GameOver Zeus P2P Malware

GameOver Zeus (GOZ), a peer-to-peer variant of the Zeus family of bank credential-stealing malware identified in September 2011­, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control.

The malware was used by criminals to infect victims with ransomware such as Cryptolocker. Although the government has taken control of GameOver’s servers, preventing further infection of Cryptolocker, there are many, perhaps hundreds of thousands of computers still infected.

Systems at risk:

  • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
  • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

The US government recently released this technical advisory on GOZ to provide further information. A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.

One of the solutions provided in the advisory is to use and maintain anti-virus software. The software supplied by Information Systems & Technology at MIT, Sophos Anti-Virus, protects against this malware. To clean up a computer already infected, Sophos also offers a separate, free Virus Removal Tool.

Read more at Sophos online.

Hackers Lurk in the Strangest Places

When hackers were unable to gain access to Target’s records through their main system, they went through its heating and cooling system. In other cases, hackers have used printers, thermostats, video-conferencing equipment and a Chinese takeout menu.

A Chinese takeout menu? Yes, when hackers couldn’t breach the computer network at a big oil company, they infected the online menu of a Chinese restaurant with malware that was popular with employees of the oil company. When workers browsed the menu, they inadvertently downloaded code that gave attackers a foothold in the business’ network.

Companies that are doing everything possible to seal up their systems are now having to look in the unlikeliest places for vulnerabilities. The situation has grown increasingly complex and urgent. Access to a network is given to all kinds of other computerized systems and services, including heating, ventilation and cooling systems, billing and expense systems, health insurance providers and even vending machines.

While security researchers are often employed to find such leaks in a system, it is now becoming as difficult as finding a needle in a haystack.

Read the full story online.

The Story Behind the Breach at Target, Inc.

Businessweek.com has written an in-depth article and posted a video explaining how Target Stores were breached and their systems infected with malware, leading to one of the biggest data thefts in retail history. According to the investigation conducted after the discovery of the theft, Target employees failed to respond to several alerts made by their security system, provided by FireEye. Had Target security staff responded appropriately to the alarms, they could have prevented the transmission of the stolen credit card data.

Even without human intervention, the breach could’ve been stopped, according to the article. “The system has an option to automatically delete malware as it’s detected. But according to two people who audited FireEye’s performance after the breach, Target’s security team turned that function off.” While not unusual, it puts pressure on a team to quickly find and neutralize the infected computers.

It was clear, according to the article, that Target was getting warnings of a serious compromise; even the company’s antivirus system by Symantec, identified suspicious behavior over several days around Thanksgiving – pointing to the same server identified by FireEye.

Read the full story on Businessweek.com

OUCH! Newsletter: What is Malware?

This month’s issue of OUCH!, the monthly security awareness newsletter for computer users from SANS, explains what malware is, who is developing it and why and how to protect yourself against it.

You can download or view a copy online here:

http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201402_en.pdf

Beware Your Chrome Extensions

googleAd vendors can buy Chrome extensions (the plug-ins that enhance the browser’s capability) to send adware and malware-filled updates, according to Ars Technica. Ownership of a Chrome extension can be transferred to another party and users are never informed when an ownership change happens. Malware and adware vendors caught wind of this, and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.

To remove the adware, the user must disable the extension:

  • In Chrome on a Mac, select Window > Extensions, then uncheck the box next to “Enabled.”
  • In Chrome on Windows, select Settings > Extensions, then uncheck the box next to “Enabled.”

Read the full story online.

Widespread Attacks on Online Bankers Predicted

Kaspersky Lab has recorded several thousand attempts to infect computers used for online banking with a malicious program (a Trojan called Neverquest) that its creators claim can attack “any bank in any country.” The Trojan uses every trick to bypass online security banking systems, including web injection, remote system access and social engineering. Due to the Trojan’s self-replication capabilities, Kaspersky Lab is warning that a sharp rise in attacks can be expected, resulting in financial losses for users all over the world.

Read the full story online.

Monthly Sophos Reports

Each month, IS&T is able to track via Sophos Anti-Virus the top 10 most dangerous malware that is accessing or trying to access the computers on the MIT network.

Learn more about the monthly Sophos reports, what they can tell us, and how they can help us.

Android Malware Spreading Through Mobile Ads

Malware targeting Android devices has been found to be spreading through mobile advertisement networks. Many developers include advertising frameworks in their apps to help boost profits. Advertisements in mobile apps are served by code that is part of the app itself. An attack scheme in Asia involved a rogue ad network pushing code onto devices. When users download and install legitimate apps, the malware prompts users to approve its installation, appearing to be part of the process for the app they have just downloaded.

Learn more in the news.

How to protect your Android device at MIT.

Sophos Replaces McAfee at MIT

There has been quite a bit of activity recently to improve information security at the Institute. One such effort, initiated by Information Services & Technology, is aimed at providing the MIT community with a new malware protection product. After several months of testing, Sophos Anti-Virus was selected by IS&T as the best solution.

As of July 1, you can download Sophos to a Mac, PC or Linux machine; documentation on installing and using Sophos has been added to The Knowledge Base.

Sophos is replacing the malware protection products by McAfee. One of the most important differences between the two is that Sophos comes with console management, which provides IT administrators with some useful intelligence, including notifications when malware has been detected on machines. The software has also shown to run more quietly (and almost invisibly) in the background.

Please contact the IS&T Help Desk for any questions or concerns.

NetTraveler Espionage Malware

Malware known as NetTraveler has infiltrated more than 350 companies in 40 countries over the past eight years, according to researchers at Kaspersky Lab. The victims of the malware include organizations in the energy industry, military contractors, scientific research facilities and universities.

The malware harvests data, logs keystrokes, and gathers file system listings and Office and PDF documents. The malware gains a foothold in targeted organizations through spear phishing campaigns and exploits a pair of known vulnerabilities in Microsoft Word. Fixes for the flaws were released in 2010 and 2012.

Read the full story in the news online.

Follow

Get every new post delivered to your Inbox.

Join 58 other followers