Asyn
1561
Left123
1562
Win32/Delf.QCZ also known as “Avast enchanced protection mode”
Additional details http://www.eset.com/about/blog/blog/article/win32delf-qcz-additional-details/
Something interesting and new?
When someone logs in from the infected computer, the credentials are stored in the [b]registry[/b].
[b]
Pondus
1563
Mouse attack ;D
Netragard’s Hacker Interface Device (HID).
http://pentest.snosoft.com/2011/06/24/netragards-hacker-interface-device-hid/
We (Netragard) recently completed an engagement for a client with a rather restricted scope. The scope included a single IP address bound to a firewall that offered no services what so ever. It also excluded the use of social attack vectors based on social networks, telephone, or email and disallowed any physical access to the campus and surrounding areas. With all of these limitations in place, we were tasked with penetrating into the network from the perspective of a remote threat, and succeeded.
system
1564
Sorry :-[ if this is a double post
Monthly Malware Statistics: August 2011
August in Figures
The following statistics were compiled in August using data collected from computers running Kaspersky Lab products:
193,989,043 networks attacks were blocked;
64,742,608 web-borne infections were prevented;
258,090,156 malicious programs were detected and neutralized on user computers;
80,155,498 heuristic verdicts were registered.
August is traditionally one of the busiest months for the information security industry, despite the summer holiday season. Two of the top security conferences take place in August in the US: BlackHat and Defcon. These two events are a popular platform for announcing the results of top studies and not only discuss the results of the past year, but address the issues looming on the horizon. New attack methods are discussed at the conferences, in addition to different hacking technologies — some of which, unfortunately, are subsequently applied in malicious programs. Furthermore, the summer holiday season creates additional problems for individual computer users and organizations alike. People on vacation use the Internet more frequently at Internet cafes, free WiFi hotspots, airports, etc., which means they are outside of their usual security perimeter and have higher chances of becoming the victims of malicious users.
Out-of-the-box activity
Let’s take a closer look at some of the new malicious programs and malicious technologies employed by “the other side” in August.
Ice IX: the bastard child of ZeuS
http://www.securelist.com/en/analysis/204792190/Monthly_Malware_Statistics_August_2011
Asyn
1565
Asyn
1566
Asyn
1567
Pondus
1568
more on BIOS malware
Malware burrows deep into computer BIOS to escape AV - Mebromi rootkit also targets master boot record
http://www.theregister.co.uk/2011/09/14/bios_rootkit_discovered/
Pondus
1569
Android banking trojan intercepts security texts - Thought you were so clever, Mr Banker Guy
http://www.theregister.co.uk/2011/09/14/spyeye_targets_android_phones/
system
1570
Adobe ‘Critical’ Security Update Removes Fraudulent DigiNotar Certificates
Adobe (NSDQ:ADBE) joined Microsoft (NSDQ:MSFT) with its own “Patch Tuesday,” issuing a security update that repaired a slew of critical flaws in numerous versions of Reader and Acrobat products, including potential vulnerability to attacks resulting from fraudulent DigiNotar certificates.
Specifically, the Adobe security update repaired critical flaws in Adobe Reader 10.1 and earlier versions for Windows and Mac OS X, as well as Adobe Reader 9.4.2 and earlier versions for UNIX and Adobe Acrobat X and earlier versions for Windows and Mac OS X.
http://www.crn.com/news/security/231601428/adobe-critical-security-update-removes-fraudulent-diginotar-certificates.htm;jsessionid=PCjw2qxsScayBtDzSLwHzw**.ecappj01?cid=nl_sec
system
1571
Microsoft Fixes Office, Excel Flaws In ‘Non-Critical’ Patch Tuesday Release
Microsoft (NSDQ:MSFT) issued a modest patch load for its September Patch Tuesday release, but coupled the security bulletin with yet another update blacklisting more fraudulent DigiNotar SSL certificates.
Microsoft’s Patch Tuesday bulletin mildly surprised the security community by containing just five updates, none of which were deemed with the highest severity ranking of “critical.”
http://www.crn.com/news/security/231601362/microsoft-fixes-office-excel-flaws-in-non-critical-patch-tuesday-release.htm?cid=nl_sec
Asyn
1572
system
1573
Asyn
1574
:o Thanks for that info logos…!
system
1575
yeah this could be the worse security related disaster ever.
DavidR
1576
Serious yes, but I want to know if this POC would work on a site not hacked.
The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts.
So there has to this network sniffer, piece of ‘stealthy’ javascript, where does it come from. It would either have to be inserted into the site page (hacked) or an off site loading/running of a script (cross site scripting XSS, again hacked site).
Well I’m looking at what protection can be offered in the form of the web shield (good on hacked sites and inserted script tags, etc.) and things like NoScript and RequestPolicy firefox add-ons to prevent local or XSS scripts from running (unless of course you gave permission).
“BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection,”
So again I don’t see any mention in all of this of a systems local security software and how it plays out in this.
EDIT: incorrect formatting of quote.
bob3160
1577
Beginning to wonder if anything is safe any more.
DavidR
1578
I think there is a degree of hype/fear-mongering in this when it doesn’t take any account of users security measures or even mention methods of combating it.
Dwarden
1579
just note this PoC comes from researchers who already are responsible for another POC forcing Microsoft and Oracle to do out of band patch in past …
so i would not understimate the seriousness …
already it’s discussed it takes only 5minutes to de-cypher and most sites has 10 minutes expire so this is nasty
also i hope this forces all websites to upgrade to 2nd revision of TLS 1.2 (SSL 3.3)
system
1580
Russian hacker sells home and cars to pay RBS
A Russian hacker who breached the security of RBS' WorldPay service and stole $9m (£6m) has had his property sold to compensate the bank.
Viktor Pleshchuk's two flats and two cars, a BMW and a Lada, were auctioned off in Saint Petersburg on Monday.
According to a Russian news portal RIA Novosti, the sale raised 10m roubles (£200,000).
http://www.bbc.co.uk/news/technology-14989264
