 |
|
Zlob threat hides as free, faked MP3 download
Posted by the Secure Computing Anti-Malware Team
"Where There Is Porn, There Are Zlobs" - this phrase was coined some years ago. You often find Zlobs associated with adult-related web sites. It seems that many people don't care for security at all when surfing porn, and they fall victim to the infamous social engineering tactic of the "missing video codec" download. And [...]
 More
Latest Wave of SQL Injection Attacks
Posted by the Secure Computing Anti-Malware Team
Since April, about every week had its run of SQL injection attacks, infecting legitimate websites to direct visitors to malicious code. And like before, this latest wave also tries to infect visitors of legitimate websites with a password-stealing trojan. The attackers continue to use SQL injection against ASP and ASP.NET websites that have insufficient verification of [...]
More
The Storm Worm sneaks on IFRAMEs... again!
Posted by the Secure Computing Anti-Malware Team
When talking about the infamous "Storm Worm" threat, most people think about spam messages with links to blogs or prepared web sites, trying to lure the innocent user to install malware. And the storm authors are creative with their social-engineering tricks to ensure someone can not resist to see what suprise awaits them. But it is [...]
More
When your web site is attacked by the Hijacking Blog
Posted by the Secure Computing Anti-Malware Team
Today's malware threats are nastier and stealthier than ever before. In this blog entry we dissect a very common but yet unknown threat, which infected and compromised many web servers world-wide. The hacked web sites display different content, depending on whether you access them directly or access them through a search engine query via Google, [...]
More
Latest GDI vulnerability now exploited in the wild
Posted by the Secure Computing Anti-Malware Team
A vulnerability found within the Windows Graphics Device Interface (GDI), fixed and published by Microsoft with Security Bulletin MS08-21, is actively being exploited in the wild. The exploit, which has been found hosted on websites so far, often goes by the name "top.jpg" and upon successful exploitation downloads and executes a trojan (named "word.gif"). Since many [...]
More
Comparing "Kraken" with Bobax
Posted by the Secure Computing Anti-Malware Team
The "Kraken" botnet recently got some press coverage and since then has started a discussion among the IT security folks about whether it is a new malware or a variant of a malware already known as "Bobax". Our conclusion after having unpacked, reverse-engineered and compared the code of both malware variants is that "Kraken" obviously [...]
More
Storm falls in love with Google's Blogger
Posted by the Secure Computing Anti-Malware Team
The infamous "Storm worm" is back and now the spam messages contain links to the domain blogspot.com - Google's Blogger service. The spammed subjects look like "Crazy in love with you", "I Love Being In Love With You" or "Fallen for you". The mail body contains just simple short sentences like "I'll never stop loving [...]
More
Storm April Fools' Day
Posted by the Secure Computing Anti-Malware Team
Today is All Fools' Day and spam messages from the infamous "Storm worm" hit the users' inboxes. The subject varies from "Happy All Fools Day!", "Join the Laugh-A-Lot!" through "Today's Joke!". The message body is just a short link to an IP address, which turned out to be a web proxy of the storm botnet. But [...]
More
Office exploits delivering trojan horses
Posted by the Secure Computing Anti-Malware Team
This Tuesday Microsoft released their monthly Security Bulletin for March, fixing several critical Microsoft Office vulnerabilities allowing remote code execution. Some of these vulnerabilities have been exploited in waves of targeted attacks arriving in form of Excel sheets via E-mail. Curious eyes would have had to face an infection with a trojan giving the attacker [...]
More
Targeted Attack installing Keylogging Software
Posted by the Secure Computing Anti-Malware Team
A Rich Text Format (RTF) document, attached to targeted E-mails alleging to originate from the "Better Business Bureau" (BBB), was discovered in the wild within the last few days. Once opened, a hint stating "This document contains an embedded object" becomes visible, alongside an embedded icon of an Adobe PDF document named "complaint .pdf". A [...]
More
Please, do not read the manual! Not THIS one...
