GLOBAL SECURITY ADVISOR RESEARCH BLOG http://blogs.totaldefense.com en-gb Mon, 28 Jul 2014 14:52:32 GMT New Scam - Clip of Flight MH-17 Crash A video clip is spreading on Facebook promising "exclusive documentation" of flight MH-17 crash leads the victims to a malicious site that infects computers with viruses .

]]>
http://blogs.totaldefense.com/blogs/2014/07/28/New-Scam-Clip-of-Flight-MH-17-Crash.aspx http://blogs.totaldefense.com/blogs/2014/07/28/New-Scam-Clip-of-Flight-MH-17-Crash.aspx Mon, 28 Jul 2014 14:52:32 GMT
Connected Cars: Hackers next target Connected cars are a reality, but are they secured?

Private information, software updates and specialized applications for Connected Cars are the three main areas under which hackers can initiate attacks.

]]>
http://blogs.totaldefense.com/blogs/2014/07/08/Connected-Cars-Hackers-next-target.aspx http://blogs.totaldefense.com/blogs/2014/07/08/Connected-Cars-Hackers-next-target.aspx Tue, 08 Jul 2014 18:36:14 GMT
Flappy Bird goes viral - literally According to reports, about 80 percent of the clonings of the popular smartphone game ‘Flappy Bird’ contain virus.

The viruses were observed sending messages and making phone calls without permission, while their main goal is to call premium numbers in order to steal money from users.

]]>
http://blogs.totaldefense.com/blogs/2014/06/25/Flappy-Bird-goes-viral-literally.aspx http://blogs.totaldefense.com/blogs/2014/06/25/Flappy-Bird-goes-viral-literally.aspx Wed, 25 Jun 2014 00:00:00 GMT
Beware: Brazil World Cup scams While the world watches as Brazil World Cup 2014 started, the network crooks join in celebrating with campaigns aimed at football fans.

Cyber criminals are very active in creating sophisticated Web sites posing as genuine World Cup sites, and sites of sponsors and partners of the event, including recognized and well-known brands, in an attempt to lure users to share their personal information, such as user names, passwords and credit card numbers.

]]>
http://blogs.totaldefense.com/blogs/2014/06/17/Beware-Brazil-World-Cup-scams.aspx http://blogs.totaldefense.com/blogs/2014/06/17/Beware-Brazil-World-Cup-scams.aspx Tue, 17 Jun 2014 17:19:30 GMT
Beware: First ransomware for Android has been discovered! The first ransomware running on Android devices that encrypts files has been discovered - in contrast to earlier discoveries of heretic software also on the Android platform, which prevents access to files but does not encrypt them.

During the last several year, the infamous CryptLocker, which runs on Windows Operating System, has been a prolific source of income for hackers and criminals inside the online world.

]]>
http://blogs.totaldefense.com/blogs/2014/06/10/Beware-First-ransomware-for-Android-has-been-discovered.aspx http://blogs.totaldefense.com/blogs/2014/06/10/Beware-First-ransomware-for-Android-has-been-discovered.aspx Tue, 10 Jun 2014 20:21:06 GMT
Watch Dogs: Watch out Gamers who downloaded a cracked version of the action game ‘Watch Dogs’ that deals with virtual hacking, fell victim to real life hacking.

]]>
http://blogs.totaldefense.com/blogs/2014/06/04/Watch-Dogs-Watch-out.aspx http://blogs.totaldefense.com/blogs/2014/06/04/Watch-Dogs-Watch-out.aspx Wed, 04 Jun 2014 16:36:13 GMT
Attack of the clones: Fake Antivirus penetrates the App stores Fake Antivirus software appear more frequently in mobile application stores. Several software products masquerading as major security applications were found in stores for mobile applications. One example discovered a fake application in the Windows Phone store....

]]>
http://blogs.totaldefense.com/blogs/2014/05/20/Attack-of-the-clones-Fake-Antivirus-penetrates-the-App-stores.aspx http://blogs.totaldefense.com/blogs/2014/05/20/Attack-of-the-clones-Fake-Antivirus-penetrates-the-App-stores.aspx Tue, 20 May 2014 18:03:29 GMT
Caution: Don't click links in text messages Pay attention to Russian inscription text messages containing link arriving to mobile devices.

Whoever clicks the link will probably get infected by a Worm that in turn forwards the message to all your contact list.

]]>
http://blogs.totaldefense.com/blogs/2014/05/19/Caution-Dont-click-links-in-text-messages.aspx http://blogs.totaldefense.com/blogs/2014/05/19/Caution-Dont-click-links-in-text-messages.aspx Mon, 19 May 2014 14:39:58 GMT
A hole in the browser: IE new vulnerability (CVE-2014-1776) Do you still use Windows XP? Microsoft has unveiled a good reason to upgrade: a security breach that allows hackers to easily penetrate computers who run the Internet Explorer browser. XP is particularly vulnerable to the breach, because Microsoft stopped distributing its security updates.

]]>
http://blogs.totaldefense.com/blogs/2014/04/29/A-hole-in-the-browser-IE-new-vulnerability-CVE-2014-1776.aspx http://blogs.totaldefense.com/blogs/2014/04/29/A-hole-in-the-browser-IE-new-vulnerability-CVE-2014-1776.aspx Tue, 29 Apr 2014 18:10:51 GMT
Security bug: The internet bleeds passwords A particularly serious security bug was discovered in the code that encrypts the name, password and other information we type in web sites.

Major sites have announced they fixed the bug, but many smaller sites may still be affected.

]]>
http://blogs.totaldefense.com/blogs/2014/04/14/Security-bug-The-internet-bleeds-passwords.aspx http://blogs.totaldefense.com/blogs/2014/04/14/Security-bug-The-internet-bleeds-passwords.aspx Mon, 14 Apr 2014 13:47:57 GMT
What's the relation between the 'Turla' worm and the U.S. Army most serious computing hack in history? In 2008, a very powerful variant of the infamous ‘Agent’ worm hit local computing networks of the U.S. Army central command in the Middle East. It was classified as the worst computing hack in the history of the U.S. Army. Pentagon experts took 14 months to completely remove the malware from the military network.

]]>
http://blogs.totaldefense.com/Blogs/2014/04/08/Whats-the-relation-between-the-Turla-worm-and-the-US-Army-most-serious-computing-hack-in-history.aspx http://blogs.totaldefense.com/Blogs/2014/04/08/Whats-the-relation-between-the-Turla-worm-and-the-US-Army-most-serious-computing-hack-in-history.aspx Tue, 08 Apr 2014 14:35:18 GMT
Facebook fraud infecting hundreds of thousands using the Malaysian plane disappearance story During recent days, a new Facebook scam is causing hundreds of thousands of infections onto users' computers worldwide.The hackers posted a fake page claiming...

]]>
http://blogs.totaldefense.com/blogs/2014/03/17/Facebook-fraud-infecting-hundreds-of-thousands-using-the-Malaysian-plane-disappearance-story.aspx http://blogs.totaldefense.com/blogs/2014/03/17/Facebook-fraud-infecting-hundreds-of-thousands-using-the-Malaysian-plane-disappearance-story.aspx Mon, 17 Mar 2014 14:18:24 GMT
Finally! iOS 7 update against the wireless breach New update for iOS 7, the operating system of iPhone and iPad, revealed the unprecedented scale of exposed passwords of hundreds of millions of users on wireless networks for more than year and a half!

]]>
http://blogs.totaldefense.com/blogs/2014/02/27/Finally-iOS-7-update-against-the-wireless-breach.aspx http://blogs.totaldefense.com/blogs/2014/02/27/Finally-iOS-7-update-against-the-wireless-breach.aspx Thu, 27 Feb 2014 21:42:25 GMT
Enter NTP – Hackers new favorite weapon Lately, the DDoS world record was broken (again). An unprecedented scale Cyber-attack of 400Gbps symbolizes the rise of using the favorite NTP protocol for attacks.

What could be described as a continuation of a disturbing trend, in recent days we have witnessed attacks that become much stronger from multiple various factors on the internet, especially during the last week.

]]>
http://blogs.totaldefense.com/blogs/2014/02/19/Enter-NTP-Hackers-new-favorite-weapon.aspx http://blogs.totaldefense.com/blogs/2014/02/19/Enter-NTP-Hackers-new-favorite-weapon.aspx Wed, 19 Feb 2014 15:55:11 GMT
Accelerating Compliance for the Small to Medium Sized Enterprise Today we released a major update to our Total Defense for Business platform, extending our leadership in pure-cloud security and driving greater value for our customers and partners.  Today’s release includes major advancements in email archiving and data leakage prevention (DLP), both of which aim to solve a consistent challenge for organizations of all sizes –the compliance challenge.

]]>
http://blogs.totaldefense.com/blogs/2014/02/18/Accelerating-Compliance-for-the-Small-to-Medium-Sized-Enterprise.aspx http://blogs.totaldefense.com/blogs/2014/02/18/Accelerating-Compliance-for-the-Small-to-Medium-Sized-Enterprise.aspx Tue, 18 Feb 2014 21:51:43 GMT
Serious security breach in Wikipedia Hackers can use a loophole in one of the world's largest Web sites, remotely take control of it and plant malware in it. The same loophole also affects hundreds of thousands of other sites.

A particularly severe security breach was discovered on the MediaWiki platform, which is relied by hundreds of thousands of websites across the net, including the online encyclopedia site Wikipedia, one of the ten most viewed websites on the Internet.

]]>
http://blogs.totaldefense.com/blogs/2014/01/31/Serious-security-breach-in-Wikipedia.aspx http://blogs.totaldefense.com/blogs/2014/01/31/Serious-security-breach-in-Wikipedia.aspx Fri, 31 Jan 2014 14:35:34 GMT
Fax Message has arrived Recently, significant number of computers have been successfully attacked by new social engineered thread.
We got these complains from our customers along with some malicious messages by emails.

]]>
http://blogs.totaldefense.com/blogs/2014/01/27/Fax-Message-has-arrived.aspx http://blogs.totaldefense.com/blogs/2014/01/27/Fax-Message-has-arrived.aspx Mon, 27 Jan 2014 19:36:36 GMT
Beware: Chrome malicious plugins Hackers buy chrome plugins in order to turn them into malware. Virus developers put their hands on legitimate and popular plugins and turn them into hacking tools, specifically because the plugins are considered legitimate, most antivirus programs do not detect their activity. So how can you identify the affected plugins and dispose them?

]]>
http://blogs.totaldefense.com/blogs/2014/01/20/Beware-Chrome-malicious-plugins.aspx http://blogs.totaldefense.com/blogs/2014/01/20/Beware-Chrome-malicious-plugins.aspx Mon, 20 Jan 2014 19:55:45 GMT
Don't have double protection yet? After hearing about too many attempts of password stealing, maybe it’s time to take your account security a step further and define two-phase authentication that ensures you always have access to your e-mail, PayPal and other services with less fear.

]]>
http://blogs.totaldefense.com/blogs/2014/01/14/Dont-have-double-protection-yet.aspx http://blogs.totaldefense.com/blogs/2014/01/14/Dont-have-double-protection-yet.aspx Tue, 14 Jan 2014 20:12:27 GMT
Again - The Syrian Electronic Army strikes Microsoft The Syrian hackers are attacking Microsoft again, while trying to convince users to leave Microsoft services.
For the second time in two weeks, after the first attack, the Syrian Electronic Army (or SEA ) manages to break a number of services that belong to Microsoft.

]]>
http://blogs.totaldefense.com/blogs/2014/01/13/Again-The-Syrian-Electronic-Army-strikes-Microsoft.aspx http://blogs.totaldefense.com/blogs/2014/01/13/Again-The-Syrian-Electronic-Army-strikes-Microsoft.aspx Mon, 13 Jan 2014 18:30:13 GMT
An embarrassment to Skype: Its Twitter, Facebook and blog were hacked The Syrian hackers group strikes again, this time as a successful break into the site and social accounts of Skype. Unlike previous breaches, this time the group focused on privacy and made ​​it clear to users that they are being monitored and that they should stop using Microsoft services.

]]>
http://blogs.totaldefense.com/blogs/2014/01/03/An-embarrassment-to-Skype-Its-Twitter-Facebook-and-blog-were-hacked.aspx http://blogs.totaldefense.com/blogs/2014/01/03/An-embarrassment-to-Skype-Its-Twitter-Facebook-and-blog-were-hacked.aspx Fri, 03 Jan 2014 15:24:08 GMT
So you think HTTPS is safe? After all the recent security scandals, I think it’s time to explain how the most common security mechanism on the network works. It was 11:23pm, my wife was checking the latest merchandize on yet another online shopping site, when suddenly I heard her voice: “Hey this one has no HTTPS!”. She knows better not to order from non-secure sites. But then again, what if it had HTTPS? Is it safe? First thing first, what is HTTPS?

]]>
http://blogs.totaldefense.com/blogs/2014/01/03/So-you-think-HTTPS-is-safe.aspx http://blogs.totaldefense.com/blogs/2014/01/03/So-you-think-HTTPS-is-safe.aspx Fri, 03 Jan 2014 15:14:08 GMT
How to remove Qvo6? Last week, Google released the list of words and phrases most searched in 2013. The most burning question among all expressions was: "How to remove Qvo6? ".

First of all, what is Qvo6?

Qvo6 is a type of malware known as "browsers hijacker". This means it takes over your browser’s home page or search engine and directs your queries to other sites, which in turn do more damage as they also take control over your browser shortcuts and more.

]]>
http://blogs.totaldefense.com/blogs/2014/01/03/How-to-remove-Qvo6.aspx http://blogs.totaldefense.com/blogs/2014/01/03/How-to-remove-Qvo6.aspx Fri, 03 Jan 2014 15:05:49 GMT
A game records your WhatsApp calls! A new App in Google store named 'Balloon Pop 2’, is seemingly innocent game hat is actually recording user’s WhatsApp calls and publishes them on a website called WhatsAppCopy where anyone can put a phone number and watch the full transcript of the conversation.

