Internet threat news
A couple months ago this blog reported that the Gameover Zeus botnet — a notoriously dangerous Trojan responsible for distributing Cryptolocker ransomware — was shut down by an international task force code named Operation Tovar. This task force included members of the U.S. Department of Justice, multiple law enforcement offices, foreign government agencies and private security firms from around the world. The goal was to destroy the Command and Control servers responsible for sending instructions to millions of infected PCs and for the most part, the operation was considered a success.
Recently, this blog covered the alarming increase in fileless malware such as Poweliks. This dangerous new type of malware is undetectable by most modern antivirus solutions because the malware does not actually install any files to the computer hard drive (installing files is a red flag for most antivirus programs). Fileless malware isn’t exactly new but the problem has always been that the malware disappears after the computer is rebooted. Newer variations like Poweliks have figured out a way to load themselves via system registry entries every time the machine is booted resulting in persistent fileless malware that is almost impossible to detect and just as difficult to remove.
Reveton is an infamous malware strain part of the increasingly popular ransomware subset designed to lock computers or encrypt valuable data as a way to extort money from victims. Now that security researchers have discovered a way to decrypt one of the most notorious ransomware variants to date (Cryptolocker), it seems that hackers haven’t wasted any time looking for new ways to leverage old malware for new purposes. Unlike Cryptolocker, the original version of Reveton simply locked a victim’s computer to a specific splash screen and demanded payment to unlock the computer. Recently, however, security professionals have identified a new version of Reveton complete with two powerful password stealing programs making this malware variant even more dangerous than before.
Point-of-sale (POS) systems complete with credit card processing capabilities are everywhere from the gas pump to the local convenience store to your favorite clothing boutique. Unfortunately, hackers have begun targeting these POS systems around the world with specialized malware designed to extract personal payment information from thousands (and often millions) of people before the company affected by the malware even knows what happened. A recent Secret Service bulletin describes one of these malware variants known as Backoff. The announcement claims that at least seven POS vendors have confirmed having multiple clients affected by Backoff.
Hackers are always looking for new ways to lure unsuspecting victims to malicious websites where all sorts of malware can be quickly downloaded and installed. Often, malware is distributed using a technique known as a drive-by download. During this type of attack, a malicious website runs through a list of known vulnerabilities in search of an exploit that can be used to install malicious software. While this type of attack isn’t new, hackers are constantly changing up tactics when it comes to luring potential victims to malicious websites in the first place. As people become increasingly wary of email campaigns designed to spread malware, it usually takes a very interesting or newsworthy story to entice the average email user to follow an unsolicited email link. In the last several months, hackers have used tragedy around the world in these malware email campaigns including war in other countries and the missing Malaysian Airlines Flight 370.
Poweliks is a new type of malware recently discovered by security experts that could mark the evolution of computer malware into something much harder to detect by modern antivirus tools. Poweliks attempts to evade detection and analysis by running exclusively within the system registry. It does not create any files on disk making it nearly impossible for current security software to detect the intrusion at all. While fileless malware only existing in the system memory isn’t a new idea, they have been relatively rare because these forms of malware typically don’t survive after a system reboot (when the memory is cleared). Poweliks is different because it is persistent across system reboots while still remaining fileless.
This blog often focuses on malware threats that leave PCs vulnerable to attack from hackers located around the world. Unfortunately, there are also tools built into the Windows operating system that can be equally dangerous if not managed properly. One of these tools is a remote access tool known as Virtual Network Computing, or VNC. VNC is a useful tool often used to remotely share a desktop with another person. Colleagues can collaborate in real time using VNC technology and it is also used extensively by network administrators to remotely diagnose and fix software issues on the local machine. Many software companies also leverage VNC to perform software demonstrations for customers located throughout the world.
This blog has covered the assorted iterations of powerful ransomware in detail. While there have been many dangerous variations in the last several months, few (if any) have been as damaging and feared as Cryptolocker. Originally spotted nearly one year ago, Cryptolocker is a type of malware that uses extremely strong encryption to lock files and folders on a victim’s computer. Infected machines typically display a warning to users that their files have been locked and can only be retrieved by sending money — usually in the form of Bitcoins — to the hackers behind the scam. Victims are usually only given approximately 72 hours to comply before the ransom doubles or even triples. Unlike many malware variants, Cryptolocker and similar ransomware programs cannot be removed without the encryption key. In other words, no antivirus software or malware removal tool can help unlock the files.
It seems like one of the newest and most effective trends in banking Trojans is spam email regarding a bank transfer or an invoice. Although many PC users have become wary of these email scams, a new banking Trojan designed to steal personal financial information is still a worthy foe. Named Emotet by security researchers from Trend Micro, this new malware variant takes a slightly different path when attempting to steal your personal information. Most banking Trojans steal information by injecting rogue forms into Web browsing sessions.
As text messaging and instant messaging via services like Facebook, Skype and others redefine the American dictionary, hackers are catching on. A new scam has popped up on Facebook that can already claim hundreds of thousands of victims – and the numbers continue to climb. This scam is actually a Trojan designed to steal Facebook login credentials and spread itself like wildfire through the most popular social media platform to date. According to Malwarebytes (a computer security firm responsible for developing a free malware removal tool), the Trojan has other purposes as well.
Researchers from RSA recently discovered a botnet crime ring responsible for stealing nearly $4 billion (USD) over the last two years in Brazil. The botnet is being referred to as “Boleto malware” because it specifically targets the Boleto Bancário – the second most common payment method in Brazil (only credit card payments are more common). The boleto is similar to a money order and is used by consumers and for most business-to-business payments in the country. Brazilians can use boletos to complete online purchases using an online banking interface and much like Bitcoins and other electronic payment methods there are no chargebacks or dispute resolution procedures one expects from a credit card company. RSA estimates that in the two years this malware botnet has been active, nearly 500,000 boleto transactions have been compromised.
Last summer, Edward Snowden made headlines by leaking classified documents pertaining to illegal surveillance activities being performed by U.S. government agencies including the NSA. One of the secret programs revealed in these documents is known as X-Keyscore; a program whereby the NSA was secretly spying on nearly all Internet traffic around the world without consent or a legal right to do so. A recent analysis of the X-Keyscore source code reveals that the program was specifically designed to add anyone using popular Internet privacy tools including the Tor Network to NSA surveillance lists.
Although never officially confirmed by government officials, the Stuxnet Worm was a type of malware designed to sabotage the Iranian nuclear project as part of a joint effort between the United States and Israel. More recently, the Havex Trojan was discovered and it appears to act in a fashion that is very similar to the famous Stuxnet Worm Havex has already been used to compromise major energy providers in the United States and Europe. This included the United States Department of Energy website which was infected with a version of Havex that spread to legitimate applications that were downloaded unknowingly by visitors of the site.
Earlier this week a zero-day vulnerability was discovered that affects thousands of WordPress-powered websites currently using the TimThumb image resizing library. WordPress is a free, open source Content Management System (CMS) commonly used with blogs and even business websites. It is easy to use thanks to an intuitive back-end user interface and provides hundreds of customization options by default. In addition to the built-in customization options, WordPress users have access to over 30,000 third party plugins that provide support ranging from search engine optimization to E-commerce shopping cart functionality. One of these popular plugins, known as TimThumb, has a vulnerability that can be used by hackers to delete the contents of anything hosted on the compromised server.
Page 1 of 9<< Start < Prev 1 2 3 4 5 6 7 8 9 Next > End >>