Untitled
AVS Firewall 2.1.1.238: Protect your PC against malware and hacker attacks with AVS Firewall. http://bit.ly/bHObS
via Ping.fm
Explore Posterous
Search posterous
Search all posts and users. Type a name, type a favorite song title, whatever! See what comes up.
More posterous blogs
Here are posterous posts filed under malware...
Security: Thousands of sites loaded with potent malware cocktail!
'Ugly can of worms'
Author: Dan Goodin in San Francisco
Cybercriminals have laced about 2,000 legitimate websites with a potent malware cocktail that surreptitiously attacks people who browse to them, a security researcher warned Friday.
Unlike past outbreaks of the mass web attack known as Gumblar (http://www.theregister.co.uk/2009/05/14/viral_web_infection/), this round actually plants exploit code on the website servers themselves. Curiously, the directory and file name of the malicious payload is in most cases unique and identical to a legitimate file that existed on the website.
The trick makes it extremely difficult for webmasters and anti-malware programs to detect the threats.
"This is an ugly can of worms," said Mary Landesman, the ScanSafe security researcher who warned of the mass attack. "Any time you see a new technique evolve like this the concern is we'll be seeing much more of this in the future, and certainly it complicates the remediation of the compromised website."
Previously, Gumblar planted links in thousands of compromised websites that silently redirected users to a handful of servers that hosted the exploits. That method allowed white hats to foil the attack by shutting down one or two domains. With the malware embedded directly in the compromised websites, the take-down process is significantly more time consuming.
Also making matters hard for Landesman to get the sites cleaned up: Most of the websites belong to small businesses that cater to non-English speakers. Few of them have dedicated security employees, and even when representatives can be located, the person contacting them must speak multiple languages.
While the websites are relatively small, Gumblar architects have planted links in online discussion forums across the web that often cause RSS readers to automatically send users to the booby-trapped pages. Landesman suspects black-hat search engine optimization may also be causing the infected sites to be featured prominently in results returned by Google and others.
People who are unfortunate enough to visit the sites won't see anything unusual. But behind the scenes, a PHP script checks their version of Adobe Reader and Adobe Flash, and if either is out of date, hijacks their PCs using known vulnerabilities. If both of those programs are up to date, the script tests to see if the system is vulnerable to several bugs Microsoft has patched in the last few months.
Hijacked machines will be installed with a backdoor that gives the hijackers complete control. They are also equipped with malware that manipulates search results returned by Google.
It's unclear exactly how the sites are getting compromised. Landesman suspects FTP passwords for the sites have been lifted from administrators' computers using key-logging malware. ®
Original URL: http://www.theregister.co.uk/2009/10/16/gumblar_mass_web_compromise/
Dangerous SPAM email circulating
A new dangerous SPAM / Phish / Social-Engineering email is circulating which lures a user into downloading and installing a malware package onto their computer. Be Vigilant!
Attention! On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all. http://evil-link/evil-file Thank you in advance for your attention to this matter and sorry for possible inconveniences. System Administrator Environment Source: Email
Affects Windows Systems Resolution 1. Do Not download file or click on links in email messages
2. Contact IT Support if you have questions Additional Information / References SANS Internet Storm Center Diary Entry: http://isc.sans.org/diary.html?storyid=7333
Dangerous SPAM email circulating
A new dangerous SPAM / Phish / Social-Engineering email is circulating which lures a user into downloading and installing a malware package onto their computer. Be Vigilant!
=================================================================================================================================================== Problem New SPAM / Phish / Social-Engineering attack via email. The message is crafted to appear as if it came from an internal IT source, and prompts the user to download a "patch" to be ready for an upcoming "server upgrade" to the mail system. The download is actually a multi-faceted malware package which installs Trojans, a key logger, disables AV software, and performs other actions on the user's PC. Text of the message is pasted below with certain information redacted for safety. =====================================================================================================================================================Attention! On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all. http://evil-link/evil-file Thank you in advance for your attention to this matter and sorry for possible inconveniences. System Administrator =======================================================================================================================================================
Environment Source: Email
Affects Windows Systems
======================================================================================================================================================= Resolution 1. Do Not download file or click on links in email messages
2. Contact IT Support if you have questions ======================================================================================================================================================= Additional Information / References SANS Internet Storm Center Diary Entry: http://isc.sans.org/diary.html?storyid=7333
New Labs in Google Webmaster Tools
Today Google has announced two new tools a webmaster can access via the new Labs section on Google Wemaster tools.
