Malware

Posts tagged “Malware”

Dear ISP, it’s time to quarantine your malware-infected customers

“Are you infected with malware, that is unknowingly wasting your bandwidth to spread more malware/spam and phishing attacks, in fact even host the majority of these?

In a perfect world, you will not just get a notification from your ISP about your participation in a botnet, you may easily get “quarantined” until you meet certain “security awareness” requirements combined with proof that you’re no longer infected.

What’s the current international attitude towards this approach? What are the pros and cons of such an action taking into consideration? What do key security experts and cybercrime fighters think about it? Let’s find out.”

From ZDNet

Egypt, FinFisher Intrusion Tools and Ethics

“There’s unrest in Egypt, Tunisia, Libya, Bahrain and elsewhere in the Arab world.

Two days ago, protesters in Nasr, Egypt took over the Headquarters of the Egyptian State Security.

Inside the HQ, the protesters gained access to loads of confidential state documents.”

From F-Secure

DDoS Attack Aims Korean Website

“DDoS(Distributed Denial of Service) attack is now on Korean websites including government webpages. We’re on emergency response with our all resources including ASEC and CERT, providing emergency antivirus solution.

This case is very similar to DDoS attack on July 7, 2009 which hit all over Korea. Identified malicious codes are as below: ntcm63.dll, SBUpdate.exe, ntds50.dll, watcsvc.dll, soetsvc.dll, mopxsvc.dll, SBUpdate.exe

AhnLab predicted that there is strong possibility of occuring one more time on 18:00 today in Korean Time.”

From Ahnlab Security Blog

US and Israel were behind Stuxnet claims researcher

“Israel and the United States created the Stuxnet worm to sabotage Iran’s nuclear programme, a leading security expert has claimed.

Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian bomb.

Mr Langner was one of the first researchers to show how Stuxnet could take control of industrial equipment.

It is widely believed that its target was machinery used to enrich uranium.”

From BBC News

Viruses next big threat to smart phones

“Virus experts are warning that the next big security threat is on mobile phones and that the attacks have begun in earnest.

For months, security researchers have been tracking how hackers were trying to take their exploits to a new platform and infect smart phones with malware that could remotely control the devices.

Earlier this week, Symantec released a report about the spread of an infected app called “Steamy Windows” on Google’s Android platform. Unknown hackers created a copycat version of the app, secretly loaded it with malicious commands, and released it to the web on unofficial app download sites.”

From The Globe and Mail

More than 50 Android apps found infected with rootkit malware

“More than 50 applications on Google’s Android Market have been discovered to be infected with malware called ‘DroidDream’ which can compromise personal data by taking over the user’s device, and have been ‘suspended from the store.

Google removed the apps from the Market immediately on being alerted, but it is not clear whether it has removed them from devices to which they have been downloaded. As many as 200,000 Android devices could have been infected.”

From The Guardian

HBGary emails out Morgan Stanley as Aurora victim

“Chinese hackers that attacked systems at Google and Adobe also infiltrated global financial services firm Morgan Stanley, according to internal emails stolen from HBGary, a security firm that was working with the bank.

In the emails, made public earlier this month by the activist hacker group Anonymous following a vengeful hack, an HBGary researcher said Morgan Stanley provided him details of the attack but asked that the information be kept secret.”

From SC Magazine

London Stock Exchange site shows malicious adverts

“Booby-trapped adverts that hit visitors with fake security software have been discovered on the London Stock Exchange (LSE) website.

Analysis of the LSE site suggests that over the last 90 days, about 363 pages had hosted malware.

The LSE said its site was now safe and an investigation showed that ads provided by a third party were the culprit.”

From BBC News

Cyber criminals find new targets on unsuspecting sites

“The proportion of websites secretly harbouring malware has reached one in 3,000 according to security firm Kaspersky.

It found a surge in the number of web-based attacks in 2010, with more than 580 million incidents detected.

Risk was no longer focused on sites with illegal content, such as pirate films and music. Instead, criminals were increasingly using legitimate websites, such as shopping and online gaming.”

From BBC News

Attacks on the Press 2010: Internet Analysis

“For the past decade, those who used the Internet to report the news might have assumed that the technological edge was in their favor. But online journalists now face more than just the standard risks to those working in dangerous conditions. They find themselves victims of new attacks unique to the new medium.

Ronald Deibert and Nart Villeneuve of the University of Toronto’s Citizen Lab, in partnership with computer security consultants at the SecDev Group, have conducted some of the most detailed postmortems of online attacks on the press, including the malware sent to Chinese foreign correspondents, and a forthcoming examination of Burma’s DDOS incidents. Their academic work firmly states that they cannot connect such events directly to the Chinese or Burmese states. Deibert says the evidence they have collected does show, however, that both attacks utilized techniques and strategies common to petty cyber-criminals, including individual “hackers” who work simply for the thrill of bringing down a highly visible, but vulnerable target.”

From Committee to Protect Journalists