Tasty Spam: Sneaky URLs Trick Victims in Diet-Pill, Work-From-Home-Scams

By |May 30th, 2014|Categories: Security, Tech News, Virus Alerts|

Via Flickr user Jerry PankMail providers are getting better at filtering out spam before it even hits our Inboxes. Even so, some messages still get through. The spammers are continually tweaking their campaigns to get past the spam filters. Sometimes, we get spammed because our friends fell for a scam. Spam is still a problem, but it is one we can solve.

SecurityWatch asked the security experts at Cloudmark to flag and analyze an ongoing spam campaign. We take a look at the type of messages being sent and the infrastructure behind the operation used. This month, we look at an operation called “Com Spammers.”

The Com Spammer Operation
The Com Spammer operation specializes in work-from-home schemes, diet pills, and recently, a miracle anti-aging skin cream. The gang monetizes the email and SMS spam campaigns through victims who sign up to buy one of these products. In the case […]

A Week in the News: eBay Hacked, Internet Explorer Vulnerable

By |May 29th, 2014|Categories: Security, Tech News|

This week wasn’t an overly busy one in terms of security news. However, yesterday’s announcement that attackers breached a server containing user passwords at the online retail and auction giant eBay has to be the biggest story of the week. Closely behind that – in terms of importance – was the emergence of yet another zero-day in Microsoft’s very widely used Internet Explorer Browser. Stepping away from bad news, Samsung is going beyond fingerprints, identifying new ways of biometric authentication. And, as always, we have some patches to mention, if only in passing.


eBay Compromised

eBay announced yesterday through its corporate website (eBay Inc.) that attackers compromised a database containing customer names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth. Because encrypted passwords were stored in the breached server, eBay will be forcing users to change passwords in the coming […]

The Magic of KAVremover

By |May 29th, 2014|Categories: Security, Tech News, Virus Alerts|

If you have been following our blog for a while, you know something about what problems you may encounter installing our products and how to solve them. We have already examined what happens when the system requirements are not observed, but there is another common reason why installation may fail. Here in Kaspersky Lab Technical Support, we call it “leftovers”. For those who speak literary English, we will paraphrase it as “system files and registry keys remaining after a previously installed Kaspersky Lab product had been removed.” If a previous version of a product was not uninstalled completely, you may be unable to install a newer version.


Where do the leftovers come from? First of all, they may appear because of the operating system errors. If your Windows copy is damaged and works incorrectly, it may result in the malfunction of the Windows Installer […]

Trustwave Global Security Report Is Bursting With Valuable Data

By |May 29th, 2014|Categories: IT Industry, Security, Tech News|

Trustwave Global Security Report 2014

Are you in charge of your company’s Internet security? Do you manage the people who are? Then you should read the 2014 Trustwave Global Security Report. Don’t be put off by its size (nearly 100 pages). The report is formatted like a giant infographic, so it’s easy to grasp the facts it presents. In fact, even if you have nothing to do with managing website security, you may want to give it a read. Here are some of the high points.

How’d They Get In?
The data for this report comes from almost 700 Trustwave breach investigations in 2013, along with data from their operations centers, security telemetry, and research. 85 percent of the breaches made use of vulnerabilities in third-party tools, among them Java, Flash, and Adobe Reader. 85 percent! It’s not enough to to put Windows Update in automatic […]

Buyer (and Seller) Beware: eBay Suffers Data Breach

By |May 29th, 2014|Categories: Security, Tech News, Virus Alerts|

eBay Inc., the well-known digital auction house where users can purchase anything from concert memorabilia to an automobile, announced on Wednesday that the company suffered a cyberattack. The attack that occurred in late February and early March (but was first discovered 2 weeks ago), compromised a database containing encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth, according to the company’s official public statement.

eBay is urging its 150 million active users to change their passwords immediately. The company said there’s no evidence that the compromise has led to unauthorized activity on user accounts. Nor has the breach given hackers access to financial data, which is stored and encrypted on a separate database. Finally, no information used on PayPal, a subsidiary of eBay Inc. that allows for hassle free payments online, was compromised.

