Tag Archives: malware

FBI seizes server Russia allegedly used to infect 500,000 consumer routers

By Dan Goodin

Enlarge (credit: https://en.wikipedia.org/wiki/Flag_of_Russia#/media/File:Flag_of_Russia.svg)

The FBI has seized a key server used to infect more than 500,000 home and small-office routers in a move that significantly frustrates a months long attack that agents say was carried out by the Russian government, The Daily Beast reported late Wednesday.

The takedown stems from an investigation that started no later than last August and culminated in a court order issued Wedesday directing domain registrar Verisign to turn over control of ToKnowAll.com. An FBI affidavit obtained by The Daily Beast said the hacking group behind the attacks is known as Sofacy. The group, which is also known as Fancy Bear, Sednit, and Pawn Storm, is credited with a long list of attacks over the years, including the 2016 hack of the Democratic National Committee.

As Ars reported earlier Wednesday, Cisco researchers said the malware that infected more than 500,000 routers in 54 countries was developed by an advanced nation and implied Russia was responsible, but didn’t definitively name the country.

Read 6 remaining paragraphs | Comments

Source:: Ars Tecnica

Anyone shocked that the commies in Russia are still being…well, commies?

Tim


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

Hackers infect 500,000 consumer routers all over the world with malware

By Dan Goodin

Enlarge / A Linksys WRVS4400N, one of more than a dozen network devices targeted by VPNFilter. (credit: Linksys)

Hackers, possibly working for an advanced nation, have infected more than 500,000 home and small-office routers around the world with malware that can be used to collect communications, launch attacks on others, and permanently destroy the devices with a single command, researchers at Cisco warned Wednesday.

VPNFilter—as the modular, multi-stage malware has been dubbed—works on consumer-grade routers made by Linksys, MikroTik, Netgear, TP-Link, and on network-attached storage devices from QNAP, Cisco researchers said in an advisory. It’s one of the few pieces of Internet-of-things malware that can survive a reboot. Infections in at least 54 countries have been slowly building since at least 2016, and Cisco researchers have been monitoring them for several months. The attacks drastically ramped up during the past three weeks, including two major assaults on devices located in Ukraine. The spike, combined with the advanced capabilities of the malware, prompted Cisco to release Wednesday’s report before the research is completed.

Expansive platform serving multiple needs

“We assess with high confidence that this malware is used to create an expansive, hard-to-attribute infrastructure that can be used to serve multiple operational needs of the threat actor,” Cisco researcher William Largent wrote. “Since the affected devices are legitimately owned by businesses or individuals, malicious activity conducted from infected devices could be mistakenly attributed to those who were actually victims of the actor. The capabilities built into the various stages and plugins of the malware are extremely versatile and would enable the actor to take advantage of devices in multiple ways.”

Read 12 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

Thousands of hacked websites are infecting visitors with malware

By Dan Goodin

(credit: Wired UK/Shuttershock)

Thousands of hacked websites have become unwitting participants in an advanced scheme that uses fake update notifications to install banking malware and remote access trojans on visitors’ computers, a computer researcher said Tuesday.

The campaign, which has been running for at least four months, is able to compromise websites running a variety of content management systems, including WordPress, Joomla, and SquareSpace. That’s according to a blog post by Jérôme Segura, lead malware intelligence analyst at Malwarebytes. The hackers, he wrote, cause the sites to display authentic-appearing messages to a narrowly targeted number of visitors that, depending on the browsers they’re using, instruct them to install updates for Firefox, Chrome, or Flash.

Read 6 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

Potent malware that hid for six years spread through routers

By Dan Goodin

Enlarge (credit: Kaspersky Lab)

Researchers have discovered malware so stealthy it remained hidden for six years despite infecting at least 100 computers worldwide.

Slingshot—which gets its name from text found inside some of the recovered malware samples—is among the most advanced attack platforms ever discovered, which means it was likely developed on behalf of a well-resourced country, researchers with Moscow-based Kaspersky Lab reported Friday. The sophistication of the malware rivals that of Regin—the advanced backdoor that infected Belgian telecom Belgacom and other high-profile targets for years—and Project Sauron, a separate piece of malware suspected of being developed by a nation state that also remained hidden for years.

Complex ecosystem

“The discovery of Slingshot reveals another complex ecosystem where multiple components work together in order to provide a very flexible and well-oiled cyber-espionage platform,” Kaspersky Lab researchers wrote in a 25-page report published Friday. “The malware is highly advanced, solving all sort of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor.”

Read 7 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

Critical Telegram flaw under attack disguised malware as benign images

By Dan Goodin

Enlarge (credit: Kaspersky Lab)

Makers of the Telegram instant messenger have fixed a critical vulnerability that hackers were actively exploiting to install malware on users’ computers, researchers said Tuesday.

The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise the names of attached files, researchers from security firm Kaspersky Lab said in a blog post. By using the text-formatting standard known as Unicode, attackers were able to cause characters in file names to appear from right to left, instead of the left-to-right order that’s normal for most Western languages.

The technique worked by using the special Unicode formatting *U+202E* which causes text strings following it to be displayed from right to left. As a result, Telegram for Windows converted files with names such as “photo_high_regnp.js” to “photo_high_resj.png,” giving the appearance they were benign image files rather than files that executed code.

Read 2 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!