760 large companies hacked!

Source: CNN Money, 28 October 2011
760 Companies hacked!
A Command and Control Server of a Botnet that was breached, showed that it was controlling the computers of 760 companies (including 20 of the Fortune 100 Companies)!
For further details:
http://money.cnn.com/2011/10/27/technology/rsa_hack_widespread/

Phishing Activity Trends Report 2H 2010 - APWG

Phishing Activity Trends Report 2H 2010
published by APWG

http://www.antiphishing.org/reports/apwg_report_h2_2010.pdf
Major highlights of APWG's Phishing Trends Report for the 2nd Half of 2010, are listed below:

Financial Services is the most targeted industry sector, followed by Payment Services.

Crimeware or data-stealing malicious code , is designed to collect information on the end-user to steal credentials.  Phishing-based keyloggers have tracking components, and they monitor specific actions and specific organizations, to target specific information.

Data stealing and generic trojans contain the code designed to send information from the infected machine, control it and open backdoors on it. According to WebSense, downloaders are used (to download the trojans from phishing websites).

During 2H 2010, Panda Labs registered 10.4 million new malware samples making a total collection of 60 million.  55% of the new samples registered are trojans, the favorite weapon used by cybercriminals to infect computers. Countries mostly infected are Thailand (67%), China (63%), Taiwan (60%), Latvia (56%), Saudi Arabia (55%), Russian Federation (54%), Israel (53%).

The report mentions that 'cybercrimals constantly obfuscate and re-use the same samples over and over, employing polymorphism-- server-side or binary side-- subsequently increasing numbers of variants recorded'.

Rogue Anti-Malware Programs (from a few crimeware families such as SystemGuard2009, Malware Doctor, MS AntiSpyware2009, Animalware Doctor, Security Essentials 2010, Privacy Center etc) have also caused computer infections.

USA hosts 84% of the phishing websites hosting malicious code phishing-based keyloggers or trojans downloaders. In the 3rd Quarter of 2010, Sweden had topped the list of countries hosting phishing websites.

The report does not mention about the role of botnets in phishing.

http://www.antiphishing.org/reports/apwg_report_h2_2010.pdf

Safe Browsing API for applications and browsers from Google

Safe Browsing API service is provided by Google for applications, enabling applications to check URLs against suspected phishing and malware pages list maintained by Google.

Safe Browsing API is an application client-side URL lookup.

The protocol is in use by Google Chrome and Mozilla Firefox browser.
http://code.google.com/apis/safebrowsing/

MBR Rootkits

Malware (Rootkits) targeting control of the Master Boot Record (MBR) to get kernel-level privileges to control the system, are increasing:
http://forensicmethods.com/mbr-malware

Protection Against Phishing and Pharming- WhitePaper

Here is a white paper on 'protection against phishing and pharming' (2009) published by EasySolutions.
http://www.apwg.org/sponsors_technical_papers/easysol_wp_phishing_pharming.pdf

This is targeted at the end-user (the weakest link) to create better awareness of the modus operandi of the attacks. The scenarios described pertain to 2008.

The DetectSafe Browsing solution is proposed for secure browsing.

Runtime Malware Forensics and Malware Clustering

Defcon 18 presentation by Jeremy Chiu, Benson Wu and Wayne Huang on
Runtime Malware Forensics and Automated Malware Clustering for detection of known and unknown Zeus variants:
http://www.youtube.com/watch?NR=1&v=Y2IJFonuSaE

Drive-by Cache Attack using Adobe Flash 0 day exploit

Drive-by Cache Attack is a variation of the Drive-by Download Attack.
Here is a detailed account of the attack using Adobe Flash Zero Day Exploit:
http://blog.armorize.com/2011/04/newest-adobe-flash-0-day-used-in-new.html

-Joseph Ponnoly