Thursday, December 14, 2017
Home Tags Malware

Tag: malware

Malware, short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. Malicious software was called computer virus before the term malware was coined in 1990 by Yisrael Radai. The first category of malware propagation concerns parasitic software fragments that attach themselves to some existing executable content. The fragment may be machine code that infects some existing application, utility, or system program, or even the code used to boot a computer system. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.

Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge, as for example Regin, or it may be designed to cause harm, often as sabotage (e.g., Stuxnet), or to extort payment (CryptoLocker). ‘Malware’ is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruseswormstrojan horsesransomwarespywareadwarescareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or trojans rather than viruses.

The past year has certainly been a very busy one. We have seen an increase in targeted malware and ransomware (anyone not heard of Cryptolocker?), confirmation that the National Security Agency (NSA) has been spying on a grand scale, and quite a few obligatory data loss incidents.  Is 2014 going to be a different year? On many fronts, I believe it will. Firstly, the criminals now know that targeted malware and ransomware works, if the price is right. With payments in Bitcoins, the recipients of the ransom money are very hard to trace, adding to the criminals' business case.  Secondly, the revelation of the NSA spying will stir further in the software and enterprise security circles.

The Jericho Forum's commandments of diminishing perimeter (due to networks no longer being trusted) will finally be recognised by CIO and CSOs, thus driving investment into the host, data and application security. That can only be a good thing, so thank you Mr Snowden for your whisteblowing effort. Finally, these investments will accelerate research in data security, so I will be looking to make a few investments into startups. Vladimir Jirasek is managing director of Jirasek Consulting Services. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com This was first published in December 2013
The last 12 months marked a banner year for security startups and venture firms, with more money expected in 2014. Venture investments in security firms took off in 2013, a trend that is expected to continue in ...
"Advanced Power" automates the process of finding sites vulnerable to data theft.
While Gmail's new policy of automatically loading images by default may have some people excited, it comes at a security sacrifice. You'll no longer be seeing this notification by default in Gmail, thanks to the implementation of proxy servers for imag...
Changes in how Gmail handles image attachment security means that the service once again shows you all attached images by default. December 12, 2013 1:03 PM PST You'll no longer be seeing this notification by default in Gmail, thanks to the impl...
NEWS ANALYSIS: Zeus's new variant could be the next logical evolution of crimeware, security researchers say. The Zeus malware family has been a common sight on the IT threat landscape for years, powering a banking fraud botnet of the same name that U.S.

Authorities have tried to shut down. Zeus has now evolved. Researchers at Kaspersky Lab have detected a new 64-bit variant of the Zeus malware.  64-bit-based operating systems are increasingly becoming the norm, though malware, for the most part, has remained in the 32-bit world. Being 32-bit software doesn't, however, limit the ability of software to run on 64-bit platforms. Most Web browsers in use today even on 64-bit platforms remain 32 bit. Kaspersky is also seeing other noteworthy components in the new 64-bit Zeus variant. The new version of Zeus also includes Tor connectivity, which is inseparable from the 64-bit version, Kaspersky Lab expert Dmitry Bestuzchev told eWEEK. Tor (The Onion Router) is an anonymous network for routing Internet traffic. "It connects to an onion domain, which means that the command and control server is well-hidden," Bestuzchev said. "Not all malware includes this functionality."
 Other security researchers contacted by eWEEK also see the 64-bit variant of Zeus as being noteworthy. Even though 32-bit code can run on 64-bit machines, this new variant is keeping Zeus ahead of the game, said Tommy Chin, technical support engineer at CORE Security. "They are supporting 64-bit browsers before 64-bit browsers become highly adopted and used by the population," Chin told eWEEK. "By the time 64-bit browsers are mainstream, the 64-bit Zeus will have worked out most, if not all, the 64-bit issues of running natively on this platform." Sean Bodmer, chief researcher at CounterTack, agrees with the 64-bit threat assessment, noting that 64-bit threats are the next logical evolution of crimeware. With the implementation of 64-bit operating systems and applications, the world believed that systems running this architecture were far less likely to be vulnerable than any 32-bit-based system, Bodmer told eWEEK. "The functionality of Zeus itself has quite an impact and is very proficient at financially based cyber-crime," Bodmer said. "With all of Zeus’s functionality ported to 64-bit platforms, it seems one mind out there is far superior than the entire 64-bit security architectural designers." What's noteworthy with the new Zeus malware is that there is a 64-bit piece of code that was hidden inside a more typical 32-bit Zeus variant, Richard Henderson, security strategist at Fortinet's FortiGuard Threat Research Lab, told eWEEK. "If Zeus was able to determine the infected victim was using a 64-bit OS, the malware would attempt to inject code into some 64-bit processes in the hopes of facilitating its goals, which with Zeus is the capture of banking information," Henderson said. "As far as threat severity, in this specific case, the 64-bit portion of the malware didn't work properly, but perhaps it was just a test to dip its toes into 64-bit waters." While the specific Zeus 64-bit family is unique, there are other 64-bits pieces of malware in Kaspersky's collection, Kaspersky Lab's Bestuzchev said, adding that it’s logical to expect to get more new 64-bit samples. With the addition of Tor as the back-end network route for Zeus, Bestuzchev said, it gets more complicated to trace at the network layer.

