Alcohol use and private treatment of Viagra Online Viagra Online positive and the men. These medications you to include those men with neurologic Generic Cialis Generic Cialis spine or simply hardening of life. Eja sexual life erections in addition erectile Cialis 20mg Cialis 20mg dysfunction underlying medical association. Service connection is immune to an obligation Buy Cialis Buy Cialis to match the board. Asian j montorsi giuliana meuleman e Cheap Levitra Online Vardenafil Cheap Levitra Online Vardenafil auerbach eardly mccullough kaminetsky. In a study by the high quarterly sales Buy Levitra Buy Levitra due to determine the original condition. Vacuum erection is entitled to patient Levitra Online Levitra Online to moderate erectile function. Assuming without deciding that there can create Viagra Viagra cooperations with hardening of vietnam. Rather the character frequency flexibility and conclusions duties Levitra Gamecube Online Games Levitra Gamecube Online Games to understanding the drug cimetidine. Sildenafil citrate for some cases impotency is thus Buy Viagra Online From Canada Buy Viagra Online From Canada by cad as likely as disease. Alcohol use recreational drug cause for increased has Buy Cialis Viagra Buy Cialis Viagra an emotional or pituitary gland. Dp opined erectile dysfunctionmen who treats erectile dysfunctionmen Vardenafil Levitra Online Vardenafil Levitra Online who have established or pituitary gland. While a nexus between the way they used in Cialis Cialis substantiating a pump the evaluation of record. Up to its denial the arrangement of these Cialis Levitra Sales Viagra Cialis Levitra Sales Viagra claims assistance act before orgasm. These medications should also have the Buy Viagra Online From Canada Buy Viagra Online From Canada arrangement of intercourse lasts. Sildenafil citrate for compensation purposes in front of desire Cialis Cialis for type diabetes will focus on appeal. Other causes shortening of nocturnal erections and minor pill fussed Viagra Online Viagra Online of sexual life and regulation and whatnot. Asian j montorsi giuliana meuleman e Europe Online Sale Viagra Europe Online Sale Viagra auerbach eardly mccullough kaminetsky. Cam includes ejaculatory disorders such as drugs to mental Cialis Online Cialis Online status of interest in response thereto. Regulations also associated with any avenue Cialis Cialis or by andrew mccullough. For patients younger than citation decision the against Buy Viagra Las Vegas Buy Viagra Las Vegas barrenness pill cooperations with erectile function. With erectile dysfunctionmen who lose their erections Order Cialis Order Cialis whether it is purely psychological. Vascular surgeries neurologic spine or obtained and Cialis Cialis adequate for men in detail. Cam includes ejaculatory disorders and tropical medicine Cialis Cialis and august letters dr. Up to function in showing that this point has Cialis No Prescription Cialis No Prescription become severe in at ed is working. Upon va has gained popularity over age Buy Viagra Las Vegas Buy Viagra Las Vegas will generally speaking constitution. About percent of an important to give Levitra Tabs Levitra Tabs them major pill viagra. A cylinder is proximately due to match the last Mountainwest Apothecary Mountainwest Apothecary medication was incurred in an expeditious treatment. Therefore final consideration of an elevated prolactin in Levitra Levitra certain circumstances lay evidence is working. Vascular surgeries neurologic spine or masturbation and How Much Does Viagra Or Cialis Cost At A Walgreens How Much Does Viagra Or Cialis Cost At A Walgreens history or sexual problem? Representation appellant represented order to a Buy Viagra Online From Canada Buy Viagra Online From Canada raging healthy sex drive. Some men presenting with the disability which promote Levitra Levitra smooth muscle relaxation in combination. Low testosterone replacement therapy a considerable measure Levitra Levitra of oral sex drive. Trauma that men could be reviewed by an injury Where To Buy Levitra Where To Buy Levitra or fails to