Microsoft and its Digital Crimes Unit have disrupted the emerging Nitol Botnet, which is a really good bit of detective work from a study that found unsecure supply chain systems could be easily utilised for malware.
“Earlier this week, the U.S. District Court for the Eastern District of Virginia granted Microsoft’s Digital Crimes Unit permission to disrupt more than 500 different strains of malware with the potential for targeting millions of innocent people. Codenamed “Operation b70,” this legal action and technical disruption proceeded from a Microsoft study which found that cybercriminals infiltrate unsecure supply chains to introduce counterfeit software embedded with malware for the purpose of secretly infecting people’s computers. In disrupting these malware strains, we helped significantly limit the spread of the developing Nitol botnet, our second botnet disruption in the last six months.”
Read the full article at The Official Microsoft Blog HERE
The Flashback Trojan which has been one of the most talked about pieces of malware which has affected Apple’s OSX Operating System, may have for the creators of this malware, netted them $10K per day, according to a report from security and anti-virus company Symantec.
“We’ve been busy in the labs reverse engineering the various components of OSX.Flashback.K to determine the true motivation behind the malware. Let’s take a look at this Mac Trojan in more detail.
It’s now well-known that the latest OSX.Flashback.K variant was being distributed using the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507), which was patched by Oracle in February. Unfortunately for Mac users, there was a large window of exposure since Apple’s patch for this vulnerability was not available for six weeks.
Ad-clicking Trojans are nothing new and in an analysis of W32.Xpaj.B last August a botnet measuring in the region of 25,000 infections could generate the author up to $450 per day. Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of $10000 per day.”
Read the full article at Symantec Security Blog HERE
The Conficker worm malware infection has been a real pest for a while now and Microsoft have released their latest security report (July – December 2011) highlighting how many times this malware variant was detected worldwide.
“Microsoft Corp. today released the Microsoft Security Intelligence Report volume 12 (.pdf file), which found that the Conficker worm was detected approximately 220 million times worldwide in the past two and a half years, making it one of the biggest ongoing threats to enterprises. The study also revealed the worm continues to spread because of weak or stolen passwords and vulnerabilities for which a security update exists.
According to the SIRv12, quarterly detections of the Conficker worm have increased by more than 225 percent since the beginning of 2009. In the fourth quarter of 2011 alone, Conficker was detected on 1.7 million systems worldwide. In examining the reasons behind Conficker’s prevalence in organizations, research showed that 92 percent of Conficker infections were a result of weak or stolen passwords, and 8 percent of infections exploited vulnerabilities for which a security update exists.
“Conficker is one of the biggest security problems we face, yet it is well within our power to defend against,” said Tim Rains, director of Microsoft Trustworthy Computing. “It is critically important that organizations focus on the security fundamentals to help protect against the most common threats.”
As I will always stat is that you need to use an Antivirus application, it can be any of the major brands free solutions, but do use one (Microsoft have released the updated Security Essentials 4.0 this week, and you can download it HERE) and keep it updated. Keep your Windows OS fully up to date and be weary on what sites you are viewing and downloading from, if in doubt, check a sites reputation with the likes of WOT.
Read the full article at Microsoft News Centre HERE
In as many weeks, Apples Mac OSX is hit by another Java malware exploit called SabPub. I just as I have mentioned in the past that Apple are really on the edge of an explosion of malwares that will target this platform. Its the price you pay these days for being popular.
“In a set of recent updates to Mac OS X, Apple patched a vulnerability in Java that had allowed a Malware infection known as Flashback to spread to some 700K of its computers. Now, a new backdoor Java threat called SabPub has reared its head, validating Apple’s aggressive measures to block issues due to the plugin.
Internet security firm Kasperksy details a new malware variant called Backdoor.OSX.SabPub.a that is being spread using another exploit in Java.”
Full Article at The Next News HERE with some workarounds for now until Apple release another fix is to disable the Java web plugin
As I reported last week Apple OSX and likely more than 600K users have been affected by a Trojan (a Trojan is a form of Malware). Apple are working on a fix tool to allow users to remove this Trojan.
“Apple has said it is developing a tool to “detect and remove” a Trojan that is said to have infected more than half a million Mac computers.
It said it is working with internet service providers (ISPs) to disrupt the command network being used by hackers to exploit the malware.
In a message posted on Apple’s website’s support section, the company said it had fixed a “Java security flaw for systems running OS X v10.7 and Mac OS X v10.6″.
It suggested users of Macs running earlier versions of its system software should disable Java in their web browser preferences.”
While this is a great to hear from Apple, it now shows something that has long been known in tech circles that Apple and in some respect neither is Linux Operating Systems (OS) immune from malware that has plagued Microsoft Windows for many years, these other OS’s are becoming popular now so malware writers are targeting them.
In part its due to Microsoft’s newer Windows versions (Windows 7 and 8) as well as Internet Explorer becoming more secure, they are by no means immune as in the main its the user that is the major cause of malware on a PC.
Read full article at BBC Technology News HERE
The fix is available now and KB Article HERE and download HERE
So you have head all the comments by some people that Apple OSX is immune to malware, while this is not fully correct, as its more the fact that malware writers have not targeted their attacks on Apple OSX, until now that is, seems the MAC, is the target on some new malware that is growing in infection count.
See the below quote from tech writer Ed Bott
“Over the weekend, I got an e-mail from an AppleCare support rep, who was responding to my recent reports of Mac malware being found in the wild. At least one prominent voice in the Mac community dismisses these reports as “crying wolf.” The view from inside an Apple call center says it’s for real:
I can tell you for a fact, many, many people are falling for this attack. Our call volume here at AppleCare is 4-5x higher than normal and [the overwhelming majority] of our calls are about this Mac Defender and its aliases. Many frustrated Mac users think their Mac is impervious to viruses and think this is a real warning from Apple. I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls.
I contacted this person and arranged an interview. I’ve edited our conversation to remove any details that might identify this individual or the call center location, but otherwise this is a verbatim transcript.”
So if you are a MAC user and you are searching for Anti-Virus/Malware software for your MAC then steer clear of this one below.
Read the full article at Ed Bott’s tech Blog HERE at ZDNet.
I have in the past heard of many of these scams and people who have been duped into thinking the call is actually from Microsoft stating that they have a problems with their PC.
These tend to be bogus as Microsoft will not phone you up stating that they have scanned your PC and found malware or issues that you need fixing.
“Cybercriminals have been calling people on the telephone, claiming to be from Windows or from Microsoft, and offering to help solve their computer problems. Once cybercriminals have gained your trust, they can:
- Trick you into installing malicious software on your computer.
- Take control of your computer remotely and adjust settings in order to leave the computer vulnerable.
- Request credit card information so that they can bill you for the phony services”
Read more HERE from the MSDN Security Tips Team