CANCUN–Facebook is a lot of things, and one of the things that it’s become of late is a fertile green field for attackers and scammers of all stripes. The Koobface worm is perhaps the most famous threat to hit the network, but the more mundane ones, such as scammers generating fake profiles automatically to spread spam and malicious URLs are becoming more and more prevalent, researchers say.
A new report finds that the ‘bad guys’ are winning, and that most nations are ill-prepared for crippling cyber attacks.
Researchers have identified a strain of malware that’s being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations.
UPDATE–The Kelihos botnet, which researchers at Kaspersky Lab and Microsoft disrupted last fall by sinkholing the control channel, has sprung back to life and is using only slightly different versions of the original malware and controller list. The rejuvenation of the botnet illustrates the difficulty of permanently disabling these networks and the perseverance of the attackers who count on them for their livelihood.
Security firm Symantec is sounding the alarm about a mobile device threat they call ‘Counterclank,’ a Trojan horse program that they say may have infected as many as five million devices through downloads on the Official Android Market. However, other security researchers aren’t so sure, and wonder whether Counterclank isn’t anything more than an aggressive advertising campaign.
Researchers at the security firm M86 report that hackers have compromised hundreds of Web sites that use the Wordpress content management system. The sites, mostly small Web pages and blogs, are being used to fool spam filters and redirect unwitting visitors to drive by download Websites that will install malicious software on vulnerable systems.
The groups of attackers that employ the Zeus toolkit for their scams and malware campaigns have long used sites in the .ru Russian TLD as homes for their botnet controllers. Security researchers and law enforcement agencies have had a difficult time making headway in getting these domains taken down, but now it seems that some changes in the way that the Russian organization in charge of the .ru domain is enforcing rules for fraudulent domains is forcing attackers to move to a long-forgotten TLD owned by the former Soviet Union.
Ralph Langner is the closest thing to a rock star that you get in the Dockers and pocket-protector world of industrial control systems. The German researcher made headlines in 2010 as among the first security experts to analyze parts of the Stuxnet worm’s code devoted to manipulating programmable logic controllers by Siemens, and the first to explicitly link the Stuxnet malware with an effort to disable Iran’s uranium enrichment operation.
Security researchers have seen attackers going after the newly patched CVE-2012-0003 vulnerability in the Windows Media Player. The flaw, which was patched earlier this month by Microsoft, is a critical one that can enable remote code execution, and it affects a wide range of Windows systems.
Spammers are cashing in on the (modest) popularity of Google+ by sending out fake emails inviting users to try out Google+ Hangouts by downloading a malicious file posing as a Google+ Hangout plug-in.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
