It looks like China is becoming a hotbed for malware and malicious websites (those sites that push malware infections via browser exploits).
They often used to be found in Korea and Taiwan and parts of Eastern Europe. According to the latest data more than half of the sites are now located in China.

More than half of [...]

Another one bites the dust with another reasonably hefty sentence, this time a botherder or botnet master.
Just under 4 years and a big chunk of change as a fine, I guess he probably has plenty of cash stashed somewhere though. These guys can really rake it in with their mass infectors of doom.

A US-based hacker [...]

Another new development in the malware arena, this new version of Zlob will actually log onto your router and change the DNS settings to hijack your traffic.
Pretty interesting approach and it will work because 99% of people won’t change the default password on their routers. Let’s face it, have you changed it?

A new Trojan horse [...]

Malware authors are getting sneaky again, in the latest turn of events they have started encrypting your files and holding them at ransom!
You have to pay up to get the ‘decryptor’ and get access to your files again. This is pretty dangerous…and cunning too. It’s not easily broken either, they are using RSA 1024-bit encryption!

Kaspersky [...]

Now this is an interesting turn of events, the Asprox botnet malware is being used to spread SQL Injection tools rather than sending out phishing e-mails as before.
It seems to install quite stealthily as well disguising itself as a Windows Service with a fairly convincing file name. It’s certainly interesting to see the evolution of [...]

Now this is a pretty interesting contest from the guys at Defcon, antivirus evasion! It’s a question that gets asked a LOT…how do I avoid AV?
There are various ways to do it and I’ll be interested to see which are used in the contest, the most elegant solutions of course get better prizes.

Security firms have [...]

It looks like someone is going after the bad guys in a new way, by hacking them back! It’s no news to us that many hacking tools and script kiddy trojan kits are badly programmed..a lot of them have back-doors and the client-side tools have easy exploits that enable you to take over the ‘hackers’ [...]

We wrote a while back about a new wave of sophisticated botnets, which were predicted to overtake Storm and become the largest infectors online.
It seems like it’s come true, after extensive research Damballa has uncovered the biggest botnet ever, which at present has over 400,000 unique IPs (in a space of only 24 hours) which [...]

These spammers and scammers are getting rather clever, and very sneaky. This is still epedemic and seems to be happening more and more. It takes a re-write of many of the large sites online..which frankly isn’t going to happen is it?
It just shows once again the spammers will think of all kinds of weird little [...]

It seems the VX groups are all destined to die out slowly, viruses for fun, learning and definitely not profit are on the way out. Like many other things its become a commercial market.
The top infector this month being Adware for the first time ever, not a virus. 29A is one of the old skool [...]

It seems like botnets are getting more sophisticated - we thought the Storm Worm was pretty hot, but some of these new contenders are showing the guys on the dark side has some advanced understanding of technology and the architecture many companies use…this enables them to get deeper inside and remain undetected

Researchers have unearthed two [...]

Hacking for money again? Well not really in this case, more like script kiddying for money - modifying an ‘off the shelf’ malware/bot package to evade detection and then cashing in on spamware affiliate fees.
I guess they could have made much with a 400,000 bot network - by renting it out for DDoS attacks to [...]

After banning hacking tools it looks like the German police are looking into digital wiretapping and creating ‘whitehat’ trojans for monitoring the bad guys…
Of course they define who the bad guys are, and according to law 202(c) it could be us..
This is very definitely questionable when it comes to ethics, it’s almost as bad as [...]

Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on.
The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more likely [...]

It seems like malware pushers have found another avenue to delivery their payloads, Embassy websites. Which makes sense as they are probably not maintained well nor updated often meaning the chance they are easily compromised is quite high.
Plus a lot probably use off the shelf CMS software, which when not updated is a playground for [...]

Ah I remember some of the nastiest viruses back in the day attaching themselves in the MBR (Master Boot Record) rendering most anti-virus software useless (as it sits on top of the OS).
Now it seems MBR infection is back in fashion for a new age of rootkits.

