by Ryan Naraine

GENEVA — In a sign that cyber-criminals are investing more time and resources into attacks against Apple’s Mac users, a new malware affiliate program has been discovered offering 43c for every infected Mac machine.

During an eye-opening presentation at the VB Conference 2009 conference here, Sophos Labs researcher Dmitry Samosseikko provided a glimpse into the “Partnerka,” a Russian network of spam and malware affiliates that have turned their attention to the Mac platform — using social engineering tricks to load fake codecs and scareware programs.

Samosseiko discussed the “codec-partnerka,” which is dedicated solely to the sale and promotion of fake Mac software.

He pointed to a site called Mac-codec.com (now offline) which was offering $0.43 for each malicious install, a price tag that suggests the Mac platform is becoming more and more lucrative to online crime gangs.

Spotted here

Chuck Miller September 30, 2009

An industry built on serving adware has become a full-fledged malware distribution channel, with a thriving underground economy, according to researchers at SecureWorks.

The business model is known as pay-per-install (PPI), and profits by recruiting “affiliates” willing to facilitate malware installation on victims' computers.

According to a new report from the SecureWorks Counter Threat Unit titled "The Underground Economy of the Pay-Per-Install Business," the method begins when an affiliate interested in building a network of infected computers signs up to a PPI site and receives files from the PPI provider.

In the past, such sites typically served as the breeding ground for adware distribution, but now criminals are recruiting opportunists so they can receive more-pernicious malicious code.

Spotted here

By Kim Zetter September 30, 2009 | 12:01 am | Categories: Cybersecurity, Hacks and Cracks

New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.

The sophisticated hack uses a Trojan horse program installed on the victim’s machine that alters html coding before it’s displayed in the user’s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances.

The ruse buys the crooks time before a victim discovers the fraud, though won’t work if a victim uses an uninfected machine to check his or her bank balance.

The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan.

Spotted here

Andrew LaVallee

Looking for a Google Wave invitation? Be careful what you search for.

Google has sent some 100,000 preview invites to the new messaging and collaboration tool, and the tech-savvy or merely curious are angling for one of their own.

Friday, August 28, 2009

As many as 70,000 websites have been compromised by hackers in the last week with a malicious iframe that can redirect site visitors to other sites containing Trojan malware.

Security researchers at ScanSafe said the affected websites are mostly based in China, Canada, the UK and India. Some of the compromised sites include feedzilla.com, latindiscover.com and a number of charitable and nursing facilities, including howellcarecenter.com, sweetgrassvillagealf.com, foodsresourcebank.org and morningsideassistedliving.com.

Mass compromises of legitimate websites through an attack known as SQL injection have spiked upward as of April, according to security researchers at Google.

Spotted here

Greg Masters - August 20, 2009

The number of users victimized by malware specifically intended to rob personally identifiable information (PII) leapt 600 percent this year compared to the same period in 2008, according to a report released on Thursday by PandaLabs, a division of Bilbao, Spain-based Panda Security.

Writing on the PandaLabs blog, Luis Corrons, PandaLabs' director, said that of the nearly 37,000 samples of new viruses, worms, trojans and other types of internet threats PandaLabs receives each day, 71 percent are trojans, the majority of which are intended to siphon bank details or credit card numbers, as well as passwords for other commercial services.

Spotted here

Windsor Genova - AHN News Writer

Sunnyvale, CA (AHN) - Visiting the "Top 100 Dirtiest" websites exposes computers to an average 18,000 viruses that can damage it or steal its users information, according to the U.S. anti-virus firm Norton Symantec.

Websites in the list compiled by the Sunnyvale-California-based company can do the damage and secretly compromise computer systems without the visitor downloading or clicking anything from the site.

Read more: »www.allheadlinenews.com/articles···oAQSMD4

Within the last two days there has been a new attack on Twitter users from Koobface, a virus that is familiar to Facebook and MySpace users.

This virus infects the PCs of users with a variant of the Koobface malware.

