End-of-Shift report
Timeframe: Montag 23-06-2014 18:00 − Dienstag 24-06-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
Stop running this script? notification redirects to Angler Exploit Kit
ESET researchers identified a website serving up a Stop running this script? notification that, when clicked, redirects Internet Explorer users to the Angler Exploit Kit.
http://www.scmagazine.com/stop-running-this-script-notification-redirects-to-angler-exploit-kit/article/357370/
Android KeyStore::getKeyForName buffer overflow
Google Android is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the KeyStore::getKeyForName method. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system under the keystore process.
...
Remedy:
Upgrade to the latest version of Android (4.4 or later), available from the Google Web site. See References.
http://xforce.iss.net/xforce/xfdb/93916
Havex Hunts for ICS/SCADA Systems
During the past year, weve been keeping a close eye on the Havex malware family and the group behind it. Havex is known to be used in targeted attacks against different industry sectors, and it was earlier reported to have specific interest in the energy sector. The main components of Havex are a general purpose Remote Access Trojan (RAT) and a server written in PHP.
http://www.f-secure.com/weblog/archives/00002718.html
Beware of Skype Adware
During our daily log analysis, we recently encountered a sample purporting to power up Skype with different emoticons. The binary, when installed, integrated itself with Skype and sent the following message contacts without further intervention.
http://research.zscaler.com/2014/06/beware-of-skype-adware.html
Dramatic Drop in Vulnerable NTP Servers Used in DDoS Attacks
95 percent of vulnerable NTP servers leveraged in massive DDoS attacks earlier this year have been patched, but the remaining servers still have experts concerned.
http://threatpost.com/dramatic-drop-in-vulnerable-ntp-servers-used-in-ddos-attacks/106835