“Attackers turned the tables on both their competitors and researchers investigating a recent Zeus attack, which targeted quarterly federal tax payers who file electronically, by feeding them a phony administrative panel with fake statistics.
The massive and relatively sophisticated spam campaign last month posed as email alerts to victims, notifying them that their electronic federal tax payments had failed and sending them to a link that both infects the victim with the Zeus Trojan and sends victims to the legitimate Treasury Department website, eftps.gov, for filing quarterly taxes.”
From Dark Reading
Posts tagged “Malware”
“In “Shadows in the Cloud: An investigation into cyber espionage 2.0” my co-authors and I analyzed the command and control infrastructure of a network that extracted secret, confidential and restricted documents from the Indian government and military. The Shadow Network used a complex and tiered command and control infrastructure that leveraged Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo! Mail in order to maintain persistent control over the compromised computers. As we noted in the report, the use of these services as elements of command and control is certainly not new.”
From Nart Villeneuve
The Pinch Trojan is a type of malware that has infected thousands of web users. The malware has a capacity to bypass antivirus software and acquire user passwords, credit card information and more. Although legal action occurred in 2007, Pinch Trojan is still operating today, typically being bundled with other malware software. Pinch Trojan software is the subject of the recent Information Warfare Monitor blog published by Nart Villeneuve, Chief Research Officer for SecDev.cyber and senior research fellow at the Citizen Lab. Nart Villeneuve demonstrates that older malware continues to persist. Recently, the Pinch Trojan has acquired data from over 26,308 IP addresses, including victims such as the Ministry of Foreign Affairs of the People’s Republic of China.
Read Nart Villeneuve’s blog from the Information Warfare Monitor
In this New York Times Room for Debate discussion, Professor Ron Deibert comments on the Twitter worm and speaks to additional cybersecurity concerns connected to the emerging climate of criminal and political espionage in cyberspace.
“Malware attacks are worming their way into enterprises via USB devices.
According to Pandalabs there has been a marked increase in the use of USB devices in offices, which correlates with an increase in malware attacks that exploit them.
Pandalabs conducted a survey among small and medium sized businesses in the UK, Latin America and North America, which revealed that almost half of all businesses had been infected by a worm in the last year, with a third of these spreading via USB devices.”
From the Inquirer
“DUBAI: India features among the countries where malware spam, or anything that comes with a virus or Trojan attachment urging you to visit an infected website, is the most popular, a new report has said.
According to the McAfee Threats Report, which was simultaneously released here, Colombia, South Korea, Russia and Vietnam are the other countries in this category.
Argentina had the most variety in spam, with 16 different topic areas, ranging from drugs to lonely women to diplomas. Italy came in with the least variety, with just six types of spam, it said.
The report uncovered that malware has reached its highest levels, making the first six months of 2010 the most active half-year ever for total malware production.”
From The Economic Times
“McAfee Inc., the No. 2 security software maker, said production of software code known as malware, which can harm computers and steal user passwords, reached a new high in the first six months of 2010.
“We do not want to overstate this threat. But it serves as a reminder that in this age of cybercrime, data theft and identity theft users of all operating systems and devices must take precautions,” McAfee said.”
From The Globe and Mail
Villeneuve points out that McAfee has been most vocal about how the hackers accessed their victims’ networks, moved between servers and planted hidden software. Damballa, meanwhile, says it has focused on the spyware samples themselves and the so-called “command and control” servers that the software communicated with to receive orders and steal data.
“When these researchers argue about whether the hackers are sophisticated or not sophisticated, they’re looking at different pieces of the puzzle,” says Villeneuve. “The truth is that no one’s providing enough detail to make any kind of complete comparison or analysis possible.”
The data about Aurora has always felt just a little off for me. Maybe its that everyone writing about it just has their own piece of the puzzle to analyse, without the detail required to accurately link the pieces together.
When it comes to the command and control infrastructure, maybe it’s that some obfuscated the domain names while others published them, but with a domain on the blog post that’s not in technical write up. Maybe it is that some have significantly bigger lists than others (that include duplicates as well as the root domain for a dynamic dns provider that hands out sub-domains).
From Nart Villeneuve
A Canadian company has helped dismantle a massive computer-infiltration ring that infected more than 15 million computers around the world – including systems within Canadian banks and the federal government.
Spanish police have arrested three people charged with running a botnet – a program that infects and partly takes over victims’ computers – that spanned some 190 countries. Not only is the botnet (named Mariposa, Spanish for butterfly) one of the largest of its kind, the software’s operators appeared to target government and corporate computers, stealing huge amounts of sensitive data.
From The Globe and Mail