October 29th, 2009

Spooky Halloween - scareware or crimeware?

Posted by Dancho Danchev @ 11:47 am

Categories: Anti Virus, Botnets, Hackers, Malware, Passwords, Spam and Phishing, Spyware and Adware, Uncategorized, Viruses and Worms

Tags: Campaign, Cybercriminal, Search, Marketing Research, Strategy, Security, Marketing, Management, Dancho Danchev

With all the “spooky” cybercrime trends taking place on a monthly basis, such as the death of CAPTCHA, the suspicious idleness of the Conficker botnet, the clear presence of government-tolerated and upcoming government-sponsored botnets, the inevitable migration from using malicious infrastructure to entirely relying on legitimate one, followed by the cyber terrorism myopia that cyber terrorists still need years to build advanced cyber warfare capabilities, totally excluding outsourcing as a factor for gaining competitive advantage from the big picture, I’m literally having hard time deciding which one deserves most attention.

Whatever the cybercrime tactics, the main objective for the key ‘market players’ remains the same - monetization. Which prompts this year’s Halloween question - scareware (trick) or crimeware (treat)?

Read the rest of this entry »

October 28th, 2009

US-CERT warns about BlackBerry spyware app

Posted by Ryan Naraine @ 8:15 am

Categories: Uncategorized

Tags: Attacker, RIM BlackBerry, US-CERT, PhoneSnoop, Handhelds, Spyware, Spyware, Adware & Malware, Cyberthreats, Security, Hardware

The United States Computer Emergency Response Team (US-CERT) has flagged the release of a free BlackBerry spyware application that allows an attacker to call a user’s BlackBerry and listen to personal conversations.

The application, called PhoneSnoop, was publicly released as a proof-of-concept. It was first discussed at the Hack-in-the-Box security conference this year. Read the rest of this entry »

October 19th, 2009

Mozilla blocks (then unblocks) dangerous MS .NET Firefox add-on

Posted by Ryan Naraine @ 5:29 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Google, Google Chrome, Malware, Microsoft, Mozilla, Open source, Patch Watch, Pen testing, Uncategorized

Tags: Mozilla Firefox, Microsoft Corp., Mozilla Corp., Add-on, Web Browsers, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Internet

FINAL UPDATE: In the Threatpost podcast above, Mozilla’s Mike Shaver explains what happened (.mp3)

[ UPDATE: Mozilla has now removed the extension from the blocklist after Microsoft clarified some information in its bulletin on how Firefox users were affected.  I'll attempt to get to the bottom of what appears to be a case of miscommunication ]

Mozilla has added the Microsoft .NET Framework Assistant add-on to its blacklist, a move that effectively disables the dangerous extension and plug-in for all Firefox users.

The move comes in the wake of an admission from Microsoft that the add-on was exposing users to drive-by malware downloads via a remote code execution vulnerability. Read the rest of this entry »

September 17th, 2009

Remote exploit released for Windows Vista SMB2 worm hole

Posted by Ryan Naraine @ 10:34 am

Categories: Uncategorized

Tags: Vulnerability, Microsoft Windows Vista, Microsoft Corp., Exploit, Microsoft Windows, Microsoft Windows 7, Microsoft Windows Server 2008, Smb/Sme, Operating Systems, Security

Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft’s dominant Windows operating system.

A team of exploit writers led by Kostya Kortchinsky attacked the known SMB v2 vulnerability and created a remote exploit that’s been fitted into Immunity’s Canvas pen-testing platform. The exploit hits all versions of Windows Vista and Windows Server 2008 SP2, according to Immunity’s Dave Aitel.

Read the rest of this entry »

August 28th, 2009

Apache.org hit by SSH key compromise

Posted by Ryan Naraine @ 8:13 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Digital rights management, Exploit code, Hackers, Locally Running Web Servers, Open source, Passwords, Patch Watch, Uncategorized

Tags: SSH, Apache Software Foundation, Open Source, Ryan Naraine

The open-source Apache Software Foundation pulled its Apache.org Web site offline for about three hours today because of server hack caused by a compromised SSH key.

A brief message posted on the site (see image below) made it clear the compromise was “not due to any software exploits in Apache itself”, but was actually caused by a compromised SSH key.

Read the rest of this entry »

August 27th, 2009

The most dangerous celebrities to search for in 2009

Posted by Dancho Danchev @ 1:27 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Russia, Ukraine, Uncategorized, Web 2.0

Tags: Web, Digg, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Searching for which celebrity has the highest probability of tricking you into visiting a malware-friendly web site?

Last year it was Brad Pitt, but according to this year’s McAfee report “Riskiest Celebrities to Search on the Web“, it’s Jessica Biel related searches that have “one in five chance of landing at a Web site that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware“.

Read the rest of this entry »

August 12th, 2009

Apple drops (another) Mac OS X security patch

Posted by Ryan Naraine @ 2:18 pm

Categories: Uncategorized

Tags: Apple Macintosh, BIND, Apple Inc., Apple Mac OS X, Domain Names, Apple Mac OS, Operating Systems, Security, Software, Internet

Less than a week after fixing 19 Mac OS X security vulnerabilities, Apple is on the patch treadmill again.

The company released Security Update 2009-004 to fix a solitary BIND vulnerability that could lead to denial of service attacks.  Apple warns:

Read the rest of this entry »

August 11th, 2009

Campaign Monitor hacked, accounts used for spamming

Posted by Dancho Danchev @ 10:30 am

Categories: Spam and Phishing, Uncategorized

Tags: Spammer, Spamming, Attack, E-mail, Spam, Servers, Security, Spam And Phishing, Hardware, Dancho Danchev

E-mail marketing software developer Campaign Monitor warned users today of a server compromise that took place during the weekend.

The compromise allowed the attackers to gain access to customer accounts, which they abused by importing their own lists of harvested emails in order to launch spam campaigns using the clean IP reputation of their servers. No credit card details have leaked, according to the company.

More info on the attack:

Read the rest of this entry »

August 7th, 2009

Microsoft's Bing invaded by pharmaceutical scammers

Posted by Dancho Danchev @ 12:45 pm

Categories: Uncategorized

Tags: Advertisement, Pharmacy, Microsoft Corp., Scammer, Internet, Dancho Danchev

Rogue online pharmacies have found a way to exploit Bing’s advertising program.

According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year.

The report also details a brand-jacking scheme allowing bogus advertisers the option to choose their own “Display URL” and a separate “Destination URL” for displaying their ads.

More findings:

Read the rest of this entry »

August 4th, 2009

Plugins compromised in SquirrelMail's web server hack

Posted by Dancho Danchev @ 5:15 pm

Categories: Complex Attacks, Hackers, Malware, Passwords, Privacy, Uncategorized

Tags: Web Server, Server, Plug-in, SquirrelMail, Web Servers, Internet, Dancho Danchev

According to a recently posted update by SquirrelMail’s Jonathan Angliss, the source code of three plugins was backdoored during the web server compromise of the popular web-based email application which took place last month.

The compromised plugins were embedded with code that was forwarding accounting data to a server maintained by the people behind the hack, something SquirrelMail didn’t acknowledge prior to announcing the web server compromise.

Read the rest of this entry »