7 total posts
NSA Whistleblower Article Redirects to Malware
Hackers have latched on to the NSA surveillance story—literally.
A news story on the outing of whistleblower Edward Snowden posted to the Washington Free Beacon is serving malware redirecting visitors to a malicious site where more malware awaits. The Free Beacon site remains infected, according to Invincea researchers, who said they have contacted the news organization about the attack. The story is being linked to by the popular Drudge Report and it's likely to have snared a pretty good number of victims so far.
"This exploit appears to be the same as used against other media sites to infect readers of these websites and part of a concerted campaign against media sites to infect their visitors by exploiting vulnerabilities in Java," Mitchell wrote. "
Mitchell cautions that this attack isn't being detected yet by security companies because signatures associated with the attack are different from previous campaigns.
Continued : http://threatpost.com/nsa-whistleblower-article-redirects-to-malware/
The Value of a Hacked Email Account
One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers. But just as folks who don't bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves.
This post aims to raise awareness about the street value of a hacked email account, as well as all of the people, personal data, and resources that are put at risk when users neglect to properly safeguard their inboxes.
Sign up with any service online, and it will almost certainly require you to supply an email address. In nearly all cases, the person who is in control of that address can reset the password of any associated services or accounts -merely by requesting a password reset email. [Screenshot]
How much are these associated accounts worth? There isn't exactly a central exchange for hacked accounts in the cybercrime underground, but recent price lists posted by several miscreants who traffic in non-financial compromised accounts offer some insights.
Continued : http://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/
Bugat Joins The Mobile Revolution: BitMo
Bugat Joins The Mobile Revolution: BitMo Hijacking SMS-Born OTP's #INTH3WILD
RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat's developers managed to develop and deploy mobile malware designed to hijack out-of-band authentication codes sent to bank customers via text messages.
Bugat (aka: Cridex) was discovered and sampled in the wild as early as August 2010. This privately-owned crimeware's earlier targets were business and corporate accounts, its operators attempting high-value transactions ($100K-$200K USD per day) in both automated and manual fraud schemes.
It is very likely that Bugat's operators started seeing a diminished ability to target high-value accounts due to added authentication challenges, forcing them to resort to developing a malware component that is already used by many mainstream banking Trojans in the wild.
BitMo A Little Late in the Game?
In somewhat tardy fashion, Bugat joins the lineup of banking malware that makes use of SMS capturing mobiles apps. The first occurrences of such malware were observed in use by Zeus and SpyEye Trojan variants, which were respectively dubbed ZitMo and SPitMo (Zeus-in-the-Mobile, SpyEye-in-the-Mobile). In mid-2012, RSA coined the name CitMo to denote the Citadel breed of in-the-Mobile activity. The fourth Trojan for which malicious apps were discovered was Carberp in early 2013, and with this case, Bugat is the most recent banking Trojan to have its own SMS-forwarding app, in which RSA coined: BitMo.
Continued : http://blogs.rsa.com/bugat-joins-the-mobile-revolution-bitmo-hijacking-sms-born-otps-inth3wild/
Malware-Serving "Who's Viewed Your Facebook Profile" ..
... Campaign Spreading Across Facebook
A currently ongoing Facebook spreading malware-serving campaign, entices users into downloading and executing a malicious executable, pretending to be a "Who's Viewed Your Facebook Profile" extension. In reality though, the executable, part of a campaign that's been ongoing for several months, will steal private information from local browsers, will auto-start on Windows starup, and will attempt to infect all of the victim's friends across Facebook.
The executable, including several other related executables part of the campaign, are currently hosted on Google Code, and according to Google Code's statistics, one of the malicious files has already been downloaded 1,870,788 times. Surprisingly, the Coode Project is called "Project Don't Download". Very interesting self-contradicting social engineering attempt.
Continued : http://ddanchev.blogspot.com/2013/06/malware-serving-whos-viewed-your.html
New backdoor malware 'KeyBoy' used in targeted attacks ..
... in Asia, researchers say
Users from Vietnam, India, China, Taiwan and possibly other countries, were targeted as part of an attack campaign that uses Microsoft Word documents rigged with exploits in order to install a backdoor program that allows attackers to steal information, according to researchers from security firm Rapid7.
The targeted attacks used specifically crafted Word documents as bait in spear-phishing emails sent to the intended victims. These documents were rigged to exploit known vulnerabilities that affect unpatched installations of Microsoft Office.
One of the malicious documents found by Rapid7 researchers is written in Vietnamese and is about best practices for teaching and researching scientific topics. This suggests that the targets of attacks where this document was used are part of the Vietnamese academic community, Rapid7 researchers Claudio Guarnieri and Mark Schloesser said Friday in a blog post.
Continued : http://www.pcworld.com/article/2041219/new-backdoor-malware-keyboy-used-in-targeted-attacks-in-asia-researchers-say.html
Also: 'KeyBoy' Malware Used in Targeted Attacks in Asia
Microsoft borks botnet takedown in Citadel snafu
"Stupid Redmond kicked over our honeypots, wail white hats"
Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners.
The Windows 8 giant worked with financial service organisations, other technology firms and the Federal Bureau of Investigation to disrupt more than a thousand botnets.
The botnets in question were using Citadel malware to run cybercrime scams blamed for more than $500m in fraud. The action, authorised by a federal court ruling and carried out last week, involved raids at server-hosting facilities in the US to seize evidence related to the malware.
The takedown - codenamed Operation b54 - is the latest in an ongoing campaign against various zombie networks spearheaded by Microsoft.
In a blog post, Microsoft described its seventh zombie network takedown as its "most aggressive botnet operation to date".
Continued : http://www.theregister.co.uk/2013/06/10/citadel_botnet_takedown_own_goal_by_microsoft/
Also: Microsoft Citadel takedown ultimately counterproductive