Search the Community
Showing results for tags 'micro'.
Found 4 results
Dropbox strikes back against Bartalex macro malware phishers Dropbox has struck back against a hacker group using its cloud storage services to store and spread the Bartalex macro malware. Trend Micro fraud analyst Christopher Talampas reported uncovering the campaign while investigating attacks targeting the Automated Clearing House (ACH) network used by many businesses for electronic funds transfers in the US on Tuesday. A Dropbox spokesperson later told V3 that the firm is aware of the campaign and has already taken action against the hackers. "We're aware of the issue and have already revoked the ability for accounts involved to share links since they've violated our Acceptable Use Policy," said the spokesperson. "We act quickly in response to abuse reports submitted to email@example.com, and are constantly improving how we detect and prevent Dropbox users from sharing spam, malware or phishing links." The use of Dropbox links containing the Bartalex macro malware reportedly makes the campaign particularly dangerous. "Instead of attachments, the message this time bore a link to ‘view the full details'. By hovering over the URL we can see that it redirects to a Dropbox link with a file name related to the supposed ACH transaction," read Trend Micro in an advisory. "The URL leads to a Dropbox page that contains specific instructions (and an almost convincing) Microsoft Office warning that instructs users to enable the macros. "Upon enabling the macro, the malicious document then triggers the download of the banking malware." Trend Micro reported uncovering at least 1,000 malicious Dropbox links hosting the malware during the campaigns peak. It is unclear how successful the campaign has been, although Trend Micro said that the malware has been used to target big name financial institutions including JP Morgan. Trend Micro cited the use of macro malware as a sign that criminals are rehashing old tricks in a bid to get round more modern system defences. "Macro malware like Bartalex is seemingly more prominent than ever, which is an indicator that old threats are still effective infection vectors on systems today," read the advisory. "And they seem to be adapting: they are now being hosted in legitimate services like Dropbox and, with the recent outbreak, macro malware may continue to threaten more businesses in the future." Macro malware is a threat that afflicted older versions of Windows. Microsoft ended the threat with Office XP in 2001 when it tweaked its systems to request user permission before executing macros script in embedded files. Macros are code scripts containing commands for automating tasks that are used in numerous applications. The discovery follows a reported boom in phishing levels. Research from Verizon earlier in April showed that a staggering one in four phishing scams currently result in success. Source
Point-of-sale (PoS) malware has become one of the chief weapons used by attackers to steal credit and debit card data, and now researchers at Trend Micro say they have found yet another threat to add to the list of tools in criminals' toolboxes. The malware is dubbed PwnPOS, and has managed to stay under the radar despite being active since at least 2013. According to Trend Micro, it has been spotted targeting small-to-midsized businesses (SMBs) in Japan, Australia, India, Canada, Germany, Romania and the United States. Trend Micro Threat Analyst Jay Yaneza called PwnPOS an example of malware that's been "able to fly under the radar all these years due to its simple but thoughtful construction." "Technically, there are two components of PwnPOS: 1) the RAM scraper binary, and 2) the binary responsible for data exfiltration," he explained in a blog post. "While the RAM scraper component remains constant, the data exfiltration component has seen several changes – implying that there are two, and possibly distinct, authors. The RAM scraper goes through a process’ memory and dumps the data to the file and the binary uses SMTP for data exfiltration." The malware targets devices running 32-bit versions of Windows XP and Windows 7. One of the keys to the malware's stealth appears to be its ability to remove and add itself from a list of services on the PoS device. "Most incident response and malware-related tools attempt to enumerate auto-run, auto-start or items that have an entry within the services applet in attempt to detect malicious files," Yaneza blogged. "Thus, having parameters that add and remove itself from the list of services allows the attacker to “remain persistent” on the target POS machine when needed, while allowing the malicious file to appear benign as it waits within the %SYSTEM$ directory for the next time it is invoked." PwnPOS enumerates all running processes and searches for card information. Afterward, the stolen data is dumped into a file and ultimately emailed to "a pre-defined mail account via SMTP with SSL and authentication," the researcher blogged. Cybercriminals have increasingly been turning to ready-to-use point-of-sale malware kits. According to security firm Crowdstrike, such kits can cost from as little as tens of dollars to thousands depending upon their complexity. Sursa: securityweek.com
TU Delft researchers design and build the world’s smallest autopilot for micro aircraft Researcher Bart Remes and his team of the Micro Aerial Vehicle Laboratory at the TU Delft faculty of Aerospace Engineering have designed, built and tested the world’s smallest open source autopilot for small unmanned aircraft. A smaller – and lighter – autopilot allows these small flying robots to fly longer, fit into narrower spaces or carry more payloads, such as cameras. That makes them more suitable to be used in for example rescue operations. Remes: “Our aim? Make MAVs so small and light that every fireman can fit one in his pocket. The world’s smallest autopilot The world’s smallest autopilot for micro aerial vehicles – small flying robots that can be used in safety and rescue operations – is called Lisa/S. It weighs 1.9 grams, more than 30 grams less than its predecessor. The autopilot measures 2 cm by 2 cm. Bart Remes, project manager at the Micro Aerial Vehicle Laboratory at TU Delft: “We programmed new software, Superbitrf, that keeps the autopilot connected to a ground station and a normal RC transmitter at the same time.” This combination of functions made it possible to miniaturize the autopilot. Making the autopilot smaller and lighter allows a micro aerial vehicle to stay up in the air longer and carry heavier cameras and sensors. This makes it easier to use MAVs in for example search and rescue operations. Open source The research team have chosen to develop Lisa/s open source to make it possible for users to test it and come up with suggestions for improvement. Making all the details available online also helps to make MAVs easily accessible for all. Remes: “Our aim is to make MAVs as commonplace as smartphones and laptops. Farmers can use MAVs to inspect crops for example. Our dream is that every fire fighter carries a MAV in his breast pocket to use for inspections of collapsed or burning buildings without having to go inside.” MAV Lab The TU Delft Micro Aerial Vehicle Lab researches and designs small unmanned autonomous flying robots. More information: Software on the autopilot: open source autopilot paparazzi Paparazzi Hardware electronics will be sold (from January 2014) by 1 BIT SQUARED - The best source for high end personal UAV hardware. Onboard software paparazzi: Lisa/S - Paparazzi Telemetry module superbitrf: SuperbitRF - Paparazzi Via: Delft University of Technology: Cookie wet