Spam

Fake Email Trick aims to Redirect Users to Malicious websites

April 26th, 2012 Mourad Ben Lakhoua

Several spamming messages have been observed by Trend Micro Lab that are targeting social network users, we used in the traditional spam message to find advertising content directly on the email but the reported cases seems to be slightly different as scammers are hosting the advertising content on hacked website under their control, If the victim click on the link he will be directly visiting these malicious websites.

LinkedIn, foursquare, MySpace, and Pinterest are the reported cases and here cybercriminal are using an identic notification to what social network is sending with logos and words that makes any person read the message and click on contained links.

The first two fake messages are belonging to foursquare one alerting that users have received new message and the second for confirming friend’s notification, here as a reaction the person will click the link to insert his login credential and read the message. The email is very well done and seems to be from the legitimate source.

Same way is conducted for LinkedIn and MySpace where attackers are trying to redirect users to fake website “wiki Pharmacy”.  And last message is for Pinterest where the email notification claimed online article on weight-loss but actually it contain a malicious attack.

So as you can see if you have a good Mail security solution you will not be able to filter these messages as they are identic to what you are receiving from social network websites and you may be exposed for a similar types of attack.

As a security measure verify email senders and if they are suspicious delete the message directly, if you receive any link open your browser and insert the URL manually, if the link looks suspicious than try to check it on search engines to have a full information about it, Finally be sure to never send your sensitive information even if they are requested by any part over your email.

Source: TrendMicro

Share

App Permission Watcher Android Tool to Display Application Security Level

April 23rd, 2012 Mourad Ben Lakhoua

By the increasing number of smartphone malwares it is important to install an application that will monitor all activities on your device, this will get you an instant notification for suspicious applications or programs and help you to avoid malicious apps at an early stage.

If you are using Android operating system for your smartphone than you can check App Permission Watcher, this program will help you to secure and protect your smartphone by listing suspicious application, listing different permissions for all installed application, flag the trusted application in a way to make user confident in their existence and it is freely available with no advertising banners.

Screenshot for App Permission Watcher (click to enlarge)

Some malicious software finds a way to bypass certain security measures and install themselves directly without any permissions, and here victim will have a difficulty to revoke the malicious application so for protecting your Android system you can use this free and simple application.

you can download and read more about App Permission Watcher at the official website: http://www.apewatch.de/index_en.html

Share
Malwares

Malware Hits the Iranian Oil Terminal

April 23rd, 2012 Mourad Ben Lakhoua

New malicious attack that are targeting Iranian key oil facilities have been reported today by BBC, on Sunday a computer virus have infected the network to make all infrastructure disconnected from the internet.

While important information and data in the oil production was not affected by the attack, website for the oil company is still not working and according to oil ministry spokesperson user’s data and personal information have been stolen by attackers.

As proactive measure the Iranian government created “cyber crisis committee” that will be in charge of handling this massive infection, the same action have been taken back in 2010 for investigating Stuxnet malicious attack.

Up to now there is still no information about the kind of malware or how it gets to the local network, while for the Stuxnet a malicious USB have infected the critical infrastructure at that time.

Share

Trend Micro Alerting of Growing Android Malwares

April 20th, 2012 Mourad Ben Lakhoua

Trend Micro have released a new report that are focusing on mobile system malicious applications for the first quarter of 2012, the document state discovering approximately 5,000 new malicious Android application which poses a big threat for Android users.

Android smartphones infection scenario described by Trend Micro is pretty simple, victim opens a compromised website that may contain a new video and you need to click for watching this movie and as a result victim download the piece of malicious code and execute it directly on the smartphone.

The report includes some previous examples that have been posted on Trends blog and looks critical such as Fake “Temple Run” app, Fake Russian Google Play and Jeremy Lin the NBA Player case, there are also a classification of mobile malware that comes as follows:

  1. WORM_DOWNAD.AD  with 740,977 infection
  2. CRCK_KEYGEN  with 197,330 infection
  3. PE_SALITY.RL  with 83,916 infection

Map of infected Hosts by Trend Micro (click to enlarge)

All malicious attacks are exploiting some critical vulnerabilities and Trends top three most vulnerable vendors for this quarter are Apple with 91 vulnerabilities, Oracle with 78 and Google with 73 but the most critical bug is Microsoft windows RDP which allow an attacker to execute a malicious code remotely without having any login credentials.

Social network website remain a threat that is hard to control as “Social networking accounts are even more useful for cybercriminals because besides plundering your friends’ email addresses, the bad guys can also send bad links around and try to steal the social networking credentials of your friends. There is a reason why there is a price for stolen social networking accounts.” David Sancho, Trend Micro Senior Threat Researcher

You can find the full report by following this link:

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt_security_in_the_age_of_mobility.pdf

Share

More than 1 Million Victims Used By Rmnet.12 Botnet

April 18th, 2012 Mourad Ben Lakhoua

After Flashback operation where Doctor Web security software lab reported a 600 thousands infected Apple mac, new press release have been issued to another zombie network which contain more than one million hosts.

