Security Labs
Football enthusiasm can turn into fan frustration - Fraudsters see opportunities online and offline
The upcoming UEFA Champions League final is an absolute highlight for German football fans as well as international football followers. The hype surrounding the "Duel of German Giants" is dr
Scam 1: Sale of non-existing tickets
With just under 90,000 tickets available, the number of tickets is incredibly small considering the number of ticket requests t... Read More »A new bot on the market: Beta Bot - It uses multilingual social engineering techniques to exploit the human user
In the beginning of March 2013, a new bot called “Beta Bot” entered the market. With less than €500, Beta Bot is sold relatively cheap, considering its vast feature list. Even though most of tho
What does it do?
When installed on a system, Beta Bot searches for a list of known security products it is said to target. Upon finding one of those programs installed, the bot starts its attacks as described later in the text. Doing so, it prepares itself to attack the av program by killin... Read More »6 minutes on Twitter - How the real world is influenced by virtual social media
Twitter has become an important source of information. When its access data was stolen, the Twitter identity of news agency Associated Press was misused to distribute targeted misinformation concernin
The example given of the hacked Twitter account belonging to news agency Associated Press (in short AP) is a striking example of how the targeted distribution of misinformation can cause even financial damage. Attackers have long appreciated worldwide virtual platforms and worked out how they can be... Read More »Multi-factor authentication - How many factors do we need?
During the last few months, we have noticed that there is a lot of confusion about the topic of two- and multi-factor authentication. Often when online banking apps or extra security layers are added
To successfully explain the concept multi-factor authentication, it is necessary to describe the different types of authentication. So here comes a tedious piece with definitions.RSA created a good, clear definition of authentication:
“Authentication is a process where a person or... Read More »
Apparent security certificate turns out to be Android malware - Offered app sneakily gains access to mTANs
The fraudsters are targeting Android mobile devices with which users receive mTANs for online banking services. If a user installs the offered app, which was even available in the Google Play store, t
The email
Potential victims receive an email with an impersonal form of address and more or less detailed information about the EV-SSL certification process. G Data SecurityLabs have registered four different email designs so far.Here is a selection of subject lines encountered ... Read More »
Explosions at Boston Marathon inspire cyber attackers - Email promising news turns out to be multi-faceted malware trap
The bomb explosions during the famous marathon in Boston have shocked people around the globe – it is still unclear who is behind them and cyber attackers are shamelessly exploiting this fact. They
The email
The structure of the displayed URL is always the same:http ://IP-address/news.html or http ://IP-address/boston.html
Primed browser extension delivers unwanted Facebook likes - PHP:FakeExt-A [Trj] catapulted into the MII Top 10 in March
A primed browser extension works in the background every time a website is opened, almost without the user noticing. The unaware users see mysterious "likes" in their personal accounts, but
How the update gets into the browser
