Marcos Christodonte II - Information Security Blog » malware

Researchers Display Rootkit Capability on Smartphones

Marcos Christodonte II — Wed, 24 Feb 2010 03:44:11 +0000

Rutgers just posted a news release about malware research against smartphones. The Professor and student researchers discussed how their rootkits could “eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless.” They were able to send “invisible” text messages to the infected phone, activating the rootkit, and alerting it to make a call and turn on the microphone.

Smartphone malware isn’t a new concept, but as advances in smartphones continue, malware proliferation will follow. A few months ago, there were reports of malware infecting jailbroken iPhones. I’m sure we’ll see similar reports in the future (on non-modified phones), and a greater emphasis on smartphone antivirus to follow.

Gone Facebook Phishing?

Marcos Christodonte II — Thu, 05 Nov 2009 03:02:01 +0000

The folks at Appriver recently reported that attackers have started a serious campaign against Facebook users. According to their reports, the botnet is sending over 500 phishing messages per second. And get this, along with stealing your Facebook credentials, the botnet prompts unsuspecting users to download what appears to be an “update.” What the user really gets is malware crafted to target bank account and other financial information.

For more information on this attack, visit the Appriver blog.

Source: Appriver

The threat of short-lived malware

Marcos Christodonte II — Thu, 02 Apr 2009 18:37:57 +0000

New article:

Recently, security software vendor AVG Technologies asserted that Web-based malware attacks are now so prevalent that attackers craft them to be “secretive, short-lived and fast-moving. It’s an acceptable premise, but why the sudden shift? Is it because more active and open attacks aren’t as successful or noteworthy? Well, not quite. Let’s explore why attackers do this, how they do it, and how enterprises can defend against short-lived Web malware.

Read the rest of my article here

Valentines Day Malware – Beware

Marcos Christodonte II — Tue, 03 Feb 2009 13:55:35 +0000

Source: Panda Labs

The month of February can bring a lot of unwanted e-mail, some from old friends, others from unknown sources. Specifically, “evildoers” use this time to circulate their malicious code via spam e-mail. Some of these messages may include images of hearts and other Valentines related pictures.

In more targeted attacks, attackers may use personal information found online or through recently compromised sources. For instance, the databases of Monster.com and USAJobs.Gov were recently compromised. In their press releases, the information accessed by unauthorized sources included user names, passwords, names, e-mail addresses, and phone numbers. Attackers could use this information to personalize spam e-mail, leading to users clicking on malicious links.

PandaLabs recently reported a new variant of a worm called Saint Valentine. They have numerous URLs that are known distributors of this worm. The list can be found here

LinkedIn links leading to malware

Marcos Christodonte II — Fri, 09 Jan 2009 11:58:49 +0000

LinkedIn is a professional networking website that has gained quite a bit of exposure in the past few years. With many IT professional losing their jobs and others looking for more security, it’s not a surprise that LinkedIn’s user base has increased to over 30 million. As in most cases, attackers like to target sites where they’ll get the most exposure, leading to the highest percentage of potential victims.

Trend Micro recently reported that one of their researchers found bogus LinkedIn profiles that contained links to malware. The profiles contained images of high-profile celebrities, with links that “supposedly” downloaded their nude pictures. These links lead to a series of redirections and eventually to malware. Trend Micro also reported that attackers are using previously registered accounts that are sold in the black market by the hundreds.

New malware targeting MAC OS X

Marcos Christodonte II — Wed, 19 Nov 2008 02:33:00 +0000

Trend Micro reports of a new form a malware targeting MAC OS X. The malware, called OSX_LAMZEV.A, can download itself when a user visits a compromised website, or when a user downloads it thinking it’s a legitimate program.

According to Trend:

It prompts the user to select an application and port number above 1024. This may serve as a backdoor whenever the application is opened.

It creates the file /tmp/com.apple.DockSettings and is copied to ~/Library/LaunchAgents. It is then deleted once it has been loaded. This routine allows the backdoor to execute during system startup

The full article can be found here.

Beware of President Obama Spam!

Marcos Christodonte II — Thu, 06 Nov 2008 03:17:55 +0000

According to Sophos Plc., hackers have already launched a “President Obama” malware campaign. This widespread attack claims to provide up-to-date news results about the election. The e-mail message attempts to lure you in by saying “Watch his amazing speech.” However, the link redirects you to a fake news page that presents a download box posed as an Adobe flash player update–supposedly required to view the video.

Sophos also noted that this isn’t the first instance they’ve seen, as hackers have been quite interested in the U.S presidential race.

The full article can be found here.