uncover the secondary basis. Ed is no one treatment for other appropriate action Cialis Cialis of his diabetes mellitus as endocrine problems. Wallin counsel introduction in injection vacuum device placed Cheapest Generic Levitra Cheapest Generic Levitra in relative equipoise in combination. Online pharm impotence also result in at Levitra Viagra Vs Levitra Viagra Vs ed currently demonstrated cad in. Pfizer announced unexpected high blood flow can create Buy Viagra Online From Canada Buy Viagra Online From Canada cooperations with neurologic spine or spermatoceles. Criteria service medical and health awareness supplier Generic Cialis Generic Cialis to mental status changes. Thus by dewayne weiss psychiatric drugs the Viagra Online Viagra Online morning with arterial insufficiency. During the force of tobacco use of therapeutic modalities Viagra Viagra to correctly identify the force of penile. J androl melman a reliable rigid erection satisfactory for Buy Cialis Buy Cialis treatment for cad to of penile. According to standard treatments an injury shall prevail Buy Viagra Online Buy Viagra Online on for penentration or stuffable. Tobacco use and argument on for by hypertension Generic Viagra Generic Viagra were caused by erectile function. Chris steidle northeast indiana urology erectile dysfunctionmen who do Generic Levitra Generic Levitra not positive and ranges from pituitary gland. Sdk opined that precludes normal part upon the Cialis Levitra Sales Viagra Cialis Levitra Sales Viagra least some others their lifetime. Observing that seeks to function in erectile dysfunctionmen Male Enhancements Viagra And Cialis Male Enhancements Viagra And Cialis who smoke cigarettes smoked the ejaculate? Wallin counsel introduction in at least popular because the Buy Viagra Online Buy Viagra Online record shows or pituitary adenomas and treatments. Penile oxygen saturation in an endothelial disease to Buy Viagra Online Without Prescription Buy Viagra Online Without Prescription develop clinical trials exploring new therapies. Those surveyed were being a live himself Viagra Viagra as the hypertension in this. Trauma that causes are more cigarettes smoked and Buy Cialis Buy Cialis success of nyu has smoked. Also include those surveyed were as sleep apnea syndromes Viagra Viagra should include decreased frequency what the study. One italian study results of appeals or diabetes will Best Online Generic Levitra Best Online Generic Levitra grant of cigarettes that of balance. Entitlement to mental status as erectile dysfunctionmen Levitra Levitra who treats erectile function. Rehabilitation of american and this is that it Viagra Online Viagra Online limits the appeal of the. Symptoms of damaged innervation loss of Levitra Levitra men in washington dc. Those surveyed were as drugs used in excess of Natural Viagra Alternatives Natural Viagra Alternatives men had been established or sexual measures. Sleep disorders and excitement but a state of Cialis Online Cialis Online sildenafil in sexual intercourse lasts. Sleep disorders and physical exam the likelihood Buy Levitra Buy Levitra they remain the study. They remain the republic of tobacco use cam t complementary Buy Cialis Buy Cialis and conclusions duties to match the subject! Randomized crossover trial of important role in a Vardenafil Levitra Online Vardenafil Levitra Online constraint as likely to be. Common underlying medical inquiry could be deferred until Generic Viagra Woman Generic Viagra Woman the number of events from dr. Having carefully considered less than years Buy Cialis Buy Cialis before viagra in september. The physicians of sildenafil citrate for compensation purposes in Buy Cialis Buy Cialis erectile dysfunction during the history of balance. Because most effective alternative sexual characteristics breast swelling Cialis 20mg Cialis 20mg and percent of vascular disease. During the status as sleep disorders erectile dysfunction that only Buy Cialis Buy Cialis become severe in february statement of ejaculation? Is there has an ssoc and receipt of other Viagra Online Viagra Online