Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 |Tue, 24 Nov 09
Rogue Antivirus Optimized for Windows 7
http://pandalabs.pandasecurity.com/archive/Rogue-Antivirus-Optimized-for-Windows-7.aspx
I came across an interesting Rogueware campaign while
researching the ongoing Black(hat) Friday SEO campaign. Unlike the typical Rogueware
attack, the cyber criminals behind this one have already optimized the campaign
to take advantage of users of the brand new Microsoft Windows 7 operating
system by emulating its look and feel.
As you can see from the screenshot above, the website
creates an exact replica of the Windows 7 explorer shell. In addition to the popup, the site is
configured with a white background in order to create the illusion that the “Windows
7 popup” is not in the foreground of the website, but rather a separate process
running on the computer itself. Both techniques
are devilishly deceiving and might even fool an expertly trained eye.
Sat, 21 Nov 09 If you plan on shopping online for "Black Friday", or "Cyber Monday", you might be in for more than you bargained for.  Cyber criminals behind the Rogueware epidemic have their blackhat SEO campaigns optimized to take advantage of deal seekers looking for advertisements online.  One misstep and you just might find yourself staring at a scareware site designed to trick you into believing that your computer is infected. Google Search:
Black(hat) Friday
http://pandalabs.pandasecurity.com/archive/Black_2800_hat_2900_-Friday.aspx
Fake Antivirus Page: We are constantly monitoring this and other Blackhat SEO campaigns to protect our customers against the latest malware attacks on the Internet. If you are not a customer yet, we recommend at least installing our free Cloud Antivirus protection. We also recommend adding an extra layer of browsing protection with safer browsing technology, such as the community driven system provided by our partner, Web Of Trust. 
Fri, 13 Nov 09
See how the Rick Astley iPhone hack attack works
http://pandalabs.pandasecurity.com/archive/This-way-works-the-worm-for-iPhone.aspx
We have created a video on how the iPhone/Eeki worm targeting iPhones works.
You can see it here:
As you can see in the video, this malware first checks it is not already running on the device. To do so, it checks whether the following file exists:
/var/lock/bbot.lock
This may help you know if you are infected; if the information is in your device, it means the worm is there.
Next, it changes the device host and stops the SSH daemon.
It then tries to spread on the subnet the phone is connected to and tries to create a random IP range. It tries pre-established ranges corresponding to certain companies’ IP addresses:
Once the IP address is created, it remotely accesses the jailbroken iPhone device, establishing an SSH connection and using the default root key, included in all iPhoneOS devices (1G, 2G and 3G Iphone and ipod touch devices). If access is denied, it tries to create a random IP again and repeats the process until it obtains a valid IP from a vulnerable victim.
Once the victim is found with the previous credentials, it obtains a remote session and copies itself to the affected phone, adding:
/System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
/System/Library/LaunchDaemons/com.ikey.bbot.plist
to run on restart.
It stops the SSH service that has caused the infection. Finally, it copies a photo of Rick Astley and uses the image as the device wallpaper.
“Thanks to Gorka Ramírez and Francisco Berenguer for the information and the video”.