As we first reported in the Microsoft Security Report Volume 13, Keygens have become the number one threat reported by users of Microsoft antimalware products. The research also indicates that 76 percent of users that downloaded Keygen or software cracks were also exposed to other, more dangerous malware.
Keygens are typically not very dangerous on their own. However, malware authors are having great success using deceptive downloads that either pretend to be Keygens or contain them as well as other malware to spread their malicious payloads. Customers reporting Keygens have higher rates of additional malware infections compared to other threats. Some of these threats try to trick users into paying for software that’s distributed for free from trusted sources.
Microsoft Security Blog
Today we released the latest volume of the Microsoft Security Intelligence Report (SIR) containing a large body of new data and analysis on the threat landscape. This volume of the SIR includes:Latest industry vulnerability disclosure trends and analysis
- Latest industry vulnerability disclosure trends and analysis
- Latest data and analysis of global vulnerability exploit activity
- Latest trends and analysis on global malware and potentially unwanted software
- Latest analysis of threat trends in more than 100 countries/regions around the world
- Latest data and insights on how attackers are using spam and other email threats
- Latest global and regional data on malicious websites including phishing sites, malware hosting sites and drive-by download sites
In addition, we have included a section in the report focused on how the threat called Conficker continues to propagate.
“The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet.”
For anyone who doubted that Apple’s long grace period with cybercriminals is over, doubt no more: On Friday, researchers at Russian antivirus firm Kaspersky confirmed findings from another security firm earlier this week that more than 600,000 computers running Mac’s OSX are infected with the Flashback botnet, and half of those machines are in the United States.
Krebs On Security
The current custodian of Java – Oracle Corp. – first issued an update to plug this flaw and others back on Feb. 17. I suppose Apple’s performance on this front has improved, but its lackadaisical (and often plain puzzling) response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware attacks.
“The three month delay in sending a security update was a bad decision on Apple’s part,” said Kaspersky Lab’s Chief Security Expert, Alexander Gostev. “There are a few reasons for this. First, Apple doesn’t allow Oracle to patch Java for Mac. They do it themselves, usually several months later. This means the window of exposure for Mac users is much longer than PC users. This is especially bad news since Apple’s standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough. Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time! The problem is exacerbated because – up to now – Apple has enjoyed a mythical reputation for being ‘malware free’. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security.”
Malicious spam continuing to do the rounds from a random name @ the same domain as your own. Delete without opening any attachments or links.
“AOL Administration Center” spam comes from a spoofed email address this is a classic example of Canadian Pharmacy spam.
Full text of the bogus email, the # in the subject line changes.
From: “AOL Administration Center (R)”
Subject: AOL Administration Center Notification #73916
You have 1 notification (#73916) from AOL Administration Center
Please follow the instructions to continue.
The AOL Mail Team
Click here to opt out of receiving future promotional e-mail messages from AOL or go to AOL Keyword:
Email Preferences and unsubscribe. This screen name cannot respond to replies.
Click here for other Important Information about Commercial E-mail from AOL or visit http://about.aol.com/email_information.
AOL Email, PO Box 65627, Sterling, VA 20165-8805.
“UNIFORM TRAFFIC TICKET” spam has been around awhile and continues to do the rounds. The email has an attached file which contains a malicious Trojan horse.
Full text of the bogus email, the ID # in the subject line changes.
Date: Wed, 03 Aug 2011 12:42:23 +0530
From: “N.Y. State Department of Motor Vehicles”
Subject: UNIFORM TRAFFIC TICKET (ID:89254305)
New York State Department of Motor Vehicles
UNIFORM TRAFFIC TICKET (ID:50385056),
NEW YORK STATE POLICE
Local Police Code 5278
THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS
Time: 7:25 AM
Date of Offense: 10/10/2011
IN VIOLATION OF NYS V AND T LAW
9690 Description of Violation
SPEED OVER 55 ZONE
TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117
Resurgence of malicious ACH spam, the digit number changes randomly from email to email.
Keep your anti-virus application up-to-date and if the spam does arrive in the email box don’t click on links within or open any attachment.
The bad guys goal is to install a Zbot variant of a password stealing Trojan that also contains back door functionality. In other words the criminal gains unauthorized access and control of the infected computer.
The Official Microsoft® Blog
Rustock Civil Case Closed: Microsoft Refers Criminal Evidence to FBI
22 Sep 2011
As you may have read in this morning’s edition of CNET, on Sept. 13th, Judge James L. Robart, of the U.S. District Court for the Western District of Washington ruled that the domain names and Internet protocol addresses used to host the botnet would be effectively removed from the defendants’ control. This case not only enabled the take down of a botnet known to be one of the single largest sources of spam on the Internet, but it is now helping to ensure that this botnet will never be used for cybercrime again. However, we’re not stopping here.
We are also turning over all of the evidence we collected during discovery and our investigation to the FBI, to help ensure those responsible for operating the Rustock botnet are held accountable for their actions. It is important to note that Microsoft ‘s $250,000 reward offer for information that leads to the arrest and conviction of Rustock’s operators remains in effect, but now any tips should be sent directly to the FBI at MS_Referrals@ic.fbi.gov.
Certifiedbug, July 18, 2011. Microsoft Offers $250,000 Reward for Information on Rustock
Email attachments that contain malicious code are still being used to infect computers and steal the data found on those computers. While it is easy to find people who discount this threat, believing no one would be foolish enough to open one of these email attachments, the criminals are working hard to make their approaches more convincing.
Today we’ve seen more than 11,000 copies of their newest attempt come in to the UAB Spam Data Mine.
Articles and picture of email: