Code in the wild to infect millions of IoT devices for crippling DDoS attacks

Oh goody, a hacker dumped source code which could help not overly technical thugs hijack IoT devices in order to launch crippling DDoS attacks.Mirai is the name of the malware that turns insecure IoT gadgets into a botnet. Security journalist Brian Krebs, who found the leaked source code on Hackforums, said Mirai “spreads to vulnerable devices by continuously scanning the internet for IoT systems protected by factory default or hard-coded usernames and passwords.” Krebs, as you likely know, has been a victim of an IoT botnet that launched a record-breaking DDoS attack against his site.To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3126864/security/code-in-the-wild-to-infect-millions-of-iot-devices-for-crippling-ddos-attacks.html#tk.rss_all

Original article

Hackers sell tool to spread malware through torrent files

Be careful with what you torrent. A new tool on the black market is helping hackers distribute malware through torrent files in exchange for a fee.
On Tuesday, security researchers at InfoArmor said they discovered the so-called “RAUM” tool in underground forums.
It leverages torrenting — a popular file-sharing method associated with piracy — to spread the malware. Popular torrent files, especially games, are packaged with malicious coding and then uploaded for unsuspecting users to download.
Using torrents to infect computers is nothing new. But the makers of the RAUM tool have streamlined the whole process with a “Pay-Per-Install” model, according to InfoArmor.To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3122809/security/hackers-sell-tool-to-spread-malware-through-torrent-files.html#tk.rss_all

Original article

Stealthy, sneaky rootkit targets Linux systems on ARM and x86

Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove.
Called Umbreon, after a Pokémon character that hides in the darkness, the rootkit has been in development since early 2015 and is now being sold on the underground markets. It targets Linux-based systems on the x86, x86-64 and ARM architectures, including many embedded devices such as routers.
According to malware researchers from antivirus firm Trend Micro, Umbreon is a so-called ring 3 rootkit, meaning that it runs from user mode and doesn’t need kernel privileges. Despite this apparent limitation, it is quite capable of hiding itself and persisting on the system.To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3116491/security/stealthy-sneaky-rootkit-targets-linux-systems-on-arm-and-x86.html#tk.rss_all

Original article

BitTorrent client is found distributing Mac-based malware

A popular BitTorrent client called Transmission has again been found distributing Mac-based malware, months after it was used to spread a strand of ransomware.
Researchers at security firm ESET have been following malware called OSX/Keydnap, which can steal passwords, and noticed that it was spreading through Transmission’s official site.
Somehow, a version of the BitTorrent client containing the malware had been recently made available on the site, ESET said in a blog post on Tuesday.
Transmission has already removed the download, according to ESET. But users who downloaded the client between this past Sunday and Monday should check for signs that their Mac has been comprised.To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3114135/security/bittorrent-client-is-found-distributing-mac-based-malware.html#tk.rss_all

Original article

Microsoft fixes critical flaws in IE, Edge, Office and Windows print services

Microsoft’s new batch of security patches fixes 47 vulnerabilities across its products, including in Internet Explorer, Edge, Office, Windows and the .NET Framework.
The patches, released Tuesday, are arranged in 11 security bulletins, 10 of which are for Microsoft products. The remaining patch covers Adobe Flash Player, which is bundled with Internet Explorer in Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2 and Windows 10.
Six security bulletins, including the Flash Player one, are rated critical and primarily cover remote code execution vulnerabilities that could lead to a complete system compromise.To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3095266/security/microsoft-fixes-critical-flaws-in-ie-edge-office-and-windows-print-services.html#tk.rss_all

Original article

DDoS botnets built using Linux malware for embedded devices

LizardStresser, the DDoS malware for Linux systems written by the infamous Lizard Squad attacker group, was used over the past year to create over 100 botnets, some built almost exclusively from compromised Internet-of-Things devices.
LizardStresser has two components: A client that runs on hacked Linux-based machines and a server used by attackers to control the clients. It can launch several types of distributed denial-of-service (DDoS) attacks, execute shell commands and propagate to other systems over the telnet protocol by trying default or hard-coded credentials.
The code for LizardStresser was published online in early 2015, giving less-skilled attackers an easy way to build new DDoS botnets of their own. The number of unique LizardStresser command-and-control servers has steadily increased since then, especially this year, reaching over 100 by June, according to researchers from DDoS mitigation provider Arbor Networks.To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3090153/security/ddos-botnets-built-using-linux-malware-for-embedded-devices.html#tk.rss_all

Original article

Dogspectus: Android ransomware silently installs, demands $200 iTunes gift card ransom

Sure, a lot of people love music, movies, e-books and new apps, but the person behind the ransomware “Dogspectus” has taken it to the extreme of locking Android devices and demanding $200 in iTunes gifts cards to unlock each phone or tablet. Victims don’t even have to do something that might be considered security-stupid, such as accept new app install permissions, to wind up with an infected device; the “ransomware” is delivered via malicious ads and installs “silently in the background.”

How can that be? Say thanks once again to the flipping Hacking Team as Dogspectus uses a previously leaked Hacking Team exploit to deliver “Towelroot” which then installs the ransomware.

To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3060807/security/dogspectus-android-ransomware-silently-installs-demands-200-itunes-gift-card-ransom.html#tk.rss_all

Original article

Ransomware authors use the bitcoin blockchain to deliver encryption keys

Ransomware authors are using the bitcoin blockchain, which serves as the cryptocurrency’s public transaction ledger, to deliver decryption keys to victims.

The technique, which removes the burden of maintaining a reliable website-based infrastructure for cybercriminals, was observed in a recent version of the CTB-Locker ransomware that targets Web servers.

CTB-Locker has targeted Windows computers for a long time, but a PHP-based variant capable of infecting websites first appeared in February, marking an interesting evolution of this ransomware threat.

The decryption routine in the original PHP-based CTB-Locker version involved a script called access.php that served as a gateway to the attackers’ back-end server. This gateway script was hosted on multiple hacked websites and was necessary to obtain the decryption key after victims made a payment.

To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3056705/security/ransomware-authors-use-the-bitcoin-blockchain-to-deliver-encryption-keys.html#tk.rss_all

Original article

Your Linux-based home router could succumb to a new Telnet worm, Remaiten

Building botnets made up of routers, modems, wireless access points and other networking devices doesn’t require sophisticated exploits. Remaiten, a new worm that infects embedded systems, spreads by taking advantage of weak Telnet passwords.

Remaiten is the latest incarnation of distributed denial-of-service Linux bots designed for embedded architectures. Its authors actually call it KTN-Remastered, where KTN most likely stands for a known Linux bot called Kaiten.

When scanning for new victims, Remaiten tries to connect to random IP addresses on port 23 (Telnet) and if the connection is successful, it attempts to authenticate using username and password combinations from a list of commonly used credentials, researchers from ESET said in a blog post.

To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3049982/security/your-linux-based-home-router-could-succumb-to-a-new-telnet-worm-remaiten.html#tk.rss_all

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: