11 total posts
Microsoft Security Essentials fails AV-Test
In the current comparison tests run by AV-Test, the free Microsoft Security Essentials (MSE) suite was the only anti-virus product that didn't meet the institute's certification criteria. The laboratory publishes its results every other month. In the previous test, Microsoft's scanner performed well enough to be certified; MSE last failed the test two years ago.
AV-Test examines security programs' performance in terms of protection and repair as well as their usability, and candidates can achieve a maximum of 18 points in total. At least 11 points are required for certification; MSE narrowly missed this mark, scoring 10.5 points. Two months ago, Microsoft's anti-virus program was still achieving 12.5 points.
Points were lost in all areas: the program lost half a point in terms of protection and usability, and a whole point in the repair category. The protection result was mainly caused by MSE blocking fewer current threats: of the newly arrived malware samples, MSE only detected about 64% in October, while the average detection rate was 89%. Of the malware samples that were two to three months old, MSE detected 90%; the average detection rate was 97%.
Continued : http://www.h-online.com/security/news/item/Microsoft-Security-Essentials-fails-AV-Test-1761415.html
Pentagon Deploying DARPA to Wage War on Backdoors
The speculation is rampant that certain manufacturers are installing backdoors in their own products or that foreign and criminal elements are exploiting weaknesses in the supply chain to compromise IT and networking equipment somewhere between vendors and their customers. The Pentagon is trying to find some way of guaranteeing that their hardware and software are secure, and so the Department of Defense is assigning its out-there research division, the Defense Advanced Research Projects Agency (DARPA), to do just that.
On Friday, DARPA officials said that the DoD does not have the capacity to ensure the security of all of its devices in a timely fashion with the resources currently at its disposal. To remedy this, DARPA intends to develop a litmus test capable of determining the presence of backdoors and other malicious functions within the DoD's current and future IT infrastructure.
The "Vetting Commodity IT Software and Firmware" (VET) program plans to find, in their words, "innovative, large-scale approaches to verifying the security and functionality of commodity IT devices." The Pentagon's goals are as simple and straightforward as they are lofty. DARPA's announcement lists 'defining malice,' 'confirming the absence of malice,' and 'examining equipment at scale' as the primary technical challenges that the project will address.
Continued : https://threatpost.com/en_us/blogs/pentagon-deploying-darpa-wage-war-backdoors-120412
DARPA to Hunt for Malicious Functions in Hardware and Software
DARPA declares war on backdoors
How the Eurograbber attack stole 36 million euros
Check Point has revealed how a sophisticated malware attack was used to steal an estimated €36 million from over 30,000 customers of over 30 banks in Italy, Spain, Germany and Holland over summer this year.
The theft used malware to target the PCs and mobile devices of banking customers. The attack also took advantage of SMS messages used by banks as part of customers' secure login and authentication process.
The attack worked by infecting victims' PCs and mobiles with a modified version of the Zeus trojan. When victims attempted online bank transactions, the process was intercepted by the trojan.
Under the guise of upgrading the online banking software, victims were duped into giving additional information including their mobile phone number, infecting the mobile device. The mobile Trojan worked on both Blackberry and Android devices, giving attackers a wider reach.
Continued : http://www.net-security.org/malware_news.php?id=2344
Eurograbber SMS Trojan steals €36 million from online banks
Sophisticated Zeus Campaign Stole €36 Million From 30,000 Bank Accounts
Exploit kit authors thrive due to PoC code released by..
Do exploit kit authors actually write the exploits they include in their offerings? Sophos' researcher Gabor Szappanos says the answer is a resounding "No."
Having spent the last year following the development of the Blackhole exploit kit, he says the last few exploits for zero-days added to it were all works of whitehat researchers who published their own exploit code online. In one particular case, the Blackhole author practically copy-pasted the published code into his exploit kit's code.
"The author of the Blackhole exploit kit seems to be more comfortable as a system integrator and web application developer than anything else, and is far from being a hardcore vulnerability researcher," he comments.
This revelation should not come as a total surprise, as other researchers have noted a similar pattern.
Continued : http://www.net-security.org/secworld.php?id=14069
Vrublevsky Sues Kaspersky
The co-founder and owner of ChronoPay, one of Russia's largest e-payment providers, is suing Russian security firm Kaspersky Lab, alleging that the latter published defamatory blog posts about him in connection with his ongoing cybercrime trial.
