Internet threat news
Last week marked the end of an era. As of April 8, 2014, Microsoft is no longer providing support to the still widely used Windows XP operating system that was first introduced to the world in 2001. While most people who have purchased a new computer any time in the last few years probably have a newer version of Windows already installed, approximately 30% of the computers currently connected to the Internet still rely on the XP operating system. While this news doesn’t mean that computers running Windows XP will stop working, the process of creating an unsecure OS has begun. Microsoft has even gone so far as to dub the condition of XP as “zero day forever” because the absence of future support presents a host of security risks that are nearly unavoidable.
GoGo is an in-flight Wi-Fi provider that offers Internet service on more than 6,000 aircraft. Many Frequent Flyer programs offer customers free or discounted service via the GoGo service and other passengers can pay a nominal fee for access on flights throughout the country. Recently, documents have come to light that prove GoGo not only complies with federal law, but actually goes well beyond the requirements set forth by the federal government to give law enforcement even more information than previously thought. Much of this information was discovered by Christopher Soghoian of the American Civil Liberty Union in recent Federal Communications Commission filings about the company.
Millions of websites rely on OpenSSL technology to encrypt communications between web servers and visitors. Usually, OpenSSL is employed when sensitive information is being transmitted via a user’s web browser. Both personal and financial data (i.e. paying for online goods and services) are protected by OpenSSL – a technology that has been trusted for years by websites large and small. Researchers recently uncovered a critical vulnerability in OpenSSL and the release of a simple exploit known as the Heartbleed bug. Heartbleed can be used to steal the usernames and passwords from affected websites.
The popular Android mobile operating system has fallen victim to numerous malware variations in recent months, but now Android hackers have “graduated” to using botnets powered completely by Android smartphones. The new threat actually targets smartphone users banking at Middle Eastern financial institutions. Disguised as a banking app, this botnet has already infected at least 2,700 smartphones and has intercepted over 28,000 text messages. Officially, this botnet does not have a name, but security experts are calling it “Sandroid” for now. Victims unintentionally install the malware because it comes bundled with apps designed to mimic the standard two-factor authentication modules used by mobile banking applications.
Hackers have traditionally used “hot” news stories as a way to trick unsuspecting people into clicking on fake emails with varied malicious intents. Many of these links take users to phishing pages or to exploited links full of drive-by downloads and other malware. One of the biggest stories around the world right now is Malaysia Airlines Flight MH370. For those who are unfamiliar with the story, a large commercial aircraft disappeared from radar and has yet to be recovered. The story is even more intriguing because experts are now reporting that the plane was apparently hijacked and flew for up to six hours in an unknown direction before seemingly disappearing from the face of the Earth. The popularity of this news story on both conventional and social media outlets has provided a perfect topic for hackers to focus on and so far, thousands of people have already been tricked as a result of this email scam.
The popular jam and jelly maker Smucker’s began notifying visitors that the website has been temporarily shut down because of a security breach that may have jeopardized customers’ personal financial information. While Zeus and other banking Trojans are designed to steal data from infected PCs, the information provided by Smucker’s about this breach states that the malware was actually designed to steal data from Web server applications. In case you are not familiar with banking Trojans, they typically operate by siphoning information using two techniques. First, these malware variants can snarf passwords stored in the browser cache. Also, banking Trojans use a technique known as “form grabbing” – which refers to the capturing of data entered into a form field within the web browser before it has been encrypted by the SSL session.
For many years, Russia has been home to many notorious underground cybercrime scandals and it seems that many of the dangerous breaches reported on this blog are at least tied to Russia somehow (even if they don’t necessarily originate there). A German security and antivirus detection firm known as G Data Security has uncovered data that seems to implicate the Russian government is behind the creation of a dangerous new malware variant known as Uroburos. Although G Data Security cannot definitively point a finger at the Russian government, there is ample evidence that certainly suggests Russian government involvement. The overall complexity of the malware, the presence of Cyrillic words within the source code, filename conventions, encryption keys and the overall behavior of the program all suggest the Russian government is involved in the creation of Uroburos.
It’s been over nine months since Edward Snowden first revealed to the world the extent of government surveillance in everything Internet-related, yet some companies don’t seem too worried about the privacy of their users. Users of the popular Yahoo! Instant messaging service are vulnerable to government snooping and even malicious hackers on the same Wi-Fi network because the free service refuses to turn on encryption for the messaging service. What makes this even worse is that the lack of encryption was first discovered approximately 10 years ago and still has not been fixed (as per a CNET test conducted last week). Last week, an article reported that government agencies have been eavesdropping on Yahoo’s unencrypted video chats as well.
