On June 23, Jakob Nielsen posted an article declaring that password masking on the user interface is more harmful in terms of usability than helpful to the security of an application to which Bruce Schneier, in a June 26 blog post agreed. Both argued that masking the characters when a user enters a password is…
Read MoreCybercriminals once again used the passing of Michael Jackson, the ‘King of Pop,’ a few days ago as an opportunity to go about with their malicious activities and attack innocent users. We spotted an email (see Figure 1 below) about Michael Jackson’s death written in Spanish claiming to be from CNN Mexico. Upon closer analysis…
Read MoreA new ransomware spreading through email is on the loose. On the outset, the worm detected by Trend Micro as WORM_RANSOM.FD may look like a normal mass-mailing worm but further analysis reveals that this comes with a deadly payload. With only a few exceptions (files with .rwg, .dll, .exe, .ini, .vxd, and .drv extensions are…
Read MoreAside from the new Twitter component we’ve also seen Koobface download a new component with the filename dns.exe, whose main purpose, it seems, is to modify the system’s DNS registry settings. It is accomplished by inserting 213.174.139.72 (IP of the rogue DNS server) into the values of NameServer and DhcpNameServer found in the following registry…
Read MoreRecently, we came across JS_VIRTOOL which uses certain Javascript techniques so that encrypted code may not be decrypted and analyzed by a malware analyst. Here is how this is done: It retrieves the URL where the malicious script is located. It retrieves its own function and adds the string of the URL. It computes the…
Read More