Gotham Security Daily Threat Alerts

By Gotham
Posted in Security
On June 28, 2013

June 27, Softpedia – (International) Gamarue malware-spreading emails purporting to come from Qantas spotted again. Trustwave’s SpiderLabs’ researchers identified bogus emails purporting to come from the Qantas airline company that is sent out by the Cutwail botnet. The messages carry an executable Andromeda bot loader designed to steal financial information from the infected computer once the user unknowingly downloads the malware. Source:

June 27, Help Net Security – (International) Citadel Trojan automatically localizes fraud content. Trusteer researchers discovered a Citadel variant that allows cyber criminals to deliver fraudulent web pages that are automatically customized for the language of each market and brand being targeted by injecting HTML scripts. The malware is able to collect login credentials as well as credit card information for social networks, banks, and major e-commerce sites. Source:

June 27, Softpedia – (International) Facebook fixes SMS-based account hijacking vulnerability. A researcher discovered a flaw that allowed hackers to gain access to any Facebook account by leveraging the feature that allows subscribers to receive updates through a short message service linked to a mobile phone number. Facebook fixed the vulnerability by no longer accepting the flawed parameter from the user. Source:

June 27, Softpedia – (International) Experts say the “DarkSeoul” gang is responsible for cyberattacks on South Korea. Researchers at Symantec believe the DarkSeoul gang is responsible for several attacks against government Web sites and financial institutions in South Korea and operations against the United States. The group uses the same multi-staged, destructive malware tactics that are executed around historically significant dates and are politically themed. Source:

June 26, Softpedia – (International) 92% of mobile malware targets Android devices, Juniper report shows. In their annual Mobile Threats Report, Juniper Networks reported a 614 percent increase of malware threats with 92 percent of the pieces of malware aimed at the Android platform from information collected between March 2012 and March 2013. Source:

June 26, SC Magazine – (International) Maker of Opera browser said its network was hacked to steal code-signing certificate. Opera Software, maker of the Opera browser, neutralized an infection in which attackers made off with at least one certificate that they used to sign malware. The hackers did not compromise any user data but did manage to use the stolen code-signing certificate to distribute malicious software to Windows users running the Opera browser. Source: