Stuxnet pinned for killing Indian satellite

Posted on October 1, 2010 by Sveta

As speculation mounted that Israel’s military created the Siemens-targeting Stuxnet worm, a US security researcher claimed to have evidence it was also responsible for destroying an Indian broadcasting satellite.

“There are more and better theories to explain Stuxnet’s motivation than just Israel and Iran, as others have posited,” Jeffrey Carr, author of “Inside Cyber Warfare” and Forbes‘ The Firewall blog wrote.

While Stuxnet had found its way into Iran’s first nuclear power plant, Carr said the Indian Space Research Organisation (ISRO) – which used the vulnerable Siemens devices – had also fallen victim to Stuxnet.

Carr suggested that China was behind the attack.

On 9 July, half the transponders on India’s three-year old INSAT-4B satellite shut down unexpectedly due to a solar panel failure. Continue reading →

P2P investigations now illegal in Switzerland

Posted on September 12, 2010 by Sveta

Switzerland, a longtime haven for all kinds of financial shenanigans, has just expanded its reputation for “discretion” to cover file-sharing as well. That’s the conclusion of Logistep AG, anyway, as a Swiss court has just gutted its P2P surveillance business with a ruling that says gathering even publicly available information is illegal.

Logistep has operated in Switzerland since 2004, doing what all of these firms do: trolling BitTorrent sites for movies, music, or software, then connecting to swarms and logging the information of everyone offering the file. Bits of the file are downloaded as proof that these aren’t simply “mistitled” files, and information like IP address, file hash value, and time of day are recorded in a giant spreadsheet. Content providers who rely on Logistep can take this information and submit it to local courts, seeking to identify and then sue individual file-swappers.

But Europe has fairly strict data privacy laws and a cultural expectation that data collection will be disclosed, with the data used sparingly. This often alarms Internet advertising companies like Google, which objected in 2008 to an EU proposal to label IP addresses “personal data.” Continue reading →

Android SMS Trojan Uses SEO To Spread

Posted on September 12, 2010 by Sveta

New malware that runs on Android smartphones is disguised as a porn media player. But in reality, the application sends expensive text messages to SMS numbers until a user’s mobile phone account runs out of credit.

The Trojan application, dubbed Trojan-SMS.AndroidOS.FakePlayer.b, isn’t available via the official Android Market app store on handhelds or online, but rather is designed to be discovered online. To that end, it’s being distributed “via clever search engine optimization techniques, a clear sign that cyber-criminals are making every effort to infect mobile devices.

In other words, people searching the Internet for porn players that run on Android may encounter this malicious application. The attack has a social engineering component, however, in that users must manually install the application and give it permission to send SMS messages. Then again, many legitimate adult content providers today do, in fact, use SMS messages as a billing platform. Continue reading →

New computer virus a outbreak

Posted on September 12, 2010 by Sveta

Name: Here you have

Malware Type: Email Worm

Risk Level: Severe

A new computer virus, first detected on Thursday, is already making its way around the globe, infecting computers at major corporations and government agencies as well as home users.

The virus has been dubbed “Here you have,” based on the subject line in the emails spreading it.

Symantic Security Response, the viral tracking branch of Symantic antivirus products, lists “Here you have” as a malicious computer worm using a socially engineered email attack.

The virus arrives in an email that directs the recipient to click on a link that appears to be a PDF file but is actually the malicious program. Continue reading →

MRG Malware Radar 9/1/2010

Posted on September 1, 2010 by Sveta

These malware samples are responsible for most infections in the past week.

1. Trojan-FakeAV
2. Trojan Zbot
3. Trojan-Agent
4. Trojan-Delf
5. Worm-Allaple
6. Trojan-Banker
7. Trojan-TDSS
8. Worm-Kolab
9. Trojan-Small
10. Trojan-PWS
11. Trojan-Rimecud
12. Trojan-Inject
13. Keylogger-HotKeysHook
14. Trojan-Renos
15. Trojan-Netins

MRG Malware Radar 8/22/2010

Posted on August 22, 2010 by Sveta

These malware samples are responsible for most infection in the past week.

