Join the God Side, Jesus is Coming…….

Archive for the ‘Malware infection’ Category

Worm spreading via RDP port 3389

It’s retro day in the world of Internet security, with an Internet worm dubbed “Morto” spreading via the Windows Remote Desktop Protocol (RDP).

F-Secure is reporting that the worm is behind a spike in traffic on Port 3389/TCP. Once it’s entered a network, the worm starts scanning for machines that have RDP enabled. Vulnerable machines get Morto copied to their local drives as a DLL, a.dll, which creates other files detailed in the F-Secure post.

 SANS, which noticed heavy growth in RDP scan traffic over the weekend, says the spike in traffic is a “key indicator” of a growing number of infected hosts. Both Windows servers and workstations are vulnerable.

Fake Antivirus Targets Firefox

Source: pcworld

Firefox users have targeted by a new scam that tries to load a user’s PC with fake antivirus software using a passably convincing version of the Windows Update page.

Fake antivirus scams are legion, and ones using bogus update pages of one sort of another are also an established trick. The oddity of the latest incarnation of the attack, discovered by Sophos, is that it triggers only when encountering Windows users of Firefox pushed to it through a page redirect.

Artwork: Chip TaylorThe first big giveaway? Windows Update can only be started as a background activity in Windows or through Internet Explorer.

The page itself is a copy of the Windows Update page offering an “urgent” 2.8MB download which will turn out to start a useless security scan plugging fake antivirus software. The technique is clever. Users who agree to the update without being entirely sure that it is genuine will be more easily convinced that a PC has been infected with the non-existent malware later detected by the bogus program.

“Users need to be more vigilant than ever before as bogus security alerts pop-up in their browsers,” said Graham Cluley of Sophos. “Fake anti-virus attacks are big business for cybercriminals and they are investing time and effort into making them as convincing as possible.”

“Malicious hackers are using smart social engineering tricks more and more often, and the risk is that users will be scared by a phoney warning into handing over money to fix problems that never existed in the first place,” he said.


New malware tricks users into thinking hard drive failure


Scareware came by its name honestly (or perhaps dishonestly). The particular strain of malware we are looking at here (distributed as UltraDefragger and SystemRecovery) attempts to ensnare unwary users by displaying sensational and frightening alerts.

As Symantec recently discovered, the bad guys have added a new twist to their fake disk defragmentation tools: falsely notifying users that a hard drive is about to fail. Like so many other rogue applications, this “recovery tool” is designed to trick users into purchasing a paid application which can fix the problems that were detected. In truth, of course, there were no problems and thereis no fix.

This malware goes beyond mere sensational alerts, however. Symantec notes that it moves files from All Users and the current Windows user’s profile into a temporary location, making it appear as though problems with the hard drive are causing files to disappear. It also disables a user’s ability to change wallpaper images and sets registry keys to hide certain icons — giving the impression that programs are going missing as well (check out the video to see it in action).

If there’s one thing which incites panic in the average computer user, it’s the thought of losing important files. When a rogue application does as convincing a job as this one does, it’s really not surprising that the panic button gets pushed and purchases are made. So just how much would you have to shell out to undo the damage caused by this phantom hard drive crash? $79.50.

Mac Seemingly as Susceptible to Malware as Windows

Source: blog.brickhoussecurity

When asked about computer security and virus protection, most people are under the assumption that a Windows computer is expected to be in constant battle against malware and viruses of all kinds, while the Mac is generally safe, allowing users to do or download whatever they wish without any repercussions. Well, this assumption is not only being challenged at this point, but is actively being proven false thanks to the “Mac Defender.”

Mac Defender is a trojan horse that is actively targeting Mac users and has already successfully infected hundreds of systems. The way this virus works, like a lot of Windows viruses, is by showing users a pop-up message that warns them that their system is infected by a virus and that they must install anti-virus software to get rid of it.

