Motley cabal of online hacker and librarians. All about online hacking and more ...

Posts tagged Malware

Smartphone’s Having Serious Risk from Malware

Dec15
2010 Written by admin

Smartphone’sSmartphone users are increasingly at risk of a cocktail of spyware and phishing scams, although data leaks and disclosure of sensitive information is the most common hazards, according to a new report.

European Network and Information Security Agency (ENISA) has said that the risk of maximum security and opportunity for Smartphone and dishing advice to consumers and businesses.

It’s a biggest risk to users: spyware, data cleansing poor when phones for recycling, accidental data leakage and unauthorized Premium phone calls and SMS.

It is perhaps no surprise that criminals are increasingly targeting Smartphone’s as they soar in popularity with Gartner figures revealing that some 80 million smart handsets were sold in Q3 2010 alone.

Apparently the biggest risk to Smartphone users is relatively low-tech: having their phone nicked. An unprotected memory lets an attacker access the data on it, according to the report.

The second largest threat is a Smartphone owner giving their phone to someone else or disposing of it without wiping the data correctly…again, similarly low tech and gift for cyber criminals.

More worrying though is the report’s discovery that unintentional data disclosure is the third biggest risk. It reckons that while most apps have privacy settings, many users are unaware of forget that data is being transmitted and have no clue about how to tweak security settings.

Phishing attacks reportedly pose a ‘serious’ risk to Smartphone users via fake apps or seemingly genuine text messages, while spyware defined as ‘any software requesting and abusing excessive privilege requests’ is also a big problem.

Completing the top 10 of Smartphone risks are: network spoofing attacks, surveillance, diallerware, financial malware designed to steal credit card numbers and network congestion.

“Given the growing importance of Smartphone’s for EU businesses, governments and citizens, we consider it essential to assess their security and privacy implications.” says Prof. Dr.Udo Helmbrecht, executive director of ENISA.

However the report was not all doom and gloom as it recognised back-up data opportunities on Smartphone and the benefits of app stores.

It listed the opportunities as: sandboxing apps, controlling software distribution, remote app removal to aid the removal of malware, backup and recovery functions ‘to address risks to data availability,‘ extra authentication and encryption options plus the very diversity of Smartphone’s, which makes it tricky for criminals to attack a very large number of users with a single virus.

To maximize opportunities and minimize threats, the report detailed a long series of recommendations for Smartphone users, including advice that consumers use automatic locking, reputation and source control before downloading applications, a careful reading of permit applications and wipe off any handset and they have plans for disposal.

Tagged , ,

Targeted Malware, Spam is Growing in 2011

Dec03
2010 Written by admin

Targeted MalwareMalicious Web sites and applications increasingly target mobile phone users in 2011, devices such as tablet PCs and Smartphone’s are an even greater combination of Information Technology Company.

As reported by E-Security Planet, security software vendor Symantec expects attacks aimed to increase dramatically as hackers develop its capacity to collect data from social networks and consumer sites to develop campaigns that are more likely to catch their prey.

Trojans, viruses and worms like Stuxnet will also find their way into more critical infrastructure systems as malware authors seek out more high-value targets for their wares.

And while the overall volume of spam decreased significantly in the second half of 2010, Symantec offers a marked increase in spam directed language, especially in Europe and Asia. In 2010, about 95 percent of all spam was in English, but that figure should drop to about 90 percent in 2011 while the Portuguese and Spanish spam will increase significantly.

Tagged

Panda Security Reported Says “One-Third of All Malware Created in 2010”

Nov24
2010 Written by admin

Malware

Wednesday, Panda plans to publish the information gathered by its anti-malware laboratories indicating that almost a third of all known malware has been created in the first ten months of 2010. In addition, the report will add that, in general, most malware was created this year than in all of 2009.

Laboratories of Panda Anti-Malware are scattered around the world to form the backbone of their networks of collective intelligence. It is from these nodes that engineers are able to monitor and control the lifecycle of malware.

According to the report, Panda identified 134 million separate files, 60 million of which are Malware. Of that, 34 percent of all the active threats were created in the first ten months of 2010. So far, there have been 20 million new threats detected by Panda this year, which is the same total detected in all of 2009.

