November 17th, 2009

Thousands of web sites compromised, redirect to scareware

Posted by Dancho Danchev @ 12:12 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Web 2.0

Tags: Search Engine Optimization, Web Application, Web Site, Attack Vector, Google Search, Search, Security, Dancho Danchev

Updated: Thursday, November 19 - According to eSoft who contacted me, they’ve been monitoring the campaign since September, with another 720,000 affected sites back then.

There are now over a million affected sites serving scareware, with only a small percentage of them currently marked as harmful. Google has been notified. As always, NoScript and your decent situational awareness are your best friends.

Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware.

More details on the campaign:

Read the rest of this entry »

November 12th, 2009

Microsoft bracing for malware attacks from embedded fonts

Posted by Ryan Naraine @ 11:16 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Denial of Service (DoS), Exploit code, Metasploit, Microsoft, Passwords, Patch Watch, Responsible disclosure, Spam and Phishing, Spyware and Adware

Tags: Malware, Microsoft Internet Explorer, Microsoft Corp., Attack Vector, Font, Attack, Metasploit, Microsoft Windows, Security, Operating Systems

Heads up to all Microsoft Windows users: If you’re running Windows 2000, Windows XP or Windows Server 2003, stop what you’re doing and immediately download and apply the MS09-065 update released earlier this week.

Security researchers say it’s only a matter of time — days not weeks — before malicious hackers start exploiting one of the vulnerabilities via booby-trapped Web pages or Office (Word or PowerPoint) documents.

Read the rest of this entry »

November 10th, 2009

Source code for ikee iPhone worm in the wild

Posted by Dancho Danchev @ 7:31 am

Categories: Apple, Botnets, Hackers, Malware, Viruses and Worms, iPhone

Tags: Apple iPhone, Worm, Cyberthreats, Smart Phones, Viruses And Worms, Security, Consumer Electronics, Personal Technology, Dancho Danchev

Following last week’s systematic exploitation of jailbroken iPhones in the Netherlands through a technique originally discussed in 2008, a 21 years old opportunist has recently launched the first iPhone worm, this time targeting customers of Australian mobile carriers.

Upon successful exploitation of devices running SSH with default passwords, the worm would announce its presence by changing the wallpaper to a new one featuring pop-star Rick Astley.

Despite the author’s intention to raise awareness on the issue, the originally released as “closed source” code for the “awareness-building worm” has now leaked in the wild, with several modifications already capable of stealing a compromised iPhone’s contacts and SMS messages.

Read the rest of this entry »

November 9th, 2009

Mac OS X mega patch covers 58 security vulnerabilities

Posted by Ryan Naraine @ 2:17 pm

Categories: Adobe, Apple, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Open source, Passwords, Patch Watch

Tags: Security, Apple Macintosh, Apple Mac OS X V10.6 Snow Leopard, Update, Mac OS X Server, Server, Issue, Arbitrary Code Execution, Impact, Adaptive Firewall Description

Apple has dropped another mega-patch to cover a total of 58 documented vulnerabilities affecting the Mac OS X ecosystem.

The majority of the flaws could allow a remote attacker to gain complete control of an unpatched system, meaning that this update carries an “extremely critical rating.” Read the rest of this entry »

November 9th, 2009

CBS 60 Minutes tackles cyber-terrorism

Posted by Ryan Naraine @ 7:07 am

Categories: Arbitrary Code Execution, Black Hat, Botnets, Browsers, Data theft, Exploit code, Governments, Hackers, Malware, People's Republic of China, Russia, United States of America

Tags: Cyberterrorism, CBS Corp., Hacking, Security, Ryan Naraine

Could hackers get into the computer systems that run crucial elements of the world’s infrastructure, such as the power grids, water works or even a nation’s military arsenal?  Watch the CBS News 60 Minutes segment after the jump. Read the rest of this entry »

