Sphinx: New Zeus Variant for Sale on the Black Market. Featured Articles The 0Day marketplace was a busy beaver this weekend. I’ve been waiting and watching Sphinx for the past 10 days to see if the 0Day admin would verify this new threat: New Zeus Variant On Sunday evening, Sphinx, a new variant of the Zeus banking trojan was admin-verified. Sphinx is coded in C++ and based on ZeuS source code and operates fully through the Tor network using a Tor hidden service. The seller claims that you do not need bulletproof hosting (generally immune from takedown requests) when operating a Sphinx botnet, though he still recommends it.
Sphinx Features (as listed in the forum with minor edits): Malware: Formgrabber and Webinjects for latest Internet Explorer, Mozilla.Firefox and Tor Browser with cookie grabber and transparent page redirect(Webfakes).Backconnect SOCKS, VNC.Socks 4/4a/5 with UDP and IPv6 support.FTP, POP3 grabber.Certificate grabber.Keylogger. Certificate grabber: Backconnect VNC: This is the most essential feature of a banking trojan. Webfakes: Sphinx: New Zeus Variant for Sale on the Black Market. Sphinx: New Zeus Variant for Sale on the Black Market. Who can stop malware? It starts with advertisers. As the practice of delivering malware through online ads becomes increasingly popular among cyber criminals, the advertising industry has to rethink how it handles online advertisements. In the month of August alone, researchers at the antivirus firm Malwarebytes have found and reported several so-called malvertising campaigns, including the big campaign that inserted malicious ads into the ad network used by Yahoo and its subsites, such as News, Finance, and Games.
The same bad actor also tricked the ad network used by eBay. Similar campaigns impacted visitors to dating site PlentyOfFish and the media content site for Australian telecommunications provider Telstra this week, and the same ad network displayed malicious ads on MSN, Malwarebytes said. The malvertising campaign that tripped up Yahoo.com visitors was the work of a Russian threat actor called Fessleak, said Patrick Belcher, director of security analytics at Invincea. The mechanics of malvertising Tricking the ad network. Russia to blame for stealthy cyber campaign that uses Twitter, security firm says. Security experts suspect that hackers working on behalf of the Russian government are behind a sophisticated cyber campaign in which infected computers are controlled through hidden messages embedded within image files shared over Twitter.
FireEye, a California-based security firm, all but blamed the Kremlin for an offensive campaign revealed publicly for the first time in a report published on Wednesday this week. The researchers said the hackers relied on an impressively stealthy type of malware that they’ve dubbed “HAMMERTOSS” to carry out attacks in which infected machines are covertly instructed to execute certain commands and upload sensitive user data to the cloud.
“Using a variety of techniques — from creating an algorithm that generates daily Twitter handles to embedding pictures with commands — the developers behind HAMMERTOSS have devised a particularly effective tool,” the report reads. Two computer security malware threats you must know about. Recently, a friend of mine sent me a photo of the image on his computer screen. It was a Windows firewall warning message that his computer had been infected with malware. He said that when he tried to re-boot the computer it got into an endless loop and he could not get it to do anything. He finally took it to the computer repair shop, and the repair folks had to reload a new system. Thankfully he had a complete, clean, backup of all his files, so he didn’t lose anything. I asked what they said the problem was, and he indicated that they didn’t tell him anything specific, only that he “probably had bad malware.”
Hmm… His situation intrigued me. Rombertik I asked my friend what some of his actions are prior to getting the malware. Stegoloader My friend also indicated that he had downloaded a video and a few photos. Stegoloader can also hide within video images. Protecting against Stegoloader and Rombertik Make sure you, your family, friends and employees know the following at a minimum: Gunpoder: A new Android malware targets users not residing in China - Firstpost. Researchers have discovered a new family of Android malware that successfully evaded all antivirus products on the VirusTotal web service. Palo Alto Networks named this malware family 'Gunpoder' based on the main malicious component name, and Palo Alto Networks' threat intelligence team Unit 42 observed 49 unique samples across three different variants. This finding highlights the fine line between “adware,” which isn’t traditionally prevented by antivirus products, and malware, with its ability to cause harm.
