7 total posts
MiniDuke Espionage Malware Hits Governments in Europe Using
... Adobe Exploits
New espionage malware has been discovered that targets a patched sandbox-bypass vulnerability in Adobe Reader. The attacks have hit a relatively small number of government victims in 23 countries, primarily in Europe, and rely on a string of unusual tactics, including the use of steganography to hide backdoor code, as well as the capability to reach out to Twitter accounts created by the attackers for links to command and control servers.
Dubbed MiniDuke by researchers at Kaspersky Labs and CrySyS Lab, these attacks were active as of one week ago. They rely on effective social engineering to deliver infected PDFs targeting Adobe Reader 9-11. The PDFs purport to be Ukraine's foreign policy and NATO membership plans, as well as information for a phony human rights seminar. The victims are not geographically similar; Kaspersky Labs reports 59 victims, most throughout Europe, a few Middle Eastern countries, Brazil and the United States.
"This is a unique and very strange attack. The many different targets hit in separate countries, together with the high profile appearance of the decoy documents and the weird backdoor functionality indicate an unusual threat actor," a Kaspersky and CrySyS report said. "Some of the elements remind us of both Duqu and Red October, such as the minimalistic approach, hacked servers, encrypted channels but also the typology of the victims."
Continued : https://threatpost.com/en_us/blogs/miniduke-espionage-malware-hits-governments-europe-using-adobe-exploits-022713
Bizarre old-school spyware attacks governments, sports Mark of the Beast
Old school malware used for spying on European govts
'Old School' MiniDuke Malware Targets European Governments Via Adobe
Fake Adobe Flash Update Installs Ransomware,
.. Performs Click Fraud
From the Symantec Security Response blog:
Adobe Flash is one of the most widely distributed products on the Internet. Because of its popularity and global install base, it is often a target of cybercriminals. Cybercriminals are using social engineering methods to distribute their malware through fake Flash update sites, often compelling unsuspecting users, who may be in need of a software update, to unknowingly install malware.
Recently, we came across the following site masquerading itself as an Adobe Flash Player update page:
http://16.a[REMOVED]rks.com/adobe/ [Screenshot: Fake Adobe Flash update page]
The attacker has created what appears to be a rather convincing landing page; however, there are a few inconsistencies. Most of the links resolve back to the attacking domain and all of the links within the page—besides the link to the malware itself—resolve back to the root directory of the site, resulting in a 404 error.
The attacker's main goal is to make sure that a successful installation occurs, and presents two options to the user for maximum return.
Continued : http://www.symantec.com/connect/blogs/fake-adobe-flash-update-installs-ransomware-performs-click-fraud
ISP's to Implement Pirate Notification System
From Bitdefender's "HOTforSecurity" blog:
Internet Service Providers in the US are reportedly working on implementing a copyright infringement notification system to flag subscribers who download or upload copyrighted material via peer-to-peer services.
According to a report issued by The Associated Press, the Copyright Alert System will allow copyright holders to prompt internet service providers to deliver a notification that the IP address is involved in illegal file exchanges.
It is commonly known that publishers often monitor uTorrent trackers and collect IP addresses involved in exchanging copyrighted materials such as games, music and movies. Under the new system, publishers will be able to submit these IP addresses, along with the time the infringement has been detected, to the Internet Service Provider. The ISP looks up who had the specific IP address at the respective time and notifies them that they are breaking the law.
Continued : http://www.hotforsecurity.com/blog/internet-service-providers-to-implement-pirate-notification-system-5497.html
Comcast Punishes BitTorrent Pirates With Browser Hijack
Comcast revealed today how it will deal with customers who receive multiple warnings under the newly launched "six-strikes" anti-piracy system. After four alerts the ISP will "hijack" web-browsers of suspected serial pirates with a persistent pop-up notification, making it impossible to browse the Internet. The pop-up will disappear after the customer "resolves the issue" with a Customer Security Assurance professional.
Earlier this week when the six strikes system launched, little was known (officially) about the punishments ISPs were planning for persistent pirates.
Since then Verizon reinstated their copyright alerts section, revealing the mitigation measured that leaked last month. Today Comcast follows with a brief overview on how they will handle things.
In common with other ISPs, Comcast will start out with friendly alerts informing customers that their account has been used to share copyrighted material. After four warnings, repeated offenders will then enter the "mitigation phase" during which their service will be interrupted.
Continued : http://torrentfreak.com/comcast-punishes-bittorrent-pirates-with-browser-hijack-130227/
Targeted malware attack piggybacks on Nvidia digital
When it comes to targeted attacks, Tibetan-themed campaigns seem to be a popular choice for attackers. They don't lose momentum and just keep coming back day after day.
Recently I saw one of these attacks which had an interesting chain of events. It used multiple layers, including one that abused a legitimate, signed Nvidia application. Although we were already protecting users, I decided to dig a little deeper and find out what was happening.
The path from malicious document to installed backdoor was not as simple as you might imagine.
What I found was a multi-stage installation process involving a security vulnerability, two stages of shellcode, an archive, and an innocent application abused by the attackers. In this article we will explore how the attack worked, including technical details along the way.
Continued : http://nakedsecurity.sophos.com/2013/02/27/targeted-attack-nvidia-digital-signature/
Related : Anti-Tibetan Attack Stems from Nvidia Abuse, Old RTF Vulnerability
IE10 for Windows 7 Globally Available for Consumes
IE10 for Windows 7 Globally Available for Consumers and Businesses
Rob Mauceri @ the IEBlog:
Published 26 Feb 2013
Internet Explorer 10 is available worldwide in 95 languages for download today. We will begin auto updating Windows 7 customers to IE10 in the weeks ahead, starting today with customers running the IE10 Release Preview. With this final release, IE10 brings the same leading standards support, with improved performance, security, privacy, reliability that consumers enjoy on Windows 8, to Windows 7 customers.
20% faster for real world Web sites
Continued : http://blogs.msdn.com/b/ie/archive/2013/02/26/ie10-for-windows-7-globally-available-for-consumers-and-businesses.aspx