Some time back I remember an article I had on vcodec not being a legitimate video codec. At the time there was some malware claiming to be vcodec and “required” to view some content…. well, posing as a codec download is a good way to trick people into downloading it seems and there are more out there that use the same trick. Sunbeltblog brings not one, but two fake codec sites to watch for today.
Tag: malware
-
Beware visiting Samsung’s site
Betanews is reporting that Samsung’s site has been hacked and is currently serving up malware in some areas. user intervention is required for it to run on the users pc, but be cautious. Samsung has been notified, but as of Friday morning (according to the report) the trojan horse is still there. I really wonder if it hasn’t occured to them to pull the whole thing offline to clean things up?
-
Being cautious with web links
Once upon a time the bad payload of a malicious email was it’s attachment, that still happens, but in many cases the links are the real lure – like a worm dangled in the water in front of a hungry fish…. the links though hide a danger on the other side…. the hook in our analogy. Brian Krebs writes about a utility called linkscanner that scans a given link to see if it’s hosting up malware. It’s from a place called Exploit Prevention Labs. I don’t know that I’d trust it completely as a safety net, but it might be worthwhile as another level in the defences.
-
Hiding malware may evade antivirus
Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly encoded exe file (windows executable or program file.) It took several iterations of their analysis to uncover the actual file. A followup referred to a study of “hiding” malware in various Microsoft Word supported formats and how successful (or unfortunately UNsuccessful) several antivirus programs tested were able to identify it. This was performed by running the files through virus total and the virus was the EICAR test pattern.
-
Google trying to warn about dangerous pages
SunbeltBlog is talking about a new sign that Google is stepping up to try to protect users against potentially malicious sites. They have a screenshot, which I was able to verify, that gives a warning before allowing a user to proceed to a page that “Warning – the site you are about to visit may harm your computer!”. Very good, I suspect they’re either tagging sites based on certain keywords or perhaps even binary blobs found?
-
Targetting the OS is old hat….
The Register sums up the Black Hat briefings pretty well. The Operating System level has received a lot of scrutiny in recent years for security flaws and as a result there has been a good deal of improvement there and so now, researchers are heading to the low hanging fruit of the REST of the software stack, be it the drivers, or browsers, or office software. Another area of software were those class of programs that run checking for updates for OTHER software. It’s time to realize that most ANY piece of software could compromise system security and updates need to be expected for most any part of the “software stack”.
-
Bleeding Snort caution
For those of you that aren’t aware…. Bleeding Snort is a collection of “bleeding edge” snort signatures. Snort is an intrusion detection framework. This note is by way of SARC that the bleedingsnort.org domain is now no longer under their control. bleedingsnort.com is and continues to be their official domain. Unfortunately it appears as though the .org address may now be used as a host for malware. (It’s at least currently serving up ads to leech off the mistaken traffic.) SOOOO…. bottom line – bleedingsnort.com is the official site for the Bleeding Edge Snort project. More details here.
-
Google search for malware accessible to all…
The metasploit project is now hosting a malware search that uses Google. It essentially uses a binary google search technique that was referenced last week to find malicious files hosted on the web. Of course, this will be partly limited by Google’s indexing which recently has not been quite as thorough as before, but… all you have to do is search by a virus name and find matches. I can see where this is useful for research. What I DON’T understand is why Google doesn’t integrate scanning of content into the googlebot indexing. It would take a lot of processor power. Well…. I think Google would come close to having enough to take a stab at this. I think they should AT LEAST…
-
Anonymized Botnet?
Sans has a story on botnet traffic spotted coming from the TOR network. Now, I had to refresh my memory on what TOR is, but it’s an anonymizing network, essentially a computer running TOR, would collect a list of TOR client machines on the internet and then connections to other pcs are routed through encrypted connections through several different pcs, which masks the origination of the data request. Of course, this doesn’t mean that botnets are actively making use of TOR, it could just be an inadvertant…. “route all my traffic through TOR” computer got a bug….
-
Sophos suggests…. for more safety – get a Mac
Analyzing the state of the computer world…. Sophos Antivirus has suggested that consumers consider a Mac for their next PC if they’re concerned about the increasing swarm of malware targetting Windows PC’s. The main point being there are no ACTIVE malware threats against Mac systems and Windows still seems to be increasingly targetted. Mac will likely be less malware prone for the foreseeable future. No, MAC users – that is NOT an excuse to ignore Security updates!!!!