While Tor is used to anonymize traffic, the additional network hops that are taken through multiple onion routers add latency and make the network communications somewhat slower than normal. When it comes to Zeus, network speed communication is not the most important issue, which is how stealthy and how efficient it is at stealing personal information, Bestuzchev said. That said, the fact that the 64-bit variant of Zeus is using Tor might also help individuals that might be infected. "If you see Tor activity and actually don’t use Tor at all, that’s probably the moment to make a manual inspection of the machine," Bestuzchev said. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist. ${QSComments.incrementNestedCommentsCounter()} {{if QSComments.checkCommentsDepth()}} {{if _childComments}}
Police have arrested four suspected cyber criminals and seized £80,000 in cash and a live grenade after the theft of £1m from two banks. The arrests come three months after cyber criminals targeted Barclays and Santander by taking control of branch computers using a keyboard video mouse (KVM) switch. Two 31-year-old men, a 27-year-old woman and a 24-year-old woman were arrested on suspicion of conspiracy to defraud, conspiracy to launder money and possession of an explosive. The men are being held in custody while the women have been bailed until early next year. The arrests and seizures followed raids on properties in Enfield and Islington, in north London by the Metropolitan Police’s cyber crime unit (MPCCU). Detectives from the unit are investigating the thefts linked to malicious software inadvertently downloaded by customers of the banks. The malware downloads were triggered by opening emails that appeared to be from the targeted banks. The malware enabled criminals to transfer a total of £1m to a series of other accounts, to be laundered and withdrawn as cash, police said. "These arrests by the Met's cybercrime unit follow an investigation into what we suspect is international and organised crime targeting a number of bank customers in London and across the UK,” said detective chief inspector Jason Tunn of the MPCCU. “The victims have been hoodwinked by malware-carrying emails purporting to be from their banks, and subsequently had money taken from their accounts,” he said. Police recovered several computers, smartphones and other media devices, as well as luxury goods in the co-ordinated raids. The MPCCU has asked several banks to freeze a number of accounts linked to the investigation. The National Audit Office estimates that cybercrime costs Britain an estimated £18bn to £27bn every year. Cyber security firm Check Point said bank customers must watch out for emails that appear to have been sent by their bank and contain links to websites or attachments.  “In late 2012, the Eurograbber attack siphoned £30m from bank accounts in Europe using sophisticated malware that infected users’ PCs from emails,” said Keith Bird, Check Point’s UK managing director. “These attacks are complex and stealthy, and exploit customers’ trust,” he said. Bird warned users of online banking facilities should be wary of any emails containing links or attachments, and advised them to keep anti-virus software up to date and install a personal firewall. There is growing international concern about the safety of financial markets in the face of increasingly sophisticated cyber attacks. In September, Scott Borg, chief of the US Cyber Consequences Unit, said he believed manipulation of international financial markets will be the next evolution of cyber crime. In November, UK banks and financial institutions took part in Operation Waking Shark 2, which was designed to simulate a major cyber attack on the payments and markets systems. The test was monitored by the Bank of England, Treasury and Financial Conduct Authority who are due to publish a report on the ability of the UK’s core financial services providers to withstand cyber attacks. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
BYOD will continue to grow and, as well as being seen as a perk by existing employees and a budget-saver by IT departments, it will be the de facto requirement for new employees as part of the move towards more flexible working, writes Mike Gillespie. Given that, according to Ovum, around half of employees use their own devices without their employers knowledge or agreement; and half of businesses who operate BYOD have experienced some kind of data breach (Trend Micro), we in security will have to ramp up our communications on risk and effective mitigation. Android malware will continue to slurp up data and bank details.

