Posts tagged as:

Malware

Microsoft knocks out Waledac Botnet

by certifiedbug on February 25, 2010

in Microsoft

Microsoft, a founding member of the Botnet Task Force, announced that a federal judge has granted a temporary restraining order cutting off 277 Internet domains believed to be run by criminals controlling a vast network of infected PCs.

This action has quickly and effectively cut off traffic to Waledac at the “.com” or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world. Microsoft has since been taking additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within the botnet, and we will continue to work with the security community to mitigate and respond to this botnet.

http://blogs.technet.com/microsoft_blog/archive/2010/02/25/cracking-down-on-botnets.aspx

Computers infected by Waledac still need to be cleaned up. Users running Windows should run Microsoft’s Malicious Software Removal Tool which removes the malware.

{ 0 comments }

Koobface friendly Riccom AS29550 taken Off-Line

by certifiedbug on December 22, 2009

in Internet Security

hpHosts
15 December 2009

I’m happy to announce, I woke up to a rather surprising e-mail today, from a Josh Kirkwood over at EuroConnex/BlueConnex. He informed me, because of this, they’ve booted Riccom, leaving them stranded.

http://hphosts.blogspot.com/2009/12/euroconnexblueconnex-boots-riccom-ltd.html

Dancho Danchev’s Blog
December 22, 2009

Clearly, in terms of cybercrime, especially one that’s monetizing an asset with high liquidity such as scareware, “better late than never” doesn’t seem to sound very appropriate.

Koobface-Friendly Riccom LTD – AS29550 – (Finally) Taken Offline

{ 0 comments }

FBI warns consumers about rogue security programs

December 16, 2009

Press Release December 11, 2009.
The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. The messages may contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft. The messages contain scareware, fake or rogue anti-virus software [...]

Read the full article →

New wave of malicious SQL Injections

December 11, 2009

Security researcher Mary Landesman said the attack appears to be a work-in-progress focusing on:

Integer overflow vulnerability in Adobe Flash Player, described in CVE-2007-0071
MDAC ADODB.Connection ActiveX vulnerability described in MS07-009
Microsoft Office Web Components vulnerabilities described in MS09-043
Microsoft video ActiveX vulnerability described in MS09-032
Internet Explorer Uninitialized Memory Corruption Vulnerability – MS09-002

Successful exploit [...]

Read the full article →

Zbot spotted in the cloud

December 10, 2009

Researchers with HCL Technologies, a contractor performing security research for CA, spotted the password stealer Zeus (Zbot) using a hacked server on Amazon’s Elastic Compute Cloud (EC2) services to run a botnet command and control center.
The hacked website was contacted and the Zeus malware removed.
CA Security Advisor Research Blog:
http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx
Hat tip: Sunbelt Blog

Read the full article →

MS adds IRC-controlled backdoor “Hamweq” detection to Malicious Software Removal Tool

December 8, 2009

Microsoft Malware Protection Center
This month, Worm:Win32/Hamweq has been added to the Malicious Software Removal Tool (MSRT) in time for the holidays. Hamweq makes it on to MSRT’s “naughty” list as an IRC-controlled backdoor that spreads via removable drives. It has multiple means of hiding its presence; it installs itself into a hidden directory [...]

Read the full article →

Symantec: Beware Firefox mal-extensions

December 7, 2009

According to Symantec senior engineer Candid Wüest, the company has “recently observed an increase in malware that drops malicious BHOs, Firefox extensions, and even Opera user scripts… to maximize their impact on a user’s machine.”
One avenue that’s taken is to drop the malicious extension directly into Firefox’s components directory. This means it will be automatically [...]

Read the full article →

MSRT November Threat Reports

November 24, 2009

Microsoft Malware Protection Center

Out of these prevalent threat families worldwide, 8 are password stealers collecting online game credentials, online banking passwords or other user identities of users’ online accounts.
8 of them are fake security products or trojan downloaders for rogues. The MSRT now covers the following most high profile rogues

o Win32/FakeVimes
o Win32/PrivacyCenter
o Win32/FakeScanti
o [...]

Read the full article →

The Register: Apple looking into anti-malware protection

August 26, 2009

Apple commercials portray the Mac as an operating system free of malware threats, interesting to see this report at the Register.
“Apple sneaks malware protection into Snow Leopard
Coverage goes only so far”
http://certifiedbug.com/blog/tag/apple/

Read the full article →

Koobface: new wave on Facebook

August 17, 2009

Security company Panda Security warns that the gang behind the Koobface worm has released the next iteration of their worm with over 60 active domains spreading the content through the usual method of posting a message linking to a “CooooL Video” on Facebook.
The Koobface gang uses the same old “Flash Player upgrade required” tactic to [...]

Read the full article →