Friday, April 20, 2012


Hotel Front Desk Systems Targeted with Malware
Recent reports highlight the growing threat of malware specialization. Rather than taking a shotgun approach, malware designers are targeting specific situations for greatest impact. Web Browser security developer Trusteer found an advertisement on a black market forum for a custom malware designed to infect hotel front desk computers and steal customer credit cards.
Hello all, I’m offering Hotel RATs. In other words: A virtual skimmer.
Benefits of a Hotel (Remote Access Trojan Connection) is an infected front desk computers on which the hotel has its software that reads the number on the cc and spits out the information on the screen and it’s keyloggable if you keylog every stroke. 
I’m offering this method for $280, guaranteed US/Canada/UK connections and a method on how to obtain them on your own. From showing you how to setup your RAT (which includes a free crypt – fully undetectable to all Antiviruses) along with selling you the tutorial on how to Social Engineer/Manipulate the front desk manager on the phone via VoIP. 
I can prove my legitimacy and the accuracy of this method. PM me if you are interested.


My view:

Much has been made of the author's claim to be able to bypass all Anti-viruses, as if this was a new and alarming chapter in the ongoing cyberwar. Truth is,  bypassing AV isn't new or particularly difficult. PSC regularly makes use of the ability to bypass all modern AV engines in the course of our pen tests. Anti-virus and malware detection should be considered only one part of a multi-layered approach to system hardening and protection.

Ideally, Point of Sale (POS) systems should be dedicated, with no additional functionality. It's critical to reduce the attack surface and adding web browsing, email, and other software only increases the number of vectors and risk to customer data. If it's critical for the systems to have multiple uses, consider using the following controls to limit your exposure:

Application Whitelisting, such as with Bit9's Parity (http://www.bit9.com/products/index.php), will limit what software can execute on the POS systems. If web browsing is critical, the Browser Sandboxing/Virtualization from Vendors such as invincea (http://www.invincea.com/the-comprehensive-solution/) or Trusteer (http://www.trusteer.com/product/trusteer-rapport) can prevent malware from executing at the operating system level. Finally, Full Disk Encryption is a necessary to prevent local users from disabling the other controls put in place. McAfee Endpoint Protection (http://www.mcafee.com/us/products/data-protection/endpoint-encryption.aspx) for the Enterprise or TrueCrypt (http://www.truecrypt.org/docs/?s=system-encryption) for smaller environments are possible solutions.

The final, and perhaps the most critical security control, is User Education. The malware author makes a point to sell a tutorial on social engineering, because without it his software is useless. Malware takes advantage of a user's inattention and lack of education. Properly train your end-users to be suspicious and require verification from whom they're receiving emails and files.

Tuesday, April 17, 2012

Apple OSX is finally encroaching on well established Windows territory: Viruses

Hot on the heels of Flashback, reports are circulating of another Mac-specific trojan. The new Trojan, called ‘Backdoor.OSX.SabPub.a’ uses a similar Java exploit as Flashback to infect the Mac computers via Microsoft Office docs. This new threat is a custom OS X backdoor, that once activated, connects to a remote website in command and control fashion to fetch instructions. The backdoor contains functionality to make screenshots of the user’s current session, download files and execute commands on the infected machine.


IMHO

Mac users have enjoyed a prolonged period of relative safety, but as the Cupertino operating system gains traction in the workplace, hackers begin to see it as a viable alternative to hacking Windows. However, the last few established attacks have taken advantage of ancillary software, such as Java, Adobe Reader and Microsoft Office, not the base OS. This means that in addition to operating system patches, all other applications should be included in your regular patching cycle. Products like Secunia's Corporate Software Inspector (http://secunia.com/vulnerability_scanning/) and VMWare's System Center Configuration Manager (http://shavlik.com/start-now.aspx) support, Windows, Linux and OSX and provide patch management for all installed software.

Adding anti-virus to a Mac has been historically an unneeded processor overhead but is now a necessity. Standalone products like Avast! (http://www.avast.com/free-antivirus-mac) and ClamxAV (http://www.clamxav.com/) are good solutions for small offices and home users, but lack the tracking and reporting capabilities necessary for the Enterprise. McAfee Virus Scan for Mac (http://www.mcafee.com/us/products/virusscan-for-mac.asp) integrates into their System Center Configuration Manager McAfee ePolicy Orchestrator (ePO) platform for full accountability and risk management. The Symantec AntiVirus for Macintosh Corporate Edition has similar capabilities.

In summary, Apple OSX has grabbed a greater share of both the corporate and hacking worlds and must now be fully integrated into your Patch Management policies and procedures.