Our Security Blog with topical news and information will keep you in the know.
Microsoft and Adobe have released important security patches that correct vulnerabilities (i.e., programming mistakes) that could be exploited to do serious harm to an individual or organization. There are no known exploits of the Adobe vulnerability but the Microsoft ones are sure to be exploited. (more…)
Facebook users are receiving emails that pretend to from Facebook informing them that their password has been changed. They are asked to open the email attachment to see their new password. Opening the attached zip file results in their computers becoming silently malware infested and part of a Botnet. Traditional anti-virus/spyware protection will NOT stop these attacks, but new types of security software would.
“Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document”
Security vendor Websense reports they have observed over 350,000 of these email messages (spear phishing attacks). Its only a matter of time until the millions of other Facebook users receive one.
As of 27 October 2009, only 14 out of 41 anti-virus/spyware products detected this attack (per Virus Total, reported by MX Lab).
When Facebook users open the email attachment, short-lived malware connects to two servers and downloads additional files (Pushdo, also known as Cutwail). Once Pushdo is installed and running, it sends out more of these email spear phishing attacks to other Facebook users. This Trojan is also known as a new Bredolab variant.
This is a clever piece of malware. It tries to elude security researchers and personal firewalls that restrict outbound PC communications by injecting its own code into a legitimate process svchost.exe and explorer.exe. If it detects virtualization or honeypot characteristics within a host, it goes dormant to thwart the AV vendor consortium from quickly generating detection signatures.
The Trojan creates several files (%AppData%\wiaservg.log, %windir%\temp\wpv861256600826.exe, and %Programs%\Startup\isqsys32.exe. It also launches two processes: a svchost.exe and something called isqsys32.exe.
What does this malware do once successfully installed? Whatever it wants! It may steal money from your online bank account or just silently operate as part of a Botnet. The Botnet operators can remotely tell it to do what they want at a later time.
Consumer and Enterprise Computers Are at Risk
With Facebook users routinely accessing it from their work computers, they are placing their employer at risk.
Effective Protection from these Facebook Zero Day Trojan Attacks
Consumers with AppGuard, and organizations with either AppGuard Enterprise or EdgeGuard deployed, are protected from these attacks. They should already have “drive-by download protection” enabled as well as have their email software guarded.
Related Articles
Botnets Inside the Gates, Every PC Must Defend Itself
Employee Owned Computers are Data Leak Risks to Employers
Business Protection from AntiVirus-Failure Caused Fraudulent Bank Transfer Losses
Todays Spear Phishing Attacks Can Wipe Out Small Businesses in One Click
Secunia Casts More Doubt on Signature-based-Only Anti-Malware Defense
Its not just sordid websites, any legitimate website may be infecting visiting computers. Over 640,000 websites consisting of over six million web pages have been quietly hacked to dish out attack code to visitors. And, these are ONLY the detected ones. The actual number is undoubtedly much higher. (more…)
Organizations that fail to account for endpoint security in their shift to cloud computing will increase their data leak risks. When web browsers and malware infected computers accessing cloud computing services leak confidential information with little to no indication of data loss, the economic benefits of cloud computing and the security benefits of using common applications (Kerckchoffs’ Principle) unwind. (more…)
Look around at all of the different computers in an organization. Any one of them may be part of a Botnet, systematically stealing information and discretely infecting others as needed, and only when needed. A different class of Botnet targets the enterprise, some call it the mini-Botnet. Compared to the well known monster BotNets, the mini-Botnet is quiet, meticulous, and better hidden. They’re designed to harvest insider information and intellectual property for months and years. And research suggests, Botnet infected PCs remain so for years. (more…)
