TDL-4 variant spreads click-fraud campaign

A click-fraud campaign – in which attackers redirect users from legitimate ads on major sites, like Facebook and YouTube, to URLs where they can receive money for clicks – has been launched using a new TDL-4 malware variant.

TDL-4 rose to infamy in 2011, when researchers discovered that the malware supported a botnet of more than four million infected computers, which were primarily in the United States. Continue reading TDL-4 variant spreads click-fraud campaign


Kaspersky reports 3 more Flame-related malware variants

Kaspersky Lab has published an update in its investigation of the Flame cyber-espionage campaign, which the security experts discovered in May.

The research, which Kaspersky conducted in partnership with IMPACT, CERT-Bund/BSI and Symantec, identified traces of three previously undiscovered malicious programs.

Specifically, Symantec has highlighted forensic analysis of two of the command-and-control (C&C) servers behind the W32.Flamer attacks that targeted the Middle East earlier this year. Continue reading Kaspersky reports 3 more Flame-related malware variants

How to Protect Against the Threat of Spearphishing Attacks

SS Labs’ researchers have identified spearphishing as the most common targeted method sophisticated attackers use to compromise high-value targets. Where classic phishing takes a net-casting approach in its use of email — not unlike a low-end spam campaign — spearphishing uses social engineering techniques to create a more targeted invitation to click on a link or an attachment contained in a message. A recipient who follows the link may be invited to provide a user name and password or other personal information, or malware may be silently installed on the target’s computer.
Phishing and spearphishing attacks both begin with an email and rely on end-user cooperation — obtained via social engineering — to advance the attack. The protections used to repel untargeted phishing attacks will repel the overwhelming majority of spearphishing attacks.
The most effective defenses are user education and training that help end users avoid behaviors that enable successful phishing attacks. Technologies like antivirus tools and endpoint protection platforms (EPPs) have shown only mixed results in defending against exploits, and it is clear that a reliance on purely technological solutions is likely to be ineffective.

Download this analysis brief to learn about our findings and recommendations.

Oooh no, not again, Microsoft IE security flaw!

A malware attack exploiting Internet Explorer 9.A malware attack exploiting Internet Explorer 9.

(Credit: Rapid7)

Users of Internet Explorer versions 6 through 9 are grappling with another security flaw without a fix, but Microsoft has a few suggestions to help shore up protection.

Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. Microsoft said it’s already aware of attacks that have tried to take advantage of this weakness. Continue reading Oooh no, not again, Microsoft IE security flaw!

CipherCloud Adds Encryption to SaaS, Cloud Applications

CipherCloud CipherCloud’s new tool allows businesses to encrypt data in-transit, in-use, and at-rest for both public and private cloud applications.

The CipherCloud Connect AnyApp offers businesses cloud encryption for all types of data, regardless of whether it’s being used with infrastructure-as-a-service, software-as-a-service, and platform-as-a-service applications, CipherCloud said Thursday. The latest software addition to the CipherCloud Platform provides a single interface to manage encryption, making it a cheaper option for enterprises interested in deploying data encryption across multiple cloud applications, even the ones behind the firewall, according to the company. Continue reading CipherCloud Adds Encryption to SaaS, Cloud Applications

Researchers may have figured out a way to break out of a virtual machine and take over the underlying host.

Break out from Virtual MachineResearchers developed an “advanced exploitation method” which triggered a previously discovered vulnerability in order to escape a Xen virtual machine running on Citrix XenServer and get onto the host machine, Jordan Gruskovnjak, a security researcher at VUPEN Security wrote on the Vulnerability Research Team Blog on Tuesday. The vulnerability was discovered by Rafal Wojtczuk and presented during the recent Black Hat security conference in Las Vegas.

With this method, attackers who have root access on a guest virtual machine running under Xen can take over the host system and be able to execute arbitrary code with appropriate permissions, Gruskovnjak said. Once out of the virtual machine, attackers would be able to access all the other virtual machines running on that hardware.

“By controlling the general purpose registers, it is possible to influence the hypervisor behavior and gain code execution in the hypervisor context, escaping the guest context.” Gruskovnjak wrote. Continue reading Researchers may have figured out a way to break out of a virtual machine and take over the underlying host.

AVG Launches 2013 Security Products

Netherlands-based AVG Technologies, maker of popular free and premium Internet security software, this week officially launched its 2013 product line.

The AVG 2013 lineup includes new versions of the company’s free and paid products, and additional enhancements to its security and performance optimization products.

AVG 2013Along with an increase in performance and enhanced threat detection, AVG revamped the user interface of its flagship offering, making the security software compatible with touch-screen systems.

The company also offers an interesting “Do Not Track” privacy feature in its free and paid products. The new privacy feature informs users on what Internet usage data and information is being collected, and provides the choice to block tracking directly or turn it on and off as desired.

“We believe all Internet users are entitled to know how their online data is collected and used – and they should have possible solutions available,” said JR Smith, CEO of AVG Technologies, when the feature was first announced. Continue reading AVG Launches 2013 Security Products