Internet threat news

User Rating: / 1
PoorBest 

Malvertising is becoming increasingly prevalent as an effective way for hackers to spread malware across the Internet. Now, it seems that one of the largest and most popular websites in the world, YouTube, is being targeted by hackers who have successfully inserted malicious advertisements into legitimate advertising channels in an effort to install malware on the computers of people clicking on YouTube advertisements. When a user clicks on an ad, traffic is directed through legitimate advertising aggregators before the traffic is rerouted to compromised websites serving malicious follows. It appears hackers are doing this by modifying the Domain Name Service information to automatically redirect advertising traffic to malicious sites serving Sweet Orange and other malware variants.

   
User Rating: / 1
PoorBest 

A still-unidentified cyberespionage group has been discovered that is using advanced spear phishing techniques to steal email login credentials from employees at high level targets including embassies, military agencies, international media outlets and defense contractors. Although the origin and whereabouts of the group behind this attack are still unknown, security experts are referring to the attack as Operation Pawn Storm and it appears this operation has been going on covertly since 2007. In the past, this group has relied heavily on spear phishing email campaigns to distribute malicious Microsoft Office file attachments that are designed to install a backdoor in the operating system for remote code execution.

   
User Rating: / 2
PoorBest 

Recently, hackers released a variant of the Dyre banking Trojan designed to target users of the popular sales platform Salesforce.com. In early September, Salesforce notified customers that they may be targeted by Dyre (also known as Dyreza) — a key logger designed to harvest user login credentials. More traditional Dyre campaigns target large financial institutions, but the variant affecting Salesforce customers was attached to an email that installed Dyre once opened.

   
User Rating: / 1
PoorBest 

Russian hackers, operating under the name of the “Sandworm team”, are targeting government leaders and institutions including the North Atlantic Treaty Organization (NATO), European Union and Ukrainian governments and academic targets in the United States. At least one U.S. academic was specifically targeted for his work and focus on Ukrainian issues. Based on recent analysis by security firm iSight, a company that has been watching Sandworm since last year, this cyber espionage campaign has been slipping into Windows computers for over five years — specifically extracting information pertaining to intelligence and diplomatic affairs in Ukraine.

   
User Rating: / 1
PoorBest 

Security experts recently uncovered a new and extremely dangerous botnet that has already infected an estimated 500,000 computers worldwide. Known as Qbot or Qakbot, this new botnet is designed to sniff packets related to online banking transactions. At the time of this writing, over 800,000 unique online financial transactions have been intercepted. Most of these are from at least five major United States banks, although security firm Proofpoint (the firm responsible for discovering Qbot) states that many large European banks are also being actively targeted. According to reports, Qbot started when a group of Russian cybercriminals obtained administrative login credentials for Wordpress sites via an underground marketplace. Malware was uploaded to these sites so visitors would become victim to the ever-so-popular drive-by download.

   
User Rating: / 1
PoorBest 

You may have heard about a recent security scare that many websites have been quick to compare to Heartbleed and other serious vulnerabilities that have been recently discovered. In case you are unfamiliar, Shellshock is a vulnerability affecting Linux/Unix and some OSX (Apple) computers whereby a hacker can remotely execute code from the terminal (known as Bash). This vulnerability is due to a coding oversight that allows certain variables to be read as commands by the terminal. Although the use of Linux for home computers is still relatively limited, Shellshock could spell big trouble for many large corporations that rely on Linux or Unix-based systems for many backend functions. This blog decided not to cover Shellshock previously because it does not affect Windows machines. However, security researchers have recently discovered that Windows has many similar vulnerabilities that could allow for remote code execution via the Windows terminal.

   
User Rating: / 3
PoorBest 

Police officers exist to protect us, right? So it shouldn’t come as much of a surprise when the local police department offers us - citizens of the United States - a tool designed to protect our children from the dangerous place colloquially known as the Internet. Unfortunately, it appears local police departments would rather follow in the footsteps of the NSA and spy on everything we do online, illicit or not. ComputerCOP is a free Internet security software offered by law enforcement agencies around the country. This software is purportedly designed as a way for parents to keep an eye on what their children are doing online.

