Internet threat news

Distributed Denial of Service (DDOS) attacks are nothing new.  In the past few years, there has been an increase in these still-effective attacks.  Services allowing customers to rent “bot nets” for stress testing used to be found exclusively in the hacking underground.  These services have recently shifted and started openly advertising across the Internet.
These services, known as “booter” or “stressor” products, launch DDOS attacks against networks to supposedly test the security measures in place. These means that anyone can pay a nominal fee to rent large amounts of bandwidth and channel them against practically any server they choose.  Many of these sites share the same or similar source code and although they are not capable of taking down large, well-managed networks, small to medium web hosts should take note.  It is also worth noting that although these booter services often promise customers a variety of advanced attacks including Layer 7 attacks, SYN floods, and Apache memory exhaustion, a glitch in the code often means that reflected DNS and UDP flood attacks are the only methods used against a target.

Although there are many unpatched flaws in Facebook security, an especially dangerous one that remains vulnerable allows hackers to spoof the content of any Facebook app with ease.  Using this exploit, hackers are able to create spoofed wall posts from any trusted Facebook app imaginable.  To the user, the content looks completely legitimate but the contents of the spoofed page can be anything but harmless.
The vulnerability is capable of spoofing any app but some of the common ones that have already been spoofed successfully include Saavn, Candy Crush, Spotify, and Pinterest to name a few.  No matter what app is actually spoofed, the content appears to be from the specified app and typically does not raise any alarms for the user as a result.

Last week, Microsoft confirmed reports of a vulnerability in Internet Explorer 8 allowing remote access to the operating system in Windows XP and above.  This also includes all current versions of Windows Server up to 2008 R2.  The exploit relies on a previously unknown hole in Internet Explorer that allows for remote code execution (as confirmed by Microsoft).
The exploit has already been used successfully against the U.S. Department of Labor website.  A script on several DOL web pages redirected users to a site serving a remote access Trojan to visitors.  Specifically, the attack targeted Department of Energy workers that were attempting to access the Site Exposure Matrices.  These pages communicate information about toxic substances encounter at nuclear sites as well as possible side effects.  These infected machines could be located within nuclear facilities and allow the attacker the same access as the current user.

With over one billion registered users, Facebook has become a prime target for hackers.  Microsoft has issued a warning about a new threat to the social media giant capable of hijacking individual Facebook accounts.  The malware, known as Trojan:JS/Febipos.A, was first detected in Brazil and reported on Friday in a Microsoft security bulletin.  
The Trojan works by disguising itself as a legitimate browser extension for both Google Chrome and Mozilla Firefox.  The malware even tries to update itself like a benign extension would.  The program is typically installed by TrojanDropper:Win32/Febipos.A.  Once installed, the program will download an updated version of itself onto the affected machine.

Email messages have always been a popular source of malware infections. Cyber criminals who are responsible for creating and distributing malware using infected email attachments or malicious links are striving to create a sense of urgency and make their fake email messages appear legitimate. Fake Email messages are used to trick unsuspecting PC users into clicking on the malicious links or to download infected Email attachments. Most commonly such rogue email messages exploits the names of various legitimate companies and organizations, moreover Cyber criminals are stealing the graphics of such well known brand names and embeds them in their malicious Email messages.

Skype is a proprietary voice-over-Internet Protocol service, it's a very popular online chat service which has nearly 700 million users all over the world. Recently Skype has been targeted by Cyber criminals who had plans to use this service as their malware distribution channel. Earlier this week (on October the 8th) Skype users have been warned about a new worm which spreads spam messages (for example: lol is this your new profile pic? etc.) and in such way tricks unsuspecting computer users into clicking links which lead to malicious websites distributing Trojans, ransomware infections and viruses. Most commonly links in such messages lead to Trojans which are used to steal computer user's passwords. The worst thing talking about this Skype malware is that Skype users are not aware that links posted by their contacts could lead to malicious websites or infected executable.

