Archive for December 17th, 2012

Necurs Rootkit – Infected over 80,000 PCs in November

Once the Necurs rootkit infects a machine, it can hide itself from the operating system, download additional malware and stop security applications from functioning.

http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx

http://www.darkreading.com/risk-management/167901115/security/attacks-breaches/240144203/necurs-rootkit-spreading-quickly-microsoft-warns.html

QUOTE:  Necurs is a prevalent threat in the wild at the moment – variants of Necurs were reported on 83,427 unique machines during the month of November 2012. Necurs is mostly distributed by drive-by download. This means that you might be silently infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole. So what does Necurs actually do? At a high level, it enables further compromise by providing the functionality to:

1. Download additional malware

2. Hide its components

3. Stop security applications from functioning

In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs family write-up for the full details.

Trend Labs – 2013 Security predictions

Some key vectors for attack next year have been identified by Trend Labs

http://blog.trendmicro.com/trendlabs-security-intelligence/observations-on-the-evolution-of-cyber-tactics-in-2013/

QUOTE:  A dramatic shift in the modus operandi of cybercriminals will occur in 2013. I predict five major shifts in attack vectors:

  1. Man-in-the-browser attacks will flourish as automated transfer system attacks become mainstream due to the advent of mobile banking. Inserting nano-ware into the browser allows for criminals to bypass two factor authentication and thus insert themselves into the encrypted channel. This was seen with the Automatic Transfer System module for Zeus and SpyEye.
  2. Watering hole attacks will grow in popularity as polluting trusted websites is a far better targeted attack methodology than targeting individual users.
  3. Mobile malware will metastasize and become more insidious and automated to include proximity attack capabilities.
  4. Cross platform attacks like Jacksbot will become mainstream.
  5. Hypervisor attacks on cloud infrastructures will begin in earnest, in order to move closer to data.

As the modus operandi of cybercriminals evolves, so must our defense in depth strategy. Cybersecurity investments must shift towards continuous monitoring and advanced threat protection if we are to civilize cyberspace and sustain Web 3.0. If we build it they will come, but they will not all be righteous.  To find out more about our 2013 predictions, check our predictions document titled Security Threats to Business, the Digital Lifestyle, and the Cloud.