Kindsight Blog

Discussing Identity Theft and Current Online Threats

Mac Infection “Flashback” Jumps to Number One

05/14/2012
posted in:

For the first time ever, malware targeting the Macintosh platform is in the number one position on the Kindsight Security Labs home network infections list. Our detection statistics for the month of April show that about 10% of homes with Mac computers were infected with this malware which is an increase from the 7% reported last month.

Because of this ongoing high infection rate, we took a closer look on a daily basis at the number of home networks infected. The graph below shows the percentage of homes that have Macs that are still infected over the last 4 weeks. This detailed analysis shows that even though the infection rate is on the decline, it is still significant (3-6%).

Flashback infections

Bookmark and Share

Threats in the News for April

05/11/2012
posted in:

Since the beginning of malware, Windows PCs were clearly the target of hackers. In the last few months, this has clearly changed as both mobile devices and Mac computers have been the targets of some large-scale attacks.

In April, more Mac computers continued to be infected with the Flashback malware even though there were some initial reports of a decline. And, on the mobile front, fifteen bad apps were able to sneak by Google Bouncer while Pinterest, Instagram and Angry Birds apps for Android were found to be malware in disguise.

Bookmark and Share

Kindsight Security Labs Releases Q1 2012 Malware Report

05/9/2012
posted in:

Today, we released the Kindsight Security Labs Malware Report for Q1 2012. This quarterly report reveals statistics and security trends for malware infections in home networks and mobile devices. Kindsight Security Labs brings a unique perspective to the space because we detect threats in the network by looking for communications from subscribers’ infected devices to cybercriminal servers.

Kindsight Security Labs Q12012 Report infection graphic

Bookmark and Share

1 in 15 households with Macs are infected with Flashback

04/19/2012
posted in:

On April 4th, Dr Web, a Russian anti-virus vendor, reported that over 550,000 Mac OSX machines were infected with the Flashback bot. The malware is spread via a Java applet that is a fake update for the Adobe Flash Player. This downloads and installs the malware, which then connects to a C&C server to await additional instructions.

A couple of days later Kaspersky reported that they used passive OS fingerprinting techniques to verify that over 98% of these infections were from computers running OSX. Kindsight Security Labs has confirmed these findings and estimates that 6.9% of North American households with a Mac computer have been infected with this malware.

Bookmark and Share

Threats in the News for March

04/17/2012
posted in:

The ongoing battle against botnets was front and center in the news for March. On one side, Microsoft continued to take a leadership role in the battle, as they were part of another raid to gather evidence and deactivate servers involved in cybercrime. While on the other side, two new botnets were discovered by the security industry.

At the same time, the FCC issued its Anti-Bot Code of Conduct and several organizations formed the Industry Botnet Group to pursue the short-term goals outlined by the U.S. Commerce and Homeland Security departments.

Bookmark and Share

ZeroAccess/Sirefef Botnet grows 4x in past month

04/11/2012
posted in:

We continue to analyze the activity of the ZeroAccess/Sirefef botnet that we first reported in February 2012. It looks like the problem is growing as indicated by the numbers reported between Feb 29 and Mar 29 from our network sensors.

ZeroAccess botnet communicate with peers

Bookmark and Share

Being sucked into a Blackhole

04/2/2012
posted in:

As I was reviewing my email recently, I was “disappointed” to learn that the IRS had declined my Income Tax Refund Appeal due to a misunderstanding of the facts. To speak with someone about it, I could contact them during their convenient office hours on Wednesday and Friday, 3 AM- 8:30 AM, by calling their 1-900 number.

In addition to getting up at an ungodly hour, they will charge $3.59/min to lookup the file to see why they are declining the appeal. Thankfully to avoid this expense and inconvenience, they attached instructions to the email on how to provide the required details and re-submit the appeal.

IRS email spam

Bookmark and Share

Threats in the News for February

03/13/2012
posted in:

With two major industry conferences (RSA Conference and Mobile World Congress) taking place in February, there was no shortage of product news including our launch of Kindsight Mobile Security. However, while security vendors were releasing solutions to address the growing malware problem, hackers were launching new attacks.

In February, we saw new Android malware, a new Mac Trojan and Quickbooks being exploited in order to spread an attack. At the same time, we saw the return of Kelihos, more Facebook scammers and the Zeus Trojan starting to leverage p2p networks. It’s safe to say that the battle will continue.

Bookmark and Share

Malware Analysis: Encrypted p2p C&C Botnet – ZeroAccess/Sirefef

02/28/2012
posted in:

Late last year, we noticed an encrypted p2p command and control protocol used by malware identified as ZeroAccess, Sirefef, Vobfus and many of other names. The use of this protocol, with slight variations, has been seen in a variety of seemingly unrelated malware samples in our lab, indicating fairly common usage of this component in a number of different malware bundles.

The scale of the infection was quite large. In November, we started to see a significant number of infections. For example, in one network on a single day, we saw 313 infected computers out of a population of 150K. This indicates that roughly one in every 500 computers is infected with some variant of malware that is using this command and control protocol.

Infected computers actively communicating with peers on the Internet.

Bookmark and Share

Kindsight Launches Offering for Mobile Operator Security Services

02/27/2012
posted in:

Today, we introduced Kindsight Mobile Security to provide protection for mobile networks and devices. The new offering combines network-based malware detection with a mobile device security app that scans for malicious software before it can be installed. With Kindsight Mobile Security, mobile operators are able to offer a value-added security service that more fully protects their subscribers, while giving them the opportunity to increase revenues and reduce churn.

Kindsight Mobile Security Combines Device and Network-based Security for Complete Protection

Bookmark and Share