Malware - Infoworld

Citadel banking malware is evolving and spreading rapidly, researchers warn

admin — Thu, 09 Feb 2012 16:06:49 +0000

A computer Trojan that targets online banking users is evolving and spreading rapidly because its creators have adopted an open source development model, according to researchers from cyber threat management firm Seculert.

Called Citadel, the new piece of malware is based on ZeuS, one of the oldest and most popular online banking Trojans. ZeuS was abandoned by its creator in late 2010, and its source code leaked online a few months later.

Spammers impersonate well-known developers to publish rogue apps on Android Market

admin — Wed, 08 Feb 2012 22:04:16 +0000

Spammers are impersonating well-known Android software developers in order to distribute rogue apps through the official Android Market.

Security researchers from antivirus firm Trend Micro have identified a developer named Rovio MobiIe Ltd. in the Android Market, which had a significant number of rogue applications in its portfolio.

Facebook malware scam takes hold

admin — Sat, 04 Feb 2012 00:05:44 +0000

A "worrying number" of Facebook users are sharing a link to a malware-laden fake CNN news page reporting the U.S. has attacked Iran and Saudi Arabia, security firm Sophos said Friday.

Symantec warns of Android Trojans that mutate with every download

admin — Fri, 03 Feb 2012 12:31:43 +0000

Researchers from security vendor Symantec have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection.

This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it.

Google finally scans malware-ridden Android Market

Paul Krill — Fri, 03 Feb 2012 11:00:00 +0000

In an effort to improve security in its Android Market, Google has been using a service providing automated scanning of applications submitted to the mobile application store, Google revealed on Thursday afternoon.

Code-named Bouncer, the service scans the market for potentially malicious software without disrupting the user experience or requiring developers to submit to an application approval process, said Hiroshi Lockheimer, vice of engineering for Android, in a blog post:

Business is booming for 'malware as a service' merchants

admin — Wed, 01 Feb 2012 17:22:32 +0000

They are well organized. They pay close attention to product quality, working hard to make it effective and scalable. They are all about customer service, providing after-sales support. They even solicit the help of their customers in product development.

All admirable qualities. But all in the service of theft.

Hackers infect WordPress 3.2.1 blogs to distribute TDSS rootkit

admin — Tue, 31 Jan 2012 15:30:40 +0000

Hackers are compromising WordPress 3.2.1 blogs in order to infect their visitors with the notorious TDSS rootkit, according to researchers from Web security firm Websense.

It's not clear how the websites are being compromised, but there are publicly known exploits for vulnerabilities that affect WordPress 3.2.1, which is an older version of the popular blog publishing platform.

Update: Industry group pushes new spec to eliminate phishing

admin — Mon, 30 Jan 2012 14:02:06 +0000

Companies such as Facebook, Google, and PayPal are pushing for widespread use of a new technical specification, DMARC, that could make it harder for phishers to reach their victims.

Drive-by-download attack exploits critical vulnerability in Windows Media Player

admin — Fri, 27 Jan 2012 17:36:16 +0000

Security researchers from antivirus vendor Trend Micro have come across a Web-based attack that exploits a known vulnerability in Windows Media Player.

"Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003)," Trend Micro threat response engineer Roland Dela Paz said in a blog post on Thursday.

Goal of new security service: More involvement from ISPs, carriers

admin — Wed, 25 Jan 2012 17:29:22 +0000

There's a war underway throughout our networks, with carriers and ISPs in the thick of it. But for fear of network disruptions or increased cost of service, many ISPs and carriers have shied away from securing the traffic that flows through their wires.

2011: The year Mac malware got interesting

InfoWorld Tech Watch — Tue, 24 Jan 2012 21:37:38 +0000

For years, security professionals have argued that Mac OS X is just as prone to digital attack as the latest Windows system. Yet, Mac users have felt safer because, let's face it, few attackers focus on Macs.

Twitter acquires antimalware company Dasient

admin — Tue, 24 Jan 2012 12:11:41 +0000

Twitter has acquired Internet security firm Dasient, the Sunnyvale, California startup said on its blog on Monday.

Dasient, which describes itself as a cloud-based Web antimalware technology company, introduced in 2010 a service to protect advertisement networks and publishers from malicious ads.

Researchers expose flaws in popular industrial control systems

admin — Fri, 20 Jan 2012 16:13:07 +0000

Researchers showcased unpatched security flaws in software used to control critical industrial systems by oil, gas, water, and electrical distribution plants at the 2012 SCADA Security Scientific Symposium (S4) on Thursday.

The vulnerabilities ranged from information disclosure and privilege escalation bugs to remote denial-of-service (DoS) and arbitrary code execution flaws.

Smarter hypervisor use can lead to a 'big, big change' in security

admin — Thu, 19 Jan 2012 16:19:08 +0000

To gain insight on the months ahead as they relate to IT attacks, malware, cloud security, and the impact of virtualization on security, we recently chatted with Simon Crosby, former CTO of Citrix Systems' data center and cloud business.

McAfee to patch spam relay problem in cloud product

admin — Thu, 19 Jan 2012 13:41:55 +0000

McAfee expects to patch by Thursday two problems with its SaaS Total Protection antimalware service, one of which lets an attacker use a computer as a spam relay.

SaaS Total Protection is a hosted security service from Intel-owned McAfee. Clients sign up for the service, which provides features such as a firewall, antivirus scans and antispam services that run in McAfee's data centers.

Sykipot Trojan hijacks Department of Defense authentication smart cards

admin — Fri, 13 Jan 2012 14:00:21 +0000

A variant of the Sykipot Trojan Horse hijacks U.S. Department of Defense (DoD) smart cards in order to access restricted resources.

Microsoft planning real-time feed of valuable threat data

admin — Fri, 13 Jan 2012 11:00:00 +0000

Microsoft has had a great deal of success taking down botnets in recent years. A fringe benefit of those takedowns is that Microsoft gets to collect oodles of very valuable data. Now, Microsoft is preparing to offer that threat intelligence as a real-time feed that partners can use to evaluate threats and develop better defenses.

Public attack code aimed at Windows Web servers works, says Symantec

admin — Wed, 11 Jan 2012 22:16:29 +0000

Researchers at Symantec yesterday confirmed that working attack code published Jan. 6 can cripple Web servers running Microsoft's ASP .Net.

The proof-of-concept exploit was published last Friday on GitHub, a site that hosts software projects, and has been used in the past by hackers to distribute their work.

Carrier IQ detection tool converted to premium SMS Trojan

admin — Wed, 11 Jan 2012 16:42:54 +0000

Android malware writers are taking advantage of the controversy surrounding Carrier IQ's smartphone tracking software in order to distribute a premium SMS Trojan, security researchers from Symantec warn.

"Android.Qicsomos is a modified version of an open source project meant to detect Carrier IQ on a device, with additional code to dial a premium SMS number," said Symantec malware analyst Irfan Asrar in a blog post on Tuesday.

Symantec investigates possible leak of Norton AntiVirus source code

admin — Thu, 05 Jan 2012 22:58:40 +0000

Symantec is investigating claims by a group of hackers that they are in possession of source code for its Norton AntiVirus product.

The group, which uses the name "The Lords of Dharmaraja," claims to have stolen Symantec source code and documentation from the servers of Indian intelligence agencies, along with intellectual property from other software companies that have contracts with the Indian government.