O Cyber Newsletter é um documento com notícias seleccionadas ...


Dec 3, 2013 (5 years and 1 month ago)



Cyber Newsletter

é um documento c
om notícias


pela Equipa
ultidisciplinar de Garantia da Informação

do Gabinete Nacional de Segurança

sobre Ciber

em que se optou

por manter a língua original dos artigos
A grande fonte de
ção de
informação é


NATO Information Assurance




em Mons

e muita

a informação


também p
oderá ser obtida directamente

World Wide Web através dos






Is the hybrid cloud the future for enterprises?


While the public cloud remains important to IT decision
makers at

UK and US enterprises,
the limitations of using this type of platform as a one
all solution are becoming
more apparent. According to a Rackspace survey, these limitations are leading many
respondents to turn to a hybrid cloud infrastructure (i.e
. public cloud, private cloud and
dedicated servers working together in any combination) for certain applications or

SANS: Internet of Things Must Drive Fresh Security

from www.infosecurity

From home thermostats and alarm systems to personal medical devices, the penetration of
connected devices into hom
es, cars and other new areas brings with it significant security
risks by virtue of having so many more things communicating online. Granted, it’s unlikely
that anyone would be sending a car an email with a malicious executable, but that doesn’t
mean there

aren’t threat vectors for hackers to exploit. However, because this so
“Internet of Things” (IoT) is still in its infancy, the security community does have a chance
to build in new and better approaches to security, to head off big issues at the pa


Lancashire County Council and BT venture consolidates

on McAfee security

from www.computerworlduk.com

The £400 million Lancashire County Council and BT networks and telecoms joint venture
has consolidated its security systems into one contract with McAfee.

N.Korea's Vast Cyber Warfare Army

from english.chosun.com

North Korea has about 200 agents who spend their time posting comments online to
undermine South K
orean morale, while the whole contingent of 3,000 cyber warfare experts
under the Reconnaissance General Bureau wage cyber terrorism against the South, a private
South Korean think tank claims.

IBM agrees to purchase security firm


from www.techspot.com

IBM has

to purchase security firm

with plans to open a cyber security
software lab. Trusteer is an Israeli
based security
software maker that sells products that
protect the staff and customers o
f financial institutions from hackers and threats that
traditional desktop security software miss.

Firm found using browser plugin
s to inject unauthorized
ads on YouTube

from net

Sambreel, a California
based firm that nearly two years ago has been found using browser
plugins to deliver ads by injecting them into Facebook and Google pages, is up to its old

IBM, Oracle, EMC to be investigated by Chinese
authorities over
security concerns

from www.computing.co.uk

Technology giants IBM, Oracle and EMC are to be investigated by China's Ministry of
Public Security and a cabinet
level research centre amid security concerns relating to the
Prism scandal, according to the offic
ial Shanghai Security News. Former US National
Security Agency's (NSA) employee Edward Snowden had exposed the spy agency's Prism
surveillance programme with documents suggesting that major tech firms like Facebook,
Microsoft and Google had created "back d
oors" that enabled the government to breach the
computer networks of foreign countries like China.



WikiLeaks bluffing, or did it really just post all its
secrets to Facebook?


Someone remind WikiLeaks that the U.S does not respond well to blackmail. We'd think
this was some kind of in
teractive Internet mystery if we didn't know better, but in fact
WikiLeaks has released about 400 gigabytes' worth of mysterious data in a series of
encrypted torrent files called "insurance." And no one can open it.

Germany recognizes Bitcoin as a “private money,”
subject to capital gains tax

from arstechnica.com


response to a query by a member of parliament, the German Finance Ministry has
declared (Google Translate) that it accepts bitcoins as a “unit of account.” The Ministry
added that bitcoins are a sort of “private money” and that mining bitcoins constitutes

“private money creation.” The Ministry also clarified that if a German taxpayer holds
bitcoins for more than a year, then she is exempt from paying the 25 percent capital gains

Hacker posts Facebook bug report on Zuckerberg’s wall

from http://rt.com

A Palestinian information system expert says he was forced to post a bug report on Mark
Zuckerberg’s Facebook page after the social network’s security team failed to recogniz
e that
a critical vulnerability he found allows anyone to post on someone's wall.