If you have been reading this blog for any time at all, undoubtedly you are familiar with Zeus (sometimes also known as Zbot) and it’s more dangerous derivative Citadel – which appeared online after the original Zeus code was leaked. These two malware variants are responsible for millions of dollars in online bank fraud and were specifically designed to avoid detection for most popular antivirus suites. Although much of the popularity of these two malware variants has receded within the hacking community recently, another variant known as the Gameover bot has become extremely popular. This malware variant is sometimes known as Zeus P2P because it relies heavily on peer to peer network conductivity for command and control. What makes Gameover so popular is that it has been based on the “tried-and-true” methods that initially made both Zeus and Citadel so dangerous.
One of the good things about viruses is that they are reasonably easy to prevent by following some basic Internet/email best practices such as not downloading unfamiliar files and staying away from sites that may be compromised. Sure…this is sometimes easier said than done, but with a decent antivirus solution installed, most major threats can be stopped before they become serious. That all changes with the introduction of Chameleon. British researchers have created a computer virus that actually spreads through the air like a common cold. These researchers, from the University of Liverpool, have created malware that can jump from network to network using Wi-Fi access points. The speed that Chameleon can spread is something that is simply unheard of in the malware world and in the wrong hands, could represent a serious threat capable of hopping between homes and businesses in the blink of an eye.
Linksys, a popular home and small business router manufacturer, has a new threat to worry about as a self-replicating program known as “The Moon” exploits a vulnerability in the company’s E-Series product line. The worm was uncovered and reported on Wednesday by the Internet Storm Center (ISC) after it was noted that many popular Linksys E1000 and E1200 were scanning random IP address ranges on ports 80 and 8080. The Internet Storm Center researchers were able to capture the malware responsible for the scanning activity after intentionally leaving a test system vulnerable to attack. The premise of The Moon is to compromise existing vulnerabilities in the aforementioned Linksys routers and then use these routers to scan for other vulnerable devices.
Smart home technology has become increasingly popular and is expected to gain a significant market share in 2014. With its increased popularity, however, this technology has garnered the attention of hackers around the world looking to capitalize on a new technology trend. Belkin is a respected technology company best known for home and small business networking equipment. More recently, the company has introduced an entire line of smart home technology devices under the brand name WeMo. The most popular of these WeMo devices is an outlet that can be controlled by a smart phone anywhere in the world.
Point of Sale malware is nothing new, but BlackPOS may represent one of the most advanced versions of POS-specific malware to date. BlackPOS, for those unfamiliar with the term, is the malware variant responsible for the loss of over 40 million credit card numbers used in Target stores across the country during the holiday shopping season. It is also suspected in many of the other retail attacks reported as of late including Neiman Marcus and most recently, White Lodging (a franchise operating hotels under the Marriott, Hilton, Sheraton and Westin brands). Shortly after the Target breach was first announced, an anonymous user uploaded a copy of BlackPOS to a malware scanning service operated by Symantec. Although the copy was quickly removed from the site and later from Google’s cache servers, security experts have gotten a good look at this complex piece of malware and now better understand how it was able to go undetected for so long. BlackPOS was first introduced into Target’s systems in November of last year. Alarmingly, over 40 different malware scanning utilities found nothing threatening about BlackPOS.
The beginning of the 2014 tax filing season was January 31st and if you haven’t filed your taxes yet, now may be a good time to get started...unless, of course, you want any potential refund you may receive stolen by fraudsters “kind enough” to file on your behalf. According to a report filed by the Treasury Inspector General’s office last year, the Internal Revenue Service issued almost $4 billion in fraudulent tax refunds in 2012 alone. In most of these cases, personal information was stolen by identity thieves who then filed bogus tax returns on behalf of unsuspecting victims and had the refunds sent via direct deposit or paper check to an address other than that of the victim. Many of the refunds reported as fraud last year were over $5,000 - offering cyber criminals an easy way to make some serious cash each year before disappearing back into the criminal underworld. In fact, for this reason, the IRS has taken additional security measures this year in the hopes of preventing some of this fraudulent activity.
Page 1 of 7<< Start < Prev 1 2 3 4 5 6 7 Next > End >>