Don
Beta Bot malware blocks users anti-virus programs
The FBI is aware of a new type of malware known as Beta Bot. Cyber criminals use Beta Bot to target financial institutions, e-commerce sites, online payment platforms, and social networking sites to steal sensitive data such as log-in credentials and financial information. Beta Bot blocks computer users’ access to security websites and disables anti-virus programs, leaving computers vulnerable to compromise.
Beta Bot infection vectors include an illegitimate but official looking Microsoft Windows message box named “User Account Control” that requests a user’s permission to allow the “Windows Command Processor” to modify the user’s computer settings. If the user complies with the request, the hackers are able to exfiltrate data from the computer. Beta Bot is also spread via USB thumb drives or online via Skype, where it redirects the user to compromised websites.
*
Figure 1, Beta Bot “Windows Command Process” message box
http://www.ic3.gov/media/2013/130918.aspx
The FBI’s Internet Crime Complaint Center (IC3) has published an alert to warn users about a relatively new piece of malware dubbed Beta Bot. Beta Bot is mainly used by cybercriminals to steal personal and financial information. Social media sites, e-commerce sites, banks and online payment platforms are the main targets.
What’s interesting about this threat is that it’s designed to disable antivirus applications, and block users from accessing security websites that might help them clean up the infection.
Beta Bot is distributed via various methods, including USB drives or via Skype (users are redirected to malicious websites). The infection can start with a legitimate-looking fake User Account Control window which requests permission to allow “Windows Command Processor” to make changes to the system. If the victim complies, the attackers gain access to their system.
The FBI advises users not to authorize Windows Command Processor to make any changes to the system in case they see a pop-up window such as the one presented in the screenshot.
Red More...
http://news.softpedia.com/news/FBI-Warns-of-Beta-Bot-Malware-384815.shtml
New Commercial Trojan #INTH3WILD: Meet Beta Bot
Categories: #inth3wild,Fraud Intelligence,FraudAction
By Limor S. Kessem, Cybercrime and Online Fraud Communications Specialist, RSA
It appears that a much anticipated event has finally transpired in the cybercrime arena, with the release and active sale of a new commercially-available Trojan family that has begun around January this year, circulating under the name Beta Bot.
RSA researchers have recently come across samples of this user-mode rootkit, analyzing its behind-the-scenes infrastructure. Beta Bot actually started out as an HTTP bot[1] and not a banking Trojan, but it has since evolved, donned a trigger list, and was repurposed for financial fraud that includes targets such as banks, ecommerce and even Bitcoin wallets.
According to research performed by RSA it was inferred that Beta Bot (alias: Troj/Neurevt-A) is not the creation of an amateur. The malware is a persistent Ring-3 rootkit with layers of anti-security protection (such as not executing within virtual machines, thus avoiding sandboxes), AV-disabling features, and even a DNS redirecting scheme to isolate bots from security-themed online resources, including RSA’s official website.
Examining the Features of Beta Bot
Read More...
https://blogs.rsa.com/new-commercial-trojan-inth3wild-meet-beta-bot/
FBI Warning on “Beta Bot" Malware (2013)
- FBI - Google Search
- FBI
- Infosecurity - FBI Issues New Warning on Old Malware: Beta Bot
- Internet Crime Complaint Center (IC3) | Beta Bot malware blocks users anti-virus programs
- FBI: “Beta Bot” malware kills your anti-virus and steals data
- FBI warning Beta Bot - Google Search
- FBI warning Beta Bot - Google Search
- FBI warning Beta Bot - Google Search
- FBI Warns of Beta Bot Malware
- New Commercial Trojan #INTH3WILD: Meet Beta Bot » Speaking of Security - The RSA Blog and Podcast
- Virus info Linux and Windows
- trinity - Google Search
- DonsDeals: BBC NEWS | Programmes | Click | BBC team exposes cyber crime risk
- DonsDeals: Updated Conficker Ropes Victims into Rogue Antivirus Scam
- DonsDeals: Jotti's malware scan
- DonsDeals: Free Agent: Linux Firewalls and Antivirus--Needed or Not? - PCWorld
- DonsDeals: Immunet v2 update on the way: adds multi-engine malware and virus scanning to cloud-powered core
- DonsDeals: The first Linux botnet? | ITworld
- DonsDeals: PC Hell: Free RootKit Removal Tools and Software
- DonsDeals: Trinityhome : New TRK 3.4: easier than ever before
- DonsDeals: Conficker Worm Called An Epidemic
- DonsDeals: Setting up Avast Antivirus to Protect your Windows PC...
