protect Malware attack | Breaking Cybersecurity News | The Hacker News

It sounds like an air traveler's nightmare, Researchers at Trusteer recently uncovered a variant of the Citadel Trojan targeting the virtual private network (VPN) credentials used by employees at a major airport.The firm would not disclose the name of the airport because the situation is being investigated by law enforcement. Many businesses use VPNs to provide outside workers with access to secure data. Incursions on these networks often involve advanced "Man in the Browser" malware such as the Citadel, Zeus, and SpyEye programs. The man-in-the-browser (MITB) assault first used form-grabbing malware, which steals data entered into web forms before it is passed over the internet, to steal the airport employees' VPN usernames and passwords, Amit Klein, Trusteer's chief technology officer, said in a blog post. "This was potentially very dangerous, but we don't know whether the attacker group was targeting the financial system of the airport for economic gain or if the attack wa

The Biggest Hacking Mania has arrived - ' The Hackers Conference 2012 '.  In this first of its kind conference in India, Blackhat hackers drawn from around the world will demonstrate how they access a victim's personal information, and even confidential data available on the Android cell phone. The conference will be held on July 29 at the India Habitat Centre in New Delhi. The use of Linux as an operating system is increasing rapidly, thanks partly topopular distributions such as 'RedHat' and 'Suse'. So far, there are very few Linuxfile infectors and they do not pose a big threat yet. However, with more desktopsrunning Linux, and probably more Linux viruses, the Linux virus situation couldbecome a bigger problem. 17 years old hacker, Aneesh Dogra will talk on " How to make a Linux ELF Virus (That works on your latest linux distribution) " at ' The Hackers Conference 2012 ' . Linux or Unix has the reputation of being "not so buggy", and of be

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and requires users to approve a Java applet installation. It detects if you're running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 186.87.69.249. Karmina Aquino, a senior analyst with F-Secure said " All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively ." On upcoming 29th July 2012 Security Researchers  Sina Hatef Matbue and Arash Shirk

Zemra Botnet Leaked, Cyber Criminals performing DDoS Attacks The Zemra DDoS Bot is currently sold in various forums for about 100 € and detected by Symantec as Backdoor.Zemra . Zemra first appeared on underground forums in May 2012. This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server. Zemra uses a simple panel with an overview of all statistics is needed.With the help of two graphs can be seen operating machinery and the region location.In addition, statistics on online and for more information. You have a chance to see everything online Socks5 and export them to the list.Traffic is encrypted and protected using the algorithm AES, each client communicates with a unique generated key. Note : In " Tools Yard " we have Posted Zemra Source Code , Only for Educational Purpose. A brief functional: • Intuitive control panel • DDos (HTTP / SYN Flood / UDP) • Loader (Load and ru

Apple : 0 | Flashback trojan : 1 , Apple admits malware defeat Apple has quietly removed a statement from its website that the Mac operating system isn't susceptible to viruses. Apple released a patch to a Java vulnerability that lead to the infection of roughly 600,000 Macs with the Flashback Trojan earlier this year, there were claims weeks later from security researchers that hundreds of thousands of Macs were still infected. Apple is one of the single software companies that hasn't really faced the problem of viruses, for years claiming their operating system is the most secure among all. The specific language about the operating system, " It doesn't get PC viruses " was replaced with " It's built to be safe. " But now, Apple may be taking security threats more seriously. Apple is introducing a new app security measure called Gatekeeper in the upcoming release of Mountain Lion, the latest version of Mac OS X. The majority of malware might still be floating around in th

Russian Botnet Hacker arrested for hacking into six million computers Police have detained a 22-year-old hacker who created a system of networked computers that was used to steal more than 150 million rubles ($4.47 million) from people's bank accounts and already one of the most wanted hacker in the world. But now, "Hermes" is, has been tapped over six million computers and earns around 5 million francs, was caught in Russia. The network infected around six million computers with a Trojan virus, which helped get access to users' bank accounts.  A bout the Trojans secretly installed, he had arranged illegal money transfers, said the interior ministry in Moscow on Friday. Police from Division K, the cybercrime branch of the Interior Ministry, searched the hacker's place of residence, confiscating computers and arresting the suspect. The statement did not specify when the arrest was made.The botnet built by the hacker included around 6 million computers from reg

Trojan.Milicenso - Printer Trojan cause massive printing A Trojan that sends printers crazy, making them print pages of garbled nonsense until all the paper has been used up, has seen a spike in activity.Symantec detected the Trojan.Milicenso across various countries, but the worst hit regions were the US and India followed by regions in South America and Europe, including the UK. According to a blog post published Thursday by researchers from antivirus provider Symantec, Dubbed " Trojan.Milicenso " it has been described by security researchers as a malware delivery vehicle "for hire" through its repeated use since it was first discovered in 2010. The Milicenso Trojan is actually a backdoor that is used to deliver other malware on the affected machines. The infection vectors are links and malicious attachments in unsolicited emails, as well as websites hosting malicious scripts that trigger the download of the Trojan. " Depending on the configuration, any files, including binary