The attack was first detected two weeks ago after a “small number of […]

Iranian Keylogger Marmoolak Enters via Backdoor

By |May 29th, 2014|Categories: Security, Tech News, Virus Alerts|

Targeted attacks have several stages, sometimes called the APT kill chain. At McAfee Labs we prefer the model described by Lockheed Martin:

Marmoolak 1

As part of the weaponizing phase, attackers often put a payload into a file that, once installed, will connect in the C2 (command and control) phase to the attacker. A very common payload used by many password-stealing malware is a keylogger. The purpose of keylogging is to capture the users’ keystrokes, and gather credentials and links to internal and external resources. The stolen credentials can later be used to weaponize another file or serve as part of the actions phase of the APT kill chain.

One example we recently ran into is the malware Marmoolak, an Iranian keylogger with the MD5 F09D2C65F0B6AD55593405A5FD3A7D91.

We traced the first appearance of this keylogger to a Middle-East forum:

Marmoolak 2

Although some keyloggers may capture […]

Despite source code leak, Android malware fetches top $5,000 price

By |May 29th, 2014|Categories: Mobile/Wireless Devices, Security, Tech News, Virus Alerts|

Symantec says the iBanking malware is stealing one-time passcodes for banking applications

May 20, 2014
(IDG News Service)

Despite a leak of its source code, an Android program aimed at compromising online bank accounts is still commanding $5,000 per copy, one of the highest prices seen for a type of malware, according to research from Symantec.

Symantec and RSA published details on their blogs on Tuesday about iBanking, which is being used by two Eastern European cybercrime groups to intercept one-time SMS passcodes used for logging into bank accounts.

IBanking is notable for its wide range of features and defensive measures that thwart analysis by security researchers. It can steal just about any information on an Android device, record calls or forward calls to another phone, Symantec wrote.

The malware often appears in Android app marketplaces as a legitimate banking application. It appears victims who are targeted already have a […]

“Hack-Proof” TextKey Turns SMS Authentication on Its Head

By |May 28th, 2014|Categories: IT Industry, Security, Tech News|

TextKey SMS Authentication

You’ve probably encountered one of the website authentication schemes that work by sending a one-time code to your smartphone and having you enter it online. The Mobile Transaction Authentication Numbers (mTANs) used by many banks are one example. Google Authenticator lets you protect your Gmail account in the same way, and various other services—LastPass, for example—support it as well. Unfortunately, the bad guys already know how to subvert this type of authentication. TextKey’s SMS authentication is a new approach, one that protects every stage of the authentication process.

Turn It Around
Old-style SMS authentication sends that one-time code to the user’s registered mobile number. There’s no way to be sure that code wasn’t caught by malware or intercepted using a clone of the phone. Next, the user types the code into the browser. If the PC is infected, the […]

Facebook wants to know if you’re single

By |May 28th, 2014|Categories: Security, Tech News|

A sign with the 'like' symbol stands in front of the Facebook headquarters in Menlo Park, California.
A sign with the ‘like’ symbol stands in front of the Facebook headquarters in Menlo Park, California.

    • Facebook adds “Ask” feature to let users inquire about friends’ relationships
    • “Ask” button appears next to info that’s not filled out
    • Only friends can inquire, and receiver may respond privately
    • Users can also “Ask” about a friend’s job or hometown

(CNN) — There’s no “Hey, baby, what’s your sign?” button. But if you have a friend with a mysteriously undefined love life, Facebook may have just become a little more like a singles bar at closing time.

A new “Ask” feature lets you ping friends who haven’t set their Relationship Status and ask them what’s up. Facebook has been quietly rolling out the feature for testing in select countries, including the United […]

Rush to fight Heartbleed leads to errors with certificates and patches

By |May 28th, 2014|Categories: Security, Tech News, Virus Alerts|

Some reissued SSL certificates use the same vulnerable key as the ones they replace, and some sites moved to a vulnerable version of OpenSSL

May 9, 2014

(IDG News Service)

Despite taking prompt action to defend against the Heartbleed attack, some sites are no better off than before — and in some cases, they are much worse off.

Many of the sites that patched vulnerable OpenSSL installations after the Heartbleed attack was revealed on April 7 then went on to revoke compromised SSL certificates and order new ones. But 30,000 sites are now using replacements based on the same compromised private key as the old certificate, according to a study by Internet services company Netcraft released Friday.

That means that anyone who managed to steal the private key of such a server before it was patched could still use the key to impersonate the server in […]