November 19th, 2009

Inside the Google Chrome OS security model

Posted by Ryan Naraine @ 11:54 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Hackers, Microsoft, Open source, Passwords, Patch Watch, Responsible disclosure, Viruses and Worms, Vulnerability research, iPhone

Tags: Google Inc., Operating System, Web Browser, Google Chrome, Attack, End Goal, Web Browsers, Operating Systems, Security, Internet

Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS. Read the rest of this entry »

November 17th, 2009

Thousands of web sites compromised, redirect to scareware

Posted by Dancho Danchev @ 12:12 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Web 2.0

Tags: Search Engine Optimization, Web Application, Web Site, Attack Vector, Google Search, Search, Security, Dancho Danchev

Updated: Thursday, November 19 - According to eSoft who contacted me, they’ve been monitoring the campaign since September, with another 720,000 affected sites back then.

There are now over a million affected sites serving scareware, with only a small percentage of them currently marked as harmful. Google has been notified. As always, NoScript and your decent situational awareness are your best friends.

Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware.

More details on the campaign:

Read the rest of this entry »

November 13th, 2009

Man-in-the-middle attacks demoed on 4 smartphones

Posted by Dancho Danchev @ 3:22 pm

Categories: Browsers, Complex Attacks, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Research, Wi-Fi security

Tags: Network, Wi-Fi Network, Smart Phone, SSL, Attack, Wireless LANs, Wi-Fi, Wireless And Mobility, Security, Dancho Danchev

Security researchers from SMobile Systems have released a paper detailing successful man-in-the-middle attacks against several smartphones.

The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere.

Here’s the scenario they used, and possible mitigation approaches:

Read the rest of this entry »

November 10th, 2009

Commercial spying app for Android devices released

Posted by Dancho Danchev @ 2:07 pm

Categories: Anti Virus, Browsers, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Spyware and Adware

Tags: Mobile, Malware, Mobile Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

A well known commercial provider of spyware applications for numerous mobile platforms, has recently ported its Mobile Spy app to the Android mobile OS.

Just like previous releases of the application, the Android version keeps a detailed log of GPS locations, calls, visited URLs, and incoming/outgoing SMS messages, available at the disposal of the attacker who installed it manually by obtaining physical access to the targeted device.

More details:

Read the rest of this entry »

November 10th, 2009

Source code for ikee iPhone worm in the wild

Posted by Dancho Danchev @ 7:31 am

Categories: Apple, Botnets, Hackers, Malware, Viruses and Worms, iPhone

Tags: Apple iPhone, Worm, Cyberthreats, Smart Phones, Viruses And Worms, Security, Consumer Electronics, Personal Technology, Dancho Danchev

Following last week’s systematic exploitation of jailbroken iPhones in the Netherlands through a technique originally discussed in 2008, a 21 years old opportunist has recently launched the first iPhone worm, this time targeting customers of Australian mobile carriers.

Upon successful exploitation of devices running SSH with default passwords, the worm would announce its presence by changing the wallpaper to a new one featuring pop-star Rick Astley.

Despite the author’s intention to raise awareness on the issue, the originally released as “closed source” code for the “awareness-building worm” has now leaked in the wild, with several modifications already capable of stealing a compromised iPhone’s contacts and SMS messages.

Read the rest of this entry »

November 9th, 2009

CBS 60 Minutes tackles cyber-terrorism

Posted by Ryan Naraine @ 7:07 am

Categories: Arbitrary Code Execution, Black Hat, Botnets, Browsers, Data theft, Exploit code, Governments, Hackers, Malware, People's Republic of China, Russia, United States of America

Tags: Cyberterrorism, CBS Corp., Hacking, Security, Ryan Naraine

Could hackers get into the computer systems that run crucial elements of the world’s infrastructure, such as the power grids, water works or even a nation’s military arsenal?  Watch the CBS News 60 Minutes segment after the jump. Read the rest of this entry »

November 5th, 2009

Windows 7's default UAC bypassed by 8 out of 10 malware samples

Posted by Dancho Danchev @ 1:33 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Microsoft, Rootkits, Spyware and Adware, Viruses and Worms

Tags: User Account Control, Security, Malware, Microsoft Windows 7, Microsoft Windows, Operating Systems, Software, Dancho Danchev

A recently conducted test by malware researchers reveals that eight out of ten malware samples used in the test, successfully bypassed Windows 7’s default UAC (user access control) settings. The findings were also confirmed by a separate test done by another company, with an emphasis on how one of the most popular scareware variants bypassed Windows 7’s default UAC’s settings as well.

Read the rest of this entry »

November 5th, 2009

Patch Tuesday heads-up: Critical MS Office patches coming

Posted by Ryan Naraine @ 1:11 pm

Categories: Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Hackers, Microsoft, Passwords, Patch Watch, Responsible disclosure

Tags: Patch Management, Microsoft Corp., Microsoft Windows, Microsoft Office, Operating Systems, Software, Office Suites, Ryan Naraine

Microsoft plans to release six security bulletins next Tuesday November 10 to fix at least 15 serious vulnerabilities that could expose Windows users to malicious hacker attacks.

According to Microsoft’s advance notice for this month’s Patch Tuesday, the updates will address gaping holes in the Windows operating system and the Microsoft Office productivity suite. Read the rest of this entry »

November 5th, 2009

Which antivirus is best at removing malware?

Posted by Dancho Danchev @ 12:14 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Rootkits, Spyware and Adware, Viruses and Worms

Tags: Antivirus, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Detecting the presence of malicious code is one thing, successfully eradicating it is entirely another.

According to AV-Comparatives.org’s recently released malware removal test evaluating the effectiveness of sixteen antivirus solutions, only a few were able to meet their criteria of not only removing the FakeAV, Vundo, Rustock and ZBot(Zeus) samples they were tested against, but also getting rid of the potentially dangerous “leftovers” from the infection.

More info on the tested antivirus solutions , and how they scored:

Read the rest of this entry »

November 3rd, 2009

iHacked: jailbroken iPhones compromised, $5 ransom demanded

Posted by Dancho Danchev @ 6:09 am

Categories: Apple, Botnets, Browsers, Complex Attacks, Hackers, Malware, Passwords, iPhone

Tags: Apple iPhone, SSH, Smart Phones, Consumer Electronics, Personal Technology, Security, Dancho Danchev

Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup.

Through a combination of port scanning and OS fingerprinting of T-Mobile’s 3G IP range, a Dutch teenager has for the first time automatically exploited a known security vulnerability introduced on jailbroken iPhones - the SSH daemon which unless modified remains running with default users root and mobile, using the same password on each and every device.

Here’s what he demanded, and how he changed his attitude following the suspension of his PayPal and the spamvertised URL:

Read the rest of this entry »