Hacker charged for hacking into U.S. Energy Department Andrew James Miller, a 23-year-old resident of Devon, Pennsylvania, was arrested on Thursday and charged with one count of conspiracy, two counts of computer fraud, and one count of access device fraud, according to a statement issued by the Justice Department's Criminal Division. According to the indictment, between 2008 and 2011, Miller and others allegedly remotely hacked into computer networks belonging to RNK Telecommunications Inc., a Massachusetts company; Crispin Porter and Bogusky Inc., a Colorado advertising agency; the University of Massachusetts; the U.S. Department of Energy; and other institutions and companies. The indictment alleges that when Miller hacked into the computers, he obtained other users' access credentials to the compromised computers. He and his co-conspirators then allegedly sold access to these computer networks as well as other access credentials. After gaining unauthorized access to these

Researchers bypass Google Bouncer Android Security Google's Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company earlier this year introduced the Bouncer system to look for malicious apps in the Google Play market. Bouncer, which checks for malicious apps and known malware, is a good first step, but as new work from researchers Jon Oberheide and Charlie Miller shows, it can be bypassed quite easily and in ways that will be difficult for Google to address in the long term. Bouncer is an automated process that scans apps for known malware, spyware, and Trojans, and looks for suspicious behaviors and compares them against previously analyzed apps. If malicious code or behavior is detected, the app is flagged for manual confirmation that it is malware. " This screencast shows our submitted app handing us a connect-back shell on the Bouncer infrastructure so that we can explore and fingerprint its envir

Zeus 2.x variant includes ransomware features Cybercriminals are getting more sophisticated, as reports are coming in that hacker coders have successfully merged a ransom trojan with a Zeus malware successor called Citadel . A notorious malware platform targeting financial information has added a new trick to its portfolio a digital version of hijack and ransom. F-Secure researchers have recently spotted a new Zeus 2.x variant that includes a ransomware feature. Basically a customised version of Zeus, the malware aims to provide better support for its offshoot of the Zeus code base, whilst at the same time allowing clients to vote on feature requests and code their own modules for the crimeware platform. Net-security explains the working of this Zeus 2.x variant,that Once this particular piece of malware is executed, it first opens Internet Explorer and points it towards a specific URL : lex.creativesandboxs.com/locker/lock.php. Simultaneously, the users are blocked from doing an

Human Rights organisation website Serves Gh0st RAT Trojan According to the company's Security Labs blog , Amnesty International's United Kingdom website was compromised and hosting the potent Gh0st RAT Trojan earlier this week. Malicious Java code was planted on the site in a bid to push the Gh0st RAT Trojan onto vulnerable Windows machines. If successful, the attack plants malware onto machines that is capable of extracting the user's files, email, passwords and other sensitive personal information. The vulnerability for the infection stemmed from a popular Java exploit, CVE-2012-050. Hackers exploited that hole and used it to inject the Amnesty International site's script with malicious code. The Java hole was the same used by Flashback, the much buzzed-about Mac OS X Trojan in recent months. The exploit code used in this attack appears to have been copied from Metasploit, an open source penetration testing framework popular among security professionals, Giuliani said. The i

Android Malware and Corporate Networks Security A new Android Trojan dubbed " NotCompatible " is being spread through compromised Web sites. This may directly affect Android tablets and smartphones, along with being a potential risk hazard to corporate networks and their security. Kevin Mahaffrey is co-founder and CTO of a San Francisco based firm called Lookout Security. The main focus of the company is Android and during their investigations it was found there was a new malware out there. Called " NotCompatible " the Android malware is, according to Mahaffrey, a risk to corporate networks. According to their report, a hacked Web site would contain a hidden iFrame at the bottom of the page. When the Android browser loads the page, it will attempt to load the file in the hidden iFrame. Upon loading the file, the browser would transfer control to the app loader, which would display an application installation screen, with the header com.Security.Update. An unsuspecting us

Flashback malware Creater earning $10,000 per day from Google Ads In a recent analysis of the business model behind the Flashback Trojan, Symantec security researchers reported that the main objective of the malware is revenue generation through an ad-clicking component. Security researchers at Symantec are estimating that the cyber-crimibals behind the Flashback Mac OS X botnet may have raked in about $10,000 a day. Dr. Web, the Russian security firm that firm discovered the massive Flashback botnet last month, has provided new data on the number of Macs still infected with the software. The results show that while close to 460,000 machines remain infected, the botnet is shrinking at a rate of close to a hundred thousand machines a week as Mac users get around to downloading Apple's tool for disinfecting their machines or installing antivirus. when an infected user conducts a Google search, Google will return its normal search results. Flashback waits for someone to click on an a

