Computer Security Updates Week 2 of Jan 2013

Refer to Computer Security Updates Week 1 of Jan 2013.

Top threats for 2012
  • Koobface - Koobface gang earned millions of dollars every year by compromising computers until Jan 2012 in which they were busted by authorities.
  • OSX.FalshBack.K - affected 700,000 computers all running under Mac OS X in the first half of 2012. aka Trojan-Downloader.OSX.Flashfake.ab [Kaspersky]
  • Trojan.OSX.FakeCo.a - accounted for 52% of OS X malware infection for second half of 2012 - this malicious program masquerades as a video codec installation file
  • Flamer - APT - the most complex malware threat since Stuxnet and Duqu
  • Android.Opfake - Android malware; variant of FakeInst SMS Trojan which accounted for 60% of total Android malware infection
  • SMSZombie - Android malware - infected more than 500,000 devices in China
  • Gauss - APT
  • Shnakule - malnet (malware network); distributed infrastructures within the Internet that are built, managed and maintained by cybercriminals.
  • Gozi Prinimalka - APT 
  • Fakerun1 -  the FakeRun Android Trojan, one of the most widespread in the United States but also prevalent in other countries of the world. [Kaspersky]
  • Fakerun2 - the FakeRun Android Trojan belongs to a vast family of dummy applications that do nothing but display ads that earn money for their creator.[Kaspersky]
  • Plangton - one of the most popular mobile Trojans in Europe is Trojan.AndroidOS.Plangton.a[Kaspersky]




Jan 11, 2013 - Sourcefire: The Discovery of Two New IT Vulnerabilities in 2013

Sourcefire, Inc., a leader in intelligent cybersecurity solutions, today issues a statement shares about the two major and long-standing vulnerabilities were announced in the popular web programming framework Ruby on Rails yesterday.

About The Vulnerabilities

The vulnerabilities (CVE-2013-0155 and CVE-2013-0156) deal with how data passed in by the user is parsed and handled by the Rails application. The second vulnerability (0156) is more severe as it allows for full remote code execution against any Ruby on Rails application that has the XML parser enabled. The vulnerabilities are caused by a common software bug in one of the most popular web programming frameworks that exists in the default install, and this bug appears to allow anyone to execute commands on the web server that hosts the software as well as pull any data out of the backend database that the web server itself can access. This isn’t just a SQL injection.

Vulnerability Remediation

Rails programmers and administrators can address both the vulnerabilities by upgrading to the latest version of Ruby on Rails. For the New versions of Ruby on Rails that address the vulnerabilities, please follow this link.

Jan 11, 2013 - Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B

In the past 24 hours, a new zero-day vulnerability for Java has been found, reported to be infecting even those running the latest version (7u10).

Unfortunately, it has been found in some of the most prevalent crimeware kits being used to infect users with malware, so it is being targeted NOW.

As noted elsewhere, it has already been confirmed to be integrated into Cool EK and NuclearPack exploit kits.

The malicious JAR archives exploiting this vulnerability we've seen so far are detected by Sophos products as Mal/JavaJar-B.

More details.

Jan 10, 2013 - Kaspersky Reaffirms that in 2012, 99% of all mobile threats target Android devices

According to the recently published Kaspersky Security Bulletin 2012, 99% of newly discovered mobile malicious programs target the Android platform, with a very small amount targeting Java- and Symbian-based smartphones. 2012 was the second year to show explosive growth in Android malware. From a negligible eight new unique malicious programs in January 2011, the average monthly discovery rate for new Android malware in 2011 went up to more than 800 samples. In 2012 Kaspersky Lab identified an average of 6300 new mobile malware samples every month. Overall, in 2012 the number of known malicious samples for Android increased more than eight times.

Notable examples of mobile malware
  • Fakerun1 - the FakeRun Android Trojan, one of the most widespread in the United States but also prevalent in other countries of the world
  • Fakerun2 - the FakeRun Android Trojan belongs to a vast family of dummy applications that do nothing but display ads that earn money for their creator.
  • Opfake - trojan-SMS.AndroidOS.Opfake.bo disguises itself as an interface skin, but in fact subscribes the user to costly “premium” content.
  • Plangton - one of the most popular mobile Trojans in Europe is Trojan.AndroidOS.Plangton.a

Jan 9 -2013 - EGUARDIAN Teams Up With McAfee To Bring Security-As-A-Service Cloud Based Solution For Enterprises And The SMB Sector

EGUARDIAN, a leading value added distributor of innovative technology products and services in South East Asia, today announced a partnership agreement to deliver McAfee’s market leading security technologies to customers in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam.

EGUARDIAN, a leading value added distributor of innovative technology products and services in South East Asia, announces a partnership agreement to deliver McAfee’s market leading security technologies to customers in Malaysia, Indonesia the Philippines, Singapore, Thailand and Vietnam.

In an effort to equip large organizations as well as small- and medium-sized businesses (SMBs) against cyber threats, EGUARDIAN will offer McAfee’s enterprise grade, cloud-based anti-virus platform for business users in the region as Security-as-a-Service (SaaS).

More details.

Jan 8, 2013 - Sophos Recognized as a Leader in the 2013 Magic Quadrant for Endpoint Protection Platforms

Sophos announced it has been positioned in the “Leaders” quadrant of Gartner, Inc’s 2013 "Magic Quadrant for Endpoint Protection Platforms." The quadrant is based on an assessment of a company’s ability to execute and completeness of vision.

According to the report, “the endpoint protection platform provides a collection of security utilities to protect PCs and tablets. Vendors in this market compete on the quality of their protection capabilities, the depth and breadth of features, and the ease of administration.”

To download a complimentary copy of this report, click here.

More details.

Jan 7, 2013 - McAfee Predicts Rapid Evolution of Cyberthreats in 2013

In 2013, McAfee Labs expects that threats to mobile devices will become even more of a focus of cybercriminals, the influence of the hacktivist group “Anonymous” will decline, and large-scale attacks that attempt to destroy infrastructure will increase.

Key predictions:
  • Rapid Evolution and Growth in Mobile Malware: 'worms' buying malicious apps and stealing via NFC and ransomware 'kits' to extort payment , blocking security updates
  • Covert and persistent attacks deep within and beneath Windows
  • Rapid development of ways to attack Windows 8 and HTML5
  • Large-scale attacks like Stuxnet that attempt to destroy infrastructure, rather than make money
  • Malware that renews a connection even after a botnet has been taken down, allowing infections to grow again
  • SMS spam from infected phones. What’s your mother trying to sell you now?
  • “Hacking as a Service”: Anonymous sellers and buyers in underground forums exchange malware kits and development services for money
  • The decline of online hacktivists Anonymous, to be replaced by more politically committed or extremist groups
  • Nation states and armies will be more frequent sources and victims of cyberthreats
For South East Asia:
  • Some global cyber attacks have their roots in this region - not only in the economic powerhouses like China, India or Japan, but also in emerging markets like Malaysia or Vietnam
  • South East Asian countries like Indonesia are among the top global victims for server exploit kits like e.g. "Blackhole" - tieing the US for global top spot!

For a full copy of the 2013 Threat Predictions report from McAfee Labs, with additional threats.

More details.

Comments