29 Şubat 2012 Çarşamba
Malicious ads on security websites
��� Perhaps the worst possible scenario is when a bank website is hosting malicious ads: you never know what can be installed and when on your computer if you click on the ad banners. Something similar happens with security websites hosting malicious ads. They are supposed to be for security information. The people browsing such sites trust the content to be safe, but in actual fact because of the ad banners the resources may be anything but trustworthy.
Two Simple Steps to Take Control Over Google?s New Privacy Policy
Google?s new privacy policy takes effect Thursday. What?s new about it?
Now, it allows Google to integrate information it collects about you from all your Google accounts. So instead of treating your YouTube, Gmail and Google+ accounts as separate entities, Google now sees you as just one user. That should make it easier to target you with relevant ads.
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Malicious ads on security websites
��� Perhaps the worst possible scenario is when a bank website is hosting malicious ads: you never know what can be installed and when on your computer if you click on the ad banners. Something similar happens with security websites hosting malicious ads. They are supposed to be for security information. The people browsing such sites trust the content to be safe, but in actual fact because of the ad banners the resources may be anything but trustworthy.
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
Lab Matters - The death of browser trust
In this webcast, Kaspersky Lab senior security researcher Roel Schouwenberg talks about the Diginotar certificate authority breach and the implications for trust on the Internet. Schouwenberg also provides a key suggestion for all major Web browser vendors.
eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri
iPad Release Event on March 7: What to Expect
Apple finally released an official invitation to the press regarding the much-anticipated launch of their newest iPad dubbed as iPad 3 on March 7.
Are Mobile Advertisers Getting Too Aggressive?
Many of the apps we enjoy are free. Well, to call them free is a bit misleading. You pay for the apps by looking at advertisements. This is a platform we should all recognize from the sidebar of Facebook, or Google, or almost any service that doesn’t charge a premium to use it. Advertising has paved the way for many services to gather a huge audience audience and still profit.
On Android and in many cases iOS, the advertisers have gotten very aggressive. They now collect all kinds of data through multiple forms of advertising. I’d like to take a look now at what you can expect.
esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download
Brazilian cybercriminals? daily earnings - more than you?ll ever earn in a year!
��� How much do you earn per day? If we look at how much a cybercriminal from Brazil earns every day, we’ll understand why Brazil is one of the main sources of malware in the world. Brazilian cybercriminals really like to use short URLs to track infections and have their own stats. Here is the profile of one criminal using Bitly as a URL shortening service.
Rootkit:W32/Zxshell.B
Rootkit:W32/Zxshell.B is dropped by Backdoor:W32/Zxshell.A and basically functions as a protection mechanism for its main payload file.
Trojan:SymbOS/ZeusMitmo.A
When installed on a mobile phone, this trojan monitors all incoming SMS messages and acts as a backdoor for receiving commands sent by an attacker via SMS messages.
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
Trojan-Spy:W32/Zbot.PUA
This type of trojan secretly installs spy programs and/or keylogger programs.
Malware increasingly using DNS as C&C channel to avoid detection
The number of malware threats that receive instructions from attackers through DNS is expected to increase, and most companies are not currently scanning for such activity on their networks, security experts said at the RSA Conference 2012 yesterday.
There are many channels that attackers use for communicating with their botnets, ranging from traditional ones like TCP, IRC and HTTP to more unusual ones like Twitter feeds, Facebook walls and even YouTube comments.
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
California AG Kamala Harris on app privacy deal (podcast)
Larry Magid chats by phone with California Attorney General Kamala Harris shortly after she announces an agreement with major app companies to protect the privacy of consumers.
Trojan-Downloader:OSX/Flashback.C
Trojan-Downloader:OSX/Flashback.C poses as a Flash Player installer and connects to a remote host to obtain further installation files and configuration.
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
Worm:W32/Downadup.A
Worm:W32/Downadup exploits a vulnerability in the Windows Server service to spread copies of itself across a network. The worm also attempts to download files from a remote server.
Worm:ACAD/Kenilfe.A
The worm is a malicious AutoCAD program that propagates via removable drives. It also attempts to download Visual Basic Scripts from remote servers, if certain conditions are met.
eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
Worm:W32/Todon.I
Worm:W32/Todon.I is a worm that spreads to new victim machines via infected removable and network drives. The worm also has trojan-downloader capabilities, as it attempts to download additional files from remote servers.
