July 27, 2012
Malware, much like all weapons, evolve based upon multiple factors, be it the protections of their intended target, the weapon operator and their organization or the general intent that it was created for. Unlike most weapons though, malware evolved with a pattern closer to that of a biological disease. Early variants were created and most of them failed, however useful traits were passed on to new generations of malware and as time went on, only the most stealthy and ruthless malware survived. This blog post is a quick summary of malware through the years, from its early origins in the late 60’s to the “super –malware” we all know and fear today.
March 20, 2012
In the beginning months of every year, the people fighting the good fight against internet crime converge upon the Moscone Center In San Francisco. The RSA Conference is an event that brings huge amounts people from around the world together, over 200 sessions, 450 speakers and 350 security-focused exhibitors, for a week to focus on making the internet a safer place for governments, businesses and people. It’s the largest Security conference in the world and merges the business with the science of computer security, where @InfoSpyware was present!
The past year has been a year where information insecurity has been thrust into the lives of the common person. From changes in the way we use the internet, through mobiles, tablets and cloud services, to high profile security breaches from Sony, the FBI and RSA itself, to the relentless hacktivism of Anonymous and the nowpossibly-defunct Lulzsec, to the misguided efforts of governments with SOPA and PIPA, there has never before been such a time where something that is so pervasive in our lives, has changed so rapidly.
July 28, 2011
Where does your malware come from? How does it get to your computer? It is not like there is some magical, malicious stork that comes and drops off some demented baby into your operating system that makes it join a botnet at knife point. There is no stork, there is no baby.
Blue Coat security released an infographic this morning that makes it easy to understand how your computer is becoming infected with malware and what botnets are delivering it. For instance, did you know that "image search is the most dangerous activity users can engage in on the web"? Or that Shnakule is the biggest malware network out there currently with an average of 2,001 unique hosts a day? Hit the jump for the full infographic.
In terms of attack vectors, search engine poisoning is by far the most predominant form of malware delivery on the Web. Email is the next biggest at 6.9%, with porn and social networking close behind at 6.7% and 5.2% respectively.
June 30, 2011
‘Butterfly bot’ kit steals financial information, but its licensing model could ultimately lead authorities to its newest botmasters.
A financial-fraud botnet built with the same malware kit used in the now-defunct Mariposa botnet remains active after arrests this month of two Eastern European men who allegedly ran it.
Researchers at Unveillance, Panda Labs, and Damballa have been studying the botnet, which has been dubbed “EvilFistSquad” by Damballa and “Metulji” by Unveillance and Panda, for some time now. Unveillance and Panda Labs today announced that the botnet has hit businesses and individuals across 172 or more countries, including the U.S., Russia, Brazil, China, Great Britain, India, and Iran. The botnet uses the Butterfly Bot Kit, a.k.a. Palevo, Pilleuz, and Rimecud, the malware that was used by the Mariposa botnet.
April 19, 2011
AV-Test, one of the most influential independent labs for testing, certification and comparative analysis of IT security products, as usual, has issued its first report of the year, certifying 17 out of 22 of the Best Antivirus products for Windows 7 in 2011. AV-Test certifies Antivirus or Security Suites that achieve a cumulative score at least 11 of the 18 total possible points based on protection, repair and usability.
To evaluate protection, AV-Test used static and dynamic malware found in the wild, including 0-day attacks. To test repair functionality, previously infected test systems were subjected to an exhaustive analysis and for determining usability, the number of false positives and system latency during virus scans were tested. These tests were performed on 32-bit Windows 7 systems.
The 17 certified AVs from AV-Test are: Continue reading »
March 29, 2011
There has been much attention placed on Stuxnet by the world media since it was widely reported in the summer of 2010. As we have seen the evolution of malware from mere annoyance, to organized crime over the years, Stuxnet marks the first known targeted malware attack designed to damage physical property, capable of destroying buildings, machines and even eventually killing people. We have seen as in recent events in Japan, that compromised infrastructure can pose serious problems to regional and national governments over a significant period of time, and can be effective targets in this new front of warfare. Continue reading »
March 5, 2011
Today the vast majority of consumer banking and bill payment is done online. Due to the fact that online transactions are growing in volume, malware authors are increasingly focused on developing malicious software designed to steal personal data from infected PCs.
A online black market exists where different crimeware packages (Kits for the creation of malware) are for sale. These kits can build personalized Trojans, capabable of escaping dection from antivirus scanners, and have some interesting functionalities that help them to steal data, while protecting themselves from AV and other malware.
The two most popular botnet packages available have been the ZeuS and SpyEye crimeware families. In late 2010, the creator of ZeuS decided to halt development of the trojan and opted to sell the source code to their former rivals at SpyEye. These new ZeuS/SpyEye hybrids have already been seen in the wild, and the combined botnet is now believed to be one of the largest and most active data-stealing botnets in the world.
February 18, 2011
While at the RSA 2011 Conference in San Francisco we caught up with Eddy Willems, influential malware expert, co-founder of EICAR, AMTSO committee member, and currently Security Evangelist for G Data, a German antivirus vendor that has recently been raising its global profile. We were interested in G Data’s recently released Half-yearly Report 2010, and wanted to speak with him about it.
February 16, 2011
Free software giant AVG released today a free self-audit tool to help small and medium businesses gauge their security needs. The tool, named AVG Online Security Audit, creates customized reports and recommendations for small and medium businesses who typically have a small or nonexistent IT staff. In creating the reports, AVG hopes to educate and inform business owners as to specific internet risks facing their business.
According to AVG’s SMB Market Landscape Report 2010, small- and medium-sized businesses are becoming victimized by cybercriminals at an increasing rate; a full 25% have experienced a data breach, while 14% were using no antivirus whatsoever.
The AVG Online Security Audit can be found along with guides, videos and tutorials designed to help SMBs protect themselves at AVG’s Business Resource Centre.
February 14, 2011
It’s that time of year again, where the world gets together to speak about security in all its forms. One issue that is clearly on the mind of security researchers we have spoken to, is the appearance in the wild of the new and improved SpyEye supertrojan, which is now making the rounds months after merging with Zeus.
There is no consensus as to the actual danger presented by this super crimeware family, relative to lesser-known variants, but its sheer size guarantees that it will continue to be closely watched by a large number of security firms and analysts.
Will SpyeEye be one for the record books, or will it get caught in its own hype cycle? We will be speaking with a variety of different firms this week for some expert opinions.