Trojanized, Info-Stealing PuTTY Version Lurking Onlinefrom the at-your-command-prompt dept.

Original Article
One of the best first steps in setting up a Windows machine is to install PuTTY on it, so you have a highly evolved secure shell at your command. An anonymous reader writes, though, with a note of caution if you’re installing PuTTY from a source other than the project’s own official page. A malicious version with information-stealing abilities has been found in the wild. According to the article:

Compiled from source, this malicious version is apparently capable of stealing the credentials needed to connect to those servers. “Data that is sent through SSH connections may be sensitive and is often considered a gold mine for a malicious actor. Attackers can ultimately use this sensitive information to get the highest level of privileges on a computer or server, (known as ‘root’ access) which can give them complete control over the targeted system,” the researchers explained.

The Symantec report linked above also shows that (at least for this iteration) the malware version is easy to spot, by hitting the “About” information for the app.

Posted by timothy 10 days ago

Revealed: How governments can take control of smartphones

Revealed: How governments can take control of smartphones

“Our latest research has identified mobile modules that work on all well-known mobile platforms, including as Android and iOS”

RT.com
June 25, 2014

‘Legal malware’ produced by the Italian firm Hacking Team can take total control of your mobile phone. That’s according to Russian security firm Kaspersky Lab and University of Toronto’s Citizen Lab(which also obtained a user manual).

Operating since 2001, the Milan-based Hacking Team employs over 50 people and offers clients the ability to “take control of your targets and monitor them regardless of encryption and mobility,” while “keeping an eye on all your targets and manage them remotely, all from a single screen.”

It’s the first time Remote Control Systems (RCS) malware has been positively linked with mobile phones and it opens up a new privacy threat potential to mobile phone users.

“Our latest research has identified mobile modules that work on all well-known mobile platforms, including as Android and iOS,” wrote Kaspersky researcher Sergey Golovanov.

“These modules are installed using infectors – special executables for either Windows or Macs that run on already infected computers. They translate into complete control over the environment in and near a victim’s computer. Secretly activating the microphone and taking regular camera shots provides constant surveillance of the target – which is much more powerful than traditional cloak and dagger operations.”

20140625-164404-60244101.jpg
Image from citizenlab.org

Police can install the spy malware directly into the phone if there is direct access to the device, or if the owner of the phone connects to an already infected computer, according to Wired.

Various softwares can also lure users to download targeted fake apps.

Once inside an iPhone, for instance, it can access and activate all of the following: control of Wi-Fi, GPS, GPRS, recording voice, e-mail, SMS, MMS, listing files, cookies, visited URLs, cached web pages, address book, call history, notes, calendar, clipboard, list of apps, SIM change, live microphone, camera shots, support chats, WhatsApp, Skype, and Viber.

20140625-164453-60293182.jpg
Image from citizenlab.org

While the malware can be spotted by some of the more sophisticated anti-virus software, it takes special measures to avoid detection – such as “scouting” a victim before installation, “obfuscating”its presence, and removing traces of its activity.

Hacking Team has maintained that its products are used for lawful governmental interceptions, adding that it does not sell items to countries blacklisted by NATO or repressive regimes.

Wired reported that there have been cases where the spying apps were used in illegal ways in Turkey, Morocco, and Saudi Arabia.

Citizen Lab discovered spying malware hiding in a legitimate news app for Qatif Today, an Arabic-language news and information service that reports on events in Saudi Arabia’s eastern Qatif region. It also argued that circumstantial evidence pointed to Saudi Arabia’s government using the spying malware against Shia protesters in the area.

“This type of exceptionally invasive toolkit, once a costly boutique capability deployed by intelligence communities and militaries, is now available to all but a handful of governments. An unstated assumption is that customers that can pay for these tools will use them correctly, and primarily for strictly overseen, legal purposes. As our research has shown, however, by dramatically lowering the entry cost on invasive and hard-to-trace monitoring, the equipment lowers the cost of targeting political threats for those with access to Hacking Team and Gamma Group toolkits,” Citizen Lab said in its report.

