Worlds collide as Dennis Fisher talks with Patrick Gray of the Risky Business podcast about security journalism, how much and how little has changed in the industry in the last 15 years and whether we're making any progress in the fight against attackers.
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP (online certificate status protocol) system that is used now to check […]
The portmanteau-named SKYPEFALL.EXE is the latest, very active, malware-spamming campaign spreading through Skype. We first registered this attack on March 3 using both Spanish and English to lure victims. How does this attack work?
The victim receives a Skype message in the following format:
Dios Mio! [user name in Skype] video: http://********skype.info/video/?n=[user name in Skype]
Oh, My God ! [user name in Skype] video: http://********skype.info/video/?n=[user name in Skype]
If they click on the link and use Internet Explorer, it leads them to a fake video Website full of fabricated comments meant to pique the users interest while inviting the victim to download a plugin in order to watch the video itself:
Again, the URL used in the malicious message sent through Skype is available only if the browser referrer points to Internet Explorer. If the victim uses any other browser, the URL is simply unavailable.
The initial setup.exe is a RAR auto-extractible file with embedded instructions. It includes a full GUI installation package.
The victim receives both Adware-like functionality as well as Backdoor capabilities. Once it is installed on the victim's machine, it abuses the new victim's Skype friends list to continue spamming the aforementioned messages. The instructions for its behavior are downloaded from another server and look like this:
Last night I got a unexpected SMS in German language on one of my phones. A message from "Lisa", pretending to know me, including an url luring the reader to a picture of her.
The short-url points to the domain "m.bensbumsblog.com", which is already known for being used in SMS-spam for dating-websites, redirecting to a dating website. As there was no preregistration or request for this SMS, this clearly belongs into the category unsolicited bulk message.
The final target of the link is "daily-date.de". This website requires registration (username, password, mail-address and several personal questions). Finally it offers premium access to the system, which means searching, meeting and texting people as well as watching pictures, not for free though. This campaign offers a 14-day trail for 1€.
The domain "bensbumsblog.com" is protected by an anonymizing service to avoid identifying the owner. Although the IP-address is owned by a cloud service (according to RIPE lookup) and rented by some marketing company (IP reverse lookup).
The final website "daily-date.de" belongs to a German company, located in Berlin.
A look at the click-statistics from "bit.ly" shows that this campaign started on 03.03.2015 and got more than 10,000 clicks within 18 hours, most of them from Germany. Most clicks appeared in the first 3 hours of the campaign (started around 18:00 CET).
The "bit.ly"-user "benbu", who setup this Link, already created 15 Bitlinks/Short-URLs (active since 2nd of march 2015).
In general make sure that you don't just click on any link you get as there might also be malicious content behind. To improve protection of your mobile (smartphone/tablet) always ensure you install updates. Further you should have security software installed to be protected against mobile malware.
The Internet has long ceased to be the preserve of grown-ups. Children today are often far more active Internet users than their parents. But is it safe enough for children to use without fear of facing inappropriate content? To find out we decided to investigate potential online threats to children.
The research is based on data processed by our Kaspersky Security Network. We analyzed data from more than a million Kaspersky Lab customers. Each of them had encountered dangerous content at least once in the last year.
The results show that more than half (59.5%) of users encountered pornography; over a quarter (26.6%) landed on websites dedicated to gambling; every fifth user stumbled across sites featuring weapons; and almost the same number were confronted by strong language.
Percentage of users worldwide encountered dangerous content in 2014
Two thirds (67.29%) came across chat services. Only a small proportion of these services, such as those with anonymity functions or predominately adult subscribers, represent a potential threat to children. As a result it is difficult to take overall chat service encounters as an accurate indication of the level of risk to young people. However, the data does confirm the popularity of chat; and the greater the popularity of chat services in any given country, the greater the probability that children might occasionally or even intentionally enter into an unsafe chat environment. So, if nothing else, evidence of frequent encounters with chat services could be a sign for parents to pay more attention to the nature of these services and the likelihood of their child being drawn in.
Websites carrying these kinds of inappropriate content (adult, chat, gambling and weapons), along with others featuring drugs, tobacco and alcohol, were the ones blocked most often by Kaspersky Lab protection solutions. The frequency of detections demonstrates just how easy it is for users to encounter such content online. The higher the frequency: the greater the probability.
The most frequent use of parental controls were from China, USA, German, the UK and Russia #KLReport
In geographical terms, the countries with the most frequent Parental Control detections were China, the USA, Germany, the UK and Russia. France, Vietnam, Brazil and Algeria also ranked in the top ten in terms of inappropriate content detection – but were relatively safer due to a lower frequency of detection.
Each of the top ten most affected countries has its own distinct characteristics when it comes to the prevailing online threats for children. For instance, adult content was the biggest threat to users in Germany (with 172 detections per user), China (144.18 detections per user), and the US (126.16 detections). Content about alcohol, tobacco and drugs was a major threat to users from Russia, Germany, the USA and France. The frequency of detection was especially high in these countries. This kind of content also proved popular in Brazil and the UK.
Parents should choose parental control solutions to help protect their children #KLReport
The fact that the threat landscape for children changes significantly from country to country is one of the most remarkable findings to emerge from the research. It is a clear sign for parents around the world to pay special attention to what their children are doing online in their own country, as every situation will be different. To protect young people, we recommend that adults choose protection solutions with Parental Control technologies and make full use of safe "children" modes in search engines and applications that allow access to multimedia content and which are used by children.
However, although Parental Control technologies can block access to web sites with content that is dangerous or distressing for children, they cannot offer reliable protection in situations where safe-by-default web services like social networks or chats are misused by predators or users conducting cyberbullying campaigns.
Internet security deserves to be taken as seriously as real-life physical security #KLReport
Internet security deserves to be taken as seriously as real-life physical security. That's why we urge parents to take an active part in their children's real and digital lives. Only then can they be sure that they won't miss the moment when their child might need their support.
For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL […]
Google has made a subtle, but important, shift in the requirements for Android handset makers, saying now that OEMs manufacturing phones that will run Lollipop do not have to enable disk encryption by default. This is a major change from the company’s stated position from just a few months ago, but it may not have […]
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the researchers who discovered it. […]
Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essentially running man-in-the-middle attacks on connections to secure sites–in the name of […]