Ramnit Malware Back and Better at Avoiding Detection

The Ramnit malware family has been given a facelift with new anti-detection capabilities, a troubleshooting module, as well as enhanced encryption and malicious payloads. Tim Liu of the Microsoft Malware Protection Center said Ramnet resurfaced late last year and its keepers had stripped out all ...

Aloaha Credential Provider Monitor 5.0.226 - Local Privilege Escalation

Aloaha Credential Provider Monitor 5.0.226 Local Privilege Escalation Vulnerability Vendor: Aloaha Software - Wrocklage Intermedia GmbH Product web page: http://www.aloaha.com Affected version: 5.0.226 Summary: Aloaha Credential Provider represents one of the most dramatic changes in the Windows...

Aloaha Credential Provider Monitor 5.0.226 Privilege Escalation

Aloaha Credential Provider Monitor 5.0.226 Local Privilege Escalation Vulnerability Vendor: Aloaha Software - Wrocklage Intermedia GmbH Product web page: http://www.aloaha.com Affected version: 5.0.226 Summary: Aloaha Credential Provider represents one of the most dramatic changes in the Windows...

[SAMHAIN 3.0.9] File Integrity Checker / Host-Based Intrusion Detection System

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...

Necurs Rootkit infect 83,427 machines in November

Rootkit named as "Necurs" infect 83,427 unique machines during the month of November 2012. It is a multi-purpose rootkits capable of posing a threat to both 32 and 64-bit Windows systems. Distributed via drive-by download on the websites that host the BlackHole exploit kit. Like other rootkits it...

Necurs Rootkit infect 83,427 machines in November

Rootkit named as "Necurs" infect 83,427 unique machines during the month of November 2012. It is a multi-purpose rootkits capable of posing a threat to both 32 and 64-bit Windows systems. Distributed via drive-by download on the websites that host the BlackHole exploit kit. Like other rootkits it...

Necurs Rootkit Infections Way Up

Infections from a nasty bit of malware, generally delivered by the Black Hole Exploit Kit, surged in November, hitting more than 83,000 machines. Microsoft’s Malware Protection Center rates the Necurs rootkit threat as severe. Dubbed a rootkit by Kaspersky Lab, Necurs has many dimensions to it...

64-bit Debian Linux Rootkit with nginx Doing iFrame Injection - Active Check

Debian Squeeze Linux Rootkit with nginx is prone to iframe injection. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx...

New Linux Rootkit Attacks Internet Users

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of...

Linux Kernel 2.6.x /proc Rootkit Backdoor (Unix/Darbe-A)

Linux Kernel 2.6.x /proc rootkitUnix/Darbe-A Date: ===== 2012-11-21 Introduction: ============= Unix/Darbe-A is a new kernel rootkit based /proc file system., modification is made in order to support kernel 2.6.x Detected ========...

New Linux Rootkit Emerges

A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for...

Russian Underground Cybercrime market offering sophisticated services

Security firm Trend Micro recent analyses the Russian crimeware markets and has found that malware tools and services range from one-time packages which cost just pennies to sophisticated packages and services which cost purchasers thousands of dollars per month. If you want to buy a botnet it wi...

OpenSSH 6.0p1 Backdoor Patch 1.2 Vulnerability 0day

This patch is for openssh-6.0p1 source which combines a known openssh backdoor and Sebastian Krahmer's openssh.reverse capabilities. Telnet to target openssh server and issue udcgamaimagic string for getting reverse openssh connection. $id: udc-hackssh-v3bajaulaut-v1, 2012/10/28 05:00:50 slash...

ZeroAccess Botnet Cashing in on Click Fraud and Bitcoin Mining

A mid-year switch in communication protocol and distribution strategy is behind a spike in activity from the ZeroAccess botnet, a prolific and malicious ad click fraud network. Researchers at Kindsight Security Lab reported today that ZeroAccess accounts for 29 percent of home network infections ...

Nitol Infections Fall, But Malware Still Popping Up

When Microsoft went after the Nitol botnet in September, one of the key details in the investigation was the fact that much of the botnet was built by pre-loading malware onto laptops during the manufacturing process in China. This was the clearest case yet of the phenomenon of certified pre-owne...

Hardening Linux Security in few seconds using "Server Shield"

Are you running Linux just because you think it's safer than Windows? Think again. Sure, security is a built-in feature and extends right from the Linux kernel to the desktop, but it still leaves enough room to let someone muck about with your /home folder. Linux might be impervious to viruses an...

9 million PCs infected with ZeroAccess botnet

In recent months, we've seen the rootkit family Win32/Sirefef and Win64/Sirefef also known as ZeroAccess Botnet update its command and control protocol and grow to infect more computers while connecting to over one million computers globally. Before, disclosed that it creates its own hidden...

New Iteration of TDSS/TDL-4 Botnet Uses Domain Fluxing to Avoid Detection

A new version of the TDSS/TDL-4 botnet is rapidly growing, primarily because it’s having great success using an evasion technique known as a domain generation algorithm DGA to avoid detection, researchers at Damballa Security revealed today. The algorithm helps the latest version of the botnet...

New Mac Trojan Dropper Creates Backdoor, Survives Reboots

There’s a new Mac Trojan dropper that uses a silent installation process and it also has the ability to establish backdoor access to infected machines. Security researchers at Intego found samples of the OSX/Crisis malware on the Virus Total website, but it has not yet been found in the wild...

Android Clickjacking Rootkit Demonstrated

Android Clickjacking Rootkit Demonstrated Mobile security researchers have identified an aspect of Android 4.0.4 Ice Cream Sandwich and earlier models that clickjacking rootkits could exploit. Researchers at NC State in the US have developed a proof-of-concept prototype rootkit that attacks the...