Archive | September 2012

Fall Malware Threats 2012

malware

Latest release of Fall Malware for 2012 from seCURE Connexion

The goal in releasing a comprised list of threats that security companies will be dealing with the most this Fall is to help instruct users on the latest vectors, so that they know how important it is to maintain an updated antivirus program.

Most of the malware threats listed below are audience aggregated, which means what most security companies are dealing with currently, and there is no hope of it ending anytime soon. These are in order of the most distributed.

KEY: Vir=Virus, Rtk=Rootkit, Trj=Trojan, WM=Worm, Adw=Adware, Spy=Spyware

  1. Trj.ZeroAccess(Sirefef)
  2. Trj.Agent
    • The Agent trojan is a backdoor proxy trojan, that attempts to change the proxy on the target computer to help redirect search results and browsing activity in attempts to mine money or bitcoins.
    • Outlook: Seems this trojan is the most updated trojan ever seen, and will continue to be a problem with all of its low-to-medium risk threats.
  3. Vir.Sality
    • See Microsoft’s writeup
    • Outlook: Sality has been a problem for a few years now, and it still will be a problem. It infects almost every user/system file on the operating system.
  4. Rtk.TDL4/TDSS
    • See Microsoft’s writeup
    • Outlook: TDL4 has continued to be a problem and will continue to be a problem as long as computers have a working master boot record.
  5. Adw.FakeAV
    • See Microsoft’s writeup
    • Outlook: Fake or rogue antivirus has been a problem for over four years of scamming users in to buying antivirus software. It will continue to be a problem for at least the next six months to a year.

Get best protection now:

IEEE data breach echoes across the world

data leakage

A Denmark-based Romanian computer scientist, Radu Dragusin, apparently found publicly readable code on a FTP server of the IEEE. It seems the results of his study included that the FTP server was used as a drop for log files from IEEE.org (its official site) and spectrum.IEEE.org (its online magazine), and that it contained info about 400,000,000 HTTP requests. Impressive!

Also, according to the report, some 400,000 log entries included the usernames and passwords (in plaintext of course) of about 100,000 unique users. Dragusin was unsure of what to do with the data he discovered on the 18th of September, but finally submitted the information about his study to the IEEE, where they developed (at least) a partial fix. What’s more important, is that experts are wondering why Radu didn’t tell the IEEE sooner, where the issue would have been fixed faster…

 

Protect your computer from viruses/malware with Kaspersky Internet Security for only $59.95 (a $79.95 value):

Kaspersky Internet Security 2012

Windows 8 Security Features Explained (mini-whitepaper)

Windows 8 is apparently more secure than Windows 7. Perhaps this is true, and it is best to learn what security features there are for the new operating system. Some of these security features are verified to help out very well in the security of Windows 8, and some may not be in time, or lastly some may not work at all.

One of the most discussed security features is Secure Boot. Now, Secure Boot is a Unified Extensible Firmware Interface (UEFI) specified in the boot process to check cryptographic signatures of kernel-mode drivers, making sure they aren’t modified or corrupted. In other words, the boot process is now made to check if the operating system has been corrupted by malware or some other issue.

This is all part of a hardware restriction process called Hardware DRM. All non-ARM devices have the option to turn Secure Boot off, however ARM devices must keep it on. Experts state that it will be resistant to rootkits, since the MBR and BIOS cannot be accessed, unless if someone working on the computer penetrates it.

Next, Windows 8 features better built in antivirus software, with a much better improved Windows Defender. The software in Windows 8 is combined with the optional tool Microsoft Security Essentials. Now, with Windows Defender super-powered with MSE, it has much more anti-malware features.

With better anti-malware features, Internet Explorer is now made with better features as well. It has the ability to prevent zero-day exploits much greater than previous versions of Internet Explorer. With the challenges of exploiting Windows 7, there was the issue risen up again for Java and Flash Player, so hackers can gain control over the operating system. Those browser plugins are now easier to exploit than the Internet Explorer’s code.

A new application sandboxing environment called AppContainer provides the ability to run all apps in a controlled environment, where it controls how apps work. This prevents apps from disrupting the operating system. Of course, this is just supplemented by Internet Explorer’s SmartScreen filter, which prevents the download/install of known malicious software. However, Windows 8 now has SmartScreen available for any app, allowing even more prevention. Of course, this means Microsoft employees are going to increase in numbers, if they really want to keep up. Now that hackers know their new challenges, they will be relentless.

The questions are still played on whether Windows 8 will be a repeat of Vista or not. The reality of the situation, is if Windows 8 has big popularity, then the security issues will also light up big time. However, many will stick to Windows 7, so the security issues for Windows users are not close to be over. Feel free to take a look at related articles below for Symantec’s opinions, which aren’t too well on the new OS.

