Saturday, January 28, 2012
Web threats: trends and statistics
One of the question I often get asked is “What is the most prevalent threat on the Internet for the enterprises?”. In terms of the total number of transactions, botnets are the biggest security risk. Once a host gets infected, the botnet usually spreads quickly within an enterprise. It also generates a significant amount of [...] See More..
Angry birds scam emails catapult into inboxes worldwide
What did we do before Angry Birds? (Halo, Tetris and Rubik’s cube I guess). Angry Birds has become the benchmark by which any serious operating system is now judged (“no it doesn’t support email but Angry Birds will work on it”). This sort of popularity is guaranteed to make anything a useful vehicle for spam, [...] See More..
New Year’s Wishes – with side order of data harvesting
It’s almost end 2011. What with Christmas recently passed, and New Year coming up, there’s naturally a lot of well wishes and holiday greetings being messaged around. Looks like someone’s decided to join in (a little late) – and also do a bit of data harvesting at the same time. Spyware:Android/AdBoo.A appears to be one [...] See More..
Malicious Password-protected Documents used in Targeted Attacks
Recently, we discovered malware in the wild in the form of document files, such as PDF and Word, using password protection. The malware are used as attachments in email in limited, targeted attacks. Passwords for document files are commonly used to prevent unauthorized access to the files by encrypting them with passwords. However, attackers are [...] See More..
Android malware: new traps for users
There is no secret that cybercriminals try to intimidate users very often in order to infect their machines. We’ve seen a lot of examples of cybercriminals using black SEO for redirecting users to web pages which emulate AV scanning. And there is no surprise that the results of such ‘scanning’ show that the user’s machine [...] See More..
Tuesday, January 24, 2012
“Your Changelog UPDATED” / cjredret.ru
Another spam, another “redret” domain. This time the spam is a “changelog” one, the malicious payload is on cjredret.ru/main.php. Date: Thu, 29 Dec 2011 07:59:51 +0200 From: accounting@victimdomain.com Subject: Re: Fwd: Your Changelog UPDATED Hello, as promised chnglog updated -: View Changelog Carey CATHERINE The site is hosted on 91.222.137.170 (Delta-X, Ukraine), See More..
440,783 “Silent SMS” Used to Track German Suspects in 2010
The 28th Chaos Communication Congress (28C3) is currently underway in Berlin and on Tuesday, researcher Karsten Nohl gave a presentation called: Defending mobile phones. If you have an hour, it’s worth watching. Initial press reports focused on Nohl’s revelation that hackers can potentially sniff numerous phone IDs and network authentications from an advantageous point, and [...] See More..
Stratfor hack – lessons learned
Recently we noted that unencrypted credit card storage was on the rise in 2011, and also highlighted the expense involved to the company in the event of a credit card breach. Now we see personal data – including unencrypted credit card information – being paraded out as a part of the recent Stratfor hack. Also, [...] See More..
HMRC phishing scam promises end of year refund
Emails are currently circulating that purport to be sent by the UK tax organization HM Revenue & Customs (HMRC). These e-mails claim that the recipient is eligible to receive a tax refund and that he or she must download an attached file and open it in a browser. The scam e-mail reads in part: TAX [...] See More..
Samoa moves to the other side of the world – and misses a day!
Regular readers of Naked Security will know that I have some strong feelings about timestamps in logfiles. In particular, the ambiguities created by logfiles based on local time – which is subject to local timezone regulations and changes – can work against your security interests. Here’s one reason why: "..Don't let year-ends, timezones, daylight saving [...] See More..
Sunday, January 22, 2012
SOPA bytes GoDaddy’s business, and it will hurt you too.
SOPA as currently constructed can never work as intended. I'm not going to get into the reasons we don't like it because of its oppressive implications or because it is against our first amendment rights nor for any other reason (there's been so much other commentary on those issues that it would be superfluous). I [...] See More..
