Malware

By Curt WilsonIn late July 2011, a specific piece of malware came to our attention. Analysis revealed that this particular piece of malware was launching DDoS attacks and we have direct evidence of DDoS attack on two Russian websites. One of these was a gaming website, the other involved in selling a popular smartphone. Further research determined that this malware was also used in attacks on yet another Russian gaming site, test attacks on various other sites, attacks on a large corporations load balancer, and a damaging attack on a Russian electronic trading platform.

There has been a huge spike in spam volume in the last few days, including a massive amount of malicious spam with infected attachments, and researchers say that levels of junk mail are now far higher than they were before the takedown of the notorious Spamit affiliate program last fall.

Editor’s note: Finding Aaron Barr at this year’s DEFCON hacker conference in Las Vegas was like a giant game of “Where’s Waldo.” Given the events of the past year, you can hardly blame him for keeping a low profile. First there was the attack on him and his then-employer, HBGary Federal, his decision to part ways with HBGary, his work to rehabilitate his image and turn his personal misfortunes into a ‘teaching moment’ for the industry, and then the legal wrangling in recent weeks that threw cold water on his plans to take part in a panel discussion about Anonymous at DEFCON. Barr was courted by numerous news outlets at the show, including the mainstream media. But he preferred, for the most part, to keep his counsel. So when Aaron offered to contribute his thoughts on this year’s DEFCON to Threatpost, we jumped at it. Here’s what he had to say.  

A new report shows that the latest version of Internet Explorer, equipped with some new anti-malware functionality, catches more Web-based malware attacks than any of the other major browsers on the market. IE 9 caught nearly 100 percent of the attacks thrown at it in a new test done by NSS Labs.

The steady drumbeat of malware and spyware targeting the Android platform is continuing, this time with the emergence of a new variant of an Android Trojan that masquerades as a Google+ app and has the ability to not only record phone calls, but also to answer incoming calls and respond to remote commands that arrive via SMS.

Rep. Mary Bono Mack, chair of the influential House committee that oversees information security, is asking for more information about the Shady RAT attacks that McAfee publicized last week, saying that the “details of the report are alarming at the least,” and asking that researchers brief members of the committee.

Scareware and Rogue AV are back with a vengeance in 2011, after receding in 2010 according to Kaspersky Lab’s latest threat evolution report.