Gladiator Research and Security

Over the past year, security researchers found many new Web attacks indicating that the “bad guys” have come up with some rather advanced methods to accomplish their dirty deeds.  In the past few months alone, two particular banking attacks have been detected that demonstrate the sophisticated methods being used to steal money from online banking users.  In the first attack method, dubbed “Chat-in-the-Middle,” the fraudster creates a fake support chat session with his victim by claiming to be from the bank’s fraud department.  The fraudster then uses social engineering techniques to attempt to gather further information from the unsuspecting victim.  The second attack, a Trojan known as URLZone, involves editing a user’s banking website to hide money transfer transactions started by the attackers.  This technique gives attackers ample time to transfer the funds through “money mules” and, eventually, into their own accounts, well before the attack is ever spotted by the victim.

We’ve all noticed the trends lately which suggest that new malware is being written at an ever-increasing pace.  It seems like each day a new threat is discovered by security professionals.  However, anti-malware products seem unable to keep up with the pace set by the malware programmers.  So, what can be done to combat this discrepancy?  Have you heard of software “sandboxes”?  Read on and we’ll discuss some options available to help you fight in the war against malware.

Microsoft has announced three new patches for its monthly release cycle.  One patch is rated critical, and affects both server and client operating systems.  This patch covers a remote code execution vulnerability, and should be patched as soon as possible. The other two patches are rated important, and only affect servers.  These vulnerabilities could allow spoofing, but not remote code execution.

Security researchers have seen a new worm, called Waledac, quickly spreading throughout many networks.  Many of these researchers feel that Waledac bears a striking resemblance to one of the most devastating worms of all time, Storm.  Like the Storm worm, Waledac is spread through emails that appear to be holiday themed “e-cards.”  So far, users and researchers have seen both Christmas and Valentine’s Day e-cards being used.

Microsoft has released four patches resolving two Critical and two Important vulnerabilities in various Microsoft products.

Recently, researchers have discovered millions of PC’s that have been infected with the Conficker worm, also commonly known as Downup and Downadup.  Conficker is a rather nasty worm that can quickly spread itself around networks once entering in a few possible ways.  The majority of systems are first compromised via a vulnerability in Microsoft’s Server service.  This vulnerability, described in MS08-67, could allow remote code execution through specially crafted NETBIOS traffic.  The worm has also been found on compromised web servers and can be installed when users try to view web pages served by the compromised server.

Security researchers have found yet another new technique phishers are using to collect user information.  The new method is called “in-session phishing” and involves creating a pop-up requesting the user to re-enter username and password information for an already open banking session.  First, the site hosting the malicious code will try to detect whether the user has an open banking session.  The malicious site then will create a pop-up that indicates that the banking session has expired and the user credentials must be entered again.  Information then typed into the malicious pop-up will be recorded by the phishers.  Researchers also have stated that the pop-up may be cleverly masked and also can come in the form of customer satisfaction surveys or advertisements.  Since the site is not technically injecting code or files onto the user’s machine, this type of attack will be harder to detect than normal trojans or viruses.