platform Frutas RAT delivered via targete
d emails

from www.net

The cross
platform Frutas RAT is being used in a new email phishing campaign targeting
profile finance, mining, and telecom companies as well as governments in Europe and
Asia. The malware gets delivered via emails
spreading political news such as "Obama
Releases Three Declassified Spying Docs", "U.S. Consul General Hart Arrives in Hong
Kong", or "UK
Northern Ireland
Japan InfoSec Agreement"

Cybercriminals add exploit for patched Java flaw to their

from www.computerworld.com

Cybercriminals were quick to integrate a newly released exploit for a Java vulnerability
patched in June into

a tool used to launch mass attacks against users, an independent
malware researcher warned.The exploit targets a critical vulnerability identified as CVE
2465 that affects all Java versions older than Java 7 Update 25 and can enable remote
code execu
tion. The vulnerability
was patched by Oracle

in its June Critical Patch Update
for Java.


Android malware now abusing Google Cloud Messaging
channel, Kaspersky reports



Android malware has started abusing the Google Cloud Messaging (GCM) normally used to
push data to and from legitimate apps as a sneaky command and control channel, Kaspersky
Lab has noticed.

Google delivers patch for Android SecureRandom

from www.net

An Android security engineer has again confirmed the existence of the vulnerability that
made the most popular

wallet apps for the platform open to attack, and offered help
for developers. As a reminder: the poor Android implementation of the Java SecureRandom
class made all private keys generated on Android devices we
ak and easily worked out by

Vulnerability in USB Internet Modems allows hacker to
access Millions of Computers remotely

from thehackernews.c

A USB Internet Modems or Data card, is a type of modem that allows your computer to
receive Internet access using USB Port and connect to a GSM/CDMA network there by
creating a PPPoE

(Point to Point protocol over Ethernet) interface to your computer.

U.S. power plants, utilities face growing cyber

from home

American power plants and utility companies face a growing cyber vulnerability. No U.S
power plant has so far suffered a significant cyberattack, even if small
scale attacks are
nearly constant, but experts say preventative actions

must be taken to ensure safety. Utilities
provide services which, if disrupted for long periods of time, may result in economic chaos
and may even lead to social


Scanning the Internet in less than an hour

from net

Scanning the Internet used to be a task that took months, but a new tool creat
ed by a team of
researchers from the University of Michigan can scan all (or most) of the allocated IPv4
addresses in less than 45 minutes by using a typical desktop computer with a gigabit
Ethernet connection.


15 August 2013 Cyber Attacks


from hackmageddon.com

The first ha
lf of August has gone, so it is time for the Cyber Attacks Timeline summarizing
the main events occurred in this period.

Looks like the massive breaches have decided to
have a break during August. Although the first fifteen days have shown a remarkable
ber of attacks, no huge leaks have been recorded.

The only exception is the latest attack
to the United States Department of Energy (14,000 individuals potentially affected) and the
one targeting the Ferris State University with nearly 60,000 records poten
tially affected

New Zeus variant creates bogus Instagram accounts

from net

If you are familiar with the results of a recently finished study regarding online content
popularity that

that "likes" beget "likes", the fact that people are willing to pay
good money for fake Twitter, Instagram and Facebook followe
rs as well as "likes" and
"retweets" will not come as a surprise.

I asked the NSA for its file on me, and here's what I got

from dailydot.com

I can't shake the feeling that the
National Security Agency

thinks I'm a chu

I mean, I've written a

about them. I've talked to their media contacts. I've been denied
clarifications. I've pored over their press releases and page after page of

that former contractor
Edward Snowden

took from them and leaked to the Guardian's Glenn

Lucrative business: cybercrime

from net

This also extends to the rental of platforms

that enable attacks, such as mail relays that
facilitate the sending of unsolicited email. What’s more, with some of these services there is
even a helpful customer service chat window to help the would
be criminal with a technical
questions they may have

in carrying out their attack.

Winning the War on Cybercrime: The Four Keys to
Holistic Fraud Prevention

from bankdirector.com

Cybercriminals are stepping up their attacks on financial institutions by gaining control of
customer devices

with sophisticated malicious software installed on a computer or mobile
device to secretly read online credentials. The criminals then conduct real
time credential
theft and take over accounts.


LastPass bug leaks plain text passwords

from net

Users of popular password manager LastPass have been a
dvised to update to the latest
version of the software, which incorporates a patch for a recently discovered bug that could
allow attackers to retrieve stored LastPass passwords.

