In this episode, Ryan and Dennis discuss the Outlook Web Access phishing attacks, the huge Microsoft and Adobe patch releases and the massive scope of the botnet problem.
Browsing Category: Malware
Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.
By Sergey Golovanov
Here are some technical details on the Outlook Web Access phishing scheme.
1. The Spam
According to our preliminary research, the spam emails which attacked OWA users, including Kaspersky, were sent using the pushdo botnet – which is based on malware from the Backdoor.Win32.NewRes family. These Trojans spread via spam, social networks (in conjunction with the Koobface family) and through hacked websites.
The attackers behind the Zeus Trojan have unleashed a new phishing scam that is specifically targeted at users of the popular corporate webmail tool Outlook Web Access. The phishing emails include the recipient’s actual email address and appear to be an update to the OWA application.
The botnet masters behind the most efficient social engineering driven botnet, Koobface, launched a new campaign currently spreading across Facebook with a new template spoofing Adobe’s Flash updater embedded within a fake YouTube page. Read the full story [zdnet.com/Dancho Danchev]
Google is making a significant change in the way that it handles legitimate sites that have been compromised and are serving up malware. The search giant announced Monday that it will now provide webmasters with specific examples of the malicious code that was used to compromise their sites.
Secureworks researcher Kevin Stevens has written a must-read article on the Pay-Per-Install business model (PPI) that is used primarily to spread spyware and malware.
The article discusses the way the affiliate system works, with layers of files and software programs that power the installation of malware on hijacked Windows computers.
A recently discovered botnet has been caught siphoning ad revenue away from Google, Yahoo! and Bing and funneling it to smaller networks.
According to researchers at Click Forensics, computers that are part of the so-called Bahama Botnet are infected with malware that sends them to counterfeit search pages instead of the real thing. They look authentic, and with the help of DNS poisoning routines, they even display google.com yahoo.com or bing.com in the address bar. Read the full story [The Register/Dan Goodin]
Over on our sister site Viruslist.com, researchers Sergey Golovanov and Igor Soumenkov have published an article that studies a single spam e-mail and illustrates the methods used by cyber criminals to create botnets and conduct mass spam mailings. The methods and techniques used are clearly illegal in nature and have a single aim: to make cyber criminals rich. Read the full story [viruslist.com]
Among a slew of online cybercrime forums, Pay-Per-Install.org stands out as a malware flea market where shadowy pushers of Trojan downloaders and tools for evading detection are bargaining with thousands of would-be “affiliates” willing to compromise victims’ computers globally and get paid for it.
Top dollar goes to anyone who can compromise computers in the United States. Those who do the dirty work are paid $140 for every 1,000 U.S. computers they seed with bits of malware, to ready these victims’ computers for other types of criminal assaults such as stealing financial data, sending spam or pushing fake antivirus software. Read the full story [Network World/Ellen Messmer]