[ General ] 30 November, 2012 11:28

  Piwik is a free software web analytics system written by a team of international developers, and runs on a PHP/MySQL webserver. 

Per Official Piwik Blog Security Announcement:

  Piwik.org webserver got compromised by an attacker on 2012 Nov 26th, this attacker  added a malicious code in the Piwik 1.9.2 Zip file for a few hours.

  You would be at risk only if you installed or updated to Piwik 1.9.2 on Nov 26th from 15:43 UTC to 23:59 UTC.

  If you are not using 1.9.2, or if you have updated to 1.9.2 earlier than Nov 26th 15:40 UTC or from Nov 27th, you should be safe.

 

The victim's info will be sent to hxxp://prostoivse.com/x.php! The malicious code analysis is as following:

 

 

To check if your Piwik is affected, open the file piwik/core/Loader.php, where as a compromised Loader.php would contain the following code at the end of the file:

  

   

Piwik has suggested the following steps to fix this issue. 

- Backup piwik/config/config.ini.php

- DELETE the piwik/ directory

- It is important to DELETE the directory and all piwik files, to ensure any malicious script is deleted as well.

- Download latest Piwik from piwik.org

- Unzip and Upload the piwik/ directory  on your server

- Copy the config.ini.php back in /piwik/config/

- Go to Piwik, it should display the dashboard as expected 

 

In order to prevent malicious connection, we urge our customer to keep WG signature up to date. 

by AegisLab

 

[ General ] 11 January, 2012 11:31

    In 2011, AegisLab found over 14 million unique malwares wordl-wide, most are Trojan types, the ranking #2 is packed/encrypted malwares and the 3rd is porn malwares. Please see the chart below for details:

    

                        Figure 1: Distribution by Types

 

               

                         Table 1: Detailed Distributions

 

by AegisLab 

[ General ] 11 January, 2012 10:54

    Per 2011 AegisLab statistics, we have found 163,769 all new malicious URLs, about 38.05% are download sites and the other 61.95% are hopping sites(incl. BlackHat SEO). As you can see domains from United States are domanated most of the malicious URLs, ranking #2 is South Korea and #3 is China. For more details, please see the following table and charts.

 

                          Figure 1: Distribution by Domains

 

   

                           Figure 2: Distribution by Types

 

                

                         Table 1: Detailed Distributions

 

 By AegisLab

[ General ] 29 December, 2011 17:24

Lionic AegisLab 2012 Security Threat Predictions


    Happy new year to Lionic AegisLab fans. As Santa is just leaving and 2012 is coming, no matter whether it's end of time or end of the world next year, we have to survive on the Internet :-)

 

    In 2011 predictions, we told you that mobile malwares and infrastructure targeted attacks are increasing, and actually it did! And now for the coming year, based on AegisLab research and investigation, we give the advise on the following trends and remedies to protect yourself from being compromised.


1. Mobile Malwares

    In 2011, we faced the threats from mobile devices(smartphones or tablets), such as DroidDream, DroidKungFu and Genimi. The mobile malwares are not like PC viruses infected the other mobile devices proactively, but have the following behaviors:

  • SMS/Call fraud
  • Malvertising
  • Fake famous app (icon seen like Angry Birds or some famous apps else.)
  • Botnet
  • Steal sensitive information (GPS location, contact, IMEI and etc) 

Remedy: Always being aware of suspicious apps and never download from untrusted sources.

 

2. HTML 5 and Web Vulnerabilities

    XSS, SQL injection and CSRF are old-fashioned threats, but still in the top ranking of security events. No doubt, HTML 5 will be the next standard of web application, and with its powerful functions, such as COSR(Cross-Origin Resource Sharing), WebSocket and Offline Applicationm, variuous devices and browsers will adopt HTML5 quickly. HTML5 makes apps write once run anywhere (and vulnerabilities everywhere ?)

 

Remedy: Web programmars should have security awareness and use some tools to verify the codes.

 

3. Social Networks

    Most people can't live without Facebook, Twitter or Google+. The social network become part of your life. Hackers know this and try to lure you. Recently, the free $100 Costco gift card is a facebook fake and many people were fooled . Moreover, CSDN and RenRen's DB were hacked and people's account and password were stolen in mainland China.

 

Remedy: Use complicated password and different passwords in different sites. Check the security risk before following the web links.

 

4. Industrial Control System(ICS) for Utilities

    ICS likes SCADA(Supervisory Control and Data Acquisition) controls water, electricity, oild and gas systems which are essential to people's everyday needs. As we know many industrial control systems are not prepared for cyber attacks. Stuxnet and Duqu are kinds of worms attacking on such systerms. SANS ISC unveiled authentication vulnerabilities about Simens SIMATIC HMI(Human Machine Interface) this month. Smart meter is also being targeted by attackers in the rise.