Most Wi-Fi routers susceptible to hacking through security feature
Stefan Viehbock, an independent security researcher, published a paper on Boxing Day titled “Brute forcing Wi-Fi Protected Setup” to his WordPress blog disclosing a weakness in the configuration of most consumer/SoHo Wi-Fi routers. As we all know the state of security for most home Wi-Fi networks was nearly non-existent only a few years ago. This [...] See More..
Microsoft Releases Out of Band Update Before Year Ends
Microsoft has released an advisory alerting its users about a critical vulnerability in ASP.NET (CVE-2011-3414). An attacker could potentially bring down a server (Denial of Service) with specially crafted requests. Given that all versions of ASP.NET are vulnerable, its exposure is pretty big. This advisory was in response to a public advisory presented in the [...] See More..
Networked Printers at Risk
Multifunction printers (MFPs) have been common in offices for years. They let employees print, scan, and copy documents. Two separate talks at the 28th Chaos Communications Congress (28c3) show how attackers can infect these trusted office devices. Hacking MFPs In Andrei Costin’s presentation “Hacking MFPs,” he covered the history of printer and copier hacks from [...] See More..
Top 10 Malware Families of 2011
Today is the last day of the year and the right time to list out the top 10 Malwares of this year. Below list is based on our report which is generated from the automated feedback that we collect from Quick Heal installations across India. Top 10 Malware Families of 2011 . W32.Autorun.Gen: Autorun worms [...] See More..
Wednesday, January 18, 2012
Top 10 Malware Families (Mobile) of 2011
Today is the last day of the year and the right time to list out the top 10 Android Malware of this year. Below list is based on our report which is generated from the automated feedback that we collect from Quick Heal installations across India. Top 10 Malware Families (Mobile) of 2011 .Android.Lotoor.A: A [...] See More..
Chaos Congress Peers Into Mobile Security, Protocols
I heard a number of interesting mobile-related talks at the 28th Chaos Communications Congress (28c3) this week. Not every talk at the Congress was about newly discovered bugs or zero-day exploits; sometimes we got the building blocks necessary to better understand systems and increase security. I enjoyed key presentations on reverse-engineering USB 3G data sticks [...] See More..
Calculating a SSH Fingerprint From a (Cisco) Public Key
I’m sure some of you verify SSH fingerprints before you use a SSH server for the first time. You obtain the fingerprint via another channel, and you compare it with the fingerprint your SSH client presents you.But have you done this with Cisco devices too? Recently I tried to obtain the SSH fingerprint of a [...] See More..
Microsoft has released an out-of-band bulletin MS11-100
Microsoft has released an out-of-band bulletin MS11-100 addressing four vulnerabilities. The bulletin is rated by Microsoft as critical, and the vulnerabilities are listed as below: – Collisions in HashTable May Cause DoS Vulnerability (CVE-2011-3414) – Insecure Redirect in .NET Form Authentication Vulnerability (CVE-2011-3415) – ASP.Net Forms Authentication Bypass Vulnerability (CVE-2011-3416) – ASP.NET Forms Authentication Ticket [...] See More..
2011 in Review: Mobile Malware
2011 was a banner year for the Android operating system – as well as for Android malware. The increasing number of Android users made it profitable for attackers to go after them in full force, as we’ve been saying all year long.Where are the threats coming from?Many of these threats arrive via third-party app stores, [...] See More..
Bootkit Threat Evolution in 2011
The year 2011 could be referred to as a year of growth in complex threats. Over the course of this year we witnessed an increase in the number of threats targeting the Microsoft Windows 64-bit platform, and bootkits in particular. Here is a self-explanatory diagram depicting the evolution of bootkit threats over time: And [...] See More..
McDonald’s Gift Card Spam on Twitter
We recently found Twitter spam touting “gift cards” at the tail-end of the gift-giving season. In this run, Twitter users are lured into clicking a shortened URL with the strings “#mcdonalds gift card.” McDonald’s is a globally well-known fast food chain that, like many other establishments, do offer certificates and vouchers for patrons who would [...] See More..
