Turkish FlashPlayer? no! It’s malware

I recently came across the file “FlashPlayer.exe” during the course of regular research. The file had been distributed with the file name FlashPlayer.exe and not surprisingly, when executed, it shows the following GUI, partly written in Turkish: Obviously, it’s disguised as an Adobe Flash Player 11 installer. Here is more info about the file: 1 2 3 4 5 6 7 8 9 10 File Name: FlashPlayer.exe MD5: e2856b1ad6c74c51767cab05bdedc5d1 SHA1: 1ac150ddb964722b6b7c96808763b3e4d0472daf CRC32: a8464606 SHA-256: b5f37cc44365a5a1b240e649ea07bbb17959ceddc3f8b67a793df694a6f03a88 SHA-512: e2d1388bd5feec51227cfa10a5606f7d3bc58f12ea95d688acb5178ff31a156a1092f739e7dd276f4c5368d89c33ed6a15b08ff5df294b9c3647905c1083921d SHA-384: 5d622afcf87e33334a446df5dfd2be7769cab596cc9a121bfd6269bc85ee980f75e1a2d1472f0eb379788845230d883b File Size: 561,152 Version: 2....

March 28, 2013 · 1 min · 98 words · Omid Farhang

NVIDIA hackers publish user data

Late last week, NVIDIA confirmed that the database for its forums web site had been broken into by unauthorized third parties, with data from more than 400,000 registered users affected. A hacker group calling itself “Team Apollo” has now claimed responsibility for the breach which caused NVIDIA to take the site down. As proof, they have published email addresses and password hashes for approximately 800 users from the database on Pastebin, with more, apparently, to follow....

July 16, 2012 · 1 min · 185 words · Omid Farhang

LinkedIn spam, exploits and Zeus: a deadly combination ?

Is this the perfect recipe for a cybercriminal ?: Hacking LinkedIn’s password (and possibly user-) database. Sending an email to all obtained email addresses, which is urging you to check your LinkedIn inbox as soon as possible. A user unawarely clicking on the link. An exploit gets loaded. Malware gets dropped. Malware gets executed. User’s computer is now a zombie (part of a botnet). I would definitely say YES. A reader of my blog contacted me today, he had received an email from LinkedIn which was looking phishy....

June 14, 2012 · 2 min · 300 words · Omid Farhang

On Stuxnet, Duqu and Flame

F-Secure wrote: When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely. Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010....

June 3, 2012 · 2 min · 227 words · Omid Farhang

A technical analysis of Adobe Flash Player CVE-2012-0779 Vulnerability

Microsoft Malware Protection Center wrote: Recently, we’ve seen a few attacks in the wild targeting a patched Adobe Flash Player vulnerability. The vulnerability related to this malware was addressed with a recent patch released by Adobe on May 4th. On the Windows platform, Flash Player and earlier is vulnerable. If you’re using vulnerable version, you need to update your Flash Player now to be protected against these attacks. We had a chance to analyze how the malware (sha1: e32d0545f85ef13ca0d8e24b76a447558614716c) works and here are the interesting details we found during the investigation....

May 25, 2012 · 1 min · 96 words · Omid Farhang

New automated sandbox for Android malware

ISC Diary: One of the things that I’ve been working on lately is building an automated malware analysis environment to handle Android malware similar to the one I built for Windows malware. I’m not quite there yet, but I was quite pleased to here about the new service being offered by the folks at Die Universität Erlangen-Nürnberg. This is still a research project, so if you choose to use it, be understanding....

March 4, 2012 · 1 min · 110 words · Omid Farhang

Opfake scam targets iPhone users

Symantec Connect: The Opfake gang has been targeting Android mobile devices, as well as Symbian, but that does not mean they are limiting their targets to these platforms. Where there is money to be made, they are willing to invest time and resources. This includes scams designed for iPhone users. We have come across a couple of Opfake websites that, while hosting malicious apps that Symantec detects as Android.Opfake, are also designed to perform social engineering attacks on iPhone users....

March 2, 2012 · 1 min · 177 words · Omid Farhang

LibreOffice, Really?! Really?!

I’ve been reading from Mozilla Blog and I liked it and agree with that, so I share it with you: I read an article on the Web somewhere that there was a new LibreOffice version. It’s been several years since I gave OpenOffice a try and I’ve been interested to see what OpenOffice had evolved into, so I thought, “Hey, maybe they’ve improved some. I’ll install it and see.” Here is what happened....

February 15, 2012 · 1 min · 77 words · Omid Farhang

Microsoft to send users 4 critical patches on Valentine's Day

The Register: Microsoft plans to publish nine updates next Tuesday – four of which are critical – as part of a Valentine’s Day edition of its Patch Tuesday update cycle. Highlights of the batch, which collectively address 21 vulnerabilities, include a critical update for Internet Explorer. There are also two critical fixes for Windows itself, plus one for Microsoft’s .NET framework. Three the five remaining “important” fixes grapple with remote code execution-type vulnerabilities, one of which involves Office....

February 12, 2012 · 2 min · 345 words · Omid Farhang

Top 10 Downloads That Enhance Windows’ Built-In Tools

LifeHacker: Windows has a ton of great utilities, and while we can’t live without some of them, there’s a special place in our heart for programs that merely improve Windows, rather than adding new software. Here are our top 10 apps that take Windows’ built-in tools and make them better. Continue reading it here: http://lifehacker.com/5884261/top-10-downloads-that-enhance-windows-built+in-tools

February 12, 2012 · 1 min · 55 words · Omid Farhang