 

Remedy: Secure hardwares and enforced security policies.

 

5. White Cloud or Black Cloud?

    Cloud computing is a hot topic in recent years, for examples AWS, EC2 and MS Azure. First question is "Is it safe and reliable enough?". Second question is people can pay less money to hire a large computing resources and storages. But who knows if the white cloud becomes a black cloud, what will it be? EAAS(Exploit-as-a-service) is to foment the hacker underground economics.

 

    Web storage and personal cloud will be another security issues. It may encourage piracy, host malicious and porn files. Under insufficient security protection, personal sensitive information may be leaked.

 

Remedy: Don't put personal sensitive information on the cloud, even the cloud vendor says it's safe! Who knows ?

 

6. Attack to Non-PC Devices

    Ubiquitous computing is coming, especially IPv4 addresses are exhausted and IPv6 will apply to every internet connected devices, such as IP camera, IPTV setup box and mobile devices. These kinds of Non-PC devices lack of security functions but they need. No matter these functions are embedded into the devices or in front of the devices, you just can't miss them.

 

Remedy: Secure hardwares and robust software designs.

 

7. APT(Advanced Persistent Attack)

    Operation Aurora, Night Dragon, Shady RAT and LURID are APTs. APT is a kind of targeted attack, especially aims Government, Military defense contractor (i.e. Mitsubishi Heavy Industries), Security company (i.e. RSA). US cyber security experts have reported that 12 groups are behind the bulk of China-based cyber attacks stealing critical data from US companies and government agencies. Iran nulclear event is also a APT attack. APT uses social engineering skills and send mails with attaching .DOC, .PDF or XLS files. While innocent people see the mail subject is important and they concerned, the attachment is not a .EXE, and the antivirus scanner doesn't detect it, they will open it without a doubt.

 

Remedy: Install antivirus and double check the attachment which can be done by VirusTotal, even it comes from a trusted source, the mail "From" may be forged.

 

Finally, wish you happily and safely exploring the world!

By Lionic AegisLab

 

Download English ver. PDF

Download Chinese ver. PDF

 

[ General ] 23 December, 2011 15:29
[ General ] 01 March, 2011 16:58

  From 10 Feb. to 13 Feb., the world-wide famous and leading anti-virus company Kaspersky established the international seminar "Cyberthreat Landscape 2010-2011: Outcomes, Trend and Forecasts" in Moscow. About 30  reporters came from world wide join the press tour.

The main speaker Kurt Baumgartner presented the main malware trends and developments in the anti-malware industry in 2010, and forecasts for 2011. As web attacks are increasing, more and more attack methods like spreading techniques, automated exploitation systems and monetization are getting sophisticated. And the top 3 exploitation vulnerabilities in 2010 are Internet Explorer, Adobe Reader and Oracle Sun Java. Besides, as smart phones and tablets like iPhone, Android phone and iPad are getting more popular, they are becoming hot beds for the mobile malwares. Stealing sensitive personal information like account and password, sending unwanted SMS and leaking the GPS location by users. See the following figure.

 

In the technical session,  Andrey Nikishin who is the Director of Cloud & Content Technologies Research presented the Kaspersky cloud technology. Kaspersky uses the so called "hybrid" methods as their core technology. For examples, instead of sending the whole file over the cloud to check if it is infected by virus or not, they just send the partial content or some kinds of "digital fingerprint" to verify. Saving the bandwidth, processing time, local storage, faster reacting time and more powerful detection rate are the key benefits. 

"Ransomware has been a threat for many years, but most threats of this type were cracked in minutes. However, there is also a special type of ransomware that has not yet been broken due to the fact that it is based on strong encryption." Vitaly Kamluk said, who is the Chief Malware Expert, Japan, Global Research & Analysis Team. Of course, the ransomeware are target attacking mobile devices in the next stage as the following figure.

 

 

For more details about "Cyberthreat Landscape 2010-2011: Outcomes, Trend and Forecasts" the world wide press tour, please visit: http://www.kaspersky.com/cyberthreat-landscape-2010-2011.

 

 

AegisLab is the security research and security signature service team locatedin Hsinchu, Taiwan. Our offerings are gateway signature services including IPS, anti-virus, application identification and malicious web link detections, and mobile security for classifying the mobile applications among various platform. With the expertise in embedded and mobile devices, we provide the best economical and effective solutions.

For more information, please visit www.aegislab.com

 

1 2  Next»