Tag Archive | "spyware"

Tags: , , , ,

Ramnit Botnet Extends Infection Reach To Over 28 Countries and 500,000 Computers

Posted on 11 March 2015 by GranTorinoGuy

The Ramnit malware threat, which has recently evolved into a dangerous botnet, is extending its presence across the world infecting hundreds of thousands of computers. The systems infected with Ramnit may be used to exploit online banking accounts, much like how other well-known botnets have done in the past.

Among many of the banking theft botnets, Ramnit is a bit late to the game getting its start in 2010, then recognized as a computer worm threat. Now, after an update through as many as two command and control servers, Ramnit has the ability to shut down security applications including all security components of Windows.

The expansion of Ramnit tends to lead experts down a path where such an infection may reach over a million computers before it is stopped in its tracks. Because of the unsurpassed sophistication of Ramnit, it has an upper hand to evade tracking and detection.

Dynamic IPs used by Ramnit on infected systems makes it difficult to track them down. Additionally, in the past six months Microsoft researchers have seen more than 500,000 systems become infected making the growth rate of Ramnit rather alarming.

The vast spread of Ramnit has reached more than 28 countries, and that number is bound to go up. Among those 28 countries, the most compromised systems reside in Indonesia with about 90,925 in total accounting for 26.27% according to Symantec’s data in recording this infection thus far. India is second in line with 80,144 infections at a 23.16% rate with Vietnam at 37,708 and a 10.03% rate with Algeria at 5.73% and Thailand at 4.84% completing the top 5 locations.

Other regions of the world account for 23 countries where Ramnit has reached, including the UK Egypt, Philippines, Saudi Arabia, Pakistan, Iran, Azerbaijan, Morocco, Nepal, Nigeria, Malaysia, Romania, Yemen, Russian Federation, Turkey, Mexico, China, Brazil, Myanmar, Palestinian Territory, and Mongolia.

From the extensive list of countries showing no rhyme or reason for the locations, Ramnit’s operators have no desire to focus in on a specific target location. However, it may be prudent to mention that attackers behind sophisticated botnets like Ramnit may exploit systems that prove to be more vulnerable than others, which could lead them down a path to virtually any location in the world.

Popularity: 13%

Comments (0)

Tags: , , , ,

Over 60% of Malware Analysts Report Investigations of Undisclosed Security Breaches

Posted on 22 November 2013 by GranTorinoGuy

Security breaches are almost a common expected thing to take place in today’s massively technology-intrigued world. In a new ThreatTrack Security study, it was revealed that security breaches are occurring at a much higher rate than initially reported by many security researchers.

ThreatTrack has found that about 6 out of 10 of US-based malware analysts interviewed about security breaches failed to disclose breach incidents that their own company experienced in the past. This very detail, had led to further investigations uncovering IT security works as the main problem when it come to protecting their company against attacks.

In about 35% of cases where security breaches occur, the security professionals or staff responsible for securing the attacked network was the ones initially responsible for clicking on a malicious link in shady emails or mobile apps.

ThreatTrack CEO Julian Waits Sr said, “While it is discouraging that so many malware analysts are aware of security breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring. Every day, malware becomes more sophisticated, and US enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments.” Basically, the study has revealed the idea that malware analysts are aware of the threats they face, but many of them may fail to report their inability to fight the given cyber-attacks. Additionally, they will commonly point out their lack of proper resources and tools to protect their own company from attacks.

About 40% of the 200 professionals taking part in the survey, originally conducted by Opinion Matters on behalf of ThreatTrack Security, are deemed as the main culprit in cyber-attacks against their own company. By knowing this bit of information, the rates and numbers of security breaches actually reported is totally skewed in the broad scope of finding out how many security breaches actually take place. Essentially, it makes everyone’s job a little more difficult, but the attackers are basking in their glory in knowing how they can take advantage of some companies.

Bottom line is that over 60% of security researchers are now reporting cases of undisclosed breaches from surveys and simple inquiries among US-based companies who have at one time been suspected to be a vulnerable asset in a security breach. That is rather scary in the full scope of things when you consider some of these companies may harbor your personal information or banking data.

Popularity: 19%

Comments (0)

Tags: , , ,

Rogue Anti-Spyware Application ‘Security Tool’ Spreading Through Fake ‘Warning’ Pop-up Alerts

Posted on 19 September 2010 by GranTorinoGuy

spyware-malware-bug-removalHave you ever been alerted through a pop-up notification that some type of application has detected a Virus on your computer but the message did not come from your normal anti-virus or anti-spyware software?