]]>
http://blogs.totaldefense.com/blogs/2013/12/12/A-game-records-your-WhatsApp-calls.aspx http://blogs.totaldefense.com/blogs/2013/12/12/A-game-records-your-WhatsApp-calls.aspx Thu, 12 Dec 2013 19:11:01 GMT
Two Big Announcements Today from Total Defense It’s been a very busy end of year here at Total Defense – we’ve been launching new products, expanding our cloud security network and even collecting a few industry awards.  Not content to end the year on those announcements alone, today we’ve made two major announcements that we’re incredibly proud of.

]]>
http://blogs.totaldefense.com/blogs/2013/12/11/Two-Big-Announcements-Today-from-Total-Defense.aspx http://blogs.totaldefense.com/blogs/2013/12/11/Two-Big-Announcements-Today-from-Total-Defense.aspx Wed, 11 Dec 2013 19:55:53 GMT
Kelihos: A good job for good pay! Kelihos, is considered the HIV of all malware. This Trojan is really famous, and has been on TV and other media news reports and even has its own Wikipedia entry - http://en.wikipedia.org/wiki/Kelihos_botnet

The Kelihos family of Trojans is not only huge, but it is also impossible to conclude all its symptoms nor show all email messages it posts because its variants are just too different from one another.

]]>
http://blogs.totaldefense.com/blogs/2013/11/19/Kelihos-A-good-job-for-good-pay.aspx http://blogs.totaldefense.com/blogs/2013/11/19/Kelihos-A-good-job-for-good-pay.aspx Tue, 19 Nov 2013 22:21:19 GMT
Adobe: How did the passwords hack become a crossword puzzle? After Adobe’s passwords database has been hacked, a security expert jokingly created an online crossword puzzle, which the questions and answers are based on the users' hacked data . What’s the main lesson here? Choose a better password.

]]>
http://blogs.totaldefense.com/blogs/2013/11/18/Adobe-How-did-the-passwords-hack-become-a-crossword-puzzle.aspx http://blogs.totaldefense.com/blogs/2013/11/18/Adobe-How-did-the-passwords-hack-become-a-crossword-puzzle.aspx Mon, 18 Nov 2013 15:00:24 GMT
Ruftar doesn't slow down The first sample of this huge ISF (information stealing family) of Trojans has been received from our customers at the year of 2011. Since then multiple variants of this family have been released, but most of them have been successfully detected by our product and system infection has been prevented.

]]>
http://blogs.totaldefense.com/blogs/2013/11/12/Ruftar-doesnt-slow-down.aspx http://blogs.totaldefense.com/blogs/2013/11/12/Ruftar-doesnt-slow-down.aspx Tue, 12 Nov 2013 20:19:01 GMT
Sality gets upgrade Sality is a family of polymorphic memory resident Win32 parasitic viruses with driver component. First discovered many years ago, the virus is still found in the wild, although antiviruses detect known variants and prevent infection, the real problem is new emerging upgraded variants.

]]>
http://blogs.totaldefense.com/blogs/2013/11/12/Sality-gets-upgrade.aspx http://blogs.totaldefense.com/blogs/2013/11/12/Sality-gets-upgrade.aspx Tue, 12 Nov 2013 14:33:01 GMT
ZBot: The never ending Trojan It was around 2007 when we first encountered the ‘Win32/ZeusBot Trojan Horse’, AKA 'ZBot'.
The first versions of the malware was used against the U.S. Department of Transportation, mainly in order to steal information such as various passwords.

Since then, multiple variants have been released, adding more and more functionalities and 'bad' stuff with every update, mainly by criminal groups in order to steal banking information.

]]>
http://blogs.totaldefense.com/blogs/2013/11/11/ZBot-The-never-ending-Trojan.aspx http://blogs.totaldefense.com/blogs/2013/11/11/ZBot-The-never-ending-Trojan.aspx Mon, 11 Nov 2013 15:33:56 GMT
Digital Dragon - Enter the Chinese Cyber Army The Cold War ended, the Berlin Wall fell and no longer nuclear submarines prowl the waters of the oceans waiting to rain down nuclear Armageddon on our planet, or so they tell us. However, a new Cold War is unfolding in real and its consequences can be disastrous. This is a conflict between the rising superpower of China with the older superpower of the U.S.

Secret battle that is not held by spies, secret quotes and irreversibility of the Cold War, but by planting malicious emails, breaking firewalls and shutting down servers.

]]>
http://blogs.totaldefense.com/Blogs/2013/11/04/Digital-Dragon-Enter-the-Chinese-Cyber-Army.aspx http://blogs.totaldefense.com/Blogs/2013/11/04/Digital-Dragon-Enter-the-Chinese-Cyber-Army.aspx Mon, 04 Nov 2013 15:23:16 GMT
More than a third of the users do not bother with Wi-Fi protection It has become almost second nature - Surfing on the Wi-Fi network. However, while connecting to a wireless network can hold hidden risks, more than a third of the users do not take any caution when connecting.
It is easy to connect to the network. Alongside cellular networks and broadband Internet communications, usually there is at least one wireless access point to which you can connect mobile devices and computers.

]]>
http://blogs.totaldefense.com/blogs/2013/10/28/Blog-More-than-a-third-of-the-users-do-not-bother-with-Wi-Fi-protection.aspx http://blogs.totaldefense.com/blogs/2013/10/28/Blog-More-than-a-third-of-the-users-do-not-bother-with-Wi-Fi-protection.aspx Mon, 28 Oct 2013 20:42:34 GMT
Hacking Twitter accounts – sometimes it can be serious On October 21st, The Twitter account of ‘Malindo Air’, a Malaysian airline company, was hacked. The burglar displayed a message saying that the airline supposedly is giving away 100 thousand free tickets. Company officials immediately published a denial on that account as well as their Facebook account, however it seemed like the attacker still had access the company's twitter account as although the original post was canceled, another message popped right after, offering 100 thousand free tickets in light of events

]]>
http://blogs.totaldefense.com/blogs/2013/10/28/Hacking-Twitter-accounts-sometimes-it-can-be-serious.aspx http://blogs.totaldefense.com/blogs/2013/10/28/Hacking-Twitter-accounts-sometimes-it-can-be-serious.aspx Mon, 28 Oct 2013 20:17:26 GMT
Stop, thief! Introducing latest hacker tricks You could say that computers and the Internet are with us long enough that we could be considered 'understanding'.

When we get an email telling us we won a million dollars or wants our bank details, we say "yeah right", and dump it to the trash. Then yet how do we still fall into traps?

]]>
http://blogs.totaldefense.com/blogs/2013/10/22/Stop-thief-Introducing-latest-hacker-tricks.aspx http://blogs.totaldefense.com/blogs/2013/10/22/Stop-thief-Introducing-latest-hacker-tricks.aspx Tue, 22 Oct 2013 19:12:23 GMT
Introducing - The Hand of Thief A Russian hackers team has set a goal to conquer Linux and is planning to make a lot of money out of it. Meet the ‘Hand of Thief’ - A Trojan directed directly onto your bank account.
This is not the first Trojan developed by these cyber Russian hackers, only few weeks ago there have been reports about a new Trojan attacking online banking customers on Windows. This time  the hackers group has set a new goal - a Trojan designed to attack on Linux operating systems.

]]>
http://blogs.totaldefense.com/blogs/2013/10/10/Introducing-The-Hand-of-Thief.aspx http://blogs.totaldefense.com/blogs/2013/10/10/Introducing-The-Hand-of-Thief.aspx Thu, 10 Oct 2013 13:40:53 GMT
An alarming increase in ransom-ware infections An abnormal increase of more than 200% in ransom-ware infections has been observed during the last several months. The malicious code was observed spreading across all of Europe and the U.S.
The ransom-ware takes over the computer, encrypts files mostly by using Filecoder software and then demands a ransom between 100 to 3,000 Euros in order to remove the encryption.

The Filecoder is part of a family of malicious software and is considered more dangerous and heretic compared to other ransom programs following its high level of sophistication and quantity of its versions that have been distributed on the network. The Filecoder usually encrypts images, documents , music files and archives.

]]>
http://blogs.totaldefense.com/blogs/2013/10/09/An-alarming-increase-in-ransom-ware-infections.aspx http://blogs.totaldefense.com/blogs/2013/10/09/An-alarming-increase-in-ransom-ware-infections.aspx Wed, 09 Oct 2013 09:32:31 GMT
Oops: iPhone 5s biometric ID has been compromised Apple’s new iPhone 5s device keeps on being tested all over the place. Only few days after discovering a loophole in its lock-screen, a new bypass was found.

One of the most interesting features introduced in the new iPhone is the biometric lock mechanism, which the company called - ‘Touch ID’. This is a mechanism that allows users to unlock the screen using their fingerprint recognition, to add another layer of security to information contained on the device, especially when the device is lost or stolen.

]]>
http://blogs.totaldefense.com/blogs/2013/10/03/Oops-iPhone-5s-biometric-ID-has-been-compromised.aspx http://blogs.totaldefense.com/blogs/2013/10/03/Oops-iPhone-5s-biometric-ID-has-been-compromised.aspx Thu, 03 Oct 2013 12:35:49 GMT
Bypass iOS 7 lock-screen in less than a minute. Jose Rodriguez, a 36 years old soldier who lives in Spain was first to reveal the gap. A video showing how easy it is to bypass the lock screen in Apple’s new devices running iOS 7 and to penetrate it in less than a minute using only a few clicks

Shortly after the official launch of Apple's operating system iOS 7 for iPhones and iPads , an embarrassing security breach in its lock screen has been exposed. A loophole that allows anyone to bypass the lock code and unlock the device, access its photo albums, email, Twitter account, Facebook, Flicker and more.

]]>
http://blogs.totaldefense.com/blogs/2013/09/23/Bypass-iOS-7-lock-screen-in-less-than-a-minute.aspx http://blogs.totaldefense.com/blogs/2013/09/23/Bypass-iOS-7-lock-screen-in-less-than-a-minute.aspx Mon, 23 Sep 2013 10:08:26 GMT
This girl could get you in trouble What is common between Lily Collins, Britney Spears, Sandra Bullock, Adriana Lima, Katy Perry and Jon Hamm? Give up? I’ll give you a hint: All are more dangerous than you think.

]]>
http://blogs.totaldefense.com/blogs/2013/09/20/This-girl-could-get-you-in-trouble.aspx http://blogs.totaldefense.com/blogs/2013/09/20/This-girl-could-get-you-in-trouble.aspx Fri, 20 Sep 2013 18:39:04 GMT
‘Bancos’ goes mobile A new ‘Bancos’ style threat is trying to get the login information to your bank and steal money from you.

The threat is a Trojan that currently threatens online banking users in Europe and Asia by presenting very reliable campaigns related to official organizations. The malware is luring the victims to install and run it on their computer and then gain access to their bank account .

]]>
http://blogs.totaldefense.com/blogs/2013/09/13/Bancos-goes-mobile.aspx http://blogs.totaldefense.com/blogs/2013/09/13/Bancos-goes-mobile.aspx Fri, 13 Sep 2013 13:39:21 GMT
Nigerian Scam: The next generation “I am a single American soldier, would you send me money?” - this is how a mother and daughter convinced hundreds of victims to send them money as part of a huge ‘Nigerian Scam’ style fraud.

The Nigerian Scam is one of the more common types of financial frauds. This scam is usually carried out by a payment request mail or e-mail, through various temptations.

]]>
http://blogs.totaldefense.com/blogs/2013/09/03/Nigerian-Scam-The-next-generation.aspx http://blogs.totaldefense.com/blogs/2013/09/03/Nigerian-Scam-The-next-generation.aspx Tue, 03 Sep 2013 19:39:01 GMT
A malicious app easily passed Apple’s test track It turns out that Apple’s strict security system is not entirely free of problems, after security researchers from Georgia Tech managed to load a malicious application to the App Store.

The app was loaded with multiple loopholes and was able to take over the device without the user's knowledge.

]]>
http://blogs.totaldefense.com/blogs/2013/08/28/A-malicious-app-easily-passed-Apples-test-track.aspx http://blogs.totaldefense.com/blogs/2013/08/28/A-malicious-app-easily-passed-Apples-test-track.aspx Wed, 28 Aug 2013 13:29:57 GMT
How to avoid common social network frauds Since the last blogs posted about multiple social networks frauds, I’ve been getting multiple questions so I’ve decided to publish the common fraud attack methods and how to recognize and avoid them.

The social networks are very fertile ground for cybercriminals, and sometimes it is difficult to distinguish between true stories and those who spread viruses or other scams. Here are some common scams you should avoid on the social networks:

]]>
http://blogs.totaldefense.com/blogs/2013/08/22/How-to-avoid-common-social-network-frauds.aspx http://blogs.totaldefense.com/blogs/2013/08/22/How-to-avoid-common-social-network-frauds.aspx Thu, 22 Aug 2013 14:34:15 GMT
The cyber-attacks transformation For quite some time, the cyber-attacks are not the intelligence agencies and countries sole possession. They are also used by corporations who want to know everything about their competitors.

Today, the usage is almost constant in the private sector as part of execution of transactions and have become a significant burden for companies and various organizations.

Around one-third of the companies are aware of digital attacks against them. Unfortunately for the companies, while network-based protection recorded significant progress in recent years, enterprise computers, laptops and handheld devices continue to be vulnerable to security threats that are used for hacking into the organizations.

]]>
http://blogs.totaldefense.com/blogs/2013/08/19/The-cyber-attacks-transformation.aspx http://blogs.totaldefense.com/blogs/2013/08/19/The-cyber-attacks-transformation.aspx Mon, 19 Aug 2013 13:28:35 GMT
A pornographic virus floods Facebook During the last hours, a new variant of a known pornographic virus is flooding Facebook.The virus appears in the form of a pornographic picture taken from a porno movie made in the Far East with the caption "OMG! She was forced to do this!" and an invitation to click on a link ensuring more details about the story.

]]>
http://blogs.totaldefense.com/blogs/2013/08/08/A-pornographic-virus-floods-Facebook.aspx http://blogs.totaldefense.com/blogs/2013/08/08/A-pornographic-virus-floods-Facebook.aspx Thu, 08 Aug 2013 16:08:32 GMT
Security breach: Who flushed my toilet? Last year, a Japanese hi-tech company launched one of the surprising luxury products marketed to the public - The ‘Satis’. A new several thousand dollars toilet delivered with an application controlled via smart phone devices.
However, it turns out there is a security breach, so that anyone, even with basic knowledge in smart phones, can remotely activate many of the toilet’s functions.

