The ZeuS banking trojan is back making headlines, this time for hitting up infected machines with fake enrollment screens for both Visa and MasterCard credit cards.
"When you log into your bank, it says you have to enroll in Verified by Visa, that it's regulated now and you have to do it," explains Mickey Boodaei, CEO at Trusteer, a security firm.
This new variant sits in waiting until the potential victim logs into a list of targeted sites. Once they do, the ZeuS trojan uses this and other shenanigans to trick users into forking over not just credit card credentials, but Social Security numbers, personal identification numbers, and other personal info.
I have a system with anti-virus and anti-spyware software installed. I also made a backup image with Acronis True Image some time ago. Now, somehow it got a bad malware infection that nothing can remove completely. The usual method is to reformat and reinstall Windows, but what if I use a clean image from Acronis to restore my system? Can that be done? Will it get rid of all the malware, or will some be left behind?
Here's a scary thought - while you sit there firing foam projectiles at co-workers, your USB rocket launcher could be harvesting your personal data and sending it to a snooper. What's worse, your security software would be none the wiser.
This would be an example of a hardware trojan, which up to this point were mostly considered to be modified circuits. A hacker might, for example, intercept a microchip while it's still in the factory and code subtle changes into it so that whatever device the chip goes into ends up crashing.
John Clark, Sylvain Leblanc, and Scott Knight, three computer engineers at the Royal Military College of Canada in Kingston, Ontario, set out to prove that a hardware trojan could be sent out by other means, specifically by exploiting a weakness in USB's plug-and-play functionality, New Scientist reports. Because the USB protocol blindly trusts any device being plugged in to honestly report its identity, a hacker would need only to switch it out with a compromised device that reports the same information.
To show that it was possible, the team assembled a keyboard with malicious circuitry that was successfully able to swipe data from the hard drive and transmit it in one of two ways - by sending out Morse code via LED flashes, and by encoding data as a subtle warbling output from the soundcard. The transmission isn't limited to these two examples, however, and could just have easily been sent via email, but the team was more interested in seeing if they could steal information on the sly.
"We've shown any USB device could contain a hardware trojan," says Leblanc. "Security software, if it checks USB devices at all, tends to look only for malware on USB memory sticks."
Leblanc went on to say that "you could mount a hardware trojan attack with a USB coffee-cup warmer," so the next time someone asks how you like your coffee, "malware free" might be an appropriate response.
Two weeks ago AVG announced its LinkScanner software for the Mac platform designed to keep "Mac users safe from increasing intensity and sophistication of Web attacks." Perhaps the Mac faithful didn't take too kindly to the release, as AVG felt compelled to follow-up the announcement with some sobering statistics for Mac users.
"It’s a well known fact that most computer users believe that owning a Mac means that you are somewhat immune to the malicious threats that lurk within cyberspace," AVG starts out. "In fact, this belief has become so strong that many Mac owners do not have, or feel the need to have, antivirus software installed on their machines.
AVG goes on to say that the iServices B Trojan crippled an additional 5,000 machines, and pointed out that other outbreaks, like the Tored-A and Jahlav-C viruses, also cause their share of headaches in the Apple community.
"Flaws were also discovered in the Safari Web browser, iTunes, and PDF program," AVG continues. "Worse still is the fact that last month reports were issued around an unpatched vulnerability in the Safari 4.0 Web browser! So, it would appear that Macs are no longer as shielded as they once were."
Australians who plan to traverse the Web better make sure they have antivirus and firewall software installed on their PCs, because if they don't, they risk being cut off from the Internet. And if they do manage to get an infection, they can expect their ISPs to disconnect service until they can prove a clean bill of health.
These recommendations come as part of a new plan being kicked around Australia's House of Representatives Standing Committee on Communications. In a report titled "Hackers, Fraudsters, and Botnets: Tackling the Problem of Cyber Crime," the committee spent 260 pages outlining 34 recommendations on how to deal with the growing threat of cyber crime, everything from the above scenario to holding companies financially responsible who release IT products with security vulnerabilities.
"In the past decade, cyber crime has grown from the nuisance of the cyber smart hacker into an organized transnational crime committed for vast profit and often with devastating consequences for its victims," said committee chair Belinda Neal.
Is Australia's House of Representatives on to something here, or are they off their rocker? Hit the jump and sound off.
With all the damage hackers are capable of inflicting on your system, you might be under the impression that they're using the most sophisticated software tools on the planet. You'd be wrong, security experts say.
On the contrary, researchers claim that many of the malware kits out in the wild are filled with security holes, sort of a software version of Swiss cheese. And as it turns out, these same bugs can be used not only to identify who it is on the other side of the attack, but also to launch a counter-attack, researchers say.