   
User Rating: / 1
PoorBest 

A Greek security researcher recently uncovered a new malware campaign that takes advantage of two well-known programs to avoid detection by most antivirus solutions while functioning as a keylogger capable of stealing all keystrokes made on an infected machine. These keystrokes — which often include sensitive personal and financial data — are then sent discreetly to the cybercriminals behind the attack. This new threat is comprised of two unique pieces of software. The first is a well-documented keylogging program known as Limitless Keylogger.

   
User Rating: / 2
PoorBest 

A Distributed Denial of Service (DDoS) attack is nothing new. In fact, this technique has been used by hackers practically since the Internet came online and continues to be an effective way to disrupt network services. DDoS attacks have another purpose as well. The Gameover Zeus botnet was often installed on networks during massive DDoS attacks used to distract IT security personnel from the malware infection. By the time the DDoS attack would subside, Gameover was already installed and it could be days before the breach was even noticed. Perhaps the biggest drawback (from a hacker's perspective) to using a DDoS attack is that most common techniques used (such as synchronize (SYN) attacks, User Datagram Protocol (UDP) attacks, and GET request flood attacks) are extremely well-documented and easy to block once a network is properly configured.

   
User Rating: / 1
PoorBest 

As more devices become Internet-ready – luring consumers with the dream of an automated lifestyle – new malware is being designed to take advantage of this technology trend. Smart thermostats and other appliances have even been used in large-scale Distributed Denial of Service (DDoS) attacks. In fact, one such attack was recently recorded at 215 Gbps and over 150 million packets per second. This DDoS attack was performed using a new malware toolkit known as Spike. Security experts have watched as the Spike Toolkit was ported from Windows, to Linux and even ARM-based platforms.

   
User Rating: / 5
PoorBest 

Twitch is a popular video game streaming site recently acquired by Amazon. According to Finnish security firm F-Secure, a rogue Twitch account is being used to launch a malware campaign targeting users of a popular game distribution platform known as Steam. The malware, called Eskimo, operates by sending automated spam messages from a Twitch account using the service's built-in chat function. Users receiving the rogue message are asked to click on a link which supposedly allows them to enter a raffle for sought-after items in Counter Strike: Global Offensive; a popular game distributed through Steam.

   
User Rating: / 1
PoorBest 

A banking Trojan known as Tiny Banker, or Tinba, was first discovered over two years ago when it infected thousands of computers in Turkey. The malware is extremely small at only 20 Kb (hence the name) and is capable of injecting rogue HTML fields into websites when it has detected that the victim has navigated to an online banking site. The injected HTML fields typically ask users for sensitive personal and financial information – information not usually required on most online banking portals. Recently, anti-virus and security security company Avast analyzed a new version of Tiny Banker that appears to target customers in the United States. Specifically, Tinba is now programmed to target major U.S. banks including Wells Fargo and Bank of America.

   
User Rating: / 1
PoorBest 

A couple months ago this blog reported that the Gameover Zeus botnet — a notoriously dangerous Trojan responsible for distributing Cryptolocker ransomware — was shut down by an international task force code named Operation Tovar. This task force included members of the U.S. Department of Justice, multiple law enforcement offices, foreign government agencies and private security firms from around the world. The goal was to destroy the Command and Control servers responsible for sending instructions to millions of infected PCs and for the most part, the operation was considered a success.

   
User Rating: / 2
PoorBest 

Recently, this blog covered the alarming increase in fileless malware such as Poweliks. This dangerous new type of malware is undetectable by most modern antivirus solutions because the malware does not actually install any files to the computer hard drive (installing files is a red flag for most antivirus programs). Fileless malware isn’t exactly new but the problem has always been that the malware disappears after the computer is rebooted. Newer variations like Poweliks have figured out a way to load themselves via system registry entries every time the machine is booted resulting in persistent fileless malware that is almost impossible to detect and just as difficult to remove.

   

Page 1 of 10

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>