December 2012 - Posts
PC Magazine warns of new malware agent that can intercept POS transactions and obtain credit card data
QUOTE: A new piece of malware targeting point-of-sale systems and harvesting payment card data would be less successful if more payment data was encrypted in the first place. Cyber-criminals used a customized piece of malware to infect hundreds of point-of-sale systems from businesses in 40 countries around the world and stole data from tens of thousands of payment cards, researchers from Israel-based security firm Seculert found Tuesday. Dubbed Dexter, it has been found on Windows-based point-of-sale systems at well-known retailers, hotels, restaurants and parking providers.
"PoS systems are often the weak link in the chain and the choice of malware," Mark Bower, vice-president of Voltage Security, told SecurityWatch.While Seculert did not identify the companies who had been infected, it appears the largest group of victims is in the United States, at about 30 percent, followed by the United Kingdom with 19 percent. Affected countries include Brazil, France, Italy, the Netherlands, Poland, Russia, South Africa, Spain and Turkey.
Several protective updates are available for Windows, IE, Word, Exchange, and other products.
Many of these are rated as Critical and users should promptly update their systems.
Microsoft - December 2012 Security Update home page
ISC - EXCELLENT COMPLEMENTARY ANALYSIS
Trend Labs warns of a malicious Word document circulating in targeted attacks
QUOTE: Once again cybercriminals take advantage of the Holidays in what seem like a targeted attack against businesses and government organizations. We spotted samples that bore the filename, PROPOSED CHRISTMAS PARTY 2012.doc. Trend Micro detects this as TROJ_ARTIEF.RTN. When executed, this malware drops a file (temp.doc) that acts as decoy to trick recipients into thinking this is a legitimate document. In the document file we spotted, it looks like a supposedly invitation to a certain government office’s upcoming Christmas party. Moreover, TROJ_ARTIEF.RTN takes advantage of (MS12-027) Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) to drop a backdoor which we detect as BKDR_GAMFRIC.A. This backdoor also checks what web browser is used, and creates a hidden process in order to inject its malicious codes. We speculate that this attack uses email message as delivery mechanism in order to penetrate the network of the targeted entity.
Barracuda Networks warns of exploit kits planted on malicious websites, which are disguised as a Fake Google Chrome browser update.
QUOTE: Exploit kits are pre-packaged sets of malicious code that scammers install on websites. The scammers try to steer visitors to the URL of the exploit kit so that their code can attack your web browser and ultimately install malware on your computer. Exploit kit URLs are often distributed via spammed messages with enticing HTML links in them.
The most frightening thing about these kits is that a click on one of these links can cause malware to be downloaded and run without any indication that anything is happening. But sometimes the target computer isn't easy to attack, and the scammers have to fall back on their social engineering skills to get what they want. We recently saw this at Barracuda Labs when we followed a spam link to an exploit kit that behaved quite differently than usual when it detected the Google Chrome browser.
More Posts « Previous page