Category: Malware

When it comes to spotting malware, signature-based detection, heuristics and cloud-based recognition and information sharing used by many antivirus solutions today work well up a certain point, but the polymorphic malware still gives them a run for their money. At the annual AusCert conference held this week in Australia a…

So he created Simseer, a free online service that performs automated analysis on submitted malware samples and tells and shows you just how similar they are to other submitted specimens.

According to the website, Simseer detects malware’s control flow, which changes much less than string signatures or similar features, and polymorphic and metamorphic malware variant usually share the same control flow.

It runs on an Amazon EC2 cluster with a dozen or so virtual servers, and is “fed” by Cesare every night with gigabytes of malware code downloaded from other free sources such as VirusShare.

As said before, it works on any kind of software, and can be used for plagiarism and software theft detection, as well as incident response.

Link: http://www.net-security.org/malware_news.php?id=2505&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

AV-Test says they expect to see five million new malware samples each month – about double the rate from last year.

“This dramatic development is also forcing the manufacturers of anti-virus software to adopt different strategies, for example whitelisting, an approach that has now been popular for a number of years.” “Instead of sending 100,000 users the identical malware sample, a malware writer generates 10,000 unique samples for 10 users each or even 100,000 completely unique samples.” “In the majority of cases, the malware writers are using the same executable and then, it will automatically be encrypted, packed and scrambled in different ways,” said Marx.

In the back and forth between the bad guys and security companies, attackers must constantly change their strategies if they hope to reach any ripe targets.

Perhaps 60 million new pieces of malware might just be the sign of a job well done, but nonetheless, it’s a scary number.

Link: http://www.itproportal.com/2013/05/24/2013-will-see-an-explosion-in-malware/

The difference in GameOver variant is that it opens a random UDP port and sends encrypted packets before sending DNS queries to randomized domain names.”

Configuration files are, as usual, subject to change depending on which information the attackers want to steal, and the malware still tries to prevent browsers from being able to visit security sites. What was previously put in one folder in Windows’%System% folder is now in to random-named folders in the%Applications Data% folder.

“What we can learn from ZeuS / Zbot’s spike in recent months is simple: old threats like Zbot can always make a comeback because cybercriminals profit from these,” the researchers warn and advise: “It is important to be careful in opening email messages or clicking links.

Link: http://www.net-security.org/malware_news.php?id=2504&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

“The Payza transaction PIN is used every time a user wants to send funds, add funds, withdraw funds or make a payment,” Trusteer researcher Etay Maor said Tuesday in a blog post.

These stem from the wide use of public computers in locations such as Internet cafes and the generally low level of online security awareness, he said.

“Public computers are typically at higher risk for malware infections and when used by an unsuspecting user, the chances of a successful fraudulent transfer are much higher.”

Link: http://www.pcworld.com/article/2039502/new-citadel-malware-variant-targets-payza-online-payment-platform.html