Moreover, the report says that the average number of threats created daily, including new Malware and variants of existing families, has risen from 55,000 in 2009 to 63,000 in 2010.

The reason for the growth, which is just under 15 percent, is due to the shortened lifecycle for the typical threat. Criminals have been forced into a corner, creating new variants and payloads just to beat the clock, as the average lifespan of a piece of Malware is just 24 hours in some cases.

As vendors such as Panda, Symantec, Trend Micro, and McAfee are able to use global networks to detect, process, and mitigate new Malware, the criminals have to react just as quickly.

It is entirely common to see a strain of Malware designed and deployed in order to infect a small number of systems, only to be replaced by a new version the following day. Panda’s Sean-Paul Correll, who spoke with The Tech Herald about the report, mentioned that at one point the criminals behind the Mariposa botnet would need to release updated binaries four or five times a day to keep up with detection rates.

“Since 2003, new threats have increased at a rate of 100 percent or more. Yet so far in 2010, purely new malware has increased by only 50 percent, significantly less than the historical norm,” Luis Corrons, technical director of PandaLabs commented in a statement.

“This doesn’t mean that there are fewer threats or that the cyber-crime market is shrinking. On the contrary, it continues to expand…It seems [criminals] are applying economies of scale, reusing old malicious code or prioritizing the distribution of existing threats over the creation new ones.”

These Malware figures come just a week after Panda examined the state of Rogue anti-Virus software. According to that study, 40 percent of all Rogue anti-Virus applications were created in 2010. When you compare the Rogue anti-Virus counts with the malicious samples overall, fake anti-Virus software accounts 11.6 percent of all Malware.

Since the detection of rogue anti-virus for the first time in 2006, there were 5,651,786 unique variants detected. Of this amount, 2,285,629 of them were created between January and October this year.

According to Panda, 46.8 percent of all computers worldwide were infected with a type of malware. Of the remaining 5.4 percent were infected with rogue anti-virus.

Tagged ,

Malware Attacks Increasing Continuously

Nov20
2010 Written by admin

Malware Attacks Increasing ContinuouslyAccording to Cisco’s Global Threat Report, the pharmaceutical and chemical industry had been attacked by malware, 372 percent more frequently in recent months as they were earlier this year. Energy and oil industry has been threatened more often, compared to 209 per cent growth. Another malware has been the growth of agriculture and mining, has been attacked169 percent more.

Among the various malware threats, the report shows Rustock botnets are the most popular.”

Mary Landesman, manager of market intelligence at Cisco says, “The botnet is considered one of the largest providers of spam and was most predominantly associated with the shipment of counterfeit medicine and see spam,”

Overall, 65 percent of malware attacks were prevented by antivirus software. Java, Adobe Acrobat, Adobe Reader and Adobe Flash were targeted most frequently by successful malware. On average, users faced 133 attacks every month.

Recent research by a group of French experts, said the malware is becoming more sophisticated. Dark Reading reports that the group has found malware and now can attack computer’s hardware and is no longer restricted to intimidating software and information alone.

Tagged

Web Malware Amplified in Third Quarter

Nov19
2010 Written by admin

Web MalwareCisco’s 3Q10 Global Threat Report described that, The Exploits of Sun Java by web malware amplified in the month from July to September. The malware attack was noticed 5% in July to 7% in September.

According to the Cisco’s Report, at the same time, Exploits of Adobe Reader and Acrobat declined over this quarter, it was 1% in September, while in July it was 3%.

“We hear so much about exploits of Reader and Acrobat and not as much about the exploits targeting Sun Java. When we look at the actual numbers, we find that Sun Java exploits are much higher. That was a shift that started in the first quarter”, said Mary Landesman, market intelligence manager at Cisco.

Landesman told Infosecurity that the increase in Sun Java attacks was the result of the development of a public exploit code for Java made available in the first quarter. So attackers began to focus on Java, and Java was put at the top of the exploit list.

“If the first [attack] succeeds, there is no need to move onto the second one. This increased the number of exploits of Java and decreased the number for other exploits, such as Adobe Reader and Acrobat”, she said.

Many users are unaware that they have Java on their computers. Also, Sun’s security updates for Java are unpredictable. These both contributed to Java’s vulnerability to malware attacks, she observed.