Facebook is the world's largest social network, it has more than 900 million users worldwide. Facebooks's community includes millions of people and that gives rogue app developers a very wide audience to work with. Most commonly Internet criminals are using rogue Facebook applications or browser extensions to spread their scam from user to user. Despite Facebook's security features, safe social networking rests in the user's own hands.

Internet criminals are always looking for new ways of spreading their misleading applications. Most commonly they use spam campaigns, hijacked websites and various redirects. Search engine result poisoning are also used to spread malware, Cyber criminals are waiting for some global event and then creates optimized websites to distribute their rogue programs. While on their quest of infecting as much computers as possible, Internet criminals are able to compromise legitimate Ad networks and serve their misleading applications through websites which uses the services of the mentioned ad networks. This strategy allows them to reach a very wide auditory of computer users and infect thousands of machines. Latest research shows that Internet criminals were able to compromise several ad servers which are running OpenX ads. They were able to add malicious JavaScript to Ad servers which redirects computer users to misleading websites serving malware. The added script allows adding additional iframe element to the page which then loads content from servers controlled by Internet criminals. This a very powerful technique allowing Cyber criminals to control a very high volume of web traffic.

Recently the a type of malware were released which targets commercial and business online banking users. This type of malware has never been recorded before - infection is using a live chat function to trick online banking users into giving away their sensitive personal information.

Cybercriminals are using Shylock malware platform to distribute their new type of scam, this particular method is very hard to detect and remove. The Shylock malware is able to hide in the memory of the infected computer, it uses very sophisticated methods to remain undetected - it doesn't create a new process rather than that it is able to suspend new processes of legitimate programs from initiating for a couple of moments and then injects them with it's rogue code. Furthermore Shylock uses Watchdog functions to detect antivirus scanning operations. If this malware senses that a security program is beginning initiated it will remove it's registry entries and files and will remain active in the memory. To reinfect your computer, Shylock malware hijacks Windows Shutdown function, just before your computer shuts-down it is able to write the previously deleted registry entries and files back to your computer.

Website hacking is a commonly used method by Internet criminals to perform their malicious tasks. Looking for security vulnerabilities and then attacking a website is beneficial for Cyber criminals in many ways - they can exploit the bandwidth, hosting etc. of the hacked website.

Most valuable prey for an Intent criminal is authority websites, as we all know most of the nowadays security suites comes with Internet security features which uses databases of known bad or good websites to prevent computer infections in the first place. When Cyber criminals are successful in hacking a website with a clean history, the number of people computers that gets infected rises drastically.

The new quarterly report from McAfee revealed that there were more that 75 million new malware samples released in 2011. Last quarter of 2011 was profitable for Android malware developers, this segment is continuing to grow, most popular threat used infecting mobile users were sms sending Trojans. When infected with such trojan your mobile device will automatically send out sms messages to a costly subscription services which are operated by Internet criminals. Other prevailing threats used for Android devices where rogue rooting apps.

The malware segment has continued to decline comparing to the year 2010, while there are still more than 75 million new malware samples detected. The last quarter of year 2011 has shown a growth of TDSS family root-kits, these infections are used in distribution of other computer threats, and are designed to stay stealth on an infected computer for a long period of time.

"Gameover" is a malware which is specifically designed to steal usernames and passwords used when logging to your banking account. This malware is an updated version of it's predecessor called Zeus.

As it's previous version "Gameover" is created with only one purpose - target banking accounts information. Recently we have seen a rise in fake email messages which is used to spread this malware. Internet criminals are using such names as NACHA, FDIC, the Federal Reserve etc. When sending their misleading spam emails Internet Criminals are telling unsuspecting computer users that there are issues with their banking account, they include a link in their email messages which supposedly will help to resolve there problems. The truth is that when you click on such link you computer will be infected with a variant of "Gameover" malware which will then start monitoring your banking account login pages and will start sending the collected data to the Internet criminals.

Latest research on online surveys conducted by the Ponemon Institute and sponsored by PC Tools showed that American computer users are likely to take online surveys and reveal their personal information.

Recently spammers flooded Facebook with misleading messages offering free gift card for Starbucks coffee. This message is designed to trick unsuspecting Facebook users into further spreading this fake offer.