Custom-designed malware a growing market | Security – InfoWorld

Cyber criminals are selling made-to-order malware plug-ins to steal personal information from online banking customers, a reflection of a maturing black market in which the best developers can demand the highest prices, security vendor Trusteer says.

Depending on the sophistication, the Web-inject plug-ins cost as much as $2,000 and support several malware platforms, such as SpyEye, Zeus, and Ice IX, Trusteer says. More generic Web injects sell for as little as $50.

via Custom-designed malware a growing market | Security – InfoWorld.

Enterprise Support – Symantec Corp. – Malware is causing network printers to print random ASCII characters

A threat is saving files into the printer spooler directory – certain printer applications are set to print any files appearing in this directory, including the binary in the form of ASCII characters. This situation may be overwhelming printers, rendering them unusable, and impacting business operations. The printing of random binary data is likely a unintended side effect of the threat.

via Enterprise Support – Symantec Corp. – Malware is causing network printers to print random ASCII characters.

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attackers website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.

via Microsoft Security Advisory 2719615: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution.

US-CERT warns of guest-to-host VM escape vulnerability | ZDNet

The U.S. Computer Emergency Readiness Team CERT has issued an alert for a dangerous guest-to-host virtual machine escape vulnerability affecting virtualization software from multiple vendors.

The vulnerability, which affects 64-bit operating systems and virtualization software running on Intel CPU hardware, exposes users to local privilege escalation attack or a guest-to-host virtual machine escape.

via US-CERT warns of guest-to-host VM escape vulnerability | ZDNet.

The Flame: Questions and Answers – Securelist

Duqu and Stuxnet raised the stakes in the cyber battles being fought in the Middle East – but now we’ve found what might be the most sophisticated cyber weapon yet unleashed. The ‘Flame’ cyber espionage worm came to the attention of our experts at Kaspersky Lab after the UN’s International Telecommunication Union came to us for help in finding an unknown piece of malware which was deleting sensitive information across the Middle East. While searching for that code – nicknamed Wiper – we discovered a new malware codenamed Worm.Win32.Flame.

via The Flame: Questions and Answers – Securelist.

ISC Diary | How to test OS X Mountain Lions Gatekeeper in Lion

While I started working on comparing various OS X hardening guides see the prior diary from a couple of days ago, Apple announced one important new security feature in OS X 10.8 Mountain Lion. The new operating system to be released this summer will include a white listing system based on iOS. iOS has received a lot of criticism for its closed nature, but so far, I have to admit it has worked pretty well. We have heard very little about iOS malware while Android malware appears to start steal the show from Windows malware it got a while to go, but all the news lately appears to be about Android malware.

via ISC Diary | How to test OS X Mountain Lions Gatekeeper in Lion.