Support our Sponsors


uClip Clipping Path Service



Main Menu
Home
News
Blog
Links
Search
Resources
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions
Login



Syndicate
feed-image Feed Entries

spamNEWS | botnet | phising | virus | spam | mallware
Chinese Linux Trojan Jumps to Windows PDF Print E-mail
Written by Administrator   
Friday, 29 August 2014 13:00


According to Russian anti-malware software house Dr. Web, a Chinese computer Trojan written for Linux OS (operating system) has apparently jumped to Windows.

Dr Web first revealed in May 2014 that the original malicious software known as "Linux.Dnsamp" is a DDOS Trojan, or a Distributed Denial of Service Trojan which transmits between Linux machines. It alters the startup scripts, collects and sends data of machine configuration to the server of the hacker and then run silently and wait for orders.

Now the same computer thugs appear to have ported the computer Trojan to run in Microsoft Windows and dubbed it "Trojan.Dnsamp.1"

The Windows edition gains admission into the operating system pretending as Windows Service Test and its then hoarded in the folder of the system of the tainted machine entitled "vmware-vmx.exe".

The threat is crafted to trigger only if the date of the system is set after 2nd December, 2013 otherwise it remains inactive.

It launches attack with a signal to attackers and then obediently waits for the commands to begin the DDoS attack. Worse, it can download and run other malevolent programs creating bigger problem for the end user.

Itprortal.com published news on 20th August, 2014 quoting the security firm as saying "researchers of Dr. Web discovered certain features in the Trojan's code which indicate that it has been written by the virus makers behind Linux.BackDoor.Gates and Linux.DDoS malware."

Dr. Web also says that they found maximum attacks against Chinese servers by this particular Trojan family during the monitoring period of 5ht June to 13th August, 2014.

In July 2014, well-known Russian security firm Kaspersky identified a comparable DDoS Trojan for Linux which, most interestingly, could conduct DNS (Domain Name System) amplification attacks and not like other Linux Trojans, it had an advanced modular structure.

Dr. Web concluded that although most users of computers are vulnerable to threat of malware everyday but to find a threat on Linux machines is a lot rarer and it is almost unheard of any type of malware to be transferred from one operating system to another operating system as is happening in the above mentioned case.

Read more... - Chinese Linux Trojan...
 
Microsoft - Malware Authors Writing Rogue AV More Advanced Now PDF Print E-mail
Written by Administrator   
Friday, 29 August 2014 11:00

Infosecurity-magazine.com reported on 21st August, 2014 quoting software giant Microsoft as "Rogue anti-virus authors are now using browser-based strategies in a new attempt to infect users and improve their success rates."

Infosecurity-magazine.com reported on 21st August, 2014 quoting an explanation of Daniel Chipiristeanu, a Researcher at Microsoft Malware Protection Center (MMPC) recently as "in the past rogue AV would use the hosts file to block access to the genuine security software of victim making it unable to protect against the malware."

He said that Rogue: Win32/Defru, a new variant, will now totally block access to the Internet.

Ibtimes.co.uk published a statement of Chipiristeanu on 21st August, 2014 saying "When the user is surfing the Net, the rogue will employ the hosts file to redirect links to a notorious specific bogus website which is frequently used in social engineering by fake AV malware."

Chipiristeanu said that the rogue is written in PHP and continues at machine reboot by adding up to the registry key.

Luckily, it isn't complicated to eradicate the malware from a tainted device as users must eliminate the entry value from the "Run" registry key and remove the executable file from the disk and admissions from the "hosts" file.

Presently, most of infected machines by Defru - as indicated by language - seem to be found in Russia.

Moreover, product payment can be carried out through credit card at Payeer.com, a payment service based in Russia that also helps in operations relating to currency exchange.

It infected other nations like the United States which comes on a distant second followed by Kazakhstan as third. The remaining infections are mainly in Middle Eastern and Eastern European states with minor infections in Western Europe also.

Securityweek.com reported on 21st August, 2014 quoting Jayce Nichols, Chief of Threat Analysis and Innovation at iSIGHT Partners as saying "we have been monitoring fake anti-virus for a prolonged time period now and it's been a preferred tool by the cyber criminals as users can be tricked effortlessly into either paying for a phony subscription or downloading malicious software while being presented as it looks like a genuine anti-virus alert."

Read more... - Microsoft - Malware ...
 
Kaspersky Identified a New Cyber-espionage known as ‘Machete’ PDF Print E-mail
Written by Administrator   
Friday, 29 August 2014 11:00

Kaspersky, a security firm, recently discovered a new cyber-espionage operation code-named Machete.

Securityweek.com published a report on 20th August, 2014 quoting Kaspersky as saying "sometime ago , a customer of Kaspersky Lab in Latin America told us that his machine might have been infected with an unknown and undetected malware during his visit to China. We found a very interesting file in the system while assisting the customer which contained no Chinese coding traces and is completely unrelated to China. At first look, it pretends to be an application related to Java but if you analyze it quickly, you will find it more than just a Java file."

The malware at the center of attacks is capable of many actions including capturing audio and screenshots, logging keystrokes, taking photos from the webcam of victim and capturing geo-location data. The malware, if inserted, can also copy files to a USB device and can also copy files to a remote server and it can also hijack the clipboard and capture information from the infected machine.

