The ‘big’ news this week was the first self-replicating worm hit the iPhone, it only seemed to be spreading in Australia though and only worked under a specific set of circumstances.
It only effects iPhone users that have jailbroken their phone and have the SSH software installed with a default password of alpine.
Thankfully it’s not particularly [...]

Facebook has had it’s fair share of security woes and the latest is the discovery of a new Trojan that uses Facebook to communicate.
Interesting that it’s using the Facebook notes feature to communicate depending on title/subject of the note.
The actual malware itself is spread through doc/pdf exploits and not through any flaws in Facebook itself.

Researchers [...]

There have been a few stories about Windows 7, even one about Windows 7 UAC before and now it’s officially on sale I’d expect there to be many more.
As always malware and mass infections is a numbers game so the bad guys will always target the most popular and prolific operating systems to increase their [...]

Facebook has had a fair share of problems, being a large community of course it’s going to be a ripe target for spammers, scammers and malware distributors.
The latest to hit is a spam e-mail claiming to be from the Facebook team that actually spreads a nasty piece of malware called Bredolab. It’s also been observed [...]

AVG used to be THE anti-virus software a few years ago, especially with it being the first major vendor offering a free solution for home users.
If you asked any techie back in 2002 which AV should you use, the answer would invariably be AVG free (or perhaps Panda).
After that AVG just got bloated, slow and [...]

This is one nasty piece of malware, seems like it’s working on a low level as per rootkits, there aren’t many technical details but it may well be operating on a Ring 0 level.
The level of detection by AV software is quite scary, especially since the malware is specifically targeting bank login details and it [...]

Ah we saw this coming didn’t we, back in June we reported on Apple Struggling With Security & Malware and now they have shown they were paying attention.
Even though they tried to do so quietly, they are slipping a ‘malware detector’ into the latest OS X update known as Snow Leopard.
The problem is though, it [...]

Ah Twitter in the news again, the bad guys sure do keep up with new trends. After being taken offline for a while by a Joejob DDoS attack Twitter is in the news again – this time it’s being used as the command channel for a Botnet.
The normal method for controlling Botnets is via an [...]

Ah another first, and once again China is at the forefront! We recently reported about a Chinese company sharing their huge malware database and now a group of Chinese companies has managed to develop the first SMS worm!
It’s a pretty cool concept, abusing the Symbian Express Signing procedure. It reminds me of the heydays of [...]

Now this is pretty disgusting behaviour from a national telco provider, but well is it really surprising in Dubai? For me..no it’s not.
I’ve spent a reasonable amount of time in Dubai on various projects, and my first surprise was Flickr being blocked. Especially as Dubai is probably the most liberal place in the Middle East. [...]

We need more companies like this that acknowledge hoarding data isn’t doing anything for the greater good, to really stamp out the core problems you have to share the data you’ve correlated across the World so everyone can put together what they have and do something about it.
It seems like with China pumping out the [...]

This story actually gave me a lot of LULZ, how stupid can you be seriously? Man this guy made so many mistakes for someone so paranoid (he had a web cam setup outside his appartment door so he could see who was coming)..
But then he exposed his IP address on IRC, posted his face on [...]

For people of my age and generation and I’d guess for most readers of Darknet, Michael Jackson would have had a great influence on our lives.
The biggest news last week was most certainly his death, as usual the bad guys were extremely quick to capitalize on this and were sending out spam within hours of [...]

I had a spam tweet appear in my stream a while back and like Guy Kawasaki I also had absolutely no idea where it came from.
Perhaps some kinda XSS flaw in Twitter when I visited a site that spawned the message (in a hidden iframe perhaps).
It wouldn’t be the first time Twitter was having security [...]

This looks like a fairly complex infection mechanism combining exploiting websites, injecting JavaScript code then attempted exploitation of host machines and failing that prompting a download for some fake malware.
The way they have it all setup is pretty clever too hiding behind common technologies so their infections don’t look out of place.
An obfuscated JavaScript meant [...]

If the FBI e-mail network can get owned by a virus, what hope does the average joe have when it comes to keeping their e-mail secure?
It must be pretty serious too if it actually forced them to shut down the Internet facing e-mail network, it seems like it was down for at least a week [...]

It’s inevitable as Apple products become more and more popular they will get targeted by the bad guys. Count on more viruses, malware, exploits and rootkits for Apple Operating Systems.
They are a bit behind in the curve as they don’t have a formal security program and it’s unknown if they use secure development practices (they [...]

