Cyber Security News – November 1, 2011
- [WEB SECURITY] Cross-Application Scripting
MustLive: [WEB SECURITY] Cross-Application Scripting: Hello participants of Mailing List.
<br />
In the middle of October, I've published article about such class of XSS
vulnerabilities as Cross-Application Scripting (which is known for a long
time). In comparison with other articles about this class of XSS (which I've
read), my article has few advantages. [...] - [WEB SECURITY] How secure is Drupal?
Hani Benhabiles: [WEB SECURITY] How secure is Drupal?: As I said, general vulnerabilities sites don't show the whole picture but
they show a fair part of it especially when it comes to non targeted
attacks that the OP seems to be concerned about the most. When it comes to
plugins, I believe that Drupal's central repository and security reviewing [...] - U.K. Spy Chief Sees ‘Disturbing’ Volume Of Cyberattacks
- Avast Warns Of Web Attacks From WordPress Flaw
- Illicit Bitcoin Miners Steal Resources From Infected Macs
- Unmasking The Criminal Hacker
- Who should fight cyberspace’s battles?
The security services warn that cyber-attacks are on the rise . According to the director of GCHQ, attacks on both government and business have seen an “exponential rise” over the last two years.
- New Mac Malware Part Trojan, Data Stealer, Spyware, BitCoin Miner
The latest malware targeting Mac OS X steals user credentials and computer processing power to generate more Bitcoins, a virtual currency used online. – Security researchers have
uncovered yet another Mac Trojan in the wild, this time hiding inside pirated
versions of the Mac OS X image editing application GraphicConverter.
The pirated copy of
GraphicConverter 7.4 is being actively distributed on file-sharing networks and
torrent sites like Pi… - Update on the Zbot spot!
Hello Internet!
I’m back to update you on our changes to Zbot in the Malicious Software Removal Tool (MSRT). We reviewed the data coming back from MSRT in September and incorporated the findings into October’s MSRT (and beyond), which means we are now in a position to provide additional information.
As I mentioned in the previous blog post, the purpose of our special Zbot September update was to glean an insight into the effectiveness of MSRT against this prolific threat. Couple that with a focus on the Zbot family and, suffice it to say, we’re pretty happy with our findings and results!
And now, onto the numbers!
Historically, and prior to the September 2011 release, MSRT consistently detected about 90% of PWS:Win32/Zbot variants in the wild. For the month of September 2011, we detected and removed PWS:Win32/Zbot from around 185,000 distinct Windows computers, a stark increase to the months beforehand, which we can attribute the increase to additional technology added to MSRT for just such an occasion.
For October so far, we’ve removed Zbot from over 88,000 computers and we expect that number to grow to around 100,000 – again, a very good result from MSRT, illustrated in the chart below that lists October 2011 MSRT data:
MSRT FamilyThreat ReportsMachines DetectedZbot10138588765These increased numbers are also likely a result of new functionality we’ve seen in Zbot recently. It seems that some variants now automatically spread via the Windows autorun functionality; something that is very common with other prolific malware families, so it’s not very surprising we’re seeing it now – but is surprising we hadn’t seen it before now. Regarding autorun, Microsoft released a security update in February of 2011 that changed its default behavior – the result was an overall decline in threats utilizing autorun as a spreading mechanism. There is a Microsoft Knowledge Base article that discusses how to disable autorun in Windows, here.
October 25th marked the tenth anniversary of the release of Windows XP. And what a difference a decade makes! Consumers should upgrade to the newest operating system version in order to take advantage of enhanced security features of Windows 7 including AppLocker, User Account Control (UAC), Data Execution Prevention (DEP) and Structured Exception Handling Overwrite Protection (SEHOP). The recently released Microsoft Security Intelligence Report volume 11 shows that the latest Windows 7, 32-bit OS is six times less likely to become infected than the comparable Windows XP SP3.
And finally a reminder, MSRT isn’t a replacement for a full antivirus solution. You’re already infected when MSRT detects malware – using a security application with real-time protection can help prevent you from becoming infected in the first place.
Matt McCormack
MMPC Melbourne
- Malicious Gadhafi Death Spam Continues
Contributor: Anand Muralidharan
Recently, the death of Libyan leader Muammar Gadhafi triggered a malware attack which Symantec previously blogged about. We have observed spammers' continued delight with this news event through the sending of malicious attack and 419 spam messages.
In the spam targeting residents of Brazil, a video showing Gadhafi asking for mercy and containing disturbing images also carries malware. By clicking the link provided in the email, users actually download a malicious executable file. Symantec has identifed this threat as Trojan.Ransomlock!gen4.
The email's download links use the following URL patterns:
hxxp://noticias.removed.co.kr/folha/cotidiano/ult95u735971/videos/ult95u735937.php?0.71507
hxxp://noticias.removed.co.kr/folha/cotidiano/ult95u735971/videos/ult95u735937.php?0.01323
hxxp://noticias.removed.co.kr/folha/cotidiano/ult95u735971/videos/ult95u735937.php?0.06826The following email subject line was observed in the spam attack:
Subject: Novo video nao divulgado por ter imagens fortes mostra Kadhafi pedindo misericordia de joelhos e seus guardas sendo executadosThis subject line is translated into English as:
Subject: New video, not released due to disturbing images, shows Gadhafi executed on his knees while asking for mercy from guardsAnother spam email taking advantage of the Gadhafi death event is a type of 419 spam. This classical 419 message requests the victim to transfer huge sums of money toward a fund.
The following 419 spam emails are shown as samples:
Here are some subject lines observed in the Gadhafi 419 spam attacks:
Subject: Late Muammar Gaddafi's estate
Subject: Urgent Assistance Needed From Abu Ismail Aide-de-camp To Late Moammer Gaddhafi
Subject: WHAT DOES THE FUTURE HOLDS FOR US AFTER THE DEATH OF GADAFI
Subject: Libyan leader Moammar Gadhafi’s death maybe not trueInternet users are advised to continue to use caution when looking for pictures, video, and news of recent popular news events and take care to not open any suspicious links or attachments received in unsolicited email. Frequently update your security software, which protects you from online viruses and scams.
Digest powered by RSS Digest