Week in review: New and improved TDL4 rootkit, and the danger behind low-volume email attacks

Here’s an overview of some of last week’s most interesting news, reviews and articles:

Info-stealing Trojan posing as Panda Cloud Antivirus
The file – named 2.4.exe – is equipped with the well-known Panda icon but, once run, installs the DarkAngle Trojan on the victim’s computer.

The danger behind low-volume email attacks
Broad campaigns often spoof notifications from well-known businesses, establishments, organizations, and agencies, and are very widespread these days. However, smaller volume campaigns sometimes can be as (or even more) dangerous by bypassing the victim’s defenses.

Malware Forensics Field Guide for Windows Systems
If you are looking for a field guide that will help you identify malware on a Windows computer system, examine it, and determine its impact, than this book might be just the right thing for you.

NatWest banking scam hits UK online banking clients
Bitdefender detected a new scam where criminals pretending to be from NatWest bank are attempting to steal customers’ credentials by circulating a fake satisfaction survey via e-mail. This follows the recent announcement that the NatWest “Get Cash’ app was suspended after abuse by fraudsters.

Cybercrime costs rise nearly 40 percent
According to the third annual study of U.S. companies, the occurrence of cyberattacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 percent.

Massive WoW killing spree due to in-game exploit
What should have been a relaxing and afternoon in the virtual world of Azeroth turned to a veritable bloodbath as unknown hackers used a still unknown exploit to kill off characters left and right in a number of the world’s major cities / servers.

New TDL4 rootkit successfully hiding from AV
A new variant of TDL4 has been identified, and it is now ranked as the second most prevalent malware strains within two months since detection.

Proxy service users download malware, unknowingly join botnet
In yet another example of if-it’s-too-good-to-be-true-it-probably-isn’t, hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet.

Ransomware adds audio component to force users to pay up
Not satisfied with just showing the fake FBI note, the criminals behind one of the many ransomware campaigns going on at the moment are trying to assault the users’ other senses as well.

Security as an enabler of innovation
For years, many enterprises have viewed IT security as a costly extra that has to be endured as a way to reduce risk, without providing any other value to the business. Recent years have shown that the importance of the risk-controlling aspect of IT security has been maximized, while IT security started to become a business enabler providing added value to the enterprise.

Constant connectivity to social networks goes hand-in-hand with malware
In September, GFI threat researchers documented a number of cybercrime campaigns directed at users of various social networking sites including direct message spam on Twitter and a phony Pinterest application.

Voter database security is a myth
At a time when databases are being constantly penetrated by unauthorized users and personal information is being stolen, misused or just maliciously exposed, the question remains: How secure are voter databases?

5 tips for effective disaster recovery
David Mount, technical director at NetIQ, has highlighted 5 tips that will help businesses implement effective disaster recovery plans for their all important IT assets.

Cloud provider assurance: Trust but verify
Can an organization trust an IT service provided through the cloud? A survey by KuppingerCole showed that “Cloud security issues (84.4%) and cloud privacy and compliance issues (84.9%) are the major inhibitors preventing organizations from moving to a private cloud.”

Security industry needs a healthy job market
The information security industry is facing an inflationary spiral, which is both unsustainable and bad for the economy as the skills gap in information security continues to widen.

Human generated big data
Human generated content is huge, and its metadata is even bigger. The problem is that most of us, meaning organisations and governments, are not yet equipped with the tools to exploit human generated big data.