1. Trojan – Agent
2. Trojan – Zbot
3. Trojan – FakeAV
4. Trojan – TDSS
5. Virus – Ramnit
6. Trojan – Banker
7. Worm – Vobfus
8. Trojan – Delf
9. Trojan – Renos
10. Trojan – Small

MRG Malware Radar 8/15/2010

Posted on August 15, 2010 by Sveta

These malware samples are responsible for most infection in the past week.

1. Trojan-TDSS
2. Trojan-FakeAV
3. Trojan-Zbot
4. Worm-Vobfus
5. Worm-Tatrer
6. Trojan-LdPinch
7. Trojan Rozena
8. Trojan-Jorik
9. Trojan-Delf
10. Trojan-Banker

First Mass Spreading Android SMS Trojan

Posted on August 14, 2010 by Sveta

Trojan.SMS.AndroidOS.FakePlayer.a is a first in line of mass spreading malware samples created for Android OS. We have received this sample from multiple sources which shows that the sample is spreading fast.

MD5: fdb84ff8125b3790011b83cc85adce16
SHA1: 1e993b0632d5bc6f07410ee31e41dd316435d997
SHA256: 14ebc4e9c7c297f3742c41213938ee01fd198dd4f4a5f188bbbb6ffcf4db5f14

BluePoint Security 2010 Review

Posted on February 27, 2010 by Sveta

We first came across BluePoint Security about six months ago and thought at the time it seemed an innovative product. We have included it in our tests and it performs very well, in fact, it is an exceptional product, as is demonstrated by its performance in our last official test where it was the only full antimalware product to pass.

We have mentioned before about the increasing amount of malware being produced and the efforts of security vendors to keep up with this. One popular means employed by vendors is cloud technology which allows vendors to react to new malware faster and protect their customers against these threats more quickly. Whilst cloud technology helps increase detection efficiency, it still fails to solve the problem of protecting users from zero day threats.

The fundamental problem with traditional antivirus / antimalware applications is that they use black listing. This approach is somewhat like the law, which states you are innocent until proven guilty. This philosophy may be great for use in Human law, where it is rightly argued it is better to let ten guilty men go free than execute one innocent man, but not so good when applied to computers.

BluePoint Security 2010 takes a different approach in that it assumes all files are guilty – it intercepts the execution of every file on the system (on the premise that no file should be trusted) and checks it against a list of files it knows to be good. If the file is on its known good list, it allows it to execute, if it is not on the list, with default settings, it is then analysed using its cloud AM engine. If it is found to be malicious, it is blocked, if it is not found to be malicious, the user is given the option to allow the file to be run, with the caveat that the file is unknown. If the user chooses to execute the file, BPS will continue to analyse the file to detect malicious behaviour.

If BluePoint is set to not show alerts, the user is not given the opportunity to execute a file if it is unknown or found to be malicious. This approach ensures zero day or unique / custom malware is always blocked.

BluePoint Security 2010 was reviewed on a system running Microsoft Windows 7 (32 bit).

As BluePoint Security 2010 requires active internet connection to function properly because of their cloud based technology, internet connection was active during the review process.

We reviewed the latest version of BluePoint Security, version 1.0.7.99

Continue reading →

BluePoint Security enters MRG testing

Posted on September 26, 2009 by Sveta

Malware Research Group is happy to announce that BluePoint Security will be used in our future tests.

Few words about BluePoint Security:

Proactive Defense Against Present and Future Threats

BluePoint Security provides you with complete protection from viruses and all other malicious software utilizing a simple but extremely effective “deny the unknown” approach. Many security products rely on lists of known “bad” software, this approach will never secure your PC effectively as all viruses begin as unknown files. BluePoint does not rely on outdated methods of protecting your computer such as definitions, signatures or behavioral detection. This new and refreshing approach blocks malicious software before an infection occurs providing you with peace of mind and confidence when browsing the Internet. BluePoint is the first product to combine application white listing with powerful antivirus features. Unlike many antivirus solutions, BluePoint is light on PC resources even while scanning for threats.