BuzzMania – ClickJacking / LikeJacking spam on Facebook!
When logging into Facebook this morning I saw that many of my friends posted a link to a video on their wall, and also everyone liked the link. The video was of a girl with a nice butt and it had the title “Laura Frisian: the most beautiful ass in the world!”, it was pretty [...] See More..
Walmart gift card survey spam spread via Twitter, with a twist of Geordie Shore
Are Walmart and Ikea *really* giving away gift cards via Twitter? And, if so, would they want you to vote for your favourite character from a low-brow reality TV show? Naked Security has written many times about the problem of gift voucher scams being spread on Facebook. Messages are posted claiming to offer gift cards [...] See More..
Fake Wendi Deng Murdoch makes mockery of Twitter verified account process
A fake account, claiming to be run by Rupert Murdoch’s wife Wendi Deng, has made a mockery of Twitter’s “verified account” process. The @Wendi_Deng Twitter account, created shortly after media tycoon Rupert Murdoch joined the social network, has been bemusing Twitter users for the last few days and managed to earn a (much coveted) blue [...] See More..
Do you think like a German or a Pole?
Today we’ve been reading through a 208 page European Commission report called: Special Eurobarometer 359, Attitudes on Data Protection and Electronic Identity in the European Union (PDF). One thing is very clear. European attitudes on digital privacy and identity vary greatly by culture, and even adjoining countries have some interesting differences. Which country’s views most [...] See More..
Indian Cyberspace hit by Kim Jong-II Malware Mails!
It is observed that cybercriminals are using the name of the North Korean leader Kim Jong-II after his death, to target internet users. Attackers are achieving this by spamming malicious emails containing specially crafted pdf named “BriefintroductionofKim-Jong-il.pdf” This PDF file found to be exploiting CVE-2010-2883 and CVE-2010-3333 Vulnerabilities in Adobe Acrobat Reader. Once successfully exploited, [...] See More..
Web Hijacks with AJAX
Malware authors always seem to closely monitor trends in Web security development in order to create a variety of browser-based attacks. Just to name a few, techniques such as code obfuscation, plug-in detection and affiliate management are often used. This is why we, at M86 Security, weren’t surprised to see a malicious site which loads [...] See More..
2011 in Review: Exploits and Vulnerabilities
In recent years, we have seen client-side software heavily targeted by hackers in search of vulnerabilities. 2011 saw these threats become more complex and sophisticated. We saw attackers increasingly use zero-day vulnerabilities, some of which have been particularly critical. Examples of these include the vulnerability Duqu exploited (CVE-2011-3402); a Java vulnerability (CVE-2011-3544); or Adobe zero-day vulnerabilities, which [...] See More..
Why Japan’s search-and-destroy cyber weapon could be a very bad idea
According to media reports, the Japanese Defense Ministry has awarded Fujitsu a contract to develop a computer virus. No, it’s supposedly not for attacking the computers of other countries. At least, not yet. But it is apparently intended to help Japan counter internet attacks which have recently stolen data on fighter jets and nuclear plants, [...] See More..
WordPress 3.3 XSS Vulnerability Patched (3.3.1 Released)
We just learned of a reflected XSS vulnerability in WordPress 3.3 via the comments form (wp-comments.php). It is explained in detail here. The disclosed vulnerability can only be triggered via Internet Explorer according to the disclosing party, our tests lead to the same result. To further note, this is hard to reproduce because it does [...] See More..
Anonymous bullies Sony and Nintendo over SOPA support
Anonymous, which last week threatened to pulverize the Playstation Network because of Sony’s support for the proposed SOPA (Stop Online Piracy Act), backed off its consumer-irking belligerence and this week shifted to threatening just the executives and sites of Sony and Nintendo. Anonymous-or people purporting to be members of the group-last week uploaded a video [...] See More..