In reality, this pop-up is telling users that they would make great targets, and that they should install the virus, or at least this is how most tech-savvy computer users would see it and know to avoid it. However, many computer users still fall for this old scam, and once installed, the virus either loads porn websites on the computer like the Mac Defender appears to, or might do something much more malicious like steal personal information such as passwords, user names, or credit card numbers.

So what do you with your infected PC or Mac? For PC users, we would recommend installing a good anti-virus program and clean the system, or if possible (which might not be so with many viruses locking up certain computer features), try to run a system restore to a point in time before the virus was downloaded. As for infected Macs, try to contact Apple and see if they’d be able to help you with removing the virus, or if you have been using the “Time Machine” feature to back up your files, restore your computer to the last known good point before the virus was installed. And for those Mac users that don’t know what “Time Machine” is, it is an automatic back-up of all your files that creates restore points as you use your computer in case you somehow mess up the system or download malware, but it does have to be manually activated for the first time before it starts backing up your data.

Microsoft: One in 14 downloads is malicious


IDG News Service – The next time a website says to download new software to view a movie or fix a problem, think twice. There’s a pretty good chance that the program is malicious.

In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.

Five years ago, it was pretty easy for criminals to sneak their code onto computers. There were plenty of browser bugs, and many users weren’t very good at patching. But since then, the cat-and-mouse game of Internet security has evolved: Browsers have become more secure, and software makers can quickly and automatically push out patches when there’s a known problem.

So increasingly, instead of hacking the browsers themselves, the bad guys try to hack the people using them. It’s called social engineering, and it’s a big problem these days. “The attackers have figured out that it’s not that hard to get users to download Trojans,” said Alex Stamos, a founding partner with Isec Partners, a security consultancy that’s often called in to clean up the mess after companies have been hacked.

IE9 versus Chrome: which one blocks malware better?

Source: zdnet

Social engineering has become the dominant method of distribution for fake antivirus software. And most modern browsers, with one exception, do a terrible job of dealing with this type of threat. Current builds of Chrome display a terrible flaw that puts you at greater risk than its competitors. In my testing, a malware author was able to exploit Chrome in four easy clicks. In stark contrast, Internet Explorer 9 used some new technology to flag the exact same sites and files as suspicious, providing unmistakable warnings that have been shown to stop 95% of these attacks in their tracks.

I’ve captured the experience for both browsers in these two videos and in an accompanying screenshot gallery so you can see for yourself. And if you make it to page 3, you’ll read about the new reputation-based technology that’s given IE9 the lead.

Interesting post read more…

Facebook Bully Video Actually an XSS Exploit

Source: eweek

A security researcher discovered a new cross-site-scripting vulnerability on Facebook, days after the social networking giant patched a different XSS flaw in its mobile API. At least one active scam is exploiting the new bug at this time.

“Found another instance of that Facebook app XSS—and it’s a Facebook XSS issue. Do not click links involving a video of a bully,”Joey Tyson, a security engineer at Gemini Security Solutions, posted on Twitter. Tyson writes about social networking sites’ privacy and security issues on his blog, Social Hacking.

The flaw has to do with the way browsers load certain links formatted in “a certain syntax” as JavaScript even though they are not filtered by JavaScript, Tyson said. It is more sophisticated than most XSS attacks as the actually video does load for the user. The “JS payload can do quite a bit,” Tyson added.

The app can post the link to the “video” on the user’s wall, add the user to a scam event and send invites to the event to friends, and send out the link on Facebook Chat.

Many past Facebook scams displayed a page and told users to download a plug-in—really malware—to view the video, or just redirected users to a survey or another malicious site. Viewers rarely saw the video they’d clicked to see.

Facebook has informed Tyson that it is tracking the attack and will be pushing out an update “soon,” according to Tyson. Facebook has removed several of the apps already, which made it a little challenging for Tyson to find an active scam to analyze. He pasted the actual exploit code on text-sharing site Pastebin, which pointed to a video titled “Pal Pushes Bully.”


Tag Cloud