The toilet, currently sold for about $5,600, lets the owner warm the toilet seat, splash water, play music and flush by snapping on the smartphone’s screen. It also enables sophisticated toilet track of water and electricity quantities, and even keep a calendar with your visits to the toilet.

]]>
http://blogs.totaldefense.com/blogs/2013/08/07/Security-breach-Who-flushed-my-toilet.aspx http://blogs.totaldefense.com/blogs/2013/08/07/Security-breach-Who-flushed-my-toilet.aspx Wed, 07 Aug 2013 15:58:50 GMT
New ZeroDay: Zbot variant spreads like fire If you receive an e-mail supposedly from the ‘Bank of America’, with an alleged expenses report attached, make sure you do not open it. Delete it at once.

The subject of the e-mail states that this is a ‘”statement of expenses” report notification, with a matching message inside, tagged with the ‘Bank of America’ logo on top and a short message, which supports the header line.

]]>
http://blogs.totaldefense.com/blogs/2013/08/01/New-ZeroDay-Zbot-variant-spreads-like-fire.aspx http://blogs.totaldefense.com/blogs/2013/08/01/New-ZeroDay-Zbot-variant-spreads-like-fire.aspx Thu, 01 Aug 2013 15:47:42 GMT
Brief guide: How to prevent your site from penetrations Recent events in the security world, which were published widely in the general media, with examples such as Sony's servers paralysis or establishing a biometric database, put the data protection into a question by the general public.

I have decided to write a brief guide to help you maintain your site and data and protect it against penetrations. How to do it right, from at the organizational level to the technical level.

]]>
http://blogs.totaldefense.com/blogs/2013/07/30/Brief-guide-How-to-prevent-your-site-from-penetrations.aspx http://blogs.totaldefense.com/blogs/2013/07/30/Brief-guide-How-to-prevent-your-site-from-penetrations.aspx Tue, 30 Jul 2013 21:24:51 GMT
July 2013: 10% of home users and 0.5% of mobile users are infected As per the second quarter of 2013, 10% of home users that use wide network broadband and more than 0.5% of mobile devices connected to cellular networks are found infected with malware that allow hackers to break into the devices for industrial espionage or personal information theft, large scale of spam attacks, creating a denial of service attack (DOS) and deceptions of financial institutions.

Most of the threats that were found are associated with Spyware software, aimed at extracting information from the infected device, which poses a significant threat to business and governmental organizations that encourage the trend of BYOD (Bring Your Own Device) and allow their employees to integrate their personal mobile device in the organizational network. A large part of these threats are not recognized by most anti-viruses.

]]>
http://blogs.totaldefense.com/blogs/2013/07/30/July-2013-10-of-home-users-and-05-of-mobile-users-are-infected.aspx http://blogs.totaldefense.com/blogs/2013/07/30/July-2013-10-of-home-users-and-05-of-mobile-users-are-infected.aspx Tue, 30 Jul 2013 14:23:15 GMT
11,000 users fell into a WhatsApp scam A young Spanish hacker developed a fictive application, which offered users to spy on private messages of their WhatsApp friends. Thousands users went into the site, which required them to register their mobile number. Whoever typed the number fell into a huge fraud by automatically being assigned to an advertisements site that sends ads for a fee, which gave the young hacker around 53,000 dollars in a period of only two months.

]]>
http://blogs.totaldefense.com/blogs/2013/07/29/11000-users-fell-into-a-WhatsApp-scam.aspx http://blogs.totaldefense.com/blogs/2013/07/29/11000-users-fell-into-a-WhatsApp-scam.aspx Mon, 29 Jul 2013 09:00:24 GMT
Infection and Cleaning in Corporate Environment The corporate environment is more complicated than home one.

There are a number of file servers and many tens to thousands client computers. An antivirus is usually installed on all those machines. In most cases it detects the malware that attacks a company, however there could be cases when malware outsmarts the antivirus , then malware samples are traced and detection is improved. The system administrators need to be sure that all the environment, both servers and clients, are clean and no more malware is active. System administrators are very disturbed when multiple and repeating detections occur.

]]>
http://blogs.totaldefense.com/blogs/2013/07/23/Infection-and-Cleaning-in-Corporate-Environment.aspx http://blogs.totaldefense.com/blogs/2013/07/23/Infection-and-Cleaning-in-Corporate-Environment.aspx Tue, 23 Jul 2013 15:40:17 GMT
The ‘Holy Grail’ of hackers: SIM card security breach is threatening hundreds of millions users A significant security breach in SIM cards was revealed, allowing attackers to take control over users' phone and do whatever they please, without the user noticing.

Up until now, security breaches were discovered in certain operating systems such as Android, iOS or Windows Phone. Now , it turns out that there are security holes that are not dependent on the operating system itself.

The security hole in question is located in the encryption technology of the SIM card that allows attackers to obtain the digital key and digitally alter the components of the card itself. This security hole could affect about 750 million users and allow eavesdropping on phone calls, remote purchases or impersonating the owner of the device.

]]>
http://blogs.totaldefense.com/blogs/2013/07/22/The-Holy-Grail-of-hackers-SIM-card-security-breach-is-threatening-hundreds-of-millions-users.aspx http://blogs.totaldefense.com/blogs/2013/07/22/The-Holy-Grail-of-hackers-SIM-card-security-breach-is-threatening-hundreds-of-millions-users.aspx Mon, 22 Jul 2013 15:25:09 GMT
Introducing the internet Black hole Only a few hundred dollars and you would be the happy owner of a simple and easy hacking tools kit - Meet the Black hole.

Few months ago I wrote a series of articles about hacking kits, which described ready-made kits that allow to attack computers automatically, without the immediate experience or ability as a hacker.
These kits stood out thanks to their offensive capabilities. This time we meet the Black hole hacking kit, combining the capabilities of each prominent hacking kit in recent years, and added a number of unique capabilities.

The Black hole hacking kit beta 1.0 version was released in August 2010, based on scripts written in PHP and uses MySQL database, like most leading hacking kits. What distinguishes it from most reviews is its encryption, which is based on IonCube open source commercial encryption, which is very difficult to crack. The paying clients of those hacking kits were mainly script kiddies, but also some hackers who broke the code to use the kit’s breakthroughs combined with its ultra-strong encryption.

]]>
http://blogs.totaldefense.com/blogs/2013/07/22/Introducing-the-internet-Black-hole.aspx http://blogs.totaldefense.com/blogs/2013/07/22/Introducing-the-internet-Black-hole.aspx Mon, 22 Jul 2013 14:24:46 GMT
Chinese hackers harnessed DropBox to transfer malware Chinese intruders gang used to transfer malware in a simple manner – using DropBox and WordPress functionality.
The gang is called ‘DNSCalc’, known mainly due to its past intrusions to The New York Times servers and collection of information for months until discovered.
This time it turns out that the gang was able to install malware on computers of organizations and users by using simple cross-platform DropBox and WordPress.

]]>
http://blogs.totaldefense.com/blogs/2013/07/16/Chinese-hackers-harnessed-DropBox-to-transfer-malware.aspx http://blogs.totaldefense.com/blogs/2013/07/16/Chinese-hackers-harnessed-DropBox-to-transfer-malware.aspx Tue, 16 Jul 2013 09:11:01 GMT
An Outbreak: Backdoor Simda! Backdoor Simda is known for about 3 years. Recently a new major outbreak occurred. The new variant of the backdoor is downloaded from certain sites containing video. The frames in the video propose to download new version of Flash Player able to play a movie in newer flash format. The backdoor executable is downloaded and executed by the user and infects the computer. The URLs containing fake installer are randomly generated and look like http://www.d9k98dje89fe2f.4ku.com

]]>
http://blogs.totaldefense.com/blogs/2013/07/11/An-Outbreak-Backdoor-Simda.aspx http://blogs.totaldefense.com/blogs/2013/07/11/An-Outbreak-Backdoor-Simda.aspx Thu, 11 Jul 2013 09:18:33 GMT
LiteCoin is targeted A new Trojan Horse was discovered that threatens to steal users money from their virtual LiteCoin wallets.

If the newly created media hype around virtual currencies made you think about buying some coins such as long term savings, you may need to think again. A recently discovered malware that targets the digital currency LiteCoin and aims to steal the coins from these users’ computer.

]]>
http://blogs.totaldefense.com/blogs/2013/07/08/LiteCoin-is-targeted.aspx http://blogs.totaldefense.com/blogs/2013/07/08/LiteCoin-is-targeted.aspx Mon, 08 Jul 2013 15:21:05 GMT
Android Master Key Breach Android security breaches have become a kind of "commonplace", the openness of the operating system and security updates that arrive too late to a variety of devices from different manufacturers open the door to hackers, and malware is rapidly created. But this time, it seems that a much more serious breach is found - The "Master Key" that lets you install infected Android apps and bypass the defense mechanism of the operating system.

The found method through which hackers can change the code of each app, without breaking the cryptographic signature that verifies it, means that hackers can publish infected applications in APK files as completely legitimate Apps that bypass the authentication mechanism of Android.

]]>
http://blogs.totaldefense.com/blogs/2013/07/08/Android-Master-Key-Breach.aspx http://blogs.totaldefense.com/blogs/2013/07/08/Android-Master-Key-Breach.aspx Mon, 08 Jul 2013 11:52:13 GMT
Rootkits! Part 1 -“This is a rootkit, not a virus.”
-“So what is the difference? What is rootkit?”

Here is the first part of explanation:
Many ages ago the word “root” became famous in computer world.
UNIX administrator’s rights account (full rights with full privileges) was called “root” account.
Rootkit Malware means to gain these admin privileges by the attacker allowing him to drop or install other malicious components to affected machine, for example:
Install backdoors, record keystrokes, steal passwords and any other sensitive data by sending it to attacker, etc.

]]>
http://blogs.totaldefense.com/blogs/2013/07/03/Rootkits-Part-1.aspx http://blogs.totaldefense.com/blogs/2013/07/03/Rootkits-Part-1.aspx Wed, 03 Jul 2013 10:38:54 GMT
What really happens when you hit Like? Have you ever got a picture that promised to do something amazing if you just press Like? Have you been asked to press Like that in turn will donate a dollar to sick children? A promise of new iPhone as a gift for your Like? It’s probably a fraud.

Here is the classic example of this type of fraud - the attacker raises up an image, typically one that creates an optical illusion. The picture is attached with the following text: "The picture that leaves you surprised! Step 1: Click on the image. Step 2: Hit Like. Step 3: Type ‘1’ in the response field and watch an amazing result!". Under the picture you will see some names of your friends that also “Liked” it, so apparently it seems to be legit, and because you also want to be ‘surprised’ you press Like, add the ‘1’ response and ... nothing happens. Or so it seems.
The fact that you followed the instructions was actually distributing the image and the page in which it appears to all your friends, so that they in turn see the image, follow its instructions and... nothing happens for them as well.

]]>
http://blogs.totaldefense.com/blogs/2013/06/24/What-really-happens-when-you-hit-Like.aspx http://blogs.totaldefense.com/blogs/2013/06/24/What-really-happens-when-you-hit-Like.aspx Mon, 24 Jun 2013 09:37:51 GMT
Win32/DomaIQ - An annoying bundled adware. The Win32/DomaIQ is an adware bundled with legitimate software.
Recently discovered one was bundled with Flash Player and .NET Framework.
When installing, the bundle allows to uncheck unwanted components, but this actually has no effect. Uninstalling the DomaIQ using Windows uninstall is difficult and not always successful.

]]>
http://blogs.totaldefense.com/blogs/2013/06/19/Win32/DomaIQ-An-annoying-bundled-adware.aspx http://blogs.totaldefense.com/blogs/2013/06/19/Win32/DomaIQ-An-annoying-bundled-adware.aspx Wed, 19 Jun 2013 10:50:42 GMT
Chrome Bug: Smile, you are photographed! Three months ago, the annual CanSecWest conference was held, during which Google offered prizes to hackers discovering bugs in the Chrome browser. While the conference attendees were offered prizes worth up to a million dollars, there was a bug, that has been existed for more than two years and no one bothered to fix: Hackers can take pictures using the users’ webcam, directly through the browser and without any consent on their part. Smile, do not smile, you are photographed.

Recently, the bug was flooded again by experts, demonstrating tricks using HTML and CSS that clear the Flash layer that displays a dialog box that asks the user to approve or reject the request of the Web site to use the camera, so instead of the ‘Allow’ button it displays a ‘Play’ button. Once the user clicks on the Play, the hacker can use the user’s camera.

]]>
http://blogs.totaldefense.com/blogs/2013/06/19/Chrome-Bug-Smile-you-are-photographed.aspx http://blogs.totaldefense.com/blogs/2013/06/19/Chrome-Bug-Smile-you-are-photographed.aspx Wed, 19 Jun 2013 10:40:42 GMT
Time to disable Java from your browser? After the US CERT, an organization belong to the American government, published multiple security warnings since the beginning of the year, it’s probably a good advice to disable the functionality of Java in your browser, if you haven’t done so already.
Multiple security holes have been discovered and a fixed in the past, but it seems that the latest Java security problem came to new levels. As a result of the vulnerability breach in Java security, which can be exploited by potential attackers to run malicious code on the user’s computer, Oracle released a fix patch in lightning speed, but some companies were not waiting for the repair of Oracle. Apple for example added the latest versions of Java to its blacklist, as well as decided to remove the Java plugin from its latest browsers.

]]>
http://blogs.totaldefense.com/blogs/2013/06/17/Time-to-disable-Java-from-your-browser.aspx http://blogs.totaldefense.com/blogs/2013/06/17/Time-to-disable-Java-from-your-browser.aspx Mon, 17 Jun 2013 08:40:43 GMT
How much our network information is really safe? Almost all of us are walking around with a smartphone in our pocket, keep things on the "cloud" and charge credit cards online. The implication is clear - all our information, including our money is at risk. Most of us prefer to ignore it, but there is also another way.

