End-of-Shift report
Timeframe: Donnerstag 16-05-2013 18:00 − Freitag 17-05-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
Android.RoidSec: This app is an info stealing 'sync-hole'!
By Nathan Collier Android.RoidSec has the package name 'cn.phoneSync', but an application name of 'wifi signal Fix'. From a Malware 101′ standpoint, you would think the creators would have a descriptive package name that matches the application name. Not so, in this case.
http://blog.webroot.com/2013/05/16/android-roidsec-this-app-is-a-info-stealing-sync-hole/
vBulletin Input Validation Flaw Lets Remote Users Inject SQL Commands
The 'index.php/ajax/api/reputation/vote' script does not properly validate user-supplied input in the 'nodeid' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
http://www.securitytracker.com/id/1028543
Bank Account Logins for Sale, Courtesy of Citadel Botnet
Financial theft is one of the most lucrative forms of cybercrime. Malware authors continue to deliver sophisticated tools and techniques to unlock online bank accounts. Attackers design and develop botnets to perform financial fraud, targeting banks and other institutions for profit.
http://blogs.mcafee.com/mcafee-labs/bank-account-logins-for-sale-courtesy-of-citadel-botnet
Apple iTunes Multiple Vulnerabilities
Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system.
https://secunia.com/advisories/53471
In a sea of malware, viruses make a small comeback
Microsoft has noticed a small uptick in viruses that infect files
http://www.csoonline.com/article/733558/in-a-sea-of-malware-viruses-make-a-small-comeback?source=rss_application_security
Trying to kill undead Pushdo zombies? Hard luck, Trojan is EVOLVING
Malware remains undead, adds double-sneaky stealth mode The crooks behind the Pushdo botnet agent have developed variants of the malware that are more resistant to take-down attempts or hijacking by rival hackers.
http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/pushdo_extra_stealth/
Hintergrund: Mehr Fakten und Spekulationen zu Skypes ominösen Link-Checks
Zu Beginn der Woche berichtete heise Security, dass Links, die in privaten Skype-Chat-Sitzungen verschickt werden, kurze Zeit später von einem System von Microsoft besucht werden. Wir beobachteten ausschließlich Zugriffe auf https-URLs.
http://www.heise.de/security/artikel/Mehr-Fakten-und-Spekulationen-zu-Skypes-ominoesen-Link-Checks-1865370.html
Targeted information stealing attacks in South Asia use email, signed binaries
In the past few months, we have analyzed a targeted campaign that tries to steal sensitive information from different organizations throughout the world, but particularly in Pakistan. During the course of our investigations we uncovered several leads that indicate this threat has its origin in India and has been going on for at least two years.
http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/
Fake YouTube page targets Chrome users
Fake YouTube pages are one of the favored ways attackers leverage to get users to click on malicious content.
http://research.zscaler.com/2013/05/fake-youtube-page-targets-chrome-users.html
CSRF vulnerability in LinkedIn 2013
A security company has found an CSRF vulnerability in LinkedIn and they have uploaded an POC on Youtube to show the impact. The Cross Site Request Forgery attack allows the attacker to access information from an contact without the consent/knowledge of the affected user.
http://cyberwarzone.com/csrf-vulnerability-linkedin-2013?
Blog: Malicious PACs and Bitcoins
Malicious PACs used by Brazilian bad guys aiming to steal bitcoins
http://www.securelist.com/en/blog/208195033/Malicious_PACs_and_Bitcoins
April 2013 virus activity review from Doctor Web
May 13, 2013 IT security experts will remember April 2013 for several remarkable events. At the beginning of the month, Doctor Webs analysts hijacked a rapidly growing botnet comprised of computers infected with BackDoor.Bulknet.739. The middle of April saw the discovery of a new Trojan of the most common family 'Trojan.Mayachok' and an upsurge of spam containing subject matter related to the terrorist acts that occurred in Boston.
http://news.drweb.com/show/?i=3516&lng=en&c=9