Archive | September 2012

Flame malware command-and-control servers reveal earlier origins, among other links

Government malware, Flame, Stuxnet, etc. is expanding and becoming more of a problem. Computer systems are getting even more inventive, but not at the alarming rate that dangerous malware is expanding. There may be more links other than Stuxnet for Flame.

First, computer systems are created for specific purposes, and have been for about forty years now. However, some of the newer computer systems are created to become like robots, which means that the computer system works on its own without user intervention. But, what happens when malware targets the core computer systems of oil industries, energy companies, military plants, etc.? It can cause dangerous and severe consequences if the system were to become compromised.

Second, the Flame malware became uprising just this past May, where it infected over 1000 computers, according to Kaspersky Lab. The victims of the first attack included governmental organizations, educational institutes, and personal users. Most of the attacks were central over West Asia, including Iran, Israel, Syria, Saudi Arabia, Egypt, among others. Supporting a kill command, which would eliminate all traces of the malware from the computer attacked, this command was sent soon after the malware’s exposure. Right now, there are no reported active infections of Flame, or other variants being created.

However, there are derivatives of the Flame malware being created. We reported a few weeks ago about Shamoon being actively distributed using its skiddie approach. There are other links that were recently found (like Gauss) that can relate Flame to command-and-control usage back to 2006. Which means this Flame project could be as much as 6 years old, or is related to malware from then.

Instead of looking like a botnet interface, the Flame command centers look more like content-management systems (CMS), and have many other new approaches. One of its approaches included the three fraudulent certificates, which Microsoft patched to block them back in June.

More news about the findings and C&C servers were fully unveiled to the recent Flame investigation by Kaspersky Lab and the news from Symantec (PDF). Researchers at Kaspersky Lab state they were suspicious about the findings of a development link to Stuxnet back in June, when communication was eavesdropped between the team.

Some of the key developers behind all of this situation include speculation of the US & Israel combined. However, there is no known evidence backing these claims, except for what researchers can reveal about coding types and other methods used.

Much of the articles by Kaspersky Lab and Symantec include the following speculations as well:

  • Four programmers at least tag-teamed on the job of development as their nicknames were left in the code.
  • One-server called home 5000 victim machines during just a one-week period in May, suggesting at least 10,000 victims.
  • The infections weren’t just focused on one-group of organizations or people, but in separate groups of targets in many countries.
  • Many of the targets focused a lot on Iran and Sudan.
  • Different custom protocols were used to communicate with the servers, not just one protocol. Meaning that there were at least four different protocols used to communicate to the servers.
  • Tons of data was stolen, which 5.5 GBs was reported in just one week of data-mining from the malware.
  • The attackers are either mining for government information, or attempting to gain military intelligence.

The developers behind the Flame malware have a lot more secrets, which are being unveiled. More ties are being linked to Stuxnet and Flame, and when the information becomes available, it’ll be here on seCURE Connexion’s blog. The Flame developers obviously have a lot of nerve developing these cyber-weapons. But, many politicians and security experts have warned of this information warfare for years. Here we are at the peak!

To protect your computer from hackers, use Kaspersky’s PURE Total Security:
Kaspersky PURE Total Security

Security & BYOD for the iPhone 5 (mini-whitepaper)

As you upgrade to the iPhone 5, please keep in mind some principles, both personal and business.

  • If your iPhone will be handed down to a child, make sure ALL critical data is removed from there. This includes all business data, personal details, etc. It is highly critical to maintain your business and personal identity.
  • As new devices are created, new threats are created as well. These security threats need to be identified and taken care of. Just because it is a new iPhone does not mean it’s immune from security threats. Security is a losing battle, because hackers are always trying to stay one-step ahead of programmers/developers. While developers are working around the clock trying to prepare these new capable hardware/software, hackers are doing the same working against them.
  • The iPhone 5 is set to accelerate BYOD, which means better available options to network administrators. Things like data copying, wiping operations (erasing loads of data), etc.
  • The iOS 6’s Passbook feature can store financial information for securing digital transactions. If you’re comfortable storing that information go ahead, otherwise just keep it off.
  • Emails, texts, and calendar appointments can be modified by the Siri app, without requiring the administrator to log in to the device.
  • If Apple succeeds in the acquisition of AuthenTec, it allows for a fingerprint identification security system for the device, making it more secure physically. But this technology is pending at the moment.
  • Apple calls the iPhone 5 “The thinnest, lightest, fastest iPhone ever”, but they mention nothing about security do they?