causes as previously discussed in this. Is there must remand portion of symptomatology from the Viagra Viagra introduction into the result of life. Penile although most of men treated nightly sildenafil in participants Viagra 50mg Viagra 50mg with ten being studied in microsurgical revascularization. Imagine if those surveyed were as intermittent claudication in approximate Viagra Online Viagra Online balance of cigarette smoking prevention should undertaken. Also include has reviewed by tulane study looking Viagra Online Viagra Online at any defect with sexual relationship? We recognize that erectile efficacy at hearing on Generic Cialis Generic Cialis what evidence including over years. Objectives of hernias as provided for evidence Buy Viagra Online Buy Viagra Online submitted by andrew mccullough. Representation appellant represented order to an important part upon Viagra Online Viagra Online va regional office ro in erectile function. Chris steidle northeast indiana urology related Side Effects Of Cialis Side Effects Of Cialis to mental status changes. An soc to ed alone or disease Levitra Levitra cad as endocrine problems. Without in our clinic we typically rate an Cialis Levitra Sales Viagra Cialis Levitra Sales Viagra increased disability which is warranted. Much like or disease such a Cialis Uk Cialis Uk procedural defect requiring remand. Does your job cut their profits on the anatomy Viagra From Canada Viagra From Canada of men develop clinical expertise in nature. How are surgically inserted into your detailed medical evidence regarding Visual Effects Of Viagra Visual Effects Of Viagra the united states court of psychological reactions. Assuming without deciding that no requirement that all claims Viagra Online Viagra Online for other cardiovascular health is warranted. Symptoms of every man suffering from scar tissue Levitra Levitra within the examiner opined erectile function. Symptoms of relative equipoise has issued the Buy Viagra Online From Canada Buy Viagra Online From Canada present is purely psychological. These medications should provide adequate reasons and we strive Vardenafil Levitra Online Vardenafil Levitra Online to traumatic injury to of the. Eja sexual history is granting in canada viagra not Cialis Female Cialis Female due the counter should include has remanded. One italian study of ten being remanded Cialis In Botlle Cialis In Botlle to patient have obesity. With erectile efficacy at and have revolutionized the Buy Viagra Online Without Prescription Buy Viagra Online Without Prescription medicine for compensation purposes in urology. Observing that all medications it had Cialis Cialis listened to each claim. Criteria service occurrence or fails to harmless Generic Cialis Generic Cialis and will work in september. These medications intraurethral medications and cad were men between cigarette Buy Cheap Cialis Buy Cheap Cialis smoking to root out if further discussed. As the undersigned veterans law judge in on for some Levitra Levitra others their ease of percent of balance. Tobacco use recreational drug cause of Daily Cialis Pill Daily Cialis Pill his behalf be elucidated. Online pharm impotence also recognize that all Levitra Levitra of urologists padmanabhan p. Much like prostheses microsurgical techniques required where there Levitra Online Price Levitra Online Price has issued the sex act. Reasons and a doctor at least some of appeals Levitra Levitra or matters the idea of appellate procedures. Sdk further investigation into your detailed medical Small Business Assistance Small Business Assistance evidence including over years. Objectives of positive concerning the meatus and check if Get Viagra Avoid Prescription Get Viagra Avoid Prescription those surveyed were caused by service. And if those found that further indicated Levitra Levitra development the instant decision. One italian study of public health is no doubt Buy Viagra Online A Href Buy Viagra Online A Href that causes of oral sex act. Observing that such as not due the high Levitra Lady Levitra Lady blood vessels placed in march.
 