Microsoft Security Bulletin MS13

Vulnerability in Active Directory Federation Services
Could Allow Informat
ion Disclosure (2873872)

from technet.microsoft.com

This security update resolves a privately reported vulnerability in Active Directory
Federation Services (AD FS). The vulnerability could reveal information pertaining to the
service account used by AD F
S. An attacker could then attempt logons from outside the
corporate network, which would result in account lockout of the service account used by AD
FS if an account lockout policy has been configured. This would result in denial of service
for all applica
tions relying on the AD FS instance.

Vuln: Oracle Java SE
1493 Remote Code
Execution Vulnerability

from securityfocus.com

Oracle Java SE is prone to a remote code execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application.

"It Won't Happen Here": Most Organizations in Denial
Over Cyberthreats

from www.infosecurity

Despite it being nearly impossible to avoid news about malware, cyber
espionage and other
cybersecurity woes, it turns out that most organizations are in denial when it comes to the
security of their own IT infrastructure, likely burying thei
r head in the sand when it comes to
the presence of APTs and insider threats. A recent Lancope survey, provided to Infosecurity,
has revealed that nearly two
thirds of organizations believe that they have not experienced
any security incidents over the las
t 12
18 months, or are unsure whether they have or not.

Infosecurity Exclusive: Majo
r Media Organizations Still
Vulnerable Despite High Profile Hacks

from www.infosecurity

The media is a target. The four
month hack of the New York Times last year and the
continuous attacks on the media by the Syrian Electronic Army culminating in

the breach of
the Washington Post last week all demonstrate this. One would expect that major media
outlets would by now have ensured the security of their online presence. This simply has not
happened. Infosecurity spoke to Ilia Kolochenko, CEO of High
ech Bridge. Kolochenko
recently launched ImmuniWeb, an online, automated SaaS
based penetration testing service
designed to make pen
testing affordable to SMEs.


China denies role in cyber
attacks on United States;
Claim themselves victim of hacking

from www.economictimes.indiatimes.com

WASHINGTON: China has rejected allegations tha
t it was behind cyber
attacks on US
industry and government systems, claiming that the Asian country is one of the primary
victims from hacker attacks in the world. "China is one of the primary victims from hacker
attacks in the world. We are faced to seve
re threats coming from those cyber
Chinese Defence Minister General Chang Wanquan told reporters during a joint news
conference with US Defence SecretaryChuck Hagel.

Washington Post email system breached by Syrian
Electronic Army phishing attack

from www.computerworld.com

A raid by the Syrian Electronic Army (SEA) on the Washington Post this week was a
ided by
a successful phishing attack on the one of its journalists, the newspaper has confirmed. But
how did the atttackers penetrate its defences? According to the Post, the attackers gained
access to the Twitter account of an unnamed journalist, using it

to post pro
SEA messages in
the rapid
fire style that has become the group's calling card in numerous other take
overs. In
addition, "for 30 minutes this morning [15 August], some articles on our web site were
redirected to the Syrian Electronic Army's si
te," the paper said in a brief web statement, a
compromise attributed to an attack on business partner, Outbrain

Scanning the Internet in 45 Minutes

from www.threatpost.com

The Internet is a big thing. O
r, more accurately, a big collection of things. Figuring out
exactly how many things, and what vulnerabilities those things contain has always been a
challenge for researchers, but a new tool released by a group from the University of
Michigan that is capa
ble of scanning the entire IPv4 address space in less than an hour.

Russia Setting up Cyber Warfare Unit Under Military

from www.ibtimes.co.uk

Russia is beefing up its cyber security by creating a separate cyber warfare wing under the
military.The army perceives t
hat the internet could become the new theatre of war, says a
senior Russian official in the Research and Development wing of the military. Speaking to
Russia's Echo Moskvy radio, Andrei Grigoryev, chief of the newly
created Foundation of
Advanced Military
Research, said: "The decision to create a cyber
security command and a
new branch of the armed forces has already been made."


Iran accuses US of last year's cyber attacks on country's
oil min

from www.trend.az

The cyber police of Iran has accused the US of attacking Iran's oil ministry website back in
April of 2012, Fars news agency reported. More than a year has passed since the attacks on
Iranian oil ministry's official website, which
have made the website unavailable for several
hours. General Kamal Hadyanfar, the head of Iran's Cyber police told Fars news that the
security measures had to be taken as some foreign users were cut off from the website. He
also went on to say that securit
y experts found a virus on the website, and managed to
neutralize it.

