blog trackingRealtime Web Statistics Flash Archives - Page 3 of 3 - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Flash’

Mac Trojan malware masquerades as flash player update


A new Trojan malware is targeting computers running Apple Inc.’s Mac OS X, masquerading as an update to Adobe’s Flash software and fooling users into installing it.

Mac security firm Intego said the malware, which it identified as OSX/flashback.A, exploits default settings on OS X’s built-in browser Safari to automatically download and install.

“Users visiting certain malicious websites may see a link or an icon to download and install Flash Player. Since Mac OS X Lion does not include Flash Player, some users may be fooled and think this is a real installation link. When they click the link, an installation package downloads, and, if the user is using Safari as their web browser, the Mac OS X Installer will launch,” it said in a blog post.

It noted the Safari browser considers installer packages, with .pkg or .mpkg extensions, to be “safe” files and will by default launch them after download.

Once launched, the installer will deactivate some network security software – specifically “Little Snitch” – but Intego said it has no effect on its “Intego VirusBarrier X6″ product.

The Trojan will then delete the installation package itself, and install a dyld (dynamic loader) library and auto-launch code, allowing it to inject code into applications the user launches.

“This code, installed in a file at ~/Library/Preferences/Preferences.dylib, connects to a remote server, and sends information about the infected Mac to this server: this includes the computer’s MAC address, a unique identifier. This will allow the malware to detect if a Mac is infected,” Intego said.

Intego advised Mac users not to download a Flash Player installer from any site other than adobe.com.

Mac OS X Lion does not include Flash Player, but users who wish to install this software should visit Adobe’s website: http://www.adobe.com/products/flashplayer/, it said.

Also, it advised Mac users who use Safari as their web browser, to uncheck Open “safe” files after downloading in the program’s General preferences.

This will prevent installer packages—whether real or malicious—from launching automatically, it said.

“Finally, if an installer claiming to be a Flash Player installer appears, users should be very careful to ensure that they did, indeed, download it from Adobe’s web site. If not, they should quit the installer,” it said.

Another security firm, Sophos, said its free anti-virus for Mac home users detects the Flashback malware as OSX/FlshPlyr-A.

Sophos also warned it is easy to imagine how cybercriminals could trick Mac users into infecting their computers with this malware.

“For instance, it would be child’s play to create a website which pretends to show something salacious … and then when you try to view it, you’re prompted to install an update to Adobe Flash. Of course, rather than the genuine Flash you would be installing the Trojan horse,” it said. — LBG, GMA News

Article source: http://www.gmanews.tv/story/233854/technology/mac-trojan-malware-masquerades-as-flash-player-update

View full post on National Cyber Security » Virus/Malware/Worms

(1) HIGH: Adobe Flash Player Multiple Vulnerabilities

Category: Widely Deployed Software

Affected:

  • Adobe Flash Player for Windows, Macintosh, Linux, and Solaris versions prior to 10.3.183.7
  • Adobe Flash Player for Android prior to 10.3.186.6

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Gergory Evans

(1) HIGH: Adobe Flash Player Multiple Vulnerabilities

Category: Widely Deployed Software

Affected:

  • Adobe Flash Player for Windows, Macintosh, Linux, and Solaris versions prior to 10.3.183.7
  • Adobe Flash Player for Android prior to 10.3.186.6

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Mac users beware: Malware masquerades as Flash installer

On Monday, security company Intego warned Mac users of a new Trojan horse that masquerades as a Flash Player installation package for OS X Lion.

Intego reported that the Flashback malware is available on some sites that offer a link or icon to install Flash Player. Lion users may be vulnerable to the scam because the operating system doesn’t automatically include Flash. If users do click on the malicious link in Safari (launching the Mac OS X Installer), the software deactivates some security code, then deletes the original installation package. The malware then sends information about the infected Mac back to a remote server. Intego analysts are still investigating Flashback’s purposes.

Protecting your Mac from this Flashback is relatively easy: Only download Flash from Adobe.com.

Monday’s announcement is the second Trojan horse warning to Mac users in the last week. On Friday, security firm F-Secure warned against Trojan-Dropper:OSX/Revir.A, which appears as a Chinese-language PDF; open it up, and a backdoor connection to a remote server is made. 

