Internet threat news
It seems like one of the newest and most effective trends in banking Trojans is spam email regarding a bank transfer or an invoice. Although many PC users have become wary of these email scams, a new banking Trojan designed to steal personal financial information is still a worthy foe. Named Emotet by security researchers from Trend Micro, this new malware variant takes a slightly different path when attempting to steal your personal information. Most banking Trojans steal information by injecting rogue forms into Web browsing sessions.
As text messaging and instant messaging via services like Facebook, Skype and others redefine the American dictionary, hackers are catching on. A new scam has popped up on Facebook that can already claim hundreds of thousands of victims – and the numbers continue to climb. This scam is actually a Trojan designed to steal Facebook login credentials and spread itself like wildfire through the most popular social media platform to date. According to Malwarebytes (a computer security firm responsible for developing a free malware removal tool), the Trojan has other purposes as well.
Researchers from RSA recently discovered a botnet crime ring responsible for stealing nearly $4 billion (USD) over the last two years in Brazil. The botnet is being referred to as “Boleto malware” because it specifically targets the Boleto Bancário – the second most common payment method in Brazil (only credit card payments are more common). The boleto is similar to a money order and is used by consumers and for most business-to-business payments in the country. Brazilians can use boletos to complete online purchases using an online banking interface and much like Bitcoins and other electronic payment methods there are no chargebacks or dispute resolution procedures one expects from a credit card company. RSA estimates that in the two years this malware botnet has been active, nearly 500,000 boleto transactions have been compromised.
Last summer, Edward Snowden made headlines by leaking classified documents pertaining to illegal surveillance activities being performed by U.S. government agencies including the NSA. One of the secret programs revealed in these documents is known as X-Keyscore; a program whereby the NSA was secretly spying on nearly all Internet traffic around the world without consent or a legal right to do so. A recent analysis of the X-Keyscore source code reveals that the program was specifically designed to add anyone using popular Internet privacy tools including the Tor Network to NSA surveillance lists.
Although never officially confirmed by government officials, the Stuxnet Worm was a type of malware designed to sabotage the Iranian nuclear project as part of a joint effort between the United States and Israel. More recently, the Havex Trojan was discovered and it appears to act in a fashion that is very similar to the famous Stuxnet Worm Havex has already been used to compromise major energy providers in the United States and Europe. This included the United States Department of Energy website which was infected with a version of Havex that spread to legitimate applications that were downloaded unknowingly by visitors of the site.
Earlier this week a zero-day vulnerability was discovered that affects thousands of WordPress-powered websites currently using the TimThumb image resizing library. WordPress is a free, open source Content Management System (CMS) commonly used with blogs and even business websites. It is easy to use thanks to an intuitive back-end user interface and provides hundreds of customization options by default. In addition to the built-in customization options, WordPress users have access to over 30,000 third party plugins that provide support ranging from search engine optimization to E-commerce shopping cart functionality. One of these popular plugins, known as TimThumb, has a vulnerability that can be used by hackers to delete the contents of anything hosted on the compromised server.
The Tofsee Trojan is a dangerous malware variant spreading quickly through social media sites including Facebook, Twitter and Skype. Unlike most Trojans; however, Tofsee is equipped with a robust set of antivirus tools designed to eliminate any other malware threats on the machine at the time of infection. Tofsee is spread primarily via social media sites but it has also been observed spreading via removable drives (such as USB flash drives and SD cards). Once a machine is infected, it automatically authenticates itself with any social networks frequented by the victim using cookies stored in system memory.
Recent months have revealed a host of banking Trojans with one thing in common: all of them have been based (in whole or in part) on the infamous Zeus source code leaked last year. While hackers have attempted to mask the now well-known signature of this once extremely dangerous malware family, the shutdown of the Gameover Zeus botnet earlier this month most likely signifies the end of the “reign of Zeus.” But just as the sun sets on Zeus, a new banking Trojan has already emerged that could be much more dangerous than the last few Zeus variants combined. The new banking Trojan, known as Dyreza, uses a man-in-the-middle attack to intercept unencrypted web traffic. Dyreza does share some similarities with Zeus but security experts around the world agree that this is not just another Zeus offshoot.
This blog has covered numerous banking Trojans in the past including the notorious Zeus Trojan and its variants such as Citadel and Carberp. These threats are usually available as a kit that can be purchased by just about anyone through well-known underground websites for a small fee. In some cases, the source code is leaked across the Internet for free. Zeus source code was leaked in this manner and allowed for the creation of more powerful variants including the Gameover Zeus botnet (which was recently taken down by a global law enforcement task force).
Ransomware has become a hot topic lately as more and more criminal organizations realize the profit potential of this lucrative – albeit destructive – form of malware. There have been numerous variations spreading across the Internet in the last few months. Some have been mildly successful while others are impossible to remove without the decryption key. Cryptodefense is a good example of a ransomware variation that could have been much more dangerous. As it turns out, the developer of Cryptodefense accidentally left the decryption keys hidden in an application data folder on the user’s computer. While the average user probably wouldn’t be able to locate this information, security experts quickly learned how to avoid paying the ransom and losing their files forever.
The United States Justice Department recently announced that international law enforcement – working together in a joint effort – have successfully seized control of the notorious Gameover Zeus botnet. Estimated to have infected well over one million computer systems around the world, Gameover is a dangerous variation of the ‘standard’ Zeus malware kit used to harvest sensitive personal and financial data from victims. Other uses include renting out the botnet to elite hacking groups for online extortion attempts, spam campaigns and other illegal activities. Gameover is based on the Zeus Trojan which has involved to include an entire family of derivative malware including the Citadel banking Trojan. While Zeus was typically sold as a botnet creation kit which anyone could purchase and deploy, Gameover has been exclusively controlled by a cybercriminal syndicate hailing from Russia and Ukraine.
For many readers of this blog, social media has become synonymous with government intrusion. Others, unfortunately, do not truly believe many of the claims made in recent months by the likes of Edward Snowden and countless computer security websites around the world. This article is for those people… The Secret Service recently released a Request for Proposals (RFP) – officially known as Solicitation No. HSSS01-14-Q-0182 and entitled Computer Based Annual Social Media Analytics Subscription – that was posted publicly for everyone to read. The RFP specifically states that the Secret Service is interested in a software platform capable of synthesizing social media postings and associated data.
Although WhatsApp – an instant messaging service recently acquired by Facebook – remains the most popular instant messaging application in the Play Store for Android devices, the Chinese-developed WeChat isn’t far behind in terms of number of global users and overall popularity. And it is for exactly this reason that hackers recently targeted this application as a way to deploy a dangerous new type of banking Trojan that is being referred to by security experts as Banker.AndroidOS.Basti.a. The company distributing the authentic version of WeChat – Chinese company Tancent – has declared that they currently have 355 million active WeChat users around the world.
A little over a month ago, this blog reported the OpenSSL vulnerability that has become commonly known as the Heartbleed bug. The exploit uses a recently discovered vulnerability in OpenSSL’s implementation of the TLS/DTLS heartbeat extension – allowing hackers to read portions of the affected server’s memory. Information compromised during a Heartbleed exploit can include sensitive user information including usernames, passwords and other personal information that can be used (in the wrong hands) to commit an assortment of cybercrimes ranging from identity theft to sending spam emails on behalf of the victim.
Page 1 of 8<< Start < Prev 1 2 3 4 5 6 7 8 Next > End >>