February 9th, 2010

Reports: SQL injection attacks and malware led to most data breaches

Posted by Dancho Danchev @ 5:27 pm

Categories: Anti Virus, Botnets, Browsers, Data theft, Hackers, Malware, PCI, Passwords, Pen testing

Tags: Malware, SQL Injection, Data Breach, Spyware, Adware & Malware, Security, Databases, Dancho Danchev

With millions of personal records and payment card information stolen on a regular basis, several recently released reports independently confirm some of the main sources of breaches. Not surprisingly, that’s not zero day flaws, not even insiders, but good old fashioned SQL injections next to malware infections.

With companies investing more resources into ensuring their networks and employees are protected against the very latest threats, some are clearly overlooking the most basic threats, usually requiring simple or average attack sophistication on behalf of the cybercriminal.

Let’s review the reports detailing the true impact of SQL injections and malware in the context of data breaches.

Read the rest of this entry »

February 9th, 2010

Patch Tuesday: Microsoft plugs critical Windows worm holes

Posted by Ryan Naraine @ 11:29 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Microsoft, Passwords, Patch Watch, Viruses and Worms, Vulnerability research, Web 2.0

Tags: Denial Of Service, Attacker, Vulnerability, Victim, Exploit Code, Microsoft PowerPoint, Microsoft Corp., Small And Medium Business, Attack, CVE-2010-0242

Microsoft today released 13 security bulletins with fixes for 26 vulnerabilities affecting Windows and Office users and warned customers to pay special attention to a slew of flaws that can be trivially exploited by malware miscreants.

The company urged customers to prioritize and deploy four updates because of the “critical” severity rating and the fact that “consistent exploit code” is likely within the next 30 days.

Read the rest of this entry »

January 27th, 2010

Report: 48% of 22 million scanned computers infected with malware

Posted by Dancho Danchev @ 2:42 pm

Categories: Anti Virus, Botnets, Browsers, Data theft, Hackers, Malware, Passwords, Rootkits, Spyware and Adware, Viruses and Worms

Tags: Bank, Fraudster, Malware, Authentication, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

The recently released APWG Phishing Activity Trends Report for Q3 of 2009, details record highs in multiple phishing vectors, but also offers an interesting observation on desktop crimeware infections.

According to the report, the overall number of infected computers (page 10) used in the sample decreased compared to previous quarters, however, 48.35% of the 22,754,847 scanned computers remain infected with malware.

And despite that the crimeware/banking trojans infections slightly decreased from Q2, over a million and a half computers were infected.

More details:

Read the rest of this entry »

January 22nd, 2010

Tor Project suffers hack attack

Posted by Ryan Naraine @ 12:36 pm

Categories: Arbitrary Code Execution, Botnets, Data theft, Exploit code, Open source, Patch Watch, Responsible disclosure, Vulnerability research, Zero-day attacks

Tags: Bandwidth, Attacker, Attack, Dingledine, Security, Servers, Hardware, Ryan Naraine

The Tor Project, a service that provides privacy and anonymity to Web users, said hackers broke into two of its servers and used the CPU and bandwidth to launch additional attacks.

Tor project lead Roger Dingledine confirmed the hack in an e-mail that urged users to immediately upgrade to get fresh identity keys for the two compromised directory authorities.

Read the rest of this entry »

January 19th, 2010

Google-China cyber espionage saga - FAQ

Posted by Dancho Danchev @ 8:30 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Google, Governments, Hackers, Malware, Microsoft, Passwords, People's Republic of China, Phishing, Viruses and Worms, Zero-day attacks

Tags: China, Google Inc., Malware, Cyberattack, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

With more details emerging on the inner workings of the targeted malware attack that hit Google and over 30 other companies (ZDNet News Special Coverage - Special Report: Google, China showdown), it’s time to summarize all the events that took place during the past week, and answer some of the most frequently asked questions such as - How did the attack take place? Did Google strike back at the attackers? Was the Chinese government behind the attacks, and if not who orchestrated them and for what reason?

Go through the FAQ and their answers.

