It’s well known that malware is growing more sophisticated, but few threats have had us scratching our heads like Trojan.Clampi. In order to remove the mystery around this threat, Security Response will be publishing a series of blogs talking about various aspects of Clampi. As an introduction, we’d like to present a brief overview of the threat.
Distribution
Trojan.Clampi has been around for a number of years now. During this time it has gone through many iterations, changing its code with a view to avoid detection and also to make it difficult for researchers to analyze.
From our analysis it seems that Clampi has mainly affected machines in the US. Clampi infection rates seem to be skewed towards countries where English is the primary language. This may indicate the first infections were as a result of malicious drive-by attacks on...
A lot can be said with 140 characters. It’s just enough to convey a point, but constricting enough to make things concise. No wonder microblogging sites such as Twitter have become so popular.
Unfortunately one of the limitations here is sharing Web pages with long URLs. In order to address this issue, URL-shortening utilities have grown in popularity on the site. Using such tools allows you to include a link well within the 140-character limit, which will redirect anyone who clicks it to the longer URL and thus the site you wanted to share.
There’s one downside here, from a security point of view—you’ll often have no idea where the link leads until you click it. Clicking any link like this is entirely a security leap of faith. Unfortunately malware authors have caught on to this and are currently distributing misleading applications using these shortened URLs. Using enticing tweets and commonly used twitter search terms, their goal is to get...
Have you ever noticed how movies tend to come in waves? A few years ago it seemed like every action movie had a space theme; then the following year the big new movies featured some kind of natural disaster. This past summer it seemed like every other movie was in 3-D. Technology, as we all know, has waves too, and the security industry is no different. For example, recently there has been a lot of talk about reputation-based security and suddenly it seems like every vendor is claiming to have some type of reputation technology. But, not all technologies are created equal, so I thought I’d take a few minutes to look at what makes Symantec’s Quorum so very different.
Why is a new approach needed?
Two fairly recent trends have had a negative impact on the effectiveness of traditional approaches to security. First, many of today’s threats are highly polymorphic—they are able to easily hide because nearly every instance of the threat is ever so...
Koobface is a worm that infects users by using social engineering attacks. It spreads by abusing social networking websites such as Facebook, Twitter, and MySpace, or by employing search engine optimization (SEO) techniques to lure potential victims to malicious sites.
We have been monitoring Koobface for a while now, and here we have some findings based on analyzing data collected over three weeks. These findings shed some light onto the modus operandi of the gang behind Koobface and the effectiveness of its techniques.
The infrastructure used by the Koobface gang is relatively simple: a central redirection server redirects victims to one of the infected bots where the actual social engineering attack takes place. While the central redirection point has been actively targeted by take-down requests, the Koobface gang has so far been quick to replace suspended domain names and blacklisted IPs with new ones. The figure below shows the timeline of some of the...