XSS flaw in WordPress 3.3 – How the smallest things make testing tough
A pair of Indian researchers disclosed a new cross-site scripting (XSS) vulnerability in WordPress 3.3 on Monday. Another researcher who goes by the name of ethicalhack3r decided to try to replicate their findings using the proof of concept (PoC) code that was posted to pastebin.com. He couldn’t seem to make it work, so he contacted [...] See More..
Profiling a Vendor of Visa/Mastercard Plastics and Holograms
What is it that cybercriminals needs once they have obtained access to stolen financial data? Next to money mules, that’s empty plastic cards in which they will later on embed the stolen financial data. Let’s profile a vendor of empty Visa/Mastercard plastic cards and holograms in order to gain a better picture at just how [...] See More..
Google serves ad for Adware/Spyware
Last year, we wrote about Bing and Yahoo! serving ads leading to malicious websites. This week, it was Google who inserted ads for adware/spyware. I found a suspicious ad in my Google Reader for a free FLV player. I’ve recently shown that this type of free software is regularly repackaged with adware/spyware for profit. The ad leads [...] See More..
Convicted murderer gets new trial after computer virus destroys data
It seems like the plot twist in a bad TV show – but it’s true. A computer virus infection has helped a convicted killer get a new trial. In July 2009, a Miami jury convicted Randy Chaviano, of Hialeah, Florida, of second degree murder. Many might have thought it was the end of story when, [...] See More..
Malware exploits death of North Korea’s Kim Jong-il
As expected, malware developers and scam artists have greeted the death of North Korea's dictatorial leader, Kim Jong-il, with Black Hat SEO and Social Engineering attacks. The Supreme Leader of the Democratic People's Republic of Korea suffered a heart attack on a train journey last month and a steady stream of schemes to exploit the [...] See More..
Researchers find many weak Stratfor passwords
Researchers studying the passwords exposed by the Christmas-day attack on the security firm Stratfor Global Intelligence say that many of the passwords have turned out to be “simple and easy to decode.” That assessment comes from Utah Valley University’s Kevin Young, area IT director and an adjunct professor who teaches information security. Using 120 computers, [...] See More..
Facebook’s timeline to fraud-a-geddon?
If you use Facebook you've probably heard of Timeline, a "new" feature that replaces the "traditional" profile page. However, you may be confused by Timeline–I know I am–and confusion could make you the target of a growing number of Timeline-related scams. As of January 3rd, the watchful folks at Inside Facebook were reporting 16 Timeline-related [...] See More..
48% of Facebook attacks are helped along by users – Commtouch Trend Report
Our latest Internet Threats Trend Report is now available. The report covers Web threats, phishing, malware, and spam. The January 2012 Internet Threats Trend Report and accompanying infographic present a comprehensive analysis of scores of malicious Facebook activities during the past year. The report investigates the three stages of Facebook attacks: 1) Social engineering tricks, [...] See More..
MyPermissions offers one-stop shop to clean up social media permissions
A new site, MyPermissions.org, makes it easy to herd a posse of wild cats – aka the hoard of applications and sites to which we’ve granted permission to access our information on Twitter, Facebook and more. MyPermissions doesn’t ask for your personal information or login details, thank goodness. Otherwise, it would be a phishing goldmine. [...] See More..
HP patches printer firmware flaw, but leaves customers guessing
There’s a serious security vulnerability on some HP LaserJet printers. The good news is that it’s been patched. The bad news is that you don’t know if your HP LaserJet printer needs the fix – because HP hasn’t told you. Late last year, owners of HP LaserJet printers were warned that their confidential data could [...] See More..
Cheap Professional DDoS Service
Now here’s something that you don’t see everyday, a YouTube video in which a young woman advertises DDoS services, with a smile. “Hello, Hackers.” The video links to a forum thread that lists the attacker’s rates: Just $2 per hour… Also, easy payment options. See More..