Public and media storm surrounding reports that the U.S. government used its secret PRISM program designed to keep track of personal information of users around the world raises critical questions for any user and really touches us all. Beyond the ethical questions concerning this matter, the free access to servers of the major technology giants - Google, Apple, Facebook and Microsoft overwhelms the risks relating to the exposure of the personal data and raises the question of how our sensitive information is indeed truly protected.

]]>
http://blogs.totaldefense.com/blogs/2013/06/13/How-much-our-network-information-is-really-safe.aspx http://blogs.totaldefense.com/blogs/2013/06/13/How-much-our-network-information-is-really-safe.aspx Thu, 13 Jun 2013 15:33:50 GMT
How much evil can be swallowed? A new Trojan was discovered, which is well hidden in a very encrypted and complicated code, and if that's not enough, it penetrates few loopholes in the operating system and becomes impossible to remove! So what can be done?

Android users, beware! A new Trojan horse, worse than all its predecessors all together, is starting to circle around in Android device.
Although it is still not particularly common, there are already dozens of warnings, and therefore we will probably still run into it. Unfortunately.

]]>
http://blogs.totaldefense.com/blogs/2013/06/10/How-much-evil-can-be-swallowed.aspx http://blogs.totaldefense.com/blogs/2013/06/10/How-much-evil-can-be-swallowed.aspx Mon, 10 Jun 2013 14:31:21 GMT
New worm infects removable drives. Yet another worm that infects removable drives was discovered.

The Win32/SillyAutorun.FTW was recently found in the wild. The worm is written with Microsoft Visual Studio and uses injection engine - worm's code overwrites the original code in memory. When it runs on infected machine, it first
copies itself to  %ApplicationData%\E-73473-3674-74335\msnrsmsn.exe; where %ApplicationData% is application data folder of the current user, for example:

]]>
http://blogs.totaldefense.com/blogs/2013/06/04/New-worm-infects-removable-drives.aspx http://blogs.totaldefense.com/blogs/2013/06/04/New-worm-infects-removable-drives.aspx Tue, 04 Jun 2013 09:03:49 GMT
Got Charger? Do you think your iPhone is immune to all intrusions? You should think again. A group of young scientists from Georgia Tech University in the United States found that a great danger to your device may appear from a totally innocent function: The battery charger.

Sometimes you are somewhere without a charger and may ask if someone has an iPhone charger. It turns out that the moment you connect your device to the charger, it could be hacked.

]]>
http://blogs.totaldefense.com/blogs/2013/06/04/Got-Charger.aspx http://blogs.totaldefense.com/blogs/2013/06/04/Got-Charger.aspx Tue, 04 Jun 2013 08:55:32 GMT
The Woolwich Murder: Hackers vs. Extremists On Saturday, May 25th. One of the ‘Mujaheedin’ forums suddenly disappeared from the Internet. The forum called ‘Ansar Al-Mujaheedin Arabic Forum’ (AKA: AMAF) is one of the major forums supposedly related to the Al–Qaeda organization.

Shortly after the fall of the Forum, another website was also shot down, this time the site belong to Angam Hudari, known as extremist leader in England.

]]>
http://blogs.totaldefense.com/blogs/2013/05/29/The-Woolwich-Murder-Hackers-vs-Extremists.aspx http://blogs.totaldefense.com/blogs/2013/05/29/The-Woolwich-Murder-Hackers-vs-Extremists.aspx Mon, 03 Jun 2013 00:00:00 GMT
Infected Message from Skype. Recently, many Skype users received messages from unknown sender. A message, usually in Russian language, refers to some pictures and contains link to infected site or archive containing malicious executable.
The link is usually hosted at http://goo.gl. Then the malicious executable is extracted and executed, it blocks access to Skype and sends the same infected messages to users at the victim's contact list.
The worm also steals Skype password, thus it is recommended to change the password after removal of this worm.

]]>
http://blogs.totaldefense.com/blogs/2013/05/28/Infected-Message-from-Skype.aspx http://blogs.totaldefense.com/blogs/2013/05/28/Infected-Message-from-Skype.aspx Tue, 28 May 2013 09:55:28 GMT
Worm Win32/VBDoc - Evolution The first variants of Win32/VBDoc worm appeared about half year ago, and this worm has been active since. The description of Win32/VBDoc.H is available on Total Defense Labs Encyclopedia.
Many variants of this worm are known, they are released quite frequently by one or more malware writers. When older variant becomes known and detected by antiviruses, no more attempts to infect with this variant are performed, instead, new variant is released. This scenario is typical for other malware too. Because of that, a reasonable protection could be provided only by proactive detection that is able to detect future variants. 

]]>
http://blogs.totaldefense.com/blogs/2013/05/28/Worm-Win32/VBDoc-Evolution.aspx http://blogs.totaldefense.com/blogs/2013/05/28/Worm-Win32/VBDoc-Evolution.aspx Tue, 28 May 2013 09:45:48 GMT
Twitter: Password is not enough. After multiple attack waves, Twitter finally launched a secure identity verification.
The feature is based on two-steps authentication - password and code, similar to Facebook and Gmail's security, so now Twitter's management hope to reduce accounts burglary rate.

Among the attacks, a widely publicized infiltration was executed last month by Syrian hackers against the AP news agency’s Twitter account. Burglars fabricated reports about an allegedly White House attack, which caused panic and extreme price declines on Wall Street. The community discussion dragged on increasing exposure to information from social networks, its impact on securities trading and the associated risks.

]]>
http://blogs.totaldefense.com/blogs/2013/05/28/Twitter-Password-is-not-enough.aspx http://blogs.totaldefense.com/blogs/2013/05/28/Twitter-Password-is-not-enough.aspx Tue, 28 May 2013 09:32:05 GMT
Viruses Paradise: The romance between hackers and online computer games. Games, especially online games, are fertile ground for spreading viruses and malicious software. Here’s how it works and what can you do in order to protect yourself.

You could say that I was a gamer for too many years and experienced most generations of PC games since I got my first Commodore64 in 1986. Just like many others, I became a collector of 5.25” floppy disks containing free games and software. Although I've heard many were infected with viruses, it was only after couple of years when I first encountered my first virus – The ‘Ping-Pong’ virus, was circulated on a floppy disk I received from no other than my teacher at school...

]]>
http://blogs.totaldefense.com/blogs/2013/05/22/Viruses-Paradise-The-romance-between-hackers-and-online-computer-games.aspx http://blogs.totaldefense.com/blogs/2013/05/22/Viruses-Paradise-The-romance-between-hackers-and-online-computer-games.aspx Wed, 22 May 2013 10:37:41 GMT
China broke the "ceasefire" cyber war with the U.S. Multiple attacks on U.S. companies and probably also on government systems. It seems China's hacker army resumed its attacks after 3 months of silence.

The exact identity of targets hit by latest assault is not fully known, but it seems to be in many companies and government bodies that were also hit by the prior assault in February by a group called "Unit 61398" that was also attributed to theft of trade secrets, drawings of products and production plans, the results of experiments in new products and sensitive business documents of over a hundred companies and organizations during last five years.

]]>
http://blogs.totaldefense.com/blogs/2013/05/21/China-broke-the-ceasefire-cyber-war-with-the-US.aspx http://blogs.totaldefense.com/blogs/2013/05/21/China-broke-the-ceasefire-cyber-war-with-the-US.aspx Tue, 21 May 2013 13:13:57 GMT
Ragebooter: DDoS attacks sponsored by the FBI? Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Introducing : Ragebooter

Site called Ragebooter.net allows users to pay for removal of sites from the network, using DDoS attack. Unlike other existing sites that offer similar services, the Ragebooter have particularly interesting back door leading directly to the FBI.

]]>
http://blogs.totaldefense.com/blogs/2013/05/20/Ragebooter-DDoS-attacks-sponsored-by-the-FBI.aspx http://blogs.totaldefense.com/blogs/2013/05/20/Ragebooter-DDoS-attacks-sponsored-by-the-FBI.aspx Mon, 20 May 2013 09:27:40 GMT
Russian Girls Spam Recently a new kind of spam emails appeared.
The email body is always short and looks like love letter:

The moment you kissed me at my doorstep, I know I am yours forever.
With loads of hugs and kisses, Akilina.

The email body text is highly variable and therefore resistant to spam filters (except of the dating site URL). There are never any attachments, font styles and colors, modified words typical for other spam - just plain text email.

]]>
http://blogs.totaldefense.com/blogs/2013/05/20/Russian-Girls-Spam.aspx http://blogs.totaldefense.com/blogs/2013/05/20/Russian-Girls-Spam.aspx Mon, 20 May 2013 09:20:05 GMT
An alarming surge in the number of Android malware. During the first quarter of 2013 there has been a very high growth rate ever seen of new malware penetration into the market. The trend indicates a growing number of professional malware vendors that work systematically to find loopholes in the operating systems.

The number of malware activities which threaten smart phones and tablets surged in the first quarter of 2013 and climbed rapidly, with more than 90% on Android environment.

]]>
http://blogs.totaldefense.com/blogs/2013/05/20/An-alarming-surge-in-the-number-of-Android-malware.aspx http://blogs.totaldefense.com/blogs/2013/05/20/An-alarming-surge-in-the-number-of-Android-malware.aspx Mon, 20 May 2013 09:03:32 GMT
New Facebook Trojan will do Shares and Likes on your behalf. A new Trojan is infecting Facebook and distributes itself by sharing links on your behalf.

This new malware attack focuses on the users' Facebook profile. The malware is a Trojan Horse transmitted through a browser plugin, detected so far in Firefox and Chrome.

Tracking shows that the Trojan horse was first identified in Brazil, and its main activity is monitoring and testing whether the user logged into Facebook account. If the user is connected, the malware tries to get the configuration file that includes list of gestures that the Trojan could use on behalf of the user.

]]>
http://blogs.totaldefense.com/blogs/2013/05/13/New-Facebook-Trojan-will-do-Shares-and-Likes-on-your-behalf.aspx http://blogs.totaldefense.com/blogs/2013/05/13/New-Facebook-Trojan-will-do-Shares-and-Likes-on-your-behalf.aspx Mon, 13 May 2013 08:40:49 GMT
Fake email supposedly sent by Delta Airlines. If you get an e-mail from the American airline - ‘Delta’ where you are asked to confirm the purchase of a ticket you allegedly purchased using your credit card, it is quite possible that this is a cyber-attack designed to tempt you into clicking a link, which in turn will infect your computer with malware.

The malware, is a variant of the malicious Zeus, which is known for several years and aims to take over the victim's computer and steal valuable information from it.

]]>
http://blogs.totaldefense.com/blogs/2013/05/09/Fake-email-supposedly-sent-by-Delta-Airlines.aspx http://blogs.totaldefense.com/blogs/2013/05/09/Fake-email-supposedly-sent-by-Delta-Airlines.aspx Thu, 09 May 2013 08:43:03 GMT
Playing the Blame Game Whose fault is it?  New zero-day vulnerability announced and race is on for the application vendor to plug it.  Take the case with Microsoft’s recent IE8 zero-day admission (http://technet.microsoft.com/en-us/security/advisory/2847140), apparently being used by Chinese hackers to target nuclear researchers using Windows XP, sounds like something out of a Robert Ludlum novel, but its real life.  The Window of Vulnerability counter starts and the pressure is on Microsoft to come up with a fix.  Its not fair to focus on just Microsoft, or Adobe or any other of the regularly compromised software vendors, they have the issue because of their success, with so many users using their software it comes under the hackers microscope a lot more than less popular vendors.  They are working on a fix, hopefully we see it included in the next round of security updates due on the 14th of May, note it was announced on May 3rd, so at least 11 days of users being completely vulnerable, the window of vulnerability.

]]>
http://blogs.totaldefense.com/blogs/2013/05/07/Playing-the-Blame-Game.aspx http://blogs.totaldefense.com/blogs/2013/05/07/Playing-the-Blame-Game.aspx Tue, 07 May 2013 11:30:43 GMT
NewFake Anti-Virus: Secure Bit. Another imposter anti-virus software calling itself ‘Secure Bit’ is trying to fraudulently get users' money after it convinces them that their computer is infected with viruses. If the user is not cooperating with the demands, the software locks the screen.

This anti-virus software pretender combines two methods of fraud – the fake anti-virus software and a malware that supposedly locks the screen in order to make the victim pay money to unlock. After the user installs this free “anti-virus” software it immediately notifies that the security level of the computer is low and which they need to call for support to address the found “threats”. At this point, pop-ups are opened notifying the daunting number of threats found.

]]>
http://blogs.totaldefense.com/blogs/2013/05/07/NewFake-Anti-Virus-Secure-Bit.aspx http://blogs.totaldefense.com/blogs/2013/05/07/NewFake-Anti-Virus-Secure-Bit.aspx Tue, 07 May 2013 11:15:05 GMT
Smartphone as a security breach to our private lives. Today, we do almost everything with our smartphone, but on the way we forget it is a computer in every way and our personal information may be in danger.

The first mistake of the average smartphone user is the belief that these devices are safer from your home PC and in most cases they are not aware of the tremendous amount of personal and business information that is stored on their device. Using our smartphone one can find a lot of information about us. For example where we are (GPS), what we are interested in (browser history), who our friends are (Facebook), our plans (logs), our finances (bank online connection), how we work and what we work on (business emails) and sometimes other personal information stored on our personal computer (by using the synchronization between the smartphone to the computer). In the near future, even our wallet will become digital and will be replaced by the smartphone as planned today by many cellular providers around the world.

]]>
http://blogs.totaldefense.com/blogs/2013/05/07/Smartphone-as-a-security-breach-to-our-private-lives.aspx http://blogs.totaldefense.com/blogs/2013/05/07/Smartphone-as-a-security-breach-to-our-private-lives.aspx Tue, 07 May 2013 11:06:49 GMT
Zeus for Sale The veteran Trojan Horse named ‘Zeus’ , which is active since 2007 and managed to knock many enterprise networks now returns thanks to a Facebook page that was set up for it. While in the meantime the page in question has been removed  from the social network, there have been a variety of botnet updates on various security loopholes and various updates added to Zeus making it more up-to-date and dangerous.

