Tag Archives: malware

Yes, that PC cleanup app you saw on TV at 3am is a waste

Posted on by

To highlight just why you and your loved ones should never let these applications anywhere near your PC, we picked one that we have recently seen ads for: MyCleanPC. It’s the archetypal Windows cleanup app—and you probably shouldn’t install it.

via Yes, that PC cleanup app you saw on TV at 3am is a waste | Ars Technica.

There are some useful tips on cleaning your PC in this article.   Like the article advises, I also use Malwarebytes exclusively to scan every now and then if something seems to be running funny.  Being on a monitored wifi allows for my firewall, the gateway between the wifi and Internet, to alert me of any funny communication coming from my PC.  I have some other unconventional PC security advice that I may provide in a future post once I can put together all my thoughts into a coherent package.

Apache plugin turns legit sites into bank-attack platforms

Posted on by

Bureau didn’t say how the site running the plugin was hacked. Many legitimate websites used in malware attacks are commandeered after administrator credentials are compromised. He said the malicious Apache plugin is separate from a Linux rootkit discovered last month that also injects malicious content into otherwise legitimate webpages.

via Apache plugin turns legit sites into bank-attack platforms | Ars Technica.

Automated Malware Analysis Under Attack

Posted on by

When it infects the system, UpClicker takes an innocuous first step, binding itself to the mouse. The malware then hibernates until a user clicks the left mouse button and then releases it. Unless security researchers emulate the button press, automated analysis systems will stop observing the malware before its actually does any malicious activity, and the code will not be flagged for further investigation.

via Automated Malware Analysis Under Attack – Dark Reading.

Extracting Data from Network Captures pcap with Perl

Posted on by

When I am analyzing network activity generated by malware, I am most interested in HTTP get/posts, the addresses the malware is communicating with, and the data that was actually sent or received.

via Extracting Data from Network Captures pcap with Perl « Mick’s Mix.

Chaosreader is a Perl script that takes a pcap file as its argument and will create communication summaries in a report format. It will also pull data from the tcp streams (within the pcap) and re-assemble the actual files.

Next-Generation Malware: Changing The Game In Security’s Operations Center

Posted on by

In a nutshell, the process of malware analysis and defense has evolved from a “set it and forget it” task into a skills-intensive, do-it-yourself research project. And that shift is having a profound effect on the staffing and day-to-day activities of the enterprise security department.

via Next-Generation Malware: Changing The Game In Security’s Operations Center – Dark Reading.

In the meantime, however, the best strategy for stopping next-generation malware is not to rely too heavily on any one technology, Manky advises. A combination of signature-based tools, behavior-based tools, traditional perimeter defenses, and next-generation application defenses can create such a muddle of problems for attackers that can discourage them — and send them looking for easier pickings elsewhere, he says.

New Android Malware Is A Burglar’s Best Friend

Posted on by

Newly released malware PlaceRaider sounds like science fiction: It’s Android malware designed to build 3-D models of users’ apartments for burglars and assassins. But PlaceRaider–developed by a team at Indiana University–is very real. The new malware was built as an academic exercise, and it exposes security flaws that government agencies would love to use. More importantly, it also exposes unintended mobile functionality that large companies like Google could easily monetize.

via New Android Malware Is A Burglar’s Best Friend | Fast Company.

Note again that this is a proof of concept and not actual malware in the wild.  It does inspire me to cover any phone or tablet camera with some kind of opaque tape.

Resilient ‘SMSZombie’ Infects 500,000 Android Users in China

Posted on by

If an Android user downloads the app and sets it as the device’s wallpaper, the app then prompts the user to install additional files. “If the user agrees, the virus payload is delivered within a file called ‘Android System Service,’” TrustGo explained.

via Resilient ‘SMSZombie’ Infects 500,000 Android Users in China | SecurityWeek.Com.

The article states that this only affects users of China Mobile.  I find it interesting that to get infected not only do you have to install the bad app, you also have to agree to install these additional files.  Wouldn’t the second prompt raise some suspicion?

Inside a ‘Reveton’ Ransomware Operation

Posted on by

In an alert published last week, the FBI said that The Internet Crime Complaint Center — a partnership between the FBI and the National White Collar Crime Center — was “getting inundated with complaints” from consumers targeted or victimized by the scam, which uses drive-by downloads to hijack host machines. The downloaded malware displays a threatening message (see image to the right) and blocks the user from doing anything else unless he pays the fine or finds a way to remove the program

via Inside a ‘Reveton’ Ransomware Operation — Krebs on Security.

Researchers Identify Four BlackBerry Zitmo Variants

Posted on by

Zitmo refers to a version of the Zeus malware that specifically targets mobile devices. Previous Zitmos variants masqueraded as banking security applications or security add-ons to circumvent out-of-band authentication systems used by some financial institutions by intercepting one-time passwords sent via text message and forwarding it to a another cell number that acted as a command-and-control device.

via Researchers Identify Four BlackBerry Zitmo Variants | SecurityWeek.Com.

Collaborating on research is important because the vulnerability doesn’t have to be within BlackBerry’s code to compromise the platform, Stone noted. For example, researchers exploited issues in the open source browser engine Webkit to hack a BlackBerry last year’s CanSecWest Pwn2Own contest. It’s about “protecting the ecosystem,” as one vulnerability identified in one platform can easily exist in another platform, Stone said.