- DonsDeals: VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!
- DonsDeals: M86 Security Finds URL Filters Anti Virus Scanners Ineffective
- Jotti's malware scan
- VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines!
- DonsDeals: Probably the Best Free Security List in the World
- DonsDeals: Re: Viruses now penetrating deeper | Tech News on ZDNet
- DonsDeals: Avast! AntiVirus For Both Window and Linux Home Edition
- remove sasser virus - Google Search
- remove sasser virus - Google Search
- wine gecko - Google Search
- crafted.win32file.ols - Google Search
- DonsDeals: Best Free Rootkit Scanner/Remover
- DonsDeals: New Kneber Botnet Tied To 75 000 Systems
- DonsDeals: Facebook Users Targeted By Fake Virus Alert
- Clam AntiVirus
- avast! Linux Home Edition
- ClamWin CD/USB - HowTo
- Free Antivirus for Windows - Open source GPL virus scanner
- WinPlanet Downloads for Windows Desktop Utilities
- DonsDeals: Download Comodo System-Cleaner
- DonsDeals: Firewall & Antivirus Software Suite - Internet Security | Comodo
- DonsDeals: Free Desktop PC Security - Free Downloads Keep your PC Safe | Comodo
- Trojans - Google Search
- Trojan horse (computing) - Wikipedia, the free encyclopedia
- worms computer - Google Search
- Computer worm - Wikipedia, the free encyclopedia
- rootkits computer - Google Search
- How to Detect Rootkits on a Computer | eHow.com
- Rootkit - Wikipedia, the free encyclopedia
- trojans computer - Google Search
- Trojan - Trojans and Viruses in Computer Networking
- Download System-Cleaner
- Comodo - Google Search
- Firewall & Antivirus Software Suite - Internet Security | Comodo
- DonsDeals: There are Viruses, Trojans, Worms and Rootkits, that can infect a Linux OS
- DonsDeals: Probably the best free security list in the world
- Remote PC through VPN Access - Secure Remote Access | Comodo
- News | VirusBlokAda
- online virus scan file upload - Google Search
- VirusTotal - Free Online Virus, Malware and URL Scanner
- Antivirus scan for 5cb14d0745d7b09bcbeba3114cc06c5f at UTC - VirusTotal
- trojan.tdss-7762 - Google Search
- Clam AntiVirus
- New Linux Rootkit Emerges | threatpost
- CrowdStrike: HTTP iframe Injecting Linux Rootkit
- The Rootkit Hunter project
- Lynis
- Unhide homepage - Welcome
- Google Translate - http://www.chkrootkit.org/download.htm
- klamav - Google Search
- KlamAV - ClamAV for KDE | Free Development software downloads at SourceForge.net
- KlamAV GUI Screen Animation
- KlamAV
- Download RogueKiller (Official website)
- RogueKiller - CNET Download.com
- avast! blog » Linux Trojan “Hand of Thief” ungloved
- Hand of Thief malware could be dangerous (if you install it) - TechRepublic
- Hand of a Thief malware targets Linux users’ bank accounts | Apps and Software | Geek.com
- Linux Today - Hand of a Thief malware targets Linux users' bank accounts
- Linux Virus - Google Custom Search on DonsDeals Blog
- DonsDeals: CrowdStrike - HTTP iframe Injecting Linux Rootkit (Vrius info)
- DonsDeals: TDL4 MBR Rootkit Virus Alureon TDSS Removal by Britec - YouTube
- best secutriy list - Google Custom Search on DonsDeals Blog
- best security list 2013 - Search on DonsDeals Blog
- DonsDeals: Privacy = Security and Security = Privacy...
