Social Icons

Showing posts with label steal. Show all posts
Showing posts with label steal. Show all posts

Monday, November 01, 2010

Bredolab grabs Attention

1.    A 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.Main features of this trojan botnet are enumerated below for info : 
  • Users of computers with viruses from this network will receive a notice of at the time of next login with information on the degree of infection. 
  • Bredolab, known for spreading spam and rogue antivirus, is thought by some experts to have infected at least 30 million computers.
  • Spread via drive-by attack websites and spam email attachments.
  • Infecting machines with a backdoor that downloads additional malware without the victim's knowledge. 
  • Sends out spoofed password reset messages to Facebook users in an attempt to spread malware and infect users of the social network.
  • Has the power to obtain information on the user's computer including the ability to copy, change or delete files and other information," 
  • Pushdo botnet uses Facebook to spread malicious email attachment: A phony message warns users that their Facebook password has been reset.
  • Majority of infections are in the U.S. and the U.K. and many Western European countries.
  • Discovered by the Dutch High Tech Crime Team in the late summer.
  • Capable of infecting 3 million computers a month. The botnet network used servers hired in the Netherlands from a reseller of LeaseWeb, which is the largest hosting provider in the Netherlands, and one of the largest hosts in Europe.
  • Able to constantly change its appearance to avoid detection by traditional antivirus signatures. Like other botnets, the Trojan communicated with the command-and-control server using encrypted messages.

Friday, October 08, 2010

Here comes Trojan-PWS-Nslogm to steal Passwords and credentials from Mozilla

1. I am sure we all endeavor to keep the antivirus updated,keep the OS patch updated,keep cleaning registries,keep cleaning browser history at regular intervals,keep ensuring regular complete scan of the precious PC Machine that we own....we all do this to ensure that we r safe while we browse...now read further to find out how it all goes in vain even with the best and leading browser company......

2. Antivirus company Webroot have identified an information extracting trojan, which alters a Firefox file, so that the browser stores passwords automatically.The trojan is named as Trojan-PWS-Nslogm and is capable of stealing usernames and passwords stored by both Internet Explorer and Firefox browsers.By default, whenever Firefox detects that login credentials are submitted through a Web form, it offers to remember them for future use.When this happens, the user is presented with several options which include "Remember", "Never for This Site" or "Not Now". If they choose remember, the browser stores the username and password in a local database.Since it's easier to steal credentials from this database instead of injecting the browser process and grabbing them as they are submitted, the author of this trojan thought it would make more sense to have Firefox remember all passwords without asking users for confirmation.To achieve this, he created a routine to patch the nsLoginManagerPrompter.js file in the Firefox installation by adding new code and commenting out some already existent lines."The Trojan then scrapes information from the registry, from the so-called Protected Storage area used by IE to store passwords, and from Firefox’s own password storage, and tries to pass the stolen information onward, once per minute," Andrew Brandt, a malware researcher at Webroot, explains.

3. The password stealer installs itself in the c:\windows\system32 folder as a file called Kernel.exe. The captured data is send to a command and control server via a deprecated ActiveX control called msinet.ocx.

4. So kya solution hai?...whats the solution to this?...simply stop using internet....just joking...solution being worked out still at FIREFOX labs.Thanks http://news.softpedia.com

Powered By Blogger