Read the rest of this entry »

January 15th, 2010

Microsoft says Google was hacked with IE zero-day

Posted by Ryan Naraine @ 8:46 am

Categories: Adobe, Anti Virus, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Governments, Malware, Microsoft, Patch Watch, People's Republic of China, Responsible disclosure, Vulnerability research, Yahoo!, Zero-day attacks

Tags: Google Inc., Web, Attacker, Vulnerability, Microsoft Internet Explorer 6, Microsoft Internet Explorer, Microsoft Corp., Web Site, Attack, Web Browsers

Hackers linked to China used a zero-day vulnerability in Microsoft’s Internet Explorer browser to compromise corporate systems at more than 30 U.S. companies, including Google, Adobe and Juniper Networks.

According to Microsoft, the vulnerability is still unpatched and can lead to remote code execution attacks if a target is lured to a booby-trapped Web site or views a malicious online advertisement. Read the rest of this entry »

December 16th, 2009

FBI: Scareware distributors stole $150M

Posted by Dancho Danchev @ 9:18 am

Categories: Anti Virus, Botnets, Browsers, Malware, Passwords, Privacy, Web 2.0

Tags: Software, FBI, Business Model, Fraud Tactic, Strategy, Federal Government, Management, Government, Dancho Danchev

Just how much money did scareware scammers steal from Internet users so far?

According to an intelligence note posted by the Internet Crime Complaint Center (IC3), the FBI is aware of an estimated loss to victims in excess of $150 million. The number should be considered as a rough estimate of a much worse situation, with over 40 million people observed internationally, falling victim to rogue antivirus scams in one year.

What is the IC3 emphasizing on in its intelligence note? The use of “least privilege” accounts as a preventative measure (sandboxing is an alternative).

Read the rest of this entry »

December 15th, 2009

Report: Google's reCAPTCHA flawed

Posted by Dancho Danchev @ 1:12 pm

Categories: Botnets, Browsers, Facebook, Google, Hackers, Malware, Research, Social Networking Applications, Web 2.0

Tags: CAPTCHA, Google Inc., reCAPTCHA, Dancho Danchev

UPDATED: According to a Google representative from the Google Global Communications & Public Affairs who contacted me - “While the report is newly released, its substance is not current and seems to include some misunderstandings of the reCAPTCHA technology according to some of our engineers. Therefore, the so-called flaws described in the report, are not related to the reCAPTCHA that people use today.”

In a newly released report, security researcher claims that Google’s reCAPTCHA, one of the most widely adopted free CAPTCHA services, contains weaknesses that would allow a 10,000 infected hosts botnet the ability to achieve 10 recognition successes every second, allowing it to register 864,000 new accounts per day.

In response, a Google spokesman stated that the report relies on data collected in early 2008, and doesn’t take into consideration the effectiveness of the current technology used against machine solvers.

More from the report:

Read the rest of this entry »

December 9th, 2009

Zeus crimeware using Amazon's EC2 as command and control server

Posted by Dancho Danchev @ 8:13 am

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Privacy, Social Networking Applications, Web 2.0

Tags: Amazon.com Inc., Social Networking, Cloud Computing, Network Technology, Security, Networking, Dancho Danchev

UPDATED: ScanSafe posted an update stating that “In the past three years, ScanSafe has recorded 80 unique malware incidents involving amazonaws, 45 of which were in 2009, 13 in 2008, and 22 in 2007.”

Security researchers have intercepted a new variant of the Zeus crimeware, which is using Amazon’s EC2 services for command and control purposes of the botnet. The cybercriminals appear to be using Amazon’s RDS managed database hosting service as a backend alternative in case they loose access to the original domain, which would result in the complete loss of access to the compromised financial data obtained from the infected hosts.

Would 2010 be the year when crimeware will dive deep into the cloud, in an attempt to undermine the security industry’s take down operations? With the clear migration towards the abuse of legitimate infrastructure we’ve observed throughout the entire 2009, this may well be the case.

Read the rest of this entry »

December 4th, 2009

How many people fall victim to phishing attacks?

Posted by Dancho Danchev @ 3:43 pm

Categories: Botnets, Browsers, Data theft, Malware, Passwords, Phishing, Research, Spam and Phishing

Tags: Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

According to a recently released report, based on a sample of 3 million users collected over a period of 3 months, approximately 45% of the time, users submitted their login information to the phishing site they visited.

The study, exclusively monitored users who successfully reached a live phishing site that was not blocked by their browser’s built-in anti-phishing protection or filtered as fraudulent one (Phishing experiment sneaks through all anti-spam filters), and found out that on average, 12.5 out of one million customers sampled for a particular bank, visited the phishing site.

Here are some of the key findings from the report:

Read the rest of this entry »