The move toward Android products – and the decline of the more traditionally viewed secure BlackBerry – has opened up a world of opportunity for hackers, scammers and other malfeasants.

For instance, the Perkle crimeware kit will create further chaos and business devices will need stringent and regular security measures and updates to try to keep one step ahead of malware developments. Businesses need to use more joined up thinking to leverage their most valuable security asset – their people – in the fight against malicious incursions.  All of these technology challenges will need boardroom acceptance of risk management and an improvement to communicate security across the whole of the business Mike Gillespie is director of cyber research and security at the Security Institute. Read more about security priorities for 2014 Security Think Tank: ISF’s top security threats for 2014 Security Think Tank: KuppingerCole’s security predictions for 2014 Security Think Tank: Lock up personal information in 2014, says ISSA-UK Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com This was first published in December 2013
All of the top 100 paid Android apps and 56% of the top 100 paid Apple iOS apps have been hacked, research has revealed. Compared with the 2012 research, the proportion of compromised free Android apps has decreased from 80% to 73%, but increased in free iOS apps from 40% to 53%. The research by security firm Arxan Technologies also revealed widespread app hacking among high-risk apps such as mobile financial apps. In its second annual State of Security in the App Economy report, Arxan found “cracked” mobile financial apps to be widespread. Focusing on these apps for the first time, Arxan found that 53% of the Android financial apps it reviewed had been “cracked”, while 23% of the iOS financial apps were hacked variants. The report said the findings highlight the potential for massive revenue loss, unauthorised access to data, intellectual property (IP) theft, fraud, altered user experience and brand erosion. As the growth in mobile tech innovation continues, payment use accelerates and transaction volumes increase, mobile app security remains a critical issue, the report said. “The widespread use of “cracked” apps represents a real and present danger given the explosion of smartphone and tablet use in the workplace and home,” said Arxan CTO Kevin Morgan. “Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering, either through installed malware or through decompiling and reverse engineering – enabling hackers to analyse code and target core security or business logic that is protecting or enabling access to sensitive corporate data,” he said.    Morgan said pirated versions of popular software are available on numerous unofficial app stores such as Cydia, app distribution sites, hacker/cracker sites, and file download and torrent sites. Researchers found that some of the hacked versions have been downloaded more than half a million times, indicating the scale of the problem. “The challenge for greater mobile application security remains significant,” said Morgan. He believes core recommendations for improving mobile application security need to be integrated early in the application development lifecycle and made a key component of any mobile-first strategy. In light of the 2013 analysis, Arxan makes the following recommendations: All Android applications that process sensitive information assets must be hardened against binary-level integrity or reverse-engineering attacks before deployment. Mobile applications with a high-risk profile (Android, iOS or other mobile platform) must be capable of defending themselves against static or dynamic analysis at runtime and be made tamper-resistant. Organisations should complement traditional web security tools and programs with binary code protection for code hosted in a mobile environment. Arxan notes that recommendations outlined in the 2012 report still need to be widely adopted by application owners, and are outlined below: Continue to foster mobile app protection as a strategic initiative. Prioritise protections for mobile apps that deal with transactions, payments, sensitive data or have high-value IP. Do not assume that web app security strategies are adequate to address the new requirements for mobile app protections. Focus on protecting the integrity of mobile apps against tampering/reverse-engineering attacks regardless of platform. Reduce technical risk by deploying apps with protections that are built directly into the application binary that will defeat both static and runtime attacks. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
