Skip to main content

Viruses & Malware

Gameover trojan hides in SSL

posted onOctober 7, 2013
by l33tdawg

Saboteurs spreading the Gameover banking trojan are using an encrypted secure sockets layer connection to remain undetected and have infected at least a quarter of a million machines.

Researchers at Dell SecureWorks Counter Threat Unit (CTU) detailed attackers' latest schemes to spread the financial malware in a blog post published last Friday.

Malwarebytes puts antivirus cleanup program on a USB stick

posted onOctober 7, 2013
by l33tdawg

 Security firm Malwarebytes has designed a USB stick that can plug into any PC to automate the process of finding, logging, and cleaning up a range of malware.

Called Techbench, the product is a key-shaped USB flash drive designed to get around the need to install software on every system being inspected for malware. Simply plugging in the drive starts the scanning process which can be left to complete on its own before a log file is saved.

Many Security Professionals Don't Understand Modern Malware

posted onOctober 2, 2013
by l33tdawg

One of the most famous quotes attributed to Sun Tzu is, “If you know your enemy and know yourself, you need not fear the results of a hundred battles.” This statement should certainly apply to the current cyber threat landscape. Security professionals should have strong knowledge about new types of malware, the cybercrime market, and the tactics used by cyber adversaries so they can design and implement the appropriate countermeasures.

Mevade botnet miscalculated effect on Tor network, says Damballa

posted onSeptember 17, 2013
by l33tdawg

The migration of the 'Mevade' botnet to use the Tor anonymity network was most likely a botched attempt to hide that has ended up having the opposite effect, security firm Damballa has speculated.

News that something was afoot came after a huge spike on Tor from 19 August onwards, which caused a doubling of traffic on a single day to just over one million connections per day. Three weeks later and Tor’s daily connections have hit 4 million per day, with no end to the rise in sight.

So-called CNN emails on U.S. bombing Syria lead to exploit kit

posted onSeptember 10, 2013
by l33tdawg

Malicious emails, craftily disguised as breaking news from CNN that the U.S. is bombing Syria, are making the rounds online, researchers warn.

According to Roel Schouwenberg, a senior anti-virus researcher at security firm Kaspersky, who blogged about the phishing campaign last Friday, the emails actually contain shortened links leading to an exploit kit that targets vulnerable Adobe Reader and Java software.

More often, however, phishers prefer to use the “more reliable” Java exploits, he wrote.

Citadel botnet resurges to storm Japanese PCs

posted onSeptember 4, 2013
by l33tdawg

Through investigation and collaboration between our researchers and engineers, we discovered a malicious online banking Trojan campaign targeting users in Japan, with the campaign itself ongoing since early June of this year. We’ve reported about such incidents in the past, including in our Q1 security roundup – and we believe this latest discovery shows that those previous attacks have been expanded and are a part of this particular campaign.

Taiwan bids to bolster security with free malware database

posted onSeptember 2, 2013
by l33tdawg

Taiwan’s National Centre for High-Performance Computing (NCHC) has launched what it claims to be the world’s first free malware database designed to help businesses, academics and researchers better identify and defend against criminally-coded attacks.

The centre, one of the 11 which comprise Taiwan’s National Applied Research Laboratories, teamed up with the Ministry of Education and 20 universities back in 2010 to kick off the ambitious project, according to the country’s Central News Agency (CNA).

Virus targets social networks in new fraud twist

posted onAugust 19, 2013
by l33tdawg

In the world of cyber fraud, a fake fan on Instagram can be worth five times more than a stolen credit card number.

As social media has become increasingly influential in shaping reputations, hackers have used their computer skills to create and sell false endorsements - such as "likes" and "followers" - that purport to come from users of Facebook, its photo-sharing app Instagram, Twitter, Google's YouTube, LinkedIn and other popular websites.

Blaster from the past: The worm that zapped XP 10 years ago

posted onAugust 16, 2013
by l33tdawg

Ten years ago this week, the Blaster worm swept through Windows XP and Windows 2000 networks, bringing some government agencies to a halt and perhaps contributing to a major power blackout in the Northeast U.S.

Blaster, also dubbed the DCOM Worm and Lovsan, first appeared on Aug. 11, 2003, and exploited a known Windows vulnerability in a component that handled the RPC (Remote Procedure Call) protocol. Microsoft had patched the bug the month before.