Exploit:W32/MSWord6.Gen
The identifies a Microsoft Word document that has been modified to perform an unauthorized, malicious action.
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
Lab Matters - Cloudy with a chance of stolen data
Director of Kaspersky Lab's global research and analysis team Costin Raiu appears on Lab Matters to discuss the security ramifications of the growing dependence on cloud computing. The discussions center on the convenience of using consumer cloud services and some of the risks involved with outsourcing security to third-parties.
nod32 serialleri esed nod32 indir nod32 serial nod32 güncel keyleri
Trojan-Downloader:W32/KDV-176347
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
nod32 turkce nod32 full indir nod32 full download full nod32 download
28 Şubat 2012 Salı
WikiLeaks plans to release e-mails from security think tank
Embattled document-sharing site says the trove of documents "reveal the inner workings" of Strategic Forecasting, which suffered a hack late last year.
Are Mobile Advertisers Getting Too Aggressive?
Many of the apps we enjoy are free. Well, to call them free is a bit misleading. You pay for the apps by looking at advertisements. This is a platform we should all recognize from the sidebar of Facebook, or Google, or almost any service that doesn’t charge a premium to use it. Advertising has paved the way for many services to gather a huge audience audience and still profit.
On Android and in many cases iOS, the advertisers have gotten very aggressive. They now collect all kinds of data through multiple forms of advertising. I’d like to take a look now at what you can expect.
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
Trojan:Android/DroidKungFu.C
Trojan:Android/DroidKungFu.C forwards confidential details to a remote server.
nod32 turkce nod32 full indir nod32 full download full nod32 download
Spyware:Android/Flexispy.K
Spyware:Android/Flexispy.K is a commercially available monitoring program.
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
Backdoor:W32/Knockex.A
A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.
Windows Security Phone Scam Now Targeting Sweden
Earlier today, I was sitting at home working on a Linux server that was compromised while suddenly, I hear my home phone ringing. Actually, someone has been calling me and just hanging up around the same time everyday for three or four days now. I thought that it was just some telemarketing company profiling me to figure out if I’m home or not, but this time it was different.
When I picked up the phone I heard this guy introducing him as a technician from the Windows Security Support Department. The connection was VERY bad and I could not hear everything he said, I don't know if this was intended or not.
When I started to talk to him he asked me in English with a indian accent if I had a computer at home, and of course I said “yes”. Then he started to explain that my computer had been compromised and that my firewall was just protecting me against external threats and not internal threats. At this time I knew that something strange was going on, and I started to ask more questions about the malware and trying to get more information about them, then at this point he immediately hung up the phone.
Just after he hung up I realized that this was one of those scams where they trick people to install Remote Access software to be able to control the machines. Once they got access to the machines, they install rootkits and obtain full access to your computer.
In the outside world, I this is quite an effective scam because they called me during the day, and I guess the people who are at home by this hour are not your average security researcher from Kaspersky Lab but maybe people who are sick, or the elderly.
I want to warn everyone about these scams, and at this time I can confirm that they are currently attacking Sweden. Previously, such scams appeared to target UK/US users mostly (http://money-watch.co.uk/8183/windows-support-scam-worsens), but it seems their business is expanding.
Please let us know if somebody calls you and claims they are from “Windows Security” (or such) and asks you to install remote access software. Most important of all, do not install the software which they recommend!
Trojan:Android/DroidKungFu.C
Trojan:Android/DroidKungFu.C forwards confidential details to a remote server.
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Yahoo seeking patent windfall from Facebook (AP)
AP - Yahoo is threatening to sue Facebook unless the Internet social network agrees to license some of its patents covering a variety of online services.
eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
Firms embrace Do Not Track for targeted ads only
Privacy advocates say consumers are expecting more from a Do Not Track policy than marketers are willing to give.
Malware wallpaper calendars for 2012
As some of you may remember, during 2011 we published a malware calendar wallpaper for each month of the year.
We're doing so again this year, with updated information from 2011. However, we've decided to take a slightly different approach this year and publish all 12 wallpapers in one place. You can find them all here.
We hope you like this year's designs and find the data interesting.
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
Other:W32/Generic
Other:W32/Generic is a Generic Detection for a wide range of malicious programs, such as trojans, worms and keyloggers.
nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
Oscar's most-TiVo'ed moments from Sunday telecast (Reuters)
Reuters - The people (at least the ones with TiVo) have spoken, and what they're saying is ... they're really interested in Jennifer Lopez's nipple and Gwyneth Paltrow's unsuccessful stab at comedy.