Security mavens have uncovered a new class of attacks [...]

So facebook has finally fallen victim, after the recent Orkut worm now we have malware infection from Facebook, an application called Secret Crush. The application was renamed as My Admirer but that seems to be gone now too.

The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret [...]

We’ve covered quite a few Storm stories - now it seems there is a new player in town, which could possibly the most advanced malware and botnet instigator so far.
It’s also something I’ve predicted before, peer to peer malware networks running without a command and control server, no single point of failure and much more [...]

Storm is back in the festive season spreading some xmas and new year love. They even have a new year greeting site ready for spreading New Year related Storm Worm variants.
Social Engineering again, people are always more susceptible during holidays, I guess they are happy and less paranoid.

The Storm Worm gang are spreading seasonal ill-will. [...]

It looks like the malware guys are indeed getting more tricky, and this time it has an effect on multiple parties. It deprives Google of the impressions from the adverts and potentially can infect surfers with some nasty malware.
Again it’s using the hosts file, redirecting Google’s own ads to those from a nefarious source.

A security [...]

A new worm has hit Google’s Orkut and it seems to be hitting it pretty hard, it’s infected via the scrapbook feature and is adding hundreds of thousands of users, similar to the Myspace worm (Samy) that hit in October 2005.
It seems to be fairly unmalicious, more of a ‘look at me - see what [...]

It looks like there is a fairly serious vulnerability in some of the popular media player packages out in the wild packaged as a MP4 file (due to the MP4 codec from 3ivx), it effects Windows Media Player 6.4 and Windows Media Player Classic, which are made by Microsoft, and AOL’s Winamp version 3.5.
All the [...]

It seems like malware numbers are going up, rather than down as I would expect. But then if you think about it as a numbers game, the more people that come online - the more in absolute terms that are going to have nefarious intent. This means more hackers, more script kiddies and more malware.
It’s [...]

Ah it seems some companies are having the same idea as me, consoles might well be the next infection vector for zombie style botnets, they have good processing power, the current generation has ample hard-drive space and they are network connected.
The difference with consoles is they tend to be turned off when not in use [...]

So what’s coming next, after Storm you might ask. You might remember Storm Worm Descending on Blogspot recently and other news about Botnets spiraling out of control accounting for almost 25% of online computers.
Well apparently next will be p2p or peer to peer Botnets which could literally blow Storm away.

You know about the Storm Trojan, [...]

We recently reported on thousands of people being hooked by big sites distributing malware, it now seems Doubleclick was the one at fault.
It’s a pretty neat trick and a good spin on Social Engineering leveraging on the trustworthy nature of the sites.
CNN even?

Rogue anti-spyware software that pushes fraudulent PC scans has found its way [...]

Apparently he stopped his naughty activities back in 2006, but still…a guy that is supposed to securing machines was installing malware and had a bot totaling about a quarter of a million zombies.
Most used for info gathering, Paypal accounts and installing Malware for comission, he claims to have made $19,000 in a week installing TopConverting [...]

If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting.
It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data.
A subtle form of social engineering too, by leveraging on [...]

This is not exactly new news either, these kind of toolkits have been on sale for a long time, virus generators, trojan toolkits, now they are getting more polished, more stream-lined, more expensive and more easily available.
News of them is hitting the mainstream media..

Malicious hackers are producing easy to use tools that automate attacks to [...]

It seems like spammers, scammers, phishers and now malware authors are starting to leverage blogs more and more, especially Blogger/Blogspot as Google tend to be quite slow in responding and sometimes don’t respond at all.
This makes it an ideal platform for dodgy behaviour as the crooks have adequate lead time to con/infect people before they [...]

An interesting happening this week, some ISP’s have been jacking the DNS entries for certain IRC networks to crack down on zombie/bot infections.
Is it ethical? Should they be doing this to their users?
I first got wind of this from a post on Full Disclosure mailing list from an IRC network administrator.
You can read that e-mail [...]

