blog trackingRealtime Web Statistics hijacks Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘hijacks’

Chrome extensions malware hijacks Facebook profiles

Kaspersky Lab has found malware-laden Chrome extensions, along with a criminal gang playing cat and mouse with Google by releasing several variations of its wares.

The attacks manifest as suggestions to download Facebook apps. Those apps are, alas, not real. Instead they are malware and, in one case, a malware-laden Chrome extension hosted in Google’s very own Chrome Web Store.

The malware pretends to be a Flash Player installer but instead downloads a Trojan which writes messages to a victim’s Facebook profile and automatically Likes certain pages.

The former activity contains an alluring message suggesting your Friends download the same malware. The auto-Liking behaviour is part of a pay-per-Like scheme that helps the criminals to cash in.

Variations on this attack have been around for a few weeks now, Kaspersky says, but is so far largely confined to Brazil and other Portuguese-speaking nations.

Google is pulling the malware as fast as the criminals can sneak new variants into the Chrome Web Store.

Researcher Fabio Assolini suggests: “Be careful when using Facebook. And think twice before installing a Google Chrome extension.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/25/chrome_web_store_malware_hijacks_facebook_profiles/

View full post on National Cyber Security » Virus/Malware/Worms

Malware hijacks file host SendSpace to steal information

Trend Micro researchers have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval.

Malware authors have used file-hosting and sharing servers for that purpose before, but this is the first time malware has been noticed to do that automatically, wrote Roland Dela Paz, a threat response engineer with Trend Micro.

SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote.

It appears SendSpace’s terms of service would prohibit use of the site that way. SendSpace said in response to an email that it was “notified of this several days ago by Trend Micro themselves, and we’re working to find a solution for this.”

File storage services offer several advantages for cybercriminals, said Rik Ferguson, director of security research and communication for Trend Micro in Europe.

Although the cybercriminals often use networks of proxy computers to mask how they are communicating with a compromised computer, using a storage service adds another layer, Ferguson said. “It breaks in some ways the chain of evidence,” he said.

Also, authorities would be less likely to take down a legitimate file-hosting service than a new server set up by scammers, Ferguson said.

The services are especially useful for so-called Advanced Persistent Threat attacks, where cyberspies seek to infiltrate an organisation for a long period of time, Ferguson said. There is also a better chance that organisations that are hacked will not regard outbound connections to a file-hosting service as suspicious, making it less likely the connection will be shut down, he said.

“Basically it’s criminals taking advantage of public infrastructure to appear less suspicious,” Ferguson said.

Article source: http://rss.feedsportal.com/c/270/f/470440/s/1c6fc3a1/l/0Lnews0Btechworld0N0Csecurity0C33352750Cmalware0Ehijacks0Efile0Ehost0Esendspace0Esteal0Einformation0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Virus/Malware/Worms

Malware hijacks file host SendSpace to steal information

Trend Micro researchers have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval.

Malware authors have used file-hosting and sharing servers for that purpose before, but this is the first time malware has been noticed to do that automatically, wrote Roland Dela Paz, a threat response engineer with Trend Micro.

SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote.

It appears SendSpace’s terms of service would prohibit use of the site that way. SendSpace said in response to an email that it was “notified of this several days ago by Trend Micro themselves, and we’re working to find a solution for this.”

File storage services offer several advantages for cybercriminals, said Rik Ferguson, director of security research and communication for Trend Micro in Europe.

Although the cybercriminals often use networks of proxy computers to mask how they are communicating with a compromised computer, using a storage service adds another layer, Ferguson said. “It breaks in some ways the chain of evidence,” he said.

Also, authorities would be less likely to take down a legitimate file-hosting service than a new server set up by scammers, Ferguson said.

The services are especially useful for so-called Advanced Persistent Threat attacks, where cyberspies seek to infiltrate an organisation for a long period of time, Ferguson said. There is also a better chance that organisations that are hacked will not regard outbound connections to a file-hosting service as suspicious, making it less likely the connection will be shut down, he said.

“Basically it’s criminals taking advantage of public infrastructure to appear less suspicious,” Ferguson said.

Article source: http://rss.feedsportal.com/c/270/f/470440/s/1c6fc3a1/l/0Lnews0Btechworld0N0Csecurity0C33352750Cmalware0Ehijacks0Efile0Ehost0Esendspace0Esteal0Einformation0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Virus/Malware/Worms

‘Ramnit’ worm hijacks 45,000 Facebook logins

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company’s online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine’s and Web site’s coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media’s internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan’s activities, follow him on Twitter.

Article source: http://www.zdnet.com/blog/security/ramnit-worm-hijacks-45000-facebook-logins/9934

View full post on National Cyber Security » Virus/Malware/Worms

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!