Linux Malware targets WordPress and common Plugins

Doctor Web has discovered a malicious Linux program that hacks websites based on a WordPress CMS. It exploits 30 vulnerabilities in a number of plugins and themes for this platform. If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted webpages are injected with malicious JavaScripts. As a result, when users click on any area of an attacked page, they are redirected to other sites. What they can do?...

January 15, 2023 路 2 min 路 337 words

Cross-platform botnet targets SSH-enabled devices

Microsoft researchers found a cross-platform botnet that originates from malicious software downloads on Windows devices & succeeds in propagating to a variety of Linux-based devices by enumerating default credentials on internet-exposed SSH-enabled devices. Microsoft researchers observed that the initial infection points related to the botnet were devices infected through the installation of malicious cracking tools that purport to acquire illegal Windows licenses. The cracking tools contain additional code that downloads and launches a fake version of svchost....

December 12, 2022 路 1 min 路 109 words

The FBI is willing to pay top dollar to download some malware

The Federal Bureau of Investigation is willing to pay top dollar for the malicious, infectious software the rest of us pay to keep out of our computers, according to the Federal Business Opportunities website. A Monday price quote request by the Investigative Analysis Unit of the agency鈥檚 Operational Technology Division is asking computer security developers and retailers to help the agency build a library of malware for an undisclosed reason, letting the companies name their price....

February 7, 2014 路 2 min 路 253 words

Boston Marathon Bombing Links May Hide Java-Based Exploits

PCMag: My social media accounts and email inbox are full of links to stories about the horrific incident in Boston earlier this week. I am reading about the victims, the bystanders and first responders that rushed to help, and looking for updates on the investigation. It turns out I should be careful about what links I click on, as cyber-criminals have already started exploiting the tragedy for their own nefarious purposes, security experts told SecurityWatch....

April 17, 2013 路 3 min 路 629 words

Russian malware spies on US ATMs

Security firm Group-IB has identified a malware program called Dump Memory Grabber that can take debit and credit card data from point-of-sale (POS) terminals and ATMs. The researchers say that the program has already been used to steal data from clients of US banks including Chase, Capital One, Citibank, and Union Bank N.A. as well as from clients with Nordstrom-branded cards. SecurityWeek reports the author of Dump Memory Grabber has put a video online to teach other hackers how it works....

March 31, 2013 路 2 min 路 327 words

Backdoor Uses Evernote as Command-and-Control Server

With its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals鈥 tracks. We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. The malware attempts to connect to Evernote via https://evernote.com/intl/zh-cn, which is a legitimate URL. The sample we gathered consists of an executable file, which drops a ....

March 29, 2013 路 1 min 路 98 words

Turkish FlashPlayer? no! It鈥檚 malware

I recently came across the file 鈥淔lashPlayer.exe鈥 during the course of regular research. The file had been distributed with the file name FlashPlayer.exe and not surprisingly, when executed, it shows the following GUI, partly written in Turkish: Obviously, it鈥檚 disguised as an Adobe Flash Player 11 installer. Here is more info about the file: 1 2 3 4 5 6 7 8 9 10 File Name: FlashPlayer.exe MD5: e2856b1ad6c74c51767cab05bdedc5d1 SHA1: 1ac150ddb964722b6b7c96808763b3e4d0472daf CRC32: a8464606 SHA-256: b5f37cc44365a5a1b240e649ea07bbb17959ceddc3f8b67a793df694a6f03a88 SHA-512: e2d1388bd5feec51227cfa10a5606f7d3bc58f12ea95d688acb5178ff31a156a1092f739e7dd276f4c5368d89c33ed6a15b08ff5df294b9c3647905c1083921d SHA-384: 5d622afcf87e33334a446df5dfd2be7769cab596cc9a121bfd6269bc85ee980f75e1a2d1472f0eb379788845230d883b File Size: 561,152 Version: 2....

March 28, 2013 路 1 min 路 98 words

Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon

Cross-posted from WIRED. As Iran met in Kazakhstan this week with members of the UN Security Council to discuss its nuclear program, researchers announced that a new variant of the sophisticated cyberweapon known as Stuxnet had been found, which predates other known versions of the malicious code that were reportedly unleashed by the U.S. and Israel several years ago in an attempt to sabotage Iran鈥檚 nuclear program. The new variant was designed for a different kind of attack against centrifuges used in Iran鈥檚 uranium enrichment program than later versions that were released, according to Symantec, the U....

February 27, 2013 路 10 min 路 2091 words

Dorkbot worm lurks on Skype and MSN Messenger again

The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet. The vicious circle starts with potential victims receiving a direct message from a contact, asking 鈥淟OL is this your new profile pic? http://goo.gl/[removed]鈥. Those who follow the link land on a malicious site and are infected with the worm. Apart from being able to send out the aforementioned message to further potential victims, the malware is also capable of opening a backdoor into the infected system, downloading more malicious software, spamming, reaching out to its C&C server, downloading a new version of itself, and other malicious activities....

February 11, 2013 路 2 min 路 222 words

Narilam Worm manipulates databases in Iran

h-Online: Security firm Symantec has discovered a specialised worm called W32.Narilam that can compromise SQL databases. Symantec reports that the malware 鈥渟peaks鈥 Persian and Arabic and appears to target mainly companies in Iran. Narilam is, therefore, reminiscent of Stuxnet and its variants. Narilam spreads via USB flash drives and network shares. Once inside the system, the worm searches for SQL databases that are accessible via the Object Linking and Embedding Database (OLEDB) API....

November 24, 2012 路 2 min 路 238 words