MRG Flash Tests 2011

Malware Research Group will begin conducting Flash Tests on Monday January 24th. The list of participants will be finalized in the next 72 hours.  We will publish the list of participants as well as the new methodology before the first test is published.

Malware Research Group Test

Malware Research Group is adding another type of test to our existing tests, Real Time protection test. As we believe that prevention is the most important part of the battle with malware, we will encourage these tests more often then other tests as they will show much clearer picture on how Anti-Malware applications deal with blocking new samples of malware in real time. In these tests we will pick the samples from the list of most distributed malware (trojans, backdoors, worms, rootkits, exploits….), we will attempt to run those samples and try to infect the system (like in the average everyday scenario when users get infected), Anti-Malware applications that will be used in this test must block all the samples from running, it is as simple as that.

For every application tested and all the samples used we will monitor the system for any changes, detecting a sample doesn’t necessarily mean that the sample is really blocked from running, as we have conducted similar tests in the past many times malware is found actively running after it was detected and “blocked” by the tested application. If any traces of the infection is found running after the test is completed (for every sample separate), the application tested will fail this test. Only those applications that manage to block all samples from running and no traces of the infection are found in the system will pass this test.

The amount of samples that we plan to use in this test is not yet set, but we are thinking of using about 50-80 samples per test, as these tests will be performed more frequently there is no need to use larger number of samples.

Stay tuned for more details about this test,

How did I get infected with malware?

This question is very common among users so I’ve decided to give you a few hints about where that nasty infection came from.

Every user has different internet related habits, some can be benign and some can be very dangerous. As many of you know, malware creators target only the most popular internet places so don’t be surprised when you take a look at this list.

1. XXX , Porn sites

2. Warez , Places that distribute pirated software, movies, music…

3. P2P, File sharing networks

4. Social Networking Sites, MySpace, Facebook, Linkedin, Twitter like places

These are the very top of “malware distribution centers” ,  so if you visit one (or all) of the places listed above it is very possible that your computer is indeed infected with some form of malware.

Moscow arrests cyber-criminals for spreading viruses in Internet to get money

A crime family, deliberately spreading viruses in Internet and raking in money with sms aid, was detained in Moscow on Tuesday.

The operation on apprehending suspects was carried out by officers of the Moscow economic crime service along with colleagues from the K section with support from specialists of the information security group.

“It was established that the detainees circulated virus programmes via various Internet sites, including social networks, that blocked the operation of customers’ computers,” a source said. Then, the customer was suggested to send an sms-dispatch worth over 300 roubles to a short number so as to get a code to unblock the system.”

According to preliminary calculations, more than 3,000 Internet users fell victims of fraudsters in April alone, including in CIS countries. According to police data, the annual profit of law-breakers topped one billion roubles.

Good Passwords, Safer Accounts

When picking Usernames and Passwords, try to be as creative as possible . Don’t use short Passwords and don’t put any personal details in them. Passwords should be changed from time to time to make them even harder to crack.

Here is an example of a good and hard to crack password: C&hv_w+iX%!i=A&+B[@TPgv!R

How Secure Are Government Institutions?

Do you remember what happened when Conficker worm attacked multiple government institutions all over the world not so long ago?  The reports we were getting at the time were devastating, we were shocked to find out that many of these extremely important institutions were wide open to all sorts of attacks. Nowadays things are not looking any better, Malware Research Group recently did some consulting for a government institution in Europe and we had to change the overall structure of their defense system to prevent disaster.

It is very important that every company (no matter how big), government institution… has a qualified person in this field as installing Antivirus applications on the server is simply not enough. Rules of the game change on daily bases and people who need to counter these threats need to be on top of their game too.

Iranian hackers attack over 1,000 US, British, French Government Websites

An Iranian cyber group announced that it has hacked more than 1,000 important governmental websites of the US, Britain and France in protest at their support and financial aids to anti-Iran terrorist groups.
“To commemorate the Day of Campaign against Terrorism and the martyrdom anniversary of (former Iranian President Mohammad Ali) Rajayee and (his Prime Minister Mohammad Javad) Bahonar (by the terrorist Mojahedin-e Khalq Organization), the group rose to protest at the inhumane measures of the supporters of terrorism, with the US and Britain standing on top of them, through a new method and hacked and changed the pages of more than 1,000 of their websites,” Behrouz Kamalian, Head of the Iranian Ashiyaneh (nest) cyber group, told FNA on Monday.
If you open the hacked sites now, you can see a logo of Iran and some pictures of martyrs Rajaee and Bahonar and a bi-lingual text in Persian and English expressing our group’s protest at the US, Britain and France’s attitude towards terrorism, Kamalian added.

A Conference For Malware Writers

There is a security conference being held in Mumbai later this year called MalCon, and the organizers say it’s the first ever conference dedicated to the ‘malware coder community.’  Brian Krebs interviewed one of them and got this gem: ‘Just like the concept of “ethical hacking” has helped organizations to see that hackers are not all that bad, it is time to accept that “ethical malware coding” is required to research, identify and mitigate newer malwares in a “proactive” way.’ Bruce Schneier is speaking at a sister MalCon event in Pune, India two days later, and he said he doesn’t agree with the organizer’s premise that more malware is needed to build better security tools.

What good can come out of malware writers convention?

Major Cybercrime Ring Busted in Taiwan and China

Yesterday Taiwanese Criminal Investigation Bureau Commissioner Lin Teh-hua announced the largest cybercrime operation in the history of his organization. 548 Taiwanese police officers and 2,720 Chinese police officers took part in the operation which resulted in 450 fraudsters being arrested throughout Taiwan and in the Chinese provinces of Fujian, Huanan, Hubei, Anhui, Guangdong and Guangxi. After a joint operations agreement was signed between Chinese and Taiwanese authorities, more than 16 joint raids have been conducted leading to more than 1,000 arrests.

In this case, the activity particularly focused on telephone fraud and internet auction fraud. The arrests come close on the heels of the break up of a similar fraud ring in Ho Chi Minh City where 99 fraudsters from Taiwan and China were arrested.In the Vietnamese fraud, where 76 Taiwanese and 23 Chinese citizens were arrested, fraudsters would take over entire hotels, booking as many as 30 to 40 hotel rooms for their fraud.