary Basij group have launched attacks on websites of the “enemies,” a state-owned newspaper reported Monday in a rare acknowledgment from Iran that it’s involved in cyber warfare.

The report followed an announcement in January that Iran had formed its first cyber police unit in an attempt by authorities to gain an edge in the digital world.”

From The Globe and Mail

Threats to Traveling Data

“With small and fast laptops, powerful smartphones, tablets and readily available Wi-Fi, working on the road — on planes, in airports and hotel rooms — has never been easier. But security experts say these conveniences also make the offices away from home more vulnerable to serious security threats.

Laptops and mobile devices have numerous vulnerabilities, starting with loss and theft. McAfee, a security technology company, also noted, in a report last month, a 46 percent increase in the amount of malware created for mobile devices from 2009 to 2010. To limit exposure of particularly sensitive information, some companies switch mobile devices when employees travel, Mr. McIndoe said. “Older versions could be more vulnerable,” he said, as criminals have had time to learn how to hack them. And criminal access to mobile networks may be easier in certain foreign countries, because of lax security and corruption.”

From The New York Times

Trojan:Android/BgServ.A

“So Google released a security solution to deal with the mess that Trojan:Android/DroidDream.A created in the last few days.

A trojanized version of the tool has also emerged (we detect it as Trojan:Android/Bgserv.A). Interesting preliminary analysis of the trojan is available in Symantec’s blog.”

From F-Secure