China

Malware Targets Skype Users, Records Conversations (softpedia.com) 25

An anonymous reader writes: A new backdoor trojan is making the rounds, coming equipped with features that allow it to steal files, take screengrabs, and record Skype conversations. Currently detected targeting US organizations, researchers linked it to previous malware developed by a Chinese cyber-espionage group called Admin@338. Besides recording Skype conversations, the malware can also steal Office documents, and includes a complicated installation procedure that allows it to avoid antivirus software installed on the machine.
Security

Neutrino Exploit Kit Has a New Way To Detect Security Researchers (csoonline.com) 37

itwbennett writes: [The Neutrino exploit kit] is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.
Botnet

Online Museum Displays Decades of Malware (thestack.com) 38

An anonymous reader writes: archive.org has launched a Museum of Malware, which devotes itself to a historical look at DOS-based viruses of the 1980s and 1990s, and gives viewers the opportunity to run the viruses in a DOS game emulator, and to download 'neutered' versions of the code. With an estimated 50,000 DOS-based viruses in existence by the year 2000, the Malware Museum's 65 examples should be seen as representative of an annoying, but more innocent era of digital vandalism.
Desktops (Apple)

Scareware Signed With Apple Cert Targets OS X Machines (threatpost.com) 39

msm1267 writes: A unique scareware campaign targeting Mac OS X machines has been discovered, and it's likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate.

"Sadly, this particular developer certificate (assigned to a Maksim Noskov) has been used for probably two years in similar attacks," said Johannes Ullrich, dean of research of the SANS Institute's Internet Storm Center, which on Thursday publicly disclosed the campaign. "So far, it apparently hasn't been revoked by Apple."

Security

Anti-Malware Maker Files Lawsuit Over Bad Review (csoonline.com) 162

itwbennett writes: In a lawsuit filed January 8, 2016, Enigma Software, maker of anti-malware software SpyHunter, accuses self-help portal Bleeping Computer of making 'false, disparaging, and defamatory statements.' At issue: a bad review posted by a user in September, 2014. The lawsuit also accuses Bleeping Computer of profiting from driving traffic to competitor Malwarebytes via affiliate links: 'Bleeping has a direct financial interest in driving traffic and sales to Malwarebytes and driving traffic and sales away from ESG.' Perhaps not helping matters, one of the first donations to a fund set up by Bleeping Computer to help with legal costs came from Malwarebytes.
AI

Harnessing Artificial Intelligence To Build an Army of Virtual Analysts 41

An anonymous reader writes: PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market. Their goal was to make a system capable of mimicking the knowledge and intuition of human security analysts so that attacks can be detected in real time. The platform can go through millions of events per day and can make an increasingly better evaluation of whether they are anomalous, malicious or benign.
Crime

Survey: Average Successful Hack Nets Less Than $15,000 (csoonline.com) 84

itwbennett writes: According to a Ponemon Institute survey, hackers make less than $15,000 per successful attack and net, on average, less than $29,000 a year. The average attacker conducts eight attacks per year, of which less than half are successful. Among the findings that will be of particular interest to defenders: Hackers prefer easy targets and will call off an attack if it is taking too long. According to the survey, 13 percent quit after a delay of five hours. A delay of 10 hours causes 24 percent to quit, a delay of 20 hours causes 36 to quit, and a majority of 60 percent will give up if an attack takes 40 additional hours. 'If you can delay them by two days, you can deter 60 percent of attacks,' said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study.
United States