Trojans make up nearly three quarters of all new malware detected between April and June this year, says Panda Security.

According to the security firm's PandaLabs division, Q2 of 2009 also saw a six percent drop in spyware, which now accounts for just seven percent of all new malware.

Wednesday, July 15, 2009

Cybercriminals such as the botnet operators who unleash spam and malware increasingly borrow techniques from legitimate businesses to make their attacks more effective, according to the mid-year web security report from Cisco.

Driven by the bottom line, cybercriminals have been forming partnerships with one another to help make their illegal activities more lucrative.

The use of cell phone spyware by prying eyes, suspicious spouses, even stalkers is growing.

Action 3 News went on-line and found numerous programs that allow a would-be stalker to download spyware such as Flexispy and E-Stealth. The software allows the snooper to listen to somebody's private conversations, read their text messages, even conference in to private meetings. Click on the story link to see just how incredibly invasive this technology can be, violating your privacy if it ends up on your cell phone.

Action News

Mozilla's diligent cleanup rather than catching malicious add-ons before they reach the public has rankled some in the security community

By Thomas Claburn

Mozilla's commitment to secure software products is coming into question after a recent malware product software incident.
Earlier this month, the lack of security oversight in the Mozilla Firefox add-on community became apparent when Adblock Plus developer Wladimir Palant criticized Giorgio Maone, creator of the JavaScript-blocking extension NoScript, for altering NoScript to interfere with Adblock Plus.

Chuck Miller = May 21, 2009

A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive.

Gumblar has spread rapidly because malicious JavaScript on compromised sites seems to be dynamically generated.

by Elinor Mills

Updated at 4:20 p.m. PDT with Twitter phishing attack, at 4:10 p.m.

Chuck MillerMay 20, 2009

In a rare occurrence, a brand-new factory-sealed netbook has been found to contain malware, according to researchers at Kaspersky Lab.

The factory-infected device, an M&A Technology Touch netbook, came with trojans on the disk image, found during a routine compatibility test.

“This case shows once again that even brand new products can leave the factory infected,” wrote Roel Schouwenberg, senior anti-virus researcher with Kaspersky Lab, on the company's Viruslist blog. “Safeguarding against infected new devices is particularly difficult.”

Spotted here

By DEVLIN BARRETT, Associated Press Writer - Thu May 21, 2009

WASHINGTON - Law enforcement computers were struck by a mystery computer virus Thursday, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution.

Iain Thomson in San Francisco / vnunet.com, 18 Feb 2009

Less than a week after the last round of Microsoft Internet Explorer patches, security experts are already warning that exploit code is in circulation.

The particular flaw, MS09-002, is being exploited using a specially crafted Word document which is emailed to users. Once opened it installs malware onto the target system, including a Trojan to allow the malware to update itself.

»www.vnunet.com/vnunet/news/22366···ie7-flaw

“Traditional” with a twist: malware goes retro with the spread of the Sality.AO virus

Panda Security has noted an increase in the number of infections caused by Sality.AO, a virus that combines the features of traditional viruses (infecting files and damaging as many computers as possible to achieve notoriety for creators) with the objectives of new malware, i.e. generating financial returns for cyber-criminals.

By John Leyden

A prolific new worm has spread to infect more than 3.5m Windows PCs, according to net security firm F-secure. The success of the Conficker (AKA Downadup) worm is explained by its use of multiple attack vectors and new social engineering ruses, designed to hoodwink the unwary into getting infected.

Monday, December 1, 2008

Emails containing a link for an animated holiday card are an early present from malware attackers.

The attack comes from a seemingly innocent picture of an animated Christmas scene from postcards.org that will link people to the malicious file postcard.exe hosted on various servers, ComputerWeekly.com reports.

If a user clicks on the link, it gives the hacker control of the infected computer through a back door and access to various resources. During the installation process of the executable file, an image called xmas.jpeg is displayed in an effort to distract users, according to Websense Labs.

Spotted here