Win32.Rmnet.12 is the malware used in this attack and it targets windows based operating system to install backdoor and further stealing sensitive information on victim computer, methods for spreading this malware are USB devices or infected websites that contain a malicious VBScript.

The botnet was not big during the first phase with 173 thousand machines but this number is increasing very fast to make it pass the 1,400,520 in a few months.

Map for Win32.Rmnet.12 Botnet infection (click to enlarge)

To protect yourself be sure to apply the following:

  • Use a modern windows operating system including windows Vista or Seven as they contain more security modules to protect users.
  • Install security software that include antivirus, Host based intrusion prevention system, beside the workstation application firewall to filter and detect any suspicious behavior.
  • Use the administrator right only when they are really required.
  • Update all your third party applications like web browsers or pdf readers in an instant manner and you can use Secunia free solution to identify required patches.
  • Encrypt all your sensitive information with a solid encryption algorithm to prevent any data leakage or that another malware do it for you.

Source: http://news.drweb.com/show/?i=2374&lng=ru&c=9

Share

CONFidence 2012 Hackers Conf Scheduled

April 17th, 2012 Mourad Ben Lakhoua

CONFidence 2012 IT Security Conference

CONFidence gaining momentum, so get ready for two days filled with lectures and extreme attractions! The presentations will be divided into four theme groups (2 each day) with more than 30 speakers, unpublished materials, workshops and a special X-traction point game, which is something you haven’t seen before!

Schedule template contains four separate thematic tracks:

  • WebSec – Web application Security
  • Cross-Layer – Communication protocols, Servers, Applications, Misc
  • AppSec – Security and Application Flaws
  • Pwnage – Bypassing the security systems, hacking technologies

Some of the speakers at the conference include John “Captain Crunch” Draper, Gregor Kopf, Ashar Javed, Alexey Sintsov, Eduardo Luiz, Luiz Eduardo, Zane Lackey, Raoul Chiesa and many more.

Details of the schedule can be found at: http://2012.confidence.org.pl/agenda

As always at the conference there will be discussion panels led by world-class experts, including, “Secure Web application – is it possible?” panel led by Mario Heiderich and Gareth Hayes.

There will also be additional workshops before and/or after the conference, inlucing a special workshop prepared by Compendium, where you can prepare for and obtaining an ISECOM certificate.

Apart from the normal presentations, there will be special Ligtning Talks track spread over two days. Attendees will be able to perform short, 5 minutes long presentations, covering all range of topics ranging from their projects, research results to even some specific hobbies. Every conference attendee has a possibility to submit a topic for as long as there are free slots for the talks.

For the very first time, we will deploy an X-traction Point contest, where attendees will be given a possibility to test their skills in lockpicking, knowledge about alarm systems, motion and sound detectors along with basic hacking skills. They will have to use their knowledge in a live bunker infiltration, get behind the security systems, pass the guards and save a prisoner. All that live streamed for the audience. This will be spectacular!

SecTechno is a media partner for CONFidence 2012 and conference organizer provide our readers a  15% discount on registration fee by using the following code : 2012-sectech

Share

Twitter Accounts Posting a Malicious Links Hosting FakeAV

April 17th, 2012 Mourad Ben Lakhoua

Spamming campaign have been observed by GFI security researchers that are using twitter to spread malicious links, the shortened URL leads to a fake antivirus malware that will claim several infection on victim computers.

The first link is fuuut(dot)tk which will redirect any visitor to detectoptimizersupervision(dot)info that are hosting a rogue software called windows Antivirus 2012,  what is scary that only 3 out of 42 antivirus flags the malware as a Trojan fake antivirus.

Screenshot for Windows AntiVirus Patch

Twitter can be a very good platform for cybercriminal to promote malicious links as with the shortened service users can not identify the real URL and clicking to open the website is an instant reaction. Some users will even go to share the link by retweeting it without verifying the content.

That’s not all as a second malicious attack have been also observed on twitter that are spreading the Blackhole exploit kit at first stage next it redirect victim to install Windows AntiVirus Patch another fake antivirus.

If you are a twitter user be very careful about where you are clicking and what you are sharing , verify any short link before opening it and if you detect a similar attack be sure to block and report the account as a spam.

Source: http://www.gfi.com/blog/spam-leads-to-exploits-and-fake-av-on-twitter/

Share
« Older Entries
Newer Entries »
Powered by WordPress | Designed by: Best SUV | Thanks to Toyota SUV, Ford SUV and Best Truck