Misspelled versions of two popular Google services are among the Top 10 sites hosting exploits for use in drive-by malware download attacks.
Browsing Category: Malware
From eWEEK (Matt Hines)
Researchers with security training experts SANS Institute have reported the emergence of a new wave of attacks seeking to take advantage of trust in online banking sites and digital certificate e-banking security programs.
The involved attacks target customers of Bank of America, asking targets to click through from e-mail borne links to URLs where they are asked to upload new digital certs to protect themselves when e-banking. Read the full story [eweek.com]
Threatpost editors Ryan Naraine and Dennis Fisher look at the latest security news headlines and dig deeper into the latest wave of drive-by download infections and scareware attacks on Twitter.
From TechTarget (Brian Sears)
I recently read an article where two experts expressed different ideas of what Conficker represented. One expert argued that Conficker was clearly not a botnet, as it lacked some of the basic abilities typically found in botnets. While the other expert said Conficker indeed was a botnet, In the end they both agreed Conficker represented a significant threat. So what is Conficker? Well in the case of our two experts, they were both right and wrong. In my opinion, Conficker appears as a package or a mesh of several different threats, each one with its own purpose. Read the full story [techtarget.com]
On Saturday an alert went out about a new Twitter worm.
Could this have been another XSS-Worm? Upon clicking the link users would see the following:
However that’s not all that happens. Covertly a connection is made to another server that will result in a malicious PDF being downloaded. This PDF contains a flurry of exploits.
From The Register (Dan Goodin)
A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday [websense.com].
The Web site compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.
The Gumblar attack started in March with Web sites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the U.K. Read the full story [cnet.com]
Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support.
There is a series of vulnerabilities in the widely used BlackBerry Enterprise Server software that could allow an attacker to compromise BlackBerry devices by sending a malicious PDF file. Research in Motion, the software’s maker, has issued a patch that fixes the problem in BES, as well as in BlackBerry Professional Software.
The latest large-scale malware outbreak to hit the Web, known variously as Gumblar and Geno and Martuz, is a multi-stage attack that not only infects compromised machines with a number of separate pieces of malware but also has the ability to steal credentials and block the victim from taking actions to clean his PC.