Pavel O. Vrublevsky, is on trial in Moscow for allegedly hiring the curator of the Festi spam botnet to attack one of ChronoPay's rival payment processors. He spent six months in prison last year after admitting to his part in the attack on Assist, a company that processed payments for Russian airline Aeroflot.
The events leading up to that crime are the subject of my Pharma Wars series, which documents an expensive and labyrinthine grudge match between Vrublevsky and the other co-founder of ChronoPay: Igor Gusev — the alleged proprietor of GlavMed and SpamIt, sister organizations that until recently were the largest sources of spam touting rogue Internet pharmacies. For his part, Vrublevsky has been identified as the co-owner of a competing rogue pharmacy program, the now-defunct Rx-Promotion.
ATM Thieves Swap Security Camera for Keyboard
This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like child's play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine
The story comes from O Estado de S. Paulo ("The State of Sao Paulo"), a daily newspaper in Brazil's largest city. According to the paper, late last month a crook approached an ATM at the Bank of Brazil and somehow removed the security camera from the machine. Apparently, the camera was a USB-based device, because the thief then was able to insert his own USB stick into the slot previously occupied by the camera. As you can imagine, a scene straight out of Terminator 2 ensued.
The attacker was then able to connect a folding keyboard to the ATM's computer and restart the machine. The newspaper story isn't crystal clear on the role of the USB device — whether it served as a replacement operating system or merely served to connect the keyboard to the machine (it's not hard to imagine why this would be so easy, since most ATMs run on some version of Microsoft Windows, which automatically installs drivers for most USB-based input devices).
How script kiddies hijacks your browser to steal password
How script kiddies can hijack your browser to steal your password
"Technique also works for any data entered into a browser's search box."
[Screenshot: A demonstration showing a site that hijacks a browsers search function and intercepts the contents.]
Be careful what you type on your computer while surfing the Web. It very well could be funneled to a script kiddie who has appropriated a handful of lines of code and inserted it into his site.
Proofs of concept here and here show how this method could be used to trick people into divulging their password or credit card number respectively. The pages pose as lists that catalog leaked user data and invite visitors to search it to see if their information is included.
Continued : http://arstechnica.com/security/2012/12/how-script-kiddies-can-hijack-your-browser-to-steal-your-password/
Five Most Dangerous Malware Trends of 2013
Amit Klein @ the Trusteer Blog:
Looking back over the past months of our research findings, 2012 was characterized by the increasing sophistication of malware's ability to evade detection and the beginning of financial fraud platforms like Zeus, SpyEye and others crossing over to attack enterprise endpoints. We expect criminals to continue to innovate in 2013 and step up attacks against enterprises. Trusteer's security research group identified what they believe will be the top five most dangerous trends in malware in 2013. Our findings, which include Google attacks, native 64-bit Windows malware and increasingly advanced evasion techniques, are summarized in the infographic below.
Malware is currently the leading method cybercriminals use to compromise enterprise networks and financial institutions' customer accounts. Unfortunately, we see strong indications that cybercriminals are investing considerable development resources to make malware even more sophisticated and evasive.
Continued : http://www.trusteer.com/blog/five-most-dangerous-malware-trends-of-2013
Tumblr troubled by trojan text - Update
An outbreak of a worm on Tumblr, the microblogging platform, hit many accounts by taking advantage of the platform's reblogging capability. The payload of the worm was the publication of a posting angrily explaining how the worm's authors hated Tumblr users, was analysed by Sophos which noted that the malicious code was embedded mostly as a Base64-encoded string hidden within a data URI. Once decoded and executed, it would pull code and content from another website.
The code would direct users to a login page if they were not logged into Tumblr at the time, but if they were logged in, it would reblog the message in the user's account. As the message contained the malicious code, the worm was spread through the reblogging. As an extra factor for confusion, on leaving the page, it was possible that the malicious code would display a dialog claiming Tumblr would be down for maintenance for several hours.
Tumblr confirmed the worm was spreading early on and within a couple of hours announced they had the worm breakout under control. But the problem demonstrates, yet again, the importance of cleaning and validating text input into web applications and ensuring that output text is not in a position to be executable by user's browsers. This is doubly important for social media and sharing sites where the systems are akin to a petri dish for self-replicating code.
Continued : http://www.h-online.com/security/news/item/Tumblr-troubled-by-trojan-text-Update-1761800.html
Related: Tumblr worm proliferated due to XSS flaw