It seems like another fairly critical flaw has been discovered in Microsoft Windows. It’s serious as it allows remote code execution, which basically means if you get hit with it your machine is owned.
It seems DirectX 7, 8 and 9 in Windows 2000, XP and Server 2003 are at risk. Windows Vista, Server 2008 and [...]

I thought this would have been stamped out by now, but sadly it’s still going on. With the advent of cheap web hosting and easy to use CMS systems like Wordpress more and more people are managing their own websites (gone are the days of Geocities).
More people with websites means more FTP details to be [...]

This latest mass infection is through a vector I really don’t understand, see as though you can legitimately download Windows 7 from Microsoft.
I guess people just prefer BitTorrent downloads to HTTP downloads, and whoever had this smart idea capitalized on that.
Microsoft should perhaps do something about that and put out a legitimate BitTorrent copy. I [...]

We did mention Torpig in passing back in January 2008 when talking about the Mebroot rootkit which digs down deep into the Master Boot Record.
It seems like Torpig has been pretty active since then and the latest break is that some security researchers have managed to infiltrate the botnet and collect some data on what [...]

You might remember back in November last year Spam ISP McColo was Cut Off From the Internet and there was a fairly drastic drop in spam e-mail traffic.
Well it looks like the spammers have got their acts back together as spam levels are back up to 91% of their previous volume.
Having McColo shut down was [...]

Once again something is wrong with part of the Microsoft suite of software and once again they are denying it’s anything to do with them.
This time a researcher has developed a rootkit style infection tool aimed at the .Net framework.
Most modern computers come with .Net of some description installed so this could be quite a [...]

So it seems something big was brewing with Conficker, they just didn’t want to do what everyone expected and unleash it on April 1st when all eyes were on them.
Smart move really, they kept quiet and waited a week or so after before dropping some fairly serious and complex payloads (encrypted rootkits).
It seems like they [...]

A bit of an update to the conficker worm that is supposedly scheduled for new updates and instructions today wednesday 1st. April 2009 and that nobody except for the bad guys knows what those instructions would be. Fyodor has rolled out a new nmap beta release to the nmap scripting engine that enables it [...]

So the big Conficker scare of April 1st has passed without any real events, no major sites taken down, no major online terror campaigns spawned.
Just a new more sophisticated, harder to stop version of Conficker updating from a longer list of domains.
It seems like this malware might be here to stay and infecting more and [...]

Conficker has gotten quite a lot of news recently with it growing so fast and Microsoft offering a bounty for the authors.
It seems like the Conficker authors are really serious about retaining control of their botnet and expanding it further without hindrance from the companies trying to stop them.
It’s quite likely they are netting some [...]

The BBC has made an odd move recently by buying/seeding a botnet of 22,000 computers under the guise of investigative journalism.
They claim it’s not illegal as they caused no harm and only sent spam to e-mail accounts used by themselves. Technically I think it’s still breaking the law under the Computer Misuse Act but most [...]

It seems to the feds are really cracking down on cybercrime recently, with a special kind of attention paid to botnets and their handlers. The sentences are getting stiffer too, this time with 4 years in prison for running a botnet and data theft.
I hope they keep it up, botnets are the scourge of the [...]

Koobface is computer worm that targets the users of the social networking websites Facebook and Myspace. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers.
A new variation of Koobface has popped up aggressively on Facebook and is attempting to steal login credentials for other social networking [...]

Another flaw in the Adobe product suite! It seems like PDF is turning into a complex animal, complexity of course always brings more security issues.
It was only back in February last year when there was a bug in Adobe Reader, and almost exactly a year later another one.
This time it’s a zero-day just hit and [...]

We did mention Conficker when it broke out back in January causing one of the largest scale infections ever seen (an estimated 9 million machines in just a few months).
The latest news is that Microsoft are offering a bounty to catch the author of the malware, we have seen this back in 2003/4 (The Anti-virus [...]

There hasn’t been a viral outbreak of this scale for quite some time, Conficker or Downadup as it’s known was only fairly recently discovered (Oct 2008) and has already infected an estimated 9 million machines!
It’s spreading fast though and it auto-updates itself via downloads from random domains making it almost impossible to stop as whatever [...]

Back in November there was a considerable drop in Spam when Spam friendly ISP McColo was cut off from the Internet by it’s upstream peer.
Srizbi worm was pretty smart though and was picking up again by the end of November. Later in the year the botnets were somewhat neutralised leading to a huge drop in [...]