Former DoE Employee Ensnared By Secret-Selling Sting Pleads Guilty (washingtonpost.com) 40

mdsolar writes: A former Energy Department employee accused of attempting to infiltrate the agency's computer system to steal nuclear secrets and sell them to a foreign government pleaded guilty Tuesday to a reduced charge of attempting to damage protected government computers in an email "spear-phishing attack." Charles Harvey Eccleston, a former employee at the department and at the independent Nuclear Regulatory Commission (NRC), was arrested March 27 by Philippine authorities after an undercover FBI sting operation. Eccleston, 62, a U.S. citizen who had been living in the Philippines since 2011, was "terminated" from his job at the NRC in 2010, according to the Justice Department. In January 2015, the department said, he targeted more than 80 Energy Department employees in Washington at four national nuclear labs with emails containing what he thought were links to malicious websites that, if activated, could infect and damage computers.
Security

Severe and Unpatched eBay Vulnerability Allows Attackers To Distribute Malware 30

An anonymous reader writes: Check Point researchers have discovered a severe vulnerability in eBay's online sales platform, which allows criminals to distribute malware and do phishing campaigns. This vulnerability allows attackers to bypass eBay's code validation and control the vulnerable code remotely, to execute malicious Javascript code on targeted eBay users.
Privacy

Ask Slashdot: How Do I Reduce Information Leakage From My Personal Devices? 256

Mattcelt writes: I find that using an ad-blocking hosts file has been one of the most effective way to secure my devices against malware for the past few years. But the sheer number of constantly-shifting server DNs to block means I couldn't possibly manage such a list on my own. And finding out today that Microsoft is, once again, bollocks at privacy (no surprise there) made me think I need to add a new strategic purpose to my hosts solution — specifically, preventing my devices from 'phoning home'. Knowing that my very Operating Systems are working against me in this regard incenses me, and I want more control over who collects my data and how. Does anyone here know of a place that maintains a list of the servers to block if I don't want Google/Apple/Microsoft to receive information about my usage and habits? It likely needs to be documented so certain services can be enabled or disabled on an as-needed basis, but as a starting point, I'll gladly take a raw list for now.
Security

Attackers Use Microsoft Office To Push BlackEnergy Malware (csoonline.com) 51

itwbennett writes: Researchers at SentinelOne reverse engineered the latest variant of the BlackEnergy 3 rootkit (the same malware used in recent attacks against Ukraine's critical infrastructure) and found indicators that suggest it is being used by insiders and that it is the byproduct of a nation-sponsored campaign. 'BlackEnergy 3 exploits an Office 2013 vulnerability that was patched some time ago, so it only works if the target machine isn't patched or an employee (either deliberately or after being tricked into it) executes the malicious Excel document,' writes CSO's Steve Ragan.
Power

Israel's Electric Grid Targeted By Malware, Energy Minister Says (timesofisrael.com) 37

itwbennett writes: While many are still debating how much risk there is of a catastrophic cyber attack on power grid and other critical infrastructure, Israel's Minister of Infrastructure, Energy and Water, Yuval Steinitz has good reason for warning 'of the sensitivity of infrastructure to cyber-attacks, and the importance of preparing ourselves in order to defend ourselves against such attacks.' On Tuesday Steinitz told attendees at CyberTech 2016 that the country's Public Utility Authority had been targeted by malware just one day earlier, and that some systems were still not working properly. Not long after news of the attack started to spread, Robert M. Lee, the CEO of Dragos Security, published his thoughts on the matter over on the SANS ICS blog.
Security

Malware Operator Barters With Security Researcher To Remove Open Source Ransomware Code (softpedia.com) 34

An anonymous reader writes: The author of the Magic ransomware strain has agreed to release all decryption keys for free if Utku Sen, a Turkish security researcher, takes down his Hidden Tear open-source ransomware project from GitHub. Sen has released multiple open source ransomware projects, which contained backdoors and encryption flaws. The flaws disrupted the plans of several ransomware operators. This particular ransomware author is Russian, while Sen is Turkish, so just like Putin and Erdogan, the two struggled to come to an agreement. Utku Sen finally agreed to take down the Hidden Tear repository in three days, while the author of the Magic ransomware will provide all the encryption keys for free for the next 15 days.
Crime

Ransomware Hits Three Indian Banks, Causes Millions In Damages (malwarebytes.org) 76

