Slashdot Mirror
Researchers Find Hybrid GozNym Malware, 24 Financial Institutions Already Affected (securityintelligence.com)
An anonymous reader writes: Researchers are warning about a new hybrid Trojan -- dubbed GozNym-- which is a combination of Nymaim dropper and the Gozi financial malware. IBM researchers say that the malware has been designed to target banks, ecommerce websites, and retail banking, adding that GozNym has already targeted 22 financial institutions in the United States and two in Canada. A ComputerWorld report sheds more light into it, "Nymaim is what researchers call a dropper. Its purpose is to download and run other malware programs on infected computers. It is usually distributed through Web-based exploits launched from compromised websites. Nymaim uses detection evasion techniques such as encryption, anti-VM and anti-debugging routines, and control flow obfuscation. In the past, it has primarily been used to install ransomware on computers. The integration between Nymaim and Gozi became complete in April, when a new version was discovered that combined code from both threats in a single new Trojan -- GozNym."
Like ZIKA!
But the discussion of "DLLs" does provide a hint.
Which financial institutions got themselves infected? They deserve public shaming and business loss.
As a guy that works in security I can tell you this is just hype by IBM. Merging malware together increases its detectability. What IBM forgot to provide was a malware sample. As you can see, merging malware is a bad idea, since this is ALREADY, a few days after appearing on the market, detected by 41 from 57 AV vendors on VirusTotal. As I said, just IBM press hype. If you have a decent antivirus, even anti-malware exploit kits, then this gets picked up right away. Sample: https://www.virustotal.com/en/...
By "compromised websites", you must mean ad servers, right? The kind the "industry" insist we not block? Well, to be redundant, the safest browser is probably Lynx.
“He’s not deformed, he’s just drunk!”
"When a solution is simple God is answering" - Einstein (In this case "The Lord of hosts" so to speak is answering w/ a simple solution that works doing more for less for more speed, security, reliability & anonymity online) - block this thing's C&C servers + infected websites & poof - no problem!
APK
P.S.=> No questions asked! Blocking malware is it's PRIMARY purpose & it does a hell of a job on that front from any source of it pretty much... apk
APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...
Less power/cpu/ram + IO use & complexity vs. local DNS servers, routers or antivirus w/ less security issues. Compliments firewalls (no layered filtering in hosts + firewalls block less used IP addresses, hosts block more used host-domain names). Antivirus = reactive. Hosts = proactive, blocking infection BEFORE you get it. Gets data via 10 security community sites.
* Proven safe https://www.virustotal.com/en/...
(Code verified by Mr. Steven Burn of Malwarebytes': "I've seen the code, and yes, it is safe" FROM http://forum.hosts-file.net/vi... )
APK
P.S. - Hosts get you more speed (hardcodes + adblocks) & faster vs. addons, security (vs. bad sites/dns security issues), reliability (vs. downed/poisoned dns), & anonymity (dns requestlogs/trackers) vs. other "so-called -solutions'" w/ what you natively have. Unlike Adblock/UBlock/Ghostery, hosts != blockable by ClarityRay/BlockIQ... apk
See subject & this link http://www.govcert.admin.ch/bl... as the "std. fare" article sources often omit this level of detail, so "dig deeper" & you'll see it.
* The MOST problematic part is the DGA but there's MANY "live feeds" of data for that, e.g. -> http://osint.bambenekconsultin... - I'm not sure if THAT one covers this one, but this one ONLY GENERATES 20 new bad domains a day, so it's list SHOULD be small(er) than most are that use DGA methods.
APK
P.S.=> I use that data with APK Hosts File Engine 9.0++ SR-4 32/64-bit https://it.slashdot.org/commen... &/or firewalls (all of it from security research articles, as do many of the data sources in the security community that feed my hosts file program)
Goldman Sacks? Or is mommy calling you?
go big, or go home
Hosts breaks TONS of good stuff, you shitbag spammer.
