19th
What’s old is new again in malware
http://www.connectitnews.com/canada/story.cfm?item=5396
MX Logic, a managed security service provider (MSSP), has noted two incidences where malware writers are starting to re-use old tricks with some new ones to evade detection and remediation.
The first incident uncovered by the MX Logic Threat Center involved a virus targeting the Master Boot Record (MBR) of a PC, a tactic that hasn’t been revised in over ten years. However, virus attackers are also including a rootkit that makes this malware very difficult to detect and remediate.
These MBR rootkit viruses start when a computer’s BIOS activates its master boot code before the operating system loads rather than attaching itself to Windows device drivers as it is traditionally done. These rootkits still remain on computers even after the operating system has been reinstalled.
According to MX Logic, the only way to rid infected PC’s of these rootkits is to download a Microsoft utility executable file called “fixmbr” that will restore the MBR, but reminds users that this is a one-time fix and won’t protect them from similar attacks in the future.
The second incident that the MX Logic Threat Center reported was the use of drive-by pharming attacks. It was the first time that MX Logic noted this threat but pharming attacks have been around since 2004, mostly limited to manual execution of individual spooled web sites.
Drive-by pharming automates this process by manipulating the Domain Name System (DNS) settings on routers and wireless access points that are still using the default password. Therefore, all home and business users with that default configuration are susceptible to attack. In the example reported by MX Logic, customers of a popular bank in Mexico were directed to a malicious site after their DNS settings were unwittingly modified.
“The MBR rootkit and drive-by pharming clearly represent a trend of next-generation attacks utilizing known techniques combined with unknown infiltration tactics that are more malicious and stealthy than any malware previously recorded,” stated Sam Masiello, director of threat management at MX Logic. “We have officially crossed the threshold from superficial, insipid hacking techniques to professionally designed, manipulative tactics which are financially motivated.”
He added that individuals and companies conducting business online need to be aware of their vulnerability to these types of attacks which can happen without their knowledge, and need to proactively protect themselves from falling victim to them.
To detect and prevent threats such as the MBR rootkit and drive-by pharming attacks, MX Logic recommended that organizations consult with their trusted security advisor who can identify and deploy a managed web security product such as MX Logic Web Defense Service that provides an effective first line of defense at the network perimeter. Managed security solutions are a cost-effective, highly reliable tool that deploy easily with no added hardware or software expenses and benefit the user with increased employee productivity, decreased costs, reduced network and storage costs and diminished corporate liability.
