Support our Sponsors

uClip Clipping Path Service

Main Menu
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions

feed-image Feed Entries

spamNEWS | botnet | phising | virus | spam | mallware
Destover Attack on PCs by Using Stolen Security Certificates from Sony PDF Print E-mail
Written by Administrator   
Thursday, 18 December 2014 06:00

Kaspersky Labs has found that the huge breach carried out against Sony Pictures Entertainment has led to a seemingly side effect wherein the 'Destover' malicious program is currently wreaking havoc by utilizing one embezzled digital certificate that belonged to SPE for probably hacking PC-systems.

The implication of this is that since there's a trust factor associated with the certificate deployed on certain PCs, the malware possibly has little difficulty in bypassing defense technologies such as default-deny policies and/or anti-virus programs. The entire provisions is allegedly for exploitation as certain folders accessed through the Sony hack contained an assortment of SPE's signing keys and security certificates.

Global Security Strategist Trey Ford with Rapid7 explains that suppose SPE-signed digital certificates got exposed during the hack, there could be serious problems confronting the IT security departments of other organizations. For, crooks may utilize embezzled digital certificates for authorizing Destover thus letting them circumvent the IT security solutions of several businesses without getting noticed, he analyzes. Mashable published this, December 9, 2014.

According to Vice-President of Security Strategy and Threat Intelligence Kevin Bocek at Venafi a security company, with further news coming in gradually about the SPE breach, it is little astonishing to know about Destover malware's latest variant, which the hackers employed, actually got signed with an authentic cert from Sony. Repeatedly, hacked companies like Sony are being seen carelessly enabling attackers by not sufficiently safeguarding the faith which cryptographic keys and digital certificates provide, Bocek bemoans. SecurityWeek published this, December 9, 2014.

Bocek continues that cyber-crooks have discovered how easily, quickly and successfully they can insert malicious software into corporate networks without getting detected via authenticating the malware with signature using filched/compromised e-certificates. They're aware how organizations usually can't recognize atypical certificates which nevertheless validate machines along with their operators on company networks, software programs as well as devices; consequently, they abuse the items.

It's typical of global organizations to use innumerable certificates/keys, while most don't maintain a proper stock of them, don't have an idea about the places they're deployed, the person(s) utilizing them as also don't maintain the proper security mechanisms for the same, Bocek tells.

Read more... - Destover Attack on P...
Study - Advertisers Losing $6.3 Billion to Cyber Fraud in 2015 PDF Print E-mail
Written by Administrator   
Thursday, 18 December 2014 06:00 reported on 9th December, 2014 stating that a new research report has disclosed that promoters will lose around $6.3 billion in 2015 to bots and cybercrime which impersonate human engagement.

Security vendor White Ops and the Association of National Advertisers (ANA) conducted the study known as "The Bot Baseline: Fraud in Digital Advertising" which approximates that billions will be lost in 2015 due to employment of bots systems.

Bots are automatic units which impersonate human behavior with an advertisement - whether watching a video or clicking on a URL - which tricks an advertiser into thinking that they have viewers. The cyber crook sets up fake advertisements and websites and uses bots to distribute bogus click-rates and audiences which never exist and the advertiser ends up paying without any benefit.

It is often buyers themselves who are carelessly acting like a slave in a bot net - because systems compromised by malware can be added to a bot sequence which becomes an additional meeting point for generating impressions of fake ad.

Researchers of the study analyzed 181 campaigns from 36 ANA member companies and measured 5.5 billion impressions in 3 million domains during 2 months from August to September.

The research revealed that 23% of video ad impressions were found to be bot fraud and 11% of display ad impressions.

The report observes that botnet activity was highest between midnight and 7 a.m. which means that buyers of ad can reduce illegal traffic by focusing on the period when most of the people may be awake. published news on 9th December, 2014 quoting Dan Kaminsky, Chief Scientist and Co-founder of WhiteOps as saying "display ads don't pay as much as video ads and fraudsters follow the money."

Industry group Interactive Advertising Bureau recently set up a special task force known as Trustworthy Accountability Group (TAG) to fight fraud. published a statement on 9th December, 2014 quoting Linda Woolley, CEO of TAG, as saying "research like this is important to build a program which will eliminate this type of criminal activity out of the supply chain. Fraudulent traffic, malware and IP piracy are impediments to the growth of the digital economy and TAG is dedicated to eliminate them."

Read more... - Study - Advertisers ...
Neverquest Trojan in New Updated Version Discovered PDF Print E-mail
Written by Administrator   
Wednesday, 17 December 2014 08:00

Security researchers, during November 2014, detected the notorious Trojan Neverquest in a new upgraded form attacking Web surfers, especially in North America, and then in comparatively fewer instances in Europe followed with Asia.

The security experts discovered that the new Neverquest version also dubbed Vawtrack gets served through a number of malware installers with Zemot as one.

Zemot belongs to the Upatre group of malicious programs that the Kuluoz/Asprox network of bot operators utilized many times for injecting extra malware into the infected PCs.

The researchers, incidentally from IBM Trusteer, noticed Neverquest as featuring one changed malware planting procedure in the latest version with exchange of messages from its command-and-control (CnC) systems being currently carried out through the proxy network Tor2web.

