October 27th, 2009

Malware ads served from Gizmodo

Posted by Ryan Naraine @ 10:04 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Facebook, Flash, Locally Running Web Servers, Malware, Passwords, Social Networking Applications, Spam and Phishing, Spyware and Adware

Tags: Advertisement, Blog, Malware, Gizmodo, Ryan Naraine

[ UPDATE: Dancho has more details on this attack ]

Popular gadget blog Gizmodo has acknowledged falling victim to an “elaborate scam” that served malicious ads for scareware (fake anti-virus) to its readers.

In an apology posted online, Gizmodo said the its ad sales team was tricked into running malicious ads purporting to be from Suzuki.  Read the rest of this entry »

October 27th, 2009

Facebook password-reset spam is Bredolab botnet attack

Posted by Ryan Naraine @ 8:27 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Facebook, Locally Running Web Servers, Malware, Microsoft, Passwords, Phishing, Social Networking Applications, Spam and Phishing, Spyware and Adware, Viruses and Worms

Tags: Facebook, Spam, Attack, Virus Hunter, Cyberthreats, E-mail, Identity Theft, Security, Viruses And Worms, Online Communications

Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware.

The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-theft related attacks. Read the rest of this entry »

October 14th, 2009

New Koobface campaign spoofs Adobe's Flash updater

Posted by Dancho Danchev @ 7:11 am

Categories: Adobe, Anti Virus, Botnets, Browsers, Facebook, Flash, Hackers, Malware, Passwords, Social Networking Applications, Web 2.0

Tags: Adobe Systems Inc., CAPTCHA, Facebook, Malware, Social Engineering, Koobface, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

Earlier this week, the botnet masters behind the most efficient social engineering driven botnet, Koobface, launched a new campaign currently spreading across Facebook with a new template spoofing Adobe’s Flash updater embedded within a fake Youtube page.

The malware campaign is relying on compromised legitimate web sites, now representing 77% of malicious sites in general, and on hundreds of automatically registered Blogspot accounts with the CAPTCHA recognition process done on behalf of the users already infected by Koobface, compared to the gang’s previous reliance on commercial CAPTCHA recognition services.

Here some of the most popular messages posted on Facebook for the time being:

Read the rest of this entry »

September 23rd, 2009

Scareware scammers hijack Twitter trending topics

Posted by Dancho Danchev @ 6:48 am

Categories: Anti Virus, Browsers, Hackers, Malware, Passwords, Social Networking Applications, Ukraine, Web 2.0

Tags: Twitter Inc., Spamming, Spam, Cyberthreats, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

Researchers from F-Secure and Sophos are reporting on an ongoing scareware serving campaign abusing the popular micro-blogging service Twitter.

Hundreds of tweets using four different URL shortening services are currently spammed through the automatically registered Twitter accounts, relying on a pseudo-random text generation using Twitter’s trending topics.

Read the rest of this entry »

September 13th, 2009

The ultimate guide to scareware protection

Posted by Dancho Danchev @ 5:49 pm

Categories: Anti Virus, Botnets, Browsers, Complex Attacks, Data theft, Hackers, Malware, Passwords, Social Networking Applications, Spyware and Adware, Viruses and Worms, Web 2.0

Tags: Search Engine Optimization, Antivirus, Malware, Security Software, Search, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Throughout the last two years, scareware (fake security software), quickly emerged as the single most profitable monetization strategy for cybercriminals to take advantage of. Due to the aggressive advertising practices applied by the cybercrime gangs, thousands of users fall victim to the scam on a daily basis, with the gangs themselves earning hundreds of thousands of dollars in the process.

Not surprisingly, Q3 of 2009 was prone to mark the peak of the scareware business model, whose affiliate program revenue sharing scheme is not only attracting new cybercriminals due to its high pay-out rates, but also, is directly driving innovation within the cybercrime underground acting as a reliable financial incentive.

This end user-friendly guide aims to educate the Internet user on what scareware is, the risks posed by installing it, how it looks like, its delivery channels, and most importantly, how to recognize, avoid and report it to the security community taking into consideration the fact that 99% of the current releases rely on social engineering tactics.