A fake security application called ‘Security Tool’ has been reported to display annoying and false ‘Security Tool Warning’ messages in an effort to convince computer users that they must purchase the full ‘Security Tool’ program.

Security Tool is a rogue anti-spyware program or in other words, a fake anti-spyware program that mimics a legitimate one only to extort money from computer users. Over the past few weeks Security Tool has been known to display a specific fake pop-up error message. The error pop-up message reads:

Security Tool Warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs. Click here to remove it immediately with Security Tool
Security Tool Warning
Security Tool has detected harmful software in your system. We strongly recommend you to register Security Tool to remove these threats immediately.

The message above can be rather convincing to an unsuspecting computer user. Someone who is not familiar with the way rogue anti-spyware applications function could very well click on this notification and unintentionally install or run additional malware threats on their system. The Spyware.IEMonster parasite mentioned in the message above is a legitimate computer infection but in reality it is not the threat that is being detected. The message is completely fabricated.

It is a common tactic for rogue anti-spyware programs to utilize these fake warning messages to get computer users to either download and install malware or to purchase a bogus security program. In the case of Security Tool’s message above, it is known to be a scam that if clicked on will redirect the computer user to a bogus web site that asks the user to enter personal information along with a credit card to purchase the full version of Security Tool. The full version of Security Tool, unfortunately, does not detect or remove parasites as it says it will. Matter of fact, no rogue anti-spyware programs is able to detect or remove parasites. The creators of such applications program to make you think that they will ‘solve’ your parasite infection issues.

What we have learned from Security Tool so far is that it will repeatedly display the bogus warning message above until action is taken to completely remove Security Tool from the computer. Computer users must also realize that purchasing Security Tool will NOT solve any computer security issues at hand nor will it stop displaying the annoying warning message. The messages’ intent is to only sell and spread the fake security program Security Tool.

Popularity: 14%

Comments (0)

Tags: , , , , , , ,

Spam and Cybercrime Attacks on Twitter and Facebook Have Tripled in 2009

Posted on 02 February 2010 by SlimboCA

Malware, spam and spyware attacks are on the rise on social networks such as Twitter, MySpace, Facebook and LinkedIn.

In the last year, 57 percent of users report they have been spammed via social networking sites, an increase of 70.6 percent compared to last year. Furthermore, 36 percent of users claim they’ve been sent spyware via social networking sites, which is a rise of 69.8 percent from last year.

On the other hand, CEOs of companies are concerned that their employees’ usage of social networks is posing a security risk for their company. Sophos has surveyed more than 500 organizations, discovering that 72 percent of them think social networks are a danger for their companies, with 60 percent of them tagging Facebook as the biggest security risk, followed by MySpace, Twitter and LinkedIn.

Facebook is the biggest threat because it’s the biggest social network out there, but some of the blame can be placed on Facebook’s own privacy rules. When Facebook rolled-out its new recommended privacy settings late last year, it was seen largely a backwards step, encouraging many users to share their information with everybody on the Internet.

Cyber-criminals are now also selling hacked usernames and passwords online to make hundreds of dollars. One Twitter account was offered at $1 000 in an underground hacker forum.

Hackers have maliciously been creating Internet data-stealing spyware since 2005. Now it’s becoming a growing problem on the Internet as these programs become more sophisticated. Some corrupt programs seek banking passwords, others hunt for online gaming credentials. But according to online security experts, the fastest-growing data stealers are generic spying programs which steal as much information as possible from their victims.

Cybercrooks are starting to realize that they can do more than simply swipe credit card numbers. In 2009 about 70,000 of these programs were identified, twice as many as the year before, and almost three times the number of banking password stealing programs.

Gmail accounts have been compromised and are put up for sale on Russian hacker forums, asking price 2500 rubles, or $82. RapidShare accounts going for $5 per month, as well as Skype, instant messaging and Facebook credentials being offered. The prices vary depending on the one who owns the account and the number of followers the person has. Attackers usually look for a trusted stepping stone from which to send malicious Twitter messages and infect more machines. A Twitter account, with just over 320 followers, has been offered at $1,000 in an underground hacker forum. Compared to MSN accounts, which have been seen priced at €1 (USD$1.40), the price for Twitter accounts is really high.

When the value of stolen credit cards and other types of credentials are added up, hackers can easily take in $1,000 worth of data after hacking just one computer.

Popularity: 26%

Comments (0)