Archive for Malware
Author: Dave Lewis
May 1, 2008 at 11:26 am · Filed under Malware
The folks at MessageLabs are stating that the Storm botnet has dropped down to around 100K nodes from it’s prjected high of over two million.
From IT News:
MessageLabs’ Intelligence Report for April 2008 said that new malicious software removal tools aimed at removing Storm infections were responsible for the sudden reduction in Storm-infected computers.
The security firm now estimates the botnet at approximately 100,000 compromised computers, down from previous estimates of two million.
This is evidenced by a 57 percent decrease in malware-laden emails distributed by the Storm botnet during April.
However, analysis of web-based malware suggests that 36.1 percent of interceptions in April were new, an increase of 23.3 percent since March.
MessageLabs also identified an average of 1,214 new websites per day harbouring malware and other potentially unwanted programs such as spyware and adware, an increase of 619 compared with the previous month.
“April was a month of unpredictability with the mighty Storm botnet losing all but five per cent of its anonymous army, and web-based malware reaching new levels,” said Mark Sunner, chief security analyst at MessageLabs.
It would be safe to surmise that the botnet node number will spike again with the next major vulnerability/holiday combination.
Article Link
Author: Dave Lewis
April 29, 2008 at 7:35 am · Filed under Crime, Malware
Microsoft releases botnet hunting tool to law enforcement.
From Network World:
Botnet fighters have another tool in their arsenal, thanks to Microsoft.
The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows.
Although Microsoft is reluctant to give out details on its botnet buster — the company said that even revealing its name could give cyber criminals a clue on how to thwart it — company executives discussed it at a closed door conference held for law enforcement professionals Monday. The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft’s users, said Tim Cranton, associate general counsel with Microsoft’s World Wide Internet Safety Programs. “I think of it … as botnet intelligence,” he said.
Read on for the full article.
Article Link
Author: Dave Lewis
April 29, 2008 at 7:27 am · Filed under Geek, Malware
From the Register:
Gamers desperate to get their mitts on Grand Theft Auto IV are being targeted in an opportunistic spyware scam. Spam emails offer prospective marks free entry to a draw offering a PlayStation 3 loaded with the much-anticipated game as a prize.
In reality, these illicit emails are loaded with spyware designed to swipe personal financial information from compromised PCs.
Grand Theft Auto IV for the PS3 and the Xbox 360 was released today to delirium from avid gamers. But some wouldbe buyers have been left disappointed as game stores have been unable to fulfill demand to the extent that even a minority of fans who pre-ordered the game have been left empty-handed.
Spammers are seeking to exploit this disappointment with a carefully targeted spam scam.
Be aware.
Article Link
Tags: Spyware, GTA IV, Grand Theft Auto
Author: Dave Lewis
April 21, 2008 at 8:10 am · Filed under Malware, Mobile
BBC News has an interesting piece dealing with criminals targeting mobile device users.
From BBC:
“There’s a real transition from online in to the mobile space,” said Simeon Coney, head of business development at Adaptive Mobile, which helps operators keep an eye on the malicious traffic flowing across their networks.
In the PC world malicious programs started with viruses designed to be a nuisance but now they have evolved into software designed solely to help their creators make money.
There is no doubt that hi-tech criminals have cottoned on to the fact that making malicious programs, be they trojans or viruses, can be a very profitable business.
That evolutionary process took, said Mr Coney, about 15 years.
I would wager that the time to ramp up on mobile devices will be far shorter.
Article Link
Author: Dave Lewis
March 26, 2008 at 7:14 am · Filed under Freedoms, Malware, Politics
From Heise:
In the last few days, pro-Tibetan groups on the internet have been the target of unusually well-executed attacks using trojans in e-mail attachments. F-Secure reports that the attachments are PDF files which exploit an undisclosed encoding vulnerability in the Adobe Reader to install and run a keylogger. This records everything typed on the infected computer and sends it to server on a well-known Chinese DNS bouncer.
Article Link
Author: Dave Lewis
March 17, 2008 at 7:12 am · Filed under Crime, Hacker, Malware
As part of Operation Bot Roast a hacker named, Robert Matthew Bentley, 21, of Panama City, Florida has plead guilty to a pair of felony counts. Bently, who at times used the moniker LSDigital, was responsible in part for a massive botnet that spanned the globe.
From the Register UK:
An indictment alleged that Bentley and his cronies generated “thousands of dollars” from their botnets. According to court papers signed last week by Bentley, he had applied for an account with DollarRevenue.com, which “pays others for, among other things, the unauthorized intrusion and placement of adware on to vulnerable computers.”
The bot masters, at least one of whom was located in Philadelphia, used the domain name smokedro.com as a command and control channel. They breached Newell Rubbermaid using at least three malicious files bearing the names 84785_redworld[1].exe, mssecure.exe and msiupdate.exe.
Under terms agreed to in the plea agreement, Bentley may qualify for “the granting of relief” if he provides “substantial assistance in the investigation or prosecution of other persons who have committed offenses.”
Ah, the carrot. So will he turn on his fellow ne’er do wells?
Article Link
Author: Dave Lewis
February 28, 2008 at 9:21 am · Filed under Crime, Malware
Rumblings about potential German police trojans and spyware seem to raised that hackles of the high court. This isn’t really anything new as the Supreme Court in Germany smacked down the use of hacking by German police over a year ago.
From BBC:
Germany’s highest court has restricted the right of the security services to spy on the computers of suspected criminals and terrorists.
Under the technique, software sent in an email enables the authorities to spy on a suspect’s computer hard drive.
The Federal Constitutional Court in Karlsruhe said cyber spying violated individuals’ right to privacy and could be used only in exceptional cases.
Civil liberties activists have warned of an unacceptable invasion of privacy.
The case - which began last year - was brought after the western state of North Rhine-Westphalia allowed officials to begin using the technique.
Court President Hans-Juergen Papier said that using such software contravened rights enshrined in Germany’s constitution, adding that the decision would serve as a precedent across the country.
So, the court said no and the police continue to develop? Who is leading this parade?
Article Link
Tags: Crime, German Police Trojans, LE Trojan
Author: Dave Lewis
February 27, 2008 at 8:07 am · Filed under Malware, Vulnerability
Symantec’s Mail Security products have some issues again. This time the problem lies within a specially crafted .RAR file. I’m wondering if this is a case of a corrupted .rar file or something that has been packed with UPX or MEW. Details are few.
From Secunia:
Description:
Two vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) A boundary error in Symantec’s Decomposer engine can be exploited to cause a stack-based buffer overflow when handling a specially crafted .RAR file.
Successful exploitation allows execution of arbitrary code.
2) An error in Symantec’s Decomposer engine can be exploited to cause the process to consume large amounts of memory when handling a specially crafted .RAR file.
The vulnerabilities affect all builds of the following products:
* Symantec AntiVirus for Network Attached Storage version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine for Caching version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine for Clearswift version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine for Messaging version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine for MS ISA version 4.3.16.39 and prior
* Symantec AntiVirus Scan Engine for MS SharePoint version 4.3.16.39 and prior
* Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) all versions
* Symantec Mail Security for Microsoft Exchange version 4.6.5.12 and prior
* Symantec Mail Security for Microsoft Exchange version 5.0.4.363 and prior
* Symantec Scan Engine version 5.1.4.24 and prior
Article Link
Original Advisory 1
Original Advisory 2
Tags: Symantec, Symantec RAR Files, Symantec Decomposer
Author: Dave Lewis
February 19, 2008 at 8:31 am · Filed under Malware
From Computer World NZ:
The web is scarier than most people realise, according to research published recently by Google.
The search engine giant trained its web crawling software on billions of web addresses over the past year looking for malicious pages that tried to attack their visitors. They found more than 3 million of them, meaning that about one in 1,000 web pages is malicious, according to Neils Provos, a senior staff software engineer with Google.
These web-based attacks, called “drive-by downloads” by security experts, have become much more common in recent years as firewalls and better security practices by Microsoft have made it harder for worms and viruses to directly attack computers.
In the past year the websites of Al Gore’s “An Inconvenient Truth” movie and the Miami Dolphins were hacked, and the MySpace profile of Alicia Keys was used to attack visitors.
Read on.
Article Link
Tags: Google Finds Evil, Drive-By Downloads
Author: Dave Lewis
February 11, 2008 at 12:47 pm · Filed under Hacker, Malware
Oops. Well, it had to happen to one vendor or another at some point.
From PC World (via Yahoo News):
The download section of AvSoft’s S-cop Web site hosts the malicious code, according to Roger Thompson, chief research officer with security vendor AVG. “They let one of their pages get hit by an iFrame injection,” he said. “It shows that anyone can be a victim…. It’s hard to protect Web servers properly.”
The technique used on the site has been seen in thousands of similar hacks over the past few months. The attackers open an invisible iFrame Window within the victim’s browser, which redirects the client to another server. That server, in turn, launches attack code that attempts to install malicious software on the victim’s computer.
The malicious software is a variant of the Virut virus family.
Article Link
Tags: AVG, AVSoft, Antivirus Company Hacked
Next entries »
Explore
Security Bloggers Network