Since Neverquest's CnC systems are placed inside Tor, the communications via the network are coded to never get deciphered as also randomized thus enabling anonymity that in turn helped the cyber-crooks to safeguard their operations against security systems.

Ilya Kolmanovich Threat Engineer at Trusteer points out that besides engaging Zemot and Asprox botnet to disseminate the latest Neverquest, the Trojan as well gets served via attack toolkits within drive-by assaults. reported this dated December 6, 2014.

The investigators figured out that the changed malware planting procedure involves the installer installing DLL module of the Neverquest variant followed with running it by utilizing regsvr32.exe so DLL files get registered into the registry as command elements.

After this, Neverquest makes its own replicas inside the %Programdata% else %Appdata% directory as per the type of operating software (OS) working on the contaminated computer. Eventually, it utilizes "CreateRemoteThread" a function for thrusting the malevolent code inside Explorer.exe a lawful Windows process.

For evading security solutions, Neverquest's authors utilize dual techniques. One is "recurring runkey" for overwriting entry into Windows registry to maintain persistency of the malware on the host and the other is "watchdog" for recreating vital functions in case the original ones are terminated.

Indeed Neverquest's evolution many a times during 2013 has been consistent with being able to bypass newer and more effective security products each time, IBM Trusteer concludes.

Read more... - Neverquest Trojan in...
North Korea Not Behind Sony Hack, Asserts NDC PDF Print E-mail
Written by Administrator   
Wednesday, 17 December 2014 08:00

The National Defense Commission's Policy Department in North Korea (NK) has officially stated through a Spokesperson that there was no hand of the Korean government in planning the cyber-assault on SPE (Sony Pictures Entertainment), published dated December 8, 2014.

Earlier, while in New York, an unknown diplomat representing NK had denied the country's involvement in the assault.

The Spokesperson in his statement indicated that it was possibly regarded with favor by sympathizers and supporters of NK towards the hack against SPE after the DPRK (NK) made an appeal.

Several security researchers expressed suspicion on NK of possibly participating within the hack. Of the various breaches, the assault resulted in leakage of a comedy movie "The Interview" yet-to-be-released from Sony as the film satirized Kim Jong-Un the supreme leader of North Korea and which the country's government condemned as a symbol of terrorism. There was also employment of malware in Korean language during the assault.

The Spokesperson stated that Sony Pictures indeed was an entity that was preparing for making one movie backing a terrorist ploy even as it injured DPRK leader's dignity via exploiting U.S.' hostile policy against DPRK. reported this.

The Spokesman further stated that NDC wasn't aware about Sony Picture's base inside America as also what were its faults that led to the assault against it while simultaneously; the Commission didn't feel it should know the details. published this, December 7, 2014.

For emphasizing NK government's non-involvement within the incident, NDC states that there's little information with the government regarding SPE's actions which annoyed the attackers apparently going by the name 'Guardians of Peace.'

An erstwhile U.S. representative to North Korea Joseph DeTrani lauded NK for always being honest in admitting/not admitting having a hand behind different attacks, albeit according to him, the country required modifying its policy. published this, December 8, 2014.

A Recode report informs that the never-like-before breach has resulted in 4 unreleased movies from Sony getting leaked along with salary details about numerous staff members. Not only this, the attackers have re-threatened to harm Sony employees along with families, during the 1st-weekend of December 2014.

Read more... - North Korea Not Behi...
Fraudulent E-mails with Parliament Logo Doing the Rounds PDF Print E-mail
Written by Administrator   
Tuesday, 16 December 2014 16:00

According to a warning by South Africa situated Cape Town legislature, a scam electronic mail displaying the Parliament's logo is circulating online, published dated December 4, 2014.

The warning statement also notes that Parliament has no association with the fraudulent e-mail containing the emblem of the government as well as Parliament, published

Actually, receivers of the scam message get informed that a successful verification has been performed of their "contract/inheritance/Winning [sic]" document and that they should send over their details.

They're also told that Nhlanhla Nene the Finance Minister on behalf of the government had given a direction regarding the way they would receive their payments.

According to Parliament, the e-mail's signatory apparently is the Deputy Finance Minister Mr. Mcebisi Jonas; however, as per the e-mail, he's Chairperson of the Finance Portfolio Committee.

The Parliament adds that scam e-mails of the same kind have been noticed during earlier years after which the latest sample is also circulating.

It has therefore directed the public towards overlooking such e-mails.

Worryingly, it's because of the aforementioned kind of scam e-mails that spam has been on an increase on the Internet, security analysts explain after examining the currently going fake e-mail run.

If there's copying of identity of any government department, required diligence is essential. So incase anybody receives letter asserting it's from that department then he should diligently determine if the letter is authentic via directly talking to the department through established and dependable sources.

Specialists state that the above fraudsters are extremely persuasive while remaining active. Their strategy is highly advanced and so extremely effective in fooling people or entities.

Consequently, users are advised not to get duped via cunning e-mails, refined web-link labels, or similar attachments. It's best nobody ever clicks web-links else takes down files from unknown sourced electronic mails, as it isn't necessary that a web-link will take onto the destination it claims for taking. Indeed, for knowing the real destination of a web-link, one can right-click by placing the cursor on it followed with copying and pasting the URL address into his PC's notepad as one of the ways, specialists conclude.

Read more... - Fraudulent E-mails w...
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1216
The Spamproblem is
Who's online
We have 26 guests online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us