Malware


New Koobface Campaign Spoofs Adobe’s Flash Updater

The botnet masters behind the most efficient social engineering driven botnet, Koobface, launched a new campaign currently spreading across Facebook with a new template spoofing Adobe’s Flash updater embedded within a fake YouTube page.  Read the full story [zdnet.com/Dancho Danchev]

Google to Provide Samples of Malicious Code to Webmasters

Google is making a significant change in the way that it handles legitimate sites that have been compromised and are serving up malware. The search giant announced Monday that it will now provide webmasters with specific examples of the malicious code that was used to compromise their sites.


Secureworks researcher Kevin Stevens has written a must-read article on the Pay-Per-Install business model (PPI) that is used primarily to spread spyware and malware. 
The article discusses the way the affiliate system works, with layers of files and software programs that power the installation of malware on hijacked Windows computers.

A recently discovered botnet has been caught siphoning ad revenue away from Google, Yahoo! and Bing and funneling it to smaller networks.

According to researchers at Click Forensics, computers that are part of the so-called Bahama Botnet are infected with malware that sends them to counterfeit search pages instead of the real thing. They look authentic, and with the help of DNS poisoning routines, they even display google.com yahoo.com or bing.com in the address bar.  Read the full story [The Register/Dan Goodin]

Over on our sister site Viruslist.com, researchers Sergey Golovanov and Igor Soumenkov have published an article that studies a single spam e-mail and  illustrates the methods used by cyber criminals to create botnets and conduct mass spam mailings. The methods and techniques used are clearly illegal in nature and have a single aim: to make cyber criminals rich.  Read the full story [viruslist.com]

Among a slew of online cybercrime forums, Pay-Per-Install.org stands out as a malware flea market where shadowy pushers of Trojan downloaders and tools for evading detection are bargaining with thousands of would-be “affiliates” willing to compromise victims’ computers globally and get paid for it.
Top dollar goes to anyone who can compromise computers in the United States. Those who do the dirty work are paid $140 for every 1,000 U.S. computers they seed with bits of malware, to ready these victims’ computers for other types of criminal assaults such as stealing financial data, sending spam or pushing fake antivirus software.  Read the full story [Network World/Ellen Messmer]

TORONTO — The legitimate economy may be in rough shape right now, but the same cannot be said for the underground economy. Malware authors and botmasters are thriving, experts say, with some online criminals charging as much as $3,500 for their attack toolkits.

TORONTO — The frequency and scope of SQL injection attacks has exploded in the last year or two, with thousands of legitimate Web sites having been compromised and used to serve malware or further Web exploits. That’s the bad news. The good news is that there are some remarkably effective techniques that security professionals can use to identify and recover from these attacks.

According to a report by the Anti-Phishing Working Group (APWG), the number of phishing incidents and rogue anti-malware programs (also known as scareware) are rising at an “unprecedented rate”.
The APWG says that around four fifths of the phishing attack websites claim to offer payment and financial services and in the first half of 2009, a total of more than 485,000 strains of scareware were found. Approximately 22,000 a month were reported in January, rising to over 152,000 in June – indicating a very strong upward trend. Read the full story [h-online.com]  See the full APWG report [PDF from antiphishing.org]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.