YourITDepo Archives

All Platinum Categories

  • Security
  • Service

    All Platinum Tags

    Archive for September, 2011

    New Mac malware poses as PDF doc

    Posted on Friday, September 23rd, 2011

    Computerworld – Security firms today warned Mac users of a new Trojan horse that masquerades as a PDF

    The malware, which was spotted by U.K.-based Sophos and Finnish antivirus vendor F-Secure, uses a technique long practiced by Windows attackers.

    “This malware may be attempting to copy the technique implemented by Windows malware, which opens a PDF file containing a ‘.pdf.exe’ extension and an accompanying PDF icon,” said F-Secure today.

    That practice relies on what is called the “double extension” trick: adding the characters “.pdf” to the filename to disguise an executable file.

    The Mac malware uses a two-step process, composed of a Trojan “dropper” utility that downloads a second element, a Trojan “backdoor” that then connects  to a remote server controlled by the attacker, using that communications channel
    to send information gleaned from the infected Mac and receiving additional instructions from the hacker.

    Because it doesn’t exploit a vulnerability in Mac OS X — or any other software — the malware instead must dupe users into downloading and opening the seemingly-innocuous PDF document, which is actually an executable.

    Once run, the dropper downloads the second-stage backdoor and opens a Chinese-language PDF. F-Secure said that the PDF was another sleight-of-hand trick: “[The dropper component] drops a PDF file in the /tmp folder, then opens it to distract the user from noticing any other activity occurring,” the company said in a description of the attack.

    Both Sophos and F-Secure noted that the malware doesn’t work reliably, and currently can’t connect to the command-and-control (C&C) server because the latter isn’t fully functional.

    Mac malware is typically crude in comparison with what targets Windows PCs.

    Because the C&C server is not yet operational and since it found samples of the Trojans on VirusTotal — a free service that runs malware against a host of antivirus engines — F-Secure speculated that the malware is still in the
    testing phase.

    Although Apple’s Mac OS X includes a bare-bones antivirus detector, it has not been updated to detect the just-noticed Trojan dropper or backdoor. Checks of several Computerworld Macs running Lion, for instance, found that Apple last updated its detector on Aug. 9.

    Mac users had their biggest malware scare earlier this year, when a series of fake security programs, dubbed “scareware,” were aimed at them.

    Several antivirus companies, including Sophos, F-Secure and Intego, offer security software for the Mac.

    Posted in Security by | Comments Off on New Mac malware poses as PDF doc

    Adobe Flash Player security update repairs dangerous XSS issue

    Posted on Thursday, September 22nd, 2011

    Adobe Systems Inc. has issued a critical Flash Player security update, repairing six vulnerabilities and at least one flaw being actively targeted by cybercriminals in an email attack.

    The flaw, an Adobe Flash Player cross-site scripting (XSS) vulnerability, could be used against a user once they are tricked into visiting a malicious website, Adobe said. The critical update affects all versions of Adobe Flash Player running on Windows, Macintosh, Linux and Solaris, as well as the mobile version for Google Android devices.

    “These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in its security advisory, issued Wednesday.

    Adobe recommends users upgrade to Adobe Flash Player or Adobe Flash Player for Android The update fixes a variety of errors that could cause the browser to crash, allow information disclosure and enable attackers to execute code.

    At least one of the flaws, a memory corruption vulnerability, was discovered by security researchers at Fortinet Inc.  Danish vulnerability clearinghouse Secunia gave the Adobe Flash Player security update a “highly critical” rating.  “Certain unspecified input is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site,” Secunia said in its advisory.

    Posted in Security by | Comments Off on Adobe Flash Player security update repairs dangerous XSS issue

    New malicious email attachments come with accusations, threats.

    Posted on Wednesday, September 21st, 2011

    The latest social engineering trick to get victims to open malicious email attachments accuses them of being spammers and threatens to sue them if they   don’t stop.

    It’s all in an attempt to get targets to open up the zip attachment by telling them it contains evidence of their spamming.   Actually it’s an .exe file that infects the machine but displays like a document, according to the Websense Security Labs Blog.

