Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

November Malware Reviewed by Kaspersky

Kaspersky Lab UK : 19 December, 2011  (Technical Article)
Kaspersky Lab gives an overview of November malware including the emerging trust problem with certificate authorities
November Malware Reviewed by Kaspersky
Duqu – the investigation continues

The analysis carried out by Kaspersky Lab experts has revealed yet another parallel between Duqu and the Stuxnet worm – both made use of previously unknown vulnerabilities to launch attacks. In the case of Duqu, attacks took place via email with the help of a Microsoft Word document that contained an exploit for a previously unknown vulnerability in Windows. Importantly, by early December Microsoft still hadn’t released a patch to fix this vulnerability, meaning there is a high risk of it being used in an attack. Kaspersky Lab immediately added a signature for this particular exploit to its product databases.

Kaspersky Lab’s experts also came to the conclusion that Duqu’s main aim is to gather data on the activities of a series of Iranian companies and government agencies. There are numerous indications that earlier versions of Duqu could have been around since 2007-2008, and that the Stuxnet worm was created on the basis of a platform that was also used during the creation of Duqu.
 
Mobile threats

In the middle of July ‘porn SMS senders’ were targeting users from the US, Malaysia, the Netherlands, the UK, Kenya and South Africa. The apps covertly subscribed users to a range of premium-rate services with the promise of raunchy images, and resulted in the user’s mobile account being cleaned out. Now this problem has evolved to SMS Trojans targeting users from a number of European countries plus Canada.

Mac OS threats

Mac users are increasingly feeling the effects of malicious programs being spread in pirated Mac software on torrent trackers.  The recently detected Backdoor.OSX.Miner, for example, has several malicious functions: it establishes remote access to an infected computer; gathers information about browsing history in Safari; captures screenshots; steals the wallet.dat file from BitCoin clients; and launches BitCoin miner without user authorisation.

This particular malicious program spreads via a number of torrent trackers, including publicbt.com, openbittorrent.com and thepiratebay.org.

More problems with certificates

November saw yet another Dutch certificate authority – KPN – announce that it had been targeted by hackers and forced to halt the issuing of certificates. The breach was discovered on a KPN web server related to Public Key Infrastructure (PKI). The attack dates back no less than four years, raising questions as to how a DDoS tool went undetected for so long.

Like Diginotar, KPN is allowed to issue 'special' certificates for the Dutch government and public services. In fact, many organisations affected by the DigiNotar incident switched to KPN certificates.

However, the Malaysian certificate authority Digicert (CA Digicert Malaysia) was involved in an even more serious incident.  It has been removed from the list of trusted authorities by all browser manufacturers and by Microsoft. Such extreme measures were deemed necessary after the authority issued 22 certificates with weak 512-bit keys, and certificates without the appropriate usage extensions or revocation information.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo