Archive for January, 2011

Online banking trojan (Carberp) developing fast

Posted in IT Security on January 23, 2011 by cobra

Trojan construction kit Carberp, which first emerged in the autumn, appears to be undergoing rapid development, according to reports from sources that include security services provider Seculert. F-Secure analyst Toni Koivunen is already calling it the rising star of the banking trojan world.

Where the first versions of Carberp were very simple in their construction, newer versions are equipped with a pretty impressive list of features. It now runs on all versions of Windows, including Windows 7, where, according to TrustDefender, it is able to do its work without requiring administrator privileges. Technically, this is not particularly remarkable – user privileges are, for example, sufficient for it to register as a browser extension. This would allow a trojan to read and modify even encrypted online banking traffic by means of a ‘man-in-the-browser’ attack.

Please enter the 2 links below to read the full report on Carberp’s development.

http://www.trustdefender.com/trustdefender-labs-blog-carberp-a-new-trojan-in-the-making.html
http://blog.seculert.com/2011/01/new-trend-in-malware-evolution.html

Google warns users of hacked web sites

Posted in IT Security on January 1, 2011 by cobra

First of all, A happy 2011 for all. I hope this year can bring everybody all the success and happiness they are seeking. 🙂

The following article has been taken from http://www.h-online.com

Google has started warning users when they are about to visit web sites which may have been hacked. Google has long warned users when search results include sites which spread malware and now plans to detect web sites which may have been hacked, without the owner’s consent, for purposes such as phishing or spamming.

Google advises exercising caution when visiting suspicious web sites and says that they should only be visited using the latest browser version and with fully patched versions of Adobe Reader and Flash Player. Users should be careful with personal data when visiting such sites.

Google says it will contact owners of web sites which appear to have been hacked via contact email addresses and via their Webmaster Tools account if they have one. An emergency plan, which allows victims to prompt Google to reassess their sites more quickly after clean-up, is also available.