TechBlog

Banking System Vulnerability – 3 million bank accounts hacked in Iran [Updated]

Published: April 17, 2012 Reading Time: 2 min

As I said in the other post, Iran’s Central Bank has announced that the electronic information of 3 million customers of 10 Iranian banks have been compromised. These banks now require their customers to change their ATM pin numbers before they can access their account. This has caused a rush to the ATM machines by the worried customers. The hacker was identified as Khosro Zare’, a former bank-system specialist in Iran who recently left the country. Zare’ claimed in a blog that he hacked the PIN codes to highlight the vulnerability of Iran’s banking system. ...

Continue Reading

Sabpab, new Mac OS X backdoor Trojan horse discovered

Published: April 15, 2012 Reading Time: 1 min

SophosLabs: More malware for the Mac OS X platform has been discovered, hot on the heels of the revelation that some 600,000 Macs had been infected in the Flashback attack. And just like Flashback, the new Trojan doesn’t require any user interaction to infect your Apple Mac. The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet. The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely. ...

Continue Reading

Hacker divulges data on 10 Iranian banks, central bank warns clients [Updated]

Published: April 15, 2012 Reading Time: 2 min

An Iranian hacker published the information about some 3 million debit cards of 10 Iranian banks, including codes and passwords. The information has been published by someone named “Khosrow Zare Farid” who was the manager of a company which operates SHETAB payment network in Iran and produces and installs POS devices. “Around one year ago I found a critical bug in the system. Then I wrote and sent a formal report to all the CEO of banks in Iran but none of them replied to me. Now I decided to publish the information. Governments tried to catch me by Iran Cyber Army but they failed,” he said, according to Kabir News website ...

Continue Reading

Malware blocks booting

Published: April 15, 2012 Reading Time: 1 min

Anti-virus experts at Trend Micro have discovered ransomware which blocks systems from booting. In contrast to the localised trojans, which are widely spread around Europe, it does so by inserting itself into the master boot record (MBR). It then restarts the system and instructs the user to pay a ransom of 920 Ukrainian hryvnia (equivalent to about 90 euros) to the criminals via payment service QIWI. If victims pay up, the criminals send them a code to unlock their computers. Users can, however, save themselves 920 hryvnia by following the experts’ instructions for removing the infection. This essentially consists of running the recovery console from the Windows Installation DVD and restoring the original MBR using the fixmbr command. ...

Continue Reading

Apple releases Java update with Flashback removal tool

Published: April 13, 2012 Reading Time: 2 min

The H-Online: As expected, Apple has released an updated version of the Java implementation for its Mac OS X operating system that includes a removal tool for the Flashback trojan. According to the company, the update, labelled “Java for OS X 2012-003“, finds and removes the “most common variants” of the malware which had infected approximately 600,000 systems using flaws in the previous version of Java. Additionally, the new Java update for Mac OS X 10.7 Lion prevents Java applets from being automatically executed by disabling the Java web plugin by default. Users can re-enable the automatic execution of Java applets via the Java Preferences application (Applications ➤ Utilities ➤ Java Preferences). However, if the plugin detects that Java applets have not been run for “an extended period of time”, it will automatically disable applet support again. ...

Continue Reading

Android malware poses as Angry Birds Space game

Published: April 12, 2012 Reading Time: 1 min

Android malware authors have seized an opportunity to infect unsuspecting smartphone users with the launch of the latest addition to the immensely popular “Angry Birds” series of games. SophosLabs recently encountered malware-infected editions of the “Angry Birds Space” game which have been placed in unofficial Android app stores. The Trojan horse, which Sophos detects as Andr/KongFu-L, appears to be a fully-functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code. ...

Continue Reading

Security vulnerability in NVIDIA's proprietary Linux drivers fixed

Published: April 12, 2012 Reading Time: 1 min

The H-Online: A new version of NVIDIA’s proprietary UNIX graphics drivers for Linux, Solaris and FreeBSD fixes a security vulnerability (CVE-2012-0946) that allowed attackers to read and write arbitrary system memory in order to, for example, obtain root privileges. To take advantage of the vulnerability, an attacker must have access permission for some device files – which, for systems with these drivers, is typically the case for users who can launch a graphical interface as 3D acceleration and some other features cannot be used otherwise. ...

Continue Reading

Microsoft and Adobe to address critical vulnerabilities on Patch Tuesday

Published: April 7, 2012 Reading Time: 1 min

The H-Online: The Tuesday after the Easter weekend, 10 April, is set to be a busy one for system administrators as Microsoft and Adobe have sent out notifications that they will both be issuing fixes for critical vulnerabilities in their products. Microsoft’s April notification says there will be four critical advisories concerning Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Microsoft Server and Developer tools, which all lead to remote code execution. A fifth remote code execution vulnerability in Office is marked as important, as is a sixth information disclosure issue in Microsoft’s Forefront United Access Gateway. The critical bulletins will affect all versions of Windows, from Windows XP SP3 to Windows Server 2008R2. One critical bulletin for Internet Explorer covers IE 6, 7, 8 and 9 ...

Continue Reading

Russian AV company claims 600,000 Macs infected by Flashback [Removal Manual]

Published: April 6, 2012 Reading Time: 2 min

The H-Online: A Russian AV company, Dr. Web, says it has conducted research to determine the spread of the Flashback trojan on systems running Mac OS X and says that 550,000 systems are infected, mostly in the US and Canada. A later update raised that number to 600,000 and claimed 274 infected systems in Cupertino, California. Dr. Web says it employed a sinkhole technique to intercept the bot installed by the newest Flashback trojan, and directed the bots to its own servers where it could analyse the traffic. Each bot includes a unique ID of the machine it has infected in the query string it sends to the command and control server; it is these unique IDs that Dr. Web has used to calculate the infection count. According to its estimates, of the original 550,000 estimate, 56.6% of the systems were in the United States, 19.8% in Canada, 12.8% in the United Kingdom and 6.1% in Australia. ...

Continue Reading

Google Chrome fixes seven high-risk vulnerabilities

Published: April 6, 2012 Reading Time: 2 min

The H-Online: Google has announced updates to the Stable and Beta channels of their Chrome browser, fixing several bugs and twelve security vulnerabilities. Seven of the twelve security fixes were classed as high-risk problems and Google paid a total of $6000 to the researchers who discovered the bugs. The update also includes a new version of the bundled Flash Player. Adobe have revised the Flash Player advisory from the end of March to include fixes for a Chrome/Flash only pair of memory corruption issues listed as CVE-2012-0724 and CVE-2012-0725. Given that these issues only affect Chrome and Chrome manages its own update, it is unlikely that Adobe will be reissuing or updating the advisory or patches for other browsers and platforms. ...

Continue Reading