Recent Posts


Email Notifications

Personal Links


Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

December 2012 - Posts

Dexter Malware Agent - Targets Credit Card data from point of sale systems

PC Magazine warns of new malware agent that can intercept POS transactions and obtain credit card data

QUOTE: A new piece of malware targeting point-of-sale systems and harvesting payment card data would be less successful if more payment data was encrypted in the first place. Cyber-criminals used a customized piece of malware to infect hundreds of point-of-sale systems from businesses in 40 countries around the world and stole data from tens of thousands of payment cards, researchers from Israel-based security firm Seculert found Tuesday. Dubbed Dexter, it has been found on Windows-based point-of-sale systems at well-known retailers, hotels, restaurants and parking providers.
"PoS systems are often the weak link in the chain and the choice of malware," Mark Bower, vice-president of Voltage Security, told SecurityWatch.While Seculert did not identify the companies who had been infected, it appears the largest group of victims is in the United States, at about 30 percent, followed by the United Kingdom with 19 percent. Affected countries include Brazil, France, Italy, the Netherlands, Poland, Russia, South Africa, Spain and Turkey.

Microsoft - December 2012 Security Updates available

Several protective updates are available for Windows, IE, Word, Exchange, and other products. 

Many of these are rated as Critical and users should promptly update their systems.

Microsoft - December 2012 Security Update home page


Christmas 2012 - Malicious Word document circulating in targeted attacks

Trend Labs warns of a malicious Word document circulating in targeted attacks

QUOTE: Once again cybercriminals take advantage of the Holidays in what seem like a targeted attack against businesses and government organizations. We spotted samples that bore the filename, PROPOSED CHRISTMAS PARTY 2012.doc. Trend Micro detects this as TROJ_ARTIEF.RTN. When executed, this malware drops a file (temp.doc) that acts as decoy to trick recipients into thinking this is a legitimate document. In the document file we spotted, it looks like a supposedly invitation to a certain government office’s upcoming Christmas party.   Moreover, TROJ_ARTIEF.RTN takes advantage of (MS12-027) Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) to drop a backdoor which we detect as BKDR_GAMFRIC.A.  This backdoor also checks what web browser is used, and creates a hidden process in order to inject its malicious codes. We speculate that this attack uses email message as delivery mechanism in order to penetrate the network of the targeted entity.

Fake Google Chrome update circulating

Barracuda Networks warns of exploit kits planted on malicious websites, which are disguised as a Fake Google Chrome browser update.

QUOTE: Exploit kits are pre-packaged sets of malicious code that scammers install on websites. The scammers try to steer visitors to the URL of the exploit kit so that their code can attack your web browser and ultimately install malware on your computer. Exploit kit URLs are often distributed via spammed messages with enticing HTML links in them.

The most frightening thing about these kits is that a click on one of these links can cause malware to be downloaded and run without any indication that anything is happening. But sometimes the target computer isn't easy to attack, and the scammers have to fall back on their social engineering skills to get what they want. We recently saw this at Barracuda Labs when we followed a spam link to an exploit kit that behaved quite differently than usual when it detected the Google Chrome browser.

These are a favorite of spammers and should always be considered suspicious. In this case all of the links point to a hacked website hosting a Blackhole exploit kit. Following the link with Internet Explorer gave us a typical chain of events - malicious javascript set up a PDF exploit resulting in a Zeus download. But when we followed the same link with the Google Chrome browser, the kit shifted gears. Since Chrome uses it's own internal PDF engine that is not as vulnerable, a different attack was presented in the form of a fake Chrome update page.

More Posts « Previous page