There are some cyber criminals who code their own software, but the majority of them just go out and grab one of the many available malware kits. Laurent Oudot, a French security expert from Tehtri Security, took apart several of the more popular kits and found a bunch of loopholes he says are relatively easy to exploit, which would allow researchers to "hack the web hackers."
The downside? Doing so might "lead to legal issues," Oudot admits.
The tech media has gone into full "told you so" mode after it was discovered that hackers managed to plant a Trojan in the popular Unreal IRC server, proving that Linux users need to worry about malware too.
"This is very embarrassing... We found that the Unreal220.127.116.11.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (Trojan) in it," an announcement on the Unreal IRC forum states. "This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in)."
While a single outbreak doesn't constitute an insecure OS platform by any stretch of the imagination, perhaps the media has a point. The announcement goes on to state that the "replacement of the.tar.gz occurred in November 2009 (at least on some mirrors," which means it took nearly a year for it to be noticed. What most of the write-ups are insinuating -- and we'll just come out and say it -- is that perhaps this was left unnoticed in the Linux community because of an arrogance that suggests the open source OS is impenetrable. Obviously that isn't the case, but despite reports you may read elsewhere, the opposite isn't true either -- Linux users needn't worry that the sky is falling because of one high profile outbreak.
Microsoft has the unfortunate reputation of being more vulnerable than most when it comes to security exploits, so I'm sure the boys in Redmond were cringing just a bit more than usual when they discovered that malware was infecting Windows Mobile phones as well. According to Cnet, the applications "3D Anti-Terrorist game, PDA Poker Art, and Codec pack for Windows Mobile 1.0" all contain an auto dialer program that makes calls to random numbers in countries such as Somalia and the South Pole.
Microsoft representatives were understandably concerned about the news, but even we are forced to admit that it's not really their fault since users are voluntarily downloading and installing the infected applications. "Users need to be aware of what they are downloading and make sure it is a reputable source and from a reputable developer." While we don't know the exact number of users who were infected, even Microsoft was forced to admit that it could be the beginning of a trend. "What took 15 years for malware to evolve on the desktop is accelerated on the mobile platform." "We're seeing it move from early proof-of-concept (malware) to things that are driving profit."
Of course this also points out the ideological differences between platforms such as Windows Mobile and Android that allow you to download any application you want, and the iPhone approach where each app is tested an analyzed prior to approval. Do you think mobile platforms should be locked down the way Steve Jobs envisions, or do people who download apps from shady sources deserve what they get?
Here's a scary thought - you may soon have to worry about security on your smartphone just as you do on your PC. Up to this point, cell phone security has almost been an afterthought, at least in the public's eye, but that's about to change. Two researchers from Trustwave -- Nicholas J. Percoco and Christian Papathanasiou - are scheduled to demo a rootkit running on an Android-based smartphone at the Defcon security conference in Las Vegas next month.
"We have developed a kernel-level Android rootkit in the form of a loadable kernel module. As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number'. This ultimately results in full root access on the Android device. This will be demonstrated (live)," the two researchers wrote.
As the security duo point out, "the implications of this are huge." With full rootkit access, attackers would be able to read all SMS messages on the phone, drive up long distance phone bills, and could even hunt down the owner's exact GPS location. The flexible rootkit can be installed over-the-air or alongside a rogue app, the researchers says.
Percoco and Papathanasiou didn't say exactly how they were able to bypass Android's security measures to install the rootkit in the first place, but did say why they zeroed in on Android.
"Android forms a perfect platform for further investigation due to its use of the Linux kernel and the existence of a very established body of knowledge regarding kernel-level rootkits in Linux," they wrote.
Application whitelisting company Bit9 is saying something IT admins already know: corporate and government PC users need to do a better job of protecting their computers from malware.
Bit9 surveyed 1,282 IT professionals and found that many enterprise and government desktops are littered with unauthorized software ranging from P2P software, to toolbars, Trojans, spyware, and ransomware, among other digital cruft.
"The results from our survey once again underscore the need for companies to adopt a more proactive approach to endpoint security to prevent unauthorized software from being downloaded and running in their organizations," said Tom Murphy, Chief Strategy Officer, Bit9. "Rather than scrambling to react to the latest malicious piece of software – costing time and money – IT administrators need to ensure that only approved software will run in their enterprise. This is a business critical need confirmed by the large amount of respondents that are dealing with malware across their networks."
A solution may not be so easy to come by. Even though 68 percent of IT staff surveyed said they have software restrictions in place, 45 percent said they still found unauthorized software running on more than half of their computers.