Feed aggregator

Patrick Gray on the State of Security and State Security

Threatpost for B2B - Wed, 03/04/2015 - 12:32
Worlds collide as Dennis Fisher talks with Patrick Gray of the Risky Business podcast about security journalism, how much and how little has changed in the industry in the last 15 years and whether we're making any progress in the fight against attackers.

Firefox 37 to Include New OneCRL Certificate Blocklist

Threatpost for B2B - Wed, 03/04/2015 - 11:47
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP (online certificate status protocol) system that is used now to check […]

Skyfall Meets Skype

Secure List feed for B2B - Wed, 03/04/2015 - 11:14

The portmanteau-named SKYPEFALL.EXE is the latest, very active, malware-spamming campaign spreading through Skype. We first registered this attack on March 3 using both Spanish and English to lure victims. How does this attack work?

The victim receives a Skype message in the following format:

Dios Mio! [user name in Skype] video: http://********skype.info/video/?n=[user name in Skype]

Oh, My God ! [user name in Skype] video: http://********skype.info/video/?n=[user name in Skype]

If they click on the link and use Internet Explorer, it leads them to a fake video Website full of fabricated comments meant to pique the users interest while inviting the victim to download a plugin in order to watch the video itself:



Again, the URL used in the malicious message sent through Skype is available only if the browser referrer points to Internet Explorer. If the victim uses any other browser, the URL is simply unavailable.

The initial setup.exe is a RAR auto-extractible file with embedded instructions. It includes a full GUI installation package.

The victim receives both Adware-like functionality as well as Backdoor capabilities. Once it is installed on the victim's machine, it abuses the new victim's Skype friends list to continue spamming the aforementioned messages. The instructions for its behavior are downloaded from another server and look like this:

{
"skype_restart_mins": 120,
"old_friend_hours": 48,
"del_msgs_limit": 5,
"send_strategy": 1,
"max_loc_msgs": 60}

The malware also includes an embedded SMTP client that would potentially allow the attackers to send spam through the victim's machine.

The attackers leading this campaign are changing this binary on the Web every few hours. In this way, they are trying to evade any consistent AV detection.

Kaspersky lab detects this threat as Trojan-Dropper.Win32.SkyDll.a.

Dating Lisa for 1 Euro

Secure List feed for B2B - Wed, 03/04/2015 - 11:11

Last night I got a unexpected SMS in German language on one of my phones. A message from "Lisa", pretending to know me, including an url luring the reader to a picture of her.

The short-url points to the domain "m.bensbumsblog.com", which is already known for being used in SMS-spam for dating-websites, redirecting to a dating website. As there was no preregistration or request for this SMS, this clearly belongs into the category unsolicited bulk message.

The final target of the link is "daily-date.de". This website requires registration (username, password, mail-address and several personal questions). Finally it offers premium access to the system, which means searching, meeting and texting people as well as watching pictures, not for free though. This campaign offers a 14-day trail for 1€.

The domain "bensbumsblog.com" is protected by an anonymizing service to avoid identifying the owner. Although the IP-address is owned by a cloud service (according to RIPE lookup) and rented by some marketing company (IP reverse lookup).

The final website "daily-date.de" belongs to a German company, located in Berlin.

A look at the click-statistics from "bit.ly" shows that this campaign started on 03.03.2015 and got more than 10,000 clicks within 18 hours, most of them from Germany. Most clicks appeared in the first 3 hours of the campaign (started around 18:00 CET).

The "bit.ly"-user "benbu", who setup this Link, already created 15 Bitlinks/Short-URLs (active since 2nd of march 2015).

Amount of Bitlinks Target/Campaign 6 DailyDates (this campaign) 1 Easy money/credit cards 8 Coupons

Spam is a common problem, not only via email. Although SMS-Spam is more common in Asia but less common in Europe.

Having a look at other campaigns by this user, not all were successful. Besides this campaign, 6 others got some clicks. All mostly targeting Germany.

Created Target/Campaign Clicks 02.03.2015 Coupons 2630 02.03.2015 Coupons 1764 02.03.2015 Coupons 250 02.03.2015 DailyDates 993 03.03.2015 Coupons 1878 03.03.2015 Coupons 1004

In general make sure that you don't just click on any link you get as there might also be malicious content behind. To improve protection of your mobile (smartphone/tablet) always ensure you install updates. Further you should have security software installed to be protected against mobile malware.

Threats to Children Online: The Danger is Real

Secure List feed for B2B - Wed, 03/04/2015 - 07:00

 Download Full Report PDF

The Internet has long ceased to be the preserve of grown-ups. Children today are often far more active Internet users than their parents. But is it safe enough for children to use without fear of facing inappropriate content? To find out we decided to investigate potential online threats to children.

The research is based on data processed by our Kaspersky Security Network. We analyzed data from more than a million Kaspersky Lab customers. Each of them had encountered dangerous content at least once in the last year.

The results show that more than half (59.5%) of users encountered pornography; over a quarter (26.6%) landed on websites dedicated to gambling; every fifth user stumbled across sites featuring weapons; and almost the same number were confronted by strong language.