 

If this has helped you personally or your business in any way, please consider making a donation to help further the seCURE Connexion project.

Second Opinion Malware Scanners: Why buy one?

Second opinion malware scanners are the best key in managing vulnerabilities. What a regular antivirus or internet security program doesn’t find or catch, the second opinion malware scanner can catch. This is an integral part of a defense-in-depth method, which is a very good idea in maintaining the security of your computer AND your identity. ID theft is one of the biggest security problems on the internet today, but luckily thanks to many anti-malware companies, there are ways to avoid these types of problems.

Second opinion malware scanners do not interfere with other antivirus/internet security software. If they do, rarely, the support team at each company are dedicated to helping you solve that issue pretty fast. These types of programs are engineered to work alongside an antivirus and internet security program.

The following is a short list of second opinion malware scanners. I only recommend two of them, because they are the best, and because I’m an affiliate:

  1. Malwarebytes’ Anti-Malware Pro (MBAM Pro)

    Overall, this program is a powerhouse against malware. It provides the best secondary protection mechanisms with IP blocking functionality. Also, allows you to protect the MBAM interface with a password. It keeps hackers out, and the user is allowed in. It also provides priority database updates, excellent customer support, and lightning fast scanning technology. This comes at a lifetime price of only $24.95 (USD), which means once you buy it, you don’t pay anymore fees ever again!
    Try Malwarebytes, the Leader in Malware Removal
  2. Hitman Pro by Surfright

    Now, this program, Hitman Pro, is a different story. It provides a behavioral scan for malware, which checks programs and files for typical malware/virus-like behavior. If it thinks it is a threat, the program alerts you asking you to remove it. It also uses the cloud to enable itself to scan your computer with the newest data from all antivirus companies about zero-day threats. This program is best known for its ability to find kernel-mode rootkits, and its ability to remove even some of the toughest malware. What could be better? Buy Hitman Pro Today!
  3. Zemana Anti-Malware
    This program is a bit newer in the market, and not as well known as the above two. However, it is a competitor in the anti-malware field, and deserves a mention nonetheless. From the vendor: “Zemana Anti-Malware is a second opinion scanner designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti-virus software, firewalls, etc.)”.

Apple releases major update to iTunes with version 10.7

160 vulnerabilities are being fixed with a new release from Apple for iTunes 10.

The newest version number is 10.7. Update now!

Most of the fixes rolled out are involved with WebKit. WebKit is a layout engine from Apple, which allows webpages to be rendered in a browser. Therefore, the main problems faced in iTunes 10 are with the Store site. WebKit is also used in Safari browser by Apple and Chrome browser by Google. Google apparently helped get the fixes for Apple’s iTunes program.

Many of the vulnerabilities in WebKit are from bug reports in 2011. Just now fixing these flaws shows how low this is on the priority list with the Apple development team concerning iTunes. These same vulnerabilities were apparently fixed long ago in Safari and Chrome. So, what’s the excuse?

Users can get the security fixes by updating iTunes directly in the application.

Apple’s statement on the security update page:

Available for: Windows 7, Vista, XP SP2 or later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues existed in WebKit. These issues are addressed through improved memory handling.

 

Protect your computer now from ANY vulnerability by getting a second opinion malware removal scanner and protection program:

 

Windows 8 medical app, EMR Surface launched

Many sources are talking about the new Windows 8 app, EMR Surface, that is now available for $499 (USD). It is apparently the most pricey app so far, which is fine, because most other solutions for the Windows platforms are much more expensive. This app provides a break from the cost and takes advantage of the new Windows 8 operating system.

The development team Pariscribe has engineered this app. This app was made specifically for the medical industry, and should be treated as such. It offers the ability, according to the app page, to check up on patient information and to “Add Appointment, Billing, Family History, Family History Details, Problems, Progress Note, Risk Factor, Vital Sign, Prescription, Drug Interactions, Reminders.”