The Top 10 Security Stories of 2011
As we turn the page to 2012, it makes sense to sit back and take a look at what happened during the past twelve months in the IT Security world. If we were to summarize the year in one word, I think it would probably be “explosive.” The multitude of incidents, stories, facts, new trends and intriguing actors is so big that it makes it very hard to crack into top 10 of security stories of 2011. What I was aiming for with this list is to remember the stories that also indicate major trends or the emergence of major actors on the security scene. By looking at these stories, we can get an idea of what will happen in 2012.
Trojan-Spy:W32/Zbot.PUA
This type of trojan secretly installs spy programs and/or keylogger programs.
eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
Trojan-Dropper:OSX/Revir.A
Trojan-Dropper:OSX/Revir.A drops a downloader component that downloads a backdoor program onto the system, while camouflaging its activity by opening a PDF file to distract the user.
nod32 full indir nod32 full download full nod32 download est nod32 serial
27 Şubat 2012 Pazartesi
Hackers target prison system with latest defacement
Large private prison operator has Web site vandalized in protest against politics of incarceration.
The Top 10 Security Stories of 2011
As we turn the page to 2012, it makes sense to sit back and take a look at what happened during the past twelve months in the IT Security world. If we were to summarize the year in one word, I think it would probably be “explosive.” The multitude of incidents, stories, facts, new trends and intriguing actors is so big that it makes it very hard to crack into top 10 of security stories of 2011. What I was aiming for with this list is to remember the stories that also indicate major trends or the emergence of major actors on the security scene. By looking at these stories, we can get an idea of what will happen in 2012.
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
Spam continues to dip but malware marches merrily on
Spam reached its lowest level in years last quarter, but malware surpassed security firm's estimates for the year, says McAfee.
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
Adobe Reader flaw leads to Windows attacks
News in brief: Adobe prepping patch...
(silicon.com - Security)
nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key
26 Şubat 2012 Pazar
Android security: Don't let 2012 become the year of the bad app
Beware the malware lurking on Android Market...
Critical TCP/IP Worm Hole Dings Windows Vista
Microsoft has issued a high-priority security update to fix a pair of "critical" flaws that expose Windows users to remote code execution attacks.
güncel key nod32 full nod32 esed nod32 keyleri esed nod32 key
Peter Cochrane's Blog: Data protection - Who's sticking to the letter of the law?
Apparently, not central government...
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
25 Şubat 2012 Cumartesi
Application:W32/Keygen
Application:W32/Keygen identifies non-malicious files used to emulate a Microsoft Key Management Server in order to use cracked license keys for Windows 7.
Microsoft: Google bypassed IE privacy settings too
Discovery comes just days after Web giant was found to be sidestepping the user privacy preferences in Apple's Safari.
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Trojan:SymbOS/ZeusMitmo.A
When installed on a mobile phone, this trojan monitors all incoming SMS messages and acts as a backdoor for receiving commands sent by an attacker via SMS messages.
Hedge fund nominates five for AOL board (Reuters)
Reuters - Activist hedge fund Starboard Value LP nominated a slate of five candidates to AOL Inc's board, saying discussions with the company in the past two months were unsatisfying.
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
The Mystery of Duqu: Part Seven (Back to Stuxnet)
We have been studying the Duqu Trojan for two months now, exploring how it emerged, where it was distributed and how it operates. Despite the large volume of data obtained (most of which has yet to be published), we still lack the answer to the fundamental question - who is behind Duqu?
In addition, there are other issues, mostly to do with the creation of the Trojan, or rather the platform used to implement Duqu as well as Stuxnet.
In terms of architecture, the platform used to create Duqu and Stuxnet is the same. This is a driver file which loads a main module designed as an encrypted library. At the same time, there is a separate configuration file for the whole malicious complex and an encrypted block in the system registry that defines the location of the module being loaded and name of the process for injection.
This platform can be conventionally named as ‘Tilded’ as its authors are, for some reason, inclined to use file names which start with "~d".
We believe Duqu and Stuxnet were simultaneous projects supported by the same team of developers.
Several other details have been uncovered which suggest there was possibly at least one further spyware module based on the same platform in 2007-2008, and several other programs whose functionality was unclear between 2008 and 2010.
