PATREONItems tagged with Malware
Since the April 1st Conficker target date came and went, people have been waiting for the other shoe to drop. And on Wednesday night, Conficker downloaded the update that people were expecting, via the P2P functionality that's part of the malware.Dubbed Conficker.e, the new version appears to focus on that all-too-familiar item that malware writers want: money. The new version will terminate on May 3rd, and what Conficker.e did was download other malware to the already infected host computers. Kaspersky Labs notes that it downloads, for example, a rogue antivirus app, Spyware Protect 2009 (above). These type of apps frequently annoy the end user with pop-ups and more until they fork over some...
Read more...
We had all been warned: April 1 was the day that the infamous DOWNAD/Conficker worm was supposed to activate and do its dastardly deeds, whatever they might be. The day came and went without a whimper of Conficker-initiated destruction, although that didn't stop countless media outlets from reporting on it (HotHardware included). Conficker did generate 50,000 domain names and began contacting the domains--as predicted--but no damage was done to infected systems, at least as far as researchers could tell. Other than that, Conficker stayed relatively quiet... That is, until this last Tuesday night... The cyber-sleuths over at Trend Micro have been closely monitoring a Conficker-infected system,...
Read more...
April 1st has come and gone, but researchers are convinced we haven't seen the last of the Conficker worm. While there are ways to determine if you are infected, the Conficker Working Group has posted a simple and visual aid to help as well. The Conficker Working Group is a group of organizations that have joined forces to fight the Conficker worm. According to the site, the work on the "test" was Joe Stewart from SecureWorks. All you have to do is go to the page and view the images there, and compare them to the table of results. It will indicate if you have Conficker A, B, C or none of the above. The test uses the fact that Conficker blocks certain security Web sites. The logos are derived...
Read more...
60 Minutes is a great show, for the most part (and let's not forget it has Andy Rooney!), but a report Sunday night on the Conficker worm titled "The Internet is Infected" is probably the definition of hyperbole. The report, a full transcript of which is here, and a video below, was designed to alarm, and I'm sure it did. The title alone is alarming, but what it doesn't address, and what the report fails to mention is the following: Conficker only affects Windows PCsIt exploits a vulnerability in Windows that Microsoft patched in October (in an emergency patch, no less). If you have patched your PC, you are safe.If you are running a current, up-to-date antivirus (AV) software, you will be safe,...
Read more...
After a 10-month cyber espionage investigation, researchers have found 1,295 computers in 103 countries with software that is capable of stealing information from high-profile targets such as the Dalai Lama and government agencies around the world. In the report published today by Information Warfare Monitor, a Toronto-based organization, we learn the affected computers include embassies belonging to Germany, India, Romania, and Thailand as well as the ministries of foreign affairs for Barbados, Iran, and Latvia. The infected computers acted as an illicit information-gathering network. Researchers observed sensitive documents being stolen from a computer network operated by the Dalai Lama’s organization....
Read more...
TinyURL is a popular URL shortening service which is frequently used to reduce the length of a URL to something more manageable. Security firm Trend Micro has warned that TinyURL phishing, first reported in February, is becoming more popular and spreading across different languages. An example of tinyURL use would be perhaps a Mapquest link to the San Francisco Botanical Garden in Golden Gate Park, which can be shortened to https://tinyurl.com/aaqgln instead of https://www.mapquest.com/maps?address=1199+9th+Avenue+San+Francisco%2C+Ca+94122. In a phishing scenario, this makes it difficult to mouse over a link to see exactly where it's going. It's also being used in instant messages from your "friends"...
Read more...
Internet security and infrastructure service provider, OpenDNS, and security software provider, Kaspersky Lab, have collaborated to help alert users that their systems are infected by one of the "most widely-spread" worms to come our way, the Conficker worm. The Conficker worm, which is also called Kido and Downadup, first popped up "in late 2008," and according to some reports has already infected "as many as 15 million computers around the world." Conficker infects systems by taking advantage of a known vulnerability in the Windows' Server service in Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. (While a fix for this vulnerability has been available...
Read more...
