admini – Page 68 – CyberSecurity Institute

Zeus variants are back with a vengeance

Posted on May 24, 2013December 30, 2021 by admini

The difference in GameOver variant is that it opens a random UDP port and sends encrypted packets before sending DNS queries to randomized domain names.”

Configuration files are, as usual, subject to change depending on which information the attackers want to steal, and the malware still tries to prevent browsers from being able to visit security sites. What was previously put in one folder in Windows’%System% folder is now in to random-named folders in the%Applications Data% folder.

“What we can learn from ZeuS / Zbot’s spike in recent months is simple: old threats like Zbot can always make a comeback because cybercriminals profit from these,” the researchers warn and advise: “It is important to be careful in opening email messages or clicking links.

Link: http://www.net-security.org/malware_news.php?id=2504&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Scanner identifies malware strains, could be future of AV

Posted on May 24, 2013December 30, 2021 by admini

So he created Simseer, a free online service that performs automated analysis on submitted malware samples and tells and shows you just how similar they are to other submitted specimens.

According to the website, Simseer detects malware’s control flow, which changes much less than string signatures or similar features, and polymorphic and metamorphic malware variant usually share the same control flow.

It runs on an Amazon EC2 cluster with a dozen or so virtual servers, and is “fed” by Cesare every night with gigabytes of malware code downloaded from other free sources such as VirusShare.

As said before, it works on any kind of software, and can be used for plagiarism and software theft detection, as well as incident response.

Link: http://www.net-security.org/malware_news.php?id=2505&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

AusCERT 2013: Visibility critical when selling IT security to execs, says Foxtel CSO

Posted on May 24, 2013December 30, 2021 by admini

Everybody owns [infrastructure] when they don’t want you to touch it, but nobody owns it when it’s their bum on the line if things go wrong

Building on the MSS relationship not only allows Foxtel to be more proactive in maintaining its security posture, but supports interactions with executives who are less concerned with technical minutiae but think of IT security in terms of business risk.

Analysis of internal cost-recovery claims is a great way to marry IT-security activity to potential business change: once the IT staff know which business units are paying for what systems and services, it’s much easier to know how any potential security issue will affect which parts of the business. Everybody owns it when they don’t want you to touch it, but nobody owns it when it’s their bum on the line if things go wrong.”

Shaw has often found it’s easier for an internal security organisation to get leverage with other business units by handballing the bad news to the MSS: “it’s always effective bringing in external parties to talk to your executives,” he laughed. “Your executives are not going to give you budget unless you can marry together the value from MSS, actionable intelligence – unless you can demonstrate the value to the business and where the business is trying to go.

Link: http://www.cso.com.au/article/462775/auscert_2013_visibility_critical_when_selling_it_security_execs_says_foxtel_cso/

Malware fight goes public on the web

Posted on May 23, 2013December 30, 2021 by admini

Formed in 2005 to help address the problem of compromised computers – sometimes referred to as bots, or drones – connected to the internet, AISI collects data from various sources on devices exhibiting odd bot-like behaviour on Australian IP addresses.

The detailed statistics on malware infections show that on average during this financial year about 16,500 malware reports have been provided to AISI participants each day – representing what the authority says is a “significant level of malware” affecting Australians.

“Once infected with malware, a user’s personal identity information can be stolen and their infected computing device used to harm and infect other internet users,” said Richard Bean, the authority’s deputy chairman. “Just as the internet increasingly provides rapid access to information about news, events and the activities of friends and family, it should also enable Australians to quickly get information about online risks and threats such as malware infections.”

The authority said the most prevalent infection type currently being reported are numerous variants of Zeus, which is primarily used for banking fraud, and, among other things, can intercept and modify an infected user’s online banking transactions.

Link: http://www.smh.com.au/it-pro/security-it/malware-fight-goes-public-on-the-web-20130522-2k036.html

Twitter steps up security with two-factor authentication option

Posted on May 23, 2013December 30, 2021 by admini

Jim O’Leary from Twitter’s product security team acknowledged in a blog post on Wednesday that “even with this new security option turned on, it’s still important for you to use a strong password and follow the rest of our advice for keeping your account secure.”

Some of the more recent and widely-reported attacks have hit targets ranging from The White House to the Associated Press to more than 250,000 users at large earlier this year.

At the end of April, the San Francisco-based private company penned a memo to news media outlets warning that such cyber attacks would continue.

In regards to the media, Twitter added at the time that most of the security breaches appeared to be “spear phishing attacks” targeting corporate email.

Link: http://www.zdnet.com/twitter-steps-up-security-with-two-factor-authentication-option-7000015762/?s_cid=e589&ttag=e589

New Citadel malware variant targets Payza online payment platform

Posted on May 23, 2013December 30, 2021 by admini

“The Payza transaction PIN is used every time a user wants to send funds, add funds, withdraw funds or make a payment,” Trusteer researcher Etay Maor said Tuesday in a blog post.

These stem from the wide use of public computers in locations such as Internet cafes and the generally low level of online security awareness, he said.

“Public computers are typically at higher risk for malware infections and when used by an unsuspecting user, the chances of a successful fraudulent transfer are much higher.”

Link: http://www.pcworld.com/article/2039502/new-citadel-malware-variant-targets-payza-online-payment-platform.html