    The attachment installs a downloader Trojan that copies itself to the system path so it executes when the system boots up.   It connects to remote servers to download specific exploit files. The blog says the current attacks could contain other variants   of the Trojan as attachments.

    The new attack cropped up Monday in WebSense’s ThreatSeeker network that gathers data about malicious email campaigns. The   emails are dressed up to look like they come from real businesses that is upset because the recipient has been spamming them.   “The emails even formally claims that legal action will be taken because of the spam you have sent,” says the blog.

    The blog includes an image containing the text of one such email: “Hello. Your email is sending spam messages! If you don’t   stop sending spam, we will be impelled to sue you! We’ve attached a scanned copy of the document assembled by our security   service to this letter. Please carefully read through the document and stop sending spam messages. This is the final warning!

    Subject lines include “You are sending ad messages”, “We are going to sue you”, “This is the final warning”, “We’ve sent you   a copy of a complaint” and “A message from our security service”.

    Posted in Security by | Comments Off on New malicious email attachments come with accusations, threats.

    Malicious email-attachment surge yields infected computers with no obvious purpose — yet

    Posted on Thursday, September 15th, 2011

    A mammoth army of infected computers is being assembled, but it’s unclear yet what purpose they will be put to.

    Wave after wave of malicious email attachments has been sent out since August, and with average success rates for such mailings,   millions of machines could be compromised, says Internet security firm Commtouch.

    Once infected, the computers can be loaded with additional malware that can perform a range of activities, including spamming,   participating in DDoS attacks, stealing bank credentials and compromising email and social-network accounts, according to   an upcoming Commtouch blog post.

    But what this botnet will do remains a mystery. “The purpose of this vast computing force is still not clear,” the blog says.

    Since a record peak of 25 billion malicious attachments to emails being sent on a single day in mid-August, email-attached   malware has peaked five times since, each spike smaller than the one before, says Commtouch. The company predicted this pattern   in August just after the highest peak.

    Each peak represents a surge in a particular scam used to dupe victims into opening the attack attachments. The first wave   consisted mainly of phony notices from UPS or FedEx that a package has been misrouted. The second, called the Map of Love,   is a PDF that purports to be a map of interesting destinations worldwide. The third is a false notice of an altered charge   for a hotel room, the blog post says.

    User forums indicate that the malware campaigns worked, with many users opening the attachments. While it doesn’t have estimates   of the number of machines compromised, Commtouch says that such campaigns have linear success, so the more attachments sent,   the more opened.

    If the purpose of the assembled botnet is to send spam, it hasn’t had an impact on overall spam traffic, which has actually   been trending a bit downward, Commtouch says.

    Posted in Security by | Comments Off on Malicious email-attachment surge yields infected computers with no obvious purpose — yet

    Cybercrime costs $114 billion a year

    Posted on Thursday, September 8th, 2011

    Reported on Yahoo News on September 7th 2011:

    Cybercrime claimed 431 million adult victims last year and cost $114 billion, according to a report published Wednesday.

    The Norton Cybercrime Report 2011 said over 74 million people in the United States were cybercrime victims last year, suffering $32 billion in direct financial losses.

    Cybercrime cost China around $25 billion, Brazil $15 billion and India $4 billion in the past 12 months, said the report from computer security firm Symantec, maker of the Norton anti-virus software.

    According to the report, more than two-thirds of online adults — 69 percent — have been victims of cybercrime at some point in their lives, resulting in more than one million cybercrime victims a day.

    Cybercrime rates were even higher in China and South Africa. Eighty-five percent of Chinese respondents to the Norton survey and 84 percent of South Africans said they have been victims of cybercrime.

    The report found a growing threat from cybercrime on mobile phones.

    Ten percent of adults online have experienced cybercrime on their mobile phones and the number of reported new mobile operating system vulnerabilities increased from 115 in 2009 to 163 in 2010.

    “There is a serious disconnect in how people view the threat of cybercrime,” said Adam Palmer, Norton lead cybersecurity advisor. “Cybercrime is much more prevalent than people realize.

    “Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year,” Palmer said.

    For the survey, interviews were conducted with nearly 20,000 people in 24 countries, Symantec said.

    Posted in Security by | Comments Off on Cybercrime costs $114 billion a year