Browsing Category: Web Security

Categories: Malware, Web Security

[img_assist|nid=6840|title=|desc=|link=none|align=left|width=100|height=100]Researchers have discovered a variant of the Zeus bot malware that specifically targets users who perform online-banking operations from the mobile phones, playing on the increasingly common use of SMS-based one-time passwords in order to dupe users into loading the malware.

Read more...

[img_assist|nid=6631|title=|desc=|link=none|align=right|width=100|height=100]Microsoft has released updated workaround guidance for the ASP.NET padding oracle vulnerability, suggesting that customers use a technique to block requests that specify an application error. However, the researchers who developed the attack on ASP.NET have said that the workaround is not sufficient to prevent the attack.

Read more...

[img_assist|nid=6826|title=|desc=|link=none|align=left|width=100|height=100]Another week, another fast-moving Twitter attack. Just days after engineers stamped out a nasty cross site scripting hole in the company’s Web page, the company had to contend with a worm that used an attack called “cross site request forgery” to post salacious messages and malicious links on victims’ accounts. 

Read more...

Categories: Malware, Web Security

HED: MyOpera found to host malwareBAK: The My Opera free Web hosting service is hosting malicious code, just the latest prominent hosting service to be gamed by malware distributors. Less than a month after Google’s Code hosting service was found to be hosting and serving malicious executables, a search of Opera Software’s My Opera free hosting service has also turned up malicious programs, according to a researcher at Kaspersky Lab. My Opera, a free online hosting service for users of the Opera Web browser, played host to a PHP based IRC botnet, according to a post by Dmitry Bestuzhev, a researcher at Kaspersky Lab. The bot appears to have originated in Brazil, based on an analysis of the code, though its not clear who posted it to the My Opera  hosting service or when, Bestuzhev said. In August, Web security firm zScaler found a number of malicious programs hosted on servers used to power Google Code, a free, Web based platform that provides tools and resources for developers who want  to work on projects related to Google’s various open source software. The company claimed that regular anti malware scans of its servers failed to spot the malicious programs, which included a malicious downloader programs, Trojan horses, backdoor programs and password stealing key logging programs that target massively multi player online games like World of Warcraft. In a blog post, Bestuzhev said that free hosting services are popular among criminals who are looking to upload and disseminate malicious programs. (http://www.securelist.com/en/blog/2303/Google_Mozilla_and_now_Opera_Whos_next) Hosting domains like fileave, ripway, rapidshare and 110mb are common dumping grounds for malicious programs, he wrote. The My Opera free Web hosting service is hosting malicious code, just the latest prominent hosting service to be gamed by malware distributors. 

Read more...

Categories: Government, Web Security

[img_assist|nid=6831|title=|desc=|link=none|align=right|width=100|height=100]Google is using automated warnings to alert users of its GMAIL messaging service about wide spread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks or simply random attacks. Victims include one leading privacy activist. 

Read more...

Categories: Malware, Web Security

[img_assist|nid=6833|title=|desc=|link=none|align=right|width=100|height=80]A glut of stolen data — combined with innovation and cutthroat
competition among vendors — is conspiring to keep prices for stolen
account numbers exceptionally low. Read the full article. [KrebsonSecurity]

Read more...