Recently a new Trojan popped up that mimics the Windows activation interface, phishing for credit card details and even the PIN number.
The Trojan itself isn’t particularly advanced technically, it’s mostly just a social engineering attack.

Symantec is reporting on a Trojan horse that mimics the Windows activation interface.
What they are calling Trojan.Kardphisher doesn’t do most of [...]

At Black Hat Europe (in Amsterdam) security experts from India (Nitin and Vipin Kumar of NV labs) demonstrated a special boot loader that gets around Vista’s code-signing mechanisms. Known as VBoot and launching from a CD and booting Vista it can make on-the-fly changes in memory and in files being read.
In a demonstration, the “boot [...]

More Google News this week after Google Launches Online Security & Malware Blog, now they have acquired a web security startup called GreenBorder.

Google Inc. said on Tuesday it has bought Internet security startup GreenBorder Technologies Inc., which creates secure connections to protect e-mail and Web users from malicious or unwanted computer code.
Terms of the deal, [...]

I have noticed an increase in Spam activity lately, especially in Spam blog comments there has been a noticeable surge in the frequency and number.
That’s why we’ve implemented stricter measures against spammers on Darknet and our other sites.
It seems there has been a big raise in the number of bot infected systems, so it’s suggested [...]

It seems like people that make malware are getting more specific nowadays, the are no longer writing random self-propagating worms or trojans just for the sake of knowledge or notoriety.
Far more common nowadays is malware for specific purposes to capture login or banking details for certain sites or organisations.
This time it’s a custom trojan targetting [...]

It’s a scary thought to find out perhaps a quarter of Internet connected machines could be zombies…The sad part is, I think it could well be true, as most of the non tech savvy Internet users I know still use Internet Exploder and their machines are riddled with crapware, trojans, viruses and spyware.
Imagine how many [...]

Ah another trojan, this time targeting MSN Live logins for. The trojan has been made public by some kind citizen calling himself “Our Godfather” on the BitTorrent network.
The sad thing is…I guess it works and hundreds of people will have installed it.

Malware designed to steal users’ Windows Live Messenger password has been released onto the [...]

A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.
Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by [...]

An Austrian web site called AV Comparatives has done an ‘independent‘ test of 17 different Anti-Virus products and released the results online.
On this site you will find independent comparatives of Anti-Virus software. All products listed in our comparatives are already a selection of some very good anti-virus products. In order to get tested by us, [...]

Ah the logic bomb, a source of humour for many due to it’s frequent showing up in ‘hacking’ movies, and it’s complete mis-use.
ZOMG THE LOGIC BOMB IT’S GONNA PWN US ALL!

A former UBS PaineWebber employee was sentenced to eight years in prison on Wednesday for planting a computer “logic bomb” on company networks and betting [...]

Criminals are not stupid, cyber criminals are the same breed, perhaps even smarter than the traditionalists as they are utilising new ways of doing the same old tricks online.
Now the online criminals are recruiting fresh grads to help them push the boundaries further.

Organised crime is “grooming” a new generation of would-be cybercriminals using tactics which [...]

Social Engineering again, someone praying on xmas spirit and good will to spread their filthy malware.
It quite often happens during festive times, someone hatches a new worm and sends it out packaged as a jolly xmas card or game.

A significant worm outbreak over the new year festivities has put paid to the notion we’ve seen [...]

A new worm is spreading fast on the Skype network, it’s activated by a malicious Skype Chat link and it has been seen in the wild in numerous places.
Apparently the dangerous link starts with “Check this!” pointing to a .org/.biz address, if you click the link you’ll become infected.
There have been no reports of unpatched [...]

UK Police have uncovered a fairly massive data theft operation with a total close to 8,500 victims.
It’s quite worrying when things like this are uncovered as if 1 is uncovered or discovered…imagine how many aren’t found out about, just like exploits.