These facts significantly challenge the existing "official" history of Stuxnet. We will try to cover them in this publication, but let us first recap the story so far.
Trojan:W32/Murofet.A
This trojan attempts to download a file (presumably malicious) from a randomly generated domain.
ASP.NET Holiday Patches
It's the end of 2011 as we know it, and Microsoft feels fine finishing out the year with a handful of out-of-band holiday patches. This round is important not because the vulnerabilities directly impact massive numbers of customers and their online behavior on Windows laptops, tablets, and workstations, but because ASP.NET maintains vulnerable code enabling easy DoS of hosting websites, authentication bypass techniques, and stealth redirections to other websites (most dangerously those sites hosting phish and hosting client side exploits and spyware). All of this could curdle your eggnog in the coldest of weather.
eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri
Trojan:JS/Obfuscated.Gen
Trojan:JS/Obfuscated.Gen is a Generic Detection that identifies malicious HTML, Javascripts, PDF, or any scripting files that contain obfuscated code, which may be used by malware authors to evade antivirus signature detection, as well as making malicious scripts harder discover and analyze
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
Android security: Don't let 2012 become the year of the bad app
Beware the malware lurking on Android Market...
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
Code Testing Tools Could Be Acquisition Targets in '08
Interest in building security into the development process could make code testing products into inviting buyout targets.
Exploit:W32/D-Encrypted.Gen
A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
iOS 5.0.1 Flaw Allows Unatuhorized Access to Calls, Contacts
According to a recent report, iOS 5.0.1, released primarily to fix a bug affecting battery life has introduced another bug potentially compromising iPhone owners' privacy.
This newly discovered security flaw apparently allows unauthorised access to an iPhone, including the address book, call lists, and even allows intruders to make phone calls from the hacked iPhone. But before you start panicking - it's not very easy for a hacker to carry out and requires that they have access to your handset.
Kodak � and film � saying goodbye to the Oscars (AP)
AP - Each year at the Oscars ceremony, Hollywood says goodbye to stars and filmmakers who've died. This year, the award show will bid adieu to the Kodak Theatre.
eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
24 Şubat 2012 Cuma
Poor ATM PIN codes give the bad guys a 1-in-11 chance at getting your money
Nearly 10 percent of four-digit ATM PIN codes used for banking purposes could be guessed by an opportunistic thief before the card is blocked, according to research carried out by Cambridge University.
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
Worm:W32/Downadup.A
Worm:W32/Downadup exploits a vulnerability in the Windows Server service to spread copies of itself across a network. The worm also attempts to download files from a remote server.
Microsoft: Critical Vista Patch Coming
Microsoft plans to ship two patches on Jan. 8, 2008 to patch code execution vulnerabilities in its newest OS.
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Kelihos/Hlux botnet returns with new techniques
It has been four months since Microsoft and Kaspersky Lab announced the disruption of Kelihos/Hlux botnet. The sinkholing method that was used has its advantages - it is possible to disable a botnet rather quickly without taking control over the infrastructure.However,as this particular case showed, it is not very effective if the botnet’s masters are still at large.
Not long after we disrupted Kehilos/Hlux, we came across new samples that seemed to be very similar to the initial version. After some investigation, we gathered all the differences between the two versions. This is a summary of our findings:
Let’s start with the lowest layer, the encryption and packing of Kelihos/Hlux messages in the communication protocol. For some reason, in the new version, the order of operations was changed. Here are the steps of processing an encrypted data for retrieving a job message which is organized as a tree structure:
| № | Old Hlux | New Hlux |
| 1 | Blowfish with key1 | Blowfish with new key1 |
| 2 | 3DES with key2 | Decompression with Zlib |
| 3 | Blowfish with key3 | 3DES with new key2 |
| 4 | Decompression with Zlib | Blowfish with new key3 |
Lab Matters - The threat from P2P botnets
Kaspersky Lab malware researcher Tillmann Werner joins Ryan Naraine to talk about the threat from peer-to-peer botnets. The discussions range from botnet-takedown activities and the ongoing cat-and-mouse games to cope with the botnet menace.