The latest Phishing E-mails going round are leveraging on people’s need to digest the latest information, in this case about the Israel-Hamas conflict.
They set up a fake CNN site which prompts you to upgrade your flash player to view the video, of course it’s not Flash but a Trojan targeting your sensitive financial information.
I don’t [...]

You might remember the Sony BMG Rootkit fiasco back in 2006 when the whole Internet was up in arms about Sony installing a rootkit in the name of Digital Restriction Rights Management.
Another piece of malware has been uncovered that has been linked to Sony and their Fingerprint reader.

Researchers have unearthed rootkit-like functionality in an enterprise [...]

After McColo was partially disconnected from the Internet by it’s peers global spam dropped noticeably.
It seems however that the spam was emanating from a zombie network and the control servers were hosted by McColo, the creators of the botnet (Srizbi) were smart about it though and built a fail-safe system into the the malware.
It should [...]

It’s a sad case when someone loses their career over an incidnet which was outside of their control, not everyone can be expected to keep their computers free of spyware and malware.
It just doesn’t happen.
Unfortunately for Julie Amero, she got some porn pop-ups at the wrong time in a class full of students. If you [...]

No surprise here, the malware authors are leveraging on the social engineering aspect of the US presidential elections.
In less than half a day Google Adwords adverts and custom malware was popping up conning users into a sense of security by using Obama’s name.

Malware purveyors have wasted no time capitalizing on Barack Obama’s landslide victory in [...]

Robert Tappan Morris is a character of Internet lore, anyone who has studied Computer Science, Software Engineering or Computer Security will have heard of this guy.
He’s pretty much the fellow that made the Internet famous (for all the wrong reasons) and the first creator of a bit of self-replicating network based malware (now known as [...]

Now this doesn’t happen all that often, it must be really serious! An Out-of-Band patch from Microsoft (since it’s famous ‘Patch Tuesday‘ it only releases patches on the second Tuesday of each month) has been released for a new RPC flaw.
I’d imagine it’s similar to the RPC flaw that spawned such disasters as Blaster and [...]

Microsoft users are being targeted again by malware via e-mail, scammers/spammers never give up and for once the e-mail looks fairly legitimate.
Usually this kind of ‘baitware’ is riddled with terrible grammar and horrible spellings, do make sure you brief the less security aware friends you have about this though just in case.

Email scams are a [...]

There has been a big hoo-haa recently about a US ISP called Intercage who have said to have been harbouring spammers and scammers via their largest client an Eastern European webhost called Esthost.
Their plug got pulled 2 days ago by the upstream provider IP transit provider UnitedLayer after weeks of criticism from the community showing [...]

Now you think they’d know better than having Autorun enabled in the International Space Station? But no, they obviously didn’t and they got owned by some fairly innocuous thumb drive auto-spreader.
It wouldn’t really be news if anyone else got infected, but come on this is supposed to the pinnacle of security or something?

NASA confirmed this [...]

This one is of interest to me as I do actually use Twitter as a microblogging service and to keep up with what various friends are up to.
It’s quite an interesting wep app especially paired with something like Twitterfox in your browser and Twibble in your mobile phone.
It must have made it big now though [...]

We all know what botnets are (think so), but anyway let’s see a proper definition of botnets taken from shadowserver… and I quote:

A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task. Although such a collection of computers can be used for useful and constructive applications, the [...]

Another one bites the dust, this time for spying on a teenage girl via webcam. 4 years is a reasonable sentence this time I think as the case borders on many offenses such as blackmail, indecent behaviour, infringement of privacy, unlawful access and probably a few more.
It was a pretty simple hack as it goes, [...]

Well another reason for you guys (and gals) to avoid social networks, a new worm is spreading. Again they are using the same ploys that have been leveraged for years on e-mail and instant messaging.
Trust is gained as the message or link/video/etc comes from a known source so people are more likely to click/open/play it [...]

It looks like China is becoming a hotbed for malware and malicious websites (those sites that push malware infections via browser exploits).
They often used to be found in Korea and Taiwan and parts of Eastern Europe. According to the latest data more than half of the sites are now located in China.

More than half of [...]

Another one bites the dust with another reasonably hefty sentence, this time a botherder or botnet master.
Just under 4 years and a big chunk of change as a fine, I guess he probably has plenty of cash stashed somewhere though. These guys can really rake it in with their mass infectors of doom.

A US-based hacker [...]

Another new development in the malware arena, this new version of Zlob will actually log onto your router and change the DNS settings to hijack your traffic.
Pretty interesting approach and it will work because 99% of people won’t change the default password on their routers. Let’s face it, have you changed it?

A new Trojan horse [...]

