malware attacks

Exploit Kits Now Updated With New Wares Before Patches Are Ready

The creators and maintainers of exploit kits often rely on public reports of new exploits and proof-of-concept exploit code in order to be able to add new exploits to their software. And in many cases, the exploits included in kits such as Black Hole and Eleonore and others will be for vulnerabilities that are older and have long since been patched. But, if recent events are any indication, that could be changing.

Microsoft Unveils New Windows Defender Offline Tool

Microsoft has released a beta version of a new tool that can help victims of malware attacks recover from ugly infections, even if they don’t have the ability to reach the Internet. The Windows Defender Offline tool enables users to clean their systems of malware from a CD or other removable media.

The Black Hole exploit kit and the Carberp Trojan have a lovely, symbiotic relationship and they’ve recently decided to take that relationship to the next level. In the last month, there has a been a major spike in the volume of Carberp infections related to attacks from sites hosting Black Hole, mostly exploiting Java vulnerabilities.

Duqu has been called the spawn of Stuxnet, or maybe some sort of stepchild or second cousin. That initial analysis came from some similarities in the code of the two attack tools, and now that researchers have had more time to pull Duqu apart and see how it works, it seems more and more likely that the two were written by the same group. In the second part of an interview with Costin Raiu, who has done a lot of research on Duqu, Threatpost editor Dennis Fisher talks with Raiu about the similarities to Stuxnet, the targets for Duqu and why the authors may have made a key mistake.

Stuxnet has become the bogeyman of Internt security and cyberwar, showing up in marketing pitches, PowerPoint presentations and press releases from Washington to Silicon Valley to Tehran. But while Stuxnet has been garnering headlines for more than a year now, the far more serious threat in terms of potential long-term damage has turned out to be Duqu. The malware first came to light in September, but it may have been circulating four or five months before that. Its customizable, modular architecture has been a challenge for researchers seeking to understand its operation and its creators’ intentions. Threatpost editor Dennis Fisher spoke with Costin Raiu, one of the main researchers working on Duqu at Kaspersky Lab, about the relationship between Stuxnet and Duqu, the possible identity of the attackers and the investigation into its architecture.

The TDSS rootkit has proven to be more pliable and adaptable than a campaigning politician, and attackers have used it in various forms for the last three or four years for all sorts of different attacks. It shows up in drive-by downloads, targeted attacks and just about everything in between, and one of the newer jobs it’s been assigned is to deliver the DNSchanger Trojan.

As the analysis of the Duqu malware continues to evolve, the picture that’s emerging is becoming more and more intriguing. The latest bits of evidence uncovered show that not only do the attackers create custom files for each individual attack, there is evidence indicating that they might have been working on Duqu in some form since 2007.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.