An investigation concerning the 1.2 billion stolen logins which were found this month has started. The investigation will be conducted by the FBI, and one of their press spokesman guaranteed that the public will be provided with more information in the near future.
According to IT professionals, a new malicious program similar to CryptoLocker has appeared. iSIGHT, the company which discovered this nasty program, called it TorrentLocker. According to them, TorrentLocker has many differences at the code level compared with the Cryptolocker, although the newly made program is equipped with components which could be found both in CryptoLocker and CryptoWall. For example, the ransom message presented by TorrentLocker is very similar to the CryptoLocker’s one and the whole ransom page looks like the one displayed by CryptoWall. The malicious program is distributed using spam.
The removal of some popular apps from Google Play and Apple App Store is causing unexpected troubles. According to various sources, this situation is perfectly exploited by malware developers, as they create clones of Flappy Bird and other well-known games and programs which are used for carrying malicious apps. As a result, unsuspecting users are downloading and running harmful programs. The installation of these apps might result in financial damage because some of them are capable of dialing premium numbers without user‘s consent. Furthermore, other malicious programs have the capabilities to spy on ingoing and outgoing messages. Unfortunately, some of these applications have features which have the potential to cause even greater damage.
There are a lot of malicious programs categorized as ransomware, but CryptoLocker stands out of them as one of the most dangerous. The working principles of CryptoLocker are very similar to its analogs. It infects the PC and restricts access to the stored data by encrypting the files, and if the victim wants to restore the access, he/she has to pay the ransom. A lot of the developers of ransomware implicate this type of scheme. Unfortunately, the creators of CryptoLocker took one additional step. They improved the strategy; As a result, once the computer is infected the victims only have 72 hours to pay the ransom which might vary from 100USD to 500USD. If the requested funds are not transferred in the given time, the locked files will be deleted.
Last week saw major changes in the attempts to destroy a giant botnet called “ZeroAccess”. Microsoft and Europe’s authorities have joined forces believing that this collaboration will significantly increase the chances of success. Currently the botnet has a pool of more than 2 million computers. Law enforcement units, which specialize in cybercrime from Latvia, Switzerland, Germany and Holland as well as the Europol’s European Cybercrime Center (EC3) are the most active participants among the government authorities. The interest from Latvian, Swiss, German and Dutch authorities can be explained by the fact that these nations hosted a lot of the servers which were used to control the botnet.
The users of Bitcoin have encountered new issues. We all remember the release of Bitcoin mining malware and Bitcoin malware which caused a lot of fuss among the users of this digital currency. But those are minor events in comparison to the things that happened last week. Astonishing amount of Bitcoins, 96,000 to be exact, vanished from the Sheep Marketplace. Currently the value of Bitcoin is very unstable. The exchange rate is swinging up and down; for example just couple of weeks ago the value of Bitcoin managed to drop from 1,203 USD per coin to 200 USD in one weekend. Currently a single coin is worth 1,102 USD; as a result, more than $100 million worth damage was done.
CryptoLocker has recently become one of a few ransomware families which offer Bitcoin as a payment method to its victims. Security expert at AlienVault, Alberto Ortega, has recently released a report concerning these events. He stated that Bitcoin is the latest inclusion to the list of payment systems, which are used by CryptoLocker. As a result, the 300 USD ransom can be paid using not only cashU, Ukash or MoneyPak but also Bitcoin.
Most of the ransomware use similar tactics. These programs lock the infected computers or encrypt the data which is stored on the HDD. Then the victims are offered to pay a ransom if they want to regain access to their PC and their data. Unfortunately, if the money transaction is made there is still no guarantee that the computer or the data will become accessible. That’s why security experts do not recommend paying the ransom, no matter what type of ransomware has infected the PC. Seeking for appropriate antivirus product, or removing the malware manually, are the best solutions to this kind of problems.
A new Trojan is on its way. Its name is Hand of Thief, and it will attack computers running on Linux operating system. Although the virus is only available on the Russian black market, it is expected that this situation will change in the future. The Trojan currently costs 2,000 USD, but it is predicted that the price will reach 3,000 USD once the development will be over. Furthermore, any updates of the Trojan will cost additional 550 USD.
Limor Kessem, security expert at RSA’s FraudAction research lab, released a statement on Wednesday. He claimed that the team of researchers from RSA has found out the server-side source code of the malware. This was achieved by performing reverse-engineering on the Trojan.
Due to recent events, which saw the fall of Citadel and other major banking Trojans, a new virus is eagerly awaited by the criminals. According to the information available on the underground forums, such project would surely be financed.
Investigators from RSA’s FraudAction Research Lab reported that the criminals will finance the development of new virus if it meets specific criteria. First of all, the virus should be available for purchase. Secondly, it should be easy to use. Finally, if some problems concerning the virus do happen, criminals should be provided with technical support from the developers. The investigators discovered a new virus called KINS which according to them is very attractive to the criminals.
KINS has become available for purchase just recently. The virus is very similar to its predecessors such as SpyEye, Zeus and especially Citadel. Due to the similarities to the latter virus, the hunt for the KINS developers followed, but it was a short-lasting campaign. Nevertheless, the developers always claimed that this is not a modification of previous viruses, but a completely new project.
In the light of recent events, cyber criminals created a plan in order to exploit the current buzz surrounding the birth of the future king. They direct the fans of newborn baby using spam email to a domain which serves as Black Hole exploit kit.
This campaign started few days ago, at the time when Kate Middleton went into labor. The scammers sent millions of letters to various recipients worldwide. The text in the letters contains a link which supposedly leads to a website providing a live feed about the birth of the baby. When users click on the link they are directed to a webpage which then again provides another link and the latter one leads to the mentioned corrupted website. Fortunately, the first webpage together with the link are now deleted. Nevertheless, investigators discovered three more URLs that are used in the same manner. If you enter the original URL in a search engine, you will be provided with only one result, which according to Kaspersky Lab experts is quite interesting.