]]>
http://blogs.totaldefense.com/blogs/2013/05/03/Zeus-for-Sale.aspx http://blogs.totaldefense.com/blogs/2013/05/03/Zeus-for-Sale.aspx Fri, 03 May 2013 08:20:08 GMT
Boston Marathon - malicious emails The things that Virus Writers are doing are always bad and unwanted. But sometimes they are even disgusting. Using very sad events such as wars or terror acts are making this difference. People spend their time to get rid of unwanted emails all the time and now Virus Writers are using Boston Marathon tragedy for their "social engineering tricks".

]]>
http://blogs.totaldefense.com/blogs/2013/04/25/Boston-Marathon-malicious-emails.aspx http://blogs.totaldefense.com/blogs/2013/04/25/Boston-Marathon-malicious-emails.aspx Thu, 25 Apr 2013 10:26:48 GMT
Mobile devices malware detection by Cross-Feature Analysis A new method for identification of mobile devices malware, which usually are not detected by the common detection methods, and uses advanced methods of machine learning.

Cellular phones security is an intensively studied area by security companies and research institutions around the world since the release of G1 devices Android based operating system in 2009.

]]>
http://blogs.totaldefense.com/blogs/2013/04/23/Mobile-devices-malware-detection-by-Cross-Feature-Analysis.aspx http://blogs.totaldefense.com/blogs/2013/04/23/Mobile-devices-malware-detection-by-Cross-Feature-Analysis.aspx Tue, 23 Apr 2013 08:36:40 GMT
New malicious spyware in Google Play New malicious spyware spreading around in Google Play, threatening millions of Android users. The good news is that you're only infected if you downloaded a funny Russian app, intended to transcribe other common applications. The bad news is it's probably popular applications since millions of users have already been infected.

The spyware received the non-surprising name ‘bad news’, and is currently detected in 32 different applications, created by four different developers. We can’t tell  exactly how many devices got infected, because Google Play is not showing exact number of downloads, but only a relatively wide ranges, so all we can say now is that between two million to nine million, not bad for relatively new spyware.

]]>
http://blogs.totaldefense.com/blogs/2013/04/22/New-malicious-spyware-in-Google-Play.aspx http://blogs.totaldefense.com/blogs/2013/04/22/New-malicious-spyware-in-Google-Play.aspx Mon, 22 Apr 2013 09:34:10 GMT
Hackers vs. Researchers: Evasion methods Innovations that appeared in cyber-crimes over the past years, proving that the ‘trickle-down’ effect, known in marketing and economics, is not just about access to products like tablet devices and space tourism. Just like in the real world, evasion techniques, once the exclusive property of the elite programmers, is flowing at an ever increasing rate and becoming public knowledge. These methods provide limited skills hackers with the same evasion techniques against researchers that until recently were the exclusive use of expert malware developers.

]]>
http://blogs.totaldefense.com/blogs/2013/04/18/Hackers-vs-Researchers-Evasion-methods.aspx http://blogs.totaldefense.com/blogs/2013/04/18/Hackers-vs-Researchers-Evasion-methods.aspx Thu, 18 Apr 2013 13:37:49 GMT
Traffic control: The man in the middle Data sent by GPS applications such as Google maps and Waze can be altered hence control navigation routes of other drivers and even cause traffic jams. That is, if hackers would be interested in it, they would be able to affect the real-time traffic in order to trick users in travelling to the busiest traffic centers, rather than to open road, or to any track or spot they desire.

Both applications allow users to navigate through the use of information obtained from their devices, along with other devices currently on the road - and analyze the real-time traffic in order to offer the ideal route. But just at this point hackers can cause damage and change the route, anonymously and without being discovered by the applications, and to persuade users to take completely different tracks than they should.

]]>
http://blogs.totaldefense.com/blogs/2013/04/17/Traffic-control-The-man-in-the-middle.aspx http://blogs.totaldefense.com/blogs/2013/04/17/Traffic-control-The-man-in-the-middle.aspx Wed, 17 Apr 2013 13:23:56 GMT
Would you like some payment advice? Sometimes, our customers (from various geographical areas) are getting fake emails from HSBC banking with such a subject.
The sender address may vary but this would be definitely spoofed email address.
And the text of the email’s body may vary, then the main purpose is to confuse the recipients.

]]>
http://blogs.totaldefense.com/blogs/2013/04/14/Would-you-like-some-payment-advice.aspx http://blogs.totaldefense.com/blogs/2013/04/14/Would-you-like-some-payment-advice.aspx Mon, 15 Apr 2013 09:34:56 GMT
WordPress Bloggers? Got an account at WordPress.com? You should replace your password.
Over the weekend an unidentified group of hackers raised a huge offensive attack against blogs that use this popular content management system. Growing number of attacks, during which hackers try to break into websites with the user name ‘Admin’ and a long chain of common passwords (Brute Force method) and using Zero-Day security holes in WordPress and various additives that are installed on the system.

Once the hackers manage to break into the site, they transplant a malicious software that allows them to remotely control the site. And what do they do with it? Very simple. Hacked site makes its a botnet server, which in turn attacks other sites using the same method.

]]>
http://blogs.totaldefense.com/blogs/2013/04/14/WordPress-Bloggers.aspx http://blogs.totaldefense.com/blogs/2013/04/14/WordPress-Bloggers.aspx Mon, 15 Apr 2013 09:25:56 GMT
PlainSploit: Control the Plane If the danger of using electronic devices on flights is not enough, what would you say about bringing down an aircraft using a simple Android?

The horror scenario, where any terrorist with Android could kill hundreds of people, not because of Android, God forbid, but because of a serious loopholes in the commercial flights security protocol and flight management software is now real.

]]>
http://blogs.totaldefense.com/blogs/2013/04/13/PlainSploit-Control-the-Plane.aspx http://blogs.totaldefense.com/blogs/2013/04/13/PlainSploit-Control-the-Plane.aspx Mon, 15 Apr 2013 09:18:17 GMT
Shodan: Unstoppable search engine If until today you were afraid from Google search engine, think again. Meet the Shodan search engine. Unlike Google that runs various scans on network sites, Shodan concentrates on "the back of the network”, and scans servers, network cameras, printers, routers and everything that is connected to the Internet.

The engine, running 24 hours a day, 7 days a week, gathers information on some 500 million devices and services connected, every single month, and possibly you are there in the search results.

]]>
http://blogs.totaldefense.com/blogs/2013/04/10/Shodan-Unstoppable-search-engine.aspx http://blogs.totaldefense.com/blogs/2013/04/10/Shodan-Unstoppable-search-engine.aspx Wed, 10 Apr 2013 13:25:42 GMT
Join my network on LinkedIn Have you ever got a “Join my network on LinkedIn” email?
Do you know how to distinguish the real from fake?

It is easy to see the differences between real email from LinkedIn and a fake one.

]]>
http://blogs.totaldefense.com/blogs/2013/04/10/Join-my-network-on-LinkedIn.aspx http://blogs.totaldefense.com/blogs/2013/04/10/Join-my-network-on-LinkedIn.aspx Wed, 10 Apr 2013 13:14:27 GMT
Happy birthday: 31 years to the computer virus Thirty-one years ago, in a suburb of Pittsburgh, Pa. , a boy in the ninth grade, Richard Skrenta decided it is not enough for him to put glue on lockers of friends or pick on some weaker kid. No, not Skrenta. He wanted to take his antics to a different level.

To understand what was the trick he invented, and how this stunt affects us today, you need to understand the times in which he lived. In 1982, just like today, people loved to exchange games. Only the computer itself was then in its infancy, the Internet was the preserve of a few university laboratories if any, and the idea of sharing "in the air" was a kind of science fiction. So what was then? There were black disks, the kind that older people may remember that they were called "floppy".

]]>
http://blogs.totaldefense.com/blogs/2013/04/10/Happy-birthday-31-years-to-the-computer-virus.aspx http://blogs.totaldefense.com/blogs/2013/04/10/Happy-birthday-31-years-to-the-computer-virus.aspx Wed, 10 Apr 2013 13:04:16 GMT
False security: Mac users are exposed. Mac users have always been (and remain) safe for the most part as they use computers with an operating system immune to hacking and viruses, and rightly so, OSX is one of the most secure operating systems available on the market. But it was the security of Mac users and their immunity to viruses that expose them to attacks via social networks, phishing sites, and cross platform software like Java and Adobe Flash.

The simple fact repeats like a mantra in recent years that some viruses go out for a particular operating system depends on its popularity and nothing else. Economic viability in developing virus is the main cause that affects the amount of viruses coming out for an operating system. There is no bulletproof system.

]]>
http://blogs.totaldefense.com/blogs/2013/04/09/False-security-Mac-users-are-exposed.aspx http://blogs.totaldefense.com/blogs/2013/04/09/False-security-Mac-users-are-exposed.aspx Tue, 09 Apr 2013 13:06:01 GMT
Win32/Gys.A Trojan I got an email with the subject - "Your private photos are there for anyone to see. why??"
The e-mail message was - "Sorry to disturb you. Someone sent me thee pictures they seem to be from you and your boyfriend I'm really troubled by this why do you send your private naked photos around?? this is beyound my understanding. It's in attachment".

]]>
http://blogs.totaldefense.com/blogs/2013/04/08/Win32/GysA-Trojan.aspx http://blogs.totaldefense.com/blogs/2013/04/08/Win32/GysA-Trojan.aspx Mon, 08 Apr 2013 13:12:22 GMT
Got BitCoin? New malware spreading on the Skype network trying to use your computer to harvest BitCoins. It looks like victims from European countries: Italy, Russia, Poland, Spain, Germany and the Ukraine as well as Costa Rica have suffered a rapid spread of malware .

After the download, the computer starts to harvest BitCoins using its processing power, which increases the level of CPU usage significantly and makes the computer very slow. After mining, the BitCoin money is transferred directly to the malware developers and allows them to make money online by selling the currency.

]]>
http://blogs.totaldefense.com/blogs/2013/04/08/Got-BitCoin.aspx http://blogs.totaldefense.com/blogs/2013/04/08/Got-BitCoin.aspx Mon, 08 Apr 2013 13:03:45 GMT
Facebook virus: Distribution brings the solution A Facebook attack started yesterday evening spread throughout the world. Still not clear what was its goal, but it's probably another attempt to create a computer network attack for a wider future assault. Reason for optimism: The high explosive might of the virus will eventually bring the solution.

A likely scenario is possible for the virus circulated last tonight in Facebook is an attempt to create a Botnet, i.e. a network or an army of computers that can be remotely activated to attack or disable other sites. For example, if a hacker wants to disable a large site and paralyze it, he only needs to send an order to all infected computers which in turn each sends a request or multiple requestes to the site and eventually create a congestion.

]]>
http://blogs.totaldefense.com/blogs/2013/04/04/Facebook-virus-Distribution-brings-the-solution.aspx http://blogs.totaldefense.com/blogs/2013/04/04/Facebook-virus-Distribution-brings-the-solution.aspx Thu, 04 Apr 2013 16:40:51 GMT
'Red October' For the last couple of months we have encouneterd multiple attacks coming in from a new cyber-spying group, which calls itself Rocra, AKA 'Red October'.

The findings are a bit worrisome, as evidence that this is a group that works for at least five years behind the scenes and without the knowledge of security companies, during which time they collected massive amounts of classified information from high-profile targets in the United States, Eastern Europe, Central Asia and the rest of the world. It is still unknown exactly what was done with this information

]]>
http://blogs.totaldefense.com/blogs/2013/04/02/Red-October.aspx http://blogs.totaldefense.com/blogs/2013/04/02/Red-October.aspx Tue, 02 Apr 2013 15:42:49 GMT
The largest cyber-attack in history You may not feel it, but during the recent hours the largest cyber-attack in history is occurring.
Multiple DDOS type attacks take place between two of the largest European network organizations and so much traffic is going around that it causes a huge load on the global World Wide Web.

]]>
http://blogs.totaldefense.com/blogs/2013/03/28/The-largest-cyber-attack-in-history.aspx http://blogs.totaldefense.com/blogs/2013/03/28/The-largest-cyber-attack-in-history.aspx Thu, 28 Mar 2013 10:14:14 GMT
Theola! Please note that recently we have discovered a malicious plugin for Google Chrome browser that monitors the activity of the user.
Total Defense Labs has identified this new fraud activity in the Netherlands, Norway, Italy, Denmark, Czech Republic and Israel.

]]>
http://blogs.totaldefense.com/blogs/2013/03/27/Theola.aspx http://blogs.totaldefense.com/blogs/2013/03/27/Theola.aspx Wed, 27 Mar 2013 18:31:22 GMT
Japan get ready - Zeus is coming! Zeus, called after the Greek deity, now establishing new point of interest: Japan Internet banking Consumers

Zeus along with other financial Trojans are already a huge headache to internet banking consumers around the globe for a long time.
Specific nations for instance the japanese have escaped assaults from financial Trojans, possibly as a result of language barrier and perhaps other unfamiliar cause.
Since the national law enforcement organization of Japan has reported repeatedly, Japanese internet banking consumers began to become victims for this form of assault.

]]>
http://blogs.totaldefense.com/blogs/2013/02/13/Japan-get-ready-Zeus-is-coming.aspx http://blogs.totaldefense.com/blogs/2013/02/13/Japan-get-ready-Zeus-is-coming.aspx Wed, 13 Feb 2013 13:21:04 GMT
USB Autorun Attack New malware emerged recently attacking Android and Windows platforms.
Main capabilities: Steals information and downloads files
File size: 330,984 bytes
File type: APK

This malware comes up being a system solution that assists with accelerating your system. Right after set up, it displays an image launcher.
After the harmful application is launched, the user will discover its homescreen.
The application offers a number of different “clean options” for the user to select, however they really practically do nothing at all other than display an activity bar.

]]>
http://blogs.totaldefense.com/blogs/2013/02/13/USB-Autorun-Attack.aspx http://blogs.totaldefense.com/blogs/2013/02/13/USB-Autorun-Attack.aspx Wed, 13 Feb 2013 13:09:15 GMT
CVE-2013-0422 Another Java zero-day exploit discovered by Total Defense Labs recently.
The authors, known for their previous exploit kits "Nuclear Pack" and "Black Hole", stated about this new zero-day, aka CVE-2013-0422.

