Home Vulnerabilities Exploits Hacking IT Security Malware
Twitter
RSS

Archive for July 24th, 2010


Why won’t my sample run?

By admin on Saturday, July 24th, 2010 | No Comments

Here at SophosLabs we have recently been seeing samples of Zbot (also known as the Zeus crimeware kit) that refuse to execute on any of our testing machines.

Often when this happens it is because the sample is corrupt or will only execute on specific versions of Windows, or maybe because the file will only run on a specific date (e.g. CIH).

However, these Zbot samples have been crafted to ensure that they only work when executed on one specific machine and from one specific path. Any attempt to execute the sample on a different machine or from a different path will result in early termination of the malware and no impact on the target system.

 

This is achieved through a form of hardware based digital watermarking that makes dymanic analysis of the sample effectively impossible for AV researchers.

 

Older versions of Zbot (pre version 2.0), when first installed would copy their executable to… Read the rest

Read More...

Review: LogMeIn Ignition for Android smartphones

By admin on Saturday, July 24th, 2010 | No Comments

LogMeIn recently released an Android version of its Ignition mobile remote desktop app; the app allows you to access and control multiple Mac or PC computers from the palm of your hand.

Specifications

  • Product: LogMeIn Ignition for Android
  • Language: EN, ES, FR, DE, IT, NL, JP
  • Compatibility: Android 1.5 and greater
  • Security: AES 256-bit encryption (Learn more about LogMeIn security)
  • Price: $29.99

Who is the target market?

LogMeIn creates products for business users and consumers, and LogMeIn Ignition for Android straddles that line. You can use it to access multiple home PCs or access PCs across your enterprise. Because it offers a secure connection, you can do more advanced tasks like add users within server management consoles, restart Exchange servers, or check backup operations.

What problem does it solve?

While remote access isn’t a

Read the rest

Read More...

Iran was prime target of SCADA worm

By admin on Saturday, July 24th, 2010 | No Comments

IDG News Service - Computers in Iran have been hardest hit by a dangerous computer worm that tries to steal information from industrial control systems.

According to data compiled by Symantec, nearly 60 percent of all systems infected by the worm are located in Iran. Indonesia and India have also been hard-hit by the malicious software, known as Stuxnet.

Looking at the dates on digital signatures generated by the worm, the malicious software may have been in circulation since as long ago as January, said Elias Levy, senior technical director with Symantec Security Response.

Stuxnet was discovered last month by VirusBlokAda, a Belarus-based antivirus company that said it found the software on a system belonging to an Iranian customer. The worm seeks out Siemens SCADA (supervisory control and data acquisition) management systems, used in large manufacturing and utility plants, and tries to upload industrial

Read the rest

Read More...