Project Sauron, the sophisticated information exfiltration malware, has been spying on government computers and computers at major organizations for over five years.
According to Comodo, to boot, there is a very real possibility that a government-sponsored group is behind it.
Project Sauron—so-called because of the reference to Sauron, the main antagonist in J. R. R. Tolkien’s Lord of the Rings, in its source code—was first detected reportedly on an unspecified government network last September. And like the evil Tolkien nemesis, it appears to be all-seeing: It can be used to steal passwords, encryption keys, configuration files and log stores, plus it logs key strokes and opens backdoors for hackers to take control of a system or network.
“Subsequent probes revealed that the malware was present in many other networks,” researchers said, in a blog. “Project Sauron has been found in the networks of at least 30 organizations. This includes government networks and strategic ones like the networks of military, financial and telecommunications organizations. Reports say that the malware has been detected in an airline in China, an embassy in Belgium, and an unidentified organization in Sweden.”
Comodo noted that Project Sauron uses a strange executable file that claims to be a Windows password filter. Whenever a user would log on or enter a password, this executable would start up, and unlike usual malware, it appears differently on different systems/networks.
“Project Sauron is a malware that’s almost impossible to detect,” the researchers noted. “The malware doesn’t leave behind tell-tale signs like other malware would and thus it becomes rather difficult to identify other infections. The creators of Project Sauron make sure that no two infections are similar and that no two infected systems create the same software artifacts.”
Dr. Web Researchers have warned of a backdoor Trojan targeting US users. The Trojan which is distributed under the name Spy-Agent and identified by Dr. Web as BackDoor.TeamViewerENT.1 uses legitimate TeamViewer components to spy on victims and have in the past targeted European and Russian users.
The Trojan further installs additional malware like keyloggers and form grabbers on infected systems and use them to spy on users. The researchers noted that the Trojan hides itself from users by terminating the TeamViewer process whenever Task Manager or Process Explorer is started and by disabling error messaging in TeamViewer.
To prevent Trojan infections, computer users are advised to:
- Use a robust anti-virus software
- Use firewall
- Ensure software patches are updated
- Ensure proper user-accounts permissions; giving administrative rights only where required.
A browser hijacking malware, Bing.vc is being packaged along with free softwares offered by Lavians. Lavians is a small software vendor that offers different types of softwares for free and for sale.
The malware installs itself into Internet Explorer, Firefox and Chrome and redirects users to unexpected sites.
Users are redirected to the bing.vc site which offers them a solution but trick them into paying for the software.
Uninstalling the application does not solve the problem as the file causing the redirection will remain on the system and windows registry entries created by the malware will still be there to keep the file running. To remove bing.vc, an infected user must remove the registry entries and clean up the browser’s shortcut target in the browser properties.
Aries Security researchers have described how you could fall victim of a video-jacking attack by docking your phone at unfamiliar charging stations.
A device that is hidden in what appears to be a charging station, worth $220 is used for the attack. A device connected to the charging station exposes virtually everything to the attacker. The attacker can see user passwords when entered, all taps and whatever the user is seeing and doing on their device.
Devices vulnerable to this attack includes several Androids, iPhones and other HDMI ready smartphones manufactured by Asus, Blackberry, HTC, LG, Samsung and ZTE.
Cybersecurity firm, Bkav has issued a warning of a spyware lurking in the website operations of several Vietnamese institutions. The spyware, they say is the same one that recently infiltrated Vietnam Airlines as well as two airport information systems. In July, the hackers stole information of over 400,000 Vietnam Airlines members and also took over flight information and loudspeaker systems at two major airports in Vietnam.
The spyware is disguised as an anti-virus, collects passwords and enables remote control of compromised computers.