]]>
http://blogs.totaldefense.com/blogs/2013/01/23/CVE-2013-0422.aspx http://blogs.totaldefense.com/blogs/2013/01/23/CVE-2013-0422.aspx Wed, 23 Jan 2013 17:30:09 GMT
Ransomware

Ransomware Trojan horse is hitting over again, prevents you from accessing your computer. The latest one discovered lately covers the entire desktop with a message that appears to be from the local authorities, which asks for a fine payment in order to unlock your system. This threat identifies your country by your IP and display relevant image in your language and the relevant authority logo.

]]>
http://blogs.totaldefense.com/blogs/2012/12/13/Ransomware.aspx http://blogs.totaldefense.com/blogs/2012/12/13/Ransomware.aspx Thu, 13 Dec 2012 17:38:52 GMT
Win32/SillyAutorun We still encounter customers getting infected by Win32/SillyAutorun worm. This worm exploits Microsoft's 'Link' and 'Autorun' files automatic execution and spreads through mapped, removable and file-sharing applications.

It connects to a remote site and downloads additional components to the compromised computer, then it creates multiple additional 'Link' files to further spread into other systems, installs file-sharing application and copy itself to the application's shared folder.

]]>
http://blogs.totaldefense.com/blogs/2012/11/28/Win32/SillyAutorun.aspx http://blogs.totaldefense.com/blogs/2012/11/28/Win32/SillyAutorun.aspx Wed, 05 Dec 2012 15:29:29 GMT
'Tis the Season

The holiday season is quickly approaching. Research data taken over last few years shows this period of time to have the largest spike in malware infections. The "bad guys" know that lots of people will search the internet for good deals and the hottest holiday items. They take advantage of this by populating the internet with phony web sites and links that trick folks into downloading malwares like fake antivirus software, ransomwares, bots, etc

]]>
http://blogs.totaldefense.com/blogs/2012/11/20/expect-an-increase-in-malware-this-holiday.aspx http://blogs.totaldefense.com/blogs/2012/11/20/expect-an-increase-in-malware-this-holiday.aspx Tue, 20 Nov 2012 00:00:00 GMT
Your computer has been locked!

Today hackers run malware-spreading campaigns that distribute and promote virus messages claiming to be from the Federal Bureau of Investigation. An example of such malware is the FBI Greendot Moneypak Virus. The message says "Your computer has been locked!" and the malware program is actually locking the system. The hacker wants to hide the actual plans and disguise the malware as a warning allegedly coming from the FBI, the US Department of Justice. A ransom message is written on the screen that instructs users how to transfer funds in favor of the government, which eventually lands in ininto the pocket of the hacker. Users should be wise enough to understand that this is a malware infection and not a real FBI warning.

]]>
http://blogs.totaldefense.com/blogs/2012/11/20/Your-computer-has-been-locked.aspx http://blogs.totaldefense.com/blogs/2012/11/20/Your-computer-has-been-locked.aspx Tue, 20 Nov 2012 00:00:00 GMT
Fake Antivirus: Win 8 Security System Microsoft is planning to release Windows 8 towards October end and malware authors already started with their development of Win8 Rogue Antivirus called Win8 Security System.
Win8 Security system is of Rogue Braviax family. What makes it special is the fact that its removal is extremely difficult. Win8 Security system drops a rootkit of Nercus family into drivers folder and run as a service which hides the presence of the rogue program files and processes from Windows making it more difficult for Security products to detect its files and remove them.

]]>
http://blogs.totaldefense.com/blogs/2012/09/24/Fake-Antivirus-Win-8-Security-System.aspx http://blogs.totaldefense.com/blogs/2012/09/24/Fake-Antivirus-Win-8-Security-System.aspx Mon, 24 Sep 2012 10:45:57 GMT
Zero-Day Exploit Attack [Microsoft Security Advisory 2757760]

Another exploit based on MS Security Advisory 2757760 is being used to actively install malware on vulnerable Internet Explorer versions 6 through 9.

Basically all Windows versions up-to Windows 7 are affected. Windows 8 is safe.

The exploit is based on memory corruption that allows an attacker to execute arbitrary code within Internet Explorer memory space.

Up until now we know of one Trojan known as "Poison Ivy" that uses this exploit to install itself on a vulnerable system.

Total Defense Security Suite detects and remove this Trojan as well as the scripts components it uses to exploit this vulnerability.

]]>
http://blogs.totaldefense.com/2012/09/18/Zero-Day-Exploit-Attack-Microsoft-Security-Advisory-2757760.aspx http://blogs.totaldefense.com/2012/09/18/Zero-Day-Exploit-Attack-Microsoft-Security-Advisory-2757760.aspx Tue, 18 Sep 2012 22:20:49 GMT
Rising trend of using professional obfuscations for protecting Java samples Usage of commercial grade software protectors/cryptors/obfuscators is a very common trend in desktop malware landscape. They are mainly used to make the analyst’s life tough by adding extra layers of protection.  Similarly, there have been quite a few open source obfuscators and professional obfuscators used in the malware families implemented in Java as well for a long time.

While processing the sample collections of the past month, we have seen increase in the number of samples that shows spaghetti structure which was quite similar to the once seen in samples obfuscated using a commercial obfuscator called “Allatori.”  Indeed the obfuscation is quite powerful, much more so than the normal obfuscated samples we generally see in the collections. This is not the first time we have seen the Java samples being obfuscated using Allatori. However what makes it interesting is that we see a stark rise in the trend as more and more new variants are obfuscated using this method. This gives an impression that the Malware authors are becoming very serious about obfuscating the plain byte code.  A likely response to the fact that generally the vanilla Java byte code decompilation is a straight forward task.

]]>
http://blogs.totaldefense.com/blogs/2012/07/13/Rising-trend-of-using-professional-obfuscations-for-protecting-Java-samples.aspx http://blogs.totaldefense.com/blogs/2012/07/13/Rising-trend-of-using-professional-obfuscations-for-protecting-Java-samples.aspx Thu, 12 Jul 2012 00:00:00 GMT
DNSChanger FAQ - FBI to turn off rogue DNS servers The FBI will turn off the rogue DNS servers on Monday July 9th, 2012.  Please review the following FAQ to better understand this threat.

What is DNSChanger?

DNSChanger, also known as Alureon, is a high profile piece of Malware that modifies the DNS settings on the victim PC to divert Internet traffic to malicious web sites. The Malware also acts as a robot or “Bot” for short and can be organized into a BotNet and controlled from a remote location. DNSChanger has received significant attention due to the large number of affected systems worldwide and the fact that as part of the BotNet takedown the FBI took ownership of the rogue DNS servers to ensure those affected did not immediately lose the ability to resolve DNS names. On July 9th the FBI will turn off the rogue DNS servers and DNS resolution will effectively stop for any system still infected with DNSChanger.

]]>
http://blogs.totaldefense.com/blogs/2012/07/06/DNSChanger-FAQ-FBI-to-turn-off-rogue-DNS-servers.aspx http://blogs.totaldefense.com/blogs/2012/07/06/DNSChanger-FAQ-FBI-to-turn-off-rogue-DNS-servers.aspx Fri, 06 Jul 2012 20:26:52 GMT
Dissecting Fake Youtube Plugin which scams Facebook users Introduction

We have been coming across many facebook scams. This sample which is taken from one of such scams has an interesting feature in it. It checks for the location of affected victim, and based on the country where the victim is located, additional scripts are injected. The victim is redirected to many other sites that uses Facebook API, post scam on Victim's friends' pages and additional malicious files could be downloaded to the user machine.

Infection Vector

The user is tricked to click scam page attached on his friend ‘s page or in public posts page of Facebook. The scams hold luring pictures and words like "Hey See This Now " etc. Once the user clicks this link, he will be redirected to a link where he is asked to download a plugin to watch the video. This link checks whether the user is using Chrome or Firefox and then installs the malicious plugin as the missing plugin to watch the video.

]]>
http://blogs.totaldefense.com/blogs/2012/06/15/Dissecting-Fake-Youtube-Plugin-which-scams-Facebook-users.aspx http://blogs.totaldefense.com/blogs/2012/06/15/Dissecting-Fake-Youtube-Plugin-which-scams-Facebook-users.aspx Fri, 15 Jun 2012 10:53:53 GMT
DNSChanger FAQ What is DNSChanger?

DNSChanger, also known as Alureon, is a high profile piece of Malware that modifies the DNS settings on the victim PC to divert Internet traffic to malicious web sites. The Malware also acts as a robot or “Bot” for short and can be organized into a BotNet and controlled from a remote location. DNSChanger has received significant attention due to the large number of affected systems worldwide and the fact that as part of the BotNet takedown the FBI took ownership of the rogue DNS servers to ensure those affected did not immediately lose the ability to resolve DNS names. On July 9th the FBI will turn off the rogue DNS servers and DNS resolution will effectively stop for any system still infected with DNSChanger.

]]>
http://blogs.totaldefense.com/blogs/2012/05/30/DNSChanger-FAQ.aspx http://blogs.totaldefense.com/blogs/2012/05/30/DNSChanger-FAQ.aspx Wed, 30 May 2012 14:42:37 GMT
Hoax Lottery emails from Mark Zuckerberg

Scam lotteries have been a frequent issue in the past and they continue to exist following the media trend.
Total Defense Intelligence Service (Research ISI Team) today caught an interesting email pretending to come from Facebook’s CEO Mark Zuckerberg.

The email clearly informs of a fake lottery win, getting the user to contact a Mr. Douglas Price as a fiduciary agent who will handle the award.

 

 

]]>
http://blogs.totaldefense.com/blogs/2012/05/02/Hoax-Lottery-emails-from-Mark-Zuckerberg.aspx http://blogs.totaldefense.com/blogs/2012/05/02/Hoax-Lottery-emails-from-Mark-Zuckerberg.aspx Wed, 02 May 2012 12:38:27 GMT
Ransomware exploits Microsoft Windows Update Center Service Our first indicators of ransomware were trojanised emails masquerading as police warnings against end users. (Ransomware Exploits the Italian Police) and now  it seems to have evolved into leveraging a Fake Windows Update system.
It is the  result of an aggressive campaign originating in Germany where users receive emails similar to the following:

]]>
http://blogs.totaldefense.com/blogs/2012/04/27/Ransomware-exploits-Microsoft-Windows-Update-Center-Service.aspx http://blogs.totaldefense.com/blogs/2012/04/27/Ransomware-exploits-Microsoft-Windows-Update-Center-Service.aspx Fri, 27 Apr 2012 14:03:16 GMT
Beware of False E-Commerce Websites It is a very common habit of internet users to download the videos or unknown software from the reputed video sharing websites. There is nothing un-common in doing so, but there could be a chances of luring the users in the form of presenting advertisements to the types of interesting draw contests of false websites which in turn loss of money if attempted to purchase.

I have come across the similar scenario when I have downloaded the video.

]]>
http://blogs.totaldefense.com/blogs/2012/04/27/Beware-of-False-E-Commerce-Websites.aspx http://blogs.totaldefense.com/blogs/2012/04/27/Beware-of-False-E-Commerce-Websites.aspx Fri, 27 Apr 2012 10:49:19 GMT
Digital Resurrections - malicious links piggybacking on trending videos News trending on most major, and a few tech websites, is the re-animated emergence of a digital avatar resembling a long deceased musician.
2Pac videos have gone viral, and as expected it’s almost too good an opportunity for the malware guys to pass up.

It must be mentioned that the video format itself is not immune to embedded malicious links, but this time, the links are far more obvious.
In fact, the links are in plain sight. Almost “Helpful” and benign looking... if only they were!
See screen grab.

]]>
http://blogs.totaldefense.com/blogs/2012/04/20/Digital-Resurrections-malicious-links-piggybacking-on-trending-videos.aspx http://blogs.totaldefense.com/blogs/2012/04/20/Digital-Resurrections-malicious-links-piggybacking-on-trending-videos.aspx Fri, 20 Apr 2012 11:56:09 GMT
OSX/SabPub - New Backdoor Malware Threat for Mac OS X Another new malware has been discovered that exploits the CVE-2012-0507 Java Vulnerability, the same vulnerability that OSX/Flashback used. The latest variant of this threat have been found using the same exploit that OSX/MS09-027!exploit used.

This new malware is taking advantage of an old vulnerability in Microsoft Word (MS09-027). This vulnerability has been already patched since 2009, which could allow remote code execution if a user opens a specially crafted Word file. This malware is detected as OSX/SabPub.A.

Once executed, OSX/SabPub.A, the decoy Word file will be executed, it will cause distraction to the user to hide its malicious activity in the background.

]]>
http://blogs.totaldefense.com/blogs/2012/04/18/OSX/SabPub-New-Backdoor-Malware-Threat-for-Mac-OS-X.aspx http://blogs.totaldefense.com/blogs/2012/04/18/OSX/SabPub-New-Backdoor-Malware-Threat-for-Mac-OS-X.aspx Wed, 18 Apr 2012 11:19:30 GMT
Fraud Wiki Repair Guide Nowadays, there are a lot of Wiki pages on the internet that contains useful information on a wide range of topic that usually a community of people populate.  But not all information that can be found can be trusted.  One particular example is the Wiki that distributes the Fraud “PCCleaner Pro 2012”.

Upon accessing the main page, it shows a lot of common error that people may encounter in a typical windows machine and in its “Repair Guide” links, it will always ask the user to download the file “PC_Cleaner_Pro.exe” which TotalDefense products detects as Win32/FraudPCCleanerPro.A.

]]>
http://blogs.totaldefense.com/blogs/2012/04/17/Fraud-Wiki-Repair-Guide.aspx http://blogs.totaldefense.com/blogs/2012/04/17/Fraud-Wiki-Repair-Guide.aspx Tue, 17 Apr 2012 14:50:30 GMT
Malware Targeting Windows and MAC OSX Malware is getting more and more sophisticated as the days goes by. Windows platform is the usual target for infection of malware authors but this time they add one more target platform, Mac OSX.

