Category: Malware

McAfee’s latest Quarterly Threats Report noted a surge in MBR attacks, where the goal is to infect a machine’s storage system, and from there take control of the entire device.

The German-targeted malware doesn’t stop at wreaking of MBR havoc though: another feature is the backdoor’s capability to lock and unlock a screen. “This locking of screen is definitely a direct copy from ransomware’s playbook, in which the system remains completely or partially inaccessible unless the victim pays for the ransom,” Bermejo said.

Another possible scenario is a version of the MBR exploit that is integrated with the screen blocking routine, which will make the screen locking command easier to execute.

Link: http://www.infosecurity-magazine.com/view/32866/mbrwiping-malware-targets-german-victims

Users from Vietnam, India, China, Taiwan and possibly other countries, were targeted as part of an attack campaign that uses Microsoft Word documents rigged with exploits in order to install a backdoor program that allows attackers to steal information, according to researchers from security firm Rapid7. One of the malicious…

The resulting malware is a bot that connects to an IRC (Internet Relay Chat) server and joins a predefined channel where it waits for commands from the attackers.

Reports of malicious activity using this exploit were posted in recent days on several discussion boards and it also appears that some Web hosting providers were affected, Jarmoc said.

Users should update the Ruby on Rails installations on their servers to at least versions 3.2.11, 3.1.10, 3.0.19 or 2.3.15 which contain the patch for this vulnerability. However, the best course of action is probably to update to the latest available Rails versions, depending on the branch used, since other critical vulnerabilities have been addressed since then.

Link: http://www.arnnet.com.au/article/463093/hackers_exploit_ruby_rails_vulnerability_compromise_servers_create_botnet/

Palo Alto Networks has positioned its WildFire platform to resolve this issue, by providing what Williamson calls a “classify everything” view of all data coming into and going out of the network.

Other common signature behaviours of malware include visits to an unregistered domain (24.38% of cases), the sending of emails (20.46%), contacting an IP country different from the host top-level domain (6.92%), downloading a file with an incorrect file extension (4.53%), visiting a recently registered domain (1.87%), and more.

“”You can always create an exception if you need to, but you can also set a rule that says ‘if I see an HTTP post to new domains, that is something worth investigating’.

This confidence, says Palo Alto Networks’ ANZ country manager Armando Dacal, often translates into a better business-IT alignment because the security team can ensure the business will be protected through highly-granular control over applications and user behavior. Such control will pave the way for higher business and IT confidence around the influx of smartphones and tablets as companies, many grudgingly, give in to the realities of bring your own device (BYOD) policies.

“But users wanted to leverage the power in the devices – and now IT can have a discussion with the business around which users should have access to which applications, and how it can be done safely.” “We’re dealing with creative [malware authors],” Williamson says, “and we’re in a world where we’re going to have to be looking at what’s coming in – and be engaged, creatively, about what’s going on.

Link: http://www.cso.com.au/article/463079/malware_typical_network_behaviour_makes_it_easier_spot_palo_alto/