Dorkbot Returns
Dorkbot, a worm known for spreading via social media, has returned with a new method of infection taking advantage of multi-protocol instant messaging apps like digsby and trillian. Because these instant messengers support multiple platforms such as AIM, MSN, Yahoo, ICQ etc. they can create larger avenues for infections. Aside from it’s method of propagation, dorkbot is also known for its ability to steal website login credentials by hooking to the API of certain web browsers. Dorkbot is often packaged with other malware that is downloaded and automatically executed. The worm tries to bypass facebook login authentication by using stored cookies, and once logged in if it detects the use of; safari, opera, internet explorer, firefox, chrome, or facebook messenger it will then spam all online friends with a link to download the worm.
Source:
http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-leads-to-facebook-and-multi-protocol-instant-messaging-worm/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29
Fake AV still prevalent
Imitation malware that tries to masquerade as legitimate antivirus products are still incredibly common, and often the most noticed malware. This particular picture is of a malware infection trying to imitate Microsoft security essentials and one of the most common at the moment.
Source:
http://www.net-security.org/malware_news.php?id=2480&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
Fake PayPal “Reset your password” request leads to malware
One of the most common phishing attacks this year is pictured above. A fake email targeting paypal customers claiming their accounts has been put on hold. Following the link leads to the malicious blackhole exploit kit we talked about a few months ago.
Sources:
http://www.net-security.org/malware_news.php?id=2478&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
http://blog.dynamoo.com/2013/04/requested-reset-of-yoyr-paypal-password.html
Spamhaus Suspect arrested
Last month we discussed the massive DDoS attack against the blacklist company Spamhaus.
S.K., the owner of CyberBunker who provides hosting to allegedly illegal and illicit companies is said to have performed the DDoS attack against spamhaus as retaliation for blocking a majority of their clients in blacklists. For more on this story visit
http://www.net-security.org/secworld.php?id=14834&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
DDoS attacks up 200% in the last month
Denial of service and distributed denial of service attacks used to be thought as an acceptable risk by a majority of industries a few years ago. Today this is no longer the case as more and more denial of service attacks are done for numerous reasons whether it be monetary gain, corporate espionage, political statements, or just kids messing around with bad codeing.
For more on DoS, check out the following articles:
http://www.darkreading.com/attacks-breaches/tech-insight-how-to-respond-to-a-denial/231002379
http://www.net-security.org/secworld.php?id=14831&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
http://www.us-cert.gov/ncas/tips/ST04-015
Video: http://www.youtube.com/watch?v=_stG99eN6Ec
Other suggested reading:
http://www.net-security.org/secworld.php?id=14856&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29 |
