Tag Archives: malware

New crimeware tool Dendroid makes it easier to create Android malware, researchers warn

Posted on by

Dendroid’s features include deleting call logs and files; calling phone numbers; opening Web pages; recording calls and audio from the microphone; intercepting text messages; taking and uploading photos and videos; opening applications and launching HTTP flood (denial-of-service) attacks for a period of time specified by the attacker.

Dendroid is not the first Android RAT, but is one of the most sophisticated one seen to date.

via New crimeware tool Dendroid makes it easier to create Android malware, researchers warn | ITworld.

App Pays Attention to Phone’s Behavior to Spot New Malware

Posted on by

Today, San Francisco-based Zimperium unveiled its zIPS Android app (the “IPS” stands for “intrusion prevention system”), which the company says uses machine learning to watch how your smartphone normally acts and can spot strange changes in its usage, enabling it to detect and prevent attacks, including those that may strike via unprotected Wi-Fi networks.

via App Pays Attention to Phone’s Behavior to Spot New Malware | MIT Technology Review.

A First Look at the Target Intrusion, Malware

Posted on by

Target has yet to honor a single request for comment from this publication, and the company has said nothing publicly about how this breach occurred. But according to sources, the attackers broke in to Target after compromising a company Web server. Somehow, the attackers were able to upload the malicious POS software to store point-of-sale machines, and then set up a control server within Target’s internal network that served as a central repository for data hoovered by all of the infected point-of-sale devices.

via A First Look at the Target Intrusion, Malware — Krebs on Security.

Malicious advertisements served via Yahoo

Posted on by

Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious. Those malicious advertisements are iframes hosted on the following domains:

  • blistartoncom.org (192.133.137.59), registered on 1 Jan 2014
  • slaptonitkons.net (192.133.137.100), registered on 1 Jan 2014
  • original-filmsonline.com (192.133.137.63)
  • funnyboobsonline.org (192.133.137.247)
  • yagerass.org (192.133.137.56)

via Malicious advertisements served via Yahoo | Fox-IT International blog.

NSA infected 50,000 computer networks with malicious software

Posted on by

A management presentation dating from 2012 explains how the NSA collects information worldwide. In addition, the presentation shows that the intelligence service uses ‘Computer Network Exploitation’ (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware, malicious software.

via NSA infected 50,000 computer networks with malicious software – nrc.nl.

This article is a bit short on details.  It doesn’t say what OSs or exactly how they got malware onto victim machines.  The only way to infect a network would be to perhaps get control of its firewall or main router.  Since most people use cheap SOHO routers that might not be very difficult to swap out firmware on them that can do all kinds of things unbeknownst to its owner.   The article implies that the victim machines are PCs according to this:

One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. For a number of years the British intelligence service – GCHQ – has been installing this malicious software in the Belgacom network in order to tap their customers’ telephone and data traffic. The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.

The Increasing Failure Of Malware Sandboxing

Posted on by

The sandboxing appliances popularly deployed today are performing well against your average”0-day” malware threat, but capabilities decline dramatically the more targeted an adversary becomes. As such, organizations are much better at stopping the generic non-targeted “Internet threats”, but becoming more vulnerable to marginally tuned malware. For example, any piece of malware that requires the user to perform an action at a specific time (before it acts maliciously) is sufficient to evade detection in most cases.

via The Increasing Failure Of Malware Sandboxing — Dark Reading.

‘Fort Disco’ Botnet Behind Attack Campaign Against Thousands Of Sites

Posted on by

“The number of weak passwords is not surprising, as this campaign is clearly a target of opportunity and not focused on a specific target,” Bing says. “This is interesting as it marks a sea change in the tactics of attackers. In addition to drive-by exploits of unpatched Windows machines being the low-hanging fruit, attackers are learning that these blog and content management systems are often vulnerable to trivial attacks.”

via ‘Fort Disco’ Botnet Behind Attack Campaign Against Thousands Of Sites.

Web Ads Used to Launch Online Attacks

Posted on by

It didn’t take long for the victimized test server to begin struggling under the sudden load. In the first hour of the test, during which only $2 was spent on ads, more than 130,000 connections from browsers swamped the server. It wasn’t much longer until the server began falling offline under the growing load.

via Web Ads Used to Launch Online Attacks | MIT Technology Review.

US agency baffled by modern technology, destroys mice to get rid of viruses

Posted on by

EDA’s CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.

via US agency baffled by modern technology, destroys mice to get rid of viruses | Ars Technica.

And you want these people in charge of economic development?

Microsoft, FBI takedown Citadel botnet

Posted on by

According to Microsoft pirated Windows XP product keys were used to spread the Citadel malware. Redmond isn’t claiming a full take down because of the sheer size of the botnet but, it is optimistic that the seized equipment will help it to strengthen defenses in the future.

via Microsoft, FBI takedown Citadel botnet – ParityNews.com: …Because Technology Matters.

Prior to take down of Citadel, Microsoft has been a key player in take down of other botnets like Bamital, Kehlios and Nitol botnet