Security Blog
Recently in Malware Category
November 17, 2009
Threat Lab Report: The First iPhone Worm Hits the Mobile Scene
Due to the iPhone being a hit in the smartphone market, network security researchers warned that the iPhone's popularity will lead to cyber-criminals to taking an interest in mobile phones. With the increase in horsepower and functionality in smartphones phones, they are essentially mini computers. We all know the types of threats and vulnerabilities computers face and our phones are no exception.
Recently, some iPhone users were attacked by a worm - the first of its kind found on the iPhone. The virus automatically replaces the iPhone wallpaper with a photo of 80's pop singer Rick Astley and displays a message "Never give up your" (ikee is never going to give you up), but stops there and does not perform further attacks on the iPhone. The worm was written by a 21-year-old Australian hacker Ashley Towns to prepare, Towns said the production of the worm is to have iPhone users realize the risks of not changing the default root password.
However, only jailbroken iPhones are vulnerable to the worm virus. Jailbreaking is a process that allows iPhone and iPod Touch users to run homebrew apps on their devices by bypassing Apple's App Store. Once jailbroken, iPhone users are able to download homebew applications as well as cracked applications through unofficial installers such as Cydia, Rock App, Icy, and Installer. Jailbroken versions of Apple's iPhone is eligible for technical support and Apple has many times through software upgrades prevented users from cracking their iPhones. Apple also noted that Jailbreaking an iPhone is illegal. Users who jailbreak their iPhone, installed SSH, and did not change their default root password "alpine" were found with the worm. Once infected, the worm will attempt to search and spread to other jailbroken iPhones in the same network. This threat can be mitigated by changing the default password of their iPhone.
Prior to this incident, iPhone users have already been the target in attacks. A week ago, Dutch users received messages from an the attacker that warned of a security vulnerability in their cell phone and requested that these users donate 5 Euros each to a PayPal account. The attackers have since apologized and provided a fix. This is an example of an attacker who exploited the same flaw but not in the form of a virus or worm.
Posted by: Netgear Threat Lab at 10:13 AM
Categories: Netgear Threat Lab , Malware
November 6, 2009
Threat Lab Report: Troj.Downloader.JS.Agent.bgt
Description of Report (Troj.Downloader.JS.Agent.bgt):
This malicious program exploits vulnerability CVE-2008-4699.
The Peachtree Accounting ActiveX control (PAWWeb11.ocx) with CLSID:2BCEAECE-6121-4E78-816C-8CD3121361B0 is prone to a remote code-execution vulnerability. The vulnerability is caused due to the PAWWeb11.ocx ActiveX control containing the insecure method "ExecutePreferredApplication()". By persuading a victim to visit a specially-crafted Web page, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the user.
Affected Version: Peachtree Accounting 2004
Posted by: Netgear Threat Lab at 1:37 PM
Categories: Malware , Netgear Threat Lab , Viruses
November 3, 2009
Trick or Treat - International Kill-A-Zombie Day
I hope everyone enjoyed their Halloween and their fair share of candy. And no, we are not talking about killing "REAL" zombies (the ones in flesh, or rotten flesh to be more exact) here.
As we've mentioned time and time again, zombies are a growing problem in today's Internet. Once a PC has been infected, it joins the ranks of the fellow infected as zombies who respond to any command a hacker might give it. They are used to send spam (yes, the spam you get everyday comes from a zombie, NOT a mailman in cyberspace), carry out denial of service attacks, and many other mischievous deeds.
Our friends at Sophos have designated October 31st as the International Kill-A-Zombie Day (images of Resident Evil, Zombieland, and Night of the Living Dead just pop into my mind saying that). They've come out with two very interesting videos to promote zombie awareness. Have a look and join the fight!
">
">
Posted by: Pete at 1:37 PM
Categories: General , Malware , Spam
November 3, 2009
Threat Lab Report: Troj.Downloader.JS.Agent.eda
Description of Report (Troj.Downloader.JS.Agent.eda):
This malicious program exploits vulnerability CVE-2008-4728.
The DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control with the CLSID:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10 is prone to some vulnerabilities in the Hummingbird Deployment Wizard. The vulnerabilities are caused due to the DeployRun.DeploymentSetup.1 ActiveX control providing insecure "Run()", "SetRegistryValueAsString()", and "PerformUpdateAsync()" methods. The vulnerabilities allow remote attackers to execute arbitrary programs via the Run() and PerformUpdateAsync() methods, and modify arbitrary registry values via the SetRegistryValueAsString() method.
Affected Version: Hummingbird Deployment Wizard 2008
Posted by: Netgear Threat Lab at 1:34 PM
Categories: Malware , Netgear Threat Lab
October 30, 2009
Threat Lab Q3 Report: Malware and Phishing Web Sites
Based on data collected in Q3 2009, we found that business related sites were most likely to host malware. Pornography and sexually explicit sites came in at number 2 this quarter. As a sign of the economic times, real estate, shopping, and travel sites also made the top 10.