Hosts blocks CDNs, and with them hosts blocks lots of javascript framework loads. This means perfectly legitimate sites like American Express statements page gets broken because they can't load the needed scripts and there's no error messages or anything to tell you what's up. The page simply doesn't work or is missing information that you don;t even realize is missing, to your detriment.
These hosts lists are effective and promising, but they break so much legitimate stuff that the internet essentially becomes unusable. It's not worth the effort to constantly be identifying issues, finding the responsible hosts entry and then updating a whitelist. It's just a huge pain in the ass.
Did I also mention that hosts slows down your internet? Pages don't load completely, browsers wait to timeout, dependencies aren't met... It all results in a slower browsing experience!
Also APK is a spamming shitbag!
See subject: ,,, With ANY texteditor & copy it from where you saved it to where it's located on the OS you use (in Windows, use Save As Type ALL FILES, not default *.txt type)
I don't know WHOSE hosts you're using but I don't see those problems myself.
Still, go to your source for hosts, & tell them about it to correct it. Most security sites will IF you can justify it validly (like they're not delivering malicious script using it) since Javascript delivers malware like mad so, that's a HUGE downside to it in case you didn't know.
* Stalling ads way, Way, WAY speeds up your webpages, & so does disabling javascript too (which you do NOT need @ most sites & for ones you need it on, like ecommerce for example? Enable it (@ your own risk that is)).
APK
P.S.=> ... & "there ya go" - have you considered decaf? apk
See subject: Simply by right-clicking on its tooltray icon for sites you don't want hosts running on https://it.slashdot.org/commen... & then turn it on for sites you do!
It's right there on the popup trayicon menu!
* :)
(So, have you considered that decaf I told you about in my other post? LOL!)
APK
P.S.=> Some people should be BANNED from the coffee pot I tell you... apk
here comes the drone spy craft that you cant shoot down. everybody knows why this was passed.
There is only one solution, the Government must ban OS X, Android and Linux from the Internet :)
See subject: Reason being is Linux lacks programs Windows has (the reason I don't run Linux is that & not that it's a bad OS - it's not - it just doesn't have as many programs for it) for myself @ least & yes, I am a "windows man".
The lack of programs includes the compiler I built it in, Delphi XE4. Linux used to have Kylix - you can thank Borland for killing it. Why? I have NO idea - Delphi can do code for MacOS X, & ANDROID, a form of Linux too no less.
There is FreePascal & it's Lazarus IDE (very close clone IDE wise & language wise) though. I just might port it one day but today's not that day (& I am not generally "into" helping the competition so to speak - I'm a Windows man & since Windows is the most used, it's the most attacked like Linux via ANDROID is on smartphones).
I can easily port it to MacOS X, but, again - I choose presently not to due to 'helping the competition' to be blunt about it and exporting the program output in hosts will work there too as it would Linux.
The hosts file my program creates runs on all the major OS, including Linux, so that's as close as it gets by copying the output of the program in hosts & using it on Linux presently.
APK
See subject: I'll let a few others here speak for me quoting them:
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually usefulby alexgieg
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
take a look at the APK hosts file engineby SuperKendall
APK
P.S.=> It also does things of value its nearest competitor doesn't in hostsman (hardcoded favorites that speed you up more than just adblocking does) + 64-bit version... apk
See subject: In addition to my other posts to overcome your bs objections:
1.) I filter false positive possibles above & beyond security community sources doing it too (stopping blocking things like search engines, antivirus update sites, & FAR more that *might* get accidentally OR falsely blocked).
2.) Hosts = EASY TO EDIT YOURSELF (far more easily than adblocking addon lists, antivirus rules, or DNS rules) to remove what you don't want blocked.
3.) Hosts file data producers take suggestions for removals of items to block from list (my program has a 'site checkers' toolset in it to run sites you find questionably blocked by to be sure they are NOT in fact, bad)
4.) You can turn hosts off for sites you don't want it running on easily using my program
APK
P.S.=> You're 1 of 4 types that fear my program, & that troll me:
1.) Advertiser
2.) Webmaster
3.) Inferior competitor
4.) Malware maker/Botnet herder
I just blow your "objections" away easily - see above & my other posts