Malware authors are getting sneaky again, in the latest turn of events they have started encrypting your files and holding them at ransom!
You have to pay up to get the ‘decryptor’ and get access to your files again. This is pretty dangerous…and cunning too. It’s not easily broken either, they are using RSA 1024-bit encryption!

Kaspersky [...]

Now this is an interesting turn of events, the Asprox botnet malware is being used to spread SQL Injection tools rather than sending out phishing e-mails as before.
It seems to install quite stealthily as well disguising itself as a Windows Service with a fairly convincing file name. It’s certainly interesting to see the evolution of [...]

Now this is a pretty interesting contest from the guys at Defcon, antivirus evasion! It’s a question that gets asked a LOT…how do I avoid AV?
There are various ways to do it and I’ll be interested to see which are used in the contest, the most elegant solutions of course get better prizes.

Security firms have [...]

It looks like someone is going after the bad guys in a new way, by hacking them back! It’s no news to us that many hacking tools and script kiddy trojan kits are badly programmed..a lot of them have back-doors and the client-side tools have easy exploits that enable you to take over the ‘hackers’ [...]

We wrote a while back about a new wave of sophisticated botnets, which were predicted to overtake Storm and become the largest infectors online.
It seems like it’s come true, after extensive research Damballa has uncovered the biggest botnet ever, which at present has over 400,000 unique IPs (in a space of only 24 hours) which [...]

These spammers and scammers are getting rather clever, and very sneaky. This is still epedemic and seems to be happening more and more. It takes a re-write of many of the large sites online..which frankly isn’t going to happen is it?
It just shows once again the spammers will think of all kinds of weird little [...]

It seems the VX groups are all destined to die out slowly, viruses for fun, learning and definitely not profit are on the way out. Like many other things its become a commercial market.
The top infector this month being Adware for the first time ever, not a virus. 29A is one of the old skool [...]

It seems like botnets are getting more sophisticated – we thought the Storm Worm was pretty hot, but some of these new contenders are showing the guys on the dark side has some advanced understanding of technology and the architecture many companies use…this enables them to get deeper inside and remain undetected

Researchers have unearthed two [...]

Hacking for money again? Well not really in this case, more like script kiddying for money – modifying an ‘off the shelf’ malware/bot package to evade detection and then cashing in on spamware affiliate fees.
I guess they could have made much with a 400,000 bot network – by renting it out for DDoS attacks to [...]

After banning hacking tools it looks like the German police are looking into digital wiretapping and creating ‘whitehat’ trojans for monitoring the bad guys…
Of course they define who the bad guys are, and according to law 202(c) it could be us..
This is very definitely questionable when it comes to ethics, it’s almost as bad as [...]

Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on.
The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more likely [...]

It seems like malware pushers have found another avenue to delivery their payloads, Embassy websites. Which makes sense as they are probably not maintained well nor updated often meaning the chance they are easily compromised is quite high.
Plus a lot probably use off the shelf CMS software, which when not updated is a playground for [...]

Ah I remember some of the nastiest viruses back in the day attaching themselves in the MBR (Master Boot Record) rendering most anti-virus software useless (as it sits on top of the OS).
Now it seems MBR infection is back in fashion for a new age of rootkits.

Security mavens have uncovered a new class of attacks [...]

So facebook has finally fallen victim, after the recent Orkut worm now we have malware infection from Facebook, an application called Secret Crush. The application was renamed as My Admirer but that seems to be gone now too.

The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret [...]

We’ve covered quite a few Storm stories – now it seems there is a new player in town, which could possibly the most advanced malware and botnet instigator so far.
It’s also something I’ve predicted before, peer to peer malware networks running without a command and control server, no single point of failure and much more [...]

Storm is back in the festive season spreading some xmas and new year love. They even have a new year greeting site ready for spreading New Year related Storm Worm variants.
Social Engineering again, people are always more susceptible during holidays, I guess they are happy and less paranoid.

The Storm Worm gang are spreading seasonal ill-will. [...]

It looks like the malware guys are indeed getting more tricky, and this time it has an effect on multiple parties. It deprives Google of the impressions from the adverts and potentially can infect surfers with some nasty malware.
Again it’s using the hosts file, redirecting Google’s own ads to those from a nefarious source.

A security [...]

A new worm has hit Google’s Orkut and it seems to be hitting it pretty hard, it’s infected via the scrapbook feature and is adding hundreds of thousands of users, similar to the Myspace worm (Samy) that hit in October 2005.
It seems to be fairly unmalicious, more of a ‘look at me – see what [...]

