August 21, 2014

14% of home PCs are infected with malware

(LiveHacking.Com) – A new report has found that approximately 14 percent of home networks are infected with malware. The Kindsight Security Labs report, which highlights infections from April through June 2012, also says that the number of high-level threats, such as bots, Trojans and backdoors, increased by 50 percent when compared to the first three months of 2012.

According to the report 14% of residential households, which have fixed broadband, show evidence of malware infection. 9% of these households were infected by high threat level malware such as a botnet, rootkit or a banking Trojan. It is estimated that there are 100,000,000 households with broadband in the USA. That means that 14,000,000 households in the USA have malware on a computer somewhere in the home. Worse still that 9,000,000 of those households have a serious malware infection including a rootkit or a banking Trojan.

The primary way in which these computers get infected is via e-mail messages that lure victims to web sites running an exploit kit. The victim would typically receive an e-mail message from a business (like a bank or PayPal) or a government agency (like the IRS) informing them of an issue with their account. The link takes the user to a fake site (which looks reasonably close to the authentic one) but the fake site uses malicious techniques to infect the victim’s computer. Once infected the attacker goes on to install the malware of their choice, often a rootkit botnet such as Alureon or ZeroAccess.

Alternatively, the e-mail could just take the users directly to a download, often for fake anti-virus software which is actually a Spambot or a banking Trojan like Zeus or SpyEye. Or the e-mail will simply contain a zip file containing an executable malware file.

With the London Olympics approaching fast, McAfee also noticed a sharp increase in the number of Olympic related spam e-mails. These global event related e-mails are also a popular method used by hackers to lure users to follow links to malware infested sites.

“In recent months, we’ve seen the ZeroAccess botnet update its command and control protocol and grow to infect more computers while connecting to over one million computers globally,” said Kevin McNamee, security architect and director, Kindsight Security Labs. “The concern with ZeroAccess is that it is using the subscriber’s bandwidth maliciously which will cost them money as they exceed bandwidth caps. And, once the computer is compromised, it can also spread additional malware or launch new attacks.”

The report also highlights the recent Mac Flashback infection which infected 10% of home networks with Mac computers during the month of April.

Spyeye Toolkit Has Been Leaked onto the Internet

(LiveHacking.Com) - The source code for the Spyeye toolkit has been leaked onto the Internet meaning that it could now be modified to create variants and prompt further malware infections and security attacks.

According to the network security company Damballa, the Spyeye toolkit, which includes the Zeus malware builder, was leaked by an infamous French security researcher named Xyliton, who is part of the Reverse Engineers Dream Crew (RED Crew).

The positive aspects of the leaked toolkit is that now security researchers are able to analyse the coding techniques of Gribo-Demon’s team (the authors of SpyEye) and begin bug hunting for vulnerabilities in the authors work.

SpyEye Tracker

Abuse.ch. has lunched a new project, SpyEye.  With reference to the project website,  SpyEye Tracker is similar to the ZeuS Tracker but SpyEye Tracker tracks and monitors malicious SpyEye Command & Control Servers and not ZeuS Command & Control Servers.

SpyEye Tracker provides blocklists in different formats (eg. for Squid Web-Proxy or iptables) to avoid that infected clients can access the Command & Control servers.

SpyEye Tracker could be helpful for the ISPs, CERTs and Law Enforcement to track malicious SpyEye Command & Control servers to combat with the cyber criminals.

Source:[https://spyeyetracker.abuse.ch]