Cyber attack could be next shock to UK banks, warns

from www.c

Cyber attack or disruption could cause the next systemic shock to the UK banking industry
rather than a liquidity crunch, according to the latest report from business consultancy firm
KPMG. While the banking industry has addressed many of

the problems that had led to the
financial crisis in 2008, the report said cyber attacks or massive systems outages represented
new threats. The report noted that banks had suffered a 12% increase in online account fraud
in the past year and that six majo
r US banking institutions had suffered website outages in

International hackers launch cyber attack on council

from www.thisissurreytoday.co.uk

The hacktivist collective Anonymous posted a sarcastic message defend
ing the detention of
Guardian journalist Glenn Greenwald’s partner David Miranda at Heathrow airport last
weekend. The message posted by Anonymous on Mole Valley District Council's website on
Sunday Hours after the incident the hackers posted a statement o
n the council’s website
releasing the contact information of immediate relatives of U.S. government and military
employees and sarcastically suggesting they might be terrorists.

Attackers use Ramnit malware to target Steam users

from www.computerworld.com.sg

A new variant of the Ramnit financial malware is using local Web browser injections in
order to steal log
in credenti
als for Steam accounts, according to researchers from security
firm Trusteer. Ramnit is a computer worm first discovered in 2010 that spreads by infecting
executable, HTML and Microsoft Office files on the local computer. The malware can steal
browser cook
ies and FTP (File Transfer Protocol) credentials stored locally, but it also
hooks the browser process in order to modify Web forms and inject rogue code into Web
pages, a technique known as a man
browser (MitB) attack.


The dangers of QR codes for security

from www.computerworld.com.sg

A large number of end
user computers are mobile devices and the lion's share of those are
martphones. APTs are increasingly targeting the mobile market. "Mobile malware
increased more than 1,000
percent in 2012 alone," said Catalin Cosoi, Chief Security
Researcher, BitDefender. BitDefender bases this data on analyses of mobile threats it
ts via honeypots. Criminal hackers use malicious QR codes for the same reasons they
use any attack on mobile devices: the mobile market is outpacing PCs, creating a bigger
target; and, these newer, mostly end
user devices (especially smartphones) are the l
likely to carry any security software.

Not So Smart Lights

from www.computerworld.com.sg

The Philips Hue “smart lighting” system uses a device authentication scheme that
anyone with an iPhone control app to issue instructions to the controller via HTTP, a
security researcher said. The vulnerability arises from how the Hue system authenticates
devices, said researcher Nitesh Dhanjani, who wrote a white paper on the s
ubject. It uses a
simple and irrevocable hash of a device’s MAC address to create the authentication token.
“The secret whitelist token was not random but the MD53 hash of the MAC address of the
desktop or laptop or the iPhone or iPad. This leaves open a v
ulnerability whereby malware
on the internal network can capture the MAC address active on the wire (using the ARP
cache of the infected machine),” he said.

Short Password Reset code vulnerability allows hackers
to brute
force many websites

from www.thehackernews.com

Yesterday we received a vulnerability report in web applicati
ons from some unknown Indian
Hacker, who explained that how Hackers are hijacking Mobile recharge and Free SMS
service related websites. He detailed the loophole in password reset process, that could allow
attackers to brute force many high profile website
s that are actually not protected by the
image CAPTCHA verification system, during the password reset process. The hacker used a
Firefox Browser equipped with the Fireforce add
on, a very simple a Firefox extension
designed to perform brute
force attacks o
n GET and POST forms.

Ransomware and Android become tastiest targets for
cyber crooks

from www.v3.co.uk

Ransomware and banking
focused mobile malware are cyber criminals' new must
items, according to security provider McAfee. McAfee reported seeing a marke
d spike in the
number of ransomware and mobile banking attacks active in the wild in its Second Quarter
Threat Report [PDF]. The McAfee report highlighted ransomware as the fastest
attack type, revealing that the number of computer
hijacking malwar
e detected has more
than doubled in the last four months.