It looks like there is a fairly serious vulnerability in some of the popular media player packages out in the wild packaged as a MP4 file (due to the MP4 codec from 3ivx), it effects Windows Media Player 6.4 and Windows Media Player Classic, which are made by Microsoft, and AOL’s Winamp version 3.5.
All the [...]

It seems like malware numbers are going up, rather than down as I would expect. But then if you think about it as a numbers game, the more people that come online – the more in absolute terms that are going to have nefarious intent. This means more hackers, more script kiddies and more malware.
It’s [...]

Ah it seems some companies are having the same idea as me, consoles might well be the next infection vector for zombie style botnets, they have good processing power, the current generation has ample hard-drive space and they are network connected.
The difference with consoles is they tend to be turned off when not in use [...]

So what’s coming next, after Storm you might ask. You might remember Storm Worm Descending on Blogspot recently and other news about Botnets spiraling out of control accounting for almost 25% of online computers.
Well apparently next will be p2p or peer to peer Botnets which could literally blow Storm away.

You know about the Storm Trojan, [...]

We recently reported on thousands of people being hooked by big sites distributing malware, it now seems Doubleclick was the one at fault.
It’s a pretty neat trick and a good spin on Social Engineering leveraging on the trustworthy nature of the sites.
CNN even?

Rogue anti-spyware software that pushes fraudulent PC scans has found its way [...]

Apparently he stopped his naughty activities back in 2006, but still…a guy that is supposed to securing machines was installing malware and had a bot totaling about a quarter of a million zombies.
Most used for info gathering, Paypal accounts and installing Malware for comission, he claims to have made $19,000 in a week installing TopConverting [...]

If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting.
It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data.
A subtle form of social engineering too, by leveraging on [...]

This is not exactly new news either, these kind of toolkits have been on sale for a long time, virus generators, trojan toolkits, now they are getting more polished, more stream-lined, more expensive and more easily available.
News of them is hitting the mainstream media..

Malicious hackers are producing easy to use tools that automate attacks to [...]

It seems like spammers, scammers, phishers and now malware authors are starting to leverage blogs more and more, especially Blogger/Blogspot as Google tend to be quite slow in responding and sometimes don’t respond at all.
This makes it an ideal platform for dodgy behaviour as the crooks have adequate lead time to con/infect people before they [...]

An interesting happening this week, some ISP’s have been jacking the DNS entries for certain IRC networks to crack down on zombie/bot infections.
Is it ethical? Should they be doing this to their users?
I first got wind of this from a post on Full Disclosure mailing list from an IRC network administrator.
You can read that e-mail [...]

Recently a new Trojan popped up that mimics the Windows activation interface, phishing for credit card details and even the PIN number.
The Trojan itself isn’t particularly advanced technically, it’s mostly just a social engineering attack.

Symantec is reporting on a Trojan horse that mimics the Windows activation interface.
What they are calling Trojan.Kardphisher doesn’t do most of [...]

At Black Hat Europe (in Amsterdam) security experts from India (Nitin and Vipin Kumar of NV labs) demonstrated a special boot loader that gets around Vista’s code-signing mechanisms. Known as VBoot and launching from a CD and booting Vista it can make on-the-fly changes in memory and in files being read.
In a demonstration, the “boot [...]

More Google News this week after Google Launches Online Security & Malware Blog, now they have acquired a web security startup called GreenBorder.

Google Inc. said on Tuesday it has bought Internet security startup GreenBorder Technologies Inc., which creates secure connections to protect e-mail and Web users from malicious or unwanted computer code.
Terms of the deal, [...]

I have noticed an increase in Spam activity lately, especially in Spam blog comments there has been a noticeable surge in the frequency and number.
That’s why we’ve implemented stricter measures against spammers on Darknet and our other sites.
It seems there has been a big raise in the number of bot infected systems, so it’s suggested [...]

It seems like people that make malware are getting more specific nowadays, the are no longer writing random self-propagating worms or trojans just for the sake of knowledge or notoriety.
Far more common nowadays is malware for specific purposes to capture login or banking details for certain sites or organisations.
This time it’s a custom trojan targetting [...]

It’s a scary thought to find out perhaps a quarter of Internet connected machines could be zombies…The sad part is, I think it could well be true, as most of the non tech savvy Internet users I know still use Internet Exploder and their machines are riddled with crapware, trojans, viruses and spyware.
Imagine how many [...]

Ah another trojan, this time targeting MSN Live logins for. The trojan has been made public by some kind citizen calling himself “Our Godfather” on the BitTorrent network.
The sad thing is…I guess it works and hundreds of people will have installed it.

