Posts tagged “Malware”

New Data Stealing Trojan For Android Has Botnet Capabilities

“Security researchers say they have discovered a new Trojan horse program that targets mobile phones running Google’s Android operating system that may be the first to attempt to create a so-called ‘botnet’ of infected mobile devices.

The new malware, dubbed ‘Geinimi’ raises the bar on mobile malware, according to a post on the blog of mobile phone security firm Lookout Security. The malware, which has not been detected outside of China, is being packaged with repackaged versions of popular Android applications and pushed through unregulated, third party application exchanges, Lookout said.”

From Threat Post

Is the idea of a safe, global Internet in jeopardy?

What kind of threats does the global Internet face today? CTV News engages Professor Ron Deibert, Director of The Canada Centre for Global Security Studies and The Citizen Lab on the highly profitable and political world of cyber crime and and cyberwar.

From CTV News

The Next Battlefield

The Citizen Lab and the Information Warfare Monitor are featured in the December 2010 issue of Sharp Magazine. The dynamic emergence of information warfare and cyber espionage are up for examination in this investigative piece which refers to Information Warfare Monitor reports such as “Breaching Trust” and “Shadows in the Cloud” and includes interviews with Citizen Lab researchers.

From Sharp Magazine

Stuxnet computer virus ‘in hands of criminal gangs’

“The Stuxnet worm first came to the attention of security experts in June, who believe it may have been designed to target critical infrastructures and computer systems, such as sanitation plants and food distribution networks.

The virus is thought to have been used to disrupt Iran’s nuclear power stations. However, Government sources denied reports on Sky News that there was evidence the virus had already been obtained by criminals.”

From The Telegraph

Worm Was Perfect for Sabotaging Centrifuges

“Experts dissecting the computer worm suspected of being aimed at Iran’s nuclear program have determined that it was precisely calibrated in a way that could send nuclear centrifuges wildly out of control.

Their conclusion, while not definitive, begins to clear some of the fog around the Stuxnet worm, a malicious program detected earlier this year on computers, primarily in Iran but also India, Indonesia and other countries.

From The New York Times

Attacker That Sharpened Facebook’s Defenses

The cyber security spotlight is currently on the Koobface worm. Koobface is a malicious software that infects the computers of Facebook users by exploiting the website’s vulnerable social network interactions. The joint Citizen Lab and Sec Dev research group, Information Warfare Monitor, has just published a report on the malware network entitled “Koobface: Inside a Crimeware Network”. Citing the Information Warfare Monitor researchers Rafal Rohozinski, Ron Deibert and Nart Villeneuve, The New York Times discusses the lack of law enforcement protocol required to press charges on malware creators. The article also features what steps Facebook is taking to mitigate the malicious effects of Koobface.

From The New York Times

Tracking Koobface: The untouchable hackers of St. Petersburg

Ron Deibert and Rafal Rohozinski, principal investigators of the Information Warfare Monitor, have co-authored an op-ed in the Globe and Mail. The researchers explore Koobface: a crimeware network that thrives on popular social-networking Web sites such as Facebook. Deibert and Rohozinski discuss the global policy complications of cybercrime.

Zeus Attackers Deploy Honeypot Against Researchers, Competitors

“Attackers turned the tables on both their competitors and researchers investigating a recent Zeus attack, which targeted quarterly federal tax payers who file electronically, by feeding them a phony administrative panel with fake statistics.

The massive and relatively sophisticated spam campaign last month posed as email alerts to victims, notifying them that their electronic federal tax payments had failed and sending them to a link that both infects the victim with the Zeus Trojan and sends victims to the legitimate Treasury Department website,, for filing quarterly taxes.”

From Dark Reading

Command and Control in the Cloud

“In “Shadows in the Cloud: An investigation into cyber espionage 2.0” my co-authors and I analyzed the command and control infrastructure of a network that extracted secret, confidential and restricted documents from the Indian government and military. The Shadow Network used a complex and tiered command and control infrastructure that leveraged Twitter, Google Groups, Blogspot, Baidu Blogs, and Yahoo! Mail in order to maintain persistent control over the compromised computers. As we noted in the report, the use of these services as elements of command and control is certainly not new.”

From Nart Villeneuve

Old Threats are Current Threats

The Pinch Trojan is a type of malware that has infected thousands of web users. The malware has a capacity to bypass antivirus software and acquire user passwords, credit card information and more. Although legal action occurred in 2007, Pinch Trojan is still operating today, typically being bundled with other malware software. Pinch Trojan software is the subject of the recent Information Warfare Monitor blog published by Nart Villeneuve, Chief Research Officer for SecDev.cyber and senior research fellow at the Citizen Lab. Nart Villeneuve demonstrates that older malware continues to persist. Recently, the Pinch Trojan has acquired data from over 26,308 IP addresses, including victims such as the Ministry of Foreign Affairs of the People’s Republic of China.

Read Nart Villeneuve’s blog from the Information Warfare Monitor