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
Two-pronged attack: Argentine site hit by malware and data leak
��� I was browsing through compromised websites used for spreading malware and found one from Argentina which belongs to a veterinary supplier. The admin panel got p0wned and, worst of all, it had a tab with the personal details of people who had posted their CVs (curriculum vitae). So, what exactly has happened? Well, basically lots of confidential information has been leaked and we are talking about home addresses, telephone numbers, details of education centers attended, mobile phone numbers, email addresses, marital status, children and even personal references. This is very bad because the same information can easily be used for all kinds of fraudulent activities: on-line ID theft, targeted attacks and so on. Here are just a few examples of real CVs uploaded and saved on the compromised site:
Trojan-Downloader:W32/Kazy-17907
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
iOS 5.0.1 Flaw Allows Unatuhorized Access to Calls, Contacts
According to a recent report, iOS 5.0.1, released primarily to fix a bug affecting battery life has introduced another bug potentially compromising iPhone owners' privacy.
This newly discovered security flaw apparently allows unauthorised access to an iPhone, including the address book, call lists, and even allows intruders to make phone calls from the hacked iPhone. But before you start panicking - it's not very easy for a hacker to carry out and requires that they have access to your handset.
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
Want to be found on Bing by your Facebook friends? Here's how
Using Bing's new Linked Pages, Facebook users can determine what details about themselves appear in a Bing search.
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Backdoor:W32/Spyrat.D
A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.
Friday Poll: Will the Privacy Bill of Rights matter?
Obama's Consumer Privacy Bill of Rights is designed to address online privacy issues, but wary Web users aren't sure if it will have a real impact.
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Passenger Hacks NYC Taxi Computer System
The problem is more significant than GPS objections, according to the software engineer who hacked the system.
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
JotForm says domain suspended by feds
Company that hosts user-generated forms has domain disabled and is told to call the Secret Service.
Is email about to be deleted? Five predictions for the technology's future
Medium of choice for business comms faces a number of threats...
Patch Tuesday February 2012
Microsoft is releasing 9 Security Bulletins this month (MS12-008 through MS12-016), patching a total 21 vulnerabilities. Some of these vulnerabilities may enable remote code execution (RCE) in limited circumstances, and offensive security researchers have claimed that a "bug" fixed this month should be client-side remote exploitable, but after months of public circulation, there have been no known working exploits.
The prioritized vulnerabilities patched this month exist in Internet Explorer, a specific version of the C runtime, and .NET framework. The Internet Explorer and .NET framework vulnerabilities may result in a potential drive-by exploits, so consumers and businesses alike should immediately install these patches - mass exploitation is likely to be delivered via COTS exploit packs like Blackhole and its ilk.
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
Other:W32/False Positive
This detection was unintentionally triggered on a JavaScript file associated with Google Analytics. A Hydra exclusion for this detection (2010-12-10_01) was released at 0052 UTC on 10th December, followed by an Aquarius database update (2010-12-10_03) released at 0215 UTC which removes the detection entirely. Please ensure your database is updated to resolve this issue.
eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri
Spam continues to dip but malware marches merrily on
Spam reached its lowest level in years last quarter, but malware surpassed security firm's estimates for the year, says McAfee.
nod32 full download full nod32 download est nod32 serial 64 bit nod32
IBM eyes cybersecurity market with new platform (Reuters)
Reuters - International Business Machines is gearing up to take a chunk of the growing Internet security market by applying its data analytics to help companies and organizations fight cyberattacks.
23 Şubat 2012 Perşembe
Trojan-Downloader:OSX/Flashback.A
Trojan-Downloader:OSX/Flashback.A poses as a Flash Player installer, and connects to a remote host to obtain further installation configuration and files.
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
Trojan:W32/Yakes
Trojan:W32/Yakes variants attempt to connect to and download files from remote servers.
Backdoor:W32/Spyrat.D
A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
The where and why of HLUX
This is not the first time the HLUX botnet has been mentioned in this blog, but there are still some unanswered questions that we’ve been receiving from the media: What is the botnet’s sphere of activity? What sort of commands does it receive from malicious users? How does the bot spread? How many infected computers are there in the botnet?
Before answering the questions it’s important to clarify that the HLUX botnet we previously disabled is still under control and the infected machines are not receiving commands from the C&C, so they’re not sending spam. Together with Microsoft’s Digital Crimes Unit, SurfNET and Kyrus Tech, Inc., Kaspersky Lab executed a sinkhole operation, which disabled the botnet and its backup infrastructure from the C&C.
