The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

Regimes supporters in Syria use spyware against opposition activists

Regimes supporters in Syria use spyware against opposition activists

IT specialist from a Syrian opposition group and a former international aid worker informed that regime supporters in Syria use computer virus to spy on opposition activists. IT specialist, who uses the nickname Susan, said that her computer was also infected by this spyware.

The representatives of Symantec Corporation, who analyzed one of the viruses, informed that it was developed for cyberspionage campaign. The virus sends the information it steals from victims’ computers to a server of a government-owned telecommunications company in Syria.

Dlshad Othman, a software engineer, who supports Syrian opposition activists, but resides outside of the country for his own safety, claims that supporters of dictator Bashad al-Assad rob the identities of activists and then impersonate them in online chats. This helps them to gain the trust of other users, send Trojan horse virus to them and trick them into installing it.

Othman told that dozens of opposition members informed him of their computers being infected by spyware. Two activists sent Othman and his colleague two versions of actual viruses. IT specialists analyzed them, pointing out that one of them was “really complex”. It can hide itself more, Othman said.

According to Vikram Thakur, principal security response manager at Symantec Corporation, who also analyzed the malware, it consists of two parts. One of them points to December 6 and the other to January 16.

Thakur named the simpler virus backdoor.breut.

Susans computer faced more complex virus, which she unwittingly downloaded during her chat with so-called opposition member, whom Susan asked about the needed humanitarian needs of Syrian opposition.

In January, Susan received a call via Skype from someone she believed was a regime opponent, whom she contacted earlier. This man sent her a file, which her interlocutor said would help to prove its really me talking to you and not somebody else.

Susan clicked on the file. It actually didnt do anything, she said. I didnt notice any change at all.

Days later it turned out that the activist Susan thought she had spoken with was in detention. Government forced him to provide his user name and identity in order they could impersonate him online.

Othman also states that some activists, who were detained and released, were forced to turn over their passwords to Syrian authorities.

Othman said that the second virus, which was e-mailed to him by activists, launched the same way as the malware, which Susan faced. Download, open, then nothing, Othman informed. The only thing that the virus does is copying itself into one of the temporary locations.

Susan was not aware of the hack until she lost her Facebook and e-mail accounts a few days after clicking the file, which was sent to her.

Susan gave her laptop to Othman, who claimed that Trojan had logged her key strokes, taken screen shots and looked through folders on her computer. It hid the IP address it sent stolen information to.

The other virus, however, didnt hide the IP address, which received the stolen information. It belongs to Syrian Telecommunications Establishment - the government telecommunications company.

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015