Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Web exploit figures out what OS victim is using, customizes payload

  • 11-07-2012 2:11am
    #1
    Closed Accounts Posts: 1,455 ✭✭✭


    Different versions of trojan infect machines running OS X, Windows, or Linux.
    Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform.


    The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform.
    Rare AutoCAD worm lifted blueprints from Peru, sent them to China

    Security watchers have discovered a worm that targets drawings created in AutoCAD software for computer-aided design (CAD).


    Tens of thousands of drawings have been swiped using the malware, which is likely to have been designed for industrial espionage, according to antivirus firm Eset. The worm, dubbed ACAD/Medre.A, steals files and sends them to email accounts located in China. ESET said it had worked with Chinese ISP Tencent, the Chinese National Computer Virus



    Emergency Response Center and Autodesk – the creator of AutoCAD – to stop the harvesting of drawings by blocking email accounts associated with relaying stolen data. Business users in Peru were the main victims of the attack.

    Sneaky, wonder what's up with all the south American Targets?


Comments

  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    Said "web exploit" is someone running the Social Engineers Toolkit, as confirmed by its author - Dave "rel1k" Kennedy. Nothing new, just metasploit payloads.

    As for the AutoCAD worm, that is a LOT more interesting.

    And finally, South America has a massive cybercrime economy, and even has its own localized banking malware in Delphi doing the rounds. Just we never hear about it as it is not the US/EU :)


  • Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    What is it about malware writers and Delphi?


  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    gerryk - Delphi is so common among malware writers for a few reasons: easy learning curve, fairly powerful as a language, and because most of the examples by Aphex and other guys who made massive advances in the field of trojans are in Delphi. p0ke, aphex, cswi, and others all released PoC code in Delphi, along with full blown remote admin tools. Remember, the RAT guys were always a bit ahead of botnet developers. (trojanforge, swerat, ic0de, opensc... all those places are known for Delphi programmers, along with delphibasics being ran by RAT programmers)

    There is also the fact there are a load of Delphi projects (i.e. malware projects) out there that are open source, and most of the time what I come across is simply ripped code from someone else.

    Finally, delphi pisses off the AV guys who have to disassemble it as it produces messy output :P


  • Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    Ah right. I was always intrigued by this, as personally, I find Pascal an abhorrent thing, and Pascal with OO stuff bolted on can't be much better.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭Capt'n Midnight


    https://panopticlick.eff.org/ - your browser will reveal lots about your OS

    would corporate images be similar such that you wouldn't try to download unless you had a probable match with intended victim ?


  • Advertisement
Advertisement