Handling Destructive Malware. Overview Destructive malware presents a direct threat to an organization’s daily operations, directly impacting the availability of critical assets and data.
Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event. This publication is focused on the threat of enterprise-scale distributed propagation methods for malware and provides recommended guidance and considerations for an organization to address as part of their network architecture, security baseline, continuous monitoring, and Incident Response practices.
While specific indicators and modules related to destructive malware may evolve over time, it is critical that an organization assess their capability to actively prepare for and respond to such an event. Potential Distribution Vectors. Trojan program based on ZeuS targets 150 banks, can hijack webcams. A new computer Trojan based on the infamous ZeuS banking malware is targeting users of over 150 banks and payment systems from around the world, security researchers warn.
The new threat, dubbed Chthonic, is based on ZeusVM, a Trojan program discovered in February that is itself a modification of the much older ZeuS Trojan. “The Trojan is apparently an evolution of ZeusVM, although it has undergone a number of significant changes,” security researchers from antivirus vendor Kaspersky Lab said in a blog post. “Chthonic uses the same encryptor as Andromeda bots, the same encryption scheme as Zeus AES and Zeus V2 Trojans, and a virtual machine similar to that used in ZeusVM and KINS malware.”
Like ZeuS, Chthonic’s main feature is the ability to surreptitiously modify banking websites when opened by victims on their computers. Some 100,000 or more WordPress sites infected by mysterious malware. About 100,000 or more websites running the WordPress content management system have been compromised by mysterious malware that turns the infected sites into attack platforms that can target visitors, security researchers said.
The campaign has prompted Google to flag more than 11,000 domains as malicious, but many more sites have been detected as compromised, according to a blog post published Sunday by Sucuri, a firm that helps website operators secure their servers. Researchers have yet to confirm the cause of the infection, but they suspect it's related to a vulnerability in Slider Revolution, a WordPress plugin, that was disclosed in early September. Update: In a new blog post published after Ars went live with this brief, Sucuri says it has confirmed the so-called "RevSlider" vulnerability is the culprit. The in-the-wild attack observed by Sucuri causes infected sites to load highly obfuscated attack code on every webpage that includes the following:
Modified Zeus trojan targets numerous online banking systems. December 23, 2014 Chthonic is targeting more than 150 banks and 20 payment systems in 15 different countries, including in the U.S.
Researchers with Kaspersky Lab have discovered a new trojan – detected as Trojan-Banker.Win32.Chthonic, or ‘Chthonic' – that appears to be an evolution of ZeusVM, and is targeting more than 150 banks and 20 payment systems in 15 different countries, including in the U.S. Breaking the Code on Russian Malware. Twitter245 Facebook88 LinkedIn363 Google Plus9 Russia poses a serious cyber threat to industrial control systems (ICS), pharmaceutical, defense, aviation, and petroleum companies.
Russian government cyber operations aim to use malware to steal information on files, persist on ICS equipment, and commit espionage. According to a 2014 GData Red Paper, Uroburos malware’s “modular structure allows extending it with new features easily, which makes it not only highly sophisticated but also highly flexible and dangerous.” Understanding these threats posed by the malware and Russia’s objectives will go a long way to securing networks. There is nothing quick about studying Russian cyber operations. 'Skeleton Key' Malware Bypasses Authentication on AD Systems. Researchers at Dell SecureWorks' Counter Threat Unit (CTU) have discovered malware that sidesteps authentication on Active Directory (AD) systems protected only by passwords.
Dubbed 'Skeleton Key', the researchers found the malware on a client network that used single-factor authentication for access to webmail and VPN – giving the threat actor total access to remote access services. According to CTU, the malware requires an attacker have domain administrator credentials in order to be deployed, and has been observed being used by attackers who have stolen credentials from critical servers, administrators' workstations and the targeted domain controllers. "What raises the alarm about the Skeleton Key malware is that it enables the adversary to trivially authenticate as any user, using their injected password, this could give them access to the target’s webmail or VPN if that was relying upon AD for authentication," said Don Smith, CTU director of technology.
PME visées par un cheval de Troie bancaire. Beaucoup d'envois font mention d'un prétendu fax transmis par courriel.
Ils indiquent habituellement à la rubrique Objet «Fax message has been receive» et comportent en annexe un fichier intitulé «FAX_XXXXXXXXXXXX.zip», où X peut être n'importe quel nombre. VIDEO - iPhone 6 : un malware se propage sur les smartphones Apple. Un nouveau malware vient d'être détecté par Trend Micro.
Ce dernier attaque tous les iPhone. Un logiciel espion fait régner la terreur sur tous les utilisateurs d'iPhone. Pour la première fois, un malware est capable de faire du mal à un iDevice qui ne serait même pas sous Jailbreak. XAgent serait développé par un groupe pro-russe. Le logiciel peut infecter un terminal sous iOS 7 et iOS 8. Il ne s'installe pas via l'App Store. Découverte d’une nouvelle technique de camouflage dans un malware.
Kaspersky a découvert Podec, le premier cheval de Troie à faire croire à un système CAPTCHA qu'il est humain. Le spécialiste en sécurité Kaspersky a donné des détails sur ce qu’il pense être le premier logiciel malveillant à déjouer le système de reconnaissance d’image CAPTCHA.
Baptisé Podec, le logiciel utilise des techniques pour convaincre le système qu’il est une personne dans le but d’infecter des milliers d’utilisateurs Android et de les abonner à des services surtaxés. DrWeb : Un Trojan downloader se cache dans les documents Word. Parmi les logiciels malveillants détectés par Dr.Web dans le trafic email, les spécialistes trouvent régulièrement des messages contenant une pièce jointe dangereuse, appartenant à la famille de malwares W97M.DownLoader.
Ici, le malware W97M.DownLoader.507est analysé. W97M.DownLoader.507 représente un document Microsoft Word, distribué en pièce jointe. L’échantillon obtenu par les spécialistes de Doctor Web est distribué sous couvert d’un message FAX, mais les malfaiteurs ont fait une erreur en indiquant une mauvaise date de création du document. Le document est prétendument crypté par RSA. Pour pouvoir en lire le contenu, la victime potentielle est invitée à activer les macros. Le document contient également une page vide qui contient en réalité du texte tapé en blanc.