Safenetting : Malware Report 1208.27

User Group Network UGN Safenetting and Cybercrime report After our last Malware Report, a number of readers complained that most of the content does not apply to Mac users. Most malware has been Windows / Unix based, however more and more are targeting mobile operating systems, and some attempts on Macs. We publish the most news worthy regardless of platform because no matter which platform you use, malware, virus, trojans, botnets and the evils spawned on the computer world effects us all. . . .
* How to Maintain Security When Employees Work Remotely
* Application Detects Social Network Spam, Malware
* Computer viruses A thing of threads and patches
* Crisis Malware Infects VMware Virtual Machines
* Create A Mac Zombie Army, Cheap: Hacker Emptor
* Malware suggests possible connection to Saudi
* The Rise of Cross-Platform Malware
* Zeus Variant Targets U.S. Accounts
* lame Mac malware for $60 a pop
and more . . .


Application Detects Social Network Spam, Malware

Social networks are both a boon and bane for online criminals: People using the networks tend to trust messages sent by “friends” and other users to whom they are connected, making social engineering that much more effective. On the other hand, the networks are gated communities, where security policies and technologies can radically change the attack landscape.
      MyPageKeeper, a project designed and created by computer scientists at the University of California, Riverside, does just that. Created as a Facebook application, the program searches the news feeds of its subscribers every two hours looking for suspected social malware and scams, collectively referred to as “socware” by the researchers. When it finds a suspect post, it leaves a comment indicating that the item is likely a scam or malware
READ THIS REPORT Full story : Dark Reading

lame Mac malware for $60 a pop

Cybercrooks are attempting to obtain few bucks for a lame piece of Mac malware, dubbed NetWeird.
      NetWeird (AKA NetWeirdRC) has been offered for sale for the princely sum of $60 through underground cyber-crime forums, according to Mac security specialist Intego. The cross-platform malware potentially affects OS X (versions 10.6 and higher), Windows, Linux and Solaris.
READ THIS REPORT Full story : The Register

Crisis Malware Infects VMware Virtual Machines

The Windows version of Crisis, a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec.
      Crisis is a computer Trojan program that targets Mac OS and Windows users. The malware was discovered by antivirus vendor Intego on July 24 and can record Skype conversations, capture traffic from instant messaging programs like Adium and Microsoft Messenger for Mac and track websites visited in Firefox or Safari.
READ THIS REPORT Full story : PCWorld (blog)

How to Maintain Security When Employees Work Remotely

Thanks to significant advances in networking and mobile technologies, more people are working less and less from the office. Increasingly, we work from client locations, hotels, home offices and sometimes even from summertime beach cabanas.
      This unprecedented ability work from anywhere has enabled companies to keep the best employees, regardless of where they may live, and swelled the ranks of “virtual” companies, whose employees meet constantly online, but rarely in the flesh.

Computer viruses A thing of threads and patches

LIKE their biological counterparts, computer viruses are locked in an evolutionary arms race. These programs, whose crucial characteristic is that they reproduce by copying themselves onto new machines, began as a curiosity in the early 1980s.
      Now, however, they — and other, similar, types of malicious software — support a multibillion-dollar industry in which those who use them to steal information and subvert computers struggle with those who devise and sell digital protection. With so much at stake, malware, as it is known, gets ever sneakier, while the programs designed to detect it must get cleverer and cleverer just to keep up.
READ THIS REPORT Full story : The Economist

Create A Mac Zombie Army, Cheap: Hacker Emptor

Going once, going twice: The new NetWeird toolkit can be used to infect Apple OS X systems, converting Macs into zombies ready to do your botnet bidding, with prices starting at just $60.
      All told, remote-access and data-pilfering malware “can monitor running processes, send shell commands, take screenshots, download and run files, and identify front-most window titles,” according to an analysis of NetWeird (a.k.a. NetWrdRC) published by Sophos. In addition, it said, the malware can “harvest stored and encrypted usernames and passwords from Opera, Firefox, SeaMonkey, and Thunderbird browsers and mail clients.” It’s able to infect Apple OS X (versions 10.6 and newer), Linux, Solaris, and Windows systems.
READ THIS REPORT Full story : InformationWeek

Malware suggests possible connection to Saudi

A timer found in the Shamoon cyber-sabotage malware discovered last week matches the exact time and date when a hacktivist group claims to have disabled thousands of computers from the network of Saudi Aramco, the national oil company of Saudi Arabia.
      “We penetrated a system of Aramco company by using the hacked systems in several countries and then sent a malicious virus to destroy thirty thousand computers networked in this company,” a group called the “Cutting Sword of Justice” said in a Pastebin post on Aug. 15. “The destruction operations began on Wednesday, Aug 15, 2012 at 11:08 AM (Local time in Saudi Arabia) and will be completed within a few hours.”

The Rise of Cross-Platform Malware

For most of the recorded history of malware, viruses, Trojans and other malicious software have been specialists. Each piece of malware typically targeted one platform, be it Windows, OS X or now, one of the mobile platforms. But the last few months have seen the rise of cross-platform malware that have the ability to infect several different kinds of machines with small variations to their code.
      Attackers, like people in other walks of life, tend to specialize. They find something that they’re good at, say, writing Windows rootkits or creating OS X Trojans, and they often will stick with that. There’s not much reason to branch out if they’re having success with something already. For a long time, most malware was written for Windows, because that’s where most of the users are. Going after OS X or Linux didn’t make a lot of sense.
READ THIS REPORT Full story : Threatpost (blog)

Zeus Variant Targets U.S. Accounts

The IC3 has been made aware of a new Citadel malware platform used to deliver ransomware named Reveton. The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States federal law. The message further declares the user’s IP address has been identified by the Federal Bureau of Investigation as visiting websites that feature child pornography and other illegal content.
      To unlock the computer, the user is instructed to pay a fine to the U.S. Department of Justice using a prepaid money card service. The geographic location of the user’s IP address determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

GO What did you miss in the last Safenetting Malware Update


GO Send in your items for Safenetting readers
GO Facebook Safe Netting
GO Join / Like / contribute : UGNN FaceBook Group, (ug.netnews)


If you think you’re a victim, file a complaint with the
GO FBI Internet Crime Complaint Center : IC3.

You can also keep up with the efforts to curb spam and cybercrime by reading the news at
GO Knujon and
GO And, you should
GO switch to SpamCop and take a stand against spam.