Review

Cross-posted from WIRED. As Iran met in Kazakhstan this week with members of the UN Security Council to discuss its nuclear program, researchers announced that a new variant of the sophisticated cyberweapon known as Stuxnet had been found, which predates other known versions of the malicious code that were reportedly unleashed by the U.S. and Israel several years ago in an attempt to sabotage Iran’s nuclear program. The new variant was designed for a different kind of attack against centrifuges used in Iran’s uranium enrichment program than later versions that were released, according to Symantec, the U.S-based computer security firm that reverse-engineered Stuxnet in 2010 and also found the latest variant. ...

Cross-posted from Surelist The appearance of a new Android malware family is not that surprising at all today. Especially when we talk about SMS Trojans which are one of the most popular and oldest type of threats created for extracting money from users. A new family of SMS Trojans named Vidro appeared a few days ago but we’ve already collected a lot of APK files with very similar functionality. At the moment all the samples we have found target users only from Poland. ...

h-Online: Citizenlab has released a detailed analysis of the activities of a trojan in which the experts conclude that the malware is most likely closely related to FinFisher, a commercial spyware tool developed by a company called Gamma International. The trojan targeted political activists in Bahrain and included sender names such as that of an Al Jazeera correspondent and subject lines like “Torture reports on Rabil Najaab”. The attached .exe file, disguised as an image, disabled anti-virus software and installed a complete set of spyware programs on the recipient’s PC. The spyware proceeded to monitor, among other things, the victim’s Skype communications including conversations and file transfers. An analysis of the infected systems’ working memory repeatedly produced the “finspy” character string. This name is used by Gamma to advertise FinFisher modules. ...

Time Techland wrote: When I learned this morning, via Twitter, that the small company behind Mac/iOS e-mail app Sparrow was being bought by Google, I almost didn’t need to read the startup’s announcement to know the upshot. Google and Facebook buy itty-bitty web companies all the time. And the acquired businesses typically convey what’s happening in an eerily consistent five-step ritual: Announcement of thrilling acquisition Reiteration of startup’s wildly ambitious founding notion Explanation that either Google or Facebook is the best place to change the world Acknowledgement (or sometimes non-acknowledgement) that the startup’s product is being discontinued or is going into limbo Expression of heartfelt gratitude to various supporters, usually including the consumers who are losing their something they liked So it seems to be going with Sparrow: Its five-person team will be working on Gmail henceforth; the existing Sparrow apps aren’t being discontinued, but they apparently won’t get any updates, either. ...

This article is copied from Softpedia: Researchers from Symantec, Kaspersky and Seculert **have all come across Madi (Madhi), a relatively new piece of malware that mainly targets organizations from the Middle East. ** Before we take a look at Madi and compare it to other infamous Trojans such as Stuxnet, Duqu, or Flame, let’s take a quick look at its name. According to Wikipedia, Mahdi is considered to be the redeemer of Islam who will rid the world of tyranny, injustice and wrongdoings. ...

Is this the perfect recipe for a cybercriminal ?: Hacking LinkedIn’s password (and possibly user-) database. Sending an email to all obtained email addresses, which is urging you to check your LinkedIn inbox as soon as possible. A user unawarely clicking on the link. An exploit gets loaded. Malware gets dropped. Malware gets executed. User’s computer is now a zombie (part of a botnet). I would definitely say YES. A reader of my blog contacted me today, he had received an email from LinkedIn which was looking phishy. We can verify that Step 1 is accomplished, by the simple fact that in the “To” and/or “CC” field of the email below, there are about ~100 email addresses. A quick look-up of a few of them on LinkedIn reveals the unconvenient truth… Here’s the email in question: ...

The H-Online: There have still been no official statements on the causes and extent of the recent password leaks at LinkedIn, eHarmony and Last.fm. A credible source is now reporting that the published 2.5 million Last.fm MD5 hashes, for example, are just the tip of a 17 million hash iceberg. That iceberg has reportedly been circulating since summer 2011.16.4 million of these – 95 per cent – have, the source claims, already been cracked, a claim which, for unsalted hashes, is entirely credible. ...

Copied from H-Online: Source The spyware worm Flame is being billed as a “deadly cyber weapon”, but a calmer analysis reveals it to be a tool by professionals for professionals that doesn’t actually have that many new features compared to, say, the widespread online-banking trojan Zeus. What is Flame? Flame is the code name for a spyware program that is built to be very modular and which is also known as Flamer and sKyWIper. Flame was just recently discovered, and it will be some time before all of its components are analyzed. Anti-virus software companies estimate that Flame has infected about 1,000 computers, mostly in the Middle East. ...

Symantec Connect: The number of different components in W32.Flamer is difficult to grasp. The threat is a well designed platform including, among other things, a Web server, a database server, and secure shell communications. It includes a scripting interpreter which allows the attackers to easily deploy updated functionality through various scripts. These scripts are split up into ‘apps’ and the attackers even appear to have something equivalent to an ‘app store’ from where they can retrieve new apps containing malicious functionality. ...

GFI Wrote: In September, our friends at Sophos wrote about a fake BBC website offering up the “chance” to work from home for predictably large sums of money. No more than a day later, we were covering fake BBC video posts targeting Facebook users. Today we’re looking at a fake BBC URL which drops the end-user onto a “work from home and earn $10,000+ a month” fake news site, but not before it’s attempted to load up the PC with malware via a rather nasty collection of exploits. The URL in question is bbcmoneynews(dot)com: ...