Passwords for document files are commonly used to prevent unauthorized access to the files by encrypting them with passwords. However, attackers are misusing the password feature to encrypt files, most likely to make it difficult for security products to detect them as malware,” say the researchers. “It also makes reverse-engineering the files difficult because they need to be decrypted before analysis can be performed.
Check out Help Net Security for the full article
A massive SQL injection attack campaign has been spotted by Websense researchers, and the number of unique URLs affected by it has risen from 28,000 when first detected yesterday, to 380,000 when the researchers last checked.
The injected script redirects users that have landed on various infected pages to the domain in the script, which then redirects them further to a website simulating an anti-malware check and peddling a rogue AV solution.
Both sites are currently offline, say the researchers, but the attackers have started using other domains for redirection, and will likely keep changing them up.
The researchers also noted that some iTunes URLs have been injected with the script, but that Apple has done a good job in securing the site against this kind of attacks.
“The way iTunes works is that it downloads RSS/XML feeds from the publisher to update the podcast and list of available episodes. We believe that these RSS/XML feeds have been compromised with the injected code. The good thing is that iTunes encodes the script tags, which means that the script doesn’t execute on the user’s computer,” they explained.
ZBot (also known as Zeus, ZeusBot or WSNPoem, Gorhax and Kneber) is a Trojan created to steal sensitive information from compromised computers. Zbot focuses mainly on online backing information, that unsuspected users would enter in to access the financial organizations website, however it also monitoring system information to obtain additional authentication credentials. Some of the newer variants are doing even more now. They are gathering visited website history and other data the user enters in online, while at the same time it is taking screen shots.
To help with this BitDefender has created a ZBot Removal Tool which checks users’ computers, detects and eliminates most of the ZBot variants spotted in the wild.
There has been another case discovered where Google Code is being used to spread malware yet again. This latest example was discovered by security firm zScaler, which reported the finding on their research blog on Wednesday. A spokesman from Google said that the company has taking the necessary steps to remove the project that was hosting the malicious code for violating the terms of service agreement.
At this time it is not certain how long the latest files have been hosted, but zScaler claims one of the executables dates back to late June, 2010, which could be a good indication that Google may have been hosting some or all of the malware for over at least two months now.
Yet another malicious application has been found in the Android market. It’s a game called Tap Snake, but its not just a game. It’s also a client for a commercial spying application called GPS SPY. What the description of Tap Snake doesn’t say is that every 15 minutes your GPS coordinates are uploaded to a server that could be monitored by people running GPS SPY.
Tapsnake has been downloaded from 1,000 to 5,000 times, while GPS Spy has 100 to 500 downloads. The discovery comes on the heels of a suspicious Android Wallpaper app that was downloaded millions of times and what is believed to be the platform’s first SMS trojan in the wild. – The Register
Check out this video showing the game play of the Tap Snake game.
If you have the following mobile devices you can use F-Secure’s Mobile Security tool to help protect your mobile device from the Android.Tapsnake
Barracuda released its Barracuda Labs 2010 Midyear Security Report, revealing data from two key areas: search engine malware and Twitter use and crime rate. – Check out the article [Help Net Security]
It seems that rogue peddlers have gotten tired of their old tricks in pushing rogueware into the user’s system. It used to be a fake scanning page, that leads to a warning, then a fake AV. Now, it comes as the Firefox "Just Updated" page. You know that page that instantaneously appears right after you update your Firefox browser? And you open Firefox for the first time? Just like that. But with a catch of course. There is a message telling the user than even if their Firefox got updated, their Adobe Flash Player isn’t. So they still have to update. Pretty helpful… – Check out the article [F-Secure]