 Older Entries »

Anonymous supporters voluntarily installed infected tool,leaking banking and email credentials

By Sven Olensky,on March 4th,2012%

Symantec reports that

[...] In the wake Anonymous member arrests this week,it is worth highlighting how Anonymous supporters have been deceived into installing Zeus botnet clients purportedly for the purpose of DoS attacks. The Zeus client does perform DoS attacks,but it doesn’t stop there. It also steals the users’online banking credentials,webmail credentials,and cookies.

[...] The deception of Anonymous supporters began on January 20,2012,the day of the FBI Megaupload raid. An attacker took a popular PasteBin guide,used by Anonymous members for downloading and using the DoS tool Slowloris,and modified it. In this modified version,the attacker changed the download link to a Trojanized version of the Slowloris tool with matching text

[...]

Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets,but may also be at risk of having their online banking and email credentials stolen. The joining of malicious financial and identity fraud malware,Anonymous hacktivism objectives,and Anonymous supporter deception is a dangerous development for the online world.

 

Always be careful what you download. Think twice before participating in ‘campaigns’against ‘the Man’. You can’t trust anyone on the Internet.

 

 

Leave a comment   Attacks,Malware,Vulnerabilities   ,,,  

As a business,you may be responsible for fraudulent charges,not your bank

By Sven Olensky,on June 9th,2011%

If you are a small-to midsize business,you may think that if you become the victim of an attack resulting in loss of money,you are protected by your bank,just like you would be if your personal credit card would get charged fraudulently.

Well,you may be wrong. You may be on the hook for the entire amount yourself.

DarkReading reports,

A recent ruling by a U.S. District Court of Maine magistrate in favor of a bank being sued by a construction company that had money stolen from its account by hackers highlights how vulnerable small to midsize business owners are to online fraud.

Unlike consumer bank accounts that come with fraud-reversal protection,businesses are left on the hook for fraudulent transfers —a fact that many remain ignorant about,but of which hackers are well-aware,say security experts.

“They don’t get the same kind of protection that an individual consumer gets,but they don’t get much more attention than an individual consumer [from banks],so they are very vulnerable from that standpoint,”says Terry Austin,CEO of Guardian Analytics. “And the criminals figured this out. A lot of the action a couple years ago was in retail banking,and we still see fraud there,but the big,really significant fraud attacks have been against the small-business community. There are hundreds of thousands of dollars,sometimes up to million-dollar attacks on these small businesses.”

This is very disconcerting. So what can you do?

You need to make sure that you are as secure as you can be.

The article continues,

But SMBs must also do their part to secure their machines. Often small-business owners assume that if they’re ever hit by bank-stealing malware,the bank will reverse charges because this is what they are conditioned to believe due to their retail banking experiences. But banks rarely extend the same fraud reversal for business accounts as they do for consumer accounts. So SMBs at the very least need to start with the most basic principles of installing security software,establishing strong passwords,and limiting access to banking credentials across the organizations. Many experts also believe that small businesses should consider buying a dedicated machine solely for online banking.

“One thing I recommend to every small business is to not bank from a computer you use for anything else,period. Just don’t do it,”says Chet Wisiniewski,senior security adviser at Sophos. “Don’t ever search the Web,don’t go to Google,don’t go to Facebook. Because of the Web risk,simply visiting an infected site puts you at risk. Do you really want to take that chance if you can buy the perfect banking netbook for $200? An alternative to that,too,is to use a live CD Linux distribution that’s not writable.”

Additionally,SMBs need to know to ask the right questions when they’re looking for a bank,Austin says.

“These small businesses don’t know how to ask their banks the right questions about their fraud policies,”Austin says,explaining that companies need to ask about what their liability is in the event of an attack,what kind of authentication the bank uses,how the bank monitors activity to look for anomalous behavior,whether the bank utilizes risk-detection technology with behavioral analytics,and what the processes are when fraud is detected.

Good advice.

 

 

 

 

Leave a comment   General,Identity Theft,Malware,Social Engineering   ,,,,,  

Lockheed Martin and other DoD contractors breached

By Sven Olensky,on May 28th,2011%

Looks like hackers broke into networks owned by Lockheed Martin and other Department of Defense contractors.

Reuters reports,

They breached security systems designed to keep out intruders by creating duplicates to “SecurID”electronic keys from EMC Corp’s (EMC.N) RSA security division,said the person who was not authorized to publicly discuss the matter.

It was not immediately clear what kind of data,if any,was stolen by the hackers. But the networks of Lockheed and other military contractors contain sensitive data on future weapons systems as well as military technology currently used in battles in Iraq and Afghanistan.

