Mar 31 2015

Energy companies around the world infected by newly discovered malware

Researchers have uncovered an ongoing espionage campaign that uses custom-developed malware to siphon confidential data out of energy companies around the world.

Trojan.Laziok, as the malware has been dubbed, acts as a reconnaissance tool that scours infected computers for data including machine name, installed software, RAM size, hard disk size, GPU details, CPU details, and installed antivirus software, according to a blog post published Monday by researchers from security firm Symantec. The attackers then use the data to decide how to infect the computer with additional malware, including versions of Backdoor.Cyberat and Trojan.Zbot that are tailored for the a specific compromised computer.

"The detailed information enables the attacker to make crucial decisions about how to proceed further with the attack, or to halt the attack," Symantec researcher Christian Tripputi wrote. "During the course of our research, we found that the majority of the targets were linked to the petroleum, gas and helium industries, suggesting that whoever is behind these attacks may have a strategic interest in the affairs of the companies affected."

Read 2 remaining paragraphs | Comments

Mar 31 2015

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Original release date: March 31, 2015

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 37
  • Firefox ESR 31.6
  • Thunderbird 31.6

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and Thunderbird and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Mar 31 2015

Massive denial-of-service attack on Github tied to Chinese government

The massive denial-of-service attacks that have intermittently shut down Github for more than five days is the work of hackers with control over China's Internet backbone, according to two technical reports published Tuesday that build a strong case that government authorities are at least indirectly responsible.

Github officials have said the torrent of junk data pummeling their servers is the biggest they have ever seen. As previously reported, the two Github pages are constantly loaded and reloaded by millions of computer users inside and outside of China, an endless loop that left unmitigated outages not just on the two targeted pages but throughout Github's entire network. Exhibit A in the case in which China is involved are the two specific Github pages targeted: one hosts anti-censorship service GreatFire.org while the other hosts a mirror site of The New York Times' Chinese edition. The targets suggest the attackers are sympathetic to the vast censorship apparatus known as the Great Firewall of China.

Now researchers have unearthed additional evidence implicating China that goes beyond motive. Specifically, the computers hammering Github servers are all running a piece of malicious code that surreptitiously makes them soldiers in a massive DDoS army. The JavaScript gets silently injected into the traffic of sites that use an analytics service that China-based search engine Baidu makes available so website operators can track visitor statistics. About one percent of people visiting such sites don't receive the true Baidu analytics JavaScript but instead get code that forces their browser to constantly reload the two targeted Github pages.

Read 5 remaining paragraphs | Comments

Mar 31 2015

New reconnaissance threat Trojan.Laziok targets the energy sector

A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.

続きを読む