Posts Tagged ‘Blackhole’

MicrosoftIn the second half of the 2012 attack on web-browsers have surpassed even the level of the spread of a dangerous virus Conflicker.

Microsoft submitted a report Microsoft Intelligence Report, which indicates that browsers represent the main threat for corporate networks.

The report is based on data collected in the second half of 2012, with one billion computers users in more than 100 countries. The study found that attacks on users’ browsers are currently the greatest threat, exceeding the level of risk, even a computer worm Conflicker, which since 2003 has infected millions of home and corporate systems in more than 200 countries. (more…)

Java DangerAccording to security vendor Websense, most browsers with installed Java-plugin vulnerable for at least one exploit-kit, used for a number of web-based attacks.

In Websense say they used their own analytical network that tracks billions of Web requests from several million end-user computers. Network is able to detect the version of Java, installed on the system, and the browser with which it works.

According to the latest telemetry, only 5.5% of users have the latest version of Java and the latest version of the browser in the system (Java 7 Update 17 or Java 6 Update 41), but even for these versions of Java in the network already sold exploit kits, allowing the use of remains open holes in the software. (more…)

Java DangerDevelopers Blackhole and Nuclear Pack said that the exploit is a ‘New Year present’ for their clients.

Hackers who are the authors of such sets exploits as Blackhole and Nuclear Pack, claim that they had added a new exploit, an attacker previously unknown and is not currently vulnerability in Java.

Thus, on 9 January, the developer Blackhole – hacker disguised under the pseudonym ‘Paunch’ – said on several underground forums that a zero-day vulnerability in Java is a ‘New Year gift’ to those who use it with a set of exploits. Soon, similar reports were received from the developers and distributors of Nuclear Pack. (more…)

Zeus Trojan HorseEvolution of Zeus Botnet Part 3

Evolution of Zeus Botnet Part 2 Here

Zeus, version 3 – Gameover

In the version of Zeus 2.1 was an attempt to get away from the hard-coded command center and move to a more protected from the actions of the anti-virus companies control system (using DGA). As it turned out, the creators of Zeus continued his studies in the field.

In October 2011, Roman Huessy, creator ZeusTracker, exploring the latest version received Zeus, noted the presence of a strange UDP-traffic. Further analysis showed that the new version of Zeus had several IP-addresses in the configuration block, and computers with these IP answered infected system. Within 24 hours it was revealed about 100,000 unique IP addresses, which is related to a new version. Most of the infected computers were located in India, Italy and the U.S..

Since it was found that Zeus started using P2P update mechanism itself and its data blocks configuration. Because of the use of the name gameover.php script when handling command center for this version of the name used Gameover Zeus. This is a rather symbolic – as can be seen, the ‘game’ with Zeus has ended. (more…)

SophosAccording to the report the researchers, most hackers will be based on the use of a set of exploits Blackhole.

Sophos has presented an annual report on cyberthreats, which warned of the distribution of a set of exploits Blackhole, as the most dangerous malware.

According to the researchers, a set of exploits Blackhole, getting in the infected computer with the operation of various vulnerabilities, creates a backdoor to download different viruses.

Experts estimate that this year Blackhole lead among malware in the U.S., where it accounts crouches 30.81% of infected systems. 17.88% of all infected computers were detected in Russia, and the third highest number of incidents were detected by computer systems Chile – 10.77%.

According to experts, in 2012, the most vulnerable are cloud computing, systems BYOD (Bring Your Own Device), database SQL, as well as the mobile operating system Android. (more…)

F-Secure logoBoth packages exploits are so similar that the operation uses the same vulnerabilities the file and one code.

Experts of the company F-Secure discovered that hackers recently focused on the development of a package of exploits called Cool, which is almost a copy of a known product Blackhole.

Cool package exploit allows attackers to remotely exploit security vulnerabilities and perform drive-by attack. In addition, the researchers noted that in addition to carrying out attacks, Cool also has a set of additional features, including the ability to scan the browser and operating system for potentially vulnerable plugins.

According to employees of F-Secure, a set of exploits designed like the other, is very popular among cybercriminals product – Blackhole. The experts found that both packages use the same exploit to attack targets, a similar technique of infection and how to upgrade. For example, after the elimination of vulnerabilities exploited both products almost simultaneously updated and attack the same vulnerable components of the system.

“Even with all the differences, we can conclude that the Blackhole Cool and more than a little like” – note in the F-Secure. (more…)

Security AnalysisEvery year the information security threats are becoming more difficult to detect.

2011 for most businesses was a year of awareness of the seriousness of issues related to information security, as many well-known organizations have experienced hacking of information systems and information leakage.

During 2012, we can see that there are new types of malicious software, expands the range of virus and hacker attacks – compared to last year the malicious activity increased by 30%. World Network in the near future, of course, remain the main channel for the dissemination of malware. Attackers will continue to develop methods of social engineering designed to targeted attacks on browsers and related applications (applications that run group).

For most organizations, it becomes a serious threat information increased use of smartphones and tablet PCs. Poor control of mobile devices raises a number of employees of information security problems requiring urgent solutions, and creates a lot of challenges for IT departments.

It can be expected that cybercriminals will continue to actively use cloud technology to spread malicious code. Continue hacktivists attack groups such as LulzSec and Anonymous, leading to a denial of service, leaked documents and inaccessible sites. (more…)

Stop spamExperts warn of malicious mailing, operating general public interest for pre-election debates between the candidates for the U.S. presidency.

Spam filters Websense weed out thousands of malicious emails disguised as a newsletter CNN. Their headline reads: “CNN Breaking News – Mitt Romney Almost President”. According to experts, all the buttons “Full story” in a fake tape “hot” news that is inserted into the body of spam messages lead to sites, redirects, redirect the recipient to exploit the site, the latest version of Blackhole. The purpose of this is to download a cyberattack on the victim versions of ZeuS, using a user-mode rootkit.

In Sophos also found that in case of failure to exploit (Blackhole uses pdf-, jar and exe-files) attackers are turning to the help of social engineering. If appropriate holes in the defense by not found, it displays a page masterfully mimics the download page for Adobe Flash Player. Without any action by the user, it loads a malicious exe file, which it is proposed to start. Experts believe that this additional functionality intruders entered ahead of the public release of Windows 8 and IE 10 version with a user interface Modern UI, does not support such plugins like Java and Flash. (more…)

Stop spamMalicious messages contain a variety of important information to the user, often related to circulation of money.

According to research firm Websense, recently through spam on the Internet spread links to a set of exploits Blackhole.

According to experts, Blackhole is distributed worldwide through spam e-mail messages using a variety of schemes. In one case under the guise of spam distributed notification of a voice mail that came from servers Microsoft Exchange. In the second – the potential victims receive letters of thanks for a subscription to the premium service on the resource accountingWEB.com. In the third – users get different notifications claiming to be from the service of automatic data processing (ADP). (more…)