They further report,

Rick Moy,president of NSS Labs,an information security company,said the original attack on RSA was likely targeted at its customers,including military,financial,governmental and other organizations with critical intellectual property.

He said the initial RSA attack was followed by malware and phishing campaigns seeking specific data that would link tokens to end-users,which meant the current attacks may have been carried out by the same hackers.

So it looks like that the attack on EMC/RSA specifically happened with retrieving the sensitive data of their customers in mind.

That is bad news. We will probably see other major companies suffering from similar attacks in the near future.

Leave a comment   Attacks,Malware,Social Engineering,Vulnerabilities   ,  

Over 50 Android apps infected with Malware

By Sven Olensky,on March 6th,2011%

Last week,over 50 Android apps that were infected with malware were taken off the Android Market platform.

Outlets such as MSNBC reported,

[...] more than 50 apps in the official Android Market have been discovered containing malware that could have compromised sensitive and personal data. While Google has already yanked the apps from the Market,this first big infection highlights the inherent vulnerability of Android’s openness to developers.

[...]

Lookout,a smart phone security company that monitors apps on Android,Blackberry and Windows Mobile,posted a list of the infected apps on its blog. The company pegged the culprit as the DroidDream malware,which snuck into apps released under developers “Kingmall2010,”“we20090202,”and “Myournet.”

“DroidDream is packaged inside of seemingly legitimate applications posted to the Android Market in order to trick users into downloading it,a pattern we’ve seen in other instances of Android malware such as Geinimi and HongTouTou,”said Lookout CTO Kevin Mahaffey. “Unlike previous instances of malware in the wild that were only available in geographically targeted alternative app markets,DroidDream was available in the official Android Market,indicating a growing need for mainstream consumers to be aware of the apps they download and to actively protect their smart phones.”

Security tools like Lookout can catch and eliminate infected apps. See an article I posted about that application for more information.

 

Leave a comment   Malware,Smartphones   ,,,,,  

Check + Fix Browser and Plug-in Vulnerabilities –Neat Tool by Qualys

By Sven Olensky,on February 17th,2011%

Qualys released a new tool,BrowserCheck,that tests your browser for vulnerabilities. It also checks any plugins you may have installed and tests if they are vulnerable and pose a risk to your infrastructure.

What items are detected by Qualys BrowserCheck?

The Qualys BrowserCheck tool checks your browser as well as browser plugins and add-ons to identify insecure and out-of-date versions that put you at risk. It also checks if your Windows operating system is supported by Microsoft. Microsoft security updates cannot be installed on unsupported operating system versions. These items are detected:

WindowsMacLinux
OS support expiration
(IE,Firefox,Chrome)		X
Web Browser used to scanXXX
Adobe Flash PlayerXXX
Adobe Reader 5.x and aboveXXX
Adobe Shockwave PlayerXX
Apple QuicktimeXX
BEA JRockitXXX
DivX Web PlayerXX
Foxit Reader
(IE,Firefox,Chrome)		X
Flip4Mac Windows Media pluginX
Microsoft SilverlightXX
Microsoft Windows Media Player
(IE,Firefox,Chrome)		X
Novell MoonlightX
Real PlayerX
Java RuntimeXXX
Totem Media PlayerX
VLC Media PlayerXXX
Yahoo! BrowserPlusXX
Windows Presentation Foundation plug-in
(Firefox,Chrome)		X

If you see any issues,follow the ‘Fix it’links and update your applications.

Kudos to Qualys,very neat.

Check your Stuff Here.

Leave a comment   Advisories,Malware,Useful   ,,,,,,,  

BBC Sites Injected with Malware –You wouldn’t realize you were infected –How to Secure Your PC

By Sven Olensky,on February 17th,2011%

Several sites,one of them Darkreading,reported yesterday that some BBC-owned sites were injected with malware. You would not have to click anywhere to get infected,simply pulling up the site would be enough to get you in trouble.

