Malware

Malware / News Briefs

Widespread Compromised Routers Discovered With Altered DNS Configurations

A widespread compromise of consumer-grade small office/home office (SOHO) routers has been discovered by threat intelligence group Team Cymru. According to the report, "attackers are altering the DNS configuration on these devices in order to redirect victims DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers, effectively conducting a Man-in-the-Middle attack." more»

Israeli Tunnel Hit by Cyberattack Causing Massive Congestion

A major artery in Israel's national road network in the northern city of Haifa suffered a cyberattack, knocking key operations out of commission two days in a row and causing hundreds of thousands of dollars in damage. One expert, speaking on condition of anonymity because the breach of security was a classified matter, said a Trojan horse attack targeted the security camera apparatus in the Carmel Tunnels toll road on Sept. 8, reports the Associated Press. more»

US Government Releases Cybersecurity Framework Proposal

A U.S. bureau on Tuesday unveiled a draft of voluntary standards that companies can adopt to boost cybersecurity -- part of an attempt to protect critical industries without setting restrictive and costly regulations. The National Institute of Standards and Technology (NIST), a nonregulatory agency that is part of the Department of Commerce, issued the so-called framework following input from some 3,000 industry and academic experts. more»

Rodney Joffe on Security Vulnerabilities of Modern Automobiles

Rodney Joffe, Senior Technologist at Neustar, explaines that vehicles (beginning with 1998 models) are vulnerable to hacking, but manufacturers have been unable to fix the problem. In the video below, Joffe explains the challenge to cars and the possible threats that exist for other machines connected to a network. more»

Google Data on State of Web Security

As part of its Transparency Report, Google recently released large amount of data related to unsafe websites. Google groups unsafe websites into two main categories: Malware and Phishing sites. more»

US Should Take More Aggressive Counter-Measures On IP Theft, Including Use of Malware

A bipartisan Commission recently produced a report titled, "The Report of the Commission on the Theft of American Intellectual Property". Karl Bode from dslreports.com writes... more»

Massive Spam and Malware Campaign Following Boston Tragedy

On April 16th at 11:00pm GMT, the first of two botnets began a massive spam campaign to take advantage of the recent Boston tragedy. The spam messages claim to contain news concerning the Boston Marathon bombing, reports Craig Williams from Cisco. The spam messages contain a link to a site that claims to have videos of explosions from the attack. Simultaneously, links to these sites were posted as comments to various blogs. more»

ICANN Releases Guideline for Coordinated Vulnerability Disclosure Reporting

ICANN has released a set of guidelines to explain its Coordinated Vulnerability Disclosure Reporting. The guidelines serve two purposes, says ICANN: "They define the role ICANN will perform in circumstances where vulnerabilities are reported and ICANN determines that the security, stability or resiliency of the DNS is exploited or threatened. The guidelines also explain how a party, described as a reporter, should disclose information on a vulnerability discovered in a system or network operated by ICANN." more»

SANS Develops Small-Scale City to Train Cyber Warriors

SANS has announced NetWars CyberCity, a small-scale city located close by the New Jersey Turnpike complete with a bank, hospital, water tower, train system, electric power grid, and a coffee shop. NetWars CyberCity was developed to teach cyber warriors from the U.S. Military how online actions can have kinetic effects. more»

Latest Makadocs Malware Uses Google Drive Viewer As Proxy to Command and Control Server

Security researchers have found a new variant of the Macadocs malware to be using Google docs as a proxy server and not connecting to a command and control server directly. In a blog post on Friday, Symantec researcher Takashi Katsuki, wrote... more»

M3AAWG, London Action Plan Release Best Practices to Address Online and Mobile Threats

A cooperative international report was released last week outlining Internet and mobile best practices aimed at curtailing malware, phishing, spyware, bots and other Internet threats. It also provides extensive review of current and emerging threats. "Best Practices to Address Online and Mobile Threats" is a comprehensive assessment of Internet security as it stands today... more»

FBI Agent Thomas X. Grasso Receives First J.D. Falk Award for Establishing DNS Changer Working Group

Convincing competitors, disparate business entities and researchers to collaborate - many donating their services and resources - to protect millions of end-users worldwide is no small feat. Yet FBI Supervisory Special Agent Thomas X. Grasso did just that by quietly working behind the scenes to create the DNS Changer Working Group that saved an inestimable number of end-users from losing access to the Web over the last two years. more»

The Tale of Thousands of Hacked Modems in Brazil, Affecting Millions

Kaspersky Lab Expert, Fabio Assolini, has provided detailed description of an attack which as been underway in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, affecting 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems. more»

Researchers Detail Faster Methods to Defeat Botnets Like Conficker and Kraken

Michael Cooney reporting in NetworkWorld: "Security researchers this week will detail a prototype system they say can better detect so-called Domain Name Generation- (DGA) based botnets such as Conficker and Kraken without the usual labor- and time-intensive reverse-engineering required to find and defeat such malware. The detection system, called Pleiades, monitors traffic below the local DNS server and analyzes streams of unsuccessful DNS resolutions..." more»

Flame Virus Was Developed by U.S., Israel to Slow Iranian Nuclear Efforts, According to Officials

The United States and Israel are reported to be responsible for developing the Flame virus aimed at collecting intelligence in preparation for cyber-sabotage aimed at slowing Iran's ability to develop a nuclear weapon, according to Western officials with knowledge of the effort. According the Washington Post, "[t]he massive piece of malware secretly mapped and monitored Iran's computer networks, sending back a steady stream of intelligence to prepare for a cyberwarfare campaign, according to the officials." more»