Support our Sponsors

uClip Clipping Path Service

Main Menu
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions

feed-image Feed Entries

spamNEWS | botnet | phising | virus | spam | mallware
After One Root Certificate Another Detected on Dell Computers Along with Tracking Vulnerability PDF Print E-mail
Written by Administrator   
Tuesday, 01 December 2015 06:00

Following the discovery of one root certificate that of its own performed digital signatures within Dell laptop and desktop PCs enabling exploitation for launching MitM (man-in-the-middle) assaults, security researchers detected another similar certificate as well as one security flaw capable of enabling user activity tracking, published dated November 25, 2015.

According to the researchers, consumer and commercial computers from Dell that execute software known as Dell Foundation Services contain eDellRoot name of one root certificate as well as its personal key. A cyber-miscreant if abuses this weakness could tap communications of HTTPS type while seize critical data else deliver malicious software to victims.

Explaining the above stand, Dell stated that the company had packed the certificate starting August 2015 along with its Dell Foundation Services updates. The root certificate enabled employees towards recognizing the PC model during sale to customers.

Once the alarm was raised, steps on how the root certificate could be removed came from Dell and the company began thrusting fresh updates created for erasing eDellRoot.

Nevertheless, there's one more certificate included into the Dell systems which MitM attackers could exploit. To install and utilize this other certificate is the application namely Dell System Detect that contains the features "Detect Product" to assist end-users recognize their laptop's technical details along with model and make.

Immediately like eDellRoot, there's another application called DSDTestProvider that too is loaded to Windows together with its personal key. Attackers can use this for extracting data to subsequently utilize the same for executing MitM assaults, delivering horrendous malware supposedly from an authentic place.

Dell has offered directions to customers regarding the way they can manually erase the certificate, while further plans towards providing software update for its PCs for checking if the certificate is present as also how to subsequently eliminate it.

Meanwhile, in 2015, a similar case of vulnerability in out-of-the-box computer was found with Lenovo laptops caused from one pre-loaded application known as Superfish. This program changed hits from online search for displaying various advertisements; however, it as well meddled with the PC's inbuilt security. The problem finally got resolved through one special tool.

Read more... - After One Root Certi...
Retailers of US are Alerted after Detection of Serious PoS Malware PDF Print E-mail
Written by Administrator   
Tuesday, 01 December 2015 06:00 reported on 24th November, 2015, stating that security experts of iSIGHT Partners, a cyber threat intelligence firm, are warning about a major new sophisticated POS malware framework that could inflict havoc among retailers in US, as they are heading towards the busy forthcoming shopping season.

The malware known as "ModPOS" has already targeted the US retailers, and most probably it is being used somewhere else in trying to collect card details.

As per the firm, it has already updated many retailers and payment firms. Further, it is working with the Retail Cyber Intelligence Sharing Center (R-CISC) to help in stopping the further dissemination of the POS malware.

The firm explained that "the actors behind the ModPOS software have shown a very professional level of expertise in developing the software; and created a complex, highly functional and modular code base that places a very heavy emphasis on obfuscation and persistence. Thus, making ModPOS go undetected by many types of modern security defenses".

It was difficult to do the analysis as the technical details for each target are different, which was possible due to ModPOS' versatile and modular structure.

Uploader/Downloader, POS Scrapper and Keylogger are the three main modules of ModPOS, which are supposed to provide basic RAM scrapping, exfiltration functionality and communication.

If debit/credit card or any other type of data sent from a device, which is originally infected, is believed to be valuable, then the C&C server of the malware will ask the downloader to procure other modules based on the technical makeup of the infected system.

Other modules provide functionality for asking about local processes and system settings, viewing and inspecting the local network, and for collecting username and password information for local and domain accounts.

All modules are packed kernel drivers, which also utilize encryption and obfuscation to dodge security software. As per iSIGHT, antivirus solutions by one vendor have only detected the Uploader/Downloader module, which marks it with a low-security risk.

So far, one bright spot about this malware is that its maker are not selling it at underground forums or distributing it to the public. reported on 24th November, 2015, quoting Maria Noboa, Senior Threat Analyst of iSIGHT, as saying "this indicates that the authors are holding it close to their chest because it's a profit center for them".

Read more... - Retailers of US are ...
Authorities of UK Arrest Cybercriminals Running Website of Cybercrime Services PDF Print E-mail
Written by Administrator   
Monday, 30 November 2015 08:00 reported on 23rd November, 2015, stating that authorities of UK have detained two suspects regarding service, which is a website providing AV evasion services to malware operators.

The arrests were made recently after a joint operation was conducted by security firm Trend Micro and NCA (National Crime Agency) of UK.

A man and a woman, aged 22 years from Colchester, Essex (UK), were initially arrested and later released on bail till February 2016.

The duo operated the notorious online service, which provided an extensive collection of complimentary and commercial tools for malware authors.

The website claimed that over 1.2 Million scans had been conducted since February 2015 before it was closed down. One of the latest features added to the cybercrime service known as "scanwatch", allowed users to continuously monitor the detection status of the files which they uploaded.

The website ( gave cyber crooks the possibility of adding features for antivirus evasion to their malware chiefly through the Cryptex toolkit.

