Keylogging Version of Anti-Censorship Software Simurgh Found
Citizen Lab found a compromised version of an anti-censorship tool that’s popular in Iran and Syria circulating with a backdoor installed.
Malware
DHS Says No Evidence That Flame Targets Industrial Systems, But Urges Caution
In and advisory, the Department of Homeland Security’s Industrial control System (ICS) CERT said that it doesn’t believe the Flame malware targets industrial control systems (ICS) or SCADA systems, but the group advised critical infrastructure owners to be on alert.
Behind the Flame Malware
The Flame malware has garnered a lot of attention in the last few days, but there’s also been quite a lot of confusion about what it can do and what its implications are. In this video from PBS Newshour, Dave Shackleford of IANS and Catherine Lotrionte of Georgetown University discuss the worm’s capabilities and its target base.
Security researchers have discovered a tiny new banking Trojan that comprises just 20 KB of code and uses a number of well-word man-in-the-browser tricks in an attempt to defeat two-factor authentication. Known as Tinba, the new malware doesn’t bother with any encryption or packing and yet is slipping past a lot of desktop defenses.
The White House revealed today a set of initiatives it plans to use as part of its public-private partnership to combat increasingly disruptive networks of infected computers known as botnets.
UPDATE: Are the winds of cyber war blowing, or is the newly discovered Flame worm just a tempest in a teapot? Just days after it was disclosed to the public, the Flame worm is fanning the flames of controversy within the security world. Threatpost takes a look at what people are saying.
The FBI is warning consumers about a new scam that’s using a piece of malware called Citadel to redirect users to a scam site that installs scareware on their machines and demands a $100 payment to unlock them. The twist in this scam is that it uses the threat of prosecution by the Department of Justice as the prompt to get victims to pay.
Let us stipulate that governments of all political affiliations are trying to steal information from one another. This is called espionage and it has been happening for thousands of years and the only things that have changed are the tactics and the technology. The discovery of the Flame malware–which looks to be the digital equivalent of a spy’s black bag–doesn’t change any of this, but it does raise one big question, and that is not who is writing tools like Flame, but who isn’t?
By Denis MaslennikovIn the middle of January 2012 Foncy was updated: it started to spread together with an IRC bot and a root exploit. But the end of the Foncy story was very close because in February two suspected authors of this malware were arrested in Paris: you can read the story here in French and here in English. Since then we haven’t found any new modifications of this piece of malware.
From all indications, it would appear that attackers are continuing to attack and malware authors are carrying on writing malware. The latest bit of evidence to support these conclusions is the discovery of the Flame malware, which, initial analyses show, is an advanced data-stealing tool that is being used in targeted attacks against organizations in Iran, Syria and Palestine, and has experts speculating that Flame was built by a Western intelligence agency or military.