NSA surveillance system can listen to 75% of US Internet

from www.net

Another day, another set of revelations about NSA's Internet surveillance capabilities and
practices. Current and former government officials that (pred
ictably) don't want to be named
have shared with WSJ reporters that while the NSA isn't legally allowed to spy on what US
citizens are doing online, the agency's surveillance network is capable of reaching and
rifling through some 75 percent of US Internet

traffic when searching for foreign

Analysis of Poison Ivy remote access tool

from www.net

A new FireEye report highlights the resurgence of Poison Ivy, a malware Remote Access
Tool (RAT) that has remained popular and effective eight years after its original release

acking dozens of Fortune 1000 firms. In conjunction with the research, FireEye is also
releasing Calamine, a set of free tools to help organizations detect possible Poison Ivy

Researchers outwit Apple, plant malware in the App

from www.computerworl

A team of researchers from Georgia Tech has demonstrated how hackers can slip a
malicious app by Apple's reviewers so that it's published to the App Store and ready for
unsuspecting victims to download. Led by Tielei Wang, a research scientist at Geo
Tech's school of computer science, the team created a "Jekyll" app

named for the Robert
Louis Stevenson novella, Strange Case of Dr. Jekyll and Mr. Hyde

that posed as a benign
news reader. Hidden inside the app, however, were code fragments, dub
bed "gadgets," that
assembled to create a proof
concept exploit only after the app was approved by

Google Code Fas
t Becoming Hackers' Malware Mule

from .www.securityfocus.com

A second cyber attack that hides malware in Google Code has been found, according to
Zscaler researchers. Zscaler's Pradeep Kulkarni reported finding the malware, claiming in a
public blog post
that attackers are targeting vulnerabilities in Google's validation procedures.
"Recently we blogged about Google Code hosting malware. Within a month we have
observed a second instance where malicious .jar files are being hosted on Google Code,"
said Kulk


UK Taxpayers Warned of Fake HMRC Emails That
Spread ZeuS Malware

from www.news.softpedia.com

Bogus tax
themed emails are often used against internauts from US in an effort to trick them
into handing over sensitive information, or to g
et them to install a piece of malware on their
computers. However, experts warn that people from the UK should also be on the lookout
for such malicious notifications. A perfect example is a spam campaign that leverages the
name of Her Majesty's Revenue an
d Customs (HMRC). Trend Micro experts say that bogus
VAT return emails are being used to spread ZeuS (ZBOT), the well
known data

Hackers use DDoSes to distract staffers... while nicking

from www.theregister.co.uk

Cybercrooks are running distributed denial of service a
ttacks as a smokescreen to distract
bank security staff while they plunder online banking systems, according to a researcher.
Avivah Litan, vice president at Gartner Research, reports that cyber criminals looking to
attack financial institutions are gettin
g more ambitious by targeting the internal wire
applications of entire banks, instead of individual accounts, and covering their tracks using
simultaneous denial of service attacks against bank systems as a distraction.

Millions stolen from US banks afte
r 'wire payment
switch' targeted

from www.scmagazine.com.au

Criminals have recently hijacked the wire payment switch at several US banks to steal
millions from accounts, a security analyst says. Gartner vice president Avivah Litan said at
least three bank
s were struck in the past few months using "low
powered" distributed denial
service (DDoS) attacks meant to divert the attention and resources of banks away from
fraudulent wire transfers simultaneously occurring.

Microsoft Warns of Permanent Zero
Day Exploits for
Windows XP

from www.infosecurity

When Microsoft announced that it would discontinue support fo
r Windows XP starting on
April 8, 2014, many companies began the long process of transitioning to modern operating
systems like Windows 7 or Windows 8. But there are others that won’t

and the software
giant is raising the spectre of a zero
day onslaught
as a result. After April 8, Windows XP
Service Pack 3 (SP3) customers will no longer receive new security updates, non
hotfixes, free or paid assisted support options or online technical content updates. That also
means any new vulnerabilities dis
covered in Windows XP after its “end of life” will not be
addressed by new security updates from Microsoft.


Cisco goes public with major vulns

from www.theregister.co.uk

Users of Cisco's Unified Communications Manager, UCM instant messaging and presence,
and Prime Central hosted collabo
ration system need to get busy with patches, after the Borg
announced denial
service vulnerabilities across all three platforms. UCM 7.1, Cisco
advises, has an improper error handling vulnerability that can be used in denial
An attacker can
hose the system by sending malformed registration messages.