As Macworld‘s Serenity Caldwell noted after Friday’s warning about the PDF malware, one way for Mac users–particularly those who use Safari–to avoid a problem with Trojan horse malware is to uncheck Safari’s Open ‘Safe’ Files After Downloading option (Safari – Preferences – General); then, as long as you practice common sense computing, you should be safe from most malicious attacks. You should also be sure to keep your OS X malware definitions up to date.

Article source: http://rss.feedsportal.com/c/270/f/470440/s/18e3e3aa/l/0Lnews0Btechworld0N0Capplications0C330A63520Cmac0Eusers0Ebeware0Emalware0Emasquerades0Eas0Eflash0Einstaller0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Virus/Malware/Worms

Intego: Malware masquerades as Flash installer

On Monday, security company Intego warned Mac users of a new Trojan horse that masquerades as a Flash Player installation package for OS X Lion.

Mac OS X Server 10.7 (Lion) Server

Mac OS X Server 10.7 (Lion) Server Complete Coverage »

Pricing

Latest Price: $49.99

Get it


  • New Mac malware variant surfaces, poses as PDF

  • Inside Snow Leopard’s hidden malware protection

  • Update brings enhanced malware protection for Snow Leopard
  • First Look: Trojan Horse warning: What you need to know


  • Intego: New variant of Mac Trojan horse doesn’t require a password

  • New Mac Trojan horse masquerades as virus scanner
  • Reports emerge of Mac OS X Trojan horse or worm

Intego reported that the Flashback malware is available on some sites that offer a link or icon to install Flash Player; Lion users may be vulnerable to the scam because the operating system doesn’t automatically include Flash. If users do click on the malicious link in Safari—launching the Mac OS X Installer—the software deactivates some security code, then deletes the original installation package. The malware then sends information about the infected Mac back to a remote server. Intego analysts are still investigating Flashback’s purposes.

Protecting your Mac from this Flashback is relatively easy: Only download Flash from Adobe.com.

Monday’s announcement is the second Trojan horse warning to Mac users in the last week. On Friday, security firm F-Secure warned against Trojan-Dropper:OSX/Revir.A, which appears as a Chinese-language PDF; open it up, and a backdoor connection to a remote server is made. 

As Macworld’s Serenity Caldwell noted after Friday’s warning about the PDF malware, one way for Mac users—particularly those who use Safari—to avoid a problem with Trojan horse malware is to uncheck Safari’s Open ‘Safe’ Files After Downloading option (Safari – Preferences – General); then, as long as you practice common sense computing, you should be safe from most malicious attacks. You should also be sure to keep your OS X malware definitions up to date.

Hi Tech Crime Solutions

Article source: http://www.macworld.com/article/162496/2011/09/intego_malware_masquerades_as_flash_installer.html

View full post on National Cyber Security » Virus/Malware/Worms

#Flash* Malware targeting Android devices up 76%

KUALA LUMPUR: McAfee Labs has raised the alarm that the amount of malware targeted at Android devices jumped 76% since the last quarter, making it the most attacked mobile operating system

In its McAfee Threats Report: Second Quarter 2011, it said this year was the busiest ever first half-year in malware history, including a first-ever appearance of Mac fake AV and a significant uptick in rootkits.

Senior vice president of McAfee Labs, Vincent Weafer said for this year, there was a record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity.

“Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message,” he said.

The report also stated the specific activity shaping the way cybercriminals operate, such as cybercrime “pricebooks” that determine the going rate for large email address lists, and acts of hacktivism and cyberwar.

McAfee Labs highlighted that with the vast amount of personal and business data now found on user’s mobile phones, mobile malware was steadily increasing, often mimicking the same code as PC-based threats.

In the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers.

While Symbian OS and Java ME remain the most targeted to date, the rapid rise in Android malware in the second quarter indicated that the platform could become an increasing target for cybercriminals – affecting everything from calendar apps, to comedy apps to SMS messages to a fake Angry Birds updates.

McAfee Labs said with about 12 million unique samples for the first half of 2011, a 22 percent increase over 2010, this has been the busiest first half-year in malware history.

It said with the addition of 2Q numbers, the total malware samples in McAfee’s database had reached about 65 million, and McAfee researchers estimate that this “Malware Zoo” will reach at least 75 million samples by the year’s end.

McAfee also said Apple had now become more a target for malware authors because of more Mac users and organisations increasingly adopt Macs for business use.

