Morto, the first-ever worm to spread via Windows Remote Desktop Protocol (RDP), is not only unique because of its propagation mechanism – it also uses a novel vector, domain name system (DNS) records, to communicate with infected machines, a Symantec researcher said Wednesday.
The DNS is a critical component of internet infrastructure that translates IP addresses into memorable domain names.
There is a significant gap in today’s enterprise IT defenses, as advanced malware and targeted attacks are easily evading traditional defenses, such as firewalls, intrusion prevention systems, antivirus, and Web/email gateways, according to FireEye.
99% of enterprises have had malicious infections entering the network each week with 80% of the enterprises facing more than a hundred new cases per week.
It’s retro day in the world of Internet security, with an Internet worm dubbed “Morto” spreading via the Windows Remote Desktop Protocol (RDP).
F-Secure is reporting that the worm is behind a spike in traffic on Port 3389/TCP. Once it’s entered a network, the worm starts scanning for machines that have RDP enabled. Vulnerable machines get Morto copied to their local drives as a DLL, a.dll, which creates other files detailed in the F-Secure post.
Researchers have uncovered evidence that the infamous Zeus login-stealing Trojan has been blended with the Ramnit worm to create hybrid malware that can attack online bank accounts while spreading across networks.
Security company Trusteer said it recently discovered a mutant version of Ramnit that appeared to be using a man-in-the-browser (MitB) web injection module to trick bank customers into handing over their logins details, a technique straight out of the Zeus (aka 'SpyEye') design book.
Transocean, the offshore drilling contractor at the center of the world's biggest marine oil spill in the history of petroleum production, has been caught spewing a virtual sort of toxic sludge, according to a report released Thursday.
The July security threats analysis from Eset claims that the infamous Win32/Conficker - along with INF/Autorun and in32/Sality - headed the top three malware chart for the month. According to the East European IT security vendor, during last month, INF/Autorun was the most popular type of threat in both Europe (5.27%) and globally (6.51%).
The MetService has confirmed visitors to its website in the past few days may have contracted a computer virus from malware hidden in online advertisements on the site.
The state-owned enterprise said it became aware of the issue at 8pm last night and immediately shut down the computer server that served up advertisements on its website to prevent more people being infected. Computer users would not necessarily have needed to click on an advertisement to be infected.
The source code of the notorious SpyEye toolkit has been leaked, fueling speculation that one of the largest criminal malware families could become an even bigger threat.
SpyEye, which surfaced in late 2009 and immediately started to compete against users of the Zeus banking malware toolkits, targets account credentials and other sensitive data. Leaking the SpyEye source code gives security researchers valuable information about the malware and the techniques of the code writers, but it also opens the door for other cybercriminals to create new variants and attack techniques.
Symantec has discovered a new Trojan malware app circulating for the Android OS. The app is a rogue version of a controversial app involving dog fighting, and is aimed at sending a hacktivist message.
Dog Wars is a game that involves raising your dog to be the most vicious dog on the circuit and taking on other virtual dogs in fights to the death. The app itself is offensive to many -- in fact, it prides itself on being so provocative that you would never find something like it on the iPhone app store.
Last week, we reported on ANDROIDOS_NICKISPY.A and ANDROIDOS_NICKISPY.B, Android malware that recorded phone calls made from infected devices then sent stolen information to a remote site.