British electronic-crime detectives are investigating a massive data theft operation that stole sensitive information from [...]

0×00: Preface
Media, kindly supported by AV “experts”, drawn apocalyptical vison of desctruction caused by stupid M$ Outlook / VisualBasic worm, called “ILOVEYOU”. Absurdal estimations - $10M lost for “defending the disease”, especially when you take a look at increasing with the speed of light value of AV companies market shares, made many people sick. Lame [...]

This is pretty funny, but frankly typical of McDonalds..act before they think, it’s cheap, it’ll get more customers, whack it out!
They gave out a bunch of flash drive mp3 players as a promotion, it turns out every single one was loaded with a fairly nasty piece of spyware!

McDonalds Japan has launched a recall after discovering [...]

Hackers are switching targets now, companies are getting too hard to break into due to the availability of decently configured perimeter kit like firewalls and IDS.
Plus the information they do get if they manage to break in is often worthless commercially and really not worth the effort.
So instead, they target the end user, home bankers, [...]

Cyber and computer laws are always a grey area, they tend to be very vague and don’t cover specific technologies.
Spam is a good example, look at how long we’ve been getting spammed, and it’s been a SERIOUS problem for at least the last 5 years, spam legislation has only started coming in to effect in [...]

For those that didn’t see, there is a new all singing all dancing ‘light-weight’ Codec in town that is actually a trojan.
Indeed it’s not the first time we’ve seen this kind of thing.
The zCodec software actually messes with your DNS settings.

Users looking for the latest and greatest video software may not just be in danger [...]

It’s good to see work on open source tools in the countermeasure department aswell as the attack and penetration arena.
It’s a shame since Snort and Nessus have gone semi-commercial.

I hope more people invest their time in good IDS, Firewall and IPS systems, I love things like IPCop and hope to see more products like HLBR.
HLBR [...]

This effort started quite a long time ago, I was just checking up to see how they were getting on, but there’s not much news of their progress.
perating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable [...]

Ethical debates are always interesting, and people have gotten in trouble lately for reverse engineering and various other branches of research.
This is a fairly old topic, but as I’m clearing out some old drafts, I still find it an interesting one.
There’s been an ongoing debate in security circles concerning how security researchers should disclose vulnerabilities [...]

Sometimes doing good can help bad things propogate, sometimes it’s good to consider the big picture and the repucussions of your charitable actions.
This is a case where such logic rings true.

Programs to send PCs to third world countries might inadvertently fuel the development of malware for hire scams, an anti-virus guru warns.
Eugene Kaspersky, head of [...]

Ah, here at Darknet we have always been a fan of Sophos and the way they operate, a very efficient company and good to see good technical products still coming out of the UK!
Another good move by them, they have decided to offer a free rootkit detection tool called Sophos Anti-Rootkit..Yah I know, not a [...]

Malware herders are speeding up, the first wave is already here for MS06-40.
It’s basically a variant of some old malware suited to the new vulnerability. Same old story then, same packer, technique, new exploit.
Same as the days of autorooters.
It’s basically the Mocbot trojan that was used in the Zotob worm attack in August 2005.

The first [...]

The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. The trojan installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks.

It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. The [...]

Spyware companies are apparently netting HUGE profits, it doesn’t surprise me though with the amount of people that actually install the crap on their machines..
Let’s say we don’t like companies like Direct Revenue very much though.

Consumers have strong opinions about Direct Revenue’s software. “If I ever meet anyone from your company, I will kill you,” [...]

This is an excellent case of Social Engineering, you could also consider it playing on human greed/ignorance/stupidity.
Whatever you want to label it really
USB drives are a real security risk..

We recently got hired by a credit union to assess the security of its network. The client asked that we really push hard on the [...]

Botnets are indeed a growing problem, we’ve seen serious cases of DDoS extortion, the most recent example would be the attacks against the ‘million dollar homepage’ and the problems it caused the owner.
Botnets have been used for quite some time as spam networks and mostly for script kiddies to have DoS wars on IRC networks, [...]