Using a combination of social engineering and malicious software, an innovative new way to get people to install malware on their computers has recently popped up, and it all starts with finding a flier on your car's windshield stating that your car is illegally parked. The fliers are fake, but they prey on people's fears by stating, "PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to website-redacted." These fake fliers started appearing on windshields in the Grand Forks, North Dakota area a few days ago. Credit: SANS InstituteIt is not clear how many vehicles had been targeted or...
Read more...
Security software company, AVG Technologies, reports that as many as 300,000 new, unique Websites launch every day, whose sole purpose is to infect visiting computers with malware. Not only has this number jumped up from as many as 200,000 only three months earlier, but many of these sites stay active for only a short period of time--sometimes just a day or two--giving them just enough time to infect enough PCs, but then disappear before they are routed out or blacklisted. Credit: AVG TechnologiesIt is the transient nature of these online threats that AVG claims makes them so dangerous and difficult to track and detect. Many of these "here today, gone tomorrow" sites enlist "drive-by...
Read more...
Mac-based security software company, Intego, is warning that a Trojan horse targeting Macs is actively out in the wild and that at least 20,000 users have already downloaded (although not necessarily installed) infected software. The Trojan horse has the name OSX.Trojan.iServices.A and it is piggybacking on pirated copies of Apple's new iWork '09, which users are downloading via BitTorrent. The Mac OS, which is at least partially based on BSD UNIX, is typically regarded as a relatively safe haven from malware. Not that the Mac OS hasn't seen its share of malware, but nothing that even comes remotely close to the sheer volume of malware that has targeted Windows PCs. Part of this is a result of...
Read more...
Lavasoft, developer of the long-time entrant in the spyware detection arena, Ad-Aware, has released a stand-alone antivirus application. The new product, Lavasoft Anti-Virus Helix is based on technology from antivirus vendor Avira. It's interesting that Lavasoft would make this move shortly after Microsoft's announcement to drop OneCare and replace it with a simplified free product in the second half of next year. Additionally, the AV market is rather crowded, though obviously, the development of this product was long underway prior to the Microsoft announcement. Pricing is reasonable, with a 1 year license for $23.95. Multi-year and multi-PC licenses are available as well. Right now they also...
Read more...
It's long been asserted that Apple computers are invulnerable to viruses. This has not been because the OS is flawless, but rather because hackers focused on the more popular OS: Windows, as well as the fact that most hackers had Windows machines. But no longer.With increased popularity has come increased vulnerability. And with that, Apple has actually begun recommending antivirus software for its users.Apple added a KB article to their site on November 21st. The article, titled "Mac OS: Antivirus utilities," says: Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process...
Read more...
October might officially be National Cyber Security Awareness Month, but based on the online security reports that have come out this July, it appears that Cyber Security Awareness is actually being promoted a few months early this year. First McAfee released its report on the lack of security measures being taken by small and medium businesses in the U.S. and Canada, and now security company, Sophos has just released its extensive snapshot of the state of worldwide, online security for the first half of 2008 with its Security Threat Report. Based on the information collected by SophosLabs--which included receiving "approximately 20,000 new samples of suspect software every single day"--Sophos...
Read more...
Security company Finjan recently proclaimed that it detected over 1,000 different Website domains had been compromised during the first two weeks of June by a known malware toolkit, "Asprox," which has been around for over a year (according to Symantec). "… a new round of mass Web attacks has started during May 2008. Hackers successfully compromised a large number of government and top businesses websites worldwide to infect visitors with malware. The attack toolkit being used (which is aliased as "Asprox") has been around for [a] few years; however, during the last year we have noticed a rise in the number of attacks using it. The attack toolkits is designed to first search Google for webpages...
Read more...
Heck, if you're going to write malware, you might as well protect yourself against piracy, and copyright it, right?Professional virus writers are now selling a suite of software on the Internet with an unusual attachment: a detailed licensing agreement that promises penalties for redistributing the malicious code without permission."I just kind of chuckled — it's kind of humorous," said Zulfikar Ramzan, senior principal security researcher with Symantec Corp.As with any other software, if you're going to install this stuff, read the EULA! According to the article, however, the malware in question is being freely distributed online. Looks like the authors need to call a good lawyer....