November 5th, 2009

Windows 7's default UAC bypassed by 8 out of 10 malware samples

Posted by Dancho Danchev @ 1:33 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Microsoft, Rootkits, Spyware and Adware, Viruses and Worms

Tags: User Account Control, Security, Malware, Microsoft Windows 7, Microsoft Windows, Operating Systems, Software, Dancho Danchev

A recently conducted test by malware researchers reveals that eight out of ten malware samples used in the test, successfully bypassed Windows 7’s default UAC (user access control) settings. The findings were also confirmed by a separate test done by another company, with an emphasis on how one of the most popular scareware variants bypassed Windows 7’s default UAC’s settings as well.

Read the rest of this entry »

November 5th, 2009

Which antivirus is best at removing malware?

Posted by Dancho Danchev @ 12:14 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Rootkits, Spyware and Adware, Viruses and Worms

Tags: Antivirus, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Detecting the presence of malicious code is one thing, successfully eradicating it is entirely another.

According to AV-Comparatives.org’s recently released malware removal test evaluating the effectiveness of sixteen antivirus solutions, only a few were able to meet their criteria of not only removing the FakeAV, Vundo, Rustock and ZBot(Zeus) samples they were tested against, but also getting rid of the potentially dangerous “leftovers” from the infection.

More info on the tested antivirus solutions , and how they scored:

Read the rest of this entry »

November 3rd, 2009

iHacked: jailbroken iPhones compromised, $5 ransom demanded

Posted by Dancho Danchev @ 6:09 am

Categories: Apple, Botnets, Browsers, Complex Attacks, Hackers, Malware, Passwords, iPhone

Tags: Apple iPhone, SSH, Smart Phones, Consumer Electronics, Personal Technology, Security, Dancho Danchev

Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup.

Through a combination of port scanning and OS fingerprinting of T-Mobile’s 3G IP range, a Dutch teenager has for the first time automatically exploited a known security vulnerability introduced on jailbroken iPhones - the SSH daemon which unless modified remains running with default users root and mobile, using the same password on each and every device.

Here’s what he demanded, and how he changed his attitude following the suspension of his PayPal and the spamvertised URL:

Read the rest of this entry »

October 29th, 2009

Phishing experiment sneaks through all anti-spam filters

Posted by Dancho Danchev @ 2:16 pm

Categories: Botnets, Browsers, Hackers, Phishing, Spam and Phishing

Tags: Anti-spam, LinkedIn, E-mail, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

A recently conducted ethical phishing (New study details the dynamics of successful phishing) experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success rate in bypassing the anti-spam filters it was tested against.

The experiment emphasizes on how small-scale spear phishing campaigns are capable of bypassing anti-spam filters, and once again proves that users continue interacting with phishing emails.

More info on the methodology used:

Read the rest of this entry »

October 29th, 2009

Spooky Halloween - scareware or crimeware?

Posted by Dancho Danchev @ 11:47 am

Categories: Anti Virus, Botnets, Hackers, Malware, Passwords, Spam and Phishing, Spyware and Adware, Uncategorized, Viruses and Worms

Tags: Campaign, Cybercriminal, Search, Marketing Research, Strategy, Security, Marketing, Management, Dancho Danchev

With all the “spooky” cybercrime trends taking place on a monthly basis, such as the death of CAPTCHA, the suspicious idleness of the Conficker botnet, the clear presence of government-tolerated and upcoming government-sponsored botnets, the inevitable migration from using malicious infrastructure to entirely relying on legitimate one, followed by the cyber terrorism myopia that cyber terrorists still need years to build advanced cyber warfare capabilities, totally excluding outsourcing as a factor for gaining competitive advantage from the big picture, I’m literally having hard time deciding which one deserves most attention.

Whatever the cybercrime tactics, the main objective for the key ‘market players’ remains the same - monetization. Which prompts this year’s Halloween question - scareware (trick) or crimeware (treat)?

Read the rest of this entry »