Malware


Talking Twitter Malware with Costin Raiu

On the heels of yet another Twitter phishing attack, Threatpost editor Ryan Naraine chats with Kaspersky Lab malware researcher Costin Raiu about a new "Krab Krawler" project that pinpoints signs of malicious activity on Twitter.  Raiu introduced the project at this year’s Virus Bulletin conference.  View the VB presentation here.

Koobface, Twitter Attacks Growing More Sophisticated

GENEVA — The attacks and scams that have been affecting users of Facebook, Twitter and other popular social networking sites are continuing to evolve and improve, as the attackers learn more about their victims and refine their tactics, experts say.

Major Ad Servers Flooded With Malicious Ads

From IDG News Service (Robert McMillan)
Criminals flooded several online ad networks with malicious advertisements over the weekend, causing popular Web sites such as the Drudge Report, Horoscope.com and Lyrics.com to inadvertently attack their readers, a security company said Wednesday.
The trouble started on Saturday, when the criminals somehow placed the malicious ads on networks managed by Google’s DoubleClick, as well as two others: YieldManager and ValueClick’s Fastclick network.  Read the full story [computerworld.com]


Some sections of the popular PBS.org Web site have been hijacked by hackers serving up a cocktail of dangerous exploits.
According to researchers at Purewire, attempts to access certain PBS Web site pages yielded JavaScript that serves exploits from a malicious domain via an iframe.

An ongoing attack on Google users is sending victims to rogue anti-virus software sites, researchers said this week.
The attack takes advantage of Google’s page-ranking feature, according to researchers at eSoft’s Threat Prevention Team. The scam works like this: An attacker hacks a site, but instead of embedding exploits on the hacked site, they put links to other websites to boost rankings for malicious sites, and Google users in particular seem to be the targets. Read the full story [scmagazineus.com]

Gamers trying to update their mouse or keyboard drivers from accessory maker Razer USA’s Web site recently may have gotten more than they bargained for.
According to the IDG News Service, the company’s computers appear to have been hacked, and its support site used to spread malicious Trojan horse programs.  Customers who downloaded Razer software would get the drivers they requested, but they also got an obscure Trojan program.

There are security conferences, and then there is Virus Bulletin. While virtually all of the presentations are from researchers working at antimalware vendors and other security companies, the talks are quite technical and this year’s conference, which starts Wednesday in Geneva, Switzerland, features one most interesting speaker: Eric Davis of Google.

A new botnet, codenamed the ‘Bahama’ botnet has been linked to the recent surge in click-fraud and scareware attacks.  This video by researchers at Click Forensics shows the Bahama Botnet in action.  More on this botnet in this report.

Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft’s dominant Windows operating system.

A team of exploit writers led by Kostya Kortchinsky attacked the known SMB v2 vulnerability and created a remote exploit that’s been fitted into Immunity’s Canvas pen-testing platform. The exploit hits all versions of Windows Vista and Windows Server 2008 SP2, according to Immunity’s Dave Aitel.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.