Support our Sponsors


uClip Clipping Path Service



Main Menu
Home
News
Blog
Links
Search
Resources
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions
Login



Syndicate
feed-image Feed Entries

spamNEWS | botnet | phising | virus | spam | mallware
‘Mayhem’ Proliferates through Web-Servers FreeBSD, Linux, State Experts PDF Print E-mail
Written by Administrator   
Monday, 28 July 2014 07:00

Security researchers have spotted one new malware that is named "Mayhem" as it proliferates through FreeBSD and Linux Web-servers, published theregister.co.uk dated July 18, 2014.

Security researchers Evgeny Sidorov, Konstantin Otrashkevich and Andrew Kovalev from Yandex, an Internet company in Russia, conducted a study of both the CnC (command-and-control) and client-side servers of Mayhem followed with writing a paper for Virus Bulletin.

According to them, a partial assessment of Mayhem that MalwareMustDie research team published during May 2014 reveals that the malware has various functions which are of one conventional bot for Windows; however, it's capable of operating even when rights to systems are restricted. Securityweek.com published this, July 18, 2014.

The researchers explain that Mayhem gets spread in the form of PHP script that became detectable during mid-June by just 3 AV solutions on VirusTotal. Once on any PC, the threat starts interacting with its CnC server through responses and requests pertaining to HTTP POST.

In all, the researchers identified 7 CnC commands. Among the functions Mayhem performs are included informing about its successful installation onto the target PC to the server; requesting for files; transmitting data; as well as reporting about its condition. Conversely, the CnC instructs the bot to execute any fresh task, halt an ongoing one, transmit data, or plant plug-ins, the researchers disclose.

Also, being Modular, it's possible to expand Mayhem's functions via plug-ins; right now, researchers have uncovered eight -these include deciphering passwords of users surfing on Joomla or WordPress, through brute-force method; crawling websites for gathering information; locating certain RFI (remote file inclusion) security flaw as well as detailing Web-surfers of WordPress sites.

An assessment of the CnC servers regulating the botnet, aided the team effectively unearth certain statistical figures from two that in all regulated 1,400 contaminated servers.

Apparently, the countries having most infections comprise Canada, USA, Germany and Russia.

Mayhem peddlers haven't enabled the key computers' complete utilities, as they harbor other malicious elements too which hadn't gotten served to the infection spreading bots.

Technically, the researchers have discovered one plug-in, which abuses 'Heartbleed' one lately-spotted flaw, while garners data stored on attack-prone servers.

Read more... - ‘Mayhem’ Prolife...
 
Cyber-criminals Disseminating Critroni a New Ransomware PDF Print E-mail
Written by Administrator   
Monday, 28 July 2014 07:00

According to security researchers, Critroni, one fresh ransomware can be bought on secret crime websites as its sellers say the malware is one fresh edition or generation of CryptoLocker, notorious ransom software known since long, reported softpedia.com dated July 19, 2014.

Buyers need to pay a good $3,000 to get Critroni and according to researchers, different kinds of attackers are currently using it, a few of whom employ Angler, name of an exploit toolkit, for planting spambot onto end-users' computers.

This spambot is relevant because it pulls down Critroni among other payloads. Incase Critroni manages to land on a user's computer, it would encrypt documents and photos after which it would exhibit one dialog box telling about the infection while directing the victim to pay a ransom in Bitcoins so his files can be decrypted.

Kafeine, security researcher from France, after studying the threat explains that the ransom must be paid in 72-hrs, while victims who do not have any Bitcoins are given instructions regarding the way they can obtain the same within different countries.

Critroni is unique in that its C&C server relies on Tor, something noticed within other malware types during the past few months; however, no crypto ransomware exhibited the same feature.

According to Senior Malware Analyst Fedor Sinitsyn from Kaspersky Labs, the new Critroni utilizes C2 concealed inside Tor. Earlier, no cryptomalware was observed equipped with C2 within the Tor network. It was solely the case with banker Trojans, Sinitsyn says. Infosecurity-magazine.com published this, July 20, 2014.

Sinitsyn continues that an executable code is implanted onto Critroni that helps set the Tor connection. Earlier, such connection was done via one Tor.exe file for this kind of malware. However, it's more difficult to implant Tor features onto any cryptomalware so far as programming is concerned. Yet there are certain benefits from it such as aiding it eschewing detection, while being more efficient overall, the analyst points out.

Kafeine notes that Critroni has appeared many times. At first it was a curse to Russian speaking users, while lately it's also targeting English-speaking people so appearing within more regions. Infosecurity-magazine.com published this.

Read more... - Cyber-criminals Diss...
 
Amazon, Top Malware-Hosting ISP; Solutionary PDF Print E-mail
Written by Administrator   
Friday, 25 July 2014 07:00

Solutionary recently released its Q2-2014 Threat Intelligence Report through its SERT (Security Engineering Research Team) that located the ten most severe international ISPs (Internet Service Providers) as well as other hosting providers which harbored malicious software. Of the said ten, Amazon Web Services ranked No.1 as a worldwide ISP that hosted malware among the over 21,000 ISPs examined.

Possibly even unfortunate is that Amazon harbored malware amounting 16% during the entire 2013 that increased to a massive volume of 41% by the time it was July 2014 -almost becoming threefold within six months.

Evidently, it isn't that cyber-crooks have abused Amazon in an unprecedented instance to host big malware volumes. For, according to Solutionary, the situation was same as described within its SERT report of Q4-2013, while security experts from Kaspersky, during 2011, found Amazon Web Services supporting the infamous SpyEye Trojan.

