DNSChanger Network

The Internet could go dark for millions of users as early as March 8 because of a virus that has corrupted computers in more than 100 countries.
The computer script, called DNSChanger Trojan, taps into fraudulent servers, sending users of the Web to unintended – and sometimes illegal – sites.
Though the FBI has shut down the DNSChanger network and put up surrogate servers, they warned the solution was only temporary – and the court-ordered deadline is March 8.
‘DNSChanger’ could cause millions – including Fortune 500 companies – to lose their Internet if the FBI shuts down surrogate servers

[ source ]

PandaLabs reports a new botnet called Ainslot.L. Botnets are categorized as malware and botnets.
Made to record any activity of a computer, download other malware to infect the victims computer and take over the computer.
This Ainslot.L jobs like banking trojan, steal important data such as online banking and financial transactions. Ainslot.L even able to scan the computer and look for another bot then kicked it, so that only he himself in power.
The spread of counterfeit Ainslot.L via email, as if sent from the email address of UK online clothing store Cult.

Anti Virus Removal Tool

A new piece of Android malware named Android.Bmaster, first highlighted by researcher Xuxian Jiang at North Carolina State University, was uncovered on a third-party marketplace and is bundled with a legitimate application for configuring phone settings, Symantec researcher Cathal Mullaney wrote in a blog.

This Malware is estimated to affect between 10,000 and 30,000 phones on any given day. The malware, mostly found on Chinese phones, works by using GingerBreak, a tool that gives users root access to Android 2.3 Gingerbread. RootSmart is designed to escape detection by being named “com.google.android.smart,” which the same name as a settings app included by default with Android operating systems.

Mullaney explained that once the malware is installed on the Android phone, an outbound connection from the infected phone to a remote server is generated.“The malware posts some user and phone-specific data to the remote address and attempts to download and run an APK file from the server. The downloaded file is the second stage in the malware and is a Remote Administration Tool (RAT) for Android, detected as Android.Bmaster. This type of malware is used to remotely control a device by issuing commands from a remote server”. Keep reading

Removal Tool

[ source ]

Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses.

Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. “A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available,” said Michael Sutton, vice president of security research at Zscaler. “While we can’t access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down,” he explained. Keep reading

[ source ]

SP Toolkit – Open Source Phishing Education Toolkit

A new open source toolkit makes it ridiculously simple to set up phishing Web sites and lures. The software was designed to help companies test the phishing awareness of their employees, but as with most security tools, this one could be abused by miscreants to launch malicious attacks.

The spt project is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Keep reading

Kaspersky Virus Removal Tool

[ source ]

From last week premium rate SMS Trojans surfaced in the Android Market. Google has pulled 22 apps that are masquerading as legitimate versions of popular games like Angry Birds and Cut the Rope. Security researchers have discovered a way to bypass an Android smartphone owner’s permissions and access private data stored on their smartphone.

Avast Blog explain this as – For example, if someone tried to look for “Cut the rope free”, this malicious application was in the fourth place in the search results. Apps published by the developer Miriada Production may look like well known Android games (Angry birds, Need for speed, World of Goo and others) and users could be easily confused.

The fake apps include “Cut the Rope”, “Need for Speed”, “Assassins Creed”, “Where’s My Water? “,”Riptide GP”, “Great Little War Game”, “World of Goo”, “Angry Birds”, “Shoot The Birds”, “Talking Tom Cat 2″, “Bag It!” and “Talking Larry the Bird”. The apps have been pulled from the Android Market.
The fraudulent apps would install a premium rate SMS Trojan that would rack up hidden charges on the user’s phone bill. The apps would lure customers into clicking on options that would send text messages to premium line numbers leaving the user to foot the bill. According to Lookout Mobile Security, the new threat called RuFraud has been found in an initial batch of apps on the Android Market that include horoscope apps, wallpapers, and game apps that pretend to be legitimate games like Angry Birds.

What will happens if these threats are installed in your mobile devices?
It will attempts to send text messages containing the string “798657” to premium-rate numbers using the infected device’s current default SMS Center (SMSC) by exploiting the Permissions function (android.permission.SEND_SMS), Capable of sending an affected user’s GPS location via HTTP POST, Opens several ports and connects to specific URLs to receive and execute commands from a remote user, Gathers information like International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) numbers from infected systems, which is then sent to a specific site and Secretly forwards all incoming text messages to a remote user.

Keep reading

[ source ]