Samples of Gunpoder have been uploaded to VirusTotal since November 2014, with all antivirus engines reporting either “benign” or “adware” verdicts, meaning legacy controls would not prevent installation of this malware. Gunpoder targets Android users in at least 13 different countries, including India. One interesting observation from the reverse engineering of Gunpoder is that this new Android family only propagates among users outside of China. Powermore.dell. New and creative security threats may grab headlines, but smart security practitioners know that many attackers still rely on the tried-and-true methods, and they protect themselves from these threats accordingly. The challenge some IT security experts face is in maintaining awareness of threats to which users have grown accustomed. Malware has been around for decades now, and in the technology world, a decade is a long time. Despite malware becoming more sophisticated, the average person is used to getting infected — to the point that it’s seen as a mere nuisance rather than a threat.
Did you know that, according to the Anti-Phishing Working Group, one in three computers is infected with malware? This lack of visibility to the threat is partially due to the nature of digital information, since information can be copied without damage. Data breaches and botnets Data breach risk and the level of botnet activity are directly correlated, according to a recent study by BitSight. New CRYPVAULT Ransomware Encrypts and Quarantines Files. Hunting Down Malware on the Deep Web. Hunting Down Malware on the Deep Web. Ransomware: How does your network fare? The next generation of CryptoWall malware emerges. After a short-lived hiatus, the creators of CryptoWall have re-emerged with the next generation of the devious malware, coined "CryptoWall 3.0".
Just as security experts thought they had a handle on the original threat, the emergence of version 3.0 sparks debate as to what signals to look out for and how to protect against the rise of ransomware variants. So what's new? Since making its debut last fall and wreaking havoc on thousands of businesses and individuals globally, CryptoWall is the biggest name in ransomware threats. Its predecessor, Cryptolocker, started the snowball effect in 2013 as one of the first ransomware strains to enter the marketplace. The concept is simple: victims are infected with the CryptoWall malware by opening a malicious email attachment.
Once on the system, CryptoWall encrypts the victims’ files and demands a $500 ransom for the files to be saved. Payment must be made within a seven-day period or the ransom will double. A Few Red Flags What to Expect Next. Malvertising is a 'toddler' now ~ TekSec. No more dirty diapers, potty training is intact. Within a two year time frame — malvertising mastered crawling and is starting to walk now. Malvertising (in succinct terms) is defined as the use of online advertising to spread malware. My first experience with malvertising (malicious advertising) occurred on a Saturday in mid-September of 2009. While browsing the New York Times (NYT), a rogue antivirus pop-up appeared. I immediately hit ctrl-alt-del to pull up task manager and attempted to end Google Chrome processes. Though I knew not to click on any pop-ups, my browser was quickly and silently redirected to a malicious website anyway. Malvertising damages the advertising ecosystem Malicious ads can heap a huge pile of damage on the advertising ecosystem, businesses, and individuals.
Last year Craig D. How do they do it? Cybercriminals create legitimate ads and may place a series of malware-free ads on a trusted (high-traffic) site that supports third party ads. They also use: Resources: AusCERT 2013: Cloud-based scanner identifies new malware by its ancestry - #Auscert2013. Polymorphic malware may be good at evading signature-based scanning engines, but the application of advanced algorithms to terabytes’ worth of malware dumps is enabling one Deakin University PhD student to detect even new strains of malware by assessing their similarity to existing, known malicious code. The approach is a departure from traditional signature-based antivirus approaches, which are easily defeated by the large volume of malware that modifies its structure or behaviour to avoid detection.
Yet by feeding a scanning engine with massive volumes of new malware and collating the results in the cloud-based Simseer service, security researcher Silvio Cesare – who presented his research to AusCERT 2013 today – has been able to identify new malware strains by their heritage. Rather than focusing on scanning at the byte level, Cesare’s technique looks at small ‘structures’ woven through the malware code, which are common to each family of malware. Join the CSO newsletter! Cybercriminals target Twitter, spread thousands of exploits and malware serving tweets. Twitter users, beware! Over the past several days, cybercriminals have been persistently spamvertising thousands of exploits and malware serving links across the most popular micro blogging service. Upon clicking on the clicks, users are exposed to the exploits served by the Black Hole web malware exploitation kit.