Read the rest of this entry »

August 13th, 2009

Brazilian ID thieves using Twitter as botnet command channel

Posted by Ryan Naraine @ 1:31 pm

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Exploit code, Locally Running Web Servers, Malware, Passwords, Phishing, Social Networking Applications, Spam and Phishing, Spyware and Adware, Viruses and Worms, Web Applications

Tags: Twitter, Spyware, Spyware, Adware & Malware, Financial Services, Security, Ryan Naraine

Arbor Networks security researcher Jose Nazario has stumbled upon a crimeware botnet using Twitter as its command-and-control operation.

The botnet, which is linked to identity thieves in Brazil, uses Twitter status messages to communicate with bots — sending new links for the infected computers to contact and new commands and executables to download and run.

Read the rest of this entry »

August 6th, 2009

Twitter knocked offline by DDoS attack; Koobface returns with a twist

Posted by Ryan Naraine @ 9:46 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Facebook, Flash, Malware, Punditocracy, Responsible disclosure, Social Networking Applications, Spam and Phishing, Viruses and Worms, Vulnerability research, Web 2.0

Tags: Kaspersky Lab, DOS, Twitter, Attack, Koobface, Security, Spyware, Adware & Malware, Cyberthreats, Ryan Naraine

Popular microblogging service Twitter was knocked offline for an extended period this morning by what appears to be a massive distributed denial-of-service attacks.

Twitter confirmed the outage was linked to malicious attackers in a brief status message posted around 11:00 a.m EST.
Read the rest of this entry »

August 4th, 2009

U.S. Marines ban Facebook, MySpace, Twitter

Posted by Ryan Naraine @ 10:17 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Facebook, Locally Running Web Servers, Malware, Passwords, Responsible disclosure, Social Networking Applications, Spam and Phishing, Spyware and Adware, Viruses and Worms, Zero-day attacks

Tags: Web, Facebook, Network, Twitter, MySpace, U.S. Marine Corps, Social Networking, Channel Management, Networking, Security

The U.S. Marine Corps has slapped an immediate ban on the use of social networking sites on its network, warning that sites like Facebook, MySpace and Twitter are a “proven haven for malicious hackers and content.”

The ban, contained in an order issued Monday, will last for a year.  It specifically mentions Facebook, Twitter and MySpace although it applies to what is described as “Web-based services that allows communities of people to share common interests.”

Read the rest of this entry »

August 3rd, 2009

Does Twitter's malware link filter really work?

Posted by Dancho Danchev @ 3:29 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Social Networking Applications, Web 2.0

Tags: Malware, Twitter, Cyberthreats, Spyware, Adware & Malware, Viruses And Worms, Security, Dancho Danchev

Today, researchers from F-Secure stumbled upon a long-anticipated feature in Twitter’s fight against malicious abuse of its service - a malware URL filter preventing automatically registered or compromised legitimate accounts from tweeting known malicious links.

Whenever a Twitter user is attempting to post a link to a known malware/phishing URL, a “Oops! Your tweet contained a URL to a known malware site!” message will appear, and prevent this from happening.

Does the feature really work? A five minute test showed disappointing results, making it obvious that it’s still in experimental mode.

Read the rest of this entry »

July 7th, 2009

Koobface worm joins the Twittersphere

Posted by Dancho Danchev @ 2:00 pm

Categories: Anti Virus, Botnets, Browsers, Facebook, Hackers, Malware, Passwords, Social Networking Applications, Web 2.0

Tags: Worm, Twitter, Koobface, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Cybercriminals are experimenting with a new feature introduced in one of the latest Koobface variants - the ability of the worm to hijack the Twitter accounts of infected users and post tweets in an attempt to infect their followers.

According to researchers from TrendMicro, once the infected user attempts to log into Twitter, Koobface hijacks the session and posts a tweet on behalf of the user.

Would this novel feature allow the worm to spread even more efficiently? It largely depends on whether or not they’d remove the beta label from it, and go mainstream with the feature.

Read the rest of this entry »