Posts Tagged Malware Research
Fake Windows IME Trojan
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Vulnerabilities & attacks on July 11, 2010
Security researchers at Websense have discovered a new Trojan that are using a windows system to disable and delete antivirus software and compromising victim machine.
The Malicious program installs itself as the Windows input method editor (IME) and then stop all AV processes and delete the executable files and mask itself in the system as an antivirus update package.
Websense has issued a blog post defining the way that this Trojan is able to infect windows system. After running the malware a winnea.ime will be created under the system folder in windows.
By opening the default input method, the previous created file winnea.ime will start to search and detects antiviruses.
At the same time, winnea.ime creates a file called pcij.sys to the system folder and loads it as a driver process.
Next DeviceIOControl kills the running process of any antivirus in the list; the control code is sent to the driver process pcij.sys
As it is clear that the input method in Windows is now a popular way for hackers to inject malicious code.
make sure you subscribe to my RSS feed!
Symantec: 100% Increase in New Malicious Software
Posted by Mourad Ben Lakhoua in Cybercrime, News, cybersecurity on April 20, 2010
According to the latest Internet Security Threat Report which has been issued by Symantec, more than 240 million new malicious programs have been observed last year. The study illustrates clearly that cyber criminals increasingly focusing to get help of the online resources to perform their attacks.
The study indicates that most malicious activities are observed in the developing countries which shows that these countries still not well prepared for such crimes and do not invest in the protection against this major threat. And this also has made these countries a source of cyber crime activities since the laws do not prevent these crimes.
Attacking network resources is the most common in the report while browser vulnerabilities exploitation is increasing. Symantec also mentioned an increase in the hacking tools that allows attackers to steal data such as Zeus for seven hundred dollars.
Installing security patches has become more complex because users not only invited to patch vulnerabilities in the operating systems but also in third-party applications and plugins.
You can find the report here.
make sure you subscribe to my RSS feed!
Fake Software Updates Infecting Computers
Posted by Mourad Ben Lakhoua in News on March 26, 2010
New malware has been observed by Vietnamese computer security company Bach Khoa, The Malicious software overwrites programs update to bypass antivirus software.
W32.Fakeupver.trojan is the name of this new Trojan, first what the malware do is replacing automatic update system process for Adobe, Java, Deep Freeze or even Windows operating system to trick AntiMalware. By executing the Malware it will open services: DHCP client, DNS client, Network share and open port to receive hacker’s commands.
The malware can get to any system over the email, instant messengers or infected website. Once the computer gets infected attacker will be able to take control of the infected machine.
Currently to avoid being a victim for this Malware it is important to update all applications installed on the Operating system and the OS itself and make sure to have the latest antivirus definition.
make sure you subscribe to my RSS feed!
Finjan report “Your PC might be traded online– without you knowing about it!”
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking on June 18, 2009
Finjan security provider has published a report for a Botnets trading platform. On this platform which is called “Golden Cash” criminals can buy and sell botnets online .Prices vary depending on the location of Botnet. At this report you can find good examples concerning the prices and demands of botnet like in Australia for 1000 infected computer you just have to pay $ 500 and on the same platform “Golden Cash” Criminals can also purchase orders for specific sizes , regions and wait for offers.
According to the report In order to increase the number of botnets, the Golden Cash server installs an FTP grabber to steal credentials used by the computers to run Web sites, and gives the server control over additional legitimate Web sites. Approximately 100,000 domains from around the world were among the stolen FTP credentials.
Finjan shared the technical analyses on there blog and also you can find the report here.
make sure you subscribe to my RSS feed!
Anti-Malware Testing Standard In‐The‐Cloud Security Products
Posted by Mourad Ben Lakhoua in Best Practices on May 24, 2009
The AMTSO has released a new best practices related to testing the cloud products. This pdf document covers several topics such as virtualization, connection filtering and the repeatability of the tests and an example Methodology for testing in‐the‐Cloud Solutions.Among the participants of this release some anti-virus companies like Symantec, McAfee and Trend Micro.
By lunching cloud technology and the growing number of cloud security products it is always necessary to evaluate and test each product available on the market today so consumers will be aware with the security level and can avoid any risk or damage acquire.
I think that this step is in the good way to define a procedure or standard on how to test cloud-based products.
You can find all published documents related to AMTSO here and I hope that you will find them useful.
make sure you subscribe to my RSS feed!
SUBSCRIBE
Latest Comments