The answers below refer to a new version of the HLUX botnet - it’s a different botnet but the malware being used is build using the same HLUX coding. Analysis of a new bot version for the HLUX botnet (md5: 010AC0BFF69EB945108B57B40A4784BE, size: 882176 B) revealed the following information.
Why?
As we already known, the bot distributes spam and has the ability to conduct DDoS attacks. In addition, we have discovered that:
- The bot is capable of infecting flash drives, creating a file on them called “Copy a Shortcut to google.Ink” in the same way Stuxnet did.
- The bot can search for configuration files for numerous FTP clients and transfer them to its command servers.
- The bot has a built-in Bitcoin wallet theft feature.
- The bot also includes a Bitcoin miner feature.
- The bot can operate in proxy server mode.
- The bot searches hard drives for files containing email addresses.
- The bot has a sniffer for intercepting email, FTP and HTTP session passwords.
Where does it come from?
The bot is loaded onto users’ computers from numerous sites hosted on fast flux domains primarily in the .EU domain zone. The bot installs small downloaders (~47 KB) on the system. These downloaders have been detected on computers in the GBOT and Virut botnets. The downloaders can be loaded to computers within minutes of a machine being infected by the malware mentioned above (GBOT and Virut). This distribution method hinders the detection of the primary bot distribution source.
Bot installations have also been detected during drive-by attacks that make use of the Incognito exploit kit.
The number of computers in the new HLUX botnet is estimated to be tens of thousands, based on the numbers in the approximately 8000 IP addresses detected in operations conducted via P2P.
Where’s it going?
As before, the HLUX botnet primarily receives commands to distribute spam. However, another malicious program, which we wrote about here, is also being installed on the botnet. Its main functionality is fraudulent manipulation of search engines along the lines of TDSS.
The passwords harvested from FTP are used to place malicious Javascripts on websites that redirect users of the compromised sites once again to Incognito exploit kit. Exploits for the CVE-2011-3544 vulnerability are primarily used when the bot is installed during these attacks. In other words, HLUX implements a cyclical distribution scheme just like that used by Bredolab.
Summary
The HLUX botnet, both old and new, is a classic example of organized crime in action on the Internet. The owners of this botnet take part in just about every type of online scam going: sending spam, theft of passwords, manipulation of search engines, DDoS etc.
It is not uncommon for new versions of botnets to appear, and it’s one of the challenges we face in the IT security industry. We can neutralize botnet attacks and delay cyber criminal activities but ultimately the only way to take botnets down is to arrest and persecute the creators and groups operating them. This is a difficult task because security companies face different federal policies and legislation in various countries where botnets are located. This causes the law enforcement investigations and legal process to be a long and arduous process.
We’ll continue monitoring this particular botnet and keep you up to speed with any technical developments.
P.S. We noticed this on one fast flux domain that was earlier spreading HLUX:
It’s not yet clear whether this is the control panel of the HLUX botnet.
Toolbar:W32/MyGlobalSearch
A browser plug-in which provides additional functionality not included in the standard browser. May introduce security risks not present in the standard browser.
nod32 serialleri esed nod32 indir nod32 serial nod32 güncel keyleri
A few reasons to love Spotify's new gapless playback and crossfade features (Digital Trends)
Digital Trends - Today Spotify unveiled a bevy of new features to its music player, including Gapless Playback and Crossfade (you check out a full list of what’s new here). First, a brief explanation of what these tools are:
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
IBM eyes cybersecurity market with new platform (Reuters)
Reuters - International Business Machines is gearing up to take a chunk of the growing Internet security market by applying its data analytics to help companies and organizations fight cyberattacks.
esed nod32 download nod32 serialleri esed nod32 indir nod32 serial
Critical TCP/IP Worm Hole Dings Windows Vista
Microsoft has issued a high-priority security update to fix a pair of "critical" flaws that expose Windows users to remote code execution attacks.
Poor ATM PIN codes give the bad guys a 1-in-11 chance at getting your money
Nearly 10 percent of four-digit ATM PIN codes used for banking purposes could be guessed by an opportunistic thief before the card is blocked, according to research carried out by Cambridge University.
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
Worm:W32/Morto.A
Worm:W32/Morto.A propagates through Remote Desktop Services on Windows servers by brute-forcing the login credentials of the server.
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Malware wallpaper calendars for 2012
As some of you may remember, during 2011 we published a malware calendar wallpaper for each month of the year.