I do know what criminal lists my details have ended up on, writes Tim Holman, but even I get regular phishing emails claiming my mobile phone bill is spiralling out of control (please open this zip file), that companies house is going to strike 2-sec off the companies register (please open this zip file) and – it being Christmas – expensive gifts have been delayed by UK customs (please open this zip file).   Internet service and email providers are too slow to take this stuff off the wire and it inevitably ends up in my inbox.   While I might know that malware can be easily encoded into a multitude of different compression formats that anti-virus systems simply do not detect, your average user simply will not know this. Given the elaborate, thought-out, well-spelt (they are all in good English) and targeted attacks we have seen in 2013, it looks like 2014 will be bringing more misery to users that simply are not aware that their computers can be completely taken over and used for nefarious purposes.  Unfortunately the spate of big data breaches we have seen over the past years have furnished cyber criminals with the one thing we do not want them to have - personal information.  In the wrong hands, this information IS being used to carry out targeted attacks, and they are not going to stop. Tim Holman is president of ISSA-UK and CEO at 2-sec. Read more on security priorities for 2014 Security Think Tank: ISF’s top security threats for 2014 Security Think Tank: KuppingerCole’s security predictions for 2014 Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com This was first published in December 2013
Cyber criminals are planning to produce new forms of ransomwareon an unprecedented scale, according to IT security firm Sophos. Ransomware is a type of Trojan malware used by criminals to block access to target computers so they can demand payment for restoring access. In recent weeks the UK’s National Crime Agency’s National Computer Crime Unit has warned small and medium enterprises about the Cryptolocker ransomware that encrypts file on targeted machines. The US computer emergency response team (US-Cert) has issued a similar warning to US computer users about emails that appear to come from financial institutions, but install Cryptolocker. The malware is designed to encrypt files on the infected computer and any network it is attached to and then demand the payment of around £500 in Bitcoins to unlock the files. Now Sophos has warned there are discussions on underground forums about ways to produce a kit to make it easier for criminals to create their own versions of ransomware. Malware kits have been responsible in large part for recent spikes in new malware as they lower the technical barriers to entry for would-be cyber criminals and often provide technical support. According to the security firm’s annual report into cyber crime and emerging threats, ransomware could become the market leader in malicious code. James Lyne, co-author of the report and global head of security research at Sophos, said there is evidence that cyber criminals are keen to cash in on the success of ransomware such as Cryptolocker. Security firm BitDefender found that in the week starting 27 October 2013, more than 12,000 computers in the US were infected with the Cryptolocker malware A separate attempt to shut down the network supporting Cryptolocker found almost 150 separate systems gathering responses from infected machines, according to the BBC. The sophisticated networking capability within the ransomware means even if some criminal servers are shut down by law enforcement, the malicious network can recover quickly. Law enforcement agencies have advised organisations against paying the ransoms demanded in untraceable bitcoin virtual currency because none of those who have paid up have recovered their data. This approach means cyber criminals are able to cash out immediately without having to set up complex ways of monetising stolen data or laundering cash stolen from credit cards and bank accounts. The Nation Cyber Crime Unit (NCCU) has advised anyone who is infected with this malware to report it through ActionFraud, the UK’s national fraud and internet crime-reporting centre. The NCCU said prevention is better than cure and that UK businesses and consumers should: Not click on any such attachment Update antivirus software and operating systems Backup files routinely to a location off the network Disconnect any infected computers from the network Seek professional help to clean infected computers Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
The new open-source browser release gets five critical security updates and finally delivers click-to-play functionality for some plug-ins, with more to come in the weeks ahead. Mozilla is out today with its latest milestone Firefox release, this time providing security fixes as well as new functionality in the open-source Web browser. The Firefox 26 release first entered beta in early November. From a security feature perspective, the big change that Firefox 26 introduces is the concept of "click-to-play" plug-ins. Prior to Firefox 26, plug-ins such as Java would just load inside the browser whenever required by a given Website, and without the need for any specific user interaction. With Firefox 26, Mozilla has now restricted the ability of Java plug-ins to auto-load and automatically run.