20140625-164550-60350694.jpg
Map showing the countries of the current HackingTeam servers’ locations (Image from securelist.com)

Hacking Team controls the spying malware remotely via command-and-control servers. Kaspersky has discovered more than 350 such servers in more than 40 countries. A total of 64 servers were found in the US – more than in any other country. Kazakhstan came in second, with a total of 49 servers found. Thirty-five were found in Ecuador and 32 in the UK.

Malware Attack Infected 25,000 Linux/UNIX Servers

from the sudo-configure-your-stuff-properly dept.
wiredmikey writes

20140322-150832.jpg

Security researchers from ESET have uncovered a widespread attack campaign that has infected more than 25,000 Linux and UNIX servers around the world. The servers are being hijacked by a backdoor Trojan as part of a campaign the researchers are calling ‘Operation Windigo.’ Once infected, victimized systems are leveraged to steal credentials, redirected web traffic to malicious sites and send as many as 35 million spam messages a day. ‘Windigo has been gathering strength, largely unnoticed by the security community, for more than two and a half years and currently has 10,000 servers under its control,’ said Pierre-Marc Bureau, security intelligence program manager at ESET, in a statement.

There are many misconceptions around Linux security, and attacks are not something only Windows users need to worry about. The main threats facing Linux systems aren’t zero-day vulnerabilities or malware, but things such as Trojanized applications, PHP backdoors, and malicious login attempts over SSH. ESET recommends webmasters and system administrators check their systems to see if they are compromised, and has published a detailed report presenting the findings and instructions on how to remove the malicious code if it is present.

Secure Browser Alternatives On The Rise

20140208-191224.jpg

The sandboxed browser on the desktop, the disposable browser session from the cloud, and now a high-security browser that by default blocks third-party cookies and online ads are all options

By Kelly Jackson Higgins
Feb 04, 2014 5:15pm

A new generation of secure browsers is emerging as Web threats continue to target the conventional browser.

Modern Malware Review by Palo Alto Networks

Check out this story I read from darkReading: Secure Browser Alternatives On The Rise.

Mobile Malware

I was reading an article on Help Net Security about malware and mobile devices.  Malware has, in effect, matured to such a place in its evolutionary cycle where they have grown in numbers that are staggering.  What makes things worse is the fact that both people, in general, and businesses, as a matter of habit, have entwined these mobile devices into their lives in such a fashion that they are a necessary tool and our life blood, so to say.

There is more malware than ever before which makes it difficult for the average user to know that they are safe from its potentially devastating effects.  Unfortunately, most people are oblivious to the potential attacks and problems, and in turn wonder why & how such a thing could have happened?

The next problem is the fact that malware is becoming smarter every day, some evolving into a polymorphic problem.  Cybercriminals are finding new ways to exploit vulnerabilities, which enable them to profit from our foolish endeavors.

The wall of protection is next to non-existent.  People are downloading and installing more applications (app) on their phone than ever before, which creates and cultivates a field of opportunity for cybercriminals.  I would be next to nothing for someone with the know-how to either create an app for mobile devices or crack one and reintroduce it into the app store.  Think about it, as of January 2011, there were approximately 90,000 apps for the iPad and roughly 475,000 for the iPhone; same time frame, there seemed to be about 250,000 apps for the android platform.  These numbers do not account for the other platforms out there in the market and I lean toward them because they are the most popular and growing in market share.  A malicious minded individual could have a field day with this by just injecting, or infecting, a few apps.

By researching the topic of the most popular apps, the ones that would cause the most devastation to people (business or common user) would be music related, social media, navigating, and games.  These seem to be, in my opinion, the most widely used by a large demographic of the mobile device carrying population.  This is not for fear for the purpose of generating fear itself, but rather to get you to think!  Your mobile device(s) are essentially a computer and no one I know would leave their computer unprotected these days – unless of course they never hooked up to the internet, just figure the odds on that?  Poking around I determined a guestimate that 90% of American Households posses at least one computer (this percentage seemed pretty constant) and approximately 75% of American Households have internet access (I saw a low of 62% and as high as 85%, so I went just above the average).  The funny thing is most people who do not posses a computer, even on the poverty line in the economic spectrum, seem to have the means to possess a smartphone.