Malware designed to steal users’ Windows Live Messenger password has been released onto the [...]

A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.
Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by [...]

An Austrian web site called AV Comparatives has done an ‘independent‘ test of 17 different Anti-Virus products and released the results online.
On this site you will find independent comparatives of Anti-Virus software. All products listed in our comparatives are already a selection of some very good anti-virus products. In order to get tested by us, [...]

Ah the logic bomb, a source of humour for many due to it’s frequent showing up in ‘hacking’ movies, and it’s complete mis-use.
ZOMG THE LOGIC BOMB IT’S GONNA PWN US ALL!

A former UBS PaineWebber employee was sentenced to eight years in prison on Wednesday for planting a computer “logic bomb” on company networks and betting [...]

Criminals are not stupid, cyber criminals are the same breed, perhaps even smarter than the traditionalists as they are utilising new ways of doing the same old tricks online.
Now the online criminals are recruiting fresh grads to help them push the boundaries further.

Organised crime is “grooming” a new generation of would-be cybercriminals using tactics which [...]

Social Engineering again, someone praying on xmas spirit and good will to spread their filthy malware.
It quite often happens during festive times, someone hatches a new worm and sends it out packaged as a jolly xmas card or game.

A significant worm outbreak over the new year festivities has put paid to the notion we’ve seen [...]

A new worm is spreading fast on the Skype network, it’s activated by a malicious Skype Chat link and it has been seen in the wild in numerous places.
Apparently the dangerous link starts with “Check this!” pointing to a .org/.biz address, if you click the link you’ll become infected.
There have been no reports of unpatched [...]

UK Police have uncovered a fairly massive data theft operation with a total close to 8,500 victims.
It’s quite worrying when things like this are uncovered as if 1 is uncovered or discovered…imagine how many aren’t found out about, just like exploits.

British electronic-crime detectives are investigating a massive data theft operation that stole sensitive information from [...]

0×00: Preface
Media, kindly supported by AV “experts”, drawn apocalyptical vison of desctruction caused by stupid M$ Outlook / VisualBasic worm, called “ILOVEYOU”. Absurdal estimations – $10M lost for “defending the disease”, especially when you take a look at increasing with the speed of light value of AV companies market shares, made many people sick. Lame [...]

This is pretty funny, but frankly typical of McDonalds..act before they think, it’s cheap, it’ll get more customers, whack it out!
They gave out a bunch of flash drive mp3 players as a promotion, it turns out every single one was loaded with a fairly nasty piece of spyware!

McDonalds Japan has launched a recall after discovering [...]

Hackers are switching targets now, companies are getting too hard to break into due to the availability of decently configured perimeter kit like firewalls and IDS.
Plus the information they do get if they manage to break in is often worthless commercially and really not worth the effort.
So instead, they target the end user, home bankers, [...]

Cyber and computer laws are always a grey area, they tend to be very vague and don’t cover specific technologies.
Spam is a good example, look at how long we’ve been getting spammed, and it’s been a SERIOUS problem for at least the last 5 years, spam legislation has only started coming in to effect in [...]

For those that didn’t see, there is a new all singing all dancing ‘light-weight’ Codec in town that is actually a trojan.
Indeed it’s not the first time we’ve seen this kind of thing.
The zCodec software actually messes with your DNS settings.

Users looking for the latest and greatest video software may not just be in danger [...]

It’s good to see work on open source tools in the countermeasure department aswell as the attack and penetration arena.
It’s a shame since Snort and Nessus have gone semi-commercial.

I hope more people invest their time in good IDS, Firewall and IPS systems, I love things like IPCop and hope to see more products like HLBR.
HLBR [...]

This effort started quite a long time ago, I was just checking up to see how they were getting on, but there’s not much news of their progress.
perating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable [...]

Ethical debates are always interesting, and people have gotten in trouble lately for reverse engineering and various other branches of research.
This is a fairly old topic, but as I’m clearing out some old drafts, I still find it an interesting one.
There’s been an ongoing debate in security circles concerning how security researchers should disclose vulnerabilities [...]

Sometimes doing good can help bad things propogate, sometimes it’s good to consider the big picture and the repucussions of your charitable actions.
This is a case where such logic rings true.

Programs to send PCs to third world countries might inadvertently fuel the development of malware for hire scams, an anti-virus guru warns.
Eugene Kaspersky, head of [...]

