Safenetting : MALWARE 1204.02

User Group Network UGN Safenetting and Cybercrime report Crime marches on, and more Mac intrusions are reported along with the usual slew of Android hacks
* Facebook scammers host Trojan horse extensions on the Chrome Web Store
* Chinese Company and Employee Deny Any Involvement in Hacking Attacks
* Mac backdoor Trojan embedded inside boobytrapped Word documents
* Malware Alert: DKFBootkit embedded into pirated AndroidOS apps
* New Trojan malware disguises itself as an Android game app
* Surveillance spyware migrates from Windows to Mac OS X
* Mac malware exploits Microsoft Office vulnerability
* Report cites U.S., Canada as malware attack focus
* AlienVault Warns of New Mac Malware Campaign
* Links between China and hacker group CSO
. . . and more!

Safenetting

AlienVault Warns of New Mac Malware Campaign

Researchers at AlienVault recently discovered a new Mac Trojan being distributed inside a boobytrapped Microsoft Word document. “This is one of the few times that we have seen a malicious Office file used to deliver Malware on Mac OS X,” AlienVault’s Jamie Blasco writes.
      “The targeted attack relies upon a critical security vulnerability discovered in Microsoft Word back in 2009, which allowed remote code execution (MS09-027),” writes Sophos’ Graham Cluley.
READ THIS REPORT Full story : eSecurity Planet


Mac backdoor Trojan embedded inside boobytrapped Word documents

If you’ve read InfoManager for very long, you’ll know we recommend absolutely never send, nor receive a dot-doc file. Of course, nobody ever heeds our warnings and billions are sent daily . . . but here, we’re proven right once again!
      The folks at AlienVault discovered an interesting new Mac malware attack this week. A backdoor Trojan horse, which would allow a remote hacker to access your Mac computer without your knowledge and potentially snoop on your files and activity, has been discovered hidden inside a boobytrapped Word document.
READ THIS REPORT Full story : Graham Cluley on Naked Security


Mac malware exploits Microsoft Office vulnerability

Rogue emails distribute booby-trapped Microsoft Word file that installs Mac OS Trojan, researchers said
      Security researchers have encountered new email-based targeted attacks that exploit a vulnerability in Microsoft Office to install a remote access Trojan horse program on Mac OS systems.
READ THIS REPORT Full story : InfoWorld


Report cites U.S., Canada as malware attack focus

In its annual review of global security threats, Websense says a major trend it observed last year is that more malware connections, hosting and phishing appear to be occurring in the United States and Canada.
      “50% of malware connections lead to the U.S.,” says Charles Renert, vice president of Websense Security Labs. According to the 2012 Websense Threat Report, Canada’s malware ranking has also zoomed upward in the past year, so the country now clocks in at No. 2 at 13.2%. The countries in the top five ranking include Germany at 5.4%, the Netherlands at 4.9% and China at 4.1%.
READ THIS REPORT Full story : Network World


Facebook scammers host Trojan horse extensions on the Chrome Web Store

Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab.
      The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses, said Kaspersky Lab expert Fabio Assolini in a blog post on Friday.
READ THIS REPORT Full story : www.securelist.com


Surveillance spyware migrates from Windows to Mac OS X

Researchers have uncovered a malware-based espionage campaign that subjects Mac users to the same techniques that have been used for years to surreptitiously siphon confidential data out of Windows machines.
      The recently discovered campaign targets Mac-using employees of several pro-Tibetan non-governmental organizations, and employs attacks exploiting already patched vulnerabilities in Microsoft Office and Oracle’s Java framework, Jaime Blasco, a security researcher with AlienVault, told Ars. Over the past two weeks, he has identified two separate backdoor trojans that get installed when users open booby-trapped Word documents or website links included in e-mails sent to them. Once installed, the trojans send the computer, user, and domain name associated with the Mac to a server under the control of the attackers and then await further instructions.
READ THIS REPORT Full story : Ars Technica


New Trojan malware disguises itself as an Android game app

A new Trojan masquerading as a game app is targeting phones running Google’s Android OS, subscribing to premium SMS services and sending information about the phone to its controller.
      “Once installed the malicious application gathers sensitive information (IMEI, IMSI, phone model, screen size, platform, phone number, and OS version) and sends it off to the malware’s authors. Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well,” Sophos said in a blog post.
READ THIS REPORT Full story : Full story : androidos.in


Links between China and hacker group CSO

Security vendor Trend Micro has been tracking a hacking campaign called Luckycat that has been linked to 90 attacks, including some aimed at Tibetan activists, and has tied it to a group based in China, the company said in a report published on Thursday.
      The Luckycat campaign, which has been active since at least June 2011, has been connected with attacks against targets in Japan and India as well, according to Trend Micro. Industries targeted include military research, aerospace and energy, it said.
READ THIS REPORT Full story : CSO


Chinese Company and Employee Deny Any Involvement in Hacking Attacks

Tencent, a Chinese Internet company, denied on Friday that one of its employees had been involved in a recent breach of computers belonging to Japanese and Indian companies, as well as Tibetan activists.
      The company released a statement soon after Trend Micro, a computer security company with headquarters in Tokyo, released a report on Friday describing the breach. It was the result of a nearly yearlong effort to hack into computers and steal information from hundreds of companies and individuals in several countries, the report said.
READ THIS REPORT Full story : New York Times


What did you miss in the last Safenetting post
GO Send in your items for Safenetting readers
GO Facebook Safe Netting
GO Join / Like / contribute : UGNN FaceBook Group, (ug.netnews)

DO NOT CLICK

If you think you’re a victim, file a complaint with the
GO FBI Internet Crime Complaint Center : IC3.

You can also keep up with the efforts to curb spam and cybercrime by reading the news at
GO Knujon and
GO HostExploit.com. And, you should
GO switch to SpamCop and take a stand against spam.