Posted by the Secure Computing Anti-Malware Team
Recently, a Microsoft Compiled HTML Help file (CHM) was used in a targeted attack to infiltrate victims' computers. As the name implies, the CHM file format is supposed to carry informative data only. Many Windows applications use it in order to display their help manuals, as you get important features such as indexing and searching [...]
More
Another search engine link leading to malware
Posted by the Secure Computing Anti-Malware Team
A new spam run is on the loose with subjects like "NEW Gallery video with a naked celebrity Paris Hilton". The mail promises an adult related video - as you probably know, celebrities and pornography are frequently chosen as social engineering-vehicles for malware authors. However, this particular spam doesn't contain the malware as an attachment or a [...]
More
Recent Adobe Reader vulnerability exploited in-the-wild
Posted by the Secure Computing Anti-Malware Team
A remote code execution vulnerability in Adobe's Reader is currently being actively exploited in the wild. According to first reports, malicious ad banners are probably redirecting users to PDF documents exploiting this critical vulnerability. Upon opening the malicious PDF document, users would get infected by the ZoneBac trojan. The vulnerability, entitled CVE-2008-0655, has already been fixed [...]
More
Malicious banner ads get more targeted
Posted by the Secure Computing Anti-Malware Team
The problem of malvertising is steadily growing and the attacks are more targeted than before. This year we received lots of reports about malicious banner ads from countries in Europe. Within the first two weeks of January, there have been incidents on high-traffic web sites in Austria, Germany and Switzerland. And, the attacks are more targeted than before. [...]
More
Iframes and infected web pages
Posted by the Secure Computing Anti-Malware Team
Every now and then it happens that legitimate web sites are compromised. In today's environment, this doesn't mean that there is a script kiddy wanting to deface a web site for notoriety. Today, these compromised websites look like they did before. Usually the drive-by infection goes unnoticed - the malware authors don't want to attract too much [...]
More
Misleading applications head their focus to the MacOS platform
Posted by the Secure Computing Anti-Malware Team
Since the MacOS platform is gaining more marketshares it also attracts the interest of malware authors. So-called "Rogue Anti-Spyware" products have been known to affect the Windowas platform. Now this kind of misleading application is heading for the Mac platform as well. The software scares the users with fake animations, pretending to do a system malware scan and [...]
More
From Storm With Love
Posted by the Secure Computing Anti-Malware Team
It is almost a year ago that the infamous "Storm worm" hit users' inboxes with malware-ladden spam messages. Later, the authors decided to only spam messages with links with no attachments at all. The links point to compromised computers hosting the latest social-engineering trick to fool users into installing the pest. Since yesterday, the messages started coming [...]
More
Zlob lurking on blog sites
Posted by the Secure Computing Anti-Malware Team
After months of relative silence, the "Storm worm" group is back...and up to no good. From December 23rd to 24th, the group started a seasonal greetings attack. With E-mails of different subjects and bodies, such as "Mrs. Clause Is Out Tonight!", "I love this Carol!" and "Merry Christmas To All", and texts like: "Dude, I know you [...]
More
Zlob lurking on blog sites
Posted by the Secure Computing Anti-Malware Team
A significantly growing number of attacks try to guide users to various blog sites - such as on BlogSpot.com -by achieving high search page ranks for popular search keywords - either on recent social events or news, such as Benazir Bhutto's assassination, or on sexually explicit terms, or on VIP or brand names like "Britney [...]
More
Rogue Ads spotted on Yahoo
Posted by the Secure Computing Anti-Malware Team
Recently there have been some reports about banner Ads which redirect the users to suspicious Web sites. These advertisments have been delivered through large advertisers' networks and were displayed on high traffic Web pages. Today we got a report of such a flash Ad on Yahoo!. This skyscraper Ad is downloaded from 'yimg.com', one of Yahoo's [...]
More
Mozilla based browser vulnerable to men-in-the-middle-attacks
Posted by the Secure Computing Webwasher Development Team
Today a long existing problem of the certificate verification of Mozilla based browsers - that allows certificate spoofing - was mentioned by heise.de (http://www.heise.de/security/news/meldung/99203), a very popular tech-related German news site. The original (English) disclosure can be found at http://nils.toedtmann.net/pub/subjectAltName.txt.Whenever a SSL secured connection is established a browser verifies the server's certificate. Additionally, to check for [...]
