Malware

Avira TechBlog Wrote: Microsoft released Security Advisory 2718704 which revokes some certificated which apparently were used to sign the trojan Flame__. In a blog post, Microsoft explains how they discovered that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. The certificates issued by the Terminal Services licensing certification authority, which are intended to only be used for license server verification, were also used to sign code and make it look like as if it was originated from Microsoft. ...

This is an old story back from September, 2011, but since recently I’ve seen users complaining about this, I want to share it again [Credit to NakedSecurity, SophoLabs]: You may have received an automated call from a user who claim to be from Skype or somewhere which says: Attention: this is an automated computer system alert. Your computer protection service is not active. To activate computer protection, and repair your computer, go to [LINK] ...

F-Secure wrote: When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely. Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010. ...

Copied from H-Online: Source The spyware worm Flame is being billed as a “deadly cyber weapon”, but a calmer analysis reveals it to be a tool by professionals for professionals that doesn’t actually have that many new features compared to, say, the widespread online-banking trojan Zeus. What is Flame? Flame is the code name for a spyware program that is built to be very modular and which is also known as Flamer and sKyWIper. Flame was just recently discovered, and it will be some time before all of its components are analyzed. Anti-virus software companies estimate that Flame has infected about 1,000 computers, mostly in the Middle East. ...

Symantec Connect: The number of different components in W32.Flamer is difficult to grasp. The threat is a well designed platform including, among other things, a Web server, a database server, and secure shell communications. It includes a scripting interpreter which allows the attackers to easily deploy updated functionality through various scripts. These scripts are split up into ‘apps’ and the attackers even appear to have something equivalent to an ‘app store’ from where they can retrieve new apps containing malicious functionality. ...

Naked Security wrote: The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted malware attack attacking the country, which has been dubbed Flame (also known as Flamer or Skywiper). In a statement, researchers say that they believe the malware is “a close relation” to Stuxnet, and claim that Flame is not detected by any of 43 anti-virus products it tested against, but that detection was issued to select Iranian organizations and companies at the beginning of May. ...

Microsoft Malware Protection Center wrote: Recently, we’ve seen a few attacks in the wild targeting a patched Adobe Flash Player vulnerability. The vulnerability related to this malware was addressed with a recent patch released by Adobe on May 4th. On the Windows platform, Flash Player 11.2.202.233 and earlier is vulnerable. If you’re using vulnerable version, you need to update your Flash Player now to be protected against these attacks. We had a chance to analyze how the malware (sha1: e32d0545f85ef13ca0d8e24b76a447558614716c) works and here are the interesting details we found during the investigation. ...

H-Online: A new type of phishing strategy, which aims to trick unsuspecting users into installing a trojan by pretending to be an account cancellation request from Facebook, has been discovered by Sophos. The email messages link to a third party application on the site that will install a Java applet and then prompt the user to update their Flash player, but will actually deliver the trojan malware. ...

Corss-posted from ZDNet: Summary: Cyber criminals have created a fake Biophilla app for Android that is really just malware in disguise. Your first red flag should be that Biophilla is officially available on iOS, but not on Android. During April alone, we’ve already seen malicious versions of Angry Birds Space and Instagram in the wild. Both are Android apps that are really just malware designed to generate money from unsuspecting users by sending expensive international text messages. Now the same is happening with the popular Biophilla app. ...

Cnet: Forrester’s CEO isn’t the only one spouting doom and gloom for Apple today. Now Eugene Kaspersky, the CEO of security firm Kaspersky Lab, says Apple is headed for a rough patch. However, this one’s in the world of computer security, and he says Apple is already getting into the thick of it. Speaking to Computer Business Review at Info Security 2012 show in London this week, Kaspersky said that when it comes to computer security, Apple’s Mac platform was a decade behind Microsoft‘s, and that it’s got some things to learn from its rival. ...