Recently, another Tibetan-themed malware has been discovered which takes advantage of a patched Java Vulnerability (CVE-2011-3544).

When a user unknowingly visits malicious website, the attack will start by a script loading the malicious Java applet exploiting (CVE-2011-3544) then it will determine the malicious payload depending on what Operating System the user is using. Using the new variant samples, as you can see in Figure 1, if your OS is Windows the file “img.jar” will be executed and if your OS is Mac OSX the file “ref.jar” will be executed.

]]>
http://blogs.totaldefense.com/blogs/2012/04/12/Malware-Targeting-Windows-and-MAC-OSX.aspx http://blogs.totaldefense.com/blogs/2012/04/12/Malware-Targeting-Windows-and-MAC-OSX.aspx Thu, 12 Apr 2012 13:45:45 GMT
Mac OS X Threat Flashback is Back! OSX/Imuler is not the only Mac OS X threat that has resurfaced this year. OSX/Flashback has been making its rounds again.

As you can remember, OSX/Flashback has appeared last year and disguised as Adobe Flash Player Installer. The previous variants connects to remote host to download its component files and installing backdoor that injects to web browsers and other applications in order to steal sensitive user information.

This time the malware author of OSX/Flashback has another trick up its sleeves. A new variant of OSX/Flashback has been discovered and it takes advantages of Java Vulnerabilities namely (CVE-2008-5353, CVE-2011-3544 and CVE-2012-0507). This new variant doesn’t need user interaction in order to infect the system successfully not like its old variants where it needs the user to input the administrator password.

When a user unknowingly visits malicious website, the attack will start by a script loading the malicious Java applet. If the Java in that system is enabled and vulnerable, then the infection will be successful.

Upon execution of the malicious Java applets, it drops a file as “~/.jupdate” in User’s Home folder. It then creates “com.java.update.plist” in the ~/Library/LaunchAgents/, to ensure that the dropped file will be active on the system.

OSX/Flashback botnet has more than 550,000 infected machines according to reports.

]]>
http://blogs.totaldefense.com/blogs/2012/04/12/Mac-OS-X-Threat-Flashback-is-Back.aspx http://blogs.totaldefense.com/blogs/2012/04/12/Mac-OS-X-Threat-Flashback-is-Back.aspx Thu, 12 Apr 2012 13:09:38 GMT
Mac OS X Threat Masquerading as Image Files Last year, a variant of OSX/Imuler has been discovered and masquerades as an innocent PDF Document.

Recently, a new variant of OSX/Imuler has been discovered and masquerading as image files of the popular Russian model Irina Shayk. The malicious application is placed inside a ZIP archive together with other various image files taken from the FHM magazine.

By default, MAC OS X doesn’t display file extensions. As you can see in the image below, the icon with the highlight is the malicious application but to the naked eye it seems that all these files are just image files.

]]>
http://blogs.totaldefense.com/blogs/2012/04/11/Mac-OS-X-Threat-Masquerading-as-Image-Files.aspx http://blogs.totaldefense.com/blogs/2012/04/11/Mac-OS-X-Threat-Masquerading-as-Image-Files.aspx Wed, 11 Apr 2012 17:30:47 GMT
MS09-027 Target: Mac OSX & Tibetan NGOs

Lately, the number of malware targeting Mac OSX has been rising. A new malware that exploits an old vulnerability has been found.

A new malware is taking advantage of an old vulnerability in Microsoft Word (MS09-027). This vulnerability has been already patched since 2009, which could allow remote code execution if a user opens a specially crafted Word file. This malware is detected as OSX/MS09-027!exploit.

Once executed, OSX/MS09-027!exploit, will drop the following files:

•    /tmp/launch-hs
•    /tmp/launch-hse
•    /tmp/file.doc

The file launch-hs are a script that executes the file launch-hse and file.doc. Once the file.doc has been executed, it will cause distraction to the user to hide its malicious activity in the background.

]]>
http://blogs.totaldefense.com/blogs/2012/04/11/MS09-027-Target-Mac-OSX-and-Tibetan-NGOs.aspx http://blogs.totaldefense.com/blogs/2012/04/11/MS09-027-Target-Mac-OSX-and-Tibetan-NGOs.aspx Wed, 11 Apr 2012 16:42:21 GMT
Family Ties Between Android Malware While sorting the recent mobile malware collections, I stumbled on a sample which was submitted today. The sample has neither any new break-through payload nor any advanced functionality. However, what makes this interesting is the fact that it has included features seen in couple of different malware families.

So, What does it do?

It is a typical SMS Trojan that sends SMS to premium message centres. In the process, it makes sure that the messages are sent only once during the first time the code is run. This feature is taken from the very old “FakePlayer” family.

]]>
http://blogs.totaldefense.com/blogs/2012/03/30/Family-Ties-Between-Android-Malware.aspx http://blogs.totaldefense.com/blogs/2012/03/30/Family-Ties-Between-Android-Malware.aspx Fri, 30 Mar 2012 13:55:44 GMT
Rogue Security Software keeps on hitting Internet users

We thought the rogue security software trend went down this year, but in truth we are witnessing two new reported incidents by users and customers of rogues.

According to data obtained, in only one month of monitoring the process of Winwebsec we have seen an impressive number of reported incidents which, in terms of numbers, translates into almost 7,000 issues.

]]>
http://blogs.totaldefense.com/blogs/2012/03/28/Rogue-Security-Software-keeps-on-hitting-Internet-users.aspx http://blogs.totaldefense.com/blogs/2012/03/28/Rogue-Security-Software-keeps-on-hitting-Internet-users.aspx Wed, 28 Mar 2012 16:39:03 GMT
Android Malware adopts reflections In our earlier blogs, we have highlighted how Android Malware authors are quickly adopting various tricks from the age-old and vast pool of desktop Malware tricks. In this blogpost, we will talk about one such trick which is an adoption from desktop malware.

While processing a recent bunch of malware collections, we have noticed heavy use of reflections  in quite a few Android samples. It is important to note that the usage of reflections by malware is not new. It has been practiced by traditional desktop threats created in Java for a long time now and even we have seen the usage of it in some of the android variants sporadically since last year. Now, it is interesting to see this trend adopted in full fledged manner by the new variants in bulk numbers.

]]>
http://blogs.totaldefense.com/blogs/2012/03/12/Android-Malware-adopts-reflections.aspx http://blogs.totaldefense.com/blogs/2012/03/12/Android-Malware-adopts-reflections.aspx Mon, 12 Mar 2012 09:54:41 GMT
Tax refund spams are back

It's that time of the year when people in some parts of the world are filing their tax returns, and what better time for cyber crooks to trick them into falling prey for phishing attacks via emails. India has been reported in recent malware threat reports as one of the regions with high spam activity and this blog will briefly discuss a very convincing social engineering spam I ran into recently.
I received an email in one of my email inboxes which seemed to promise me a refund of 34,000 Indian Rupees, provided I submit a request through a URL on the email [see Figure 1]. This email immediately aroused my suspicion, as I have been abroad for more than a year now and was not expecting such an email. The content of the email also seemed fairly convincing from an ordinary net user's perspective. Sure enough, the URL was parked on a German subdomain hosted on a free hosting website. Well I am fairly certain that the Income Tax Department of India would not be hosted on a .de domain.

]]>
http://blogs.totaldefense.com/blogs/security-advisor/2012/03/07/Tax-refund-spams-are-back.aspx http://blogs.totaldefense.com/blogs/security-advisor/2012/03/07/Tax-refund-spams-are-back.aspx Wed, 07 Mar 2012 00:00:00 GMT
Android Social Engineering Threats in the Spotlight In all of our earlier blogs about the Android threats, we have highlighted the fact that user awareness is one of the most important factors to fight against the social engineering threats.

Yesterday, a familiar Android threat was making news powered by a sound social engineering trick.  This blog looks at the differences/similarities of the different variants of this particular bunch of variants.

Though the variants exhibit the same behavior claiming that the “application” is an installer for famous applications, different variants use different brands such as Opera browser, Jimm, and Skype. However in the process,  they actually send messages  to the message centers obtained by decrypting the config file. After sending the SMS messages, the user may or may not be redirected to the download link of the orignial application.

]]>
http://blogs.totaldefense.com/blogs/security-advisor/2012/02/27/Android-Social-Engineering-Threats-in-the-Spotlight.aspx http://blogs.totaldefense.com/blogs/security-advisor/2012/02/27/Android-Social-Engineering-Threats-in-the-Spotlight.aspx Mon, 27 Feb 2012 11:08:45 GMT
FTC investigating privacy disclosure practices of popular mobile apps In a staff report released yesterday the FTC investigates the level to which App vendors are disclosing the types of data they collect on children and how that information is used.  The report is worth a good review as it highlights the general lack of notice provided to parents in the majority of Apps reviewed.  A total of 960 Apps specifically targeting children were reviewed with the total volume split evenly between Apple iOS and the Android platforms.  

Although none of the Apps were functionally tested to empirically measure the privacy impact, it's still great to see the FTC continuing their focus on our children.  This report stands in firm support of the COPPA legislation and furthers the dialog necessary to better protect children online.

]]>
http://blogs.totaldefense.com/2012/02/17/FTC-investigating-privacy-disclosure-practices-of-popular-mobile-apps.aspx http://blogs.totaldefense.com/2012/02/17/FTC-investigating-privacy-disclosure-practices-of-popular-mobile-apps.aspx Fri, 17 Feb 2012 20:12:02 GMT
Password Best Practices Often the disclosure of a password is no fault of our own but rather the result of a website or application compromise. Use these tips to develop a password management strategy that will dramatically decrease your overall risk if any one of your passwords is compromised. Hopefully the next time you have to create a strong password it won't take nearly as long to think up something secure.

]]>
http://blogs.totaldefense.com/blogs/security-advisor/2012/01/24/Password-Best-Practices.aspx http://blogs.totaldefense.com/blogs/security-advisor/2012/01/24/Password-Best-Practices.aspx Tue, 24 Jan 2012 18:17:51 GMT
Ransomware Exploits the Italian Police Today, Total Defense Research Team was informed of new ransomware circulating among Italian users pretending to be an official statement by the Italian Police. This malware is spread by drive-by-download through websites compromised with malicious JavaScript code.

]]>
http://blogs.totaldefense.com/blogs/security-advisor/2011/12/19/Ransomware-Exploits-the-Italian-Police.aspx http://blogs.totaldefense.com/blogs/security-advisor/2011/12/19/Ransomware-Exploits-the-Italian-Police.aspx Mon, 19 Dec 2011 23:12:31 GMT
Detailed analysis of malware sample removed from android market

Earlier yesterday, a few SMS Trojans were found in Android Market and subsequently removed from the market place. In this blog post, we will be demonstrating some of the interesting behaviours uncovered through dynamic analysis.

]]>
http://blogs.totaldefense.com/blogs/security-advisor/2011/12/13/Detailed-analysis-of-malware-sample-removed-from-android-market.aspx http://blogs.totaldefense.com/blogs/security-advisor/2011/12/13/Detailed-analysis-of-malware-sample-removed-from-android-market.aspx Tue, 13 Dec 2011 00:00:00 GMT
The woes of a Physical Security breach

This blog is written to emphasize the importance of physical security in this current day and age. I myself am a victim to a recent physical security breach that happened with Lucky Superstores in the United States, which has resulted in the theft of debit card details of many of its customers. It has been confirmed that more than 20 stores are affected through the 500 or more self-checkout stations which were compromised to aid in this physical security based attack.

 

]]>
http://blogs.totaldefense.com/securityblog/2011/12/09/The-woes-of-a-Physical-Security-breach.aspx http://blogs.totaldefense.com/securityblog/2011/12/09/The-woes-of-a-Physical-Security-breach.aspx Fri, 09 Dec 2011 00:00:00 GMT
New Zero-Day Attack in Adobe Products (CVE-2011-2462)

Recently, Adobe has released a new security advisory, APSA11-04, alerting users about a critical vulnerability in Adobe Reader and Acrobat.

The U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. This means that the malicious files could be downloaded or dropped on the affected system.

Adobe is in the process of finalizing a fix for the issue and expects to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows no later than the week of December 12, 2011. Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, Adobe is currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012. Adobe is planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update scheduled for January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012.

]]>
http://blogs.totaldefense.com/securityblog/2011/12/08/New-Zero-Day-Attack-in-Adobe-Products-CVE-2011-2462.aspx http://blogs.totaldefense.com/securityblog/2011/12/08/New-Zero-Day-Attack-in-Adobe-Products-CVE-2011-2462.aspx Thu, 08 Dec 2011 00:00:00 GMT
‘Duqu’ 0-day exploit gets a temporary fix

Not long ago, the malware called Stuxnet made its foray into the world of Internet capturing people's attention. This was the first malware of its kind which embodied payload that impacted not only software running on infected machines but also affected attached Industrial processes. This malware's impact was very unique, targeted and revolutionary in nature. In September 2011, a new malware called 'Duqu' was discovered which appeared to be identical to Stuxnet and has been deemed as a precursor to the Stuxnet worm.

]]>
http://blogs.totaldefense.com/blogs/security-advisor/2011/11/08/Duqu_0-day_exploit_gets_a_temporary_fix.aspx http://blogs.totaldefense.com/blogs/security-advisor/2011/11/08/Duqu_0-day_exploit_gets_a_temporary_fix.aspx Tue, 08 Nov 2011 00:00:00 GMT
Analysis of an Android Malware family doing multi impersonations

Last week, we have blogged about an Android malware that was impersonating as a popular browser (http://totaldefense.com/securityblog/2011/09/23/The-SMSer-Trojan-Returns-as-Fake-Browser-Again.aspx).

This time we present the analysis of another interesting Android malware to highlight its noteworthy features that users need to be aware of.
This sample shows how easily such kind of impersonating malware is being created to impersonate many popular messengers and chat clients.

