Safenetting : October Malware Report

User Group Network UGN Safenetting and Cybercrime report Our Malware Reports could be closer together, and perhaps we’ll start getting them up more often. We publish the most news worthy regardless of platform because no matter which platform you use, malware, virus, trojans, botnets and the evils spawned on the computer world effects us all. . . .
* Malware Spread as Official Adobe Software Following Server Breach
* PlaceRaider malware turns smartphones into surveillance tools
* Sophos rolls out mobile apps for anti-malware and encryption
* Hackers Breached Adobe Server in Order to Sign Their Malware
* Study finds Internet Explorer to be malware blocking king
* New Twitter-Based Malware Uses Direct Messaging to Spread
* Malware Found Installed in Chinese-Made Microsoft PCs
* Browser tests show Google SafeBrowsing API weak link
* Cyberespionage skills go beyond technical ability
* Ransomware continues to make rounds in Charlotte
* New Android Malware Is A Burglar’s Best Friend
* Profiling The Cybercriminal And The Cyberspy
* Cisco Concocting Zero-Day Malware Catchers
and more . . .


Safenetting

Hackers Breached Adobe Server in Order to Sign Their Malware

The ongoing security saga involving digital certificates got a new and disturbing wrinkle on Thursday when software giant Adobe announced that attackers breached its code-signing system and used it to sign their malware with a valid digital certificate from Adobe.
      Adobe said the attackers signed at least two malicious utility programs with the valid Adobe certificate. The company traced the problem to a compromised build server that had the ability to get code approved from the company’s code-signing system.
READ THIS REPORT Full story : Wired (blog)


browser tests show Google SafeBrowsing API weak link

It hasn’t been the best month for Internet Explorer given the recent zero-day attack, but the Microsoft browser got some good news today with a new test that shows it’s by far better at stopping malware than Google Chrome, Mozilla Firefox, and Apple Safari.
      NSS Labs today released the results of tests it conducted on the major browsers to determine how they defend against malware associated with bank fraud, password-stealing, phony antivirus, and click fraud. IE fared best, blocking 95 percent of all malware-related activity, followed by Chrome, which blocked 33 percent, and Firefox and Safari, which blocked less than 6 percent.
      Another interesting statistic: Chrome halted only 1.6 percent of click fraud, and IE was also No. 1 in this test, stopping 96.6 percent of click-fraud malware during the tests. Firefox picked up 0.8 percent; and Safari, 0.7 percent.
READ THIS REPORT Full story : Dark Reading


Cyberespionage skills go beyond technical ability

Cyberespionage perpetrators will need not only technical skills but also a good psychological understanding of how to manipulate their intended targets within an organization as people are always the weakest security link.
      Joseph Steinberg, CEO of security firm Green Armor, said having a technical knowledge of writing malware is just one of the many skills needed by hackers to conduct cyberespionage. This is because an attacker may write the best malware but it is worthless if he cannot deploy the program on to the targeted network, he said.
READ THIS REPORT Full story : ZDNet


PlaceRaider malware turns smartphones into surveillance tools

The proof-of-concept Trojan, dubbed PlaceRaider, surreptitiously slurps a smartphone’s sensor data and hijacks the camera to take covert pics. This information is then sent back to the controllers, enabling them to build 3D models of their target.
      The team, led by David Crandall of the Naval Surface Warfare Center in Crane, Illinois, knew it was possible for smartphone malware to record and transmit data, without a user realising, but wanted to know whether they could gather enough image data, combined with sensor data, to build accurate 3G models of a room, having never set foot in it themselves.
READ THIS REPORT Full story : V3.co.uk (blog)


Sophos rolls out mobile apps for anti-malware and encryption

Sophos today announced a free anti-virus defense app for Google Android devices which works via the Sophos cloud-based service. Separately Sophos also made available Android and Apple iOS apps for securing files held in the cloud file-storage service Dropbox.
      The Sophos anti-virus app for Android devices will be available for free through November, at which time it will be integrated into The Sophos mobile-device management software Sophos Mobile Control. However, a standalone free version is still expected to be made available after November. “It acts as a scanner and looks for malicious apps and malware,” says Payal Mehrotra, Sophos mobile product manager.
READ THIS REPORT Full story : Network World


Profiling The Cybercriminal And The Cyberspy

Chinese hackers operate more as big-box, thrifty enterprises with bargain-basement mini-botnets and commodity malware. Eastern European hackers run higher-end operations with bulletproof hosting and custom-built malware. Chinese hackers hide in plain sight, but try to maintain a foothold in their victims’ organizations. Eastern European hackers stage camouflaged, commando-type raids to grab and run off with valuable financial information.
      Those are some of the telltale characteristics of two of the main types of attackers businesses and public-sector organizations face today — and the types of threats studied most by security researchers. Increasingly, there has been a shift toward getting to know the enemy behind the malware, mainly as a way to put up better defenses from these inevitable attacks. But like most things, the more you know, the more you realize what you don’t know.
READ THIS REPORT Full story : Dark Reading