New Flashback malware variant found in the wild A new Flashback Trojan has been discovered that infects Macs without prompting the user for a password. If you haven't updated Java on your Mac, or disabled it entirely, you could be a victim. The new variant  dubbed Flashback.S  is actively being distributed in the wild, taking advantage of a Java vulnerability that Apple has already patched. Flashback.S drops two files in the user's home folder, then deletes cached Java files to avoid detection. However, the researchers did not indicate what this new variant was specifically designed to do or how many computers might be infected. At its height, the original Flashback, which was designed to grab passwords and other information from users through their web browser and other applications, was estimated to be infecting more than 600,000 Macs . After analyzing 100,000 Macs running the firm's free anti-virus software program, Sophos discovered several Apple computers carrying Wi

TapLogger Android Trojan cab Determine Tapped Keys Today's smartphones are shipp ed with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user's private information as they allow third party applications to monitor the motion changes of smart phones. A team of researchers from Pennsylvania State University (PSU) and IBM have devised an Android-based Trojan that can use a handset's onboard movement sensors to crack passwords. The team created an experimental app called TapLogger , which is based on the premise that when you tap on your touch screen, you're not just interacting with the screen, but moving the entire device. So if you hit a button in the upper right corner, your phone will actually move in that direction slightly, and that subtle movement is then read by the accele

Specialized Trojan can stealing credit card details from hotel The next time you check in to a hotel, a cybercriminal could be checking you out. A remote access computer Trojan (RAT) designed to steal credit card details from hotel point-of-sale (PoS) applications is being sold on the underground forums, according to researchers from security firm Trusteer. Trusteer, the world's leading provider of secure web access services, detected these schemes and says hotel poaching is a virile trade in underground and tech forums. Attack codes can be purchased in Visa underground forums for $280 and the spyware cannot be detected by anti-virus software. The package even includes a manual loaded with tips on how the poacher can trick the desk clerk into loading the spyware for them. Malware writers often repackage their malicious installers with new algorithms in order to evade signature-based antivirus detection, said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefende

Android Video Malware found in Japanese Google Play Store A new Trojan has been found, and removed, from the Google Play/Android Market, McAfee reported on Friday afternoon. The post says applications carrying the Trojan promise, and in some cases deliver, trailers for upcoming video games or anime or adult-oriented clips, but they also request "read contact data" and "read phone state and identity" permissions before being downloaded. McAfee Mobile Security detects these threats as Android/DougaLeaker .A, the company said.McAfee said that the fifteen malicious applications of this sort had been found on Google Play, and that all had been removed from the market. The app gathers the Android ID not the IMEI code that can uniquely identify the device, but the 64-bit number that is randomly generated on the device's first boot and remains with it for the life of the device. The app also harvests the phone's phone number and contact list, along with every n

Sabpab - Another Mac os Backdoor Trojan Discovered Security firm Sophos has discovered more malware for the Mac OS X platform called Sabpab . It uses the same Java vulnerability as Flashback to install itself as a "drive-by download." Users of older versions of Java now have still more malware to worry about. It also doesn't require any user interaction to infect a system either just like Flashback all that needs to happen is for you to visit an infected webpage. Sabpab, according to Sophos, installs a backdoor that allows the hackers to capture screen snapshots, upload or download files and execute commands on infected Macs remotely. The Trojan creates the files /Users/ /Library/Preferences/com.apple.PubSabAgent.pfile /Users/ /Library/LaunchAgents/com.apple.PubSabAGent.plist Encrypted logs are sent back to the control server, so the hackers can monitor activity. Although one variant of Flashback installed a file in the LaunchAgents folder, not all tools for detecting Fla

Legacy Native Malware in Angry Birds Space to pwn your Android A new malware threatens phones and tablets running Google's OS by hiding inside a copy of the popular game. Researchers at the mobile security firm Lookout identified the reworked malware as Legacy Native (LeNa), which poses as a legitimate app to gain unauthorized privileges on Android phones.  Under the appearance of a legitimate application, LeNa tricked users into allowing it access to information. " By employing an exploit, this new variant of LeNa does not depend on user interaction to gain root access to a device. This extends its impact to users of devices not patched against this vulnerability (versions prior to 2.3.4 that do not otherwise have a back-ported patch), " Lookout said in a blog post. In March, another Trojan appeared pretending to be legitimate Chinese game, The Roar of the Pharaoh . The malicious app appeared on the Google Play store, stealing users' data and money by sending S

More than 600000 Macs system infected with Flashback Botnet The computer security industry is buzzing with warnings that more than half a million Macintosh computers may have been infected with a virus targeting Apple machines. Dr. Web originally reported Wednesday that 550,000 Macintosh computers were infected by the growing Mac botnet. But later in the day, Dr. Web malware analyst Sorokin Ivan announced on Twitter that the number of Macs infected with Flashback had increased to 600,000, with 274 of those based in Cupertino, Calif. Dr. Web explained that a system gets infected with the Mac Flashback trojan " after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system ." A specific JavaScript code on the site that contains the virus is then used to load a Java applet, which is how the malware makes its way onto a user's computer. This Trojan spreads via infected web pages and exploits Java vulnerabilities that have be