Researchers expect large wave of rootkits targeting 64-bit systems

June 25, 2014 – 7:01 AM

Following a downward trend during the past two years, the number of new rootkit samples rose in the first quarter of this year to a level not seen since 2011, according to statistics from security vendor McAfee.

The sudden spike in rootkit infections during the first three months of the year was caused primarily by a single rootkit family that targeted 32-bit Windows systems. However, new rootkits designed for 64-bit systems will likely lead to a rise in this type of attack in the future, researchers from McAfee said in a report published Tuesday.

Rootkits are malware programs designed to hide other malicious applications and activities from users. They typically run inside the OS kernel with the highest possible system privileges, making their removal and detection hard for security products.

The McAfee researchers believe that the decrease in the number of new rootkit samples observed during 2012 and 2013 can be explained through the growing adoption of 64-bit versions of Windows, which provide some defenses against such threats, like the PatchGuard kernel patching protection and the digital signature enforcement for drivers.

“These protections have certainly increased the cost to build and deploy rootkits on 64-bit platforms,” the McAfee researchers said.

However, with the number of 64-bit systems growing, so is the incentive for attackers to invest in methods of bypassing those defenses.

Source:
http://www.pcadvisor.co.uk/news/security/3526900/researchers-expect-large-wave-of-rootkits-targeting-64-bit-systems/

US House passes an amendment which would remove funding from the NSA’s backdoor searches

June 20, 2014 – 4:47 AM

The United States House of Representatives voted in favor today of an amendment which would cut funding to the NSA’s controversial “backdoor search” programs, which critics have long bemoaned as unconstitutional and even illegal.

The amendment, co-sponsored by reps Zoe Lofgren and Thomas Massie, sought to change a provision in the 2015 Defense Appropriations Act which would provide funding to the controversial backdooring which the NSA has installed on consumer products for years. Additionally, the amendment would remove the funding which enabled the NSA to warrantlessly search users’ personal information, which includes emails, browsing history, and chat logs.

Proponents of the amendment, like representative Justin Amash, say the bill would go a long way in slowing down what they claim to be “expansive government overreach” conducted by the NSA.

Source:
http://www.neowin.net/news/us-house-passes-an-amendment-which-would-remove-funding-from-the-nsas-backdoor-searches

Android phones are now being sold with pre-installed malware

June 19, 2014 – 4:44 AM

Android has a well-earned reputation for malware issues, despite Google’s efforts to keep its Play Store free of rogue apps. But there are many dark corners of Android where malware continues to thrive, particularly on independent app stores that do little or nothing to keep such apps at bay.

Security advisors are constantly reminding users to be cautious of what they install on their devices, but it seems that even that advice is no longer sufficient. German security firm G DATA issued a release this week warning that Android handsets were being sold via numerous outlets, including major online stores such as eBay and Amazon, “with extensive spyware straight from the factory.”

The Star 9500 – available under several variations of that name – bears a striking a similarity to the Galaxy S4, which is known also by its Samsung model number, i9500. G DATA reported that the Star 9500 is being sold preloaded with a Trojan, known as Uupay.D. Unlike most malware, it is not simply an app that can be uninstalled from the device; rather, the Trojan is baked into the firmware, disguised as the legitimate Google Play Store, and cannot be be simply extricated from the device’s OS.

Source:
http://www.neowin.net/news/android-phones-are-now-being-sold-with-pre-installed-malware

New Zbot malware campaign discovered by researchers

June 18, 2014 – 4:44 PM

A new malware campaign spreading the Zeus trojan via phishing messages was discovered by researchers early Wednesday.

AppRiver, an email messaging and web security solutions firm, told SCMagazine.com on Wednesday that it had quarantined 400,000 messages so far – a number that had jumped up from 40,000 just earlier in the day.

The malicious emails claim to be daily customer statements from “Berkeley Futures Limited,” a real company being imitated by miscreants, according to a blog post by Jonathan French, security analyst at AppRiver.

Each message includes a password protected, encrypted ZIP file that helps the attachment get past anti-virus detection, and also may lead users into thinking the message is secure.

However, the password is included in the body of the email, something that Fred Touchette, senior security analyst at AppRiver, believes should serve as a warning to recipients.

“It’s a huge red flag if they include the password in the email, so they’re taking a real chance,” Touchette told SCMagazine.com Wednesday. “It must be working enough for them that they keep trying it.”

There are two files contained within the attachment, a phony spreadsheet in the form of an SCR file and a PDF file of a fake invoice. Although the attachment in the email had a ZIP extension, it’s actually RAR file.

Source:
http://www.scmagazine.com/new-zbot-malware-campaign-discovered-by-researchers/article/356485/

Remove Android ransomware for free

June 18, 2014 – 4:43 AM

avast! Ransomware Removal is a free app that eliminates Android ransomware and decrypts locked and ransomed files.

Simplocker is a new Android virus that encrypts photos, videos, and documents stored on smartphones and tablets, and then demands payment to decrypt them.

“Simplocker blocks access to files stored on mobile devices. Without our free ransomware-removal tool, infected users have to pay $21 to regain access to their personal files,” said Ondrej Vlcek, Chief Operating Officer at AVAST Software. “Even though we are seeing exponential growth in ransomware on mobile devices, most of the threats to encrypt personal files are fakes. Simplocker is the first ransomware that actually encrypts these files, so we developed a free tool for people to restore them.”

Anybody infected by Simplocker or any other type of ransomware can download the removal tool in the Google Play Store, and then installing the app remotely on their infected device.

Source:
http://www.net-security.org/malware_news.php?id=2786