Items tagged with Malware
Heck, if you're going to write malware, you might as well protect yourself against piracy, and copyright it, right?Professional virus writers are now selling a suite of software on the Internet with an unusual attachment: a detailed licensing agreement that promises penalties for redistributing the malicious code without permission."I just kind of chuckled — it's kind of humorous," said Zulfikar Ramzan, senior principal security researcher with Symantec Corp.As with any other software, if you're going to install this stuff, read the EULA! According to the article, however, the malware in question is being freely distributed online. Looks like the authors need to call a good lawyer....
Read more...
Sometimes it pays to keep a low profile. Navy and Air Force pilots refer to it as flying under the radar, but IT people refer to the concept as security via obscurity. No matter what you call it, the idea is simple: if you don't draw attention to yourself, you should end up with less problems.In the world of malware this more or less means that it's not worth a developer's time to attack anything but Windows operating systems because of the research/development time versus the potential installed base. Now that Mac OS X is picking up popularity, it seems that it is finally a blip on some radars.“In some cases, attackers will seek to exploit vulnerabilities such as currently...
Read more...
In the long battle between malware creators and companies developing and distributing anti-virus software, there seems to be a clear leader at the moment: the malware creators.This isn't entirely unexpected as one would assume that the anti-virus companies can't possibly guess all the different ways which somebody might be able to exploit vulnerabilities within an OS or software package. While we know that companies such as MacAfee and Symantec have internal teams dedicated to simulating what they believe the next generation of malware might look like, apparently the malware writers are doing much the same thing. They're actively testing their software, and in some cases even developing...
Read more...
Mac OS X malware? It can't be! That OS always purports itself to be so safe. And they're using a favorite type of bait: porn.Intego, a Mac security software company, issued an alert Wednesday warning Mac users of the OSX.RSPlug.A malware, which it describes as a Trojan horse. Those of you familiar with mythology recognize the reference, and OSX.RSPlug.A disguises itself as a video codec that would ensure whatever porn video you just stumbled upon will play on your Mac.But to get infected with the malware, you have to accept the invitation to download "new version of codec," open up the .dmg (disk image) file, click the installer.pkg file, and enter your administrator's password,...
Read more...
In what should probably be a surprise to none, China hosts nearly half of all the world's malware sites. The U.S. places a distant second (but we are trying harder, right?). What's more surprising is the daily number of newly detected malware sites. According to a report released Monday by antivirus company Sophos, China--including Hong Kong--hosted 44.8 percent of the world's infected sites in August. The U.S. ranked a distant second, hosting 20.8 percent of sites that contain malicious code.The number of infected Web pages has also grown. Sophos said it detected an average of 5,000 new infected pages each day in the month of August. Once again, protection, protection, protection...
Read more...
Two years ago the Nopir-B worm was out "in the wild" and deleting MP3s on infected machines, and now it’s W32.Deletemusic’s turn to try doing the same: “The worm spreads via removable flash drives, reminiscent of the way viruses spread via floppy disks decades ago. That may be an attempt by the authors of the worm to bypass e-mail filters and Web gateway filters that block malicious software, Cluley said.Symantec Corp., which calls the worm W32.Deletemusic, said in an advisory that the worm copies itself to all drives on a PC. It also creates an autorun file to start itself whenever a user accesses a drive.” While it’s unknown just who made the new virus at this point, Graham Cluley of...
Read more...
The Harry Potter series of novels is popular, to say the least. It's popular enough to spawn a malware e-mail scheme. An e-mail promising an attachment that contains a copy of the latest wildly anticipated novel "Harry Potter and the Deathly Hallows" contains a virus instead. But at least it's an amusing virus. It attacks USB memory drives to help it spread, and pranks the hell out of the user. A file called 'HarryPotter-TheDeathlyHallows.doc' can be found on infected PCs and once opened the only words inside are: Harry Potter is dead. But it doesn't end there. The worm also creates a number of new Windows users on the computer which are named after the main...
Read more...
There are some very bad people out there in the world. But it goes beyond bad to put malicious code onto Santa Claus' .net webpage. "Nestled all snug in the bottom of his home page was a nice little bit of code containing a badware link," he added. The problem was soon resolved, but alas, while good boys and girls may fall asleep waiting for a visit from St. Nicholas, there's no delay at all when you're dealing with the bad guys. On Friday, malware had again cropped up on the Web site. Stopbadware.org is helping Kris Kringle get the offending code off his site, but you really have to wonder...
Read more...
There is a very interesting story breaking today concerning AMD processors and a new "proof-of-concept" virus. It seems the virus can gain low-level access to hardware and potentially bypass kernel and user-level protection mechanisms. Dubbed W32.Bounds (32-bit) and W64.Bounds (64-bit), the virus is not much of a threat at the moment, as you can see in the threat assessment posted at Symantec. "The worm comes in two versions, targeting 32-bit and 64-bit processors from AMD. Symantec refers to the online pests as w32.bounds and w64.bounds. Because it involves proof of concept code, both viruses are rated as low level threats....
Read more...
