Kindsight Blog

Discussing Identity Theft and Current Online Threats

Attack in Depth: Oddjob and Tatanga

03/31/2011
posted in:

In this “Attack in Depth” post we will take a closer look at two of the latest banking Trojans. Previously we discussed how Zeus would infect your computer to access your bank account. Oddjob and Tatanga are the latest contenders in what is becoming quite a large field of malware focused on stealing your identity and money.

Tatanga

Tatanga is a “Man in the Browser” banking attack that is currently targeting banking customers in Spain, Portugal, Germany and the UK. Like Zeus, the malware attaches to your browser where it can monitor all your Internet activity, including visits to your banking web site. When you visit your banking web site, it steals your account information and password and sends it to the attacker. It can also execute automated transactions, spoof your account balance and grab your e-mail address book, which it then sends to the attacker. Trend Micro reports that it also makes videos (screen captures) of you banking transactions and sends the attacker detailed information on the applications that you have installed on your computer.

Share

Malware Distributed through “Trusted” Android Market

03/11/2011
posted in:

The spread of malware to smart-phones was high on our prediction list for 2011. It now appears that this prediction was bang-on, especially in the case of Android-based smartphones.

It was recently discovered that over 50 Android applications, distributed through the official Android Market, have been infected with DroidDream malware. The malware was downloaded to over 260,000 devices before Google became aware of the problem.

Share

Threats in the News for February

03/4/2011
posted in:

As part of our ongoing Threats in the News series, each month we summarize the more interesting articles we find about online threats. This post is by no means exhaustive and you can find more articles in our Industry News section.

Looking at the Threats in the News for February provides an interesting snapshot of the major vectors of attack that we need to watch out for online. Of course, there were attacks that exploit social networks (Facebook and YouTube) and attacks that capitalize on top news stories or timely events (tax season and Valentine’s Day).

Share

The Need for Enterprise Security Practices in Home Networks

02/25/2011
posted in:

With the number of online threats increasing, it’s not surprising that enterprises spend billions each year to protect their networks, devices and communications. Businesses large and small deploy a number of security products to protect their assets including:

Share

Has Mobile Malware Already Arrived?

02/11/2011
posted in:

The spread of malware to smart-phones was high on our prediction list for 2011. The good news is that it’s now February and except for the Geinimi outbreak in China, we haven’t seen any major outbreaks so far. The bad news is that security researchers keep finding new ways to exploit mobile phones.

Share

Threats in the News for January

02/3/2011
posted in:

As part of our ongoing Threats in the News series, each month we summarize the more interesting articles we find about online threats. This post is by no means exhaustive and you can find more articles in our Industry News section.

While spammers went quiet over the holidays as we explored in our post last week, there was no shortage of attacks in January, including the return of spam with some leveraging the upcoming tax season.

Share

Did Spammers Need a Holiday too?

01/28/2011
posted in:

Did you notice that over the holidays the level of spam dropped significantly? Did spammers decide they need a holiday too? Did you celebrate and think we had finally seen an end to spam?

Brian Krebs at Krebs on Security wrote that the decline actually began in October after Spamit, a Russian affiliate program used to promote Canadian Pharmacy sites, decided to close abruptly because, according to Matthew Schwartz at InformationWeek, it was drawing too much attention.

Share

Attack in Depth: Firesheep

01/19/2011
posted in:

It’s a Saturday afternoon and you’re sitting in Starbucks waiting for a friend. You’ve got your computer out and you’re on Facebook making sure everyone knows about tonight’s party. A guy walks in and sits at the table near the back. He takes out his laptop, connects to Starbucks’ free Wi-Fi and launches Firefox. With a few mouse clicks he starts up Firesheep, the latest Firefox addon, which opens up a sidebar display in the left margin and begins to fill in with information. At the top is your Facebook profile picture and contact information.

Firesheep addon

Figure 1: Facebook user shows up in sidebar

Share

2011 Predictions: The Year of Mobile Malware, finally?

01/13/2011
posted in:

In addition to looking back at the attacks we saw in 2010, here are some predictions for network security trends that will affect consumers in 2011.

Mobile Malware

As smartphones become the device of choice for accessing the Internet, it’s inevitable that they will be exploited by cybercriminals, despite the best efforts of manufacturers and application developers to prevent it. The smartphone culture that downloads “apps” for just about everything is a huge target that will not be ignored by malware developers.

Share

2010 in Review: The Year of the Botnet

01/11/2011
posted in:

While “Year in Review” blog posts are common around this time, we thought it would be valuable to give a network-based perspective on the most common malware of 2010. We took a look at the threats found in the security trials of the Kindsight Service in 2010 and the following observations stood out.

Bots

Many of the serious malware infections in 2010 were associated with bots and botnets. Botnets are collections of infected computers that are controlled remotely by cyber-criminals. Originally botnets were created for a specific purpose such as sending spam, identity theft or DDoS (distributed denial-of-service) attacks. However, in 2010 we saw bots that were designed to provide the cybercriminal with the ability to build designer botnets that were “rented out” to other cyber-criminals for specific purposes (spam, identity theft, DDoS, etc).

Share