Category: Malware

“The Trojan’s developer claims it has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora and Debian.

While this trojan does seem nasty and scary, it is unlikely to spread easily given Linux users’ propensity towards common-sense about installing software.

Link: http://betanews.com/2013/08/09/linux-gets-hit-by-a-trojan-its-time-to-sudo-apt-get-scared/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN

“Many organizations lack the right staff size or skills necessary to address malware threats, but given their current workload and the information security skills shortage, it is unlikely they can fill this void quickly,” Oltsik said in his report.

Sixty-two percent of those surveyed believe their host-based security software is not effective for detecting zero-day attacks and other malware designed to bypass the software and remain stealthy on systems.

Security professionals should become intimately familiar with these phases so they can implement appropriate security controls for each phase and recognize anomalous behavior that may be associated with one or many phases of an attack.”

In addition, the survey found that 42 percent of organizations are testing or implementing security technologies that use sandboxing technology, virtual environments where files are quickly analyzed before being passed on to the end user.

About 39 percent of those surveyed said a group of security analysts dedicated to malware intelligence and analysis was created at their organization.

“While security professionals understand the basic concepts about malware, the [Enterprise Strategy Group] research indicates that a large number are unfamiliar with advanced malware properties.

Link: http://www.crn.com/news/security/240158935/sophisticated-malware-is-stumping-security-pros.htm

The Trojan is entering the market at an opportune time, as developers of such major banking malware have either retired, gone into hiding or otherwise removed their skills from the open market.

In a message posted to a Russian language underground forum and translated by RSA, KINS’ developer said the malware has been developed from scratch and not a modification of another product.

One plug-in is already available for $2,000, according to the malware developer’s forum posting, to counter Rapport, a popular fraud protection program currently used by banks.

“The bad guys have figured out that they can make the most money by selling plug-ins, which provide extra functionality,” Roel Schouwenberg, a senior researcher with Kaspersky Lab, said in an email.

KINS is also compatible with Zeus web injections and works with RDP, as was SpyEye, and won’t work in former Soviet Union countries — a practice introduced by Citadel.

“The American police aren’t going to go after the developer so he doesn’t mind if computers in the states get infected,” RSA’s Kessem explained.

For instance, it’s build to stay away from Trojan trackers, can be spread by popular exploit packs like Neutrino and will more deeply infect a Windows machine by poisoning its Volume Boot Record.

Link: http://www.csoonline.com/article/736849/new-trojan-could-create-headaches-for-banks-customers?source=CSONLE_nlt_update_2013-07-25

The infected machine acts as a liaison between the spam server and the compromised website,” wrote De La Torre.

“As there is no interaction between the spam and server, it will appear the email has originated from the infected machine. In essence, they have separated the core functions and minimised interactions among them to cut off any threads that could link them to each other.”

The tactic has reportedly proven effective, with Trend estimating the attackers are using 85,000 unique IP addresses or domains to send out spam to seven million chosen email addresses.

Link: http://www.v3.co.uk/v3-uk/news/2283924/hackers-stealrat-botnet-turns-85-000-unique-ips-into-malwarespreading-tools