New Android Malware Is A Burglar’s Best Friend

Newly released malware PlaceRaider sounds like science fiction: It’s Android malware designed to build 3-D models of users’ apartments for burglars and assassins. But PlaceRaider–developed by a team at Indiana University–is very real. The new malware was built as an academic exercise, and it exposes security flaws that government agencies would love to use. More importantly, it also exposes unintended mobile functionality that large companies like Google could easily monetize.
      PlaceRaider, which was summarized in a recent arXiv paper, is a piece of ‘visual malware’ which smartphone cameras, accelerometers, and gyroscopes, to reconstruct victims’ rooms and offices. The trojan runs in the background of any phone running Android 2.3 or above, and is hidden in a photography app that gives PlaceRaider the necessary permissions to access the camera and upload images. Once installed, PlaceRaider quietly takes pictures at random that are tagged with the time, location, and orientation of the phone. PlaceRaider also, of course, mutes the phone’s shutter sound.
READ THIS REPORT Full story : Fast Company


Malware Spread as Official Adobe Software Following Server Breach

Hackers have breached Adobe’s code-signing system allowing them to spread their malware under the guise of official Adobe software. Adobe security chief Brad Arkin says the attack on one of its servers was carried out by “sophisticated threat actors.” Adobe has said that at least two malicious utility programs were signed with valid Adobe certificates.
      Although only two files were signed using the certificate, this breach signals a raising of the stakes in the world of Advanced Persistent Threats (APTs). Adobe has said that code signed since 10 July, 2012 will be affected, meaning that the attackers had access to Adobe’s infrastructure for more than two months.
Careful, this page has some nasty spam ads!
READ THIS REPORT Full story : San Francisco Luxury News


Cisco Concocting Zero-Day Malware Catchers

Cisco is working on technology to better catch unknown threats, better known as zero-day malware, as it looks to take on start-ups innovating in the area, TechWeekEurope has learned.
      The signature-based world of blocking malware is over, many believe, given that traditional antivirus can only stop around 30 percent of modern threats getting through to IT systems, and it seems that Cisco is moving with the new consensus. The signature-based approach shares patterns relating to known malware amongst anti-virus systems, so they can block it. But being able to block only known threats is no longer good enough.
READ THIS REPORT Full story : TechWeekEurope UK


Ransomware continues to make rounds in Charlotte

A virus that freezes up computers and threatens users to pay a fine to unlock them continues to make the rounds in Charlotte.
      The malware uses the name of the FBI in hopes of intimidating people to pay up.
READ THIS REPORT Full story : WSOC Charlotte


Malware Found Installed in Chinese-Made Microsoft PCs

It was discovered that a Microsoft factory in China was pre-installing viruses through malware, or malicious software, during the manufacture process. Among this malware was a variety that extracted bank account information from network banks.
      Testing of PC shipments from the factory earlier this month uncovered that the amount of malware was double what was expected. In order to grasp the extent of the contamination, an investigation called Operation b70 was set into motion.
READ THIS REPORT Full story : ROCKETNEWS24


Study finds Internet Explorer to be malware blocking king

Which web browser, with its default configuration, is best at blocking malware? According to a recent NSS Labs study it is Microsoft’s Internet Explorer 9 which performed the best during the course of the study. Want some numbers?
      Microsoft’s Internet Explorer blocked 94% of general malware and 96.6% of click fraud the researchers threw at the browser. All other browsers performed a lot worse in the test.
READ THIS REPORT Full story : Ghacks Technology News


New Twitter-Based Malware Uses Direct Messaging to Spread

Sophos is warning of a new trick to get Twitter users to open direct messages from trusted users that ultimately infect their machines with malware.
      In a blog post, senior technology consultant Graham Clulely said the initial message is a tweet claiming the recipient’s been captured on a Facebook video. One version makes it sound like something scandalous was taped without the person’s knowledge.”
READ THIS REPORT Full story : Threat Post


GO What did you miss in the last Safenetting Malware Update

 


GO Send in your items for Safenetting readers
GO Facebook Safe Netting
GO Join / Like / contribute : UGNN FaceBook Group, (ug.netnews)

DO NOT CLICK

If you think you’re a victim, file a complaint with the
GO FBI Internet Crime Complaint Center : IC3.

You can also keep up with the efforts to curb spam and cybercrime by reading the news at
GO Knujon and
GO HostExploit.com. And, you should
GO switch to SpamCop and take a stand against spam.