November 19th, 2009

Inside the Google Chrome OS security model

Posted by Ryan Naraine @ 11:54 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Hackers, Microsoft, Open source, Passwords, Patch Watch, Responsible disclosure, Viruses and Worms, Vulnerability research, iPhone

Tags: Google Inc., Operating System, Web Browser, Google Chrome, Attack, End Goal, Web Browsers, Operating Systems, Security, Internet

Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS. Read the rest of this entry »

November 10th, 2009

Source code for ikee iPhone worm in the wild

Posted by Dancho Danchev @ 7:31 am

Categories: Apple, Botnets, Hackers, Malware, Viruses and Worms, iPhone

Tags: Apple iPhone, Worm, Cyberthreats, Smart Phones, Viruses And Worms, Security, Consumer Electronics, Personal Technology, Dancho Danchev

Following last week’s systematic exploitation of jailbroken iPhones in the Netherlands through a technique originally discussed in 2008, a 21 years old opportunist has recently launched the first iPhone worm, this time targeting customers of Australian mobile carriers.

Upon successful exploitation of devices running SSH with default passwords, the worm would announce its presence by changing the wallpaper to a new one featuring pop-star Rick Astley.

Despite the author’s intention to raise awareness on the issue, the originally released as “closed source” code for the “awareness-building worm” has now leaked in the wild, with several modifications already capable of stealing a compromised iPhone’s contacts and SMS messages.

Read the rest of this entry »

November 5th, 2009

Windows 7's default UAC bypassed by 8 out of 10 malware samples

Posted by Dancho Danchev @ 1:33 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Microsoft, Rootkits, Spyware and Adware, Viruses and Worms

Tags: User Account Control, Security, Malware, Microsoft Windows 7, Microsoft Windows, Operating Systems, Software, Dancho Danchev

A recently conducted test by malware researchers reveals that eight out of ten malware samples used in the test, successfully bypassed Windows 7’s default UAC (user access control) settings. The findings were also confirmed by a separate test done by another company, with an emphasis on how one of the most popular scareware variants bypassed Windows 7’s default UAC’s settings as well.

Read the rest of this entry »

November 5th, 2009

Which antivirus is best at removing malware?

Posted by Dancho Danchev @ 12:14 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Rootkits, Spyware and Adware, Viruses and Worms

Tags: Antivirus, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Detecting the presence of malicious code is one thing, successfully eradicating it is entirely another.

According to AV-Comparatives.org’s recently released malware removal test evaluating the effectiveness of sixteen antivirus solutions, only a few were able to meet their criteria of not only removing the FakeAV, Vundo, Rustock and ZBot(Zeus) samples they were tested against, but also getting rid of the potentially dangerous “leftovers” from the infection.

More info on the tested antivirus solutions , and how they scored:

Read the rest of this entry »

November 3rd, 2009

Adobe Shockwave haunted by critical security holes

Posted by Ryan Naraine @ 12:12 pm

Categories: Adobe, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Flash, Malware, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Viruses and Worms, Vulnerability research

Tags: Adobe Systems Inc., Shockwave, Vulnerability, Shockwave Player, Security, Ryan Naraine

Adobe today released a patch to fix several serious security flaws in its Shockwave Player software.

The update, which is rated “critical,” addresses a total of five documented vulnerabilities.  The most serious flaw could allow remote code execution attacks against Windows and Mac users. Read the rest of this entry »

October 29th, 2009

Spooky Halloween - scareware or crimeware?

Posted by Dancho Danchev @ 11:47 am

Categories: Anti Virus, Botnets, Hackers, Malware, Passwords, Spam and Phishing, Spyware and Adware, Uncategorized, Viruses and Worms

Tags: Campaign, Cybercriminal, Search, Marketing Research, Strategy, Security, Marketing, Management, Dancho Danchev

With all the “spooky” cybercrime trends taking place on a monthly basis, such as the death of CAPTCHA, the suspicious idleness of the Conficker botnet, the clear presence of government-tolerated and upcoming government-sponsored botnets, the inevitable migration from using malicious infrastructure to entirely relying on legitimate one, followed by the cyber terrorism myopia that cyber terrorists still need years to build advanced cyber warfare capabilities, totally excluding outsourcing as a factor for gaining competitive advantage from the big picture, I’m literally having hard time deciding which one deserves most attention.

Whatever the cybercrime tactics, the main objective for the key ‘market players’ remains the same - monetization. Which prompts this year’s Halloween question - scareware (trick) or crimeware (treat)?

Read the rest of this entry »

October 27th, 2009

New LoroBot ransomware encrypts files, demands $100 for decryption

Posted by Dancho Danchev @ 4:52 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Spyware and Adware, Viruses and Worms

Tags: Decryption, SMS, Text Messaging/SMS/MMS, Telephony, Online Communications, Networking, Dancho Danchev

Researchers from CA have intercepted a new ransomware variant encrypting popular file extensions (.zip; .rar; .pdf; .rtf; .txt; .jpg; .jpeg; .waw; .mp3; .db; .xls; .docx; .xlsx; .doc) and demanding a $100 for the decryption software.

According to the message which replaces the desktop’s background upon execution, the files are encrypted with 256-bit AES encryption, and that “there’s a 0% chance that you will be able to manually decrypt the files without the encryption key“. However, this particular cybercriminal appears to be bluffing since the ransomware encrypts the data using the XOR cipher.

Read the rest of this entry »

October 27th, 2009

Facebook password-reset spam is Bredolab botnet attack

Posted by Ryan Naraine @ 8:27 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Facebook, Locally Running Web Servers, Malware, Microsoft, Passwords, Phishing, Social Networking Applications, Spam and Phishing, Spyware and Adware, Viruses and Worms

Tags: Facebook, Spam, Attack, Virus Hunter, Cyberthreats, E-mail, Identity Theft, Security, Viruses And Worms, Online Communications

Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware.

The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-theft related attacks. Read the rest of this entry »

October 14th, 2009

Does software piracy lead to higher malware infection rates?

Posted by Dancho Danchev @ 4:20 pm

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Exploit code, Flash, Hackers, Java, Malware, Microsoft, Patch Watch, Pen testing, Viruses and Worms

Tags: Software Piracy, Malware, Spyware, Adware & Malware, Microsoft Windows, Viruses And Worms, Security, Operating Systems, Dancho Danchev

Yes it does, at least according to a recently released report by the Business Software Alliance (BSA) which basically correlates data on the known piracy rates for particular countries and their malware infection rates, using public sources.

The rationale behind their claims is fairly simple - users relying on pirated copies of software also do not have access to the latest, often critical from a security perspective, updates issued by the vendors, and are therefore susceptible to client-side vulnerabilities.

How biased are BSA’s claims, or are the report’s claims in fact real, emphasizing on how millions of users relying on pirated Windows copies are usually the first to become part of a botnet?

Read the rest of this entry »

October 9th, 2009

New Adobe PDF flaw under attack; Patch coming Tuesday

Posted by Ryan Naraine @ 8:03 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Hackers, Malware, Patch Watch, Pen testing, Research, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Adobe Systems Inc., Adobe PDF, Adobe Acrobat, Flaw, Adobe Acrobat Reader, Attack, Microsoft Windows, Security, Viruses And Worms, Operating Systems

Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers.

The vulnerability affects Adobe Reader and Acrobat 9.1.3 and earlier versions on Windows, Macintosh and UNIX.  Adobe described the in-the wild attacks as limited and targeted, suggesting PDF documents rigged with exploits are being attached to e-mails and sent to business targets.

Read the rest of this entry »