Mumblehard, The Pernicious →
Swati Khandelwal, writing at The Hacker News, regales us with the tale of Mumblehard, the Linux and BSD Server targeted attack malware that transforms those machines into pernicious spambots.
FireEye Exposed Years-Long APT Attack →
In astonishing (yet unsurprising) news - a discovery by FireEye Labs (and published under the company's Threat Research blog) - of a decade-long espionage campaign by miscreants thereto (in thi case, allegation point to entities in the Peoples Republic of China). FireEye has announced the availability of an indicators download on GitHub here; the full report is available here. Clear proof of why security professionals should be quite concerned, specifically those folks who rely on *deeply flawed and nearly useless enterprise anti-virus and anti-malware products employed throughout most, if not all, enterprise IT environments... Ladies and Gentlemen, Girls and Boys, behold the money quote:
"All of the key findings we examined in the report lead us to conclude that APT 30 is a professional, cohesive threat group with a long-term mission to steal data that would benefit a government, and has been successful at doing so for quite some time. Such a sustained, planned development effort coupled with the group’s regional targets and mission, suggest that this activity is state sponsored." - via FireEye Labs and the FireEye Threat Research blog
MAC OS X Crapware Ariseth
via How To Geek's reporter Lowell Heddings, comes this warning shot, fired over the bow, detailing the rise of the newly discovered Apple Inc. (NasdaqGS: AAPL) MAC OS X 'crapware' epidemic.
"The problem gets much, much worse when you try to search for freeware using your favorite search engine. It’s worth noting here that Google has just recently starting trying to ban bundled crapware from their results and ads, but sadly Yahoo and Bing don’t have the same level of awesome. In fact, they are just terrible." - via How To Geek's Lowell Heddings
Equation Group →
Going dark in 2014, the Equation Group's malware command and control servers have reportedly been migrated onto United States soil... This, after a nefariously successful run targeting thousands of victims in at least 40 countries. Focusing on vertical industry segments such as medical, telecom and aerospace sectors, including diplomatic missions, research institutions, military, governments, the Equation Groups' malware is apaprently fostering speculation as to connections between and betwixt US agencies.
"In an exhaustive report published Monday at the Kaspersky Security Analyst Summit here, researchers stopped short of saying Equation Group was the handiwork of the NSA—but they provided detailed evidence that strongly implicates the US spy agency." - via ArsTechnica's Dan Goodin
iOS Espionage Tool Discovered
In a typically fascinating post, over at TrendLabs, written by Lambert Sun, Brooks Hong (Mobile Threat Analysts) and Feike Hacquebord (Senior Threat Researcher), we learn of a recently discovered iOS espionage tool. Ladies and Gentlemen, Girls and Boys, behold, the money quote:
"We found two malicious iOS applications in Operation Pawn Storm. One is called XAgent (detected as IOS_XAGENT.A) and the other one uses the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B). After analysis, we concluded that both are applications related to SEDNIT. The obvious goal of the SEDNIT-related spyware is to steal personal data, record audio, make screenshots, and send them to a remote command-and-control (C&C) server. As of this publishing, the C&C server contacted by the iOS malware is live." - via TrendMicro's TrendLabs blog authors Lambert Sun, Brooks Hong and Feike Hacquebord.
ComRat, Redux →
News via John E Dunn writing at TechWorld, of the infamous ComRat rootkit, reportedly now the oldest nation-backed bundle of malware-badness, beating Stuxnet by a single year (at least according to BAE Systems...).
Trust, Lack Thereof... →
Information is Beautiful has created a diagrammatical tour de force, carving the litany of questionable security competence within the compromised companies, onto like-minded information security architects, engineers and researchers.
Read it and weep my friends...
Digital Weaponry, Vectored
Once again, Kim Zetters' superlative prose details the astounding story of Stuxnet; this time, in a new book titled 'Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon' [published by Crown Publishing Group a division of Random House]. Apparently, like many other 'infections' the vector [in this case] is the order-of-the-day... This month's MustRead.
and now, a Smidgen of Hysteria... →
WireLurker. No, Virginia, the sky is NOT falling, and there IS a Santa Claus [with apologies to Virgina].
Concept, Proof of
Bad news for Network Attached Storage users, as a newly devised POC now exists. Should you be concerned? Probably.
Malvert-ized →
News [via Lucian Constantin writing at PCWorld] of the latest compromised advertising networks... In this case, Right Media (now Yahoo Ad Exchange), The Rubicon Project, and OpenX - all three broadcasting their nasty bits, now infecting unknown numbers of clients... Hence the necessity of proactive ad-blocking with browser extensions such as AdBlock.
iWorm
Evidently, seventeen thousand Apple Inc. (NasdaqGS: AAPL) MAC OS X machines (worldwide) have been corralled into a nefarious botnet. Discovered by a relative unknown in the burgeoning Russian anti-virus industry (nope, it wasn't Kapersky) this bot is probably the prettiest ever, eh Comrade? One bit of good news, Apple has released a new malware definitions update as of 11:00 AM yesterday.
CryptoWall, Redux
Do you need further proof that advertising is intrinsically evil? I'll wager not, especially in the case of the obviously idiotically managed, and therefore open-to-exploitation Yahoo Ad Network. It's one exploit after another for these poor fools... Profoundly and Blatantly Stupid.
'In January, for instance, Fox IT reported that visitors to Yahoo’s website were bombarded with malicious adverts that attempted to infect computers with a wide array of financially-motivated malware. Later in the same month, there were claims made that Bitcoin-mining malware had been spread via Yahoo ads...' via Graham Cluely
Historia Vira, Significans
In which, a highly graphical history is presented... The Computer Virus Catalog has crafted an 'Illustrated Guide to the Worst Viruses in Computer History'. Teeming with denizens of this man-made realm you'll discover the most pernicious information-based infection agents. You will also find many of the most interesting vectors, ranging from Marburg to Stuxnet; all illustrated by artists of note. Nunc, aliquam erat volutpat.