]]>
http://blogs.totaldefense.com/blogs/security-advisor/2011/10/03/Analysis-of-an-Android-Malware-familydoing-multi-impersonations.aspx http://blogs.totaldefense.com/blogs/security-advisor/2011/10/03/Analysis-of-an-Android-Malware-familydoing-multi-impersonations.aspx Mon, 03 Oct 2011 00:00:00 GMT
Mac OS X Threat Disguises as Adobe Flash Player Installer

Another new Mac OS X Threat has been discovered and disguises as Adobe Flash Player Installer. Like other malware, it also uses social engineering tricks to lure users to download the malware.

Once the user unknowingly visited a malicious website to watch a video, it will prompt the user that the Adobe Flash plugin has crashed

]]>
http://blogs.totaldefense.com/securityblog/2011/09/28/Mac-OS-X-Threat-Disguises-as-Adobe-Flash-Player-Installer.aspx http://blogs.totaldefense.com/securityblog/2011/09/28/Mac-OS-X-Threat-Disguises-as-Adobe-Flash-Player-Installer.aspx Wed, 28 Sep 2011 00:00:00 GMT
Mac OS X Threat Masquerading as a PDF Document

A new Mac OS X Threat has been discovered masquerading as an innocent PDF document with a controversial topic. It is implementing one of the techniques used by windows malware to hide its malicious activity.

When the Mac malware is executed, it attempts to drop and execute a non-malicious PDF file in the /tmp folder [Figure 1]. The PDF file and the content is intended to distract the user and hide the malicious activity in the background. The dropper is detected as OSX/Revir.A.

]]>
http://blogs.totaldefense.com/securityblog/2011/09/27/Mac-OS-X-Threat-Masquerading-as-a-PDF-Document.aspx http://blogs.totaldefense.com/securityblog/2011/09/27/Mac-OS-X-Threat-Masquerading-as-a-PDF-Document.aspx Tue, 27 Sep 2011 00:00:00 GMT
The SMSer Trojan returns as Fake Browser Again.

A few months ago, we blogged about an increasing trend of SMSer Trojans disguising themselves as popular browser applications targeting the users of smart phones with support for J2ME. For the past few days, we have been observing a similar trend in the influx of SMSer Trojans posing as browser applications in our sample processing channels. However this time, they are actually targeting Android users.

]]>
http://blogs.totaldefense.com/securityblog/2011/09/23/The-SMSer-Trojan-Returns-as-Fake-Browser-Again.aspx http://blogs.totaldefense.com/securityblog/2011/09/23/The-SMSer-Trojan-Returns-as-Fake-Browser-Again.aspx Fri, 23 Sep 2011 00:00:00 GMT
The Case of Spitmo, Analysis with Andbug and Profiler.

A few weeks ago, we have witnessed Zitmo arriving to Android landscape http://totaldefense.com/securityblog/2011/08/29/ZBot-Targeting-Android-Users.aspx. As it was widely predicted earlier, fellow researchers at Trusteer discovered that now Spitmo emerges for the Android platform. We, like the worldwide research community, have taken the the growth of Android malware very seriously.

]]>
http://blogs.totaldefense.com/securityblog/2011/09/13/The-Case-of-Spitmo-Analysis-with-Andbug-and-Profiler.aspx http://blogs.totaldefense.com/securityblog/2011/09/13/The-Case-of-Spitmo-Analysis-with-Andbug-and-Profiler.aspx Tue, 13 Sep 2011 21:44:02 GMT
Free Facebook t-shirts at the cost of your Personal Information?

Free Facebook t-shirts at the cost of your Personal Information?


Just like the many other social-engineering spam attacks observed on Facebook, the recent one which offers victims free t-shirts as its 7th Anniversary special gift, seem to have gained quite a bit of popularity. If stats are to be believed, [Figure 1, courtesy hacker9] quite a few people have fallen victim to this like-jacking social engineering spam. Interestingly, I already have spotted close to eight people's accounts in my Facebook contact list posting the scam over and over again on my wall, which is one of the aftereffects of falling prey to this social-engineering attack. Another startling fact is that when I checked on other related security blogs, there appears to be different variants of this spam. Some have already been taken down. So this means that possibly scammers have realized that the "free Facebook t-shirt" is an extremely good proposition for luring in innocent Facebook victims.

]]>
http://blogs.totaldefense.com/securityblog/2011/09/09/Free-Facebook-t-shirts-at-the-cost-of-your-Personal-Information.aspx http://blogs.totaldefense.com/securityblog/2011/09/09/Free-Facebook-t-shirts-at-the-cost-of-your-Personal-Information.aspx Fri, 09 Sep 2011 16:06:41 GMT
Stay Safe With Your Twitter Account. Twitter is a nice social network that allows you to send very quick messages to your colleagues and friends alike indicating what you are doing, where you are located and so on. The main feature of this social network is the so-called “Following Tweets,” which is a way to inform you that somebody is following your tweets. Twitter is a powerful platform because it easily allows you to create a huge network of people that are connected. For this reason, it has become a perfect target for cybercriminals and underground markets.

]]>
http://blogs.totaldefense.com/securityblog/2011/09/10/Stay-Safe-With-Your-Twitter-Account.aspx http://blogs.totaldefense.com/securityblog/2011/09/10/Stay-Safe-With-Your-Twitter-Account.aspx Fri, 09 Sep 2011 00:00:00 GMT
How to mitigate the “Supercookies”

"Supercookies" (Local Shared Object), or flash cookies as they are otherwise commonly called, and their implication on the privacy of Internet users have been a hot topic in the security- news blogs lately.

"Cookies", as most of you already know, are small text files that are used to keep small pieces of browsing information stored on a computer to track and retain user preference information when Internet users visit various websites online. But the risks involved with tracking cookies are already well known in the security community. There are also options available on various browser setting pages which explicitly allow users to clean these cookies. Many anti-virus companies, including Total Defense, have protection against tracking/third party cookies, too.

]]>
http://blogs.totaldefense.com/securityblog/2011/08/26/How-to-mitigate-the-Supercookies.aspx http://blogs.totaldefense.com/securityblog/2011/08/26/How-to-mitigate-the-Supercookies.aspx Mon, 22 Aug 2011 00:00:00 GMT
China’s Black Market: an Analysis

The Black Market is not new at all, and we know it exists because illegal products or services are readily available, such as drugs, sex, stolen goods, etc.

These days I have been impressed by the increase in the number of emails targeting Italian users with offers of electronic goods sold at very interesting prices.

Everyday my personal inbox is stuffed with emails coming from people pretending to offer me electronics at below market value prices and suggesting I visit their new commercial web site (Figure 1-2).

]]>
http://blogs.totaldefense.com/securityblog/2011/08/29/Chinas-Black-Market-an-Analysis.aspx http://blogs.totaldefense.com/securityblog/2011/08/29/Chinas-Black-Market-an-Analysis.aspx Mon, 15 Aug 2011 00:00:00 GMT
New SDK, Old tricks - SillyDl repackaged! Routine processing of our large volume collections has unearthed a sample that seems noteworthy to be mentioned. Digging deeper revealed it was indeed a simple variant descending from a very old and familiar family of Java based Trojans [Java/SillyDl]

Intricacies of its execution

This sample's payload is same as what the age old downloader agents are known to do.  By Design, It downloads additional malware executables from distribution sites on the internet and proceeds to trigger their installation routines. Implemented as an applet, a better and easy understanding of this malware component can be gained through the output of instrumented standalone version of this applet shown in  Fig 1.

]]>
http://blogs.totaldefense.com/securityblog/2011/08/29/New-SDK-Old-tricks-SillyDl-repackaged.aspx http://blogs.totaldefense.com/securityblog/2011/08/29/New-SDK-Old-tricks-SillyDl-repackaged.aspx Thu, 04 Aug 2011 00:00:00 GMT
SpyEye Behind Cyber-fraud

SpyEye is now very well known within all security communities and security blogs of the world. The latest version of the SpyEye tool includes very powerful capabilities, specifically designed to steal sensitive data from Windows users conducting monetary transactions over the Internet.

The Trojan tool is sold on the underground market and in cybercrime forums to be used by cybercriminals. Designed to defeat the security defenses in place by online banks, the SpyEye Trojan renders these security systems useless. If people are infected by this Trojan then their credentials and sensitive data such as, identities, credit card numbers and similar information, are stolen and sent to the criminals waiting to collect this data and enumerate their new budget.

]]>
http://blogs.totaldefense.com/securityblog/2011/08/26/SpyEye-Behind-Cyber-fraud.aspx http://blogs.totaldefense.com/securityblog/2011/08/26/SpyEye-Behind-Cyber-fraud.aspx Thu, 04 Aug 2011 00:00:00 GMT
A Trojan spying on your conversations We have been recently blogging about many Android malware as the threat landscape has been witnessing an increasing trend in targeting the mobile platforms and today we have received an Android package to our collection and observed that this piece of malware walks an additional mile by having a neat configuration and has a capability to record the telephonic conversation the infected victim makes. In one of our earlier blogs, we have demonstrated how a Trojan logs all the details of incoming/outgoing calls and call duration in a text file. This Trojan is more advanced as it records the conversation itself in “amr” format. Also it has got many other malicious activities that we have seen in many of the earlier malware incidents targeted for Android platform.

Hence, in this blog, we will demonstrate this particular conversation recording payload of the malware.

]]>
http://blogs.totaldefense.com/blogs/security-advisor/2011/08/26/A-Trojan-spying-on-your-conversations.aspx http://blogs.totaldefense.com/blogs/security-advisor/2011/08/26/A-Trojan-spying-on-your-conversations.aspx Mon, 01 Aug 2011 00:00:00 GMT
LulzStorm hits Italian Universities Lulz team seems to have their signature on the Security page almost on a weekly basis. Just today, “The Sun” newspaper’s online home-page has been defaced, playing on the recent Murdoch issue but the most recent and interesting case certainly remains the attack to Italian Universities.

On its Twitter page LulzStorm posted a supposed dump of the databases of 18 Italian Universities, containing thousands of usernames, cleartext passwords, emails and private information.

]]>
http://blogs.totaldefense.com/securityblog/2011/08/26/LulzStorm-hits-Italian-Universities.aspx http://blogs.totaldefense.com/securityblog/2011/08/26/LulzStorm-hits-Italian-Universities.aspx Tue, 19 Jul 2011 00:00:00 GMT
UNIFORM TRAFFIC TICKET Not from New York State Police The first thing that most computer users do in the morning is to check their email. So recently just as usual I too checked my Inbox and spam folder. However there was one email [Figure 1] in my Spam folder that got my attention. It seemed suspicious and I did not want to fall into a trap so I carefully reviewed it. This blog details my findings.

The email is disguised as a "Traffic Ticket" from New York State Police; it claims that I have been charged with speeding violation. The email body recommends that if I want to plead, I need to print out the attached file and send it to Town Court, Chatam Hall. The attached file is not a traffic ticket but in fact it is a malware. I know that my local road traffic agency will never email any infringement, but would have mailed it via post instead.

]]>
http://blogs.totaldefense.com/securityblog/2011/08/29/UNIFORM-TRAFFIC-TICKET-Not-from-New-York-State-Police.aspx http://blogs.totaldefense.com/securityblog/2011/08/29/UNIFORM-TRAFFIC-TICKET-Not-from-New-York-State-Police.aspx Mon, 11 Jul 2011 00:00:00 GMT
ZBot Targeting Android Users Earlier this week, in the security researcher forums there have been a round of discussions regarding  Zbot attacking Android users and today fellow researchers from Fortinet have managed to find a sample that actually does it.

Though this sample has been in the wild for some time, it was found now that it is actually the one that Zbot uses to target its victims.

In this blog, we will demonstrate how the sample actually works to target the mTAN based authentication scheme.

]]>
http://blogs.totaldefense.com/securityblog/2011/08/29/ZBot-Targeting-Android-Users.aspx http://blogs.totaldefense.com/securityblog/2011/08/29/ZBot-Targeting-Android-Users.aspx Fri, 08 Jul 2011 00:00:00 GMT
Dynamic Analysis of Golddream.A Trojan This is a recent malware that targets the Android platform. This Trojan like many typical social engineering Trojans, comes bundled with a game. The credit for discovering it goes to Prof.Xuxian Jiang.

Since we have published static analysis of such Trojans in our earlier blogs, this blog covers the dynamic analysis of the Trojan in a controlled environment. Please note that this blog post will only demonstrate one of the malicious activities the sample does and does not intend to demonstrate all the activities of the malware.

]]>
http://blogs.totaldefense.com/securityblog/2011/08/29/Dynamic-Analysis-of-Golddream-A-Trojan.aspx http://blogs.totaldefense.com/securityblog/2011/08/29/Dynamic-Analysis-of-Golddream-A-Trojan.aspx Thu, 07 Jul 2011 00:00:00 GMT
Rootkit Infection: MBR wanted!

We recently witnessed another rootkit infection which raised the attention of the press and Microsoft users.

It is again a high profile malware whose target is the hard drive’s master boot record (MBR) corrupting the bootstrap of the Windows Operating System.

Once run the malware follows the steps below:

  1. Open file: \\.\PhysicalDrive0
  2. Create File: hello_tt.sys

The first step of the malware is the access phase to the hard drive partition where the operating system is installed. That is the sequence where the malware finds the master boot record (MBR).

The second step is the creation of a service dropped and installed on the victim OS.

]]>
http://blogs.totaldefense.com/securityblog/2011/08/26/Rootkit-Infection-MBR-wanted.aspx http://blogs.totaldefense.com/securityblog/2011/08/26/Rootkit-Infection-MBR-wanted.aspx Thu, 30 Jun 2011 00:00:00 GMT
QR Code: a channel to spread malware? Not everyone knows what a QR Code is or how they can be used.

A QR Code is a specific matrix barcode (or two-dimensional code), readable by dedicated QR barcode reader.  There are many QR Code Reader apps available today for camera phones. The code consists of black modules arranged in a square pattern on a white background. The information encoded can be text, like a URL, or other data.

]]>
http://blogs.totaldefense.com/securityblog/2011/08/26/QR-Code-a-channel-to-spread-malware.aspx http://blogs.totaldefense.com/securityblog/2011/08/26/QR-Code-a-channel-to-spread-malware.aspx Mon, 14 Feb 2011 00:00:00 GMT