Read more...
Sometimes it pays to keep a low profile. Navy and Air Force pilots refer to it as flying under the radar, but IT people refer to the concept as security via obscurity. No matter what you call it, the idea is simple: if you don't draw attention to yourself, you should end up with less problems.In the world of malware this more or less means that it's not worth a developer's time to attack anything but Windows operating systems because of the research/development time versus the potential installed base. Now that Mac OS X is picking up popularity, it seems that it is finally a blip on some radars.“In some cases, attackers will seek to exploit vulnerabilities such as currently...
Read more...
In the long battle between malware creators and companies developing and distributing anti-virus software, there seems to be a clear leader at the moment: the malware creators.This isn't entirely unexpected as one would assume that the anti-virus companies can't possibly guess all the different ways which somebody might be able to exploit vulnerabilities within an OS or software package. While we know that companies such as MacAfee and Symantec have internal teams dedicated to simulating what they believe the next generation of malware might look like, apparently the malware writers are doing much the same thing. They're actively testing their software, and in some cases even developing...
Read more...
Mac OS X malware? It can't be! That OS always purports itself to be so safe. And they're using a favorite type of bait: porn.Intego, a Mac security software company, issued an alert Wednesday warning Mac users of the OSX.RSPlug.A malware, which it describes as a Trojan horse. Those of you familiar with mythology recognize the reference, and OSX.RSPlug.A disguises itself as a video codec that would ensure whatever porn video you just stumbled upon will play on your Mac.But to get infected with the malware, you have to accept the invitation to download "new version of codec," open up the .dmg (disk image) file, click the installer.pkg file, and enter your administrator's password,...
Read more...
In what should probably be a surprise to none, China hosts nearly half of all the world's malware sites. The U.S. places a distant second (but we are trying harder, right?). What's more surprising is the daily number of newly detected malware sites. According to a report released Monday by antivirus company Sophos, China--including Hong Kong--hosted 44.8 percent of the world's infected sites in August. The U.S. ranked a distant second, hosting 20.8 percent of sites that contain malicious code.The number of infected Web pages has also grown. Sophos said it detected an average of 5,000 new infected pages each day in the month of August. Once again, protection, protection, protection...
Read more...
Two years ago the Nopir-B worm was out "in the wild" and deleting MP3s on infected machines, and now it’s W32.Deletemusic’s turn to try doing the same: “The worm spreads via removable flash drives, reminiscent of the way viruses spread via floppy disks decades ago. That may be an attempt by the authors of the worm to bypass e-mail filters and Web gateway filters that block malicious software, Cluley said.Symantec Corp., which calls the worm W32.Deletemusic, said in an advisory that the worm copies itself to all drives on a PC. It also creates an autorun file to start itself whenever a user accesses a drive.” While it’s unknown just who made the new virus at this point, Graham Cluley of...
Read more...
The Harry Potter series of novels is popular, to say the least. It's popular enough to spawn a malware e-mail scheme. An e-mail promising an attachment that contains a copy of the latest wildly anticipated novel "Harry Potter and the Deathly Hallows" contains a virus instead. But at least it's an amusing virus. It attacks USB memory drives to help it spread, and pranks the hell out of the user. A file called 'HarryPotter-TheDeathlyHallows.doc' can be found on infected PCs and once opened the only words inside are: Harry Potter is dead. But it doesn't end there. The worm also creates a number of new Windows users on the computer which are named after the main...
Read more...
There are some very bad people out there in the world. But it goes beyond bad to put malicious code onto Santa Claus' .net webpage. "Nestled all snug in the bottom of his home page was a nice little bit of code containing a badware link," he added. The problem was soon resolved, but alas, while good boys and girls may fall asleep waiting for a visit from St. Nicholas, there's no delay at all when you're dealing with the bad guys. On Friday, malware had again cropped up on the Web site. Stopbadware.org is helping Kris Kringle get the offending code off his site, but you really have to wonder...
Read more...