In addition, the report found that the pharmaceutical and chemical sector was most at risk for web malware attacks in the quarter, far outpacing attacks on the energy and oil sector and agriculture and mining sector. At the least risk was the aviation and automotive sectors

The pharmaceutical and chemical sector has always been in the top three in terms of malware attacks in the Cisco report. Landesman said that this is likely due to the sector’s high level of intellectual property, which tends to attract malware attacks. “We found that sectors [with more intellectual property], like pharmaceutical and chemical and energy and oil, tend to have a higher rate of encounter with password stealing and data theft trojans”, she said.

The report also found that spam volumes were highest in August, primarily as a result of the Rustock botnet, which accounted for 21% of all events handled by Cisco. This botnet is one of the largest purveyors of spam, primarily counterfeit drug and watch spam, Cisco noted.

The report also showed that during the course of the largest LinkedIn spoofing in mid-September, the malicious LinkedIn email comprised a significant 31.26% of all spam for that period.

Landesman noted that those who fall for counterfeit drug spam are victimized twice. First they are victimized because they are paying for something that they do not receive, and what they do receive could be harmful.

This Cisco’s Report notified that 10% of web malware was encountered via search engine traffic or service. While around 7% of all web malware encounters resulted from Google referrals. The malware encounters resulted of yahoo is 2% followed by Bing at 1%, and Sina at 0.1%.

Tagged ,

IE Added Malware Attack Kit

Nov10
2010 Written by admin

IE Malware Attack KitA known vulnerability exploits used that can be used to compromise Internet Explorer version 6, 7 and 8 has been added to Eleonore malware attack kit, which increases the chances that more use will occur in the wild, according to a security expert.

AVG chief research officer “Roger Thompson” wrote on his blog on Sunday that “we’ve begun detecting in the Eleonore Exploit Kit. This raises the stakes significantly, because it means that anyone can buy the kit for a few hundred bucks and have a zero-day work.

The weakness — which is already being exploited in the wild — can allow attackers to remotely execute code without a user’s knowledge. Exposure to the exploit usually takes place by tricking a user into visiting a website containing malicious code. A drive-by attack then takes place, in which the attacker executes code on the target machine.

Microsoft acknowledged the existence of the weakness on 3 November. “It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution,” said the company in a security advisory.

The advisory also notes that, if required, Microsoft will consider issuing an out-of-cycle security update, or providing a fix through its regular “patch Tuesday” monthly update.

However, according to Thompson, Microsoft may be forced to issue an unplanned fix.
“What this means to Microsoft, is that they should consider issuing an out-of-band patch. What this means to you, if you’re a non-geek, is that until Microsoft releases said patch, you should install something that’s pretty good at detecting and blocking web-based attacks.”

Microsoft has released the mitigation techniques to protect users until a patch is released. Workaround is to enable Data Execution Prevention (DEP) for Internet Explorer 6, 7 and 8. Internet Explorer 8 comes with DEP enabled by default. Microsoft has also provided instructions on how to use user-defined CSS also temporarily remove the threat.

Tagged ,

Amplified Focus on ZeuS Malware

Oct13
2010 Written by admin

The crimeware toolkit ZeuS has made current headlines lately by garnering attention of the FBI, and for the new components that allow hackers to break into BlackBerry and Symbian phones.

Such a tense focal point on ZeuS in the news and by foremost security software manufacturers allows for other complicated malware to take a stronger grip in the marketplace, according to a Security Week report. For instance, the Bugat suite is listed by McAfee as a Very Low Risk Level 1 threat.

A recent LinkedIn attack was initially credited to ZeuS, fueling more focus away from the increasing popularity of Bugat. But in reality Bugat was what hackers used in this particular scheme.

Although it isn’t as widespread, the Bugat trojan is just as capable of retrieving illicit credentials and providing profit for the botnet operators. The goal of Bugat is to retrieve financial login information, and have the botnet perform high value wire transfers with the stolen data.

Bugat operates by launching a .exe that monitors the URLs you visit and captures your login details. In addition, in some instances, Bugat will actually modify the look of the login page to gain additional personal information.

Bugat distributes the standard frustrating pieces of malware as well, allowing for unknown file transfers, launching of unintended programs, and rendering windows inoperable. Once it finishes mining data and collecting login credentials, the .exe sends the data back to the botnet to have the illicit transfers executed.