Added October 31, 2012: Trusted Platform Module, read more

Keep up with the latest security tips on our blog here. In addition, please donate to help us continue to write these awesome whitepapers.

Senator blames Iran for attacks against US banks

US Senator Joe Lieberman blamed Iran for the attacks against US banks last Friday, with thoughts that Iran did so out of revenge for the Stuxnet case. The victims of last week’s attacks included Bank of America and JPMorgan Chase. Although not attacked, speculation is that CitiGroup has been a target over the past year. All of these denial of service campaigns seemed to have begun in late 2011.

In C-SPAN’s taping of “Newsmakers,” Lieberman labeled the recent DDoS attacks against the banks a “powerful example of our vulnerability”.

Now, from the perspective of Lieberman, it makes sense to make such claims. When we reported in June about a potential US and Israeli connection for malwares like Flame and Stuxnet, labeled “Operation Olympic Games”, we saw the counterattack that continued cyberwarfare between Iran and the US (as well as other countries). This could be just one of possibly many counterattacks from Iran, and it’s going to be quite dangerous to companies that are vulnerable to cyberattack.

Cyberattacks will continue with DDoS and other hacks, and it could target almost any major organization around the world. The main idea is to craft the correct cybersecurity strategies, and be aware of any attack vectors (like if there are too many people trying to hack in to the networks). It’s important to learn from issues like this, and be able to adapt the latest strategies for businesses. Which means: If you don’t have a director for information security at your major company, it’s about time to get one and soon!

Keep all of your devices FULLY safe from hackers:

Buy Now!

Fake Windows Update emails attempt to steal Yahoo!, Gmail, and Outlook mail passwords

It is now known that emails that apparently come from “privacy@microsoft.com” are fraudulent, especially if they involve subjects such as Microsoft Windows Update. Lately, there has been a rise in the email spam targeting vulnerable users of very popular companies, we reported about Chase bank.

The attack from the “privacy@microsoft.com” is an attempt to try to steal Yahoo!, Gmail, AOL, or Outlook.com (Windows Live formerly) passwords.

The body text:

Dear Windows User,
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.

This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to confirm your records.

VERIFY

Thank you,

Microsoft Windows Team.

To see an actual image, see the one from Naked Security.

More on this, see the post from Naked Security.

Report: Oracle databases vulnerable to hacking

vulnerability

A researcher showed today that Oracle’s databases could be hacked with brute-force attacks using only the database’s name and a username, according to Kaspersky Lab Security News.

Esteban Martinez Fayo, who works for AppSec Inc., was demonstrating his discovery at a security conference in Argentina and said that within just five hours on a regular PC using a special tool he could hack through easy passwords and access users’ data.

This isn’t the first time that security flaws have been found on Oracle databases. In January, the company squashed 78 software bugs in a major patch that stemmed from a flaw that allowed hackers into its databases remotely. And, just last month, new vulnerabilities that can be exploited to run arbitrary code were discovered in Oracle’s latest Java 7 update.

Read more on CNET

Cyber attacks on US banks continue

It’s been reported that many US banks are on high alert because of recently targeted cyber attacks.

We just reported about a different target, with spammers targeting email users, however, the banks themselves are being targeted as well.

Computer World notes:

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has put U.S. banks on high alert against cyberattackers seeking to steal employee network login credentials to conduct extensive wire transfer fraud.

The alert warns banks towatch out for hackers using spam, phishing emails, Remote Access Trojans and keystroke loggers to try and pry loose bank employee usernames and passwords.

The FBI has noticed a new trend where cyber criminals use stolen employee credentials to wire transfer hundreds of thousands of dollars from U.S. customer accounts to overseas banks, the FS-ISAC noted.

On their Pastebin posts, hackers have noted the following:

In the name of Allah the companionate the merciful

My soul is devoted to you Dear Prophet of Allah

“Operation Ababil” started over BoA :

http://pastebin.com/mCHia4W5
http://pastebin.com/wMma9zyG

In the second step we attacked the largest bank of the united states, the “chase” bank. These series of attacks will continue untill the Erasing of that nasty movie from the Internet.

The site “www.chase.com” is down and also Online banking at “chaseonline.chase.com” is being decided to be Offline !

Down with modern infidels.

### Cyber fighters of Izz ad-din Al qassam ###

However, CNN reports no evidence backing up claims and could be related to what happened to Go Daddy, saying: “But there was no immediate evidence to support the hackers’ claims, and several recent ones turned out to be hoaxes. Earlier this month, a person affiliated with the hacktivist collective Anonymous said the group took down the web hosting service Go Daddy, and in June the group UGNazi claimed responsibility for downing Twitter. Both outages were later revealed to be technical issues.”

%d bloggers like this: