November 5th, 2009

Windows 7's default UAC bypassed by 8 out of 10 malware samples

Posted by Dancho Danchev @ 1:33 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Microsoft, Rootkits, Spyware and Adware, Viruses and Worms

Tags: User Account Control, Security, Malware, Microsoft Windows 7, Microsoft Windows, Operating Systems, Software, Dancho Danchev

A recently conducted test by malware researchers reveals that eight out of ten malware samples used in the test, successfully bypassed Windows 7’s default UAC (user access control) settings. The findings were also confirmed by a separate test done by another company, with an emphasis on how one of the most popular scareware variants bypassed Windows 7’s default UAC’s settings as well.

Read the rest of this entry »

November 5th, 2009

Which antivirus is best at removing malware?

Posted by Dancho Danchev @ 12:14 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Rootkits, Spyware and Adware, Viruses and Worms

Tags: Antivirus, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Detecting the presence of malicious code is one thing, successfully eradicating it is entirely another.

According to AV-Comparatives.org’s recently released malware removal test evaluating the effectiveness of sixteen antivirus solutions, only a few were able to meet their criteria of not only removing the FakeAV, Vundo, Rustock and ZBot(Zeus) samples they were tested against, but also getting rid of the potentially dangerous “leftovers” from the infection.

More info on the tested antivirus solutions , and how they scored:

Read the rest of this entry »

October 19th, 2009

'Evil Maid' USB stick attack keylogs TrueCrypt passphrases

Posted by Dancho Danchev @ 10:32 am

Categories: Anti Virus, Browsers, Complex Attacks, Data theft, Hackers, Kernel-level Exploits, Malware, Passwords, Privacy, Research, Rootkits, Spyware and Adware, Tools

Tags: USB, Laptop Computer, Attack, TrueCrypt, Mobile Proximity Alarm, Security, Hardware, Notebooks & Tablets, Dancho Danchev

Security researcher Joanna Rutkowska has released a PoC (proof of concept) of a keylogger that is capable of logging TrueCrypt’s disk encryption passphrase enabling the attacker to successfully decrypt the hard drive’s content.

Dubbed, the ‘evil maid’ attack due to its ‘plug-and-exploit’ functionality requiring 1-2 minutes for the infection process to the take place, works with the latest TrueCrypt versions 6.0a - 6.2a.

Here’s how it works, and TrueCrypt’s response:

Read the rest of this entry »

October 19th, 2009

Commonwealth fined $100k for not mandating antivirus software

Posted by Dancho Danchev @ 8:11 am

Categories: Anti Virus, Botnets, Browsers, Data theft, Hackers, Malware, PCI, Passwords, Pen testing, Privacy, Rootkits

Tags: Electronic Banking, Antivirus Software, Commonwealth Financial Network, Banking, Security, Viruses And Worms, Financial Services, Dancho Danchev

According to a recently published SEC cease-and-desist order, the Commission has recently fined Commonwealth Financial Network $100,000, for not mandating antivirus software on the computers of its representatives, leading to a security incident which took place in November 2008, allowing the cybercriminal behind the attack to place eighteen unauthorized purchase orders, resulting in $523,000 of unauthorized purchases.

Despite Commonwealth’s brisk reaction which greatly minimized the financial impact of the compromised accounts, the incident took place shortly after a representative contacted the IT Help Desk indicating a malware infection might have taken place without receiving “follow-up” attention:

Read the rest of this entry »

October 1st, 2009

MS Security Essentials test shows 98% detection rate for 545k malware samples

Posted by Dancho Danchev @ 10:20 am

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Microsoft, Passwords, Rootkits, Spyware and Adware, Viruses and Worms, Windows Vista

Tags: Freeware, Antivirus, Malware, Microsoft Corp., Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

According to recent tests conducted by AV-Test.org aiming to measure the performance of Microsoft’s Security Essentials, the freeware application achieved 98% detection rate for 545k malware samples including viruses, bots, trojan horses, backdoors and Internet worms, also achieving 90.95% detection rate for 14,222 adware/spyware samples it was tested against.

However, AV-Test.org didn’t find any effective “dynamic detection” features (HIPS/behavior blocking) in place, and therefore samples with malicious behavior were not detected due to the application’s reliance on malware signatures only.

