Sunday, March 22, 2015

Vawtrak Financial Malware


Vawtrak Financial Malware
Vawtrak is a data stealing malware targeting financial transactions globally.
"Vawtrak has followed the success of previous financial bot malware like Zeus and Gameover to become one of the most popular crime kits around. Vawtrak’s owners are operating a highly successful business, running specific campaigns and adding new targets as demand requires.
Vawtrak was the second most popular malware distributed by web-based exploit kits (i.e., by malicious drive-by downloads) during September to November 2014, according to SophosLabs telemetry. It represented 11% of all malware SophosLabs saw distributed in this way during that time period."
http://blogs.sophos.com/2014/12/18/sophoslabs-research-spotlights-rising-threat-of-vawtrak-financial-malware/
Posted by at No comments:
Labels: ,

Crimeware As a Service for custom targeting

Crimeware As a Service (CWaaS) is helping fraudsters employing botnets  to custom-target enterprises for malware infections and advanced persistent threats

They were used recently for targeting financial institutions:
"In the U.S., for example, the botnet targeted not only large banks such as Bank of America and Citigroup, but also smaller financial institutions not usually hit by cybercriminals -- such as Bank of Oklahoma, Cincinnati's Fifth Third Bank, the Columbus-based Huntington National Bank, and San Francisco's Bank of the West."
http://www.csoonline.com/article/2863193/malware-cybercrime/crimeware-as-a-service-offers-custom-targeting.html


Posted by at No comments:
Labels:

Phishing Mails Strike PayPal Customers

PayPal customers are again and again targeted by Phishing emails.

The mail reads:
""Subject: Your account has limitation! You can resolve this now," the fake electronic mail directs its recipient to validate his e-mail id to update to PayPal's system. It then states that once the validation is done, the recipient can use the id for getting payments from relatives and pals. Over and above, the recipient can make the id his key id for any business he may conduct with PayPal. A link 'Confirm My E-mail Address' is included with which the e-mail ends. - See more at: http://www.spamfighter.com/News-19523-Phishing-E-mails-Yet-Again-Strike-PayPal-Customers.htm#sthash.WNcKeqMI.dpuf "
http://www.spamfighter.com/News-19523-Phishing-E-mails-Yet-Again-Strike-PayPal-Customers.htm
Posted by at No comments:
Labels:

Wednesday, February 29, 2012

Real-time File Extractor by Solera Networks


Real-Time File Extractor---Real-time Malware Extraction and Analysis by Solera Networks

To counteract today's targeted attacks that use low profile, multi-vector malware, Solera Networks has announced Real-Time File Extractor as part of their DeepSea platform. This is claimed to identify zero-day exploits.

Some of the advertised features:
- Real-time malware file extraction based on deep packet inspection attributes such as transport protocol, file extension or mime pipe
- policy-based automated analysis of common threat vectors: PE (portable executable) files, PDFs, JavaScript, Java JAR files, Flash and Microsoft OLE documents

The focus is on 'files on the wire'.
http://www.net-security.org/malware_news.php?id=2020

Solera Network alerts on attack trends in 2012 is worth noting:
http://www.net-security.org/secworld.php?id=12213

-Joseph Ponnoly
Posted by at No comments:
Labels: , ,

Thursday, February 9, 2012

Happy Valentines Day- Beware of eGreeting Cards


Spammers and phishers have a heydey during Valentine's Day season as they have during Christmas or New Year.

Pandasecurity has listed some of the social engineering techniques employed by phishers through the medium of greeting cards. They have listed some of the worms and trojans that have been spread in the recent past:
Details are reproduced below from Pandasecurity.com
==Waledac.C: This worm spread by email trying to pass itself off as a greeting card. The email message included a link to download the card. However, if the user clicked the link and accepted the subsequent file download they were actually letting the Waledac.C worm into their computer. Once it infected the computer, the worm used the affected user’s email to send out spam.

I Love.exe you: This was a RAT (Remote Access Trojan) that gave attackers access to the victim’s computer and all their personal information. The Trojan allowed the virus creator to access target computers remotely, steal passwords and manage files.

Nuwar.OL: This worm spread in email messages with subjects like “I love You So Much”, “Inside My Heart” or “You in My Dreams”. The text of the email included a link to a website that downloaded the malicious code. The page was very simple and looked like a romantic greeting card with a large pink heart. Once it infected a computer, the worm sent out a large amount of emails, creating a heavy load on networks and slowing down computers.
Image available at: : http://prensa.pandasecurity.com/wp-content/uploads/2012/02/NuwarOL.jpg

Valentin.E: This worm spread by email in messages with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u”. If the targeted user opened the file, a copy of the worm was downloaded. Then, the worm sent out emails with copies of itself from the infected computer to spread and infect more users.
Image available at: http://prensa.pandasecurity.com/wp-content/uploads/2012/02/Valentin.E.jpg



Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background. Web page displayed by Storm Worm.


For Anti-malware technologies:
http://press.pandasecurity.com/panda-technologies/
Posted by at No comments:
Labels:

Saturday, February 4, 2012

DMARC standard to fight domain spoofing in phishing mails

Realizing the rising threat of phishing mails, the email providers and Facebook as also Paypal and Bank of America along with others are teaming up to fight phishing threats. http://searchenginewatch.com/article/2143128/Google-Microsoft-Facebook-Teaming-Up-to-Fight-Phishing They are focusing on implementing the DMARC Internet standard -- Domain-based Message Authentication, Reporting and Conformance. http://nakedsecurity.sophos.com/2012/02/02/dmarc-microsoft-facebook-google-unite-to-fight-phishing/ This would further require as first steps the implementation of SPF Sender Policy Framework and DKIM - Domain Keys Identified Mail standards. The question is: will this put a break on domain spoofing?
Posted by at No comments:
Labels:

Friday, February 3, 2012

Spear Phishing Attack Plants Trojans

Source: SANS NewsBites Vol. 14 Num. 010

SANS report is copied below:
" --Spear Phishing Attack Plants Trojan on Targeted Computers (February 1, 2012) A recently detected, sophisticated spear phishing attack disguises itself as conference invitations. The attack exploits unpatched flaws in Adobe Reader to place Trojans on vulnerable computers. The malware, once on the computer, manages to disguise itself as a Windows Update utility. The attack has been named MSUpdate Trojan. Researchers have evidence of similar attacks from what appears to be the same group of attackers, dating back to 2009. The Trojan steals information and sends it back to the command and control server, but the traffic is disguised as Windows Update traffic.
http://www.theregister.co.uk/2012/02/01/spear_phishing_rats/
http://www.eweek.com/c/a/Security/Trojan-Targets-Industry-Government-with-Fake-Conference-Invitations-542238/  "
Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)