New vicious UEFI bootkit vuln found for Windows 8
Security researchers have discovered security shortcomings in Windows 8 that create a means to infect the upcoming operating system with rootkit-style malware.
Italian security consultants ITSEC discovered the security hole following an analysis of the Unified Extensible Firmware Interface (UEFI), a successor to the legacy BIOS firmware interface, that Microsoft began fully supporting with 64-bit versions of Windows 7.
ITSEC analysed the UEFI platform now that Microsoft has ported old BIOS and MBR's boot loader to the new UEFI technology in Windows 8. Andrea Allievi, a senior security researcher at ITSEC, was able to use the research to cook up what's billed as the first ever UEFI bootkit designed to hit Windows 8. The proof-of-concept malware is able to defeat Windows 8's Kernel Patch Protection and Driver Signature Enforcement policy. Read more...
Facebook launches malware checkpoints for users with infected computers
Facebook on Tuesday launched a feature that allows users to lock down their Facebook accounts and perform malware scans if they suspect that their computers might be infected.
Facebook already uses internal scanners to detect spam and malicious messages that might have been sent from user accounts hijacked by malware.
When found, such accounts are temporarily locked down and their owners are asked to go through a multi-step account recovery process that involves downloading and running a malware scanner called McAfee Scan and Repair.
The new "malware checkpoints" feature will allow users who believe their computers might be infected with malware to initiate the account lockdown procedure themselves and perform an antivirus scan for free. Read more...
Judge extends DNS Changer deadline as malware cleanup progresses
A federal judge yesterday extended an operation that will keep hundreds of thousands of users infected with the "DNS Changer" malware connected to the Internet until they can scrub their machines.
Meanwhile, Tacoma, Wash.-based Internet Identity (IID), which has been monitoring the cleanup efforts, said today that it had seen a "dramatic" decrease in the number of computers infected with DNS Changer.
DNS Changer, which at its peak infected more than four million Windows PCs and Macs worldwide, was the target of a major takedown led by the U.S. Department of Justice last November.
The malware hijacked users' clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled the real domains. Read more...
MySQL.com hacked to serve malware
The website for the open-source MySQL database was hacked and used to serve malware to visitors Monday.
Security vendor Armorize noticed the problem at around 5 a.m. Pacific Time Monday. Hackers had installed JavaScript code that threw a variety of known browser attacks at visitors to the site, so those with out-of-date browsers or unpatched versions of Adobe Flash, Reader, or Java on their Windows PCs could have been quietly infected with malicious software.
By just after 11 a.m., the issue had been cleaned up, said Wayne Huang, Armorize's CEO. He thinks the malicious code was on the site for less than a day. Read more...
Massive botnet ‘indestructible,’ say researchers
A new and improved botnet that has infected more than four million PCs is "practically indestructible," security researchers say.
"TDL-4," the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is "the most sophisticated threat today," said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.
"[TDL-4] is practically indestructible," Golovanov said.
Others agree.
"I wouldn't say it's perfectly indestructible, but it is pretty much indestructible," said Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, in an interview today. "It does a very good job of maintaining itself." Read more...