“Though historically the Apple platform has been unaffected by fake anti-virus (fake AV) software, activity in Q2 indicates that it is now being affected. Although this type of fake AV is the first of its kind, McAfee Labs does expect fake AV in general will drop off over time,” it said.

McAfee Labs said another malware category which had been steadily growing was stealth malware.

It said cybercriminals hid malware in a rootkit to make malware stealthier and more persistent. This type of attack had been on the rise over the past year, with high-profile attacks such as Stuxnet. Stealth malware has increased more rapidly in the last six months than in any previous period, up almost 38% over 2010.

McAfee Labs also highlighted concerns about hacktivism, primarily from the groups Anonymous and LulzSec.

These two groups were among some of the most prominent cyber news generators for 2Q.

The report also detailed hacktivist activity from Q2, with at least 20 global attacks reported in 2Q alone, and most allegedly at the hands of LulzSec.

Acts of cyberwar also occurred in 2Q, which included attacks on the US Oak Ridge National Laboratory, and an attack on South Korea’s National Agricultural Cooperative Federation.

As for spam, it said, though it was still at historic low levels, due in part to the Rustock takedown, McAfee Labs was expecting a sharp rise in activity over the coming months.

“A common method for cybercriminals to increase their volume of spam activity is to purchase a bulk list of emails in order to flood as much spam as possible to a widespread group of people. Whether it’s a botnet or a rental service, prices vary for such enterprises, often by location.

“For instance, in the United States, the going rate for 1 million emails is $25, whereas in England 1.5 million emails are worth $100,” it said.

Article source: http://www.theedgemalaysia.com/index.php?option=com_content&task=view&id=191859&Itemid=88

View full post on National Cyber Security » Virus/Malware/Worms

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

#Flash* Malware targeting Android devices up 76%

KUALA LUMPUR: McAfee Labs has raised the alarm that the amount of malware targeted at Android devices jumped 76% since the last quarter, making it the most attacked mobile operating system

In its McAfee Threats Report: Second Quarter 2011, it said this year was the busiest ever first half-year in malware history, including a first-ever appearance of Mac fake AV and a significant uptick in rootkits.

Senior vice president of McAfee Labs, Vincent Weafer said for this year, there was a record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity.

“Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message,” he said.

The report also stated the specific activity shaping the way cybercriminals operate, such as cybercrime “pricebooks” that determine the going rate for large email address lists, and acts of hacktivism and cyberwar.

McAfee Labs highlighted that with the vast amount of personal and business data now found on user’s mobile phones, mobile malware was steadily increasing, often mimicking the same code as PC-based threats.

In the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers.

While Symbian OS and Java ME remain the most targeted to date, the rapid rise in Android malware in the second quarter indicated that the platform could become an increasing target for cybercriminals – affecting everything from calendar apps, to comedy apps to SMS messages to a fake Angry Birds updates.

McAfee Labs said with about 12 million unique samples for the first half of 2011, a 22 percent increase over 2010, this has been the busiest first half-year in malware history.

It said with the addition of 2Q numbers, the total malware samples in McAfee’s database had reached about 65 million, and McAfee researchers estimate that this “Malware Zoo” will reach at least 75 million samples by the year’s end.

McAfee also said Apple had now become more a target for malware authors because of more Mac users and organisations increasingly adopt Macs for business use.

“Though historically the Apple platform has been unaffected by fake anti-virus (fake AV) software, activity in Q2 indicates that it is now being affected. Although this type of fake AV is the first of its kind, McAfee Labs does expect fake AV in general will drop off over time,” it said.

McAfee Labs said another malware category which had been steadily growing was stealth malware.

It said cybercriminals hid malware in a rootkit to make malware stealthier and more persistent. This type of attack had been on the rise over the past year, with high-profile attacks such as Stuxnet. Stealth malware has increased more rapidly in the last six months than in any previous period, up almost 38% over 2010.

McAfee Labs also highlighted concerns about hacktivism, primarily from the groups Anonymous and LulzSec.

These two groups were among some of the most prominent cyber news generators for 2Q.

The report also detailed hacktivist activity from Q2, with at least 20 global attacks reported in 2Q alone, and most allegedly at the hands of LulzSec.

Acts of cyberwar also occurred in 2Q, which included attacks on the US Oak Ridge National Laboratory, and an attack on South Korea’s National Agricultural Cooperative Federation.

As for spam, it said, though it was still at historic low levels, due in part to the Rustock takedown, McAfee Labs was expecting a sharp rise in activity over the coming months.

