Over 17000 Mac Machines Affected by 'iWorm' Botnet Malware

A newly discovered zombie network that exclusively targets Apple computers running Mac OS X across the globe has compromised roughly 17,000 machines so far, giving hackers backdoor access to infected computers, researchers at Russian antivirus firm Dr.Web warned. According to a survey of traffic...

Apple — Most Mac OS X Users Not Vulnerable to 'Shellshock' Bash Bug

On one hand where more than half of the Internet is considering the Bash vulnerability to be severe, Apple says the vast majority of Mac computer users are not at risk from the recently discovered vulnerability in the Bash command-line interpreter – aka the "Shellshock" bug that could allow hacke...

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks

Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell Bash, dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over...

Apple Says OS X Safe By Default Against Bash Vulnerability

Apple is trying to soothe users who are anxious about Mac OS X’s exposure to the Bash vulnerability. The company said in a statement to Threatpost that most Apple users are not at risk, and reports have it that Apple is preparing to release a patch. “With OS X, systems are safe by default and not...

Bash Botnet Exploit Found, Bash Patches Incomplete

The urgency to patch systems against the Bash zero-day vulnerability has been cranked to 10 after reports of an exploit in the wild have been made public by AusCERT, the Computer Emergency Response Team of Australia. This seems to reflect a similar finding posted by a researcher who goes by the...

Researchers Work to Predict Malicious Domains

SEATTLE–A typical phishing or Web-based malware attack usually isn’t terribly complex. But they need a few things in order to work, and one of the key components often is a malicious domain. Researchers spend a lot of time identifying and taking these domains down, but some researchers now are...

UFONet - DDoS attacks via Web Abuse (XSS/CSRF)

UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet. See this links for more info: - CWE-601:Open Redirect - OWASP:URL Redirector Abuse Main features: --version show program's version number and exit -v,...

CryptoWall Ransomware Earns $1.1M, Encrypts 5 Billion Files

CryptoWall is a million-dollar business. The file-encrypting ransomware has netted the criminal gang responsible for its development and dispersal, more than $1.1 million in the six months it’s been in the wild, researchers at Dell SecureWorks’ Counter Threat Unit said in a report this week. The...

Malicious Advertisements Found on Java.com, Other High-Profile Sites

A New York-based online ad network company AppNexus, that provides a platform specializing in real-time online advertising, has again been spotted as the origin of a recent "malvertising" campaign that makes use of the Angler Exploit Kit to redirect visitors to malicious websites hosting the Aspr...

Java.com, TMZ Serving Malvertising Redirects to Angler Kit

Online ad network AppNexus has again been identified at the core of another malvertising campaign using the Angler Exploit Kit to redirect visitors to sites hosting the Asprox malware. Busy, popular websites including TMZ, Photobucket and Java.com in recent days have been serving malicious...

NewGOZ Gameover Zeus Botnet Rebuilds

It didn’t take long for an updated version of GameOver Zeus to make some headway in rebuilding itself. Research published today from Arbor Networks demonstrates that cybercriminals behind GameOver Zeus, which was taken down by law enforcement in early June, have renewed the botnet with at least...

New GameOver Zeus Botnet Malware Variant Surfaces

The GameOver Zeus takedown was trumpeted as a victory against cybercrime, and for all its success, even those involved understood it was likely a temporary win. Researchers at Seculert have spotted a new variant of GameOver Zeus that has spurned previous versions’ peer-to-peer communication...

Mayhem — A New Malware Targets Linux and FreeBSD Web Servers

Security researchers from Russian Internet giant Yandex have discovered a new piece of malware that is being used to target Linux and FreeBSD web servers in order to make them a part of the wide botnet, even without the need of any root privileges. Researchers dubbed the malware as Mayhem, a nast...

Onion Ransomware Demands Bitcoins, Uses Tor, Advanced Encryption

More details about a new family of encryption ransomware that uses the anonymous network Tor and requires users pay by Bitcoin have emerged. The ransomware, known in some circles as Critoni or CTB-Locker, has been dubbed Onion by researchers at Kaspersky Lab as its creators use command and contro...

CryptoLocker Infections Continue as New Rasomware Evolves

U.S. and European law enforcement officials last month, performed a coordinated takedown of the GameOver Zeus botnet. At the time, they claimed that the operation also neutralized the infamous CryptoLocker ransomware, which criminals had distributed using GameOver’s infrastructure. However, Tyler...

New Pushdo Malware Hacks 11,000 Computers in Just 24 Hours

One of the oldest active malware families, Pushdo, is again making its way onto the Internet and has recently infected more than 11,000 computers in just 24 hours. Pushdo, a multipurpose Trojan, is primarily known for delivering financial malware such as ZeuS and SpyEye onto infected computers or...

SSL Black List Aims to Publicize Certificates Associated With Malware

Malware and botnet operators are always adapting their tactics, trying to stay a step or two ahead of defensive technologies and techniques. One of the methods many attackers have adopted is using SSL to communicate with the infected machines they control, and a researcher has started a new...

After Takedown, GameOver Zeus Banking Trojan Returns Again

A month after the FBI and Europol took down the GameOver Zeus botnet by seizing servers and disrupting the botnet’s operation, security researchers have unearthed a new variant of malware based explicitly on the same Gameover ZeuS that compromised users’ computers and collectively formed a massiv...

Possible New Version of GameOver Zeus Malware Emerges

It’s only been a little more than a month since the FBI and Europol took down the GameOver Zeus botnet, taking control of its command-and-control infrastructure and effectively cutting off the malware’s head. But researchers say that there are some indications that a new strain of the malware may...

Tinba Banker Trojan Source Code Posted

The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the...