Support our Sponsors

uClip Clipping Path Service

Main Menu
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions

feed-image Feed Entries

spamNEWS | botnet | phising | virus | spam | mallware
Russian Hackers Organises a 5-Year Old Cyber-Espionage Campaign PDF Print E-mail
Written by Administrator   
Friday, 24 October 2014 19:00

Researchers of iSIGHT Partners examined the code used in the attacks and observed that government leaders and institutions have been targeted by a cyber-espionage campaign apparently based in Russia since last five years.

Security researchers of iSIGHT said that the team known as Sandworm has been active since 2009 and has been using Windows vulnerability CVE-2014-4114 in concurrence with a series of other flaws to compromise users of government agencies, academic institutions, NATO, a telecom, defense and energy firms.

The researchers named the operation as "Sandworm" as the attackers make numerous references to the famous 1960s science fiction epic Dune in their code.

The attackers use spear-phishing emails to target and lure users into opening a rigged PowerPoint file containing the exploit code for the vulnerability. Once the exploit code fires, it downloads the malware known as Black Energy which starts collecting sensitive data for exfiltration.

Researchers said that the malware steals SSL keys, sensitive documents and code-signing certificates along with other items. The Windows zero day affects all versions of Windows which are presently supported and researchers said that exploiting the bug is very simple. The exploit code can be loaded into any Office document and when it executes, the machine does not crash and so the user may not be aware of any attack.

iSIGHT believes that the attackers may be Russian because researchers found files in Russian language on the command server employed by Sandworm. Another indication is that the lists of victims are all strategically connected to the Ukrainian conflict. While research pundits have not found any technical indications which link the criminals to the Russian government but according to the company, the fact that the operation centered on cyber-espionage and not cybercrime which means high probability of involvement of nation-state. It is also very dearly and time-consuming to hunt for security holes in the operating system which indicates that the group had most likely got nation-state support and funding.

Researchers of F-Secure previously identified Sandworm in a whitepaper released last month on a group known as Quedach. published news on 14th October, 2014 quoting a written statement of F-Secure researchers as "In the summer of 2014, we observed that some samples of BlackEnergy malware started targeting organizations of Ukrainian government for collecting information."

Read more... - Russian Hackers Orga...
Security Companies Collaborate to Mitigate Threat Posed by Hidden Lynx PDF Print E-mail
Written by Administrator   
Friday, 24 October 2014 19:00 reported on 15th October, 2014 stating that a joint effort by security firms has struck a serious blow against malicious software (tools) employed by Hidden Lynx which is a cyber-espionage gang.

It is believed that Hidden Lynx is based in China and has been associated with attacks against American military contractors and other enterprises all over the world. Researchers of several companies joined forces in collaboration dubbed 'Operation SMN' targeting the Hikit backdoor and other various other malicious programs used by the criminal group.

Symantec, one of the companies of the group said "Hidden Lynx used Hikit while compromising reliable file-signing infrastructure of Bit9 in 2012. This attack was then exploited to organize VOHO operation in July 2012 with the help of malware signed by Bit9. The final target of this operation was US enterprises whose PCs were Bit9 protected and again Hitkit played an important role in this campaign.

Symantec added that Hidden Lynx is considered as one of the pioneers of the 'watering-hole' attack method and it seems to have early access to zero-day vulnerabilities.

Hidden Lynx is considering to employ 50 to 100 people and it is suspected to offer hacking -as-a-service and selecting a varied range of targets as per the demand of its funders.

The Chinese group added more backdoors as Gresim and Fexel to their arsenal in 2013 which were used in association with Hitkit. Symantec wrote that Gresim was not known before the collaboration of security companies.

The companies namely FirEye, Cisco, iSIGHT Partners, F-Secure, Microsoft, ThreatConnect, Tenable, ThreatTrack Security, Novetta, Volexity and Symantec are the members of the coalition of security companies.

Novetta refers the group (Hidden Lynx) as Axiom which has similarities with other groups and many security vendors name cyberattacks as Voho, Elderwood, DeputyDog, ShellCrew and Ephemeral Hydra. published news on 15th October, 2014 quoting the confirmation news of collaborative effort of Stephen Doherty, Security Expert of Symantec as "This is the first time a significant effort has been made to disrupt the activities of an APT and we are excited to involve in this. We will try to ensure better protection for target organization through this effective collaboration in future."

Read more... - Security Companies C...
Malvertising Scam Disturbs more than 113,000 US Users, Says Trend Micro PDF Print E-mail
Written by Administrator   
Thursday, 23 October 2014 05:00

Trend Micro lately said that it detected malicious advertisements exhibited on YouTube, while those also diverted over 113,000 Internauts within USA onto dangerous websites within merely one month.

Usually, Internet advertising firms remain on the lookout for such advertisements for blocking them as the ads move about across their networks; still some of the harmful ones occasionally get through. However, hackers reap immense benefit from such ads that could yield them many victims once displayed on a site that receives large traffic.

According to Fraud Researcher Joseph Chen at Trend Micro, the latest malvert flow was a disturbing occurrence. For, besides getting displayed on YouTube, the ads appeared on videos that received over 11m views. Indeed, one popular record label uploaded one specific video, an audio one that numerous people viewed, reveals Chen. published this, October 15, 2014.

The researcher blogged that Web surfers visiting the advertisements got returned via 2 servers situated within Holland.

He elaborated that the attackers attempted at making their campaign appear genuine so they picked one Polish government website whose DNS information they modified. They didn't hijack that site rather added sub-domains to alter its DNS information. The sub-domains would take onto the attackers' servers, Chen said. Help-Net-Security published this, October 14, 2014.

