Tag: keylogger

Two Million Passwords Stolen From Facebook, Twitter, ADP

Two Million Passwords Stolen From Facebook, Twitter, ADP

The passwords to access more than two million online accounts have been recovered from a server that is part of the command and control network for the Pony botnet, a large and active network of infected computers, according to a blog post from the security firm Trustwave. The company said that it found a cache of approximately two million compromised accounts, most from popular online services such as Facebook, Yahoo, Google and Twitter. More concerning: the cache also contained tens of thousands of credentials for FTP (File Transfer Protocol) servers, remote desktop and secure shell (SSH) accounts, and a site belonging to ADP, the payments processing firm. Facebook accounts made up the lion’s share of the haul, with 318,121 user credentials discovered – 57% of the total. Yahoo was the next biggest victim, with 59,549, almost 11% of the total. Leading Russian social networking sites vk.com and odnoklassniki.ru were also in […]

APT or fANTasy: The Strange Story of BadBIOS

APT or fANTasy: The Strange Story of BadBIOS

Yesterday over on Veracode’s blog I wrote about the ongoing saga of “BadBIOS” – a piece of malicious software that might be the most sophisticated virus ever written, or a figment of the imagination of Dragos Ruiu, the esteemed security researcher who says he discovered it on systems he owned. The story of BadBIOS reads like something out of science fiction. Ruiu has described it in interviews and blog posts as BIOS-based malware that can back door systems running a variety of operating systems – OS X, Windows and even OpenBSD. But it’s also described as an ephemeral kind of ‘we-don’t-know-what,’ that can’t be isolated or analyzed. One Twitter follower of Ruiu’s suggested designating it a “heisenbug” which he defined as “a software bug that seems to disappear or alter its behavior when one attempts to study it.” That would be funny if this weren’t deadly serious. For, really, one […]

Malware Supply Chain Links Eleven Attacks

Malware Supply Chain Links Eleven Attacks

Fresh off their discovery of a previously unknown (‘zero day’) security hole in Microsoft’s Internet Explorer web browser, researchers at the security firm Fireeye say that they have evidence that a string of sophisticated attacks have a common origin. In a report released on Monday (PDF), the firm said that many seemingly unrelated cyber attacks identified in the last year appear to be part of a “broader offensive fueled by a shared development and logistics infrastructure” — what Fireeye terms a ‘supply chain’ for advanced persistent threat (APT) attacks. At least 11 APT campaigns targeting “a wide swath of industries” in recent months were found to be built on a the same infrastructure of malicious applications and services, including shared malware tools and malicious binaries with the same timestamps and digital certificates. “Taken together, these commonalities point to centralized APT planning and development,” Fireeye wrote. The attacks link at least 11 separate […]

Triumfant says that in-memory "AVT" style attacks are the latest weapon in the battle between malware authors and security firms.

Ephemeral In-Memory Malware Common At High Value Targets

Computer security has always been a game of Spy vs. Spy, with the bad guys trying to stay one step ahead of the latest tactics and tools used to catch them. And that’s still true today, in an age of so-called “advanced persistent threats.” So what’s the next big thing in advanced malware? How about ghostly, ephemeral malware that never exists outside of memory and disappears whenever the infected system is rebooted?   The security firm Triumfant issued a warning on Monday about what it calls “advanced volatile threats” or AVT. The malware is already a common component in attacks against high value targets, including government agencies and intelligence services John Prisco, Triumfant’s CEO and President told The Security Ledger. The terminology here is a bit tricky – as Prisco admits. Technically, almost every online attack begins in memory, where attackers seek to overwrite the memory space used by a […]

Sharing Threat Intelligence To Sort Out Targeted Attacks

Sharing Threat Intelligence To Sort Out Targeted Attacks

Headlines about “advanced persistent threats” and targeted attacks have organizations of all sizes concerned. Barely a week goes by without news of a new, stealthy campaign targeting executives, government leaders or platforms used by prominent organizations. But while APT-style and targeted attacks may have the attention of the boardroom, organizations still face a Herculean task determining when an attack they’ve detected is targeted, and when it is merely indiscriminate. To help answer that question, I “hung out” with two experts in detecting and analyzing malicious threats to enterprises. Anup Ghosh is the CEO and co-founder of Invincea, which makes malware detection tools that isolate threats on endpoints. Matt Hartley is the Senior Director, Intelligence Lab Services at iSIGHT Partners, a cyber threat intelligence firm. Both told me that, while targeted attacks are on the rise, awareness about them is also at an all time high. That can, sometimes, result in organizations […]