The authors of the BlackHole exploit toolkit have updated their creation to include new functionality that will automatically redirect users from a compromised website to one that serves the malware, according to researchers at Symantec.
The problem for BlackHole's creators has been when users visit a hacked website containing a JavaScript-enabled IFRAME that doesn't link to any malware.
Researchers at Kaspersky Lab said Friday that they have come across a new "advanced persistent threat (APT)" campaign targeting Uighur activists who use Mac OS X.
The backdoor, dubbed MaControl.b, is being used to spy on Uighur dissidents. On Wednesday, researchers said they discovered the "new wave" of APT attacks targeting the Turkik-speaking Muslim group, which mostly lives in the northwest Chinese province of Xinjiang.
In an over-crowded antivirus software market, end and corporate users are often finding it difficult to differentiate between a value-added market proposition, next to the “me too” vendors of solutions. As in every other market segment, any scientific insight into the market share of various vendors offers an invaluable perspective into the market dynamics, what are customers purchasing, and most importantly, are they living in a world of ‘false feeling of security’.
Researchers have uncovered another worm capable of industrial espionage, this time stealing "tens of thousands" of blueprints and product designs from computers in Peru.
Medrea is an information-stealing worm capable of ferreting out AutoCAD drawings on infected machines, and transferring the files by email to accounts based in China, ESET researchers said Thursday. The worm, dubbed ACAD/Medre.A, was discovered in February, but recently increased in activity, Righard Zwienenberg, a senior research fellow at the security firm, said in a blog post.
The United States and Israel developed the Flame malware to gather intelligence on Iranian networks ahead of the attack by Stuxnet.
Unnamed sources speaking to the Washington Post said the espionage malware was developed under the same "Olympic Games" internal project which reportedly gave rise to Stuxnet.
F-Secure’s Chief Research Officer Mikko Hypponen has recently explained why security companies have failed to catch malware like Duqu, Stuxnet and Flame before they became widely known.
In an article written for Wired, Hypponen admitted that the antivirus industry had failed because it couldn’t see that Flame, which had been in their possession since 2010, could pose a serious threat.
The Honeynet project has picked up research by a German student to trap malware designed to spread via USB keys.
USB-distributed malware – like Stuxnet and its bloated cousin, Flame – presents problems for network-based security, since they don’t spread through the network.
The Flame cyber-attack that targeted computers across the Middle East has been linked to the Stuxnet worm, which is believed to have been orchestrated by the US and Israel to attack Iranian nuclear centres.
Speaking at the Reuters Global Media and Technology Summit on 11 June, Eugene Kaspersky, chief executive of the Russian security firm that bears his name and which discovered the Flame virus in May, said his team of researchers have found that Flame shares an almost identical piece of code with a 2009 version of Stuxnet.
With all the attention on the Flame malware, there's a great post over at Wired by F-Secure's Chief Research Officer, Mikko Hypponen, explaining why various security firms totally missed Flame (and Stuxnet and DuQu) for quite some time -- despite samples having been sent all the way back to 2010. What's refreshing (even as it's surprising) is to see someone so forthright about this being a failure on his part:
Attackers behind espionage software that infected Iranian computers targeted hard-to-exploit weaknesses in a cryptographic algorithm, a feat that allowed them to counterfeit a Microsoft digital credential, a member of the company's security team said.
