High profile site scares users
We come across a plenty of malware reports every day. Sometimes we have to deal with some special cases, where a respected vendor is involved. This time it was the Dell driver download site.
The "Download file" link leads to this unexpected screen (our user complained about a false positive):
Well, being an average user, I'd be somehow confused as well. But I know where to look, when it comes to Sality. First of all - the file is supposed to be signed with a digital certificate (according to PE header), but there's no valid signature (even the Digital signature tab in the file properties dialog does not appear):
On the other hand, what we can easily find in the file is an evident sign of Sality presence:
The highlighted section has been added by Sality. Fortunately, it has not been filled up with a vital Sality body (it seems to be either wrongly infected or wrongly disinfected), thus the file is not dangerous, but it's definitely something what no one expects at a site with such reputation. Now it is up to Dell, I think that they don't want to distribute this particular file anymore :-).
Innovative and infamous bank fraud groups create new security challenges for banks.
Cybercrooks could easily watch people in private and public spaces via webcams, stream the video directly to the internet, or turn the device into a bot.