The desired targets are business owners, as automated payments to random resellers may go undetected for some time from large coffers. A standard personal bank account while it may provide the keys to full on identity theft is more work for less return.

As long as the security news of crimeware toolkit ZeuS is of FBI raids–and not gaping security holes affecting the public–we can take some comfort in knowing that the better hackers are on our side. The give and take of malware and the security industry could appear to be miserable, as new threats occur regularly, and in the case of Bugat, old threats return to the surface as newer threats draw all the attention. How ever the security industry remains attentive.

Tagged ,

Ubiquity – Symantec Stepping up Against Malware

Oct06
2010 Written by admin

Symantec is accelerating its fight against malware with the introduction of its next-gen platform dubbed “Ubiquity”.

“Now, traditional protection methods require analysis of specific strains and an initial capture of malware. But Ubiquity takes a fundamentally different approach to help secure infrastructure from the latest and most targeted threats.”

Ubiquity analyzes the anonymous software usage patterns of more than 100 million Symantec-shielded PCs – allows the security company to more effectively protect against micro-distributed, mutating threats.

“Ubiquity adds a new layer of protection that bolsters our existing defenses, such as intrusion prevention, as well as behavioral and heuristic detection capabilities,” explained Symantec senior VP Stephen Trilling.

According to Trilling, Ubiquity operates by formulating a security rating for each file based on specific (anonymous) user-generated data – including origin, age, adoption patterns and other proprietary calculations.

“While attackers can easily mutate a malware file’s contents to make it invisible to traditional signatures, they have far less control over these crowd-based demographics.

“However, Ubiquity doesn’t just maintain data on malicious programs, but keeps ratings for virtually every legitimate application on the Internet as well.”

Indeed, Ubiquity’s reputation database currently contains safety ratings on more than 1.5 billion “good” and “bad” executable files, with an average weekly “recruitment” rate of 22 million.

“Interestingly, based on Ubiquity-generated data, we have determined that more than 75 percent of malware affects fewer than 50 Symantec users.

“This statistic highlights the movement toward high-impact, low-distribution targeted threats and shows the need for standing technology, like Ubiquity, to protect against such malware,” added Trilling.

Posted in Security Software - Tagged , ,

Over a Million Websites Served Malware in Q2

Sep18
2010 Written by admin

Over a million websites were compromised by malware in the second quarter of this year, according to a report from security firm Dasient.

The report was compiled from the company’s telemetry systems which, it claims, monitor millions of websites daily. The figures are then extrapolated to render infection rates across the internet.

Malware attacks appear to be rising at a rate averaging around 24 per cent according to the numerous research figures on the internet. Dasient’s own figures show 56,000 websites poisoned at the end of last year followed by 720,000 in the next quarter. With the new figure of 1.3 million the trend seems to be a rapidly rising curve.

Malvertising is an area of concern, according to the research team.

Malicious online advertising, or malvertising, is an area of concern, according to the company. They look like harmless adverts but deliver malicious code when they are clicked on or lead the victim onto a more treacherous website.

It was estimated that 1.6 million malvertisements are served every day. Usually, the website owners soon eliminate them but the attackers have discovered a way to gain time. By posting the ads at the end of the week they usually have a few days before a webmaster comes anywhere near the site and then the malvert has to be discovered.

The researchers reckon that the average malvertising campaign can last for 11.5 days before being eradicated.

Another attack highlighted is the use of third-party widgets on sites. It appears that 75 per cent of websites import JavaScript widgets for building the site. If just one of these becomes infected it will potentially affect hundreds of thousands, dependent on the widget’s popularity.

A further 42 per cent of sites use advertising-related resources to manage their own in-house ads or to show third-party ads on auxiliary sites. Even financial websites have been known to fall for this but the main villains are publisher sites.

The Dasient team offers the following advice: “The malware epidemic is not slowing down – on the contrary, it’s exploding. Now is the time for businesses to educate themselves on how they can put safe security practices in place for their websites to protect their customers, their brand and their revenue. The first step is to make sure they are not exposed by monitoring their websites for malware regularly.”

Tagged
« Older Entries Newer Entries »
wordpress visitor
© 2011 USRlib.info