Video: New Banking Trojan Caught Breaking CAPTCHA

by Christopher Brook

A new banking Trojan variant can bypass CAPTCHA, as demonstrated by a video posted today by security firm Websense on their Security Labs blog.

Once downloaded to the machine, Cridex, a data-stealing Trojan, will track content from various web forms. Cridex also downloads a ‘spamming module’ to the infected machine that enables the botmaster to send malicious e-mails to boost infection rates. This module, as shown in the video, utilizes a CAPTCHA-breaking server that helps the botmaster circumvent any CAPTCHA after a few tries, allowing the attacker to create a new Yahoo e-mail account.

The CAPTCHA attempts are sourced from a series of challenge images (embedded in HTTP) that have been gathered from the e-mail registration form and uploaded to the remote CAPTCHA-breaking server.

For more on the methods used by Cridex and the exact steps of the CAPTCHA-breaking process, head to Websense.

Recommended Reads

• Malware Writers Use Block Cipher in Latin America
• Ramnit Worm Evolves Into Financial Malware
• Financial Services Industry Report Urges Rethink on Malware

Source: http://bit.ly/AB6Bcg via @threatpost

Protecting Data Is Not a Black and White Issue

Data protection is more nuanced than simply allowing or denying access. The ages-old concept of group and individual permissions for file and folder access are based on the fact that one person may have no business opening a given file, while the next person may need to read and review that same file as a function of their role. This same type of control is needed when it comes to allowing data to be printed, or stored on an external drive or USB flash drive.

Because protecting data is not a black and white issue, the solution needs to be more flexible than simply blocking or allowing access. Zecurion’s Zlock gives IT admins the ability to apply fine-tuned controls that prevent the unauthorized copying and storing of data without impeding legitimate, authorized use of removable media at the same time. Just as one person may have no business opening a file that another person needs to do their job, one person may have no legitimate business purpose for storing data on removable media, while the next person may need that capability to perform their job function. A solution that simply locks down USB ports is like killing a housefly with a hand grenade, and applies too broadly to provide functional data protection.

Zlock takes it a step farther, though. Jim may have a business need to store sensitive data on a removable drive, but you don’t need to grant blanket permission to Jim. You can still set up controls in Zlock that let Jim store data on a USB flash drive, but only if the data is encrypted. In fact, IT admins can configure Zlock to only allow Jim to store data on a specific brand of company-issued flash drives, or even a specific hardware ID of an individual USB flash drive issued to Jim. That way, data is protected, and the flow of sensitive data is controlled, but Jim is still able to do his job without having to jump through any additional hurdles.

Article Source: http://goo.gl/5czex

Phishing Attacks Can Happen On Your Mobile Phone Too

A few years ago most of the general public had never even heard of a phishing attack. These days it is better known. While still not a general knowledge question it has been exposed a little bit more by the media and web safety outfits. But just because the problem has seen a little bit more daylight does not mean that it has gone away. No, the problem of phishing attacks is still with us. And while that is still very much a problem, the bigger problem is that now it is starting to move to a new medium.

The mobile phone is becoming more and more the popular choice to surf the web. What better way to waste time than to surf the web while you are on the go. It is because of this activity that you are starting to see more web sites optimize for smaller screens. But it is not only the legitimate web sites that are focusing on the phone. The criminal web sites are as well.

Surfing the web on your mobile phone is no longer a time when you can have your defenses down. In the past when people would surf the web on their mobile phones they pretty much knew that the attacks that were directed at users of Windows and Apple computers could not hurt them. That is no longer the case. Hackers know how to code for the phones now. But it is the web based attacks like phishing that can hurt you no matter what platform you are on.

What is a phishing attack?

A phishing attack is when one web site pretends that it is another. A victim will go to that web site, thinking that they are safe but instead they are really giving up all of the information that they type in that site.

And that is why a phishing attack works on any platform no matter if it is your desktop or your phone. It is strictly a web based attack to obtain information. No matter how you give them the information it is still going to work. The platform of how you give them the information is secondary.

If you want to be able to avoid a phishing attack then the easiest way is to make sure that you pay attention to the web address of the site that you are on. Also, if you get an email and it says to click a link to go to the web site, instead just type the name of the web site in. Then you know exactly what site you are going to.

Source Article: Security-faqs