Microsoft Disrupts the Emerging Nitol Botnet

Cyber SecurityMicrosoft and its Digital Crimes Unit have disrupted the emerging Nitol Botnet, which is a really good bit of detective work from a study that found unsecure supply chain systems could be easily utilised for malware.

“Earlier this week, the U.S. District Court for the Eastern District of Virginia granted Microsoft’s Digital Crimes Unit permission to disrupt more than 500 different strains of malware with the potential for targeting millions of innocent people. Codenamed “Operation b70,” this legal action and technical disruption proceeded from a Microsoft study which found that cybercriminals infiltrate unsecure supply chains to introduce counterfeit software embedded with malware for the purpose of secretly infecting people’s computers. In disrupting these malware strains, we helped significantly limit the spread of the developing Nitol botnet, our second botnet disruption in the last six months.”

Read the full article at The Official Microsoft Blog HERE

The Apple Mac–Flashback Trojan could have netted $10k per day for it’s creators.

Mac MalwareThe Flashback Trojan which has been one of the most talked about pieces of malware which has affected Apple’s OSX  Operating System, may have for the creators of this malware, netted them $10K per day, according to a report from security and anti-virus company Symantec.

“We’ve been busy in the labs reverse engineering the various components of OSX.Flashback.K to determine the true motivation behind the malware. Let’s take a look at this Mac Trojan in more detail.

The Infection
It’s now well-known that the latest OSX.Flashback.K variant was being distributed using the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507), which  was patched by Oracle in February. Unfortunately for Mac users, there was a large window of exposure since Apple’s patch for this vulnerability was not available for six weeks.

Ad-clicking Trojans are nothing new and in an analysis of W32.Xpaj.B last August a botnet measuring in the region of 25,000 infections could generate the author up to $450 per day. Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of $10000 per day.”

Read the full article at Symantec Security Blog HERE

Microsoft rushes out a password bugfix for Hotmail

HotmailMicrosoft today have fixed a password bug in their Hotmail email service, in which a hacker could gain access to an account and change the users password, thus not only locking the user out of their account, but potentially stealing sensitive data.

“Microsoft says it has fixed a serious vulnerability in Hotmail, that was allowing hackers to reset account passwords, locking out the account’s real owner and giving attackers access to users’ inboxes.

News of the critical bug spread rapidly across underground hacking forums, and Whitec0de reported earlier this week that hackers were offering to break into any Hotmail account for as little as $20.

It appears that the vulnerability existed in Hotmail’s password reset feature. Hackers were able to use a Firefox add-on called Tamper Data to bypass the normal protections put in place to protect Hotmail accounts.”

Read the full article at NakedSecurity blog from Sophos HERE

Microsoft Security Report highlights Conficker Worm alive and well

The Conficker worm malware infection has been a real pest for a while now and Microsoft have released their latest security report (July – December 2011) highlighting how many times this malware variant was detected worldwide.

image

“Microsoft Corp. today released the Microsoft Security Intelligence Report volume 12 (.pdf file), which found that the Conficker worm was detected approximately 220 million times worldwide in the past two and a half years, making it one of the biggest ongoing threats to enterprises. The study also revealed the worm continues to spread because of weak or stolen passwords and vulnerabilities for which a security update exists.

According to the SIRv12, quarterly detections of the Conficker worm have increased by more than 225 percent since the beginning of 2009. In the fourth quarter of 2011 alone, Conficker was detected on 1.7 million systems worldwide. In examining the reasons behind Conficker’s prevalence in organizations, research showed that 92 percent of Conficker infections were a result of weak or stolen passwords, and 8 percent of infections exploited vulnerabilities for which a security update exists.

“Conficker is one of the biggest security problems we face, yet it is well within our power to defend against,” said Tim Rains, director of Microsoft Trustworthy Computing. “It is critically important that organizations focus on the security fundamentals to help protect against the most common threats.”

As I will always stat is that you need to use an Antivirus application, it can be any of the major brands free solutions, but do use one (Microsoft have released the updated Security Essentials 4.0 this week, and you can download it HERE) and keep it updated. Keep your Windows OS fully up to date and be weary on what sites you are viewing and downloading from, if in doubt, check a sites reputation with the likes of WOT.

 

Read the full article at Microsoft News Centre HERE

Apple Mac OSX hit again by Malware

VirusIn as many weeks, Apples Mac OSX is hit by another Java malware exploit called SabPub. I just as I have mentioned in the past that Apple are really on the edge of an explosion of malwares that will target this platform. Its the price you pay these days for being popular.

“In a set of recent updates to Mac OS X, Apple patched a vulnerability in Java that had allowed a Malware infection known as Flashback to spread to some 700K of its computers. Now, a new backdoor Java threat called SabPub has reared its head, validating Apple’s aggressive measures to block issues due to the plugin.

Internet security firm Kasperksy details a new malware variant called Backdoor.OSX.SabPub.a that is being spread using another exploit in Java.”

Full Article at The Next News HERE with some workarounds for now until Apple release another fix is to disable the Java web plugin

Apple developing a fix tool for the Flashback Trojan

Mac MalwareAs I reported last week Apple OSX and likely more than 600K users have been affected by a Trojan (a Trojan is a form of Malware). Apple are working on a fix tool to allow users to remove this Trojan.

“Apple has said it is developing a tool to “detect and remove” a Trojan that is said to have infected more than half a million Mac computers.

