Malware

Newly IDed 'MiniFlame' malware targets individuals for attack

A new form of state-sponsored malware is making the rounds, this one apparently designed specifically to spy on its victims.

Dubbed "MiniFlame" by Kapersky Lab, but also known as SPE, the new malware variant is similar to the Flame virus that targeted computers in the Middle East this past summer. But MiniFlame is a cyber espionage program that can take over where Flame leaves off.

As described by Kaspersky:

First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information. After data is collected and reviewed, a potentially interesting victim … Read more

Worm spreading on Skype IM installs ransomware

A malicious worm spreading through Skype instant messages threatens to take control of a victim's machine and hold its contents for ransom.

The issue, which was first brought to light Friday by GFI, tricks users into downloading a ZIP file by displaying the socially-engineered message, "lol is this your new profile pic?" along with a link that also spreads the message to other Skype users. The ZIP filed contains an executable file that installs a variant of the Dorkbot worm and creating a backdoor via "Blackhole," an exploit kit used by criminals to infect computers … Read more

Symantec: Russian criminals sell Web 'proxy' with backdoors

A black hat Russian operation has served malware to hundreds of thousands of users a year who thought they were signing up for a paid proxy service, Symantec said today.

The security company said in a blog post that it has linked the malware to a cluster of Russian Web sites -- including one called Proxybox.name -- that claim to provide proxy access, VPN services, and antivirus scanning. Proxybox.name requires users to download what it calls "functional, simple, and convenient" proxy software.

Vikram Thakur, principal manager at Symantec Security Response, told CNET this afternoon that:

What … Read more

Regulators shut down global PC 'tech support' scam

Regulators from five countries joined together in an operation to crack down on a series of companies they say orchestrated one of the most widespread Internet scams of the decade.

The U.S. Federal Trade Commission (FTC) and other international regulatory authorities today said they shut down a global criminal network that allegedly bilked tens of thousands of consumers by pretending to be tech support providers.

FTC Chairman Jon Leibowitz, speaking during a press conference with a Microsoft executive and regulators from Australia and Canada, said 14 companies and 17 individuals were targeted in the investigation. In the course of … Read more

Lookout now blocks Dialer exploits

Android fragmentation affects security patches, too. Instead of waiting to see which devices have been protected against a Dialer app vulnerability discovered earlier this week, Lookout Mobile Security (download) has stepped into the breach with a patch for it today. So far, it's the only known Android security app to block the exploit, but even Lookout's patch requires initial user input.

The vulnerability allowed some Samsung phones to be remotely wiped from the Dialer app, the "phone" part of your smartphone. While Samsung pushed out a patch quickly, it's not clear if other phones have … Read more

Adobe to revoke code signing certificate

Adobe said today it will revoke a code signing certificate after discovering malware that was digitally signed with the certificate.

"Adobe is currently investigating what appears to be the inappropriate use of an Adobe code signing certificate for Windows," Brad Arkin, senior director of security at Adobe, wrote in a blog post. "We plan to revoke the impacted certificate on October 4, 2012 for all software code signed after July 10, 2012."

"The evidence we have seen has been limited to a single isolated discovery of two malicious utilities signed using the certificate and indicates … Read more

Maker of smart-grid software discloses hack

Telvent Canada says someone sneaked past its internal firewall, installing malicious software and stealing files related to control software it makes that's used to manage the electric grid in various countries.

The company warned customers last week that it learned of a breach of its network on September 10, according to the KrebsOnSecurity blog. Project files associated with the firm's OASyS SCADA (supervisory control and data acquisition) software were stolen, the post says.

"Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to … Read more

Samsung smartphones vulnerable to remote data wipe

Owners of the Samsung Galaxy S2 and S3 may be vulnerable to a flaw that could allow their personal data to be deleted from their device, a security researcher has discovered.

The malicious code, which is now circulating on the Internet, could trigger a factory reset of the popular handsets, according to Ravi Borgaonkar, a researcher in the Security in Communications department at Technical University Berlin, who demonstrated the vulnerability at the Ekoparty security conference in Argentina last week (see video below).

The flaw lies in the way Samsung's TouchWiz UI interacts with unstructured supplementary service data (USSD) codes, … Read more

Cyberspying effort drops 'Mirage' on energy firms

Researchers have uncovered a new cyberespionage campaign being waged on a large Philippine oil company, a Taiwanese military organization and a Canadian energy firm, as well as targets in Brazil, Israel, Egypt and Nigeria.

The malware being used is called "Mirage" and it leaves a backdoor on the computer that waits for instructions from the attacker, said Silas Cutler, a security researcher at Dell SecureWorks' Counter Threat Unit (CTU).

Victims are carefully targeted with so-called "spear-phishing" e-mails with attachments that are "droppers" designed to look and behave like PDF documents. However, they are actually … Read more