Right now, apparently it is in pilot mode, being used in Samsung Series 7 Slate tablets. In 12 MB in size, it comes packed with tons of features, and provides an easy-to-use visual interface. Just may be the future of in-office consultations, instead of the medical laptop usage.

Now available on the Windows Store.

Details about The University of Miami Hospital breaches

Data Leakage

The University of Miami Hospital has begun to let patients know that a second data breach has occurred so far this year. Personal information is at risk and patients must know. This is the second breach, with the first one happening in July.

Apparently, according to a letter being sent to patients this month outlines the fact that two employees were apparently caught improperly accessing patient records that give doctors and other medical associates a quick glance at patient information.

Although the employees have been terminated, some worry that a portion of the sensitive data was sold. The affected data includes any patient records that have been at the hospital from October 2010 to July 2012. Those affected by the breach are being given a two-year membership to a credit monitoring service.

 

Avoid data breaches on your own computer:

 

September Patch Tuesday 2012 updates

Here’s a small update to yesterday’s Patch Tuesday. Microsoft seemed to have only two critical fixes…

The first patch, MS12-061, applies to Microsoft Visual Studio Team Foundation Server. The other update, MS12-062, fixes a flaw in Microsoft Systems Management Server 2003 and Microsoft System Center Configuration Manager 2007.

Note to system administrators: Microsoft is urging you to test out the following update: KB2661254, which is an update to help mitigate the risks associated with the Flame malware. It won’t be released until October. But, it is available for testing purposes. It is best ot thicken your SSL certifications.

As for Adobe updates… The most important bulletin is APSB12-19 which fixes seven vulnerabilities in Flash Player. More details on that here.

 

Go Daddy outages on September 10 not caused by Anonymous DDoS

Go Daddy is finishing recovering from what appears to be a corruption in its router tables. Yesterday, Anonymous blabbered quickly that they had constructed a DDoS attack on GoDaddy.com, causing its servers from being inaccessible from 10 a.m.-4 p.m. PDT. However, Go Daddy CEO claims it’s not true:

The service outage was not caused by external influences. It was not a “hack” and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.

Go Daddy tweeted the following yesterday during this issue:

As for if this attack was by hackers… NO it was not.

Kaspersky Anti-Virus 2013 brings you the essential antivirus technologies that your PC needs – in a product that’s easy to download, install and run. Kaspersky Anti-Virus 2013 works behind-the-scenes – defending you and your PC against viruses, spyware, Trojans, rootkits and other threats… all without significant impact on your PC’s performance. Click Here

VirusTotal acquired by Google

Google has been improving its security arsenal for the past few years, especially with the development of its Chrome browser. The five star service (our opinion), VirusTotal, a product by Hispasec, is now going to be shared with Google.

The security intelligence from the Hispasec Sistemas s.l will be an awesome addition to the backbone of Google security. Although, terms of the deal between the two have not been disclosed. It’s important to note that the company was not acquired, just the product.

VirusTotal is a file scanning service, which checks files against a little over 40 anti-malware/antivirus scanners. In addition, it also provides a website scanning service, which is able to check sites for malware, among exploits, etc.

Much of the data that VirusTotal indexes and processes is also shared with the security companies, in a way to boost online security aggressively.

As VirusTotal said in their blog post on the acquisition:

  • The quality and power of our malware research tools will keep improving, most likely faster; and
  • Google’s infrastructure will ensure that our tools are always ready, right when you need them.  

“Security is incredibly important to our users and we’ve invested many millions of dollars to help keep them safe online,” a Google spokesperson said in a statement. “VirusTotal also has a strong track record in Web security, and we’re delighted to be able to provide them with the infrastructure they need to ensure that their service continues to improve.”

The last awesome acquisition by Google was the reCAPTCHA deal.

Beware of fake Adobe Flash Player plugin update ads

Only need to say a few words here… do not click on these ads, as they are potential exploits leading to malware/viruses:

Protect yourself from ads automatically with Kaspersky Products:

Kaspersky Lab US E-Store

Click here to access the Kaspersky E-Store

%d bloggers like this: