Security

One of the issues malware writers deal with is having their programs load and execute on a victim’s computer. An unwary victim may click on an email attachment and have the malware run once. But in order to continue to be of value to the author, that piece of malware has to arrange for itself to be run after the computer inevitably gets rebooted. There are several well known ways to accomplish this task. The problem here is these methods are well known and security software know where to look. Which brings us to the topic of this blog entry. We recently came across a hacked copy of imm32.dll which is Microsoft’s Input Method Manager library. The authors inserted an extra imported library into the file’s import directory. The extra library name starts with “net” and the imported function name is randomized. ...

The 2010 Winter Olympics were held in Vancouver, Canada, from February 12-28. With more than 82 countries participating and millions across the globe catching day-to-day action, it was sadly quite obvious that we would see spam attacks centered on this event. However, the volume of spam relating to the Winter Olympics is actually very low, which is unlike the Beijing Olympics, when spam campaigns had started way before actual event. In the case of the Winter Olympics, spammers seem to be only now waking up from their slumber. ...

It’s time for your daily dose of “spot the fake program / avoid the fake program”. What is it this time? Well, if you have family members who are into webcams and chatting you might want to point them to this writeup because a new challenger has entered the ring: Yes, “Chat Cam” is a rather smart looking (and entirely fake) program designed to make end users think they’re taking part in a large community of webcam owners. Clearly, the creator had the recently launched Chatroulette in mind when they made this one (if you’re not familiar with it, Chatroulette is a site where you jump from webcam chat to webcam chat over and over again, all within one large community of strangers. In practice, you tend to mash the “Next” button endlessly as one “chat” after another fails to materialise). This is what Chatroulette looks like – you’ll notice the similarity as we move further into the writeup: ...

It’s been over a year since we first started seeing the familiar Windows XP My Computer page where it appears your drives are being scanned and it reports a bunch of non-existent malware on your computer. Yesterday I was investigating the latest hot news item where there was a FAMU (Florida Agricultural and Mechanical University) sex tape released on the internet and sure enough I found many SEO poisoned links claiming to have the video. Imagine my surprise when I saw the following. ...

Symantec has been observing several spam and phishing attacks regarding the recent Valentine’s Day. One such phishing attack was on an e-card website that asked for user credentials in order to send Valentine’s Day greetings to loved ones. The legitimate e-card website has partnerships with several other brands and so accepts credentials from certain other websites as well. Hence, attackers can steal user information from several brands’ sites by phishing on just one e-card website. This particular attack asked for users’ credentials for a popular information services website. The phishing domain was hosted on servers in China and has been reported as “domain tasting.” Domain tasting is a situation in which a domain name is used for a small period of time and is checked to see if it is making enough money. If it doesn’t earn enough, the domain name is deleted and the registrant is refunded the entire registration fee. This is a technique used by attackers to perform phishing activity for small periods of time at low costs. ...

Readers may well have read some of the news stories posted after yesterday’s news concerning the take down of the “Mariposa” botnet. So what is Mariposa? Mariposa is the name given to a particular botnet that started getting some attention during the first half of 2009. The botnet was dubbed Mariposa thanks to the name of one of the C&C servers that is used: butterfly dot sinip dot es since Mariposa is the Spanish word for butterfly. ...

How many web sites do you log into? Your bank? Facebook, Myspace and any number of other social networking sites? Auction sites? Shopping sites? Maybe lots of others too. Every site, of course, requires you to create a password. And if the site is serious about security, it may even set certain rules. For example, it may insist that your password is at least eight characters, or must contain non-alpha-numeric characters, or must use at least one uppercase letter, etc. ...

The U.S. Census Bureau is warning of phishing and other scams that are using the 2010 Census as bait. Here is the warning from the bureau’s web site: If you are contacted for any of the following reasons — Do Not Participate. It is NOT the U.S. Census Bureau. Phishing: ‘Phishing’ is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, social security numbers, bank account or credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email and it often directs users to enter sensitive information at a fake web site whose look and feel are almost identical to the legitimate one. ...

Right! A site registered in the state of “Taliban.” You’re really going to go to a site with this registration: Nice work SANS. Thanks to Daniel Wesemann at SANS: http://isc.sans.org/diary.html?storyid=8350

Want a place to check the legitimacy of a charity? “Founded in 2001, Charity Navigator has become the nation’s largest and most-utilized evaluator of charities. In our quest to help donors, our team of professional analysts has examined tens of thousands of non-profit financial documents. As a result, we know as much about the true fiscal operations of charities as anyone. We’ve used this knowledge to develop an unbiased, objective, numbers-based rating system to assess the financial health of over 5,000 of America’s best-known charities.” ...