NetTraveler Espionage Malware

Malware known as NetTraveler has infiltrated more than 350 companies in 40 countries over the past eight years, according to researchers at Kaspersky Lab. The victims of the malware include organizations in the energy industry, military contractors, scientific research facilities and universities.

The malware harvests data, logs keystrokes, and gathers file system listings and Office and PDF documents. The malware gains a foothold in targeted organizations through spear phishing campaigns and exploits a pair of known vulnerabilities in Microsoft Word. Fixes for the flaws were released in 2010 and 2012.

Read the full story in the news online.

Hackers Exploiting Recent Breaking News Stories

Unfortunately, despite all the positive that can come out of a horrendous situation, there can also be some disturbingly negative responses. Cyber criminals were once again taking advantage of last week’s news stories to spread malware.

The criminals are using the population’s interest in finding information related to the Boston Marathon bombing and the explosion at the Texas fertilizer plant to catch you unawares. Links to videos on YouTube may seem harmless enough, but the web page attempts to suck in malicious content from another site, designed to infect your computer (see examples here and here).

The advice is to be careful when going online to search for information relating to news breaking events. Be sure to visit your regularly trusted news sources so that you can avoid web pages that contain malware and be sure to delete email messages from unknown sources that claim to have the latest news on the events.

Who Updates Your Android?

A call has been made for legislators to get involved with making carriers more responsible for issuing updates to Android mobile devices or to cede control to Google. Activist Chris Soghoian says the “situation is worse than a joke, it’s a crisis.” Some devices are 16 months behind with receiving updates.

Android malware has skyrocketed over the last 12 months. Researchers at Kaspersky Lab said that 99 percent of mobile malware detected monthly was targeting Android. The most prevalent are SMS attacks that run up premium calling charges.

While Google is staying up on patching vulnerabilities, these patches are not making it to the consumers, says Chris Soghoian.

Read the full story online.

Zero-Day Threat in Adobe Reader

An unpatched vulnerability recently found in Adobe Reader could be exploited when users open a PDF file in a browser other than Google Chrome (Chrome has an added defense on the Adobe Reader application). The exploit is very limited, but if triggered could evade the sandbox security feature in Adobe Reader X and XI and connect to malware. Adobe has yet to respond to the report.

Learn more about this issue in the news.

The Blackhole Exploit Kit Explored

Malware has increased exponentially in the past years and this is mostly thanks to the use of automation and kits which facilitate its creation and distribution around the world.

Whether the malware is scareware, a form of malware payload (like Zeus), tries to control user web traffic, or is aimed primarily to infect users through web attacks (known as drive-by downloads), these exploit kits are the tools of the cyber criminal’s trade.

This article examines the most recent and notorious of exploit kits on the black market, known as Blackhole.

Emails Disguised as Coupons or Deals on the Rise

Be sure to double check that Groupon (www.groupon.com) you received in your email. Spammers are using the popularity of emailed advertisements for group discount deals to send malware.

The rise of malware through fake email advertisements and notifications are on the rise, according to a study released by security firm Kaspersky Lab.

“They are primarily doing so by sending out malicious emails designed to look like official notifications,” according to the report. Kaspersky Lab is seeing more and more of this malicious spam. Other types of popular emails disguised as notifications from official sources include letters from hosting services, banking systems, social networks, online stores, and hotel confirmations.

Read the full story in the news.

Virus Protection at MIT

Virus protection, when used correctly, prevents viruses, adware, spyware and other malicious code from accessing your computer, where cyber criminals could collect sensitive information, turn your computer into a bot that sends out malware or spam, or modify the computer in other ways without your authorization.

At MIT, computers on the network may be more exposed to such risks than they would be on a home or company network, because of the nature of the work being done here at the Institute. Education, collaboration and research require the MIT network and other IT resources to be highly available at all times, thus restrictions are less likely to be applied.

IS&T provides tools and resources for the MIT community to ensure computer users have a layered defense against many of these threats. For example, free virus protection software. The virus protection application provided by MIT is the McAfee suite of products:

• Mac: McAfee Security 1.2
• Windows: VirusScan Enterprise 8.8
• Linux: VirusScan 5.20

Key features of the application are, among other things, centralized and simplified security management, proactive threat protection, continuous and on-demand scanning and seamless security updating.

Learn more or download virus protection from the IS&T software grid.

Flame Virus: Most Sophisticated Weapon Yet Unleashed

You may have heard about the latest big cyber threat going around. Dubbed “Flame,” this malware can sniff network traffic, take screenshots, record audio conversations, intercept a keyboard, and more, according to Kaspersky Lab. It is currently targeting mostly countries in the Middle East, with Iran being the hardest hit.

While Flame shares characteristics with malware like Stuxnet and Duqu, Kaspersky concludes that they were probably developed by two separate groups. However, there are some links which could indicate that the creators of Flame had access to technology used in the Stuxnet project.

A researcher at Kaspersky, Alexander Gostev wrote: “Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.”

Read some more about Flame at PCWorld and at Wikipedia.

DNSChanger Servers Shutting Down Today

Today the FBI will be shutting down Internet servers that had previously allowed millions of Internet users, who were infected by the DNSChanger Trojan, access to the Internet. On July 9, Internet users who were affected by the Trojan will lose access to websites, email, chat, or social networking sites. DNSChanger Trojan is a nasty piece of malware that has been around for some time. To learn more, see this article.

Note that customers using McAfee antivirus products are currently protected from DNSChanger, provided the computer was not already infected before McAfee was installed. If you installed McAfee software after being infected, the malware is removed, but the changes the malware made to your network configuration require a manual correction.

If you have issues connecting to the Internet, please contact the IS&T Help Desk.

AutoCAD Worm

A worm that steals AutoCAD drawings has been detected. The industrial espionage malware has appeared mainly in Peru and neighboring countries where it appears to have infected more than 10,000 computers. The firm that first detected the malware is calling it ACAD/Medre.A; it appears to have stolen tens of thousands of drawings, sending them to an email address registered with a Chinese provider. The email accounts that were being used in the attack have been closed.

Read the story in the news.