Posts Categorized: uncategorized


Wirenet: The Password-Stealing Trojan Lands on Linux and OS X

by

No matter what people think about it, the increasing exposure of Linux and OS X to malicious code is strictly related to the worldwide exposure of those operating systems on desktops and laptops. In the last couple of years, more and more home users decided to switch to Linux (e.g. Ubuntu Linux, just to name one of the best known Linux distributions) or OS X. Most of these users, when questioned about why they switched from Windows to another operating system, usually answer by blaming Windows’ critical exposure to malware. However, this increasing trend has been followed by many virus […]

Continue Reading »

French Android Users Hit again by SMS Trojan

by

Earlier this year, the SMS Trojan Foncy was discovered targeting French-speaking Android Users. Now, we’ve come across a new Trojan targeting them using a similar SMS scam.  The app pretends to be an app called BlackMart Alpha, which is already a little shady since it’s used to download apps that may otherwise cost money. This app is not found on Google Play and is not malicious in itself, but the fact that you can’t get it in the Google Play store makes it a prefect target for malware developers to make fake versions of it. Webroot detects this Trojan as […]

Continue Reading »

Beware of Malicious Olympic 2012 Android Apps

by

By Joe McManus There are too many events happening at one time during the Olympics, which might tempt you to install an app for that. But be careful of what you install. Not all apps are what they appear to be. As an example let’s look at the app called “London Olympics Widget”. More details:

Continue Reading »

FakeAV for Android! There you are!

by

By Nathan Collier Every super hero has an arch nemesis. For a lot of Threat Researchers, including myself, Rogue Security Products, or better known as FakeAV, is theirs. Back in the day when I was primarily a PC malware fighter, FakeAV was a prevalent threat that was always coming up with new ways to infect users nearly every other day. I knew it was only a matter of time that the same malware authors would turn mobile. I am afraid those days are upon us. How could I ever forget such an identifiable logo: “Android Security Suite Premium”… yeah, right!  […]

Continue Reading »

London’s InfoSec 2012 Event – recap

by

As many of you know, Webroot attended London’s annual security event — Europe’s largest 3 day security show — last week. The show was a blast! Countless number of new partnerships being formed, dozens of press briefings on a daily basis, daily presentations on “Current and Emerging Trend Within the Cybercrime Ecosystem”, and best of all – many new users of the industry’s leading endpoint protection – Webroot SecureAnywhere Complete 2012. Taking into consideration the fact that a picture is worth a thousand words, consider going through the photos from London’s InfoSec 2012 event that we’ve prepared for you, to get […]

Continue Reading »

An Evolution of Android Malware “When stealing data isn’t enough meet…GoManag …“ (Part 2)

by

In our continued series of how Android malware authors continue adding functionality to their work we take a look at GoManag. First seen last year, targeting Chinese speakers, GoManag is a Trojan that installs as a service so it can run in the background, collects device information and downloads payloads.  Its odd name comes from part of a URL it attempts to contact to. Malicious GoManag app running in the background as the name “Google Search (Enhanced)”

Continue Reading »

How malware authors evade antivirus detection

by

Aiming to ensure that their malware doesn’t end up in the hands of vendors and researchers, cybercriminals are actively experimenting with different quality assurance processes whose objective is to increase the probability of their campaigns successfully propagating in the wild without detection. Some of these techniques include multiple offline antivirus scanning interfaces offering the cybercriminal a guarantee that their malicious program would remain undetected, before they launch their malicious campaign in the wild. In the wild since 2006, Kim’s Multiple Antivirus Scanner is still actively used among cybercriminals wanting to ensure that their malicious software is pre-scanned against the signature-based scanning techniques […]

Continue Reading »

Inside AnonJDB – a Java based malware distribution platforms for drive-by downloads

by

by Dancho Danchev With the even decreasing prices of underground tools and services, thanks to the commoditization of these very same market items, the price for renting a botnet, or purchasing access to already infected hosts, is constantly decreasing. Although the majority of cybercriminals are actively exploiting end and corporate users while using client-side vulnerabilities in outdated third-party applications and browser plugins, there’s a separate branch of cybercriminals who specialize in delivering their payload using nothing else but good old fashioned social engineering attacks. Following my previous post Inside a clickjacking/likejacking scam distribution platform for Facebook, in this post I will profile […]

Continue Reading »

Zappos.com hacked, 24 million users affected

by

by Dancho Danchev According to an internal memo issued by Zappos, the shoe-and-apparel-selling division of Amazon has been breached by unknown cyber attackers, leading to the compromised accounts of over 24 million users. The company has indicated that names, email addresses, mailing addresses, and the last four digits of customer’s credit card numbers have been compromised. More info on the attack, including a copy of the internal memo:

Continue Reading »