New Silex malware is bricking IoT devices, has scary plans

Posted on June 25, 2019 by mea

This also means Silex will trash Linux servers if they have Telnet ports open and if they’re secured with poor or widely-used credentials.

Source: New Silex malware is bricking IoT devices, has scary plans | ZDNet

Ruh roh!

Leaked NSA Malware Is Helping Hijack Computers Around the World

Posted on May 13, 2017 by mea

The U.S. software weapon would have allowed the spy agency’s hackers to break into potentially millions of Windows computers by exploiting a flaw in how certain versions of Windows implemented a network protocol commonly used to share files and to print.

Source: Leaked NSA Malware Is Helping Hijack Computers Around the World

From: Security Update for Microsoft Windows SMB Server (4013389)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Smartphone malware planted in popular apps pre-sale

Posted on September 1, 2015 by mea

Earlier this year, G Data contemporary Marble Security found a fake, pre-installed version of Netflix had been stealing personal data from several smartphone models, including the Samsung Galaxy range and the LG Nexus, and transmitting its swag to a server in Russia.

Source: Smartphone malware planted in popular apps pre-sale

Hacking Team’s RCS Android: The most sophisticated Android malware ever exposed

Posted on July 22, 2015 by mea

The spyware is delivered either via the aforementioned app, or via an SMS or email that contain a specially crafted URL that will trigger exploits for several vulnerabilities in the default browsers of Android versions 4.0 Ice Cream Sandwich to 4.3 Jelly Bean.

This will allow the attacker to gain root privilege, and allow the installation of a shell backdoor and RCS Android.

Source: Hacking Team’s RCS Android: The most sophisticated Android malware ever exposed

Self-repairing software tackles malware

Posted on November 16, 2014 by mea

Unlike a normal virus scanner on consumer PCs that compares a catalog of known viruses to something that has infected the computer, A3 can detect new, unknown viruses or malware automatically by sensing that something is occurring in the computer’s operation that is not correct. It then can stop the virus, approximate a repair for the damaged software code, and then learn to never let that bug enter the machine again.

via Self-repairing software tackles malware — ScienceDaily.

The A3 software is open source, meaning it is free for anyone to use, but Eide believes many of the A3 technologies could be incorporated into commercial products

Download papers from the source: A3 : Flux Research Group

The A3 project applies virtualization, record-and-replay, introspection, repair, and other techniques to develop a customizable container for “advanced adaptive applications.” The A3 container provides its protected application with both innate and adaptive defenses against security threats.

Available Software

Stackdb — a VMI-enabled debugging library for multi-level systems (read the paper; browse the source code; git clone the source repository)
Weir — a streaming language for systems analysis (read the paper; browse the source code; git clone the source repository)
XenTT — a “time-traveling” hypervisor (docs and source code)

Researchers Find Malicious Tor Exit Node Adding Malware to Binaries

Posted on October 24, 2014 by mea

The exit node in question was in Russia, and Pitts discovered that the node was actively patching any binaries he downloaded with a piece of malware. He downloaded binaries from a variety of sources, including Microsoft.com, and each of them came loaded with malicious code that opens a port to listen for commands and starts sending HTTP requests to a remote server.

via Researchers Finds Malicious Tor Exit Node Adding Malware to Binaries | Threatpost | The first stop for security news.

From: The Case of the Modified Binaries

Companies and developers need to make the conscious decision to host binaries via SSL/TLS, whether or not the binaries are signed. All people, but especially those in countries hostile to “Internet freedom,” as well as those using Tor anywhere, should be wary of downloading binaries hosted in the clear—and all users should have a way of checking hashes and signatures out of band prior to executing the binary.

Turning USB peripherals into BadUSB

Posted on October 3, 2014 by mea

BadUSB – Turning devices evil. Once reprogrammed, benign devices can turn malicious in many ways, including:

A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.

The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.

A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.

via Turning USB peripherals into BadUSB | Security Research Labs.

The biggest iPhone security risk could be connecting one to a computer

Posted on August 14, 2014 by mea

Apple issues developer certificates to those who want to do internal distributions of their own applications. Those certificates can be used to self-sign an application and provision it.

Wang’s team found they could sneak a developer provisioning file onto an iOS device when it was connected via USB to a computer. A victim doesn’t see a warning.

That would allow for a self-signed malicious application to be installed. Legitimate applications could also be removed and substituted for look-alike malicious ones.

via The biggest iPhone security risk could be connecting one to a computer – Computerworld.

SynoLocker demands 0.6 Bitcoin to decrypt Synology NAS devices

Posted on August 5, 2014 by mea

It’s not clear yet how SynoLocker’s operators installed the malware, for example, if they had exploited a vulnerability in Synology devices. CSO Australia has asked Synology for comment and will update the story if it receives one.

According to the victim, Synology’s support team are interested in hearing from victims who have not reinstalled its Linux-based DiskStation Manager NAS operating system. Synology’s NAS devices were hit late last year by scammers looking to use their compute power to mine several cryptocurrencies, including Bitcoin.

via SynoLocker demands 0.6 Bitcoin to decrypt Synology NAS devices – CSO | The Resource for Data Security Executives.

Having proper backups would thwart this attack. Simply wipe the box and rebuild the NAS.

Malware Posing as Official Google Play App Found in….Official Google Play Store

Posted on June 19, 2014 by mea

When you click on it, the app asks for administrator privileges of the device. Once opened the sole user interface FireEye observed for the app contains pops up saying “Program Error” and “It’s Deleted!” when translated to English from Korean.

via Malware Posing as Official Google Play App Found in….Official Google Play Store.

These exploits usually require the user to approve of something first.

The app captures text messages, security certificates and banking details which it then sends to a Gmail address included in the malware – an email address which Google has now terminated

Bucktown Bell

Cut to the chase.

Tag Archives: malware