It said it is working with internet service providers (ISPs) to disrupt the command network being used by hackers to exploit the malware.

In a message posted on Apple’s website’s support section, the company said it had fixed a “Java security flaw for systems running OS X v10.7 and Mac OS X v10.6″.

It suggested users of Macs running earlier versions of its system software should disable Java in their web browser preferences.”

While this is a great to hear from Apple, it now shows something that has long been known in tech circles that Apple and in some respect neither is Linux Operating Systems (OS) immune from malware that has plagued Microsoft Windows for many years, these other OS’s are becoming popular now so malware writers are targeting them.

In part its due to Microsoft’s newer Windows versions (Windows 7 and 8) as well as Internet Explorer becoming more secure, they are by no means immune as in the main its the user that is the major cause of malware on a PC.

Read full article at BBC Technology News HERE

UPDATE 13/04/2012

The fix is available now and KB Article HERE and download HERE

600k Apple Mac’s infected with Trojan

Mac MalwareApple Mac’s have for a long time been touted my many Apple users and to some respect Apple themselves as being a malware free platform, however many expert PC users, especially security users have been long aware that Mac’s are not immune. It is just that they are not targeted as much as Windows based PCs as Windows based PCs are the predominant used Operating System.

“Two months ago, a new variant of the Flashback Trojan started exploiting a security hole in Java to silently infect Mac OS X machines. Apple has since patched Java, but this was only yesterday. As of today, more than 600,000 Macs are currently infected with the Flashback Trojan, which steals your user names and passwords to popular websites by monitoring your network traffic.

Russian antivirus company Dr. Web first reported today that 550,000 Macs were being controlled by the growing Mac botnet. Later in the day though, Dr. Web malware analyst Sorokin Ivan announced on Twitter (via Ars Technica) that the number of Macs infected with Flashback had increased to over 600,000:”

Interesting statistics in the image in the full article below as to the countries who’s users have been infected with this Flashback Trojan.

Read full article at ZDNet HERE

Dubious Anonymous OS causes concern

hackerThis is more of a heads up warning as some groups and especially the hacking group Anonymous have distanced themselves from this alleged new OS from them.

While i know Linux OSes are pretty malware free, you never know what these alleged software contain, for all we know it may have malware, the security companies like Sophos mentioned below in the BBC article will be looking into any issues.

“More than 26,000 people have downloaded an operating system which members of the Anonymous hacker group claim to have created.

The software is based on a version of the open-source operating system Linux and comes outfitted with lots of website sniffing and security tools.

The “official” Anonymous group has distanced itself from the software.

In a widely circulated tweet, AnonOps claimed the operating system was riddled with viruses.

Graham Cluley, senior researcher at hi-tech security firm Sophos, wondered who would be tempted to use it.

He warned people to be very wary, adding that some hacktivists keen to support the work of Anonymous had been tricked earlier in the year into installing a booby-trapped attack tool. ”

Its not worth downloading in the thinking it will make you a hacker overnight as it will not and groups like Anonymous do not release openly tools to aid in hacking.

More at BBC Technology News HERE

Windows Defender Offline Beta

virus_alertsWindows Defender Offline Beta, is an application you can add to USB, CD, DVD to allow you to boot to the USB, Disk and see if the application can remove any malware that is causing your PC not to start. While this is a beta and beta’s are programs in development its a great option to the fight against malware for any PC tech.

“Sometimes, malicious and other potentially unwanted software, including rootkits, try to install themselves on your PC. This can happen when you connect to the Internet or install some programs from a CD, DVD, or other media. Once on your PC, this software might run immediately, or it might run at unexpected times.Windows Defender Offline Beta can help remove such hard to find malicious and potentially unwanted programs using definitions that recognize threats”

Download from HERE (both 32bit and 64bit versions available) and FAQ HERE

Can you spot a Phishing website?

Privacy 001Are you a Phishing Ninja or a Phishing Pole?  well in this day and cyber-age it has become a very major issue in that criminal gangs now find it much easier to try and steal your personal information to allow access to your Bank account etc. than to come rob your home.

Phishing is one such way that they try this and at times if you are unsuspecting or a novice to the perils of the internet age this can be very difficult to know if a website is real or not.

OpenDNS have a quick test to see if you can spot the Phishing (fake) from the Real website of many a company you may use. Click the link below to take the test.

OpenDNS Phishing Quiz

Here is my result below, yeah I’m a sneeky silent Ninja!! 

me_ninja

but then I do have knowledge of what Phishing websites look like and how to tell them apart from genuine sites, a few tips are below.

  • Your bank, Financial, Shopping sites will not send you emails asking for you to verify or re-enter your username or password.
  • Companies like Microsoft will not email you to say your PC is not up to date or has malware/virus.
  • Check the website address in and email by hovering over it with your mouse and if its not the same as your normal websites then its not real, and if its in the form of an IP address (123.123.123.123) as an example then defiantly do not click.
  • Check the email address that sent you this email, is it actually from the company or not, as an example this is one I was sent from the US Internal Revenue Service (IRS) today.

phish1

Note that the email address in the senders position is not the same as the one to reply too, which looks genuine but is not, so if you do get one of these emails but are a non-US citizen then delete, if you are a US citizen its worth letting the actual phishing side of the IRS know and email is HERE on this page.

So best practice is to double check any emails that are asking for finance details and user name and passwords via phone, in person or to the actual companies fraud, phishing customer service dept.

More info on how to spot a Phishing attempt from Microsoft HERE