• 17ebook.com,
• aladel.net,
• bpwhamburgorchardpark.org,
• clicnews.com,
• dfwdiesel.net,
• divineenterprises.net,
• fantasticfilms.ru,
• gardensrestaurantandcatering.com,
• ginedis.com,
• gncr.org,
• hdvideoforums.org,
• hihanin.com,
• kingfamilyphotoalbum.com,
• likaraoke.com,
• mactep.org,
• magic4you.nu,
• marbling.pe.kr,
• nacjalneg.info,
• pronline.ru,
• purplehoodie.com,
• qsng.cn
• seksburada.net,
• sportsmansclub.net,
• stock888.cn,
• tathli.com,
• teamclouds.com,
• texaswhitetailfever.com,
• wadefamilytree.org,
• xnescat.info, and
• yt118.com .

The infected sites had on average 18,000 threats and 40 per cent of the sites had more than 20,000 threats, while 75 per cent of websites on the list were found to be spreading malware for over six months.

Recently, the US faced its biggest data security hacking till date when two Russian citizens and a US national breached the security of Heartland Payment Systems, 7-Eleven, and the Hannaford Brothers chain of supermarkets and swindled credit and debit card data worth more than $130 million. As part of their hacking plan these men used aliases and cracked the details of even Fortune 500 companies. They hacked the systems by using SQL injection techniques. In fact, these fraudsters managed to evade suspicion initially by accessing customer networks through proxy sites and changed the software which failed in detecting the creeping malware.

The ICSG is working towards forming a more focused security group to combat these malwares more effectively. ICSG is working on an XML-based standard to tackle the malware files which security vendors face every month. However, hacking and breaching data security has got smarter. Hackers are ensuring that their malware and hacking codes go undetected. Malware is being written for mobile phones and PDA, and IPv6, the next-generation Internet protocol, among hackers is in. One of the most recalled incidents is the temporary hacking of the United Nations website in 2008. Unsuspecting visitors downloaded a file from a malware-hosting server. This malware’s intension was to install a code in the user’s desktops and laptops to hijack personal information.

It will be a big challenge for ICSG to combat the scale and rapidity of the smart malware and the smarter hackers.

The latest in the series is the hacking of the popular Cling URL shortening service. This is fourth popular URL shortening service on the twitter. Sophos reports that, Cling was hacked last Sunday to redirect the users to a story on Twitter hashtags by blogger Kevin Sablan from the Orange County Register. As per logs the attacker IP originates from Canada.

According to Cling, the hole exploited by the attacker is identified and closed and they in the process of replacing the URL’s from its backup.

The malware was found on 20 ATM’s in Russia and Ukraine that were all running Microsoft’s Windows XP operating system. At least one machine was infected as early as July 2007. The researchers said that the hacker released upgraded version of the Malware since then and perfected it.

The Malware contains advanced management functionality allowing the attacker to fully
control the compromised ATM through a customized user interface built into the malware. The attacker needs an inside help to infect the machine with Malware. Once that’s done, attackers can insert a control card into the machine’s card reader to trigger the Malware. The hacker can also instruct the machine to eject whatever cash is inside the machine.

More details about the attack at

https://www.trustwave.com/downloads/alerts/Trustwave-Security-Alert-ATM-Malware-Analysis-Briefing.pdf

However, this is not the first time Waledac attempted to use this localization technique. Waledac has been using this GeoIP functionality back in February, when the botnet sent fake coupons. Mal/Waledec-A is a malicious program frequently associated with the W32/Waled-Gen family of worms.

The program pretends to scan the computer for virus or malware and reports hundreds of infections. To look more legitimate, it will disable few of the operating system functionality and offers fake antivirus solutions. These worms are designed to download the payloads from remote sites, steal user cookies, emails etc. MS Anti-spyware 2009 is one of the scareware that’s distributed through these sites.

Similar attack on the Digg community happened last week. Digg has taken action by disabling more than 300 accounts.

Google has taken down web pages which security researchers believe are manipulating the search engine to aid in malware attacks. Attack is now under control at least for the moment. We can assume the attackers will be looking at new and creative ways to circumvent any countermeasures that may be in place.

So if you are going to search Google for the hottest topic of the day; beware, malware is there in the top ten.

Latest Google trends : http://www.google.com/trends

Every websites linked from Google search ended by in malware warning “This site may harm your computer”. Government websites, CNN, Associated press all were reported as malware site. It could be some glitch in Google Safe Browsing API. A false report indicated it was a result of a problem at StopBadware.org

The official word from Google is quite “simple”, simple human error. Here is the contradictory statement from StopBadWare who provides the database of malware to Google.

There are various ingenious ways of doing social engineering. In ‘pretexting’, the attacker creates a purely fictional scenario to extract information from the victim.  Phishing emails invite the receiver to click on embedded links to type in personal information for ‘verification’. Phone phishing uses engineered Interactive voice response (IVR) system for deception.  Baiting is to infect systems through Trojan horse malware – a curious victim will pick up a seemingly mislaid CD or USB flash drive at a conspicuous location and run the same on his system with disastrous results.  Create a quid-pro-quo situation where the attacker offers to help resolve a malfunction and in the process obtain bits of personal information.

Here is a classic ‘pretexting’ social engineering story.  Ian Malone of US received a late night phone call asking if he had been using his credit card for heavy purchases recently as the caller (pretending to be an employee of the credit card company) noticed huge accumulated debts on the card.  Malone was naturally flabbergasted as he was already struggling for funds.  The caller sympathized and offered to probe this suspected fraud further and set it right.  To do so, “may I have details of the card please?”  Malone was anxious to get out of the mess.  The attacker got what he wanted to commit credit card fraud – the rest is history!

To avoid different social engineering frauds, it would be advisable to follow the guidelines listed below:

• Never click on embedded links unless you are sure of the identity of the sender.
• Never call on the phone numbers given in the information seeking emails.  Instead, call on a confirmed genuine number known to you or taken from previous statements.
• Do not provide personal or company information over phone to unknown entities, however intimidating the caller may sound and demand information..
• Submit personal information only on secured encrypted websites – look for an “https” prefix and a lock icon at bottom of the screen.
• Pay attention to website addresses. Malicious websites will have slight variation in web address or domain, e.g. .net instead of .com.
• Don’t accept unsolicited help for repairs – get a qualified legitimate technician to do any repair.
• Do not panic when you are told of alarming situations and do not act on the caller’s requests.
• If you suspect to have revealed information, inform the appropriate authorities (network administrators, your supervisor, bank, credit card company or even police), who can take immediate remedial measures to detect and stop any fraud.

Remember, social engineering frauds can be avoided if you are careful in your actions.  If you lose money/data because of your carelessness, only you are to be blamed.  Recovery of lost money/data is almost impossible!

Few days back another malware of the same type was spotted in pirated copy of Apple’s iWork. The malware iServices.A also connects the machine to a botnet network.

Over the last one and half years Mac users are no longer the feeling the security of being on the Mac platform. OSX.RSPlug.A, which target Mac porn hunters, AppleScript-THT Trojan which exploited the vulnerability of apple remote desktop agent all target Macintosh machines. It’s interesting to note that Mac advised its users to install anti virus software back in November, 2008 on its website and quickly withdrew the post.

Apple recommended Intego VirusBarrier, Symantec Norton Anti-Virus 11 for Macintosh and McAfee VirusScan for Mac as possible antivirus products. AVG, Avast! Home Edition and Clam AV also provide anti virus software solutions for Mac Platform.

Considerably smaller market share of Mac made it less of a target to cyber criminals till now, but may be not any more!