Malware


Microsoft battles malware with Windows AutoRun changes

In direct response to Conficker and an increased wave of malware attacks targeting the Windows AutoRun feature, Microsoft today announced significant changes to the way the operating system operates when USB drives are used.

The changes, detailed on Redmond’s Security Research & Defense blog, have been built into Windows 7 will be back-ported to Windows Vista and Windows XP in the near future. Read the full story [zdnet.com]  Also see the Microsoft SR&D blog [technet.com]

Old phishing sites still sending spam, attracting victims

The cooperative effort of ISPs, security vendors, volunteer groups and other interested parties has helped develop a quick and efficient method for taking down phishing sites, usually within hours or days of their appearance. However, many phishing sites that have been up for a week or more still send out quite a lot of spam and also draw in new phishing victims, according to a new paper by researchers at the University of Cambridge.

Beware of Swine Flu phishing, e-mail scams

Security researchers are starting to sound the alarm [avertlabs.com] for e-mail scams related to news stories on the Swine Flu.
According to a notice from US-CERT, the attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code. Read the full advisory [us-cert.gov] for protection advice.


From ZDNet (Dancho Danchev)
In a recent blog post, the Cyber Secure Institute claims that based on their previous studies into the average cost of suck malware attacks, the economic loss due to the Conficker worm could be as high as $9.1 billion.
Despite that their analysis also considered a much limited infection rate (200,000 infected hosts), they claim that the cost of the virus in this case is still around $200 million. Read the full story [zdnet.com]

The interdependencies and interconnections of the networks that run the country’s critical infrastructure assets such as water, power and gas have created a dangerously fragile system in which security is just now becoming a priority, experts say. For years the priorities for these networks have been safety, compliance and reliability, while security has only become a factor very recently, a panel of security officers from telecom and utility operators said at the RSA Conference on Thursday.

From Wired.com (Kim Zetter)

Attackers are becoming more and more organized and efficient in their information-stealing efforts and are using tactics gleaned from security professionals to get better at what they do. In a panel discussion at the RSA Conference, Joe Stewart of SecureWorks said the the trend toward organized, professional groups of attackers is moving to another level now.

From The Register (Dan Goodin)

One of Brazil’s biggest banks has suffered an attack that redirected its customers to fraudulent websites that attempted to steal passwords and install malware, according to an unconfirmed report.

According to this Google translation of an article penned in Portuguese, the redirection of Bradesco was the result of what’s known as a cache poisoning attack on Brazilian internet service provider NET Virtua. Read the full story [theregister.co.uk]

By Andrew Storms

Managing IT for a software company has its challenges.  For me, the lines between efficiency, security and innovation are difficult to draw at a company like nCircle where engineers require some freedom to perform their best.  The panelists at the RSA session “Responding to the ignored threat – Macs in the Enterprise” seemed to face the same kind of problems I do.

Multiple news outlets [ZDNet, CBC, The Register and Washington Post] are reporting on what appears to be the first malicious botnet made up only of machine’s running Apple’s Mac operating system.
The botnet is directly linked to a previously known Trojan that was embedded into pirated copies of Apple’s iWorks program.  It was being used in the past to launch denial-of-service attacks.  The full analysis of the botnet is available at Virus Bulletin [subscription required]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.