Spyget > TrustedSource - Blog - Dumb Malware Authors Cause More Damage Than ...

[Secure Computing Corporation - TrustedSource Blog] Next this malware sends the information to a remote SQL database. Nothing new to see here because password-stealing trojans have been around for several years, but what struck me in this case is that the malware author didn’t think about protecting the information he gathered (stole), since all the credentials to access the remote database are hardcoded inside the malware.

Previous [Previous] TG Daily (c) - Microsoft to launch free anti-malware softwa...

Next [Next] Malware issue....

Some related posts from Technorati and Google.

[The Linux Blog] Removing DNSChanger Trojan (DNS hijacking and copy-book.com virus ...: Use the step if after reboot the trojan DNSChanger still there when you scan with Malwarebytes Anti-malware again. If you have a home network or other DNSChanger infected machines using the your router, you should clear them with the above steps.

[McAfee Avert Labs] What Have We Learned From Past Virus Infections?: Administrators routinely attend to distress calls from users whenever they have an issue with their machines. By habit, the admins tend to log onto the affected workstation using their own accounts””which have domain-administrator privileges.

[Latest Blog Entires From WebSense Security Labs] How Malware Expands A Phishing Network - Security Labs Blog: Most of them are of compromised Web sites, and we see compromised Web sites used for Malware purposes a lot lately -- more than ever. The fact that sites can be created dynamically, like we presented, and virtually everywhere, really makes one realize how dynamic URLs can be, and that static URL categorizations are obsolete.

[CERT Announcements] The Use of Malware Analysis in Support of Law Enforcement: 2007-07-19T08:41:43-04:00 PScript5.dll Version 5.2.2 2007-07-19T08:41:43-04:00 application/pdf Microsoft Word - malware-7-07.doc erd uuid:99d46410-50ce-4ff1-ba85-2b5f3c866b2a uuid:8eb38230-b245-4f33-b98f-26bbccf0836e

[Infosec Update] Optimised to Fail: Card Readers for Online Banking: Criminals could even install a compact GSM module into the CAP for sending back information in real-time. The police have already found Chip & PIN terminals that have been tampered .

[A Unix System Administrator's Blog] Removing DNSChanger Trojan (DNS hijacking and copy-book.com virus): based on a list of hardcoded credentials, consisting of the web interface URLs to popular routers - such as from vendors D-Link, Linksys and others -, and their default user names and passwords. This poses a great security risk for those users that do not change their router’s factory default settings.

[This and That] This and That » Blog Archive » Black Hat DC 2009 trip report: The new vulnerability that Benham discussed is actually a problem with the way that sites utilize https.  Many sites that require user authentication have homepages served over http with a login form where users put their login and password information.  When the user clicks submit, an HTTPS POST is performed so that the credentials are secure while in transit to the server.  However, if an attacker can intercept the initial page while it is being served to the user and rewrite the POST https url to an http url that he controls, the attacker can steal the credentials.  Benham wrote a tool called sslstrip that performs this attack and goes a step further and also proxies the https POST so that the victim has no indication that he was attacked.

Reflected tags on Technorati: Blog, ,