What’s so special about this campaign? What’s the detection rate of the malware it drops? Where does it phone back once it’s executed? More details: Screenshot of a sample automatically registered account spamvertising malicious links to thousands of Twitter users: Next to English-speaking users, the campaign is also targeting Russian users since July, 23th, 2012: The cybercriminals behind the campaign are also using a publicly available counter to measure the success of the campaign: The campaign is currently propagating in the following way – an automatically generated subdomain is spamvertised with an .html link consisting of the name of the prospective victim. About the Author. Banking Scams. IAmA a malware coder and botnet operator, AMA : IAmA. GetCocoon - Google+ - This current wave of phishing attacks looks just like the… Java-Based Malware Is "Fileless"
Kaspersky Lab discovered a new piece of malware that doesn’t create new files when infecting targeted computers, making it hard to detect. The “fileless” malware, dubbed Trojan-Spy.Win32.Lurk, exploits a Java vulnerability (CVE-2011-3544) as part of a drive-by-download attack, Sergey Golovanov, a senior malware analyst at Kaspersky Lab, wrote on the Securelist blog Mar. 16. Drive-by downloads exploit vulnerabilities in unpatched software and generally requires no user interaction to compromise the machine. Even though the user doesn’t have to click on anything to start the attack, drive-by-downloads generally save a dropper or downloader file onto the hard drive as part of the infection process. The saved file automatically executes certain commands or downloads additional malware to the computer. In the case of Lurk, Kaspersky was unable to find any files that were part of the initial infection, according to Golovanov.
Get Cocoon: Check out Cocoon for Inter... Seven Ways to Get Yourself Hacked. In recent months, I’ve met at least three people who have been the victim of hackers who’ve taken over their Gmail accounts and sent out e-mails to everyone in the address book. The e-mails, which appear legitimate, claim that the person has been robbed while traveling and begs that money be wired so that the person can get home.
What makes the scam even more effective is that it tends to happen to people who are actually traveling abroad—making it more likely that friends and families will be duped. Although it’s widely believed that a strong password is one of the best defenses against online fraud, hackers increasingly employ highly effective ways for compromising accounts that do not require guessing passwords. This means that it is more important than ever to practice “defensive computing”—and to have a plan in place for what to do if your account is compromised.
Malware. Windows XP. Kiosk computers. Naked Emma Watson video used to spread malware. Fake videos with funny or sexual content, have long been used to entice users to download and install malware. The technique is used by hackers to convince users that they need to install additional codecs, or software, in order to play the video. I've found several websites redirecting to "Emma Watson never seen before home video" hosted on various rr.nu domains: strongrzholder.rr.nu, smartutnetwork.rr.nu, etc. The page looks very similar to a YouTube page, with related videos on the left, and fake comments below the player. A click on the Play button, or any link on the page, shows a warning that the Flash player is out of date and a new version needs to be installed in order to play the video. The warning is very well designed. It feels like a desktop software with an animated download function, despite being part of the web page. -- Julien.
The Malware Scene. HpHosts Online - Simple, Searchable & FREE! Open this malware or I'll sue you. Network World - The latest social engineering trick to get victims to open malicious email attachments accuses them of being spammers and threatens to sue them if they don't stop. It's all in an attempt to get targets to open up the zip attachment by telling them it contains evidence of their spamming. Actually it's an .exe file that infects the machine but displays like a document, according to the Websense Security Labs Blog. MORE: Bigger isn't better when it comes to social engineering attacks The attachment installs a downloader Trojan that copies itself to the system path so it executes when the system boots up.
It connects to remote servers to download specific exploit files. The blog says the current attacks could contain other variants of the Trojan as attachments. The new attack cropped up Monday in WebSense's ThreatSeeker network that gathers data about malicious email campaigns. The blog includes an image containing the text of one such email: "Hello. Go Daddy mass hack points surfers towards malware.
Gartner critical capabilities for enterprise endpoint backup Hundreds of Go Daddy sites were compromised to point towards a site hosting malware last weekend. The mass hack of around 445 sites involved the injection of hostile code into the .htaccess files of the sites. Go Daddy quickly removed the hostile code before working with its customers to take back full control of the sites, which were reportedly compromised by a password hack. Go Daddy’s chief information security officer, Todd Redfoot, told Domain Name Wire: "The accounts were accessed using the account holder’s username and password.”
It's unclear how the passwords needed to pull off the attack were obtained, but some sort of targeted phishing attack is one likely explanation. Go Daddy's investigation into the attack continues but Redfoot suggested the blame for the mass hack was outside Go Daddy's control. "This was not an infrastructure breakdown and should not impact additional customers," he said. About. Derouen Webb (@derouenopcoy3) sur Twitter. Mariana Uplinger (@MarianaUplinger) sur Twitter. Tekblog. Get Cocoon Internet Services: Malware is not just for windows anymore. Closing the loop « Lvdeijk's Blog.
Online Malware Sandboxes. Cocoon - a better way to browse. Internet Security Tools. Safe Browsing diagnostic page for tekblog.teksquisite.com. Mobile Malware. Computer, Technology.