Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Data Security / New Security Threats Keep IT Busy
New Security Threats Keep IT Busy this Week
New Security Threats Keep IT Busy this Week
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
08
2013

It's been a busy week in the hacking and malware world. Anonymous posted sensitive information of more than 4,600 banking executives to a government Web site on Sunday. Then, the Federal Reserve admitted it was hacked Tuesday morning.

Symantec is warning about fake FedEx e-mails circulating the Internet. According to Symantec, the e-mails claim the user must print out a receipt by clicking on a link and then physically go to the nearest FedEx office to receive their parcel.

"Obviously the parcel does not exist and those who click on the link will be greeted by a PostalReceipt.zip file containing a malicious PostalReceipt.exe executable file," said security researcher Shunichi Imano at Symantec. "Instead of receiving a parcel, which the user did not order in the first place, Trojan.Smoaler is delivered to the computer."

Don't Take a Nap

The Trojan Nap also wreaked havoc online this week. Nap is a malicious downloader that works to steal information from victim machines. But Manos Antonakakis, senior director of research at Damballa Labs, told us there is nothing new about Nap.

"Botnets have been using fluxing techniques for years in order to evade statically compiled black lists. Also, anti-VM [virtual machine] analysis techniques are not an infrequent phenomenon in the current malware landscape," Antonakakis said. "If a company employs legacy signature-based systems, then both anti-VM techniques and fluxing botnets -- both from the IP or domain name side -- will evade their perimeter defenses."

Based on previous analysis of this malware from the community, and according to Damballa datasets, he believes this particular threat is related to the Kelihos botnet. The fast flux network, domain registration, and name servers being used all point back to the Kelihos botnet operators. Antonakakis believes the downloader being used is just one component in this campaign.

"AV people should be paying attention to the network behavior and the ecosystem around Internet threats," Antonakakis said. "Binaries employ several different obfuscation techniques, so tracking them in the context of botnets is extremely hard. Let's put it another way: If you rely on seeing the malware, you have already lost the war."

Bamital Bites Browsers

The security roundup would not be complete without a look at the Bamital botnet. The Bamital botnet hijacked search results across various Web browsers offered by companies such as Google, Yahoo and Microsoft. Bamital also fraudulently charged businesses for online advertisement clicks and took control of users computers, allowing Bamital's organizers to install viruses that could engage in identity theft.

Mark Elliott, executive vice president of products at Quarri Technologies, told us the Bamital botnet poses a threat to users across multiple widely used Web browsers.

"While the botnet's takedown removed the cybercriminals' ability to hijack users' browsing sessions, there is a high probability that many end users were unaware the problem existed while the botnet was still functioning," Elliot said. "The availability of free tools and tips to assist users in uninstalling the botnet is a positive development, but many still don't know that they have Bamital installed on their computer."

As Elliot sees it, this accentuates the issue of Web browser security and the dangers end users face if they don't take the proper security measures. He said it also demonstrates the critical need for organizations to provide and enforce the use of a secure, hardened browser session to protect their Web applications from malware.

"This step is critical to protect their most sensitive browser-delivered information," he said, "and prevent unauthorized use and replication of confidential data."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY

NETWORK SECURITY SPOTLIGHT
A presidential commission made 16 urgent recommendations to improve the nation's cybersecurity, including creating a nutritional-type label to help consumers shop wisely.
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.