Trojan

Sabpab Mac OS X backdoor Trojan

by certifiedbug on April 13, 2012

in Internet Security

Graham Cluley
Sophos

“The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet.”
http://nakedsecurity.sophos.com/2012/04/13/sabpab-new-mac-os-x-backdoor-trojan-horse-discovered/

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

{ 0 comments }

Apple

8 views…

http://support.apple.com/kb/HT5244

Forbes
4/06/2012

For anyone who doubted that Apple’s long grace period with cybercriminals is over, doubt no more: On Friday, researchers at Russian antivirus firm Kaspersky confirmed findings from another security firm earlier this week that more than 600,000 computers running Mac’s OSX are infected with the Flashback botnet, and half of those machines are in the United States.

http://www.forbes.com/sites/andygreenberg/2012/04/06/researchers-confirm-flashback-trojan-infects-600000-macs-being-used-for-clickfraud/

Krebs On Security

The current custodian of Java – Oracle Corp. – first issued an update to plug this flaw and others back on Feb. 17. I suppose Apple’s performance on this front has improved, but its lackadaisical (and often plain puzzling) response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware attacks.

http://krebsonsecurity.com/2012/04/urgent-fix-for-zero-day-mac-java-flaw/

Forbes
4/09/2012
http://www.forbes.com/sites/andygreenberg/2012/04/09/apple-snubs-firm-who-discovered-mac-botnet-tries-to-cut-off-its-server-monitoring-infections/

Kaspersky Lab

“The three month delay in sending a security update was a bad decision on Apple’s part,” said Kaspersky Lab’s Chief Security Expert, Alexander Gostev. “There are a few reasons for this. First, Apple doesn’t allow Oracle to patch Java for Mac. They do it themselves, usually several months later. This means the window of exposure for Mac users is much longer than PC users. This is especially bad news since Apple’s standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough. Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time! The problem is exacerbated because – up to now – Apple has enjoyed a mythical reputation for being ‘malware free’. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security.”

http://www.kaspersky.com/about/news/virus?time=1333224000

{ 0 comments }

“AOL Administration Center” spam comes from a spoofed email address this is a classic example of Canadian Pharmacy spam.

Full text of the bogus email, the # in the subject line changes.

From: “AOL Administration Center (R)”
To:
Subject: AOL Administration Center Notification #73916

Hi,
You have 1 notification (#73916) from AOL Administration Center
Please follow the instructions to continue.
Thanks,
The AOL Mail Team

Click here to opt out of receiving future promotional e-mail messages from AOL or go to AOL Keyword:
Email Preferences and unsubscribe. This screen name cannot respond to replies.

Click here for other Important Information about Commercial E-mail from AOL or visit http://about.aol.com/email_information.
AOL Email, PO Box 65627, Sterling, VA 20165-8805.

——————————————
“UNIFORM TRAFFIC TICKET” spam has been around awhile and continues to do the rounds. The email has an attached file which contains a malicious Trojan horse.
http://garwarner.blogspot.com/2011/08/new-york-city-uniform-traffic-ticket.html

Full text of the bogus email, the ID # in the subject line changes.

Date: Wed, 03 Aug 2011 12:42:23 +0530
From: “N.Y. State Department of Motor Vehicles”
To:
Subject: UNIFORM TRAFFIC TICKET (ID:89254305)

New York State Department of Motor Vehicles

UNIFORM TRAFFIC TICKET (ID:50385056),

POLICE AGENCY
NEW YORK STATE POLICE
Local Police Code 5278

THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS

Time: 7:25 AM
Date of Offense: 10/10/2011
IN VIOLATION OF NYS V AND T LAW

9690 Description of Violation
SPEED OVER 55 ZONE
TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117

{ 0 comments }

Ach ‘payment canceled’ spam

by certifiedbug on September 28, 2011

in Internet Security

Resurgence of malicious ACH spam, the digit number changes randomly from email to email.

Keep your anti-virus application up-to-date and if the spam does arrive in the email box don’t click on links within or open any attachment.

The bad guys goal is to install a Zbot variant of a password stealing Trojan that also contains back door functionality. In other words the criminal gains unauthorized access and control of the infected computer.

Reference:
http://garwarner.blogspot.com/2011/05/ach-spammer-switches-to-shortened-urls.html

http://labs.m86security.com/tag/malicious-spam/

{ 0 comments }

Researchers obtain sample of ZeuS-SpyEye Banking Trojan code

January 25, 2011

Security researchers at Trend Labs have acquired the first sample of code, it includes “Anti-Rapport: A built-in option to evade Rapport Trusteer software” a security application offered to customers of many banks as a defense against banking Trojans. http://blog.trendmicro.com/spyeyezeus-toolkit-v1-3-05-beta/ A Closer Look at Rapport from Trusteer 29 April 2010 http://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer/ Mergers and Acquisitions in the […]

Read the full article →

Malware aimed at employment opportunities posted on-line

January 21, 2011

Internet Crime Complaint Center (IC3) Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online. Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. […]

Read the full article →

Manhattan U.S. Attorney charges 37 in ZeuS Banking Fraud

October 4, 2010

FBI Press Release September 30, 2010 According to Complaints unsealed today in Manhattan federal court, the cyber-attacks began in Eastern Europe, and included the use of a malware known as the “Zeus Trojan,” which was typically sent as an apparently-benign e-mail to computers at small businesses and municipalities in the United States. Once the email […]

Read the full article →

Nineteen Arrested in £20 million ZeuS Banking Fraud

September 29, 2010

Officers arrested 15 men and four women aged between 23 and 47 on suspicion of the Computer Misuse Act, Proceeds of Crime Act and Fraud Act. Detective Chief Inspector Terry Wilson told the Mail that the Virtual Taskforce worked closely with several UK banks to gather the evidence and information needed to shut down the […]

Read the full article →

Zeus botnet vendor toolkit vulnerability

September 27, 2010

Security researcher Billy (BK) Rios has discovered a vulnerability in the Zeus botnet toolkit which would allow the command and control channels to be hijacked. The C&C channels send instructions and software updates to compromised computers which often number in the hundreds of thousands. In the spirit of responsible disclosure Rios attempted to inform the […]

Read the full article →

Malware targets Starcraft 2 Gamers

September 14, 2010

Microsoft Malware Protection Center Malware Plays Starcraft 2 Starcraft 2 is gaining popularity not only for gamers but also for malware writers. We wrote about Starcraft almost two months ago when it was first released. Now, apparently, it is also being used as part of a social engineering technique by a downloader family called Harnig. […]

Read the full article →