This kit and all its versions, Cryptex Advanced, Cryptex Reborn and Cryptex Lite, were employed to give encryption for the code of the malware and bot-server communications.

Its latest version, Cryptex Reborn, was believed to be one of the most advanced such tools in recent years. Cybercriminals can buy Cryptex Reborn for prices that range from $20 to $90 per month for lifetime.

Business Reporter published news on 23rd November, 2015, quoting Steve Laval, of NCA's National Cyber Crime Unit, as saying "This continuous investigation shows how the NCA is taking its work with industry to fight cybercrime to the next level. Although the website offered services designed in helping to evade anti-virus software, computer users can protect themselves from malware threats by taking some simple precautions. The NCA urges all Internet users to ensure that they have installed updated anti-virus software on their machines and avoid clicking on unknown or doubtful links or attachments in emails".

A Memorandum of Understanding (MOU) was signed between the National Crime Agency and Trend Micro in July 2015, starting an important step toward cooperation between the two parties to combat cybercrime.

Read more... - Authorities of UK Ar...
Payment Systems of Hilton Worldwide Hit by Malware PDF Print E-mail
Written by Administrator   
Monday, 30 November 2015 08:00 reported on 25th August, 2015, quoting Hilton Worldwide Holdings, hotel chain operator, with headquarter at Virginia, United States, as saying that in some payment systems they have found unauthorized malware, which targeted payment card information including in Australian hotels".

Hilton recently said that a third party has investigated and found that specific payment card information are targeted by malware, which included names of cardholder, expiry dates, security codes and payment card numbers.

The company further added that the targeted information does not have PINs (Personal Identification Numbers) or addresses.

As per Hilton, customers who have used their cards at some stage - from November 18 to December 5, 2014; or April 21 to July 27, 2015 - are suggested to verify their bank statements. published news on 24th November, 2015, quoting a statement of the company that "Hilton Worldwide is strongly committed to protect payment card information of customers, and we sincerely regret for any inconvenience caused to customers due to this". published news on 25th August, 2015, quoting a Spokesperson of Hilton Worldwide Holdings on being asked about the breach in Australia, as saying "payment systems were impacted across our global portfolio during the date range and consumers should be cautious about their statements if they stay at one of our properties".

The Double Tree and Conrad hotel chains owner, however, did not give details on the number of affected cards.

The declaration came just few days after Starwood Hotels, which operates the Westin and Sheraton chains, said that the payment systems are infected by the hackers in few of its establishments, possibly leaking credit card data of customer.

As per Starwood, the hacking took place at "limited number" of its hotels in North America. Some of its other popular chains include W Hotels and St Regis.

Starwood said that forensic experts investigated and found malware in few gift shops, restaurants, and other points of sale systems at hotels. published news on 25th November, 2015, quoting a statement of the group that "the malware was designed to collect certain payment card information including name of the cardholder, security code, payment card number and expiry date".

Read more... - Payment Systems of H...
RSA Finally Exposes ‘GlassRAT’ a RAT Running for Years PDF Print E-mail
Written by Administrator   
Monday, 30 November 2015 08:00

According to RSA the security company, an earlier unidentified RAT (remote access tool) named "GlassRAT" is now exposed.

The Trojan enjoying zero detection seems to have been running treacherously for 3-yrs, with evidence that it's getting utilized in one highly prevalent targeted attack that concentrates on Internauts in China employed at corporate houses.

GlassRAT utilizes plentiful typical indications of good, extremely effective for the minimum, malware creation. An installer of the malware is signed utilizing one hijacked certificate of one renowned and trustworthy publisher. Once the payload is delivered, the malware deletes itself. The payload when installed causes the malevolent DLL file to remain undetected to anti-virus firms.

It maybe noted that the command-and-control (C&C) infrastructure of GlassRAT has shown a short-interval similarity with the C&C detected within campaigns related to malicious software disclosed during 2012 which attacked the Pacific region's military and government agencies.

In particular, GlassRAT linked up with the C&C hosting for Mirage malware that in turn is linked up with Mirage, PlugX and Magicfire malware attacking the government of Mongolia and the military of Philippines.

RSA states the similarity within shared infrastructure suggests probable slippage of operational securities from GlassRAT perpetrators at least if not execution of infrastructure sharing. reported this, November 23, 2015.

The organization from where the certificate was seized isn't known because RSA wouldn't reveal the name; however, the company does state that the certificate is annulled. With the said certificate the malware's installer is digitally authorized that erases itself having pulled down the RAT onto the hijacked computer. According to RSA, an unnamed software firm at Beijing has created one application which pulling along over 500m users has its name identical to the one the RAT uses within the certificate window at the time of installation.

Meanwhile, Primary Researcher Kent Backman for the investigation at RSA says, the malware is known to be very effective against big-budget multinational corporations. For years it remained undetectable to anti-virus software with the possibility that if it were to be even widely implemented it would have had fewer chances of bypassing anti-virus detection, Backman highlights. reported this.

Read more... - RSA Finally Exposes ...
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1340
The Spamproblem is
Who's online
We have 88 guests and 6 members online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us