The latest news in malware has been the recent Kaspersky Labs discovery of the sophisticated attack toolkits named Gauss. Headlines also include reports of the Zegost RAT being served by compromised Nepalese government websites. However, the majority of the malware samples received the last couple of weeks have been related to the Blackhole Exploit Kit.

The Solutionary SERT research team has been tracking this issue for some time and our public reports up to this point have been relatively high-level. If what we’ve observed over the past few weeks is any indicator, Blackhole will not be going away any time soon, and it... read more >

The Solutionary Security Engineering Research Team (SERT) has been receiving a significant amount of malicious emails luring would-be victims to hosts running the Blackhole Exploit Kit.

The emails claim to be related to a rejected wire transfer. SERT has observed that the malicious emails use an embedded hyperlink or an attached HTML file attachment. The hyperlink points to a compromised website, usually running a piece of obfuscated javascript that is decoded as an iframe. The iframe redirects the victim’s browser to a Blackhole landing page that attempts to exploit the victim’s computer and install additional malware such as... read more >

There has been some recent talk about a new mobile malware variant found in the wild. The malware has been identified as Trojan-Spy.AndroidOS.Zitmo. ZitMo stands for “Zeus-in-the-Mobile”.

ZitMo was originally designed to target the Symbian smartphones, with Windows Mobile and Blackberry following later. ZitMo for Android Operating System was first detected in July 2011. This trojan is another variant targeting the Android Operating System and is distributed as an APK with the name “Android Security Suite Premium” through SMS messages.

The purpose of ZitMo is to target the security features of online banking services. Banks use what are called TAN codes (Transaction Authentication Number) with digital signatures as an additional authentication mechanism to authorize the transaction. In some cases, banks send TAN codes via a text message (these are called mTANs, or mobile transaction authentication numbers).

Like... read more >

Ah summer is nearly upon us. Time to get off the PC and enjoy the great outdoors; or maybe just get away from the PC because you just got infected with yet another nasty virus.

If you are a security-minded individual who stays abreast of the latest threats in the wild, you have no doubt read several articles about the Zeus exploit. Zeus (a.k.a. Zbot, PRG, Wsnpoem, or Gorhax, etc.) is a Trojan virus designed to infect a machine and glean sensitive information (e.g., bank accounts, user names, passwords, etc.) from unsuspecting users; usually via malware. Zeus (and similar other exploits) just won't go away, nor will it die any time soon. Malicious individuals and organizations keep modifying this exploit and creating variants to match up with whatever is the flavor of the day. For example, the fake Osama bin Laden videos and images that circulated in mass last week. They know people are going to click those links, so they take advantage.

Everyone knows... read more >