Internet threat news
Hackers are always looking for new ways to lure unsuspecting victims to malicious websites where all sorts of malware can be quickly downloaded and installed. Often, malware is distributed using a technique known as a drive-by download. During this type of attack, a malicious website runs through a list of known vulnerabilities in search of an exploit that can be used to install malicious software. While this type of attack isn’t new, hackers are constantly changing up tactics when it comes to luring potential victims to malicious websites in the first place. As people become increasingly wary of email campaigns designed to spread malware, it usually takes a very interesting or newsworthy story to entice the average email user to follow an unsolicited email link. In the last several months, hackers have used tragedy around the world in these malware email campaigns including war in other countries and the missing Malaysian Airlines Flight 370.
Poweliks is a new type of malware recently discovered by security experts that could mark the evolution of computer malware into something much harder to detect by modern antivirus tools. Poweliks attempts to evade detection and analysis by running exclusively within the system registry. It does not create any files on disk making it nearly impossible for current security software to detect the intrusion at all. While fileless malware only existing in the system memory isn’t a new idea, they have been relatively rare because these forms of malware typically don’t survive after a system reboot (when the memory is cleared). Poweliks is different because it is persistent across system reboots while still remaining fileless.
This blog often focuses on malware threats that leave PCs vulnerable to attack from hackers located around the world. Unfortunately, there are also tools built into the Windows operating system that can be equally dangerous if not managed properly. One of these tools is a remote access tool known as Virtual Network Computing, or VNC. VNC is a useful tool often used to remotely share a desktop with another person. Colleagues can collaborate in real time using VNC technology and it is also used extensively by network administrators to remotely diagnose and fix software issues on the local machine. Many software companies also leverage VNC to perform software demonstrations for customers located throughout the world.
This blog has covered the assorted iterations of powerful ransomware in detail. While there have been many dangerous variations in the last several months, few (if any) have been as damaging and feared as Cryptolocker. Originally spotted nearly one year ago, Cryptolocker is a type of malware that uses extremely strong encryption to lock files and folders on a victim’s computer. Infected machines typically display a warning to users that their files have been locked and can only be retrieved by sending money — usually in the form of Bitcoins — to the hackers behind the scam. Victims are usually only given approximately 72 hours to comply before the ransom doubles or even triples. Unlike many malware variants, Cryptolocker and similar ransomware programs cannot be removed without the encryption key. In other words, no antivirus software or malware removal tool can help unlock the files.
It seems like one of the newest and most effective trends in banking Trojans is spam email regarding a bank transfer or an invoice. Although many PC users have become wary of these email scams, a new banking Trojan designed to steal personal financial information is still a worthy foe. Named Emotet by security researchers from Trend Micro, this new malware variant takes a slightly different path when attempting to steal your personal information. Most banking Trojans steal information by injecting rogue forms into Web browsing sessions.
As text messaging and instant messaging via services like Facebook, Skype and others redefine the American dictionary, hackers are catching on. A new scam has popped up on Facebook that can already claim hundreds of thousands of victims – and the numbers continue to climb. This scam is actually a Trojan designed to steal Facebook login credentials and spread itself like wildfire through the most popular social media platform to date. According to Malwarebytes (a computer security firm responsible for developing a free malware removal tool), the Trojan has other purposes as well.
Researchers from RSA recently discovered a botnet crime ring responsible for stealing nearly $4 billion (USD) over the last two years in Brazil. The botnet is being referred to as “Boleto malware” because it specifically targets the Boleto Bancário – the second most common payment method in Brazil (only credit card payments are more common). The boleto is similar to a money order and is used by consumers and for most business-to-business payments in the country. Brazilians can use boletos to complete online purchases using an online banking interface and much like Bitcoins and other electronic payment methods there are no chargebacks or dispute resolution procedures one expects from a credit card company. RSA estimates that in the two years this malware botnet has been active, nearly 500,000 boleto transactions have been compromised.
Last summer, Edward Snowden made headlines by leaking classified documents pertaining to illegal surveillance activities being performed by U.S. government agencies including the NSA. One of the secret programs revealed in these documents is known as X-Keyscore; a program whereby the NSA was secretly spying on nearly all Internet traffic around the world without consent or a legal right to do so. A recent analysis of the X-Keyscore source code reveals that the program was specifically designed to add anyone using popular Internet privacy tools including the Tor Network to NSA surveillance lists.
Although never officially confirmed by government officials, the Stuxnet Worm was a type of malware designed to sabotage the Iranian nuclear project as part of a joint effort between the United States and Israel. More recently, the Havex Trojan was discovered and it appears to act in a fashion that is very similar to the famous Stuxnet Worm Havex has already been used to compromise major energy providers in the United States and Europe. This included the United States Department of Energy website which was infected with a version of Havex that spread to legitimate applications that were downloaded unknowingly by visitors of the site.
Earlier this week a zero-day vulnerability was discovered that affects thousands of WordPress-powered websites currently using the TimThumb image resizing library. WordPress is a free, open source Content Management System (CMS) commonly used with blogs and even business websites. It is easy to use thanks to an intuitive back-end user interface and provides hundreds of customization options by default. In addition to the built-in customization options, WordPress users have access to over 30,000 third party plugins that provide support ranging from search engine optimization to E-commerce shopping cart functionality. One of these popular plugins, known as TimThumb, has a vulnerability that can be used by hackers to delete the contents of anything hosted on the compromised server.
The Tofsee Trojan is a dangerous malware variant spreading quickly through social media sites including Facebook, Twitter and Skype. Unlike most Trojans; however, Tofsee is equipped with a robust set of antivirus tools designed to eliminate any other malware threats on the machine at the time of infection. Tofsee is spread primarily via social media sites but it has also been observed spreading via removable drives (such as USB flash drives and SD cards). Once a machine is infected, it automatically authenticates itself with any social networks frequented by the victim using cookies stored in system memory.
Recent months have revealed a host of banking Trojans with one thing in common: all of them have been based (in whole or in part) on the infamous Zeus source code leaked last year. While hackers have attempted to mask the now well-known signature of this once extremely dangerous malware family, the shutdown of the Gameover Zeus botnet earlier this month most likely signifies the end of the “reign of Zeus.” But just as the sun sets on Zeus, a new banking Trojan has already emerged that could be much more dangerous than the last few Zeus variants combined. The new banking Trojan, known as Dyreza, uses a man-in-the-middle attack to intercept unencrypted web traffic. Dyreza does share some similarities with Zeus but security experts around the world agree that this is not just another Zeus offshoot.
This blog has covered numerous banking Trojans in the past including the notorious Zeus Trojan and its variants such as Citadel and Carberp. These threats are usually available as a kit that can be purchased by just about anyone through well-known underground websites for a small fee. In some cases, the source code is leaked across the Internet for free. Zeus source code was leaked in this manner and allowed for the creation of more powerful variants including the Gameover Zeus botnet (which was recently taken down by a global law enforcement task force).
Ransomware has become a hot topic lately as more and more criminal organizations realize the profit potential of this lucrative – albeit destructive – form of malware. There have been numerous variations spreading across the Internet in the last few months. Some have been mildly successful while others are impossible to remove without the decryption key. Cryptodefense is a good example of a ransomware variation that could have been much more dangerous. As it turns out, the developer of Cryptodefense accidentally left the decryption keys hidden in an application data folder on the user’s computer. While the average user probably wouldn’t be able to locate this information, security experts quickly learned how to avoid paying the ransom and losing their files forever.
Page 1 of 9<< Start < Prev 1 2 3 4 5 6 7 8 9 Next > End >>