Kindsight Blog

Discussing Identity Theft and Current Online Threats

Kindsight Launches Security Analytics to Help Service Providers

01/25/2012
posted in:

Today, we launched Kindsight Security Analytics, a new platform for service providers to analyze network traffic for malware and aggregate security statistics onto a single web-based dashboard. The new platform provides unparalleled insights into subscriber infections, enabling Internet service providers and mobile operators to reduce risk within the network and diminish the malicious consumption of network resources.

Kindsight Security Analytics dashboard

Bookmark and Share

The Anatomy of a Phishing Attack

01/19/2012
posted in:

As many of us do, before blindly purging Spam folders, you scan for senders that may have been dumped there inadvertently by the Spam filters. Other than a larger amount of emails that are unreadable for a number of reasons, you don’t notice anything unusual.

But wait, what’s this email from the New York State Department of Transportation - “I am in arrears and that I should follow the embedded link to resolve issues.” Since you were in New York State just weeks before, you pause but click on the link in the email anyway.

DO NOT FOLLOW THESE NEXT STEPS. They are for illustration only.

Thankfully, anti-virus software, in this case AVG, was running and up-to-date on the test laptop because…

AVG catches the malware

Wham-o! The Blackhole Exploit. This email is not from the New York State Department but it’s a phishing attack and AVG detected and blocked the malware.

But what would happen if anti-virus software is not running?

Bookmark and Share

Threats in the News for December

01/13/2012
posted in:

Mobile and identity theft attacks, sometimes combined, top the list of threats in the news for December. While Android malware continues to steal headlines, and not in a good way, we did see a Windows Phone vulnerability make the news last month.

On the identity theft front, Zeus continues to be a major concern and the attacks are getting more sophisticated as it was combined with a DDoS attack to hide the fraudulent transfers.

Bookmark and Share

2012 Predictions for Mobile Malware and Botnets

01/6/2012
posted in:

Last year we looked into our crystal ball to make some predictions for 2011, including mobile devices and Macs becoming the target of malware and the expansion of banking trojans. All of these came true so we are going to put our perfect record on the line and make some new predictions for 2012.

While mobile malware grew substantially in 2011, most of the attacks lacked sophistication and the ability to make money for the cybercriminals. We see these mobile attacks evolving considerably in 2012, especially for the Android platform.

We also saw the takedown of DNSChanger in 2011 but believe that this is only the tip of the iceberg and expect even more and stealthier botnets in 2012 while also seeing a more coordinated effort to try and stop the growing botnet issue.

Bookmark and Share

Was Mobile Malware a Problem in 2011?

12/21/2011
posted in:

Last year, we predicted that mobile malware, particularly on the Android platform, would be one of the major trends in 2011. As the year draws to a close, we wanted to check to see if our crystal ball was accurate in this prediction.

In November, Juniper reported a 472% growth in Android samples since July 2011, a stat that speaks for itself. But, Chris DiBona from Google responded on his blog saying that “No major cell phone has a ‘virus’ problem in the traditional sense…” and that “virus companies are playing on your fears”.  So who’s right?

In 2011, Kindsight added signatures to our platform that detects the network behavior of Android and other mobile malware.  These signatures typically detect the command and control protocol used by the malware to “call home” to report stolen information and wait for instructions.

Looking at the results from Kindsight deployments, we have seen a significant increase in Android infections from our network-based malware detection systems. As shown below, there was a 4x increase in the last 3 months (early Sept to late Nov), which appears to confirm the report from Juniper.

Android infection graph

Bookmark and Share

DNSChanger Changes the Game

12/15/2011
posted in:

The recent takedown of the DNSChanger botnet was easily the biggest to date. This botnet consisted of over four million infected computers worldwide with half a million in North America alone and generated over $14 million in fraudulent Internet advertising revenue over the past 5 years.

With this attack, the configuration of infected computers had been modified by malware to point to rogue DNS servers, now under the control of the FBI. The irony is that although the DNSChanger threat has been neutralized, Internet access for the infected computers will be disrupted when the rogue DNS servers are decommissioned in March and millions of angry users will be calling the help desk to ask what went wrong with their Internet connection. This has left many Internet service providers with a bit of a conundrum.

Bookmark and Share

Threats in the News for November

12/14/2011
posted in:

The big news in November was the takedown by the FBI of the DNSChanger botnet, which consisted of over four million infected computers worldwide that generated over $14 million in fraudulent Internet advertising revenue over the past 5 years for the cybercriminals.

While this is one of the biggest cybercrime takedowns, it is unfortunately just the tip of the iceberg for online attacks in terms of what consumers face. In November, some of these other attacks include fake anti-virus, exploits against plug-ins like Java, and Trojans distributed on social networks, among many others.

Bookmark and Share

AdMob Ad Revenue Hijacking

11/22/2011
posted in:

The AdMob advertising system by Google allows mobile app developers to monetize their applications through targeted advertising. As part of the ongoing research by Kindsight Security Labs, we wondered if the techniques used by malware authors to insert their malicious code into legitimate apps could be used to hijack this interface and steal ad revenue from the original app developers. Our tests have proven this to be true.

Bookmark and Share

Threats in the News for October

11/15/2011
posted in:

Mobile malware continued to be a top story in October even though there were some reports that claim it fails to make money for the cybercriminals. However, other news items highlight how premium-rate SMS Trojans are being used in attacks and other mobile malware seems to be “testing” new techniques, such as updates and QR codes.

PC-based malware doesn’t have any issues making money for the hackers. In October, we saw PayPal accounts being sold for 8-12% of the balance available for higher in-credit accounts and the Zeus Banking Trojan continuing to evolve and become more sophisticated.

Bookmark and Share

Introducing Kindsight Security Labs

11/9/2011
posted in:

Today, we introduced Kindsight Security Labs, a team of security experts with strong backgrounds in malware analysis and network-based intrusion detection. Kindsight Security Labs logoAs an active member of the security community, Kindsight Security Labs will now publish their security research related to the different types and volume of malware detected by the Kindsight Security Service as well as emerging threats across the Internet.

Bookmark and Share