Below, we analyze the most significant incidents that occurred in the first quarter. The malicious applications , over fifty of which have been detected, were infected with Trojans and repacked as legitimate programs. The Trojans also included a module that could install additional malicious components on devices without users being aware. It was lucky for users who had Kaspersky Mobile Security 9 installed on their devices that these exploits were used. The Trojans were new and had not been included in antivirus databases, while the exploits bundled with them were successfully detected.
Until signatures were created for the Trojans, KMS 9 proactively detected the whole bundle as Exploit. Since adding the Trojans to our antivirus databases, we have detected them as Backdoor. As mentioned above, the malware detected on Android Market exploited vulnerabilities. Note that vulnerabilities affected devices with Android versions earlier than 2.
- Opera GX - Gaming Browser.
- mac os x java xprotect.
- Find a repair centre;
It is obvious that users are not in any hurry to upgrade their systems. The main reason for this lack of inertia is that device manufacturers make significant modifications to their operating systems before installing them on mobile devices. This means that installing patches then becomes manufacturer-dependant and so they share the responsibility for the security of mobile devices.
However, they often have no interest in supporting and updating software on existing devices. Since smartphone models become outdated very quickly, updating software on devices that are in effect obsolete results in additional costs with no obvious way to recoup them. All users can hope for is that device manufacturers will take appropriate measures and make it possible to install updates on their devices. Is it possible to seriously discuss security in circumstances such as these? This ought to be very helpful when it comes to neutralizing malware on phones which are already infected.
However, the incident with Trojans on Android Market has demonstrated several weaknesses in the system. Firstly, once they got administrator privileges, Trojans made themselves at home on the smartphones and could only be removed by an application that had the same administrator privileges.
Google had to release a dedicated program that had such privileges in order to remove these Trojans from infected devices. Secondly, as cybercriminals further develop mobile malware, they may implement technologies that allow Trojans to disable this remote administration mechanism, a process similar to disabling the Windows Update functionality on PCs. Thirdly, the current system involves removing Trojans from infected phones, but not the prevention of infections.
However, if a Trojan is used by attackers to steal money or important data, its removal will not undo the damage. Overall, the situation with the Android OS is becoming similar to the current situation with Windows:. Since , the number of new antivirus database records for mobile malware has virtually doubled every year. The number of new mobile malware signatures added to antivirus databases. Based on our statistics for the first quarter of this year, it can be safely predicted that the number of malicious programs for mobile devices detected in will be more than double that of The situation with mobile malware is particularly disturbing because large amounts of important data are already stored on mobile devices and smartphones are likely to be widely adopted as mobile wallets in the near future.
In addition, since employees are increasingly using their personal mobile devices for work-related purposes, so-called consumerization, data leaks from individual smartphones are turning into a real headache for their employers. The events described in this section began in Towards the end of last year, a group calling itself Anonymous claimed responsibility for DDoS attacks targeting the Mastercard, Visa and Paypal websites in revenge for these companies refusing to handle funds connected with the Wikileaks project.
Many people wondered who was hiding behind the Anonymous name. However, HBGary itself was attacked several days later. The first quarter of was marked by several attacks on different organizations. As a result of these successful attacks, the cybercriminals gained access to a variety of data, including user identities, which though they cannot be used for immediate gain, are of interest to black hats. A few years ago it would have been an exceptional achievement for hackers to compromise the servers of a large company, but sadly, such incidents are becoming commonplace.
All the signs indicate that some of the professional cybercriminals have struck gold by switching from mass home computer infections to hacking major corporations. This is more risky for the attackers because unlike home users, major corporations can and will retaliate. However, the stakes and thus the potential rewards involved with targeted attacks on corporations are higher and there are fewer competitors in this segment of the black market. It is alarming that IT security companies are the focus of so many attacks.
Such companies usually serve huge numbers of customers and a successful attack may provide cybercriminals with keys to the digital wallets of large numbers of users in different parts of the world. The task of compromising the servers of IT security companies is very difficult from a technical standpoint. The data stolen was very valuable, because HBGary works with large financial organizations and governmental bodies. Run-of-the-mill cybercriminals would have tried to sell the data on the black market immediately.
However, the attackers did not follow the conventional path: they made an enormous amount of confidential data publicly available. In the attack on security provider RSA, the human factor played a significant role. They obviously calculated correctly: one of the RCA employees opened the malicious file, which contained zero-day exploits. This story demonstrates yet again that people who work for a company are the weakest link in its IT security chain. The main way of strengthening the link is training — not only of IT staff, but ordinary employees as well. Government resources belonging to Canada, France and South Korea were also attacked by hackers in the first quarter of While attacks on private companies are usually financially motivated, the reasons for attacking governmental resources are not as clear.
