The TDSS rootkit has proven to be more pliable and adaptable than a campaigning politician, and attackers have used it in various forms for the last three or four years for all sorts of different attacks. It shows up in drive-by downloads, targeted attacks and just about everything in between, and one of the newer jobs it’s been assigned is to deliver the DNSchanger Trojan.
As the analysis of the Duqu malware continues to evolve, the picture that’s emerging is becoming more and more intriguing. The latest bits of evidence uncovered show that not only do the attackers create custom files for each individual attack, there is evidence indicating that they might have been working on Duqu in some form since 2007.
The creators of banking trojan programs in Brazil are using sophisticated block ciphers to encrypt their malware, making detection by anti virus products more difficult.
The Hungarian research facility that helped discover Duqu, the much-blogged about Trojan, has now released an open-source toolkit that can be used to help detect traces and instances of the worm.
An indictment filed in U.S. District Court for the Southern District of New York charges seven individuals with a a global scheme to commit Internet advertising fraud. The scheme infected more than four million machines in over 100 countries with malware. It is believed to have netted the scammers more than $14 million in commissions from online advertisers.
Online criminals registered far fewer Web domains for use in phishing attacks in the first half of 2011, in what may signal a decrease in phishing scams, according to a global phishing survey released this month by the Anti-Phishing Working Group (APWG).
A few months after the hysteria around Stuxnet had died down, officials in Iran announced in April that some sensitive systems in the government’s networks had been attacked by a new piece of malware, known then as Stars. It now appears that attack was, in fact, the first appearance of an early version of Duqu, the most recent in a line of sophisticated attack tools that experts say have been designed to take out specific targets in a variety of sensitive networks.
Researchers have discovered a series of variants of the DevilRobber Mac OS X Trojan that have a menu of different capabilities, depending upon the strain, and can not only mine Bitcoins using the infected machine’s processing power, but also steals files, installs a Web proxy and may steal the user’s Safari browsing history.
In its most blunt statement to date, the U.S. government accused both China and Russia of conducting far flung cyber espionage campaigns against U.S. and other Western firms in an effort to promote domestic interests.
A server at the Massachusetts Institute of Technology (MIT) was being used to serve up attacks in a coordinated drive-by download campaign, according to research done by anti-virus firm Bitdefender.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
