It’s Alive: The Resurgence of ZeroAccess Botnet

 
Check Point Malware Research Group, 04/02/2014 Summary Through leveraging Check Point’s ThreatCloud security intelligence, in recent weeks, our vulnerability research team has detected a spike in ZeroAccess botnet activity. This is surprising given that this botnet was taken down by law enforcement, working in conjunction with Microsoft, in mid-December 2013. Despite this enforcement action, it appears that the criminals behind ZeroAccess have simply picked up where they left off. Further, the latest Check Point research indicates that organizations may not be doing enough to prevent and remove known bots from their networks. About ZeroAccess Initially discovered in ...

Threat Emulation Identifies Spear Phishing Attack Using Near-Zero-Day Malware

 
Summary On October 22, 2013, Check Point’s ThreatCloud Threat Emulation service analyzed suspicious documents sent by email to end users at a media company. Analysis of the malware, which was intercepted through a Message Transport Agent (MTA) configuration and sent to the Threat Emulation Service for sandboxing, revealed that the documents exploited a vulnerability in Microsoft Word in order to install a seldom-detected variant of the Zeus/ZBOT Trojan. Over the following days, Check Point’s ThreatCloud Emulation Service detected a similar attack on four additional organizations in UK, Italy, Turkey and Greece. Further investigation by Check Point security researchers determined ...

Weekly Mobile Security News Roundup

 
This week’s summary is a mix of both positive and negative signs surround the mobile security world. On one hand, we’re finally witnessing both relevant punishments for security lapses as well as service providers trying to take responsibility for their users’ security. On the other hand, major players that are widely presumed to be safest mobile options, are still letting users down. A substantial new vulnerability is exposed in HTC devices which allows an attacker to root devices. Lacoon customers are automatically protected. MDMs, Secure Containers and Wrappers do not provide mitigation against such rooting attacks. ...

Sounds like a Vulnerability, eh Mate? The new HTC One M8 Vulnerability

 
Last week, the first exploit for the HTC One M7 and the brand new HTC One M8 - two of the most popular available smartphones today - was published. The significance? The vulnerability behind this exploit means that any app, regardless of its permission set, can run the exploitable code in order to gain root access (i.e. remove all of Android’s built-in security mechanisms). In other words, an attacker can take a legitimate app, let’s say Flappy Bird, re-package it with exploit code and distribute it. A victim running the app will unknowingly provide that app, and consequently the attacker, with root permissions on the device. ...