Seems like someone sneaked past the LiverJournal advertisers policy by only trying to infect Australian and European users.
A certain advertiser (kpremium.com) - being sneaky and underhanded. It’s not LJ’s fault, LJ already disabled the advert from rotation.

The ad itself is for a program that lets you download stuff - you know the sort of thing. [...]

Botnets and organises cybercrime is getting more prevalent, it seems it’s increasing exponentially despire crackdowns by the US governments and other organisations.
The criminals are getting more advanced, phishing scams are getting more realistic, technically trojans are getting more effective and the groups are getting really organised.

Cybercrooks are organizing better and moving to more sophisticated tactics [...]

So just a few days about there was a new MSN Worm - BlackAngel.B, before that the Yahoo! e-mail worm, long before that of course the MySpace worm and a few others not notable enough to mention.
And of course plenty of nasty Trojans.

A new Internet worm capable of stealing bank details and other personal data [...]

Well this week there was a Yahoo! Email worm, now also follows a vindictive new worm targetting MSN called BlackAngel.B. The reports come from the anti-virus software company Panda Software.

When activated the worm delivers a fateful terror message and then attempts to disable any protection software such as anti-virus, firewall or Windows system applications like [...]

Aha! Trojans strike again. Really, I still think it all comes down to education, it doesn’t seem to be a targeted attack though.
Just a random infection from your average porn site Trojan.

Electronic files containing personal data of up to 2,200 Oregon taxpayers may have been compromised by an ex-employee’s unauthorized use of a computer, the [...]

Well it is for me, and I guess anyone who consider themself a career hacker, or at least has a serious interest..
As a few good trojans are open source (Back Orifice?), you can just mess around with them for a while until you reach the point they are no longer detected by any of the [...]

Apologies for the lack of updates for the past few days, I had to go abroad for an important assessment
It’s sad how people can pray on things as terrible as disasters to make a quick buck, but well we have to face the facts that they do, and will.

And as it seems, they [...]

Ah this is almost like Ransomeware again, messing up your machine then extorting money from you.

Make sure you educate your non tech savvy relatives about such threats, spyware, adware, trojans and worm type viruses. Education is THE most powerful defence against malware and computer security incidents.
Some simple patching, a free Antivirus protection like Avast! Using [...]

The shocking statistic first, “56% of consumers do not have active anti-virus on their PCs”, ok not that shocking but still a bit worrying. Allthough asking if your average user doesn’t protect themselves on the internet conjures up images of the pope squatting in the woods.

The basic F-Secure anti-virus product protects against viruses and [...]

If you receive a e-Mail alert of a new patch for your Windows XP OS, think again before opening the link present on the message.
The spammed emails, which purport to come from patch@microsoft.com, claim that a vulnerability has been found ‘in the Microsoft WinLogon Service’ and could ‘allow a hacker to gain access to an [...]

F-Secure has an interesting new dynamic world map displaying the various threats and viral hotspots around the world. Viruses and antivirus software is always a big issue, especially for corporates.
Shows how things are heating up when it comes to viruses, malware, trojans and so on.

They make some nice antivirus software too.

Check it out:

F-Secure Worldmap
Pretty neat [...]

I know this maybe old news for some of you, however, I just got the chance of reading this great article on Security Focus (it’s been 2 weeks since I add it to my Favorites)
This two part article discusses some good points of Cryptology, more precisely in the field of Cryptovirology.

Writing a virus is just [...]

We all knew it was just a matter of time until the ‘thing’ was out.
PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP.

Microsoft confirmed today the existence of this vulnerability and apparently [...]

Ok so the list gets even BIGGER, after the WoW Trojan, Trojan for World Cup Fans, Ransomeware and the buy a spyware kit story…
Now we proudly present, the Poker Rootkit!

