Computer Security Updates Week 4 of Nov 2012

Refer to Computer Security Updates Week 3 of Nov 2012.  

Gozi Prinimalka

A new APT (Advanced Persistent Threat) was identified; Gozi Prinimalka.

Derived from the Russian word meaning ”to receive” and alluding to a Trojan drop point, the word “Prinimalka” appears as a folder name in every URL path given by the gang over the years to its crimeware servers.

It was planned to target 30 American banks in an effort to complete fraudulent wire transfers via Man-In-The-Middle (MiTM) manual session-hijacking scenarios.

It is also unique in a way that this plan to attack american banks premises on the model of campaign whereby masterminds are recruiting accomplices who are known as botmasters to join the attack. Each botmaster is expected to find own investor who will put down the money required to purchase equipment for the operation (servers, laptops) with the incentive of sharing in the illicit profits.

Investors will eventually make a profit from the funds they will siphon from victims' accounts.
Gozi Prinimalka works on the basis of Man-In-The-Middle (MiTM) manual session-hijacking scenarios.

Unlike those C & C server (command and control) threats such as Flamer and Gauss which malwares would contact C & C servers via dynamic URLs for next instruction, Gozi Prinimalka's servers are man-handled.

It is comparable to Zeus, Citadel trojan horse.

More details.

Gozi Prinimalka now joins the ranks of 2012 most menacing threats which are:
  • Koobface
  • OSX.FalshBack.K
  • Flamer
  • Android.Opfake
  • Gauss
  • MiniFlame
  • Malnet

Social networking protection is part of new Titanium suite: Trend Micro Malaysia

Nov 21, 2012 -Trend Micro's new endpoint protection suite - Trend Micro Titanium 2012 Cloud Edition - now includes protection for mobile devices and social networking, said the security solutions provider.

It features the new Facebook Privacy Scanner for Windows; the only one of its kind in the industry which users can easily monitor their Facebook page settings, identify which settings may lead to privacy concerns and control access to personal and private information.

More details.

Spam in Q3 2012: Spam Flow Falls, but Poses Greater Danger 

NOVEMBER 21, 2012 - Kaspersky Lab analysts continue to observe a downward trend in the share of spam in total mail traffic. Compared to the previous quarter, the volume of spam traffic in Q3 2012 decreased by 2.8 percentage points and averaged 71.5%. At the same time, the experts recorded a significant increase in the share of malicious mailings – from 3% to 3.9% - continuing yet another trend for the year.

To some extent, the decline in the share of spam in the third quarter can be accounted for by the traditional business slowdown in summer. However, the downward trend in the amount of spam mailings is also due to the gradual shift of advertising messages from email to other venues such as banner ads, social media, coupon services, and contextual advertising. Therefore, despite a slight burst of post-vacation activity in September, the overall trend of falling spam levels remained.

Darya Gudkova,
Head of Content Analysis & Research,
Kaspersky Lab

There were a number of changes in the regional breakdown of spam sources in the third quarter of 2012. Among those countries with the dubious distinction of sending out most spam, the US showed unenviable growth, pushing the North American region’s share up to just over 27%. This was sufficient to claim second place behind traditional leader Asia, with the latter responsible for almost half of all spam mailings throughout the world (49.50%). Western Europe (6.86%) pushed past Eastern Europe (3.64%) and took fourth place, catching up with Latin America (7.34%) in third.

“The migration of advertisers from spam to other venues is due in part to the increasing criminalization of spam, with a large number of advertisements for prohibited goods, as well as fraudulent and malicious emails. Over the past year, Kaspersky Lab experts have observed two trends in parallel: a decrease in the percentage of spam and a slight rise in the percentage of malicious mailings. More likely than not, both trends will continue, as the percentage of spam is on the decline due to the migration of advertisers of legitimate goods and services to other venues,” said Darya Gudkova, Head of Content Analysis & Research, Kaspersky Lab

The full version of Kaspersky Lab’s Spam Report for Q3 2012 is available at

RSA Targets Advanced Threats and ‘Account Takeover’ Attacks with New RSA® Adaptive Authentication Solution

November 20, 2012 - RSA, The Security Division of EMC,announced major enhancements to its RSA® Adaptive Authentication On Premise solution designed to help organizations in wide range of industries achieve the right balance of security against advanced threats, like those posed by Zeus, Citadel and the recently discovered Gozi Prinimalka Trojan, without compromising end user experience.

According to recent research by Aite Group, account takeover attacks resulted in over $400 million in losses in 2011, which are expected to grow by 94% to nearly $800 million by 2016. Powered by the RSA® Risk Engine, the RSA Adaptive Authentication solution is engineered to mitigate the risk of account takeover by using a ‘Big Data’ approach to risk, drawing from a series of more than 100 different risk indicators, including device identification and behavior profiling, to validate user activity.

More information.

Scammers take to Instagram

Nov, 20 2012 - The October Symantec Intelligence Report finds that scammers are taking advantage of Instagram’s popularity which has recently crossed the 100 million user mark. The scammers are approaching it from a variety of angles, in much the same way as they have on other social networks.

It all began with users receiving a notification about an Instagram comment. It came from an unfamiliar account, had nothing to do with the photo, and was obviously spam:

Spam Rate: The global ratio of spam in email traffic fell by 10.2 percentage point since September, to 64.8 percent (1 in 1.54 emails). Malaysia is seeing a similar declining trend in October 2012 with a decrease of spam in email traffic by 10.2 percentage point to 65.0 percent from September 2012

Virus rate: The global ratio of email-borne viruses in email traffic was one in 229.4 emails (0.44 percent) in October, a decrease of 0.04 percentage points since September. Malaysia is seeing a similar declining trend as the global ratio of email-borne viruses in email traffic in October 2012, with a decrease to 1 in 444.5 emails in October 2012 compared to 1 in 369.8 in September 2012.

More information.

Sourcefire Brings Big Data Analytics-Based Network Security to Malaysia

Nov 20, 2012 - Sourcefire, Inc., a leader in intelligent cybersecurity solutions, launched its latest FirePOWER™ appliance family in Malaysia, to protect businesses from advanced malware threats.

Key features
  • Cloud based big data capability
  • BYOD protection
  • Wide choices of processing power configuration- from 50 Mbps to 40+ Gbps.
  • New software updates

More information