How ironic that Google allows you to initiate a Web search by clicking on a button labeled "I'm Feeling Lucky." The button is supposed to take you to the first Web site that turns up in your search. Instead, it just might take you to malware hell.
In a preliminary report issued by Google in early February (see All Your iFrames Point to Us in the Google blog), researchers reveal the depth of the worldwide malware problem and conclude “the scope of the problem is significant.” This isn’t news if you’ve ever have to clean up the mess left behind after a malware infection. But if you’re feeling fairly confident that you do enough to protect yourself and the other users on your network, this report should open your eyes to the real world, and it’s not pretty.
Friday, September 14, 2012
New Weapon Against Drive-by Downloads Emerges
As more employees visit social networking sites while at work, network managers are seeing a rise in accidental malware infections known as drive-by download attacks.
Cybersecurity researchers trying to stop users from inadvertently compromising their machines have come up with a novel idea: Give them PCs running virtual machine software so they can act as sensors that detect malware infections and prevent them from infecting enterprise networks.
The idea was developed by George Mason University's Center for Secure Information Systems (CSIS) in conjunction with Northrup Grumman Information Systems.
This PCs-as-sensors approach was outlined at the Cyber Infrastructure Protection Conference held at the City College of New York last Friday.
Reference:
Cybersecurity researchers trying to stop users from inadvertently compromising their machines have come up with a novel idea: Give them PCs running virtual machine software so they can act as sensors that detect malware infections and prevent them from infecting enterprise networks.
The idea was developed by George Mason University's Center for Secure Information Systems (CSIS) in conjunction with Northrup Grumman Information Systems.
This PCs-as-sensors approach was outlined at the Cyber Infrastructure Protection Conference held at the City College of New York last Friday.
Reference:
ATM Malware Spreading Around The World
Analysts at Trustwave's SpiderLabs research group were surprised earlier this year when it obtained the ATM malware sample from a financial institution in Eastern Europe, said Andrew Henwood, vice president of SpiderLabs's Europe, Middle East and Africa operation. Trustwave does forensic investigations for major credit card companies and financial institutions as well as penetration tests.
"It's the first time we have come across malware of this type," Henwood said.
Reference:
Wednesday, September 12, 2012
Cyber Criminals Target Travelers
FBI: Guests' Data Collected When They Log Into Hotel Wi-Fi Overseas
(CNN) -- A recent warning from the FBI about hackers targeting guests' data when they log into hotel Wi-Fi overseas was a salient reminder to travelers of the risks to data security on the road.
The alert, from the FBI's Internet Crime Complaint Center, was addressed to U.S. executives, government workers and academics but did not specify a particular country of threat. It warned of a spate of incidents of travelers encountering bogus software update pop-ups when they used hotel internet connections overseas. When they clicked on the "update," malicious software was installed on their computer.
Hotel Wi-Fi connections are particularly risky, said Sian John, UK security strategist at Symantec, because they are often set up without proper security settings. But they are merely one data-security threat among many facing business travelers.
Reference:
(CNN) -- A recent warning from the FBI about hackers targeting guests' data when they log into hotel Wi-Fi overseas was a salient reminder to travelers of the risks to data security on the road.
The alert, from the FBI's Internet Crime Complaint Center, was addressed to U.S. executives, government workers and academics but did not specify a particular country of threat. It warned of a spate of incidents of travelers encountering bogus software update pop-ups when they used hotel internet connections overseas. When they clicked on the "update," malicious software was installed on their computer.
Hotel Wi-Fi connections are particularly risky, said Sian John, UK security strategist at Symantec, because they are often set up without proper security settings. But they are merely one data-security threat among many facing business travelers.
Reference:
Monday, September 10, 2012
Anonymous Attack Brings Down Tons Of GoDaddy Sites
Today is not a good for those working behind the scenes at GoDaddy. TechCruch is reporting that an Anonymous member has brought GoDaddy down and, by extension, has brought down many of the sites GoDaddy hosts. Apparently, the attack was carried out by someone going by the name of “AnonymousOwn3r” on Twitter, and he says that he worked alone in bringing the website hosting service down.
Friday, September 7, 2012
FBI Director: Cybercrime Will Eclipse Terrorism
"Today, terrorists have not used the Internet to launch a full-scale cyberattack, but we cannot underestimate their intent," he said. In the wake of the Sept. 11 attacks, the FBI invested heavily to develop new skill sets and formed more than 100 joint anti-terrorism task forces with other government agencies, military branches and local law enforcement organizations.
Reference: Cybercrime Will Eclipse Terrorism
Reference: Cybercrime Will Eclipse Terrorism
Monday, July 9, 2012
300,000 Infected Computers to Go Offline Monday
According to a group of security experts formed to combat DNSChanger, between a quarter-million and 300,000 computers, perhaps many more, were still infected as of July 2.
