February 9th, 2010

Reports: SQL injection attacks and malware led to most data breaches

Posted by Dancho Danchev @ 5:27 pm

Categories: Anti Virus, Botnets, Browsers, Data theft, Hackers, Malware, PCI, Passwords, Pen testing

Tags: Malware, SQL Injection, Data Breach, Spyware, Adware & Malware, Security, Databases, Dancho Danchev

With millions of personal records and payment card information stolen on a regular basis, several recently released reports independently confirm some of the main sources of breaches. Not surprisingly, that’s not zero day flaws, not even insiders, but good old fashioned SQL injections next to malware infections.

With companies investing more resources into ensuring their networks and employees are protected against the very latest threats, some are clearly overlooking the most basic threats, usually requiring simple or average attack sophistication on behalf of the cybercriminal.

Let’s review the reports detailing the true impact of SQL injections and malware in the context of data breaches.

Read the rest of this entry »

February 4th, 2010

Does Blippy really pose a security risk?

Posted by Dancho Danchev @ 4:11 pm

Categories: Browsers, Hackers, Malware, Passwords, Phishing, Privacy, Social Networking Applications, Spam and Phishing, Web 2.0

Tags: Fraudster, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

Researchers from Cyveillance are calling the recently launched “Twitter of personal finance” service - Blippy, a “spear phisher’s dream” due to the massive amounts of real-time purchasing history shared by its users.

With fraudsters actively crawling Web 2.0 services (Spammers harvesting emails from Twitter - in real time) for data to be later on integrated in targeted attacks, the detailed and publicly obtainable financial data on Blippy can come handy if they manage to solve a simple problem - obtaining the emails of Blippy users.

Here’s are some sample scenarios that cybercriminals can easily take advantage of.

Read the rest of this entry »

January 27th, 2010

Report: 48% of 22 million scanned computers infected with malware

Posted by Dancho Danchev @ 2:42 pm

Categories: Anti Virus, Botnets, Browsers, Data theft, Hackers, Malware, Passwords, Rootkits, Spyware and Adware, Viruses and Worms

Tags: Bank, Fraudster, Malware, Authentication, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

The recently released APWG Phishing Activity Trends Report for Q3 of 2009, details record highs in multiple phishing vectors, but also offers an interesting observation on desktop crimeware infections.

According to the report, the overall number of infected computers (page 10) used in the sample decreased compared to previous quarters, however, 48.35% of the 22,754,847 scanned computers remain infected with malware.

And despite that the crimeware/banking trojans infections slightly decreased from Q2, over a million and a half computers were infected.

More details:

Read the rest of this entry »

January 25th, 2010

Bogus IQ test with destructive payload in the wild

Posted by Dancho Danchev @ 1:53 pm

Categories: Anti Virus, Browsers, Hackers, Malware, Microsoft, Windows Vista

Tags: Malware, Cyberthreats, Spyware, Adware & Malware, Viruses And Worms, Security, Dancho Danchev

Researchers from ESET and BitDefender have intercepted two destructive malware variants (Win32/Zimuse.A, Win32/Zimuse.B/zipsetup.exe), posing as an IQ test, and currently spreading in the wild.

Upon execution, the malware will attempt to spread through removable media using a time-based logic bomb, and overwrite the MBR (Master Boot Record) of all available drives after 40 days for variant A, and 20 days for variant B, making the host’s data inaccessible.

More info on the malware:

Read the rest of this entry »

January 22nd, 2010

RealPlayer haunted by 11 critical vulnerabilities

Posted by Ryan Naraine @ 10:41 am

Categories: Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Digital rights management, Exploit code, Hackers, Malware, Patch Watch, Spyware and Adware, Viruses and Worms

Tags: Critical Vulnerability, Code, Buffer-overflow, RealNetworks RealPlayer, Error, Interactive Voice Response (IVR), Digital Music, Digital Media, Viruses And Worms, Security

A quick heads-up to any computer users out with RealPlayer installed:  There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.

RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.

Read the rest of this entry »

January 21st, 2010

And the most popular password is...