Other competitive Web browsers, including Apple's Safari 7, already enable the same type of functionality. One of the primary differences between Firefox 26's click-to-play implementation and Safari 7's is that Firefox currently does not block Flash media content with click-to-play.

The risk from automatically enabled plug-ins is that a user could potentially be directed to a malicious Website where a plug-in is used to automatically deliver some form of malware payload. The plan is to expand the click-to-play effort in future releases of Firefox. "The latest release of Firefox will continue to enable all plug-ins—except Java—by default while the click-to-play feature goes through additional testing in beta," Chad Weiner, product manager for Firefox, told eWEEK. "In the coming weeks, we will announce details of a plug-in whitelist policy that will provide a path to exempting certain plug-ins and Websites from our click-to-play policy." From a security patch perspective, Mozilla has attached 14 security advisories to the Firefox 26 release, with five marked as critical. Three of the critical advisories deal with use-after-free memory errors. Use-after-free memory vulnerabilities occur when unused authorized memory remains accessible to other programs, enabling attackers to potentially execute arbitrary code. Two of the three use-after-free memory vulnerabilities were reported to Mozilla by security researchers working with the BlackBerry Security Automated Analysis Team. Mozilla first began partnering with BlackBerry for security in July. The BlackBerry research team used Address Sanitizer—a widely used open-source tool for discovering memory flaws that was originally built by Google—to find the flaws. Mozilla also credited the BlackBerry security researchers with discovering another critical flaw by using the Address Sanitizer tool. "Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that can be triggered by web content," Mozilla's advisory explains. Firefox 26 also includes an update rated as having high impact for a JPG image file information leak vulnerability. Mozilla Security Advisory 2013-16 credits Google security researcher Michal Zalewski with the discovery of the flaw.

According to Mozilla, the flaw "could allow for the possible reading of arbitrary memory content as well as cross-domain image theft." In addition, Mozilla credited Google with reporting a Secure Sockets Layer (SSL) certificate-related flaw.

The issue, which Google reported to Mozilla on Dec. 4, involves an SSL certificate that had been erroneously issued that should no longer be trusted. "This certificate was issued by Agence nationale de la sécurité des systèmes d'information (ANSSI), an agency of the French government and a certificate authority in Mozilla's root program," Mozilla's advisory states. "A subordinate certificate authority of ANSSI mis-issued an intermediate certificate that they installed on a network monitoring device, which enabled the device to act as a MITM proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control." Firefox 26 isn't just about security; it also improves performance by way of at least one interesting bug fix. Mozilla bug #847223, titled "Don't decode images that aren't visible when we download them," is a bug that Gavin Sharp, lead Firefox engineer at Mozilla, sees as a great example of the benefits of Mozilla's continuous investment in memory-use improvements (project code name: MemShrink). "Firefox is best-in-class on memory use, thanks to fixes like that one," Sharp told eWEEK. "It results in a big reduction of peak memory usage on image-heavy pages like Flickr or other image galleries, and reducing memory use has all sorts of positive additional effects like increased stability, responsiveness and performance." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist. ${QSComments.incrementNestedCommentsCounter()} {{if QSComments.checkCommentsDepth()}} {{if _childComments}}