Malware

When you hear about botnets such as Rustock, Mariposa or Grum being taken down, one of the tactics that’s usually involved is sinkholing. The technique, which involves pointing the infected machines to a server controlled by good guys rather than attackers, often is used as one of the last steps to take the botnet offline. But some recent work done by researchers at Damballa took a slightly different tack and used the sinkhole as a way to study a recently discovered botnet in operation, and what they found in their traffic analysis was pretty interesting.

If you find some random person says they’ve tagged a Facebook photo with you, think twice before you investigate further. SophosLabs has discovered malware infecting machines by getting users to open a malicious link in a fake Facebook e-mail notification.Everything looks legit about the alert with one big exception: the domain name for the sender’s URL is Faceboook.com, not Facebook.com.

In this special edition Threatpost editor-in-chief Dennis Fisher talks with founding editor, Ryan Naraine about Mac security. They discuss why it took longer for the security community to understand the vulnerabilities of the Mac and when these conversations started. You’ll hear how cybercriminals are targeting OS X more than ever before and what you need to know to protect yourself from an attack.

A new variety of spyware has been targeting users in Iran, Israel and the Middle East for the last eight months according to joint research from Israeli security software firm Seculert and Kaspersky Lab. The new malware is using a variety of odd techniques and misdirection to entice users to install it, and researchers say it is targeting a specific group of potentially high-value targets.

Dutch authorities have knocked out two of the command-and-control servers for one of the top spam-producing botnets, known as Grum. The action was not a complete knockout though, as there are still two other C&C servers at work, but researchers are optimistic that the volume of spam will drop as a result.

It’s not every day that you get a security story that involves Yahoo, Google and Microsoft, but that’s what has happened with the claims from a Microsoft official that there was an Android-based botnet in existence sending spam from compromised devices. Now it seems that the spam emanating from Android phones may be the result of a bug the Yahoo Mail app that enables attackers to sniff traffic and compromise users’ accounts.

A new fork of the Black Hole exploit kit is making quick work of a recently patched Java vulnerability and security researchers say that the attackers are registering new sites quickly to exploit users with vulnerable browsers.