Hackers flip characters to disguise malware

Hackers are using a new trick to cloak malicious files by disguising their Windows file extensions to make them appear safe to download, a Czech security company warned today.

The exploit, dubbed “Unitrix” by Avast Software, abuses Unicode for right-to-left languages — such as Arabic or Hebrew — to mask Windows executable files (.exe) as innocuous graphic images (.jpg) or Word documents (.doc). Unicode is the computer industry standard for representing text with alpha-numeric codes.

The Unitrix exploit uses a hidden code (U+202E) that overrides right-to-left characters to display an executable file as something entirely different. Using that ploy, hackers can disguise a malicious file that ends with gpj.exe as a supposedly-safer photoD18727Coll exe.jpg by reversing the last six characters of the former.

Source:
http://www.networkworld.com/news/2011/090711-hackers-flip-characters-to-disguise-250579.html?source=nww_rss

Posted in Internet, Security | No Comments

Facebook is a nightmare!

Read the September 5th update at the bottom of this page:

http://www.f-secure.com/weblog/archives/00002223.html

Posted in Internet, Privacy | No Comments

DNS attacks on popular websites

Keep in mind that today’s DNS hacks of popular websites such as acer.com, ups.com, theregister.co.uk were just that.  A DNS hack.  The actual sites themselves have not been compromised.  For example:

UPS.com was altered to point to ups.com.85621INNSns1.yumurtakabugu.com

The attackers only changed the NS records for the website.  This could have been much worse.

References:
http://isc.sans.edu/diary.html?storyid=11503&rss
http://nakedsecurity.sophos.com/2011/09/04/dns-hack-hits-popular-websites-telegraph-register-ups-etc/

Posted in Internet, Privacy, Security | No Comments

Mathilde Decagny

We really do underestimate the dog trainer from the show Frasier. Thank you Mathilde Decagny!

(way off topic. sorry)

Posted in General BS | No Comments

Zeus bank Trojan now fused with Ramnit worm

Researchers have uncovered evidence that the infamous Zeus login-stealing Trojan has been blended with the Ramnit worm to create hybrid malware that can attack online bank accounts while spreading across networks.

Security company Trusteer said it recently discovered a mutant version of Ramnit that appeared to be using a man-in-the-browser (MitB) web injection module to trick bank customers into handing over their logins details, a technique straight out of the Zeus (aka ‘SpyEye’) design book.

The company has not yet established that the malware’s source code was definitely from Zeus, but is confident that there was now enough circumstantial evidence to suggest that it was. The Zeus source code is believed to have become widely available in criminal circles in May after a leak of unconfirmed origin so security watchers have been on the lookout for new malware incorporating some of its most powerful and often very specific features. Trusteer is convinced that the Ramnit variant is the first recorded example of that.

Source:
http://www.macworld.co.uk/digitallifestyle/news/index.cfm?newsid=3299152&olo=rss

Posted in Internet, Privacy, Security | No Comments