Chen continued that the victims eventually got diverted onto one US-situated server that supported a known exploit kit, Sweet Orange.

Furthermore, the current attack's final payloads represent the KOVTER group-of-malware, the new variants identified as TROJ_KOVTER.SM. KOVTER has long been employed for different ransomware assaults. However, it's short of the encryption functionality seen in the CryptoLocker type of advanced assaults. The online sites, which TROJ_KOVTER.SM abuses for exhibiting the false alerts, have been withdrawn.

Meanwhile, Microsoft sometime back found the aforementioned flaw within its Internet Explorer browser and so issued one patch during May 2013. If anybody has deployed that updated IE/Adobe/Java, he'll be protected from the assault. In the case of previous versions, users will remain vulnerable since the online crooks continue to use them.

Trend Micro has by now apprised Google about the malvertising campaign while expects that Google will deal with the perpetrators fast.

Read more... - Malvertising Scam Di...
Penny Stock Spam Mail Campaign Targets Little Familiar Mineral Firm; BitDefender PDF Print E-mail
Written by Administrator   
Thursday, 23 October 2014 05:00

BitDefender is cautioning Internauts about one fresh penny stock bulk e-mail run which hitherto witnessed millions of spam mails landing inside inboxes worldwide so a hardly-familiar mineral firm has its stock value artificially raised.

The security company pinged over 3m distinct sample e-mails thus prompting it to describe the spam campaign as the biggest as well as most successful assault surrounding company shares during 2014. Enticing phrases have been used to attract the e-mail readers as the spammers made the messages appear legitimate through web-links for Yahoo Finance, Bloomberg, Reuters, the NASDAQ and MarketWatch.

Chief Security Strategist Catalin Cosoi with BitDefender explains how fraudsters make money out of their campaign by enticing investors with information of certain penny stock that will quickly rise in value. Called the pump-and-dump fraud, there's a general familiarity regarding the trick played, especially since the 2013 feature film 'The Wolf of Wall Street' depicted the trick used in a stock scam. When innumerable victims purchase the shares, the scammers dump or extensively sell their excess valued stocks into the same market, attaining huge monetary benefits, Cosoi adds. Help-Net-Security published this, October 14, 2014.

The spam mails show headers - "Christmas is here early my friend" or "Read up on this immediately" along with message body both crafted towards convincing readers they are forgoing benefits by not buying the shares.

Spam promoting over-valued penny stocks normally revolves around only one firm per campaign, with one fresh stock scam emerging every 2-3 months. Till now, the firms targeted in 2014 are Inspiration Mining Corporation, Rainbow International Corp., and Rich Pharmaceuticals Inc., among others.

Compromised PCs have been used to dispatch junk e-mails to distant South Korea, India and Australia. Numerous IP addresses hosted in UK too were recently spotted dispatching the e-mails.

According to Cosoi, the UK Internet Protocols in all probability are of infected PCs added to the stock spamming network-of-bots. These PCs are possibly disseminating the scam devoid of end-users' awareness, he contends. published this, October 14, 2014.

BitDefender has further talked with US Securities and Exchange Commission that stated that it was handling numerous complaints singleton stock-buyers had lodged.

Read more... - Penny Stock Spam Mai...
McAfee - Alia Bhatt is the Riskiest Celebrity in Indian Cyberspace PDF Print E-mail
Written by Administrator   
Wednesday, 22 October 2014 07:00 reported on 13th October, 2014 stating that security firm McAfee has revealed in a recent survey the names of most-searched Indian celebrities in Indian cyberspace with Bollywood actress Alia Bhatt topping its list.

As per the eighth edition of McAfee's most sensational survey, cyber criminals are taking advantage of the public's fascination for celebrities and entice them to websites maligned with malware enabling them to embezzle passwords and personal details.

Alia lead the list with 81 infected search results followed by Aamir Khan (78 malicious sites), Priyanka Chopra (69), Shahrukh and Salman Khan (64 each), Katrina Kaif (63), Shradha Kapoor (62), Ranveer Singh (61), Deepika Padukone (60), Hrithik Roshan (59) and Sonakshi Sinha with 58 malware ridden websites to her name.

The Times of India published news on 13th October, 2014 quoting the details and confirmation of the survey by Venkat Krishnapur, Vice-President of Engineering-Consumer, Business Group, McAfee India Center as "Fans treat Celebrities like demi-gods and want to know everything about their favorite stars by downloading their latest pictures, wall papers and music videos. So it's not only information but also videos and pictures which lure fans to search for their favorite star on the Internet. We have found from the survey that cyber criminals look for 2 things which are most popular and loved celebrity and the most trending celebrity and Alia Bhatt has been trending recently because of her new movies, selfies, Internet memes, spoof videos, etc."

He added that cyber criminals are constantly searching for ways to take advantage of fans interest related to TV shows, movies and latest trends of celebrities.

Surprisingly, Kareena Kapoor, Akshay Kumar, Saif Ali Khan, Amitabh Bachchan, Farhan Akhtar and Sunny Leone who stood at 4th, 5th, 6th, 7th, 8th and 9th positions respectively last year have all dropped out of this year's list.

McAfee advised that users must be aware about clicking links of third party and should ensure the usage of web protection which informs users about any fake sites or links before they visit or click them.

Moreover, users should avoid downloading videos from suspected websites and "free downloads" as it is the highest virus-prone search term.

Read more... - McAfee - Alia Bhatt ...
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1197
The Spamproblem is
Who's online
We have 33 guests online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us