Posted by Dancho Danchev @ 5:14 pm

Categories: Browsers, Data theft, Hackers, Passwords, Privacy, Research, Web 2.0

Tags: Security, Hacking, Password, Dancho Danchev

It is “123456,” based on the analysis of 32 million breached passwords, obtained from last month’s RockYou.com server breach, from which researchers from Imperva were able to analyze the insecure practices used by millions of users when choosing their passwords.

What did their analysis conclude? Short passwords, lack of lower-capital-numeric characters mix, and trivial dictionary words, which every decent brute forcing/password recovery application can find out in a matter of minutes.

Key findings include:

Read the rest of this entry »

January 19th, 2010

Google-China cyber espionage saga - FAQ

Posted by Dancho Danchev @ 8:30 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Google, Governments, Hackers, Malware, Microsoft, Passwords, People's Republic of China, Phishing, Viruses and Worms, Zero-day attacks

Tags: China, Google Inc., Malware, Cyberattack, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

With more details emerging on the inner workings of the targeted malware attack that hit Google and over 30 other companies (ZDNet News Special Coverage - Special Report: Google, China showdown), it’s time to summarize all the events that took place during the past week, and answer some of the most frequently asked questions such as - How did the attack take place? Did Google strike back at the attackers? Was the Chinese government behind the attacks, and if not who orchestrated them and for what reason?

Go through the FAQ and their answers.

Read the rest of this entry »

January 19th, 2010

Microsoft readies emergency IE patch to counter public exploits

Posted by Ryan Naraine @ 5:26 am

Categories: Adobe, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Governments, Hackers, Malware, Microsoft, Patch Watch, People's Republic of China, Responsible disclosure, Spyware and Adware, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Vulnerability, Microsoft Internet Explorer 6, Exploit Code, Microsoft Internet Explorer, Microsoft Corp., Exploit, Data Execution Prevention, Attack, Web Browsers, Security

UPDATE: Here is the official confirmation from Microsoft that an out-of-band patch is coming.  No official date yet.

Microsoft has started dropping broad hints that an emergency patch for Internet Explorer will be released very soon to counter targeted attacks and the publication of exploit code for a “browse and you’re owned” vulnerability in its flagship Web browser.

The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows.  This could happen as early as this weekend. Read the rest of this entry »

January 14th, 2010

Haiti earthquake themed blackhat SEO campaigns serving scareware

Posted by Dancho Danchev @ 3:53 pm

Categories: Anti Virus, Browsers, Data theft, Hackers, Malware, Passwords, Web 2.0

Tags: Search Engine Optimization, Search, Marketing Research, Marketing, Dancho Danchev

Cybercriminals quickly mobilized following the news of a massive earthquake that hit Haiti on Tuesday, by introducing several hundred compromised domains embedded with bogus blackhat seo (search engine optimization) content related to Red Cross donations and general Haiti earthquake relief information.

The sites are already appearing within the first 10 search results on Google, and upon clicking on them the user is redirected to one of the most profitable monetization tactic (FBI: Scareware distributors stole $150M) that scammers use these days - scareware also known as rogueware.

Naturally, the blackhat SEO campaigns are only the tip of the iceberg. Here’s what else to look for, and how to make sure you’re donating money to the right organization.

Read the rest of this entry »

January 13th, 2010

Adobe plugs PDF zero-day flaw in latest security makeover

Posted by Ryan Naraine @ 8:06 am

Categories: Adobe, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Flash, Hackers, Locally Running Web Servers, Malware, Patch Watch, Reverse Engineering, Viruses and Worms, Zero-day attacks

Tags: Adobe Systems Inc., Adobe PDF, Adobe Acrobat, Vulnerability, Update, Adobe Acrobat Reader, Zero-day Bug, Enhanced Security, Security, Ryan Naraine

Adobe has released a mega-update for its Reader and Acrobat software products to fix a total of eight documented security vulnerabilities.

The update comes with significant security improvements, including the on-by-default addition “Enhanced Security,” a feature that provides a set of default restrictions and a method to define trusted locations that should not be subject to those restrictions.
Read the rest of this entry »