More
New Trojan looking for your FTP accounts
Posted by the Secure Computing Anti-Malware Team
Recent malicious mails try to convince users to visit a fake YouTube lookalike-site and install an "update" to Adobe's Flash player. The update, as claimed by the fake web page, is needed in order to be able to watch an advertised video. Although named "install_flash_player.exe", this file isn't a genuine Flash update but a trojan horse [...]
More
Individualized SpySheriff rogue software
Posted by the Secure Computing Anti-Malware Team
We are once again seeing increased activity of the SpySheriff adware in the wild, in terms of new variants. As typical for this kind of rogue software, they pretend your system is infected with a great deal of malicious software that actually isn't present at all. The removal of the alleged malware can only be conducted [...]
More
Zlob malware comes to Apple Mac OS X platform
Posted by the Secure Computing Anti-Malware Team
Mac users should watch out carefully, the infamous Zlob threat also targets them now. The social engineering technique for a Zlob infection will present the user a fake error message and tell them that a required codec is missing to watch a movie. For "convenience" a link to the codec, which is malware of course, [...]
More
Malicious PDF files in the wild
Posted by the Secure Computing Anti-Malware Team
Starting last week, we've seen a malicious PDF file in the wild which exploited the Windows URI vulnerability (Also known under CVE-2007-5020). This PDF, with a malformed mailto-URI, tries to shut down the Windows Firewall and then downloads malicious code via FTP. After downloading, the malware 'ldr.exe' will be executed. Webwasher Anti-Malware detected that file through [...]
More
'Ron Paul for President' Spam
Posted by the Secure Computing Research Team
Last night TrustedSource started noticing a deluge of spam promoting Ron Paul, one of the U.S. presidential candidates in the Republican primaries. The spam originated primarily from compromised zombies oversees and is proclaiming that Ron Paul has won the Republican Debate that took place on Sunday. It proceeds to outline his actual positions on issues and [...]
More
Beware of the Laughing Cat
Posted by the Secure Computing Anti-Malware Team
Since this morning the storm threat changed again and now spam messages, masquarading as e-cards, hit in-boxes worldwide. The theme is a "Laughing Psycho Kitty Cat" with animated graphics and sounds. When the user follows the malicious link in the mail, a web site like the following will be displayed: Subject Did you open your ecard yet? Have you [...]
More
The Zlob Pest goes International
Posted by the Secure Computing Anti-Malware Team
The infamous Zlob adware, which purports to be a required video codec to view movies, now goes after German users. This is just another evolution of this nasty threat showing that the authors behind this are trying to make even more money as they have started to customize the langauge in an increasingly targeted fashion. If [...]
More
Wish it was Two-Factor Authentication
Paul Henry, Secure Computing Vice President of Technology Evangelism
We have all seen them... Banks using anything but real Two-Factor Authentication. Implementing everything from "On Screen Keyboards" (while the software to defeat them is freely downloadable on the Internet), to collecting [...]
More
Truth or Fiction in the Blogosphere?
Posted by the Secure Computing Research Team
The blogosphere and anti-spam community is all riled up with the news about the murder of a prominent Russian Viagra spammer posted on an obscure blog yesterday. The news has even made Slashdot and has been published in a number of tech industry publications. Trouble is — no one has ever heard of the mentioned [...]
More
How to Preempt Zero-Day Attacks using Reputation-Based Security
Posted by the SecureNews Team
Business use of the Web and Web 2.0 applications expose organizations to both inbound and outbound security threats which transcend the legacy security measures for Web 1.0. The new generation of emerging security threats now consists of malicious attacks led by cyber criminals targeted at [...]
More
Reputation-Based Threat Reduction Spreads to Air Travel
Posted by the SecureNews Team
The U.S. Department of Homeland Security (DHS) recently announced that they will begin performing pre-departure screening of international travelers, as recommended by the 9/11 Commission. The program is intended to [...]