The above can be partly attributed to the scale and widespread utilization of Amazon with respect to its cloud facility as well as the low prices it carries. Thus, any attempting Web hacker could purchase server screenshots available underground followed with loading them onto Amazon for constructing network of online sites spreading malware.

Meanwhile, service provider GoDaddy was behind just 2% of malicious programs, an improvement from the high 14% of malware it was behind during Q4-2013.

Solutionary says the situation with GoDaddy is either because it made improved efforts in spotting as also disabling malevolent websites else the assaulters shifted focus onto different ISPs. To cite examples, Website Welcome and Akrino both service providers that previously were behind below 1% of malicious programs currently occupy positions among the ten most prevalent malware-harboring ISPs.

According to Solutionary, the ten most severe ISPs harbor 52% of the malicious programs spotted during Q2-2014.

Moreover, the company's gathered data from honeynets and honeypots indicate that USA hosted 56% of the identified malicious programs, indicating a 12% hike from Q4-2013.

This increase, according to Director of Research Rob Kraus from Solutionary's SERT, is probably because malicious actors used Dropbox and Amazon's cloud structure in an increased manner. Networkworld.com published this dated July 15, 2014.

Read more... - Amazon, Top Malware-...
 
Experts Warned Users of LinkedIn of a New Phishing Email Campaign PDF Print E-mail
Written by Administrator   
Friday, 25 July 2014 07:00

Softpedia.com reported on 14th July, 2014 quoting a warning by experts as "A new phishing email campaign tries to steal credentials of users of LinkedIn."

The credentials of these accounts are more valuable than Facebook users because LinkedIn is a very popular social network for professionals.

The latest phishing campaign sends an email to victim saying that the account has been blocked due to non-usage for a long time.

The victim is asked to click on a link and verify the email address with username and password to activate the LinkedIn service.

The crooks ask for the primary address to ensure for the right information as sometimes multiple ones are available for the LinkedIn account.

However, security experts analyzed the phishing email and comment that LinkedIn never send such emails asking its users to click a link in the message to confirm his/her email address and it's totally fake.

Actually, the email is a phishing scam to trick you to disclose your LinkedIn login details to cybercriminals. If you click on the link, you will be taken to a fake website which resembles a genuine LinkedIn login page and once you 'logged in' to the fake site, you may be automatically redirected to the genuine LinkedIn website.

In the meantime, crooks can collect login credentials of your LinkedIn account to access it and use the service to launch scam campaigns and ongoing spam in your name.

Request for updating the account details is a favorite trick and one should be wary of any such requests through email. If you receive such message, never click on any links or open any attachments which come with such emails.

LinkedIn disassociated itself from the above phishing campaign and gives lot of tips to identify phishing emails. One of the tips is to look at the link and check if it takes you to a valid LinkedIn domain.

LinkedIn also suggests that logging into its service is done in secure manner and if you find HTTPS connection is missing then you can be sure that it is a scam email.

Read more... - Experts Warned Users...
 
Fresh Data-Stealing Trojan, Kronos Identified PDF Print E-mail
Written by Administrator   
Thursday, 24 July 2014 07:00

As per Trusteer, one fresh PC-Trojan, going by the name Kronos, created for seizing login credentials as well as more financial details entered onto Internet banking websites, has become widely known through increased canvassing on secret crime forums.

Senior Fraud Prevention Strategist Etay Maor of Trusteer states that one recent advertisement observed on one Russian cyber-criminals website promotes Kronos. The malware is capable of capturing credentials during Web-browsing activities within Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. For the purpose, it utilizes HTML injection and form-grabbing methodologies, Maor explains. Pcworld.com published this, July 14, 2014.

Kronos, as per the advertisement, matches well with HTML injection scripts developed for the notorious Internet-banking Trojan ZeuS, now not being developed any more. The design choice has been made for letting cyber-criminals who continue to employ Zeus within their activities towards shifting onto Kronos without difficulty.

Alongside the info-stealing abilities, Kronos features one user-mode rootkit that suitably attacks 64-bit and 32-bit Windows computers, while safeguards the Trojan's processes from any other rival malware on the systems.

According to Kronos' creators via certain post on the underground forum, the Trojan carries a license so long as it'll exist for which it's priced $7,000 payable through Perfect Money, Bitcoin, the BTC-E exchange for Bitcoin/Litecoin, or WMZ. It also has bug fixes and updates for free, however, clients will require obtaining freshly-developed modules through separate payments, they explain.

To conduct a promotional campaign for the Trojan, Kronos' sellers further offered buyers 7 days' testing time for $1,000 during when they would get complete access to Kronos' regulatory panel.

Highlighting the most worrying facet about the Trojan, Senior Security Strategist George Tubin of Trusteer pointed to the Kronos tactics of eluding security measures, particularly anti-virus software. SCMagazine.com published this, July 14, 2014.

Moreover, it's anticipated that Kronos will employ one injection method undetectable by anti-virus, along with encrypted command-and-control interactions whose malicious traffic will remain invisible to researchers.

Now, one must wait and see whether this new malware turns out real and if there'll be a widespread adoption of it by cyber-criminals, in the phase of it presently being highly costly malicious software.

Read more... - Fresh Data-Stealing ...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1165
Polls
The Spamproblem is
 
Who's online
We have 139 guests online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us