Phishers Celebrate Christmas with Fake Lottery Prizes and Gifts
Co-author: Avdhoot Patil Special occasions like Christmas have been a common ground for phishers to introduce new baits in their phishing sites. Last Christmas was no different and this time they used fake lottery prizes and gifts as baits. The phishing sites were hosted on free webhosting sites. In the first example, a phishing site [...] See More..
SpyEye bank Trojan hides its fraud footprint
This Christmas, banks were visited by the ghost of malware past: an ever nastier version of SpyEye that manages to hide fraudulent transactions from unsuspecting victims. Security vendor Trusteer last year found SpyEye targeting transactions at major UK banks. SpyEye is a tweak of the Zeus crimeware kit that grabs web form data within browsers. [...] See More..
Adam Ant is NOT dead – despite what you may have read on the net
Messages have spread rapidly across Twitter and Facebook in the last few hours, claiming that the 1980s British popstar Adam Ant has died. According to the messages, the musician – who had hits with songs such as “Prince Charming” and “Stand and Deliver” – died from injuries he sustained in a jet ski accident on [...] See More..
Identifying IOS
Did you ever had to identify a Cisco IOS image when you couldn’t rely on the filename?Look for strings starting with CW_ between strings CW_BEGIN and CW_END in the image file, for example like this:You will find strings like CW_IMAGE, CW_FAMILY, CW_FEATURE, CW_VERSION, CW_MEDIA, CW_SYSDESCR and CW_MAGIC between strings CW_BEGIN and CW_END.In this example, the [...] See More..
Symantec’s Norton AntiVirus source code exposed by hackers
Symantec, the makers of Norton AntiVirus, has confirmed that a hacking group has gained access to some of the security product’s source code. An Indian hacking group, calling itself the Lords of Dharmaraja, has threatened to publicly disclose the source code on the internet. So far, there have been two claims related to Symantec’s source [...] See More..
“Elavon 2012 Update” phish
Elavon deals with payment processing. This email is not from Evalon. From: “Elavon, Inc.” [sobolan@myvirtualmerchan-02.com] Date:Fri, 06 Jan 2012 16:09:48 +0100 Subject: Urgent-Notification –Elavon 2012 Update– Dear Customer, We regret to inform you that your retail merchant account is locked. To re-activate it please download the file attached to this e-mail and update your login [...] See More..
Could Apple power cables help you remember your passwords?
Have you ever forgotten the login password on your MacBook? Fortunately, there’s an option to receive a hint reminding you of what your password might have been. Which is terrific, unless – of course – someone else is able to work out your password from that hint. Someone like, for instance, the guy who has [...] See More..
Stolen Stratfor mailing list used to Rickroll customers… This time
If your email address was one of the thousands stolen from Stratfor and published by Anonymous you may have received an unusual email purporting to be from the CEO of the security firm this morning. The email proclaims to be an announcement from George Friedman about changes to Stratfor services, including making their premium content [...] See More..
Are you beta testing malware?
This post is part one of two. Popular games are often used by malware writers as social engineering bait as documented in previous blogs (“Dota Players Own3d” and “Keeping Kerrigan From Infection“). So, with a watchful eye for anything related to games used as an infection vector, we came across a couple of interesting files: [...] See More..
Expanding Black Holes
The big malware story for me over the last month is probably the surge in exploit kit sites hosting the “Blackhole” kit. (BTW, nice write-up last month on the kit on Imperva’s blog.) Bad Guys like exploit kits because they are a convenient way to leverage the work of multiple specialists — it’s nice to [...] See More..
Facebook: 95% 0f All People Cant even Watch This Video F0r More Than 20 Seconds
Variants of this malware have appeared on Facebook in the last few months. Today’s version of the attack starts with a friend’s post that looks something like this: The link takes clickers to a Blogspot page which has been very convincingly designed to look like a Facebook page with an embedded video player. (none of [...] See More..