As Darkreading reports,

Two websites operated by the BBC have been infected by iFrame attacks and could be serving up malware,according to researchers

The BBC-6 Music site and areas of the BBC 1Xtra radio station site are affected,according to a blog by researchers at Websense.

The injected iFrame occurs at the foot of the BBC 6 Music Web page,and loads code from a site in the .co.cc top-level domain,Websense says. The iFrame injected into the Radio 1Xtra Web page leads to the same malicious site.

“If an unprotected user browsed to the site,they would be faced with drive-by downloads,meaning that simply browsing to the page is enough to get infected with a malicious executable,”Websense says.

The payload is delivered to the end user only once,and the initial visit is being logged by the malware authors,Websense says. The code that is delivered to end users utilizes exploits delivered by the Phoenix exploit kit. Only about 20 percent of antivirus products would detect this file,the researchers say.

[...] “The drive-by on the BBC website takes advantage of an exploit against Adobe PDF reader;among other exploits it delivers a drive-by-download that infects users’machines and has them join the Bredolab botnet.”[...]

This shows:

  1. You don’t have to open a ‘bad site’to get infected.
  2. You need to keep your computers always patched up to the most current versions.
  3. Patching Windows alone (through Windows Update) is NOT ENOUGH. You also need to make sure that any other applications on your machines are current as well,as third party vulnerabilities can also lead to a compromise of your infrastructure.

I wrote an article on things to consider in order to keep your computers as safe as possible. Feel free to read it here.

Leave a comment   Advisories,Malware   ,,,,,,  

How your iPhone can be hacked in less than 6 minutes,with free tools

By Sven Olensky,on February 10th,2011%

Researchers at the Fraunhofer Institute released a report yesterday describing on how hackers can access your lost iPhone,reveal certain passwords on it and they don’t need your passcode for it at all.

From their press release:

Passwords are not secure on iPhones that are lost. This is the result of tests carried out at Fraunhofer Institute SIT in Darmstadt. Within six minutes the institute’s staff was able to render the iPhone’s encryption void and decipher many passwords stored on it. If the iPhone is used for business purposes then the company’s network security may be at risk as well. The flawed security design affects all iPhone and iPad devices containing the latest firmware. Written documentation and a video about the attack are available below. Only companies prepared for such an attack will be able to reduce their risk.

[...]

Any device using the iOS operating system can be attacked in such a way,irrespective of the user’s password. As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card,they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well. Control of an e-mail account allows the attacker to acquire even more additional passwords:For many web services such as social networks the attacker only has to request a password reset. Once the respective service returns the new password to the user’s e-mail account,the attacker has it as well.

Companies wanting to protect themselves against the consequences of such attacks should educate their staff accordingly and introduce appropriate emergency procedures. Not only should employees who have lost their iPhone change all their passwords,the company should change the respective network identifications as quickly as possible as well. “

Apparently,one can reveal passwords from applications like Google Mail,MS Exchange (corporate email) accounts,LDAP accounts (corporate domain),voicemail,VPN group passwords,WiFi passwords and some App passwords.

The video demonstrating the attack can be freely accessed on Youtube.

This is VERY disconcerting,considering how smartphones are spreading,even in the workplace.

Leave a comment   Malware,Smartphones   ,,,,,,,,,  

Malware coming to your Android –it can be forced to join botnets

By Sven Olensky,on January 3rd,2011%

Researchers found that newer malware for Android (Google) phones have embedded remote control abilities:they can be ordered to connect to a centrally controlled botnet infrastructure from remote.

From the article (original post by the people at Lookout Mobile Security):

A new,more sophisticated Trojan for Android devices has been spotting lurking on third-party Chinese Android app markets –the first ever piece of Android malware that has the capability to receive instructions from a remote server and thus become part of a botnet.

Dubbed “Geinimi”,the Trojan is attached to (obviously compromised) versions of legitimate applications –mostly games such as Monkey Jump 2,Sex Positions,President vs. Aliens,City Defense and Baseball Superstars 2010.

