Hackers change domain details to infect ransomware
Hackers have altered DNS records of websites hosted by Go Daddy, with the aim of infecting visitors with ransomware. The attackers are adding subdomains to the DNS records, pointing to a malicious IP address under their control, allowing victims to believe they are going to the right website, and for the pages to avoid various security protection mechanisms. This attack comes two months after an alleged attack on the Go Daddy network.
Instagram on Android marred by clone apps
Android's app climate had some of its problems exemplified late Wednesday after Sophos discovered a fake version of Instagram for Android. At least one scam site has claimed to offer the app and copied much of the marketing into Russian. Isntead of downloading the real app, it loads a superficial, broken app that secretly loads the Boxer-F trojan, which sends secret paid SMS messages to make money for the creator.
Exploit could wreck files or alter permissions
Microsoft has confirmed a vulnerability in the Windows kernel that was being used in the Duqu exploit. If used, an attacker could install apps, change data, or create new accounts with full user rights. Microsoft is working on a full fix, and in the meantime, is offering a workaround for download (free, Fix it tool).
Tool quarantines questionable files
Sophos today released a free piece of Mac security software, Anti-Virus Home Edition. The utility is based on the company's business software, and said to be full-featured with the same threat detection, cleaning and quarantining. It addresses both Mac and Windows threats, to prevent Macs from spreading Windows malware, and can detect new viruses. Once files are quarantined, they can be examined/or deleted.
KHOBE could infect any Windows XP system
Researchers at Matousec have found malware that could potentially compromise nearly every Windows XP system using current antivirus software. KHOBE (Kernel Hook Bypassing Engine) takes advantage of the vulnerable System Service Descriptor Table to trick Microsoft's OS into accepting rogue code. It allows a safe code thread to be scanned by antivirus apps but immediately swaps in a thread containing a virus or other attack, giving the malware free rein.
Code works in similar way to recent 5 Euro scam
A new worm has begun targeting iPhones and iPod touches, however it only appears to attack jailbroken devices, according to the security company Sophos. The worm, which works in a similar way to the recent 5 Euro scam, was reportedly discovered after a Dutch ISP noticed unusually high volumes of data traffic.