DNSChanger hijacked users' clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled real domains.
At one point, as many as 4 million PCs and Macs were infected with the malware, which earned its makers $14 million, U.S. federal authorities have said. Infected machines will lose their link to the Internet at 12:01 a.m. ET Monday, July 9, when replacement DNS servers go dark.
Reference:
DNSChanger hijacked users' clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled real domains.
At one point, as many as 4 million PCs and Macs were infected with the malware, which earned its makers $14 million, U.S. federal authorities have said. Infected machines will lose their link to the Internet at 12:01 a.m. ET Monday, July 9, when replacement DNS servers go dark.
Reference:
Monday, May 21, 2012
Ads on Wikipedia Can Point to Malware Infection
Every now and then, Wikipedia's popularity and brand are misused by malware peddlers, typosquatters and scammers.
But the fact that the Wikipedia project is funded exclusively by donors and the site never display ads also makes it a good litmus test for discovering whether one's machine is infected with certain types of malware.
"If you’re seeing advertisements for a for-profit industry or anything but our fundraiser, then your web browser has likely been infected with malware," Wikipedia's Director of Community Advocacy Philippe Beaudette pointed out in a recent blog post.
This usually happens when a specific browser extension has been inadvertently downloaded and installed by the user.
"Ads injected in this manner may be confined to some sites, even just to Wikipedia, or they may show up on all sites you visit," he says. "Browsing through a secure (HTTPS) connection may cause the ads to disappear, but will not fix the underlying problem."
One must disable the extension in question, but even after having done this, other malware could still be hiding on the computer, and then a malware scan is order.
Beaudette points out that ads seen on Wikipedia's site can have one final source - one that might not be malicious but is still annoying: the users' Internet provider, who injects them into web pages for profit.
But the fact that the Wikipedia project is funded exclusively by donors and the site never display ads also makes it a good litmus test for discovering whether one's machine is infected with certain types of malware.
"If you’re seeing advertisements for a for-profit industry or anything but our fundraiser, then your web browser has likely been infected with malware," Wikipedia's Director of Community Advocacy Philippe Beaudette pointed out in a recent blog post.
This usually happens when a specific browser extension has been inadvertently downloaded and installed by the user.
"Ads injected in this manner may be confined to some sites, even just to Wikipedia, or they may show up on all sites you visit," he says. "Browsing through a secure (HTTPS) connection may cause the ads to disappear, but will not fix the underlying problem."
One must disable the extension in question, but even after having done this, other malware could still be hiding on the computer, and then a malware scan is order.
Beaudette points out that ads seen on Wikipedia's site can have one final source - one that might not be malicious but is still annoying: the users' Internet provider, who injects them into web pages for profit.
Flashback Botmasters Earned Less Than $15K
The researchers initially calculated that a botnet of that size could bring in $10,000 per day to its masters, as the malware's ad-clicking component would intercept browser requests, target search queries made on Google and redirect users to another page of the attacker's choosing. Consequently, the attackers would receive payment for the ad click instead of Google.
Alas for the botmasters, not everything went as planned. They managed to install the ad-clicking component only on some 10,000 of the 600,000+ infected machines because security researchers reacted quickly and took down most of their C&C servers.
"From our analysis we have seen that, for a three-week period starting in April, the botnet displayed over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked. These numbers earned the attackers $14,000 in these three weeks, although it is worth mentioning that earning the money is only one part of the puzzle—actually collecting that money is another, often more difficult, job," shared Symantec.
Reference:
Alas for the botmasters, not everything went as planned. They managed to install the ad-clicking component only on some 10,000 of the 600,000+ infected machines because security researchers reacted quickly and took down most of their C&C servers.
"From our analysis we have seen that, for a three-week period starting in April, the botnet displayed over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked. These numbers earned the attackers $14,000 in these three weeks, although it is worth mentioning that earning the money is only one part of the puzzle—actually collecting that money is another, often more difficult, job," shared Symantec.
Reference:
Sunday, May 20, 2012
Worm Targets Facebook Users Via PMs
A worm posing as a JPG image has seemingly been spotted propagating on Facebook and through various IM applications. "We recently received reports about private messages found on Facebook and distributing a link, which is a shortened URL pointing to an archive file May09-Picture18.JPG_www.facebook.com.zip," Trend Micro researchers warn. "This archive contains a malicious file named May09-Picture18.JPG_www.facebook.com and uses the extension .COM."
Once the file is run and the worm gains a foothold in the system, it first tries to find and disable antivirus software in order to avoid detection. Then, it contacts a number of websites, and downloads from them another worm.
Subscribe to:
Posts (Atom)