Last week, Security Researcher Pieter Arntz gave us a comprehensive overview of Mindspark, a marketing company, and its toolbar's ability to lure users into more questionable installs. These files, in return, add more files and greatly modify the affected system's registry.
Senior Malware Researcher Jérôme Segura discussed a recent critical bug on Internet Explorer that allows the drive-by download of malware. Affected versions are from 3 to 11. Fortunately, Microsoft already released the patch to fix this.
Notable news stories:
- WhatsApp rolls out end-to-end encryption using TextSecure code. "WhatsApp partnered with Open Whisper Systems for the launch, using open source code to build in the new features. It's unclear when the features will come to iOS, but just reaching WhatsApp's Android users represents a huge step forward for everyday encryption use." (Source: The Verge)
- The Rise Of The Resilient Mobile Botnet. "Dubbed NotCompatible, the botnet and the mobile malware family that drives it turn mobile devices into TCP proxies that can be used in any number of creative ways, including to send spam, commit click fraud, employ brute-force passwords, and initiate fraudulent ticket purchases." (Source: Dark Reading)
- 87 percent of the top 100 paid iOS apps available as hacked versions. "According to the third annual State of Mobile App Security report from application protection company Arxan Technologies, 87 percent of the top 100 paid iOS apps have been hacked." (Source: Beta News)
- Security Expert Warns Cars Will Always Be Vulnerable to Cyber Attack. "Car manufacturers, software engineers and "white hat" hackers need to work together to thwart the rising threat of cyber attacks on cars, experts in the field said Tuesday at the Connected Car Expo at the Los Angeles Convention Center." (Source: Hollywood Reporter)
- Black Lotus Threat Report Reveals Vietnam, India, Indonesia will Grow Mobile DDoS Attacks in 2015. "While these countries don’t have the necessary bandwidth to launch massive DDoS attacks, the volume of compromised end point devices, such as mobile phones, make them prime sources of new botnets." (Source: Herald Online)
- Attackers trading malware for privilege. "...compromised privileged accounts are at the heart of 80 to 100 percent of the attacks that cybersecurity teams investigate..." (Source: CSO)
- Trojanized Android firmware found on inexpensive handhelds. "Becu, as they dubbed the malware, can download, install and remove software from the handheld with the user being none the wiser. It is triggered into life either by turning on the affected device or via a specially crafted SMS." (Source: Help Net Security)
The Malwarebytes Labs Team