An anonymous reader writes: Ransomware has locked computers in three major Indian banks and one pharmaceutical company. While the ransom note asks for 1 Bitcoin, so many computers have been infected that damages racked up millions of dollars. According to an antivirus company that analyzed the ransomware, it's not even that complex, and seems the work of some amateur Russians.
Open Source

Open-Source Ransomware Abused For the Second Time In Real-Life Infections (softpedia.com) 100

An anonymous reader writes: After the Hidden Tear (open-source) ransomware code was used to create the Cryptear.B ransomware, now the EDA2 open-source project was used in the same way to create the Magic ransomware. Both projects were created by the same guy. While he left an encryption flaw for Hidden Tear, he didn't for EDA2, relying on a backdoor in the ransomware's admin panel, which he planned to use to steal the encryption keys from the ransomware authors, if they ever used his tool. Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.
Advertising

Google Says It Killed 780 Million 'Bad Ads' In 2015 (cio.com) 92

itwbennett writes: According to a new Google report, the search giant disabled more than 780 million "bad ads," including include ads for counterfeit products, misleading or unapproved pharmaceuticals, weight loss scams, phishing ploys, unwanted software and "trick-to-click" cons, globally last year. This marks a 49 percent increase over 2014. For perspective, it would take an individual nearly 25 years to look at the 780 million ads Google removed last year for just one second each, according to Google. If the trend continues, Google's team of more than 1,000 staffers dedicated to killing spam will be even busier in 2016, and they could disable more than a billion junky ads.
Crime

Symantec Disavows Business Partner Caught Running a Tech Support Scam (malwarebytes.org) 85

An anonymous reader writes: Malwarebytes has caught one of Symantec's resellers running a tech support scam that was scaring users into thinking they were infected with malware and then graciously offering to sell Symantec's security software at inflated rates. Malwarebytes played along with their scam and found out the company behind it was Silurian Tech Support, located somewhere in North India. Symantec told El Reg that it terminated the reseller's contract and will work with law enforcement to defend its brand and intellectual property.
Facebook

Fake Facebook Emails Deliver Malware Masquerading As Audio Message 47

An anonymous reader writes: A new spam campaign is targeting Facebook users. It uses the same approach as the recent one aimed at WhatsApp users, and Comodo researchers believe that the authors of both campaigns are likely the same. The fake emails are made to look like an official communication from the popular social network, and their goal is to make the victims believe they have received a voice message. The attachment that the recipients are urged to download and open contains a malicious executable — a variant of the Nivdort information-stealing Trojan.
Privacy

Ashley Madison Blackmail Letter Revealed (grahamcluley.com) 228

An anonymous reader writes: Security researcher Graham Cluley says he has been forwarded a blackmail letter, sent to a member of the controversial Ashley Madison adultery website. In the letter the blackmailer says that unless $2,000 worth of bitcoin is paid within 10 days, the recipient's wife, friends and colleagues will be informed of his misdemeanors. In a threatening twist, the letter goes on to give personal details of another victim who refused to pay the blackmailers, and how his personal life and work were targeted as a result. Cluley's advice to recipients is not to pay the blackmailers, but to tell the U.S. Postal Inspectors Service.
Security

New Linux Trojan Can Spy on Users by Taking Screenshots and Recording Audio (drweb.com) 130

An anonymous reader writes: Dr.Web, a Russian antivirus maker, has detected a new threat against Linux users: the Linux.Ekoms.1 trojan. It includes functionality that allows it to take screenshots and record audio. While the screenshot activity is working just fine, Dr.Web says the trojan's audio recording feature has not been turned on, despite being included in the malware's source code. "All information transmitted between the server and Linux.Ekoms.1 is encrypted. The encryption is initially performed using the public key; and the decryption is executed by implementing the RSA_public_decrypt function to the received data. The Trojan exchanges data with the server using AbNetworkMessage."

Slashdot Top Deals