New password from Facebook? Beware widely spread malware attack
November 19, 2010 by admin
Filed under Security News
Malicious hackers have spammed out an attack that pretends to be an email from Facebook support saying that your password has been changed.
The messages, which have a variety of subject lines including “Facebook Service. A new password is sent you”, “Facebook Support. Your password has been changed” and “Facebook Service. Your account is blocked”, have a ZIP file attached which carries a Trojan horse.
Good afternoon.
A spam is sent from your Facebook account.
Your password has been changed for safety.
Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.
Thank you for your attention,
Facebook Service.
Sophos products detect the attached ZIP file as Mal/BredoZp-B, and the Trojan horse contained within as Troj/Agent-PLG.
It’s possible that the attackers are attempting to exploit the problems many female Facebook users had this week when the social network disabled many accounts by accident.
Don’t forget – you should always be extremely suspicious of any unsolicited email which arrives out of the blue, encouraging you to open an attachment.
By Graham Cluley @ nakedsecurity.sophos.com
New Mac backdoor Trojan horse discovered
April 19, 2010 by admin
Filed under Security News
Pinhead or HellRTS? What’s in a name?
Mac malware is making the headlines again – this time in the form of a remote access trojan which has been given the name OSX/HellRTS.D by French security firm Intego.
The folks at Intego blogged about the new Mac threat they discovered, which when run on a Mac OS X computer can allow remote hackers to gain access.
Users of Sophos Anti-Virus for Mac are protected, as we detect the malware as OSX/Pinhead-B, but presently it looks like this is not considered a serious threat and we have received no reports of infections from customers.
It does, however, appear to have been distributed disguised as iPhoto, the photo application which ships on modern Mac computers. This is clearly an attempt to fool victims via a social engineering trick into installingt the malicious code on their computers.
As always, be careful about the origin of applications you run on your computer, and keep your protection up-to-date. As many Mac users do not presently run any anti-virus software at all, they could be considered a soft target for more attacks like this in the future.
There’s a lot less malicious software for Mac computers than Windows PCs, but the fact that so many Mac owners don’t take security seriously enough might encourage an increasing amount of crime on their platform going forward.
By Graham Cluley, Sophos
No, you’ve not received a postcard from a family member
March 22, 2010 by admin
Filed under Security News
Over the weekend there has been a new wave of attacks spammed out, spreading a version of the Bredo Trojan horse via malicious emails.
The emails claim to be an ecard from a family member, but opening the attachment can infect your computer with the Troj/Bredo-BS Trojan horse.
A typical email has the following characteristics:
Subject: You've received a postcard
Attached file: postcard.zip
Message body:
Good day.Your family member has sent you an ecard
If you wish to keep the ecard longer, you may save it on your computer or take a print.
To view your ecard, open zip attached file.
This is clearly an old tactic to trick people into infecting their computers, but the reason why it’s so familiar is that it really does work.
There’s clearly a danger that some people may return to their work email on Monday morning and, with still sleepy eyes after the wekeend, open the attachment before their brain has been woken up by a strong sip of coffee.
Sophos detects the ZIP file as Troj/BredoZp-AC, and its contents as Troj/Bredo-BS.
Somehow the BS nomenclature seems particularly appropriate for this clearly bogus ecard from a family member.
Make sure your anti-virus software is up-to-date, and able to protect against these latest threats, which are still being distributed via spam right now, as you can see in the above snapshot of malware being detected in our traps.
Don’t forget you should always be cautious of opening unsolicited email attachments – criminal hackers will often use this technique to try to trick you into running malicious code on your computer.
By Graham Cluley, Sophos
Adobe Exploit puts Backdoor on Computers
October 12, 2009 by admin
Filed under Security News
A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems’ Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday.
Trend Micro identified the exploit as a Trojan horse dubbed “Troj_Pidief.Uo” in a blog post. It arrives as a PDF file containing JavaScript-based malware, “Js_Agent.Dt,” and then drops a backdoor called “Bkdr_Protux.Bd.”
The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.
The blog post provides technical details on how the malware works, specifically the activity of its shell code, the piece of code that delivers the payload. The JavaScript is used to execute arbitrary codes in a technique known as “heap spraying.”
“Based on our findings, the shell code (that was heap-sprayed) jumps to another shell code inside the PDF file” before extracting and executing the backdoor, Trend Micro said. The backdoor “is also embedded in the PDF file and not the usual file downloaded from the Web.”
Variants of the Protux backdoor typically provide an attacker unrestricted user-level access to a compromised machine and previously exploited vulnerabilities in Microsoft Office files, according to Trend Micro.
Adobe announced on Thursday that it would release an update to fix the hole on Tuesday, the same day as Microsoft’s Patch Tuesday.
This screenshot shows the embedded executable file in the PDF file, after it has been decrypted.
Source : Cnet (Credit: Trend Micro)