Kaspersky observed that attackers targeted high-profile organizations like government institutions and military and intelligence services in Venezuela, Columbia, Ecuador, Peru, Spain, Cuba and Russia (where an embassy for one of the named countries was targeted).

Kaspersky explained that the cybercriminals used social engineering for spreading malware and sometimes they employed spear-phishing electronic mails together with web-based contamination to distribute via specially-drafted bogus blogs.

The campaign has an odd technical feature which is the usage of Python language code compiled into Windows executable files.

Scmagazineuk.com reported on 20th August quoting Troy Gill, Manager of Security Research of AppRiver as saying "The origin of this attack is still unknown but as per the targets, it can be assumed safely that the attack was initiated by a nation state or some group acting on their behalf. The design and longevity of Machete is attractive but this is just the tip of an iceberg when it comes to these kind of advanced espionage attacks. We simply don't know that what kind of cyber-weapons like Machete is being deployed by each nation which is creating alarming situation."

Read more... - Kaspersky Identified...
 
Bitcoin Phishing Scam Hits Over 400 Businesses, Says Proofpoint PDF Print E-mail
Written by Administrator   
Thursday, 28 August 2014 13:00

Proofpoint, the e-mail security company situated in California has just exposed one Bitcoin phishing scam that of late targeted over 400 organizations while attempting at deceiving end-users into giving away personal passwords of their Bitcoin purse.

A minimum of 12,000 phishing e-mails were dispatched within dual outbreaks to the organizations belonging to various industries comprising media, finance, higher education, manufacturing and technology, among others.

Posing as communication from Bitcoin's highest level transaction database Blockchain.info, the e-mails utilize one typical template of "account warning."

Telling that a hacker got lately identified attempting at accessing the user's A/C from China, the e-mails, according to Proofpoint, try to sound urgent by taking advantage of well-known fears related to hack incidences from China. The messages further utilize one unique-appearing "case ID" so they'd sound more authentic.

The phishing electronic mail also includes the date when an attempt was made to infiltrate the wallet, the location along with IP address of the infiltration source.

Thereafter, one web-link labeled as "reset password" is provided for end-users to follow as well as make their passwords afresh on the spoofed Blockchain.info site that simply grabs all info which the victims submit.

Actually, whilst resetting the wallet password, one general login error alert greets the victim as his A/C info heads for the scammers.

It maybe noted that Blockchain is a wallet service used most widely for Bitcoins. Blockchain.com boasts having about 2m consumers that increased from 400,000 during September 2013, while experiences 60,000-or-more transactions daily.

The phishing e-mail scam had 2.7% recipients open the e-mails. Moreover, given that merely 1% of people worldwide utilized the crypto-currency, it's likely that the figure will escalate in future thus giving opportunity to scams similar as these for ensnaring more victims.

Specifically, according to Vice-President Kevin Epstein of the Department of Advanced Security and Governance at Proofpoint, as Bitcoin became more and more popular, assaults understandably would rise, as also get more refined. The latest outbreak was targeting numerous business as well as non-business users. Even people without Bitcoin accounts were viewing the messages despite no reason for doing so, stated Epstein. Threatpost.com published this, August 20, 2014.

Read more... - Bitcoin Phishing Sca...
 
Reveton Ransomware Now More Advanced, Says Avast PDF Print E-mail
Written by Administrator   
Thursday, 28 August 2014 13:00

According to Avast the security company, Reveton, known to be a notorious ransomware utilizing a 'police' tactic, is now in an upgraded version with an additional password stealing feature which causes even more damage compared to what standard ransomware would impose.

Avast's researchers stated that the most recent edition of Reveton attacked entities in fresh black market as its developers made it more sophisticated from just a lock-screen malware onto one treacherously-powerful stealer of user credentials and passwords via the addition of the latest Pony Stealer edition. With that, over 110 applications became affected while the user's PC got converted into a botnet device.

The upgraded malware contained seventeen key codes for theft that, amongst others, aimed at OS credentials, e-mail clients, Web-browsers, FTP clients, Internet-based poker clients, instant messaging systems, along with over 140 sub-modules.

At present, the Reveton malware further seizes passwords from the BlackCoin, BitCoin, DodgeCoin, DarkCoin, VertCoin and LiteCoin crypto-currency wallets. This crypto-currency module of the malware is capable of sealing QT wallets as well as mimicking the log-in page following execute of an immediate one.

Moreover, there's a firepower included inside Reveton that's yet one more password-stealer different from Pony, however, strongly impairs anti-virus solutions of the infected computer.

To remove Reveton's infection, some other operating system requires being booted to check the startup options for detecting dubious LNK files, suggests Avast. These files are supposed to show how the binary can be reached via examination of the properties box that displays the CPP components to which the LNK files are assigned.

The security company conjectures that Reveton may've been upgraded because profits were declining from simply shutting access to PCs for ransom extractions. So, the malware developers decided for venturing inside one fresh black business zone, Avast blogged. Computerworld.com published this, August 20, 2014.

Meanwhile, sometime in Feb 2013, a man of Russian origin got detained inside Dubai when Spanish police requested so citing he reportedly masterminded Reveton campaigns, churning some USD1.3m in profits. Ten more individuals too got detained being accused of laundering the money while transmitting the same to Russia, said Trend Micro.

Read more... - Reveton Ransomware N...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1177
Polls
The Spamproblem is
 
Who's online
We have 31 guests and 1 member online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us