Browsing Category: Malware
One of Brazil’s biggest banks has suffered an attack that redirected its customers to fraudulent websites that attempted to steal passwords and install malware, according to an unconfirmed report.
According to this Google translation of an article penned in Portuguese, the redirection of Bradesco was the result of what’s known as a cache poisoning attack on Brazilian internet service provider NET Virtua. Read the full story [theregister.co.uk]
By Andrew Storms
Managing IT for a software company has its challenges. For me, the lines between efficiency, security and innovation are difficult to draw at a company like nCircle where engineers require some freedom to perform their best. The panelists at the RSA session “Responding to the ignored threat – Macs in the Enterprise” seemed to face the same kind of problems I do.
Multiple news outlets [ZDNet, CBC, The Register and Washington Post] are reporting on what appears to be the first malicious botnet made up only of machine’s running Apple’s Mac operating system.
The botnet is directly linked to a previously known Trojan that was embedded into pirated copies of Apple’s iWorks program. It was being used in the past to launch denial-of-service attacks. The full analysis of the botnet is available at Virus Bulletin [subscription required]
An analysis of the Conficker peer-to-peer network set up by the latest variant of the worm shows that the size of the network is far smaller than originally thought. Estimates of the size of the botnet have run far into the millions, but analysts at Kaspersky Lab have been observing the network and found that includes about 200,000 machines.
From The Register (John Leyden)
Scareware scammers are trying to game search engines into promoting crudware sites when a surfer searches for information on Ford cars.
The Ford scareware campaign [pandasecurity.com] features around one million links, all targeting the Ford Motor Company, designed to trick search engines into promoting malicious pages towards the top of search results. Malvertised pages are punting a rogue anti-virus product, called MS AntiSpyware 2009. The malicious application attempts the scare users into buying useless software on the basis of fraudulent scan results that report systems are infected, whether they are or not. Read the full story [theregister.co.uk]
From ZDNet Zero Day (Dancho Danchev)
There have been numerous reports from affected users that a scareware (fake anti-virus) programs have been poping-up at FoxNews.com during the last couple of days, through a malvertising campaign.
This most recent case of malvertising once again demonstrates that whenever a direct access to a high-trafficked site cannot be obtained through a compromise, cybercriminals are logically exploiting third-party content/ad networks to achieve their goals. Read the full story [zdnet.com]
From DarkReading (Kelly Jackson Higgins)
Internet Explorer 7 and 8’s default security settings can be unsafe for internal, intranet-based Web applications, according to newly published research.
Cesar Cerrudo, founder and CEO of Argennis, a security consulting firm in Argentina, has demonstrated that IE’s default features for intranet “zones” can be abused to wage attacks on internal Web applications both from the outside and from within the organization. Cerrudo has released his findings [argeniss.com, PDF], which show how default settings can be used both to detect and exploit vulnerabilities in intranet applications. Read the full story [darkreading.com]
University of Utah officials say a computer virus has infected more than 700 campus computers [tech.yahoo.com], including those at the school’s three hospitals.
University health sciences spokesman Chris Nelson said the outbreak of the Conficker worm, which can slow computers and steal personal information, was first detected Thursday. By Friday, the virus had infiltrated computers at the hospitals, medical school, and colleges of nursing, pharmacy and health. Read the full story [yahoo.com]
Ryan Naraine on KGO AM 810 Newstalk Radio – April 10, 2009
Ed and Jen from San Francisco’s KGO talk radio talk again with Threatpost editor Ryan Naraine. It looks like Conficker is stirring to life (after doing absolutely nothing on April 1) and Ryan says it’s linked to “scareware programs” that pop up warning windows telling users that their computer is infected and that they need to drop some cash on a (fraudulent) anti-virus program to wipe it out.