28c3: Smart meter hacking can disclose which TV shows and movies you watch
At the 28th Chaos Computing Congress (28c3) hacker conference in Berlin, Germany researchers presented a talk titled “Smart Hacking for Privacy” where they looked into the privacy implications of “smart” electricity meters. In Germany consumers who wish to contract with independent smart meter providers are able to have one installed in their home via a [...] See More..
Airline ticket spam / ckredret.ru
Despite a whole pile of Redret malware spam at the end of the year, the past couple of weeks have been very quiet. However, a new campaign has started up directing visitors via a hacked legitimate site to ckredret.ru/main.php which is hosted on 203.170.193.102 (IDC Cyberworld, Thailand). See More..
Learning to Analyze Computer Viruses: Year Five
For the fifth year now we are arranging a course on malware (malicious software) analysis in co-operation with Aalto University in Helsinki, Finland. The first lecture is on January 18th by our Chief Research Officer, Mikko Hypponen. If you are studying at Aalto, we’d be glad to see you on the course! If you have [...] See More..
Android Permissions: For Apps or Ads?
An Android application package (APK) can include multiple modules; one or more of these modules may be an advertisement SDK. That’s pretty normal nowadays, as many Android developers currently use such modules to compensate for providing their products to users for free. So what happens if the app is clean, but the ad module is [...] See More..
FBI warns of new Zeus-based malware phishing scam
What’s the story?The FBI last week issued warning of a new phishing scam known as “Gameover”. Should the malware gain access to your PC, it can steal usernames, passwords and even circumvent user authentication on banking web pages.The FBI said it has seen an increase in the use of Gameover, which is an email phishing [...] See More..
Murder retrial ordered after court records destroyed by virus
A convicted murderer has had his appeal for a retrial granted after the record of his trial, stored by the court stenographer, was apparently destroyed by a malware infection.The convicted party, Randy Chaviano, 26, appealed against his 2009 conviction in a Florida court for shooting Charles Acosta during an alleged drug deal and when the [...] See More..
Unlock Your Phone’s Hidden Features!… Not.
Yesterday, we stumbled across this ad from an Android-related site:Clicking this led to a malicious Android Market:Samples found here are detected as Trojan:Android/FakeNotify.A.As usual, other malicious sites are hosted on the same IP address as the malicious Android Market. One site that came to our attention claimed to unlock hidden features of the phone. This [...] See More..
Spam Emails Link To QR Codes
It was just a matter of time, and now it’s happening. The WebsenseR ThreatSeekerR Network has started spotting spam messages that lead to URLs that use embedded QR codes. This is a clear movement and evolution of traditional spammers towards targeting mobile technology.The spam email messages look like traditional pharmaceutical spam emails (image 1) and contain a [...] See More..
Paybacks are hell: Parental spying prompts infiltration of German police system
Der Spiegel published a story in yesterday's edition of their magazine that the hack on the German police surveillance system "Patras" was prompted by a senior officer spying on his daughter's internet activities. The Patras system is used by the police to track suspects using so-called "silent" SMSs and GPS tracking devices planted on automobiles. [...] See More..
Are You Beta Testing Malware pt 2: Dissecting Fynloski’s Obfuscation
This post is part two of two. In our previous post, we came across a couple of files that used some popular games as part of its social engineering technique. One of the files, which was named “diablo3-crack.exe” (after Diablo the video game series) is currently detected as Backdoor:Win32/Fynloski.A. It piqued our interest because we’re [...] See More..
Who’s Behind the Koobface Botnet? – An OSINT Analysis
It’s full disclosure time. In this post, I will perform an OSINT analysis, exposing one of the key botnet masters behind the infamous Koobface botnet, that I have been extensively profiling and infiltrating since day one. I will include photos of the botnet master, his telephone numbers, multiple email addresses, license plate for a BMW, [...] See More..
Subscribe to:
Posts (Atom)