We're doing so again this year, with updated information from 2011. However, we've decided to take a slightly different approach this year and publish all 12 wallpapers in one place. You can find them all here.
We hope you like this year's designs and find the data interesting.
Rogue:W32/SystemTool
This detection identifies a malicious program, typically used to deceive users into purchasing a fake application.
nod32 full download full nod32 download est nod32 serial 64 bit nod32
Rootkit:W32/Zxshell.B
Rootkit:W32/Zxshell.B is dropped by Backdoor:W32/Zxshell.A and basically functions as a protection mechanism for its main payload file.
nod32 full indir nod32 full download full nod32 download est nod32 serial
Trojan-Downloader:W32/Kazy-17907
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Trojan-Spy:W32/Zbot.PUA
This type of trojan secretly installs spy programs and/or keylogger programs.
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
More Bad Drivers on the Information Superhighway
Opinion: In order to prevent bad device drivers from making the system unstable, Microsoft artificially limits the amount of memory available to Windows.
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
22 Şubat 2012 Çarşamba
What do Path's privacy violations mean for Android?
Path's recent privacy violations have stirred up strong words of condemnation from numerous corners. What does it mean, if anything, for Path's Android users?
Exploit:W32/MSWord6.Gen
The identifies a Microsoft Word document that has been modified to perform an unauthorized, malicious action.
Receive pop-up alerts with the Powow: Text Messaging Android app (Appolicious)
Appolicious - Are you sick of the way your Android phone organizes your text messages? The innovative and free Powow: Text Messaging app for Android is a fabulous new way to organize your text messages just by downloading this modern and fun text app.
Trojan:W32/AntiAV
Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.
indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key
Critical TCP/IP Worm Hole Dings Windows Vista
Microsoft has issued a high-priority security update to fix a pair of "critical" flaws that expose Windows users to remote code execution attacks.
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
Exploit:W32/PDF-Payload.Gen
Exploit:W32/PDF-Payload.Gen is a Generic Detection for Portable Document Format (PDF) files that attempt to exploit vulnerabilities in the popular Adobe Acrobat Reader program.
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
Trojan:W32/Yakes
Trojan:W32/Yakes variants attempt to connect to and download files from remote servers.
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
RunAs Radio podcasts you might want to listen to
Hey guys. I noticed Twitter is a buzz with a few podcast interviews I did on RunAs Radio lately. I thought I will post the links for those of you who don't follow such tweets.
There were two interviews I did last month:
The first interview was discussion on free tools available for network monitoring and diagnostics. The second was some in depth discussion on using DirectAccess with Windows 7 and Windows Server 2008 R2. I do hope you find both interviews fun and useful.
Enjoy!
China Telecom to start selling Apple's iPhone 4S
China Telecom said on Tuesday it will begin selling the iPhone 4S on March 9, making it the second carrier in the country to officially sell Apple's popular smartphone.
The agreement opens up sales of Apple's newest iPhone to China Telecom's 129 million mobile subscribers. Rival China Unicom had previously been the sole carrier of the iPhone in China. Analysts said this helped drive China Unicom's mobile subscriber growth. It now has 202.8 million users.
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
Visa criticizes the lackluster security measures for PayPal's new mobile payment platform
After months of trials with NFC-powered mobile payments, PayPal announced earlier this month that it would be abandoning the technology entirely. The company will instead be adopting a mobile payment system of its own, whose security measures are claimed to be unbeatable.
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
Apple iOS developers: We'll adjust to privacy change
Developers say Apple's new mandate won't be too much of a burden, but many will need to modify apps that use address book data.
nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
Microsoft: Google bypassed IE privacy settings too
Discovery comes just days after Web giant was found to be sidestepping the user privacy preferences in Apple's Safari.
Trojan-Downloader:OSX/Flashback.B
Trojan-Downloader:OSX/Flashback.B poses as a Flash Player installer, and connects to a remote host to obtain further installation configuration and files.
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
Symantec pcAnywhere Remote Attack Code Surfaces
Code has been published that attackers could use to crash fully patched versions of pcAnywhere on any Windows PC, without first having to authenticate to the PC.
DDoS attacks spread to vulnerable IPv6 Internet
The next-gen Internet, still immature, is now a pathway for Net attacks, a study finds. Also, ideology has become the primary reason for DDoS attacks.
Company sues Apple over iPad name in Shanghai (AP)
Kaydol:
Kayıtlar (Atom)