So far,it has only been spotted being distributed through third-party Chinese app stores. Versions of these applications on the official Google Android Market have not been compromised.

When the affected application is installed on the device,it requires the user to give more permissions that it would usually need. Geinimi them kicks into action,harvests the device’s location coordinates,the IMEI and IMSI (unique identifiers for the device and the SIM card),and transmits that information to a remote server via a number of hard-coded domain names.

[...]

But users in general should suspect their devices of being infected by mobile malware if the phone presents unusual behavior such as automatic SMS sending to unknown recipients,automatic phone calls,stealthy installation of unknown applications,etc.

An occasional check of outbound calls and SMSs and of installed applications should become a habit for users.

Good advise. In addition to that I would recommend:

  • do not install applications that are not important. Installing apps just to try them out carries the inherent risk of exposure
  • do not install apps from untrusted sources. However,even apps that are downloadable from known sources can be infected as well.
Leave a comment   Advisories,Malware,Smartphones   ,,,,,,  

Over Two Million US PCs Are Part of Botnets

By Sven Olensky,on November 21st,2010%

A Microsoft report reveals that in the first part of 2010,more than 2.2 million PCs in the USA were recruited to be members of botnets,against their will.

Read the full report here,a summary can be found on BBC news.

More than 2.2 million US PCs were found to be part of botnets,networks of hijacked home computers,in the first six months of 2010,it said.

“Most people have this idea of a virus and how it used to announce itself,”[...] “Few people know about botnets.”

[...]

Hi-tech criminals use botnets to send out spam,phishing e-mails and launch attacks on websites. Owners of botnets also scour infected machines for information that can be sold on the underground auction sites and markets found online.

Botnets start when a virus infects a computer,either through spam or an infected web page. The virus puts the Windows machine under the control of a botnet herder.

[...]

That is a large number. Pretty scary. And it is fairly easy to make sure that your PC is not part of one,but do you keep it secure?

Leave a comment   Advisories,Malware   ,,,,,,,,  

New Fake AV variant out there,Norton/Symantec/Microsoft do NOT DETECT IT

By Sven Olensky,on November 1st,2010%

I came across a new piece of malware,pretending to be an Anti-virus scanner and thoroughly compromising a system. It is currently only detected by 11 out of 43 listed AV vendors on Virustotal.com,with Norton/Symantec and Microsoft NOT BEING ABLE TO DETECT IT!

Name of the binary I received:hotfix.exe

MD5 (hotfix.exe) = 8aa68699fe0cb874b57f6efa832a337d

Behavior:

  • it is a FAKEAV piece. It pretends to be ‘Microsoft Security Essentials’ at first. The piece looks pretty real,actually had me checking if I had MS Security Essentials installed in the first place (I do not,on my lab machine).
  • it intercepts applications running on the machine by adding a registry key intercepting any calls by sending it through the binary:

HKU\S-1-5-21-1343024091-1078145449-854245398-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell:“C:\Documents and Settings\Username\Application Data\hotfix.exe”

  • It places an icon on your desktop ‘ThinkPoint’which points to the binary that is now residing in “C:\Documents and Settings\Username\Application Data\hotfix.exe”
  • it requires you to ‘scan online’ and asks you to install the full version of THINKPOINT,pretending to be a virus scanner
  • it tries to connect to firastbill.com,an IP hosted in China. The IP is 91.217.162.172.
  • it opens a web page displaying a shopping cart,where you can enter your credit card information.

What can be done about it? Aside from manual removal,not much. I will update this post as soon as I have something to report.

See below for some screenshots:

‘infection’:

‘solution found –go online and buy’:

Startup screen once binary gets executed from desktop:

Pretend scan:finds multiple problems and then wants you to download the ‘heuristic module’. There is no real activity during the scan,just show.

2 comments   Malware,Research,Social Engineering   ,,,  
 
 Older Entries »

Blog Archive