GLOBAL SECURITY ADVISOR RESEARCH BLOG

After the US CERT, an organization belong to the American government, published multiple security warnings since the beginning of the year, it’s probably a good advice to disable the functionality of Java in your browser, if you haven’t done so already.
Multiple security holes have been discovered and a fixed in the past, but it seems that the latest Java security problem came to new levels. As a result of the vulnerability breach in Java security, which can be exploited by potential attackers to run malicious code on the user’s computer, Oracle released a fix patch in lightning speed, but some companies were not waiting for the repair of Oracle. Apple for example added the latest versions of Java to its blacklist, as well as decided to remove the Java plugin from its latest browsers.

Almost all of us are walking around with a smartphone in our pocket, keep things on the "cloud" and charge credit cards online. The implication is clear - all our information, including our money is at risk. Most of us prefer to ignore it, but there is also another way.

Public and media storm surrounding reports that the U.S. government used its secret PRISM program designed to keep track of personal information of users around the world raises critical questions for any user and really touches us all. Beyond the ethical questions concerning this matter, the free access to servers of the major technology giants - Google, Apple, Facebook and Microsoft overwhelms the risks relating to the exposure of the personal data and raises the question of how our sensitive information is indeed truly protected.

A new Trojan was discovered, which is well hidden in a very encrypted and complicated code, and if that's not enough, it penetrates few loopholes in the operating system and becomes impossible to remove! So what can be done?

Android users, beware! A new Trojan horse, worse than all its predecessors all together, is starting to circle around in Android device.
Although it is still not particularly common, there are already dozens of warnings, and therefore we will probably still run into it. Unfortunately.

Yet another worm that infects removable drives was discovered.

The Win32/SillyAutorun.FTW was recently found in the wild. The worm is written with Microsoft Visual Studio and uses injection engine - worm's code overwrites the original code in memory. When it runs on infected machine, it first
copies itself to  %ApplicationData%\E-73473-3674-74335\msnrsmsn.exe; where %ApplicationData% is application data folder of the current user, for example:

Do you think your iPhone is immune to all intrusions? You should think again. A group of young scientists from Georgia Tech University in the United States found that a great danger to your device may appear from a totally innocent function: The battery charger.

Sometimes you are somewhere without a charger and may ask if someone has an iPhone charger. It turns out that the moment you connect your device to the charger, it could be hacked.

On Saturday, May 25th. One of the ‘Mujaheedin’ forums suddenly disappeared from the Internet. The forum called ‘Ansar Al-Mujaheedin Arabic Forum’ (AKA: AMAF) is one of the major forums supposedly related to the Al–Qaeda organization.

Shortly after the fall of the Forum, another website was also shot down, this time the site belong to Angam Hudari, known as extremist leader in England.

Recently, many Skype users received messages from unknown sender. A message, usually in Russian language, refers to some pictures and contains link to infected site or archive containing malicious executable.
The link is usually hosted at http://goo.gl. Then the malicious executable is extracted and executed, it blocks access to Skype and sends the same infected messages to users at the victim's contact list.
The worm also steals Skype password, thus it is recommended to change the password after removal of this worm.

The first variants of Win32/VBDoc worm appeared about half year ago, and this worm has been active since. The description of Win32/VBDoc.H is available on Total Defense Labs Encyclopedia.
Many variants of this worm are known, they are released quite frequently by one or more malware writers. When older variant becomes known and detected by antiviruses, no more attempts to infect with this variant are performed, instead, new variant is released. This scenario is typical for other malware too. Because of that, a reasonable protection could be provided only by proactive detection that is able to detect future variants. 

After multiple attack waves, Twitter finally launched a secure identity verification.
The feature is based on two-steps authentication - password and code, similar to Facebook and Gmail's security, so now Twitter's management hope to reduce accounts burglary rate.

Among the attacks, a widely publicized infiltration was executed last month by Syrian hackers against the AP news agency’s Twitter account. Burglars fabricated reports about an allegedly White House attack, which caused panic and extreme price declines on Wall Street. The community discussion dragged on increasing exposure to information from social networks, its impact on securities trading and the associated risks.

Games, especially online games, are fertile ground for spreading viruses and malicious software. Here’s how it works and what can you do in order to protect yourself.

You could say that I was a gamer for too many years and experienced most generations of PC games since I got my first Commodore64 in 1986. Just like many others, I became a collector of 5.25” floppy disks containing free games and software. Although I've heard many were infected with viruses, it was only after couple of years when I first encountered my first virus – The ‘Ping-Pong’ virus, was circulated on a floppy disk I received from no other than my teacher at school...

Multiple attacks on U.S. companies and probably also on government systems. It seems China's hacker army resumed its attacks after 3 months of silence.

The exact identity of targets hit by latest assault is not fully known, but it seems to be in many companies and government bodies that were also hit by the prior assault in February by a group called "Unit 61398" that was also attributed to theft of trade secrets, drawings of products and production plans, the results of experiments in new products and sensitive business documents of over a hundred companies and organizations during last five years.

Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Introducing : Ragebooter

Site called Ragebooter.net allows users to pay for removal of sites from the network, using DDoS attack. Unlike other existing sites that offer similar services, the Ragebooter have particularly interesting back door leading directly to the FBI.

Recently a new kind of spam emails appeared.
The email body is always short and looks like love letter:

The moment you kissed me at my doorstep, I know I am yours forever.
With loads of hugs and kisses, Akilina.

The email body text is highly variable and therefore resistant to spam filters (except of the dating site URL). There are never any attachments, font styles and colors, modified words typical for other spam - just plain text email.

During the first quarter of 2013 there has been a very high growth rate ever seen of new malware penetration into the market. The trend indicates a growing number of professional malware vendors that work systematically to find loopholes in the operating systems.

The number of malware activities which threaten smart phones and tablets surged in the first quarter of 2013 and climbed rapidly, with more than 90% on Android environment.