30/Nov/2017
TERDOT – Based on the 2011 ZeuS source code.
The Terdot trojan based on the ZeuS source code has been active since mid-2016 and is capable of stealing browsing information, injecting an HTML code in visited web pages and operating an MITM proxy.
It has been found that the highly-customised Trojan can also eavesdrop on and even modify traffic on most social media and email platforms. The malware also has automatic update capabilities that allow it to download and execute any files as requested by its operator. This essentially means the malware can develop new capabilities on the go as well. The trojan roots itself in many places so is also notoriously difficult to remove.
Like most malware attacks, Terdot also begins with a phishing email that appears to contain a PDF file. However, clicking on that file executes the JavaScript code to download and run the malware on the disk. To evade detection by security software, the malware downloads the malware in pieces using common and legitimate software to cloak as well as to spread its reach using tools such as the Sundown Exploit Kit. The trojan seems to target banking applications and traffic specifically as well as social media.
MacOS Security Flaw
The MacOS operating system used by Mac’s across the world were found to be vulnerable as a flaw in macOS High Sierra was discovered on Tuesday 28 November 2017 that allows root access to a Mac without the need for a password. This vulnerability allows anyone to adjust settings on the target Mac just by entering root as the user name – no password is required.
For example, the user could access your Security & Privacy settings in System Preferences, enter root as User Name, without any need for a password, and gain all the administrator rights. Allowing them to change the user password, change your settings for downloading applications and more, the first time they attempt to log in, it won’t work, however if they keep trying eventually they will be granted access eventually after a few attempts.
The flaw was patched and available on Apple’s website within 48 hours, although the update was not pushed out automatically until a few days later.
The MacOS update version affected was High Sierra, 10.13.0 although, when High Sierra, 10.13.1 was released it was found the patch had been reverted back so that the OS was again left vulnerable, this again could be patched with the previous file provided by Apple however it was not made clear for the patch to become effective a reboot was required.
Black Friday online seasonal scams
Although lack Friday is mainly a US tradition of the Thanksgiving holiday weekend, Black Friday has been adopted in the UK by many retailers who heavily discount goods to kick start the Christmas shopping season.
The surge of bargain hunters seeking good deals on the high street and online inevitably attracts criminals looking to exploit this seasonal activity by setting up phishing sites.
Last year, victims reported losing nearly £16 million to Christmas shopping fraudsters, increasing from £10 million lost the year before. Responding to Action Fraud reports over last year’s festive period, the City of London Police requested the suspension of 658 websites, emails addresses and telephone numbers that fraudsters were using to commit their crimes.
The City of London Police have put up online awareness training to try and educate people to think before they buy online to verify the source of the products.
Author: Taran Ranger, CyNation
contact@cynation.com
+44 020 3190 5000
PopHub Leicester Square
41 Whitcomb Street
London WC2H 7DT
contact@cynation.com
Oude Udenseweg 29
5405 PD Uden
The Netherlands