- Search results for Gizmo's Freeware website
- Probably the Best Free Security List in the World
- DonsDeals: Probably the Best Free Security List in the World - Updated 28. August 2012
- Best Security List - Google Custom Search on DonsDeals Blog
- DonsDeals: Linux users be Aware of this Trojan - Hand of Thief malware could be dangerous (if you install it) - TechRepublic
- Virus Software and How To's
- Virus Effect Remover | Download Virus Effect Remover software for free at SourceForge.net
- RegRun Reanimator - free Trojan/Adware/Spyware removal tool - Greatis Software
- Emsisoft BlitzBlank - Removes malware infections that nothing else removes
- Threat Killer - Security Solutions & Information Technology - NoVirusThanks
- Probably the Best Free Security List in the World
- F-Secure Labs
- Easy Clean, Free Virus Removal - Free Download | F-Secure
- How to Use Stinger | McAfee Free Tools
- Free Online Tools
- Virus info on trojan.bat.killproc.a that was on the Dell Inspiron 6000 Laptop
- trojan.bat.killproc.a - Google Search
- How to remove Trojan.Bat.Killproc.A
- Trojan.BAT.KillProc.A [Ikarus] | ThreatExpert Statistics
- Encyclopedia entry: Trojan:BAT/Killav.Z - Learn more about malware - Microsoft Malware Protection Center
- Trojan.BAT.KillProc.A aka Troj/BAT.KillProc-A Characteristics and Removal Instructions
- Troj/KillProc-A - Viruses and Spyware - Threat Analyses - Threat Center - Sophos
- Virus Info
- Operation Bot Roast - Google Search
- FBI DOJ Reveal Operation Bot Roast
- Federal Bureau of Investigation - Press Room - Headline Archives - OPERATION: BOT ROAST‘Bot-herders’ Charged as Part of Initiative
- TREND MICRO - Security Information:
- top virus threats - Google Search
- Virus Threats and Analysis
- CNET Security Center - CNET.com
- Massive Web attack gains momentum | Tech news blog - CNET News.com
- Report Phishing Sites
- reaper computer virus - Google Search
- 25th anniversary of the computer virus? Not so fast | Tech news blog - CNET News.com
- 25th anniversary of the computer virus? Not so fast | The Digital Home - CNET Blogs
- computer virus that infects people - Google Search
- computer virus that infects people - Google Book Search
- RFID Viruses and Worms
- Faculty of Science : Vrije Universiteit
- Secunia reviews - Google Search
-
- Secunia Security Patch Updater
- PSI - Personal Software Inspector - Secunia
- Secunia - Google Search
- Vulnerability and Virus Information - Secunia
- Secunia reviews - Google Search
- Search Advisory, Vulnerability, and Virus Database - Secunia
- avast! Linux Home Edition 1.x - Vulnerability Report - Secunia
- Search Advisory, Vulnerability, and Virus Database - Secunia
- decompression bomb - Google Search
- Zip bomb - Wikipedia, the free encyclopedia
- Know This Term : "Decompression Bomb"
- AERAsec - Network Security - Eigene Advisories
- Boot sector virus repair
- bios virus fix vista - Google Search
-
- Online Virus Scanners
- Online malware scan
- Free Virus Scan - Kaspersky Lab
- online virus scan free - Google Search
- F-Secure Support pages: F-Secure Online Virus Scanner
- Free online antivirus. Download ActiveScan 2.0 and clean your PC. Panda Security
- Free online antivirus. Download ActiveScan 2.0 and clean your PC. Panda Security
- Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro USA
- BitDefender Online Scanner - Free Online Virus Scan
- BitDefender Online Scanner FAQ
- Hbinst.exe - Google Search
- Removing Confounding Conficker
- w32/magistr.a@mm - Google Search
No comments:
Post a Comment