Fetch as Googlebot
This function let you create a simulate crawl for single pages of your website. Just submit the page and with a few minutes you get a report about what Google gets if the bot has crawled your page.
The interesting thing is that the output show the web page headers as well:
Malware details
This section will show you the pages where malware was detected if Google has found any malicious code on your websites.
Cool last time it took hours to find it all. Anyway it's always better to scan your server for malware.
Untitled
A Squared Free 4.5.0.21: Scans your computer for malware software Trojan Horse, Dialer, Worms, Spyware http://bit.ly/3MBTO3
via Ping.fm
New Facebook Malware Attack Is Spreading | Facebook
When Facebook attacks, it’s not pretty. We were just remarking on how new ways of spreading malware were plaguing social media, and now the second Facebook-related scam in the past week appears to be spreading.
Have a look at the picture below, and if you see a profile similar to what you see in the screenshot, do not click on the video link. If you do, you’ll see a similar “malware warning” to that pictured at right. If you keep following the prompts, of course, you’ll then actually be infected as the program pretending to warn you about malware installs its own malware payload.
This time the spyware appears to have the ability to create fake Facebook accounts and endow the profiles with these fake links. It’s troubling because it means the hackers have figured out a way to endrun around the captcha system that usually ensures the account creator is a real human.
Until Facebook has a chance to deactivate these rogue accounts, use caution when encountering any profile that looks similar to the above screenshot. Let us know in the comments if you’ve seen any of these fishy profiles in your travels around Facebook today.
via mashable.com
WARNING: Facebook Worm Spreading via News Feed | Mashable
Malware and spam are finding new ways to spread across social media. A few days ago, a nasty Twitter Worm spread through DMs. Today, we have received multiple reports that a new worm is spreading via Facebook wall posts and status updates.
The worm makes a post on walls and updates. The text is as follows:
IF YOU SEE THIS POST AND LINK, DO NOT CLICK IT! It is malware and dangerous to your computer. We have found multiple instances of this worm in Facebook’s Real-time search and through reports from our readers and friends.
IF YOU ARE ALREADY AFFECTED: Immediately change your password, delete all of the malware posts, and post a warning to not visit the link in question. We will update this post as we learn more.
Thank you Drew for the heads-up and for the image.
via mashable.com
Internet Scammers Leap on Patrick Swayze's Death
Unconvincingly disguised as a news report about Swayze's death, the malicious Web site does contain strings of words that mention Swayze, his illness and death, but are not a comprehensible account of what happened.The site also generates what appears to be a pop-up window warning: "Your system requires immediate anti virus scan!! Total Security can perform fast and free virus and malicious software scan of your computer."
There may be hints of awkward phrasing in that warning, but this further warning has errors that should be a tip off that it is bogus: "Your computer remains infected by threats. They might lead to data loss and file structure damage, and needed to be heal as soon as possible. Return to the Total Security and download it secure to your PC."
The malware displays a pop-up that has the appearance of a Windows system screen with warnings in red that read, "Your Computer is Infected" and "Your private data is under attack!"
Victims who roll their mouse over the image download an installer.
The pattern for this type of deception is to convince visitors to take some action that downloads an installer which persistently displays virus warnings to the point that their desktops are no longer accessible.
via pcworld.com
Key thing to remember... use caution; there is danger lurking around every corner of the internet.
Ads--the new malware delivery format | CNET
Instead of hacking into major online sites to embed malware, malicious hackers are going in through the front door by exploiting security holes in systems for delivering ads.
It happened just days ago, for instance, to the Web site of The New York Times. The newspaper company informed readers on Sunday about a rogue ad that was popping up on its site. The ad warned visitors to NYTimes.com that their computer may be infected with a virus and redirected them to a site that purports to scan the computer and offers to sell antivirus software.
This is common behavior for what is known as fake security alerts, or "scareware," designed to trick people into paying for something they don't need. Use of this type of scam is on the rise.
Typically, the site hosting the rogue alerts has been compromised, or a worm, like Conficker, distributes the alerts directly to computers.
On his blog Input & Output, Seven Scale CEO Troy Davis offers an analysis of the scareware ad that appeared on NYTimes.com.
(Credit: Troy Davis)
via news.cnet.com
More info at link ..
