Week in review: “Frankenmalware”, Kelihos malware author revealed, and the tragic state of SCADA security

Here’s an overview of some of last week’s most interesting news:

Tool used in Anonymous Megaupload campaign
Looking at the LOIC downloads so far this year, it’s clear there has been a sudden, sharp increase in the past few days which coincides with the latest Anonymous campaign.

DreamHost hacker accessed pool of unencrypted passwords
DreamHost, one of the world’s most popular and well-known web hosting providers, has sent a warning out to its customers saying that one of their databases containing user FTP/shell access passwords has been accessed by unknown attackers.

Online reputation manager suspected of Illegal code injection
Every now and then, some firms offering online reputation management services succumb to the temptation of using illegal means to achieve their goal. And, according to Fox News, California-based Rexxfield is currently being accused of belonging to that group.

Researchers demonstrate tragic state of SCADA security
Visitors had the opportunity to hear a damning presentation held by researchers grouped around Project Basecamp which revealed that their testing of six widely used programmable logic controllers (PLCs) resulted in the discovery of alarming security bugs that are mostly design flaws and (even!) features, and of the fact that some of them can’t even take a probing without crashing.

Pwn2Own 2012: Changed rules, bigger prizes, no more mobile hacks
Pwn2Own, one of the most anticipated hacking contests that takes place each year at the CanSecWest conference in Vancouver, British Columbia, is set to unfold under dramatically different rules this year.

Researchers discover network of 7,000 typo squatting domains
A network of some 7,000 typo squatting domains is being used by scammers to effectively drive traffic towards their scammy sites, some of which get so much traffic that they managed to enter Alexa’s top 250 list of sites with the largest Web traffic, say Websense researchers.

Kelihos malware author, botnet herder named by Microsoft
His name is Andrey N. Sabelnikov, of St. Petersburg, Russian Federation, and is believed to have written the code for and either created, or participated in creating, the Kelihos malware, and used the malware to control, operate, maintain and grow the Kelihos botnet.

Targeted attacks will change the economics of security
European Justice Commissioner, Viviane Reding, unveiled the new European Privacy Directive, designed to safeguard personal, identifiable information that is stored by private and public sector organizations.

Rogue apps make comeback in “Hours spent on Facebook” scam
Rogue Facebook applications were at one point in time extremely popular with scammers, but users getting wise regarding that approach have made the crooks steer clear of them for a while. But as Facebook gains more and more users by the day, the scammers have obviously concluded that the time has come to try the same tactic on them and they were not wrong in their assumption.

Carberp Trojan targets French broadband subscribers
Trusteer recently discovered a configuration of Carberp that targets Free, a French broadband ISP. The attack is designed to steal debit card and bank information using a Man in the Browser (MitB) attack.

“Frankenmalware” active in the wild
If you’re not careful and you don’t use anti-malware software, you might end up with various viruses, Trojans and worms on your computer. But, according to Bitdefender researchers, you might even get saddled with a hybrid or two of this different types of malware.

Protect your online image with tips from Microsoft
In observance of Data Privacy Day 2012, Microsoft is releasing new data about consumer behaviors online and is offering guidance and tips to help people better manage their online profiles and maintain a positive reputation.

Symantec advises customers to stop using pcAnywhere
In a perhaps not wholly unexpected move, Symantec has advised the customers of its pcAnywhere remote control application to stop using it until patches for a slew of vulnerabilities are issued.

User error is the biggest threat on the Internet
Sophos unveiled a detailed assessment of the threat landscape – from hacktivism and online threats to mobile malware, cloud computing and social network security, as well as IT security trends for this coming year.

PoC exploits for Linux privilege escalation bug published
The publication of proof-of-concept exploit code for a recently spotted privilege escalation flaw (CVE-2012-0056 ) in the Linux kernel has left Linux vendors scrambling to push out a patch.

Malicious MIDI files lead to rootkit malware
A Windows Media remote code execution flaw that has been patched in the last Patch Tuesday is being exploited by attackers in the wild to deliver malware to the targets’ computer, warns Trend Micro.

Facebook scammers leverage the Amazon Cloud
The spammers have lately begun using Amazon’s cloud services for hosting the fake Facebook pages leading to surveys because it’s cheap and because is less likely that Facebook will block links from an Amazon domain.

A peek into the Sykipot campaigns
The group(s) behind the massive and consistent campaigns targeting US defense contractors with the Sykipot Trojan continue their attacks unabated, reports Symantec.

FBI in the market for app to monitor social networks
The US FBI is looking into the possibility of using an “Open Source and social media alert, mapping, and analysis application” for increasing its situational awareness, and to that effect has issued a request for information to determine if there are companies that could provide them with it.




Share this