Thursday, June 27, 2013 hacked - distributed malware to probably thousand of users

I don't usually report about this stuff, but this is rather serious issue. Haven't been using Opera browser for many months now, but I know that a lot of other people do.

According to a post on the Opera Security Blog, the company suffered on June 19th “a targeted attack on  internal network infrastructure”. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser. - source: Avira TechBlog

What Opera is describing here is the nightmare of any company having millions of users:
  • internal network breached
  • signing certificates stolen
  • certificates used to sign malware
Can it go worse? Yes, it can.
  • the website distributed automatically company signed malware to their users:
It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software.

If you are / or were using Opera:
  • uninstall Opera
  • install a serious antivirus software; I strongly recommend Avira from here. (I'm a Avira Internet Security user for many years)
  • do a complete system scan
  • if you see a detection of TR/Ransom.GR.1 or any of the malware names below (*), then you’ve been affected, let the scanner remove all the files found.
  • a screen locking ransomware impersonating the local authorities (detected as TR/Ransom.GQ.1)
  • an information stealing trojan (detected as TR/Kazy.adag)
  • a backdoor which allows that communicates with several remote servers and may allow 3rd party control of the infected system. (detected as BDS/ZAccess.BS)

No comments:

Post a Comment