Read the rest of this entry »

September 29th, 2009

Research: Small DIY botnets prevalent in enterprise networks

Posted by Dancho Danchev @ 12:39 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Pen testing, Rootkits, Viruses and Worms

Tags: Enterprise Network, Espionage, Cyberthreats, Spam, Robots, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

Does the size of a botnet really matter? It’s all a matter of perspective.

Contrary to the “common wisdom” that based on their size, big botnets are theoretically capable of infiltrating a huge percentage of enterprise networks, a recently presented study entitled “My Bots Are Not Yours! A case study of 600+ real-world living botnets” shows an entirely different picture.

According to Gunter Ollmann, VP of research at Damballa, based on their observation of 600 different botnets within global enterprises throughout a period of three months, small DIY botnets aiming to stay beneath the radar accounted for 57% of all botnets, and hence, successfully evaded detection in most of the cases:

Read the rest of this entry »

September 24th, 2009

In search of a standard for displaying security threat levels

Posted by Ryan Naraine @ 6:32 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Locally Running Web Servers, Malware, Punditocracy, Rootkits, Spam and Phishing, Viruses and Worms

Tags: Security Company, Threat Level, Security, Ryan Naraine

GENEVA — A veteran security researcher today challenged the anti-malware industry to work on a standard way of assigning computer/Internet threat levels to present transparent helpful information to consumers and businesses.

During a presentation at the Virus Bulletin 2009 conference here, Fortinet project manager Bryan Lu discussed the current scenario where anti-malware vendor use different systems to display threat levels — either color-coded or using numbers and arrows — and suggested that vendors use existing data to make threat level indicators more useful and meaningful.

Read the rest of this entry »

September 23rd, 2009

Hijacking Windows System Restore for cybercrime profits

Posted by Ryan Naraine @ 9:30 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Locally Running Web Servers, Malware, Passwords, Patch Watch, Phishing, Responsible disclosure, Rootkits

Tags: Technique, System Restore, Malware, Online Game, Dogrobot, Spyware, Adware & Malware, Cyberthreats, Productivity, Rootkits, Games

GENEVA — Cyber crime gangs in China are penetrating the hard disk recovery cards on computers in Internet cafes and using a combination of zero-day flaws, rootkits and ARP spoofing techniques to steal billions of dollars worth of online gaming credentials.

According to Microsoft anti-virus researcher Chun Feng (left), five generations of the Win32/Dogrobot malware family have perfected the novel rootkit technique to hijack System Restore on Windows — effectively allowing the malicious file to survive even after the compromised machine is reverted to its previous clean state. Read the rest of this entry »

September 23rd, 2009

Modern banker malware undermines two-factor authentication

Posted by Dancho Danchev @ 8:43 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Hackers, Malware, Passwords, Rootkits, Spyware and Adware

Tags: Two-factor Authentication, Antivirus, Malware, SMS, Banker Malware, Text Messaging/SMS/MMS, Financial Services, Viruses And Worms, Security, Dancho Danchev

Once pitched as an additional layer of security for E-banking transactions, two-factor authentication is slowly becoming an easy to bypass authentication process, to which cybercriminals have successfully adapted throughout the last couple of years.

Modern banker malware, also known as crimeware, is now fully capable of bypassing the two-factor authentication obstacle by doing a simple thing - patiently waiting for the crimeware-infected victim to authenticate himself in order to abuse the access in real-time.

A recently published article at MIT’s Technology Review, details a case where cybercriminals managed to steal $447K despite that two-factor authentication was in place:

Read the rest of this entry »

September 23rd, 2009

From Gimmiv to Conficker: The lucrative MS08-067 flaw

Posted by Ryan Naraine @ 6:23 am

Categories: Adobe, Anti Virus, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Flash, Malware, Punditocracy, Responsible disclosure, Rootkits, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Flaw, Malware, Conficker, MS08-067, Malware Family, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Ryan Naraine

GENEVA — The critical MS08-067 vulnerability used by the Conficker worm to build a powerful botnet continues to be a lucrative security hole for cyber criminals.

During a presentation at the Virus Bulletin 2009 conference here, a trio of Microsoft researchers dissected the malware attacks linked to MS08-067 and found that criminal gangs are still exploiting the flaw to plant data-theft Trojans on vulnerable Windows machines. Read the rest of this entry »