When trawling the Web today we came across a website that has been compromised and rigged so that it is returned in search engine results for many different search terms. The site in question belongs to a UK-based company that specializes in hiring out holiday homes and is a legitimate business. However, the site has been compromised and is being used in a major ongoing SEO-based misleading applications attack, and has been for some time now. As you can see in the sample search results below, you may wonder what college football, a Ukraine vs. Greece soccer match, Penn State basketball, and Robin Williams have to do with renting a holiday home—and with good reason, too.
The key to identifying malicious pages in the search results is...
Today, Adobe officially launched their newinfrastructure for delivering rich Internet applications to yourdesktop- Adobe Integrated Runtime, or "AIR" for short. At first glance,Adobe AIR looks like a mash up of many of the existing Web and Adobetechnologies such as HTML, AJAX, ActionScript, Flash, and Flex. Bycombining rich media and user interface features, and leveraging theexisting expertise in these technologies, Adobe hopes to bring highlyinteractive and engaging Web applications to the desktop.
Technologies provided by Adobe, such as Flash, enable a multimediadeveloper to easily create fantastic-looking and engaging applicationsand deploy them across various platforms by operating within a browserenvironment. Adobe AIR takes it a step further by liberating thesetechnologies and placing them within their own desktop-basedenvironment in a similar fashion to Java or .NET. Using this approach,it can achieve a number of aims:
In the (legitimate!) business world,Management Information Systems (MIS) are typically used by managers andkey decision makers of a business to see at a glance how well abusiness is doing in its various key performance areas. They typicallysummarize masses of transactional data through tables and reports; andalso allow for more advanced analysis and drill-down to detailed data.The advantage of such systems in business is considerable, becausehaving such information available on hand allows these individuals tomake key decisions that affect the future of a business.
Moving over to the malware criminal world, we are seeing more andmore parallels to the world of legitimate business. As online criminalsget increasingly organized, we are seeing them employ more of the toolsand techniques that would be employed in running a normal business.Such is the amount of money to be made in online crime, it has reallybecome a sort of gold rush: just like in the...
Over the years, IRC channels have been afavourite communications method between back doors and their commandcenters because they are so simple to set up and use. The IRC protocolis easy to use can also be easily configured to travel over anarbitrary TCP port so its not easy block IRC traffic based on wellknown port numbers. That said, IRC traffic generally has no placewithin corporate environments so that makes it a little easier to spotand control.
A recent proof of concept back door Trojan (Backdoor.Fonamebot)that we have examined here in Symantec has perhaps pointed the wayforward for the transmission of data between zombies and the botherder. What we have seen is a new kind of back door that sends andreceives its data through the DNS protocol.
You might ask yourself, "What is the big deal with thisdevelopment?"...
Since late yesterday we have seen a marked increase in the activity of a new Sober variant doing the rounds. A new variant of Sober named W32.Sober.AA@mm is currently being spammed out to many users around the world. The spam can be either in English or German and uses classic socialengineering techniques to trick users into opening and running theattachments.
The emails sent have the following characteristics:
Subject: Ihr Passwort wurde geaendert! Fehlerhafte Mailzustellung Ihr Account wurde eingerichtet! Your Updated Password! Error in your eMail
Message: Ihr Passwort wurde erfolgreich geaendert. Ihre neuen Account-Daten und Passwort befinden sich gesichert im Anhang!
