Malware


Proof of Concept Pen Testing Tools Coming

A researcher is working on tools for
penetration testers that’s a first step toward ultimately integrating
and correlating data among different types of penetration-testing
products. Josh Abraham, a.k.a. “Jabra,” will release some proof-of-concept tools at the OWASP AppSec Conference in Washington, D.C., that let pen testers integrate data they gather in their white-hat hacking projects. Read the full article. [Dark Reading]

Twitter API Being Exploited by Drive By Malware

Drive-by exploit writers have been spotted using a popular Twitter
command to send web surfers to malicious sites, a technique that helps
conceal the devious deed.  According to researcher Denis Sinegubko, it’s
being added to heavily obfuscated redirection scripts injected into
compromised websites. The scripts, which redirect victims to drive-by
sites that attempt to exploit unpatched vulnerabilities in programs
such as Apple’s QuickTime. Read the full article. [The Register]

Gumblar: New Generation of Self-Building Botnets

By Vitaly KamlukWe’ve been looking at the infrastructure of the Gumblar malware and found some curious facts on how Gumblar operates which we would like to share to make hosting owners aware of the Gumblar threat.Analysis of some infected websites showed that the only way to inject the infection of Gumblar was by using FTP access, because those websites have no server-side scripting. Later this was proved by an analysis of FTP log files.


The security glitch, which is linked to a “cash back” system
operated by Bing, potentially leaves users and retailers exposed to
fake transactions. But despite an outcry online over the existence of
the loophole, the world’s largest company has responded to the issue by
threatening legal action against the man who discovered the problem. First launched last year, before Microsoft rebranded
its search website, the affiliate scheme offers users the chance to
earn money back for every product they buy through the service. Read the full article. [guardian.co.uk]

Hackers will quickly jump on one of the 15 vulnerabilities Microsoft patched Tuesday to build attack code that infects Internet Explorer users, security researchers agreed today. The bug, which Microsoft patched as part of a record-tying security update for the month of November, is in the Windows kernel, the heart of the operating system. Read the full article. [Computerworld]

A well known commercial provider of spyware applications for numerous mobile platforms, has recently ported its Mobile Spy app to the Android mobile OS. Just like previous releases of the application, the Android version
keeps a detailed log of GPS locations, calls, visited URLs, and
incoming/outgoing SMS messages, available at the disposal of the
attacker who installed it manually by obtaining physical access to the
targeted device. Read the full article. [ZDNet]

A
high-profile online advertising Web site has been hacked and rigged to
serve multiple exploits to Microsoft Windows users surfing the net with
unpatched third party desktop software.
According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net,
which is described as a high-profile advertiser on the Internet realm. 
The site has been firing an assortment of exploits for several months,
including exploits for vulnerabilities in Microsoft DirectShow and
Adobe PDF Reader.  Read the full advisory [websense.com]

Almost 80% of more than 3,000 software security flaws publicly reported
so far this year have been in Web technologies such as Web servers,
applications, plugins and Web browsers.
That number is about 10% higher than the number of flaws reported in
the same period last year — and nine out of 10 of the flaws were found
in commercial code. Read the full article. [Computerworld]

The attackers behind the insidious Koobface worm have taken to using Google Reader accounts that they control to spread the worm through shared Reader items. The infection method–which has been used before by Facebook worms–is another indication of the resilience and changing tactics the malware authors are employing.

Microsoft’s Computer Online Forensic Evidence Extractor (COFEE) has made it into the hands of pirates, and their virtual ships are distributing it. The COFEE application lets officers grab data from password-protected or encrypted sources. That means you can now break the law twice over: download the software and then use it to steal information from other people’s computers.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.