“A common method for cybercriminals to increase their volume of spam activity is to purchase a bulk list of emails in order to flood as much spam as possible to a widespread group of people. Whether it’s a botnet or a rental service, prices vary for such enterprises, often by location.

“For instance, in the United States, the going rate for 1 million emails is $25, whereas in England 1.5 million emails are worth $100,” it said.

Article source: http://www.theedgemalaysia.com/index.php?option=com_content&task=view&id=191859&Itemid=88

View full post on National Cyber Security » Virus/Malware/Worms

Adobe admits Google engineer responsible for Flash Player bug patches

Adobe last week acknowledged that as many as 80 bugs in Flash Player were reported by a Google security engineer, as it continued to defend its decision not to spell out details of the vulnerabilities.

Google also cited the same number, apparently putting to rest the spat between the engineer, Tavis Ormandy, and Adobe. In a pair of blog posts, Adobe and Google spelled out how the number “400″ that Ormandy had cited ended up being cut by 80%.

“The initial run of the ongoing effort resulted in about 400 unique crash signatures, which were logged as 106 individual security bugs following the initial triage,” said Brad Arkin, Adobe’s senior director of product security and privacy. “As these bugs were resolved, many were identified as duplicates that weren’t caught during the initial triage. In the final analysis, the Flash Player update we shipped earlier this week contains about 80 code changes to fix these bugs.”

Google’s blog post, which was attributed to Chris Evans, Matt Moore and Ormandy, all members of the company’s security team, used almost-identical language to describe the bug count culling. In the post, Google also said it had devoted 2,000 CPU cores over a four week period to the massive “fuzzing” project directed at Flash.

Last week, Ormandy had questioned not only the bug total, but Adobe’s decision not to list each of the vulnerabilities in the security bulletin that accompanied the update.

“To us, the joint projects we do with partners, including Google, are extensions of our internal security review and code hardening,” said Arkin.

Because it does not consider those flaws publicly known, Adobe does not assign them a CVE (Common Vulnerabilities and Exposures) designation, Arkin said. When it issued the Flash Player update and security bulletin, it listed just 13 CVEs. On Friday it added one more to account for those reported by Ormandy and Google.

“This update resolves multiple memory corruption vulnerabilities that could lead to code execution,” Adobe stated in the new entry for CVE-2011-2424.

Normally, Adobe doesn’t reveal a number associated with vulnerabilities it or its partners have found, and that have been patched. But Arkin acknowledged that it needed to do exactly that this time. “With every release [of Flash Player] we do a lot of code hardening, but because there’s been public discussion, this internal topic has become external,” Arkin said.

Andrew Storms, director of security operations at nCircle Security, put that into plainer words. “They were forced to,” said Storms.

CVEs are used by security researchers to correlate and coordinate publicly disclosed vulnerabilities, said Storms, and by others, including analysts, the media and security professionals within organisations, to gauge how often a product is patched and how the vendor deals with bugs. “If a product has a large number of CVEs, there’s more concern about those managing the development lifecycle of the product,” said Storms.

But since CVEs are assigned differently by different vendors, it’s tricky to use them to compare several products’ security prowess simply by looking at the numbers, Arkin argued.

Google and Mozilla, for instance, assign CVEs for vulnerabilities discovered by internal developers, as does Apple on occasion. Microsoft, like Adobe, does not.

In fact, Arkin credited the Chrome team’s different approach to CVE assignments for last week’s squabble. “We didn’t allocate any CVEs because we viewed this testing as part of the [Secure Product Lifecycle] that spans the joint engineering efforts with the Google Chrome team,” Arkin said in the blog. “This led to some confusion since the Google security team has a different approach to CVE allocation.”

Another reason why Adobe didn’t list each bug, or more specifically each code change that resulted from its analysis of Google’s fuzzing work, is that it simply didn’t have the time or resources.

“It’s incredibly expensive to do that,” said Arkin. “We’d rather drive those resources into making [Flash Player] better.”

Storms understood Adobe’s reluctance to list scores of CVEs. “There’s little value for them to do that because of the negative connotation around a high CVE count,” said Storms.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/176911d2/l/0Lnews0Btechworld0N0Csecurity0C32972430Cadobe0Eadmits0Egoogle0Eengineer0Eresponsible0Efor0Eflash0Eplayer0Ebug0Epatches0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Page 3 of 3«123

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!