As for sites manipulated by phishing, health & medicine related sites still top the list, followed closely by sex education and finance. The rest of the top 10 contained no surprises, however we do see a drop in social networking phishing sites. That may be due to more awareness on the existence of such sites being exploited for phishing.
Posted by: Netgear Threat Lab at 3:16 PM
Categories: Malware , Netgear Threat Lab , Phishing
October 29, 2009
AV-Test /Tolly Report: UTM Virus Detection Comparison
AV-Test.org and Tolly have released their UTM virus detection comparison report. In the report the ProSecure UTM10 was pitted against all-in-one solutions from Sonicwall, Fortinet, and Watchguard.
The test consisted of two parts:
1. Wildlist malware detection
2. Zoo malware detection
The results really highlight the lack of emphasis on the "security" aspect of existing all-in-one solutions.
While we see a big emphasis being put on throughput, the truth is, throughput from existing multifunction firewalls is fine at our current WAN connection speeds - even with all security enabled.
What you need is better protection.
And our ProSecure UTM was architected from the ground up to provide you just that.
You can download the full report here
Posted by: Pete at 5:05 PM
Categories: General , Malware , Viruses
October 26, 2009
Threat Lab Report: Troj.Downloader.JS.Agent.edg
Description of Report (Troj.Downloader.JS.Agent.edg):
The Office OCX Word Viewer OCX ActiveX control with the CLSID:97AF4A45-49BE-4485-9F55-91AB40F288F2 is prone to a remote code-execution vulnerability. The vulnerability is caused due to the use of the insecure OpenWebFile() method. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to download arbitrary executable files to the victim's system and execute arbitrary code on the system with the privileges of the victim.
Affected Version: Office OCX Word Viewer OCX 3.2
Posted by: Netgear Threat Lab at 5:28 PM
Categories: Malware , Netgear Threat Lab , Viruses
October 12, 2009
Threat Lab Report: New Adobe Vulnerability Prevention Tips
Adobe officials have confirmed that a new vulnerability exists in Windows, Macintosh, Unix versions of Adobe Reader and Acrobat 9.1.3 and earlier versions (CVE-2009-3459). Adobe Reader and Acrobat 9.1.3 users running Windows Vista with DEP should be protected from the vulnerability. Turning off JavaScript in Adobe Reader and Acrobat also avoids the use of the code affected by this attack, the steps to disable Javascript are as follows:
1.Run Acrobat or Adobe Reader
2.Go to Edit -> Preferences
3.Select "JavaScript" type labels
4.Uncheck the "Enable Acrobat JavaScript" option
5.Click "OK"
Vendor solution:
Adobe will release a corresponding patch on 2009-10-13. Users should contact the vendor to obtain the appropriate patch:
Posted by: Netgear Threat Lab at 12:25 AM
Categories: Malware , Netgear Threat Lab
September 14, 2009
ProSecure STM and UTM Hit 3 Million and 1 Million Malware Signatures Respectively
Nine months into 2009, and we've already seen record setting growth in malware. This exponential growth does not look like it is going to stop any time soon. As the malware industry cranks out more malware, those of us in the security industry are busy keeping up so that networks all over the Internet can remain safe.
As of now, the STM has over 3 million malware signatures on the appliance, up from 1.6 million at the start of 2009.
On the other hand we have the UTM, now with over 1 million malware signatures, up from 600 thousand only half a year ago.
We pride ourselves in bringing the best malware (virus, spyware, adware, trojan, keylogger, rootkit, backdoor...etc) protection for small to medium businesses and will continue to counter each and every threat that emerges onto the Internet.
Posted by: Pete at 12:43 AM
Categories: General , Malware , Spyware , Viruses
July 31, 2009
Network Solutions Hacked, Over a Half a Million Credit Card Numbers Stolen
Every few months an incident like this happens. This time the victim is Network Solutions (a domain name, email, and Web hosting company) and 500k+ of its customers. This is very similar to another credit card heist that happened last year. Again, there was this little piece of malware that found its way onto Network Solutions' credit card system and when no one was looking, transmitted all the hundreds of thousands of credit card numbers to some unknown hacker out on the Internet.
All companies who handle customer data should have stricter network security layers and policies in place. PCI is a start, but has not prevented credit card stealing from becoming a recurring theme. The bad guys are out in the dark, a constant threat over our shoulders, waiting for a vulnerable moment from our network. To give us a better chance, we need more security in the network both at the end points and at the gateway, as well as better designed systems that are designed with network safety in mind. Last but not least, more end user education, training, and access control.
Posted by: Pete at 4:49 PM
Categories: General , Malware , Spyware
