Infosec Weekly Round-up May 28 – June 3, 2012

The Flame: Questions and Answers

“Duqu and Stuxnet raised the stakes in the cyber battles being fought in the Middle East – but now we’ve found what might be the most sophisticated cyber weapon yet unleashed. The ‘Flame’ cyber espionage worm came to the attention of our experts at Kaspersky Lab after the UN’s International Telecommunication Union came to us for help in finding an unknown piece of malware which was deleting sensitive information across the Middle East. While searching for that code – nicknamed Wiper – we discovered a new malware codenamed Worm.Win32.Flame.”

http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers

Bank phishing malware bypasses DNS to trick the web browser

“Barracuda Labs recently caught a particularly serious example of this sort of attack. Known as Win32.Ngrbot.llr, this malware intercepts the internet traffic for certain banks and sends that traffic to a completely different webserver run by phishers. How it hides, and what it does, is especially interesting.”

http://www.barracudalabs.com/wordpress/index.php/2012/05/29/bank-phishing-malware-bypasses-dns-to-trick-the-web-browser

Say hello to Tinba: World’s smallest trojan-banker

“Tinba is a small data stealing trojan-banker. It hooks into browsers and steals login data and sniffs on network traffic. As several sophisticated banker-trojan it also uses Man in The Browser (MiTB) tricks and webinjects in order to change the look and feel of certain webpages with the purpose of circumventing Two factor Authentification (2FA) or tricking the infected user to give away additional sensitive data such as credit card data or TANs.”

http://www.csis.dk/en/csis/news/3566/

Iranian anti-censorship software ‘Simurgh’ circulated with malicious backdoor

“Simurgh is an Iranian stand-alone proxy software for Microsoft Windows. It has been used mainly by Iranian users to bypass censorship since 2009. The downloadable file is less than 1 MB and can be downloaded within a reasonable amount of time even with a slow internet connection, which makes it convenient for many users in Iran. Simurgh runs without prior installation or administrator privileges on the computer and therefore, can be copied and used from a USB flash drive on any shared computer (i.e Internet cafes).”

http://citizenlab.org/2012/05/iranian-anti-censorship-software-simurgh-circulated-with-malicious-backdoor-2/

Know Your Enemy : The Social Dynamics of Hacking

https://honeynet.org/files/Holt%20and%20Kilger%20-%20KYE%20-%20The%20Social%20Dynamics%20of%20Hacking.pdf

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Share
You can leave a response, or trackback from your own site.