Janicab - the next wave malware
This is exciting. Sorry I said that - I know that's not the kind of language that we should be using when describing malware. But hey, credit where it is due.
My good friend Jamieson O'reilly introduced me to this new malware recently. Its not the malware that I'm really taken by though. Its the approach. Having said that, the actual code seems to be pretty slick as well.
These guys ask you to watch an interesting video on youtube. While you are watching the singing cat, in the background the malware executes. I have a feeling that very soon, doing something like this will end up encrypting your files.
BLOCK this URL ASAP
hxxp://download-notice.com
The URL above needs to be stopped at Gateway level. A new variant of Crypto has been hyper-active in Australia starting today and this is the URL that it tries to connect back to for control.
There are around 150 urls that are re-directing to this URL so it makes a lot of sense to block this one at the gateway.
Infection channel: comes in as a link in an email posing to be an infringement notice from the AFP (Australian Federal Police) and asks the victim to click on a link in order to see the details of the fine.
Fun Fact - Australian Federal Police has got a lot more important things to deal with traffic fines!
Wordpress XXS vulnerability
A major vulnerability has been found in popular web publishing giant Wordpress. This vuln allows commentators to inject javascipt into a website through the comments feature that is available through wordpress.
A patch has been released and it is highly recommended that wordpress users update their sites ASAP.
BARTALEX outbreak
There has been a new outbreak of BARTALEX that has been pre-dominantly focussed on USA, though not limited to that region. This infection is spread through email and uses a combination of social engineering and code execution. The email seems to some from ACH (American Clearing House) and directs the victim to a dropbox link that provides a file download. When the victim tries to open the file, a genuine looking Microsoft message tells the user to enable macros in Word. Once that has been done, the code executes. This malware targets banking sites and software.
All major AV vendors have got signatures for this malware - you just need to make sure your patterns are updated.
No comments:
Post a Comment