Ah, here at Darknet we have always been a fan of Sophos and the way they operate, a very efficient company and good to see good technical products still coming out of the UK!
Another good move by them, they have decided to offer a free rootkit detection tool called Sophos Anti-Rootkit..Yah I know, not a [...]

Malware herders are speeding up, the first wave is already here for MS06-40.
It’s basically a variant of some old malware suited to the new vulnerability. Same old story then, same packer, technique, new exploit.
Same as the days of autorooters.
It’s basically the Mocbot trojan that was used in the Zotob worm attack in August 2005.

The first [...]

The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. The trojan installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks.

It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. The [...]

Spyware companies are apparently netting HUGE profits, it doesn’t surprise me though with the amount of people that actually install the crap on their machines..
Let’s say we don’t like companies like Direct Revenue very much though.

Consumers have strong opinions about Direct Revenue’s software. “If I ever meet anyone from your company, I will kill you,” [...]

This is an excellent case of Social Engineering, you could also consider it playing on human greed/ignorance/stupidity.
Whatever you want to label it really
USB drives are a real security risk..

We recently got hired by a credit union to assess the security of its network. The client asked that we really push hard on the [...]

Botnets are indeed a growing problem, we’ve seen serious cases of DDoS extortion, the most recent example would be the attacks against the ‘million dollar homepage’ and the problems it caused the owner.
Botnets have been used for quite some time as spam networks and mostly for script kiddies to have DoS wars on IRC networks, [...]

Seems like someone sneaked past the LiverJournal advertisers policy by only trying to infect Australian and European users.
A certain advertiser (kpremium.com) – being sneaky and underhanded. It’s not LJ’s fault, LJ already disabled the advert from rotation.

The ad itself is for a program that lets you download stuff – you know the sort of thing. [...]

Botnets and organises cybercrime is getting more prevalent, it seems it’s increasing exponentially despire crackdowns by the US governments and other organisations.
The criminals are getting more advanced, phishing scams are getting more realistic, technically trojans are getting more effective and the groups are getting really organised.

Cybercrooks are organizing better and moving to more sophisticated tactics [...]

So just a few days about there was a new MSN Worm – BlackAngel.B, before that the Yahoo! e-mail worm, long before that of course the MySpace worm and a few others not notable enough to mention.
And of course plenty of nasty Trojans.

A new Internet worm capable of stealing bank details and other personal data [...]

Well this week there was a Yahoo! Email worm, now also follows a vindictive new worm targetting MSN called BlackAngel.B. The reports come from the anti-virus software company Panda Software.

When activated the worm delivers a fateful terror message and then attempts to disable any protection software such as anti-virus, firewall or Windows system applications like [...]

Aha! Trojans strike again. Really, I still think it all comes down to education, it doesn’t seem to be a targeted attack though.
Just a random infection from your average porn site Trojan.

Electronic files containing personal data of up to 2,200 Oregon taxpayers may have been compromised by an ex-employee’s unauthorized use of a computer, the [...]

Well it is for me, and I guess anyone who consider themself a career hacker, or at least has a serious interest..
As a few good trojans are open source (Back Orifice?), you can just mess around with them for a while until you reach the point they are no longer detected by any of the [...]

Apologies for the lack of updates for the past few days, I had to go abroad for an important assessment
It’s sad how people can pray on things as terrible as disasters to make a quick buck, but well we have to face the facts that they do, and will.

And as it seems, they [...]

Ah this is almost like Ransomeware again, messing up your machine then extorting money from you.

Make sure you educate your non tech savvy relatives about such threats, spyware, adware, trojans and worm type viruses. Education is THE most powerful defence against malware and computer security incidents.
Some simple patching, a free Antivirus protection like Avast! Using [...]

The shocking statistic first, “56% of consumers do not have active anti-virus on their PCs”, ok not that shocking but still a bit worrying. Allthough asking if your average user doesn’t protect themselves on the internet conjures up images of the pope squatting in the woods.

The basic F-Secure anti-virus product protects against viruses and [...]

If you receive a e-Mail alert of a new patch for your Windows XP OS, think again before opening the link present on the message.
The spammed emails, which purport to come from patch@microsoft.com, claim that a vulnerability has been found ‘in the Microsoft WinLogon Service’ and could ‘allow a hacker to gain access to an [...]

F-Secure has an interesting new dynamic world map displaying the various threats and viral hotspots around the world. Viruses and antivirus software is always a big issue, especially for corporates.
Shows how things are heating up when it comes to viruses, malware, trojans and so on.

They make some nice antivirus software too.

Check it out:

F-Secure Worldmap
Pretty neat [...]