For online poker players, this was always going to be a losing hand.
A Trojan with malicious rootkit features hidden in a legitimate software package distributed by [...]

It’s gone round and round and round, now cars have Bluetooth, that they can get viruses like Cabir, I’m sorry but if an Anti-virus company like F-Secure can’t infect a car with a virus, I don’t have much hope for the others. The rumours came from a Lexus story in SCMagazine (The story is no [...]

This is the biggest load of shite I’ve read this year I think.
Rootkits are becoming more prevalent and difficult to detect, and security vendor McAfee says the blame falls squarely on the open source community.
In its “Rootkits” report being published today, McAfee says the number of rootkits it has collected as malware samples has jumped [...]

What a surprise, McAfee spreading FUD to sell more copies of their bloated AV software?
Apart from the fact I think the whole AV model is flawed i.e. it can only protect against things the AV companies 1) know about 2) have written a definition for and 3) have delivered the definition to you - That’s [...]

Ah, first we had the ransomeware, yesterday the trojan targetting WoW users, now we have the World Cup trojan..
It really must be Trojan season.

A Trojan horse that poses as a World Cup wallchart has begun circulating on the net. The Haxdoor-IN Trojan horse is been spamvertised in messages, written in German, that purport a program [...]

It really does seem like the Malware/Spyware folks are really into making money nowdays, what with $15 spyware kits and Viruses that place your machine under lockdown until you pay the ransom..

What happened to people just doing stuff for learning, for enhancement of knowledge, deep understanding..not a quick few hundred dollars.
I have to say though [...]

It seems the faith in Microsoft from the security industry is at an all time low, not surprising really with the amount of flaws that have been coming out in both the OS and the crapware forced upon its users like Internet Explorer Exploder.

Anti-virus firms at Infosec say they expect Vista and IE7 to change [...]

A new term has been coined, yes indeed..
Ransomeware
That’s what they are calling this new threat, infects your PC then freezes it until you send some people some money.

A new kind of malware circulating on the Internet freezes a computer and then asks for a ransom paid through the Western Union Holdings money transfer service.
A sample [...]

I remember some time ago there was a VB virus creation kit, there’s actually quite a few. Yah I know, it’s extremely lame.
But what to do, it seems less and less people can actually think nowdays, let along think of something original, or wow…even DO SOMETHING ORIGINAL? So what’s the big money maker now? Spyware…
So [...]

Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system.
The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a [...]

Windows Rootkits are a big rarity in this modern web hacking tehnology…
I won’t speak exactly about rootkits, because it’s impropriate to call them that way… why? Well rootkits are programs that aid you in getting access to root level users…
So in the case we are using Windows rootkits we should call them admkits (admin kits [...]

Last year, we noted how some security products could cause conflicts that would cause computers to lock up — but there’s another (less troublesome) trend that’s happening as well: security products declaring competing products as malware and removing them.

Just a little over a week ago, the latest version of Microsoft’s anti-spyware offering declared Symantec’s anti-virus [...]

Now after the huge Sony BMG Rootkit fiasco, this has become quite a hot topic, how far can vendors go to enforce their ‘Digital Rights Management’ (or Digital Restrictions Management as we like to call it), can they install a rootkit on your machine and hook into your OS? Can they take over your PC [...]

Looking to streamline the collection of malware samples, two of the biggest honeypot projects—mwcollect and nepenthes—have merged operations.

The two projects, which passively trap viruses, spyware and other forms of malicious software by emulating known vulnerabilities, will combine operations to develop a single malware collection tool, according to an announcement my mwcollect head developer Georg Wicherski.
The [...]

January at a glance: Vicious and Varied
The numbers are indeed concerning: 19 new email-born significant virus attacks, of which a troubling 8 (42%) were graded “low intensity”, 7 (37%) “Medium Intensity” and 4 (21%) were massive attacks – a rare phenomenon for a single month.
One outbreak of specific interest, consisting of 7 variants, illustrates how [...]