FBI cyber team claims victory over Anonymous

from http://rt.com

The notorious hacktivist group Anonymous has been essentiall
y neutralized according to the
FBI, which cited a series of arrests as putting a damper on the group’s influence. The FBI
believes that the identification and subsequent arrests last year of five members of “Lulz

described as a powerful player
within the largely amorphous Anonymous

have acted as a “huge deterrent effect,” according to Austin P. Berglas, the
assistant special agent in charge of the bureau’s cyber division in New York.

Security tips for the connected

from www.net

With more than half of families purchasing

electronics this back
school shopping season,
students are using more technology than ever to make the grade.

Report shows growth in Android
based malware

from www.computerworld.com.my

based malware achieved a 35 percent growth rate, according to the McAf
ee Threats
Report: Second Quarter 2013. This growth, according to McAfee Labs, is higher than the
growth in early 2012 and the researchers registered twice as many new ransomware samples
in the second quarter as compared to quarter one.

Poison Ivy RAT in Separate Attacks

from www.isssource.com

When something works, stick with it, and the Poison Ivy remote access Trojan (RAT) is
living up to that old adage as it is not losing favor

with nation states that continue to make it
the center piece of targeted attacks.Three groups of hackers, all with ties to China, are
currently managing campaigns using the RAT to steal data from organizations and monitor
individuals’ activities, said res
earchers at FireEye.

Business booms for cloud encryption provider after
PRISM revelations

from w ww.computerworld.com.au

Cloud encryption provider CipherCloud has seen accelerated growth in the wake of
revelations by whistleblower Edward Snowden of th
e massive level of surveillance of
Internet traffic by the US National Security Agency, according to the company's CEO,
Pravin Kothari. "We've seen a lot of growth specifically in Q2. When that announcement
came out, it was at the beginning of June when Ed
ward Snowden leaked his first piece of
information around PRISM and our end of quarter is the end of July," Kothari said.


Jigsaw Tool Used in Attacks

from www.isssource.com

Security pro
fessionals in companies sometimes perform exercises like and internal phishing
campaign. Along those lines, the professional may have used the open source penetration
testing tool called Jigsaw. The tool enables security teams to automatically generate ema
address combinations from a minimal amount of public information.

The Counter
productive Effect of the Cost of Cybercrime

from www.infosec

The cost of cybercrime is frequently used to justify the cost of security products and the
implementation of new

and invariably more stringent

cyber laws. But what if those
figures are wrong? Could it mean that industry, and government, ge
ts its entire cybersecurity
strategy wrong?

Cybercrooks find ad networks and malware a profitable

from blogs.computerworld

Signing up with an ad network is often the most profitable option for developers of free
mobile apps, particularly games. By agreeing to open up a backdoor, developers get a
portion of the revenue from advertising shown to the smartphone user. That pe
rfect doorway
into the app is starting to attract cybercriminals. Security researchers have reported finding
corrupt ad networks that download malware to siphon dollars from victims.

Faulty software more damaging than cyber attacks:

from www.euractiv.com

The vast majority of
significant electronic systems failures in Europe are caused by faulty
software and botched repair jobs, rather than deliberate cyber attacks, according to a report
by the EU’s computer systems watchdog published yesterday (20 August). The European
Union A
gency for Network and Information Security (ENISA)

which provides security
expertise to the EU

said national regulators reported 79 incidents severe outages of
electronic communication networks or services during 2012.

Malware Reuses Old Technique

from www.isssource.com

The use of the right
left overr
ide (RLO) character in Unicode, a tactic that enables
malware authors to hide the real name of a malicious executable or a registry key, is seeing a
rebirth. Malware writers have been using the RLO technique for years, as it’s a simple and
effective method

for disguising the names of malicious files. Typically, attackers will try to
make their malware appear to be something benign, such as a music player or setup file for a
popular application. The RLO technique helps then accomplish this goal.


Malware Variant Branches Out

from www.isssource.com

A variant of the Ramnit financial malware is using local Web browser injections in order to
steal log
in credentials for Steam accounts, resear
chers said. Ramnit is a computer worm
first discovered in 2010 that spreads by infecting executable, HTML and Microsoft Office
files on the local computer, said researchers from security firm Trusteer.