I know this maybe old news for some of you, however, I just got the chance of reading this great article on Security Focus (it’s been 2 weeks since I add it to my Favorites)
This two part article discusses some good points of Cryptology, more precisely in the field of Cryptovirology.

Writing a virus is just [...]

We all knew it was just a matter of time until the ‘thing’ was out.
PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP.

Microsoft confirmed today the existence of this vulnerability and apparently [...]

Ok so the list gets even BIGGER, after the WoW Trojan, Trojan for World Cup Fans, Ransomeware and the buy a spyware kit story…
Now we proudly present, the Poker Rootkit!

For online poker players, this was always going to be a losing hand.
A Trojan with malicious rootkit features hidden in a legitimate software package distributed by [...]

It’s gone round and round and round, now cars have Bluetooth, that they can get viruses like Cabir, I’m sorry but if an Anti-virus company like F-Secure can’t infect a car with a virus, I don’t have much hope for the others. The rumours came from a Lexus story in SCMagazine (The story is no [...]

This is the biggest load of shite I’ve read this year I think.
Rootkits are becoming more prevalent and difficult to detect, and security vendor McAfee says the blame falls squarely on the open source community.
In its “Rootkits” report being published today, McAfee says the number of rootkits it has collected as malware samples has jumped [...]

What a surprise, McAfee spreading FUD to sell more copies of their bloated AV software?
Apart from the fact I think the whole AV model is flawed i.e. it can only protect against things the AV companies 1) know about 2) have written a definition for and 3) have delivered the definition to you – That’s [...]

Ah, first we had the ransomeware, yesterday the trojan targetting WoW users, now we have the World Cup trojan..
It really must be Trojan season.

A Trojan horse that poses as a World Cup wallchart has begun circulating on the net. The Haxdoor-IN Trojan horse is been spamvertised in messages, written in German, that purport a program [...]

It really does seem like the Malware/Spyware folks are really into making money nowdays, what with $15 spyware kits and Viruses that place your machine under lockdown until you pay the ransom..

What happened to people just doing stuff for learning, for enhancement of knowledge, deep understanding..not a quick few hundred dollars.
I have to say though [...]

It seems the faith in Microsoft from the security industry is at an all time low, not surprising really with the amount of flaws that have been coming out in both the OS and the crapware forced upon its users like Internet Explorer Exploder.

Anti-virus firms at Infosec say they expect Vista and IE7 to change [...]

A new term has been coined, yes indeed..
Ransomeware
That’s what they are calling this new threat, infects your PC then freezes it until you send some people some money.

A new kind of malware circulating on the Internet freezes a computer and then asks for a ransom paid through the Western Union Holdings money transfer service.
A sample [...]

I remember some time ago there was a VB virus creation kit, there’s actually quite a few. Yah I know, it’s extremely lame.
But what to do, it seems less and less people can actually think nowdays, let along think of something original, or wow…even DO SOMETHING ORIGINAL? So what’s the big money maker now? Spyware…
So [...]

Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system.
The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a [...]

Windows Rootkits are a big rarity in this modern web hacking tehnology…
I won’t speak exactly about rootkits, because it’s impropriate to call them that way… why? Well rootkits are programs that aid you in getting access to root level users…
So in the case we are using Windows rootkits we should call them admkits (admin kits [...]

Last year, we noted how some security products could cause conflicts that would cause computers to lock up — but there’s another (less troublesome) trend that’s happening as well: security products declaring competing products as malware and removing them.

Just a little over a week ago, the latest version of Microsoft’s anti-spyware offering declared Symantec’s anti-virus [...]

Now after the huge Sony BMG Rootkit fiasco, this has become quite a hot topic, how far can vendors go to enforce their ‘Digital Rights Management’ (or Digital Restrictions Management as we like to call it), can they install a rootkit on your machine and hook into your OS? Can they take over your PC [...]

Looking to streamline the collection of malware samples, two of the biggest honeypot projects—mwcollect and nepenthes—have merged operations.

The two projects, which passively trap viruses, spyware and other forms of malicious software by emulating known vulnerabilities, will combine operations to develop a single malware collection tool, according to an announcement my mwcollect head developer Georg Wicherski.
The [...]

January at a glance: Vicious and Varied
The numbers are indeed concerning: 19 new email-born significant virus attacks, of which a troubling 8 (42%) were graded “low intensity”, 7 (37%) “Medium Intensity” and 4 (21%) were massive attacks – a rare phenomenon for a single month.
One outbreak of specific interest, consisting of 7 variants, illustrates how [...]