Percentage of users worldwide encountered dangerous content in 2014

Two thirds (67.29%) came across chat services. Only a small proportion of these services, such as those with anonymity functions or predominately adult subscribers, represent a potential threat to children. As a result it is difficult to take overall chat service encounters as an accurate indication of the level of risk to young people.  However, the data does confirm the popularity of chat; and the greater the popularity of chat services in any given country, the greater the probability that children might occasionally or even intentionally enter into an unsafe chat environment. So, if nothing else, evidence of frequent encounters with chat services could be a sign for parents to pay more attention to the nature of these services and the likelihood of their child being drawn in.

Websites carrying these kinds of inappropriate content (adult, chat, gambling and weapons), along with others featuring drugs, tobacco and alcohol, were the ones blocked most often by Kaspersky Lab protection solutions. The frequency of detections demonstrates just how easy it is for users to encounter such content online. The higher the frequency: the greater the probability.

The most frequent use of parental controls were from China, USA, German, the UK and Russia #KLReport

Tweet

In geographical terms, the countries with the most frequent Parental Control detections were China, the USA, Germany, the UK and Russia. France, Vietnam, Brazil and Algeria also ranked in the top ten in terms of inappropriate content detection – but were relatively safer due to a lower frequency of detection.

Each of the top ten most affected countries has its own distinct characteristics when it comes to the prevailing online threats for children. For instance, adult content was the biggest threat to users in Germany (with 172 detections per user), China (144.18 detections per user), and the US (126.16 detections). Content about alcohol, tobacco and drugs was a major threat to users from Russia, Germany, the USA and France. The frequency of detection was especially high in these countries. This kind of content also proved popular in Brazil and the UK.

Parents should choose parental control solutions to help protect their children #KLReport

Tweet

The fact that the threat landscape for children changes significantly from country to country is one of the most remarkable findings to emerge from the research. It is a clear sign for parents around the world to pay special attention to what their children are doing online in their own country, as every situation will be different. To protect young people, we recommend that adults choose protection solutions with Parental Control technologies and make full use of safe "children" modes in search engines and applications that allow access to multimedia content and which are used by children.

However, although Parental Control technologies can block access to web sites with content that is dangerous or distressing for children, they cannot offer reliable protection in situations where safe-by-default web services like social networks or chats are misused by predators or users conducting cyberbullying campaigns.

Internet security deserves to be taken as seriously as real-life physical security #KLReport

Tweet

Internet security deserves to be taken as seriously as real-life physical security. That's why we urge parents to take an active part in their children's real and digital lives.  Only then can they be sure that they won't miss the moment when their child might need their support.

Read more about online threats to children in the full text of the research.

Domain Shadowing Latest Angler Exploit Kit Evasion Technique

Threatpost for B2B - Tue, 03/03/2015 - 17:30
The Angler Exploit Kit has begun using domain shadowing as a technique to avoid detection and blocking, researchers at Cisco Talos said.

New POS Malware Uses Mailslots to Avoid Detection

Threatpost for B2B - Tue, 03/03/2015 - 16:57
A new type of POS malware, LogPOS, is using technology that evades detection by letting the malware inject code while it shuttles stolen credit card numbers to its C+C server.

New FREAK Attack Threatens Many SSL Clients

Threatpost for B2B - Tue, 03/03/2015 - 15:30
For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL […]

Change to Lollipop Encryption Policy May Not Have Much Effect, Experts Say

Threatpost for B2B - Tue, 03/03/2015 - 12:05
Google has made a subtle, but important, shift in the requirements for Android handset makers, saying now that OEMs manufacturing phones that will run Lollipop do not have to enable disk encryption by default. This is a major change from the company’s stated position from just a few months ago, but it may not have […]

Government Report Critical of FAA Security Controls

Threatpost for B2B - Tue, 03/03/2015 - 11:10
A GAO report takes the Federal Aviation Administration to the woodshed over its sub-par information security controls and policies.

Signal 2.0 Brings Encrypted Messaging to iPhone

Threatpost for B2B - Mon, 03/02/2015 - 16:22
Signal 2.0 is available from Open WhisperSystems, and brings encrypted messaging to the iPhone.

D-Link Routers Haunted by Remote Command Injection Bug

Threatpost for B2B - Mon, 03/02/2015 - 15:02
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the researchers who discovered it. […]

Older Keen Team Use-After-Free IE Exploit Added to Angler Exploit Kit

Threatpost for B2B - Mon, 03/02/2015 - 14:58
Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsoft's Internet Explorer browser.

Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox

Threatpost for B2B - Mon, 03/02/2015 - 10:53
Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essentially running man-in-the-middle attacks on connections to secure sites–in the name of […]

Seagate Business NAS Firmware Vulnerabilities Disclosed

Threatpost for B2B - Mon, 03/02/2015 - 10:43
Remote code execution vulnerabilities in Seagate Business NAS firmware were disclosed after a 100-plus day deadline passed without a fix from the vendor.

Uber Announces Breach of ‘Partner’ Information

Threatpost for B2B - Mon, 03/02/2015 - 10:32
Uber announced that attackers had compromised databases containing current and former driver partner names and license numbers.

Pharming Attack Targets Home Router DNS Settings

Threatpost for B2B - Fri, 02/27/2015 - 15:07
A pharming attack has been detected targeting home routers distributed from Brazil's largest telco, a rare instance of a web-based attack changing DNS settings in order to redirect traffic.
Syndicate content