In Canada and France, the cybercriminals were after classified documents. In the case of Anonymous and HBGary, the cybercriminals were motivated by reasons other than greed.
Attackers were spurred to act as a form of protest against specific decisions taken by organizations and governmental bodies. The Internet has become an integral part of our daily lives and is no longer just a global information environment; it is now an arena for political struggle also.
After the widely publicized Stuxnet story, vulnerabilities in SCADA systems are causing increased concern among security companies. These systems control the operations of industrial facilities, power plants, traffic light systems and other objects that are critical to our day-to-day lives.
The possibility of such objects being manipulated by an external force poses a threat to millions of people. Such software is written in the same programming languages, with well-known protocols, including in most cases, network protocols used for communication. SCADA software is also written by people, which undoubtedly is the main source of bugs. This is why errors similar to those found in ordinary programs are often found in SCADA software, and exploits developed for such systems are also an everyday occurrence.
It should be kept in mind that there are numerous SCADA systems globally which were configured when the enterprises they control were launched and have hardly ever been updated since. Updating such systems is not always feasible, because few enterprises can afford to clone their industrial plants for the purposes of testing patches. It is worth noting that an exploit pack for SCADA systems is already available online, while some of the vulnerabilities published in late March remained unpatched at the time of writing. Our forecast that digital certificates would become a major IT security issue in is, sadly, beginning to come true.
In late March, Microsoft released a bulletin reporting that nine fake certificates had been issued on behalf of Comodo, whose certificates are trusted by default in all versions of Windows and Mac OS X. Fake certificates enable cybercriminals to conduct phishing attacks, spoof website content and carry out MITM man-in-the-middle attacks.
This incident has highlighted another matter: since the right to issue certificates on behalf of a trusted company can be transferred to third parties, users are forced to have faith not only in the trusted company itself but in its partners as well. These certificates were not issued for financial organizations, but for websites visited by millions of users and belonging to large corporations, including services such as Google, Gmail, Microsoft Live Mail, Yahoo!
This is not typical of old-school hackers who are interested first and foremost in money, and consequently, in financial organizations. Attacks involving fake certificates are not conducted for financial gain, but they can result in the identities of an enormous number of Internet users being stolen. This is in line with the concept of the new breed of cybercriminals that we mentioned in our Security Bulletin.
Curiously, according to Comodo , the hacker attacks on partners were conducted from Iran. That country also hosted a website on which a fake certificate was first used. Later, a person posing as a self-taught Iranian hacker claimed responsibility for compromising the system and even published part of the private key to prove his claims. However, it is clear that the attack had been very carefully planned and professionally carried out — something a self-taught hacker is highly unlikely to be capable of.
In addition, attempts to find the hacker who so openly claimed responsibility for the attacks have so far proven fruitless. It is not impossible that the Iranian trail is a false flag operation and was used to divert attention from the real perpetrators. In the middle of March, the Rustock botnet stopped sending spam. Following this, the total amount of spam being circulated worldwide fell by 15 percentage points.
Rustock was a botnet controlled via command centers with specific addresses that were hard-coded into its spam bots. The cybercriminals will not be able to regain control of the computers making up the botnet without reinfecting them, but this does not mean we have seen the back of Rustock.
The bot was created for a single purpose: to send spam. Rustock bots never had self-propagation functionality.
LimeWire - Wikipedia, den frie encyklopædi
The zombie network was created using other botnets. Malware already installed on infected computers, for the most part Trojan-Downloader. Harnig, was commanded to download and install the Rustock spam bot. The typical Rustock host was a computer with no antivirus solution installed on it and which ran an unpatched installation of Windows XP.
There are hundreds of thousands of such computers across the globe. As long as the owners of Rustock walk free, they can create another similar botnet — quite possibly, to include the same machines that made up the zombie network which has been taken down. The cybercriminals did not actively attempt to create a new botnet immediately after the old one was taken down. The end of the quarter was marked by an attack conducted using a new variant of GpCode, an extremely dangerous ransomware Trojan that encrypts data on infected computers and demands money for decrypting it.
New variants of the encrypting Trojan were first detected at the very end of Unlike earlier variants which deleted the originals of encrypted files, the new variants of GpCode overwrite files with encrypted data.
Related seneste java version til mac
Copyright 2019 - All Right Reserved