New Mac Trojan hints at ties to high-priced commercial hacking toolkit
French security firm Intego discovered a new Mac Trojan horse this week that is being used to target specific individuals.
The Trojan, dubbed "Crisis" by Intego -- a Mac-only antivirus developer -- and called "Morcut" by Sophos, is espionage malware that spies on victims using Mac instant messaging clients, browsers and Skype, the Internet phoning software.
According to Intego, which published an initial analysis on Tuesday and has followed up with more information since then, Crisis sports code that points to a connection with an Italian firm that sells a $245,000 espionage toolkit to national intelligence and law enforcement agencies.
From all indications, Crisis, like any true Trojan, does not exploit a vulnerability, but instead relies on trickery to convince the user to self-infect his or her Mac.
"We believe that the infection vector may rely primarily on social engineering to be installed and at this point in time there is no reason to believe there is a vulnerability being used in conjunction with the threat," said Symantec in a post to its security response team's blog yesterday. Read more...
‘Drop dead’ date looms for DNSChanger Trojan fix
If it is July 9 and you don't know where your Internet went, you might want to get in touch with the DNSChanger Working Group (DCWG).
Monday is the "drop dead" date for people whose computers are still infected with the DNSChanger Trojan to get rid of it. Those who haven't may not lose Internet access entirely, but Paul Vixie, of the nonprofit Internet Systems Consortium (ISC), said, "some of them will lose the ability to look up domain names, which will stop their Internet access in most cases. Others will see significant slowdowns." Read more...
Tiny banking trojan can do a lot of damage
Security experts at CSIS say that they have discovered the smallest online banking trojan yet. Called Tiny Banker (Tinba), the malware is just barely 20KB in size, including its configuration files.
Like Zeus, Tinba uses man-in-the-browser techniques and easily extendable configuration files to manipulate bank web sites via webinjects. Webinjects can be used, for example, to create additional fields for numerical single-use passwords that the attackers can then leverage to authorise fraudulent payments. Tinba can also uncover standard passwords and monitor network traffic. Read more...
Citadel banking malware is evolving and spreading rapidly, researchers warn
A computer Trojan that targets online banking users is evolving and spreading rapidly because its creators have adopted an open-source development model, according to researchers from cyberthreat management firm Seculert.
Called Citadel, the new piece of malware is based on ZeuS, one of the oldest and most popular online banking Trojans. ZeuS was abandoned by its creator in late 2010 and its source code leaked online a few months later.
Since its public release, the ZeuS source code has served as base for the development other Trojans, including Ice IX and now Citadel. Read more...
Massive botnet ‘indestructible,’ say researchers
A new and improved botnet that has infected more than four million PCs is "practically indestructible," security researchers say.
"TDL-4," the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is "the most sophisticated threat today," said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.
"[TDL-4] is practically indestructible," Golovanov said.
Others agree.
"I wouldn't say it's perfectly indestructible, but it is pretty much indestructible," said Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, in an interview today. "It does a very good job of maintaining itself." Read more...
Police bust Adobe pirate, warn of trojan
The Australian Federal Police (AFP) has warned of a new trojan infecting computers via counterfeit Adobe software after arresting a counterfeiter on Friday.
A 40-year old woman has been charged with selling fake Adobe products after the AFP raided her vehicles and her Victorian home, seizing a CD burner and over 200 fraudulent products.
The woman admitted to making fake copies of Adobe software and will front court for breach of the Copyright Act 1968 "at a later date".
The trojan buried within the counterfeit gear is capable of collecting personal information and exposing the victim to identity crime, the AFP said in a statement.
"This case highlights that the money you save from purchasing a cheaper, counterfeit product may come at a high cost to your privacy," said Peter Sykora, AFP commander of crime operations.
"Identity theft could place your personal and financial information in the hands of organised criminals," he added.
(Source: www.zdnet.com.au)