More
Web-Hosted Malware Attacks Are on the Rise
Posted by the SecureNews Team
Secure Computing Research recently announced an increase in Web-borne malware attacks that are financially motivated, in a report outlining the top threats worldwide that afflicted enterprise and home users in the first half of 2007. The report first identified that [...]
More
Congress Takes Aim at Peer-to-Peer Networks
Posted by the SecureNews Team
Peer-to-peer (P2P) networks took center stage recently on Capitol Hill, when Government Reform Committee Chairman Henry Waxman noted at a hearing that P2P technology could potentially pose a national security threat. The hearing, which studied the prevalence of inadvertent file sharing over P2P networks [...]
More
Webwasher protects against new Microsoft ActiveX Vulnerability
Posted by the SecureNews Team
A vulnerability has been discovered this year that impacts users of Internet Explorer versions 6 and 7 that also have installed Microsoft Office 2003. The "Microsoft Office Data Source Control Buffer Overflow Vulnerability" can be exploited when a user visits a web page that [...]
More
Storm Threat Meets YouTube Fake
Posted by Secure Computing SWAT Team
The never ending morphing storm threat jumps on the old "Codec trick", where a user needs to install a special codec to watch a movie. This trick is also used by the infamous Zlob family, where a fake web site displays a YouTube-lookalike window and provides a link to a malware file. The spam mails differ [...]
More
iPhone in the Wild
Posted by Secure Computing SWAT Team
With the release of the iPhone last week, the bad guys have now been trying to use this event as basis for their social engineering. Sunbelt discovered a new fake website pretending to be an iPhone site on the weekend, and a round of spam E-mail was sent out on the same day (but it's a [...]
More
Apple QuickTime Player Zero-Day Vulnerability [UPDATE]
Posted by Secure Computing SWAT Team
A privilege escalation vulnerability has been unveiled that affects users with both Apple QuickTime and Firefox installed. An attacker who places a specially crafted QuickTime link file (MIME type application/x-quicktimeplayer) on a web site, which is then visited by users having both Firefox (needs to be the default browser) and Apple QuickTime (5 or later) installed, [...]
More
Malformed ICO DoS Vulnerability in Windows XP
Posted by Secure Computing SWAT Team
We've just released Proactive Scanning database #59 with a generic detection for a new DoS vulnerability in Windows XP. A malformed ICO file can lead to an unhandled division-by-zero exception in GDI+. Such ICO files will now be blocked by Webwasher as "Exploit.ICO.InfoHeader-DoS.gen". So far, remote code execution doesn't seem to be possible, so the risk level [...]
More
Web Spam Detection
Posted by Secure Computing SWAT Team
Web spam pages are pages that attempt to mislead search engines and get a high search result ranking without hosting any useful content. Because of potential ad revenue generated by the search engine traffic, the amount of Web spam has been increasing dramatically and deteriorating search engine accuracy. Secure Computing Research team recently took part in [...]
More
Web 2.0 Threat - Critical Vulnerability In "Ask Jeeves" Toolbar For Internet Explorer
Paul Henry, Secure Computing Vice President of Technology Evangelism
A buffer overflow in an Active X control in the Ask Toolbar can allow a remote attacker to assume complete control of a user's PC. Full vulnerability description is available here.
POC code has been [...]
More
Web 2.0 Threat - XSS May Impact 200k Google Search Appliance Users
Paul Henry, Secure Computing Vice President of Technology Evangelism
Security researcher Maluc has found an XSS in the Google search appliance that may put 200k users at risk. In the simplest of terms the Google search appliance allows any encoding method to be used which can then [...]
More
Web 2.0 Threat - Steal GMail contacts and Forward email
Paul Henry, Secure Computing Vice President of Technology Evangelism
A new Google XSS exploit has been posted to the Internet that steals GMail contacts as well as a second POC that can transparently forward your Gmail email to the [...]
More
|
|