Now, there are some free apps out there for protection and there are some for cost.  How good they are, your guess is as good as mine.  Perhaps the best place to check this out would be Consumer Reports or some thing like that.  Look into it and keep your stuff backed up so you can recover from something potentially catastrophic.

Until the next time my friends!

https://net-security.org/malware_news.php?id=2004

Malware Part 3

Of all the assets that you possess, awareness is your greatest!  Being aware of what is out there and being aware that there are things you can do are most helpful to you.  Your ability to research the subject matter and read through the techie blogs are just a couple of your available resources.

There are a few other tests that can be done, some as simple as an email to yourself.  There is the EICAR Test String, which has been useful in the past and perhaps it has been updated over the years to aid with the changes in the prevailing Operating Systems…who knows?  (www.eicar.org/anti_virus_test_file.htm)  What you do is send the string in the body of an email or as an attachment via email.  If your anti-virus is working properly you will raise a flag on your system.

Another test of interest, very similar, is the malware security test (http://www.gfi.com/emailsecuritytest/) which is a series of tests sending emails with malicious-like scripts in several common programming languages.

There are some behavioral-analysis tools for the computer and network as a whole in order to test for malware attacks, which do not match to a specific signature but performs basic functions such as writing to your disk.

Malware countermeasures, there are a plethora…your safest bet is to never connect to the internet if you desire to maintain an absolutely clean system.  But we all know that is not likely to ever happen.  Some things you can do are as follows:

  • Keep your system & network updated at  all times
  • Test, Test, Test – ensure it is a fortress
  • Use anti-malware & anti-virus software
  • Back-up critical data regularly
  • Ensure the use of your firewall protection
  • As email goes, if I don’t know the sender I do not open

I hope this short series was helpful to you.  Perhaps, like me, while reading one of these gloom and doom articles or blogs you may open your eyes and say, “maybe I should do something about my security today.”  If you are a professional IT person, I hope you decided this when you got hired…now is kind of late.  But the average home network user, on a general not, assumes that everything is set up and ready for them, but it is not until you make certain of it.

Malware Part 2

As mentioned in part 1, there are a great number of people out there who want your information…its not personal, its just business.  The only way to protect yourself is to keep your anti-virus software, anti-spyware, and anti-malware up-to-date.  And unfortunately that is not always enough!

We each must take greater control of the reins, so-to-say.  There are a plethora of sites out there with information on all of the latest viruses, spyware, and malware out there.

At the command prompt you can run a “netstat -an”: the a option displays all connections and listening ports; the n option displays IP addresses and port numbers in numerical order for easier readability.

You will see something similar to Figure 1 [refer to Malware Figures:Figure1] which will yield the status of your network with relation to your computer.  NetBIOS networking ports (135, 137, 138, 139, & 445) and an HTTP connection (port 80), telnet port (23), and FTP session port (20 and 21).  Hackers and malware can use common ports to infiltrate your network and computer(s).  I found an interesting ports list which is quite extensive.  It gives you a good amount of information and what specific malware or virus may use that port.  Use of the “netstat -at” allows you to view active network connections. [refer to Malware Figures:Figure2]

And there is the “net use” command at the command prompt which shows you what drives are mapped to an external system. [refer to Malware Figures:Figure3]

You can also find a variety of free tools via McAfee to aid in detection, removal, or personal training and knowledge.  One that is tauted as being very useful is Vision which is a port mapping utility.  Just perform a search on the internet, but I would be careful as to which you download to use.  The best thing to do is to check on various sites such as PC World, C|Net, and other reputable informative sites.

Your Task Manager is a wealth of information (CNTL + ALT + DEL) which shows you what processes are taking place and their memory consumption. [refer to Malware Figures:Figure4]

And the performance tab will show how it is performing with all of the extras running in the background. [refer to Malware Figures:Figure5]

There is quite a bit at your disposal to determine what is going on.  The internet, blogs, and many of the how to sites contain a wealth of information and everything you ever wanted to know about either your computer problem or how to understand what is happening and how to fix it.  YouTube.com is also another great tool for how to’s and Wikipedia is a good source of info – PROVIDED THAT YOU RESEARCH THE FOOTNOTES AND SOURCES! Take nothing for granted on that site, as it can change with the wind.

Malware Figures