Items tagged with trojan

The Mac Security Blog from Intego, a Mac security software developer, has posted a security memo warning users of a new Trojan, dubbed Flashback, that is infecting OSX based systems. The Flashback Trojan masquerades as an Adobe Flash Player installer, and if an unsuspecting user downloads the file package and ultimately installs the Trojan, it will deactivate some security software, delete the installation package itself, install auto-launch code, and place a library in the /Library/Preferences/ folder that’s used to inject code into applications launched by the user. The Trojan then connects to a remote server and sends information about the infected Mac, including the machine’s... Read more...
A newly discovered Android Trojan can record not just the times and numbers for incoming and outgoing calls like its predecessors did, but the actual calls themselves. The malware, which was uncovered by a CA Technologies researcher, records calls in AMR format, and then stores the recorded call in a directory listed as shangzhou/callrecord on the SD Card. The malware also drops a configuration file that contains key information about a remote server and the parameters necessary to communicate with it. It's possible, therefore, that the malware can upload the recorded calls to a server maintained by the attacker. The Trojan was tested in "a controlled environment with two mobile emulators running... Read more...
While much attention is focused on Facebook scams and trojans involving Osama bin Laden's death, Facebook users should be aware of another new way scammers are spreading links to rogue sites.  They have begun to circulate convincing links claiming to be stories from Wired News about the iPhone 5. This scam takes advantage of Facebook’s new social plugin for websites that allow for comments, M86 Security Labs reports.   If a Facebook user clicks on the link, the user is instead sent to a random .info site. M86 says it has documented over 10 of these sites for this particular scam. Once there, the user is asked to answer a CAPTCHA-like verification form, such as "what is 3 + 2?",... Read more...
Security firms have issued fresh warnings against malicious trojans in the wake of Osama bin Laden's death and the wedding of England's Prince William. Malware authors have already seized on both events as bait for their own malware hooks and are using the promise of unseen photos/video to snare the unwary. This type of attack and the speed with which it's organized have become commonplace in recent years—when the former Prime Minister of Pakistan, Benazir Bhutto, was assassinated, trojans baited with information regarding her appeared within 24 hours. Since then, hurricanes, elections, and holidays have all been variously tapped as attack vectors. According to Fabio Assolini, a lab expert... Read more...
Samsung is taking it on the chin after revelations that a keylogger was found by a Network World writer, on not one but two Samsung computers. Because of the placement of the files in the same location, the writer, security consultant Mohammed Hassan, says in fact that this may be something intentional that Samsung is doing. According to Hassan, he spoke to a Samsung supervisor. That supervisor: [...] confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used." This whole incident makes little sense, however. For one, the keylogger, StarLogger, is pretty old (2004). It is therefore readily... Read more...
One of the most active spam bots, Asprox, has a new gimmick for a Trojan it's been e-mailing around for the past six months: Facebook. Its botmasters are trying to cash in on last week's blocked accounts and unfriending frenzy. Wednesday, November 17, was National Facebook Unfriend day, the brainchild of late night talk show comedian Jimmy Kimmel. However, the day before, Facebook confirmed that it was automatically disabling accounts it found to be suspiciously "fake." In the process it said a "bug" made it also disable a bunch of real users' accounts. Lots of information and disinformation began to promptly circulate about the accounts being blocked because Facebook required users to scan and... Read more...
Malware has been implicated as a contributing factor in a Spanair plane crash that killed 154 people two years ago Friday. The crash of Spanair flight JK 5022 occurred just after takeoff, two years ago, on August 20, 2008. The crash was Spain's deadliest in 25 years. Only 18 of the 172 passengers and crew survived. The plane, a McDonnell Douglas MD-82 aircraft, was taking on from Madrid's Barajas Airport on a scheduled flight to Las Palmas. While not directly involved in the crash, the malware affected the mainframe that monitors technical problems on the plane, according to the Spanish language paper El Pais. An alarm is supposed to sound if three similar technical problems are registered on... Read more...
Microsoft's new Security Essentials anti-malware product has just gone live. The site has been updated in the past hour or so, since we last checked it, and users can now download Microsoft Security Essentials for 32-bit Windows XP, and 32- and 64-bit Windows Vista/7. That's correct, in case you're wondering. There is no support for 64-bit Windows XP, at least for now. Microsoft's reasoning behind the free security software is, according to the company, to be sure that users in emerging markets are protected, as many of those users can't afford to buy antivirus software. As you probably know (and as Apple loves to trumpet), malware writers focus their efforts on Windows (understandably, considering... Read more...
Razer, one of the leading manufacturers of gaming mice, was giving out malware with their drivers, according to a post on security firm Trend Micro's website. According to Trend Micro, a large number of the device drivers which were earlier downloadable at the Razer support site were infected with a Trojan. The infected drivers run the proper installer, but then dropped a copy of WORM.ASPXOR.AB in the System directory. According to Trend Micro, the malware had very low detectability, with only 7 out of 41 vendors offering "generic detection." In a way, it's hard to believe detectability was so low. ThreatExpert received a submission on the trojan on August 20th, 2009, over a month ago. Trend... Read more...
For years, many people have believed that Macs are immune to malware, viruses, and worms that have wrought havoc on PCs. In reality, however, OS X is potentially just as vulnerable to harmful programs. The difference lies in the fact that hackers generally go after what will give them the biggest bang for their buck. Traditionally, that has meant targeting PCs because they run on a more prevalent OS. Given OS X’s small market share in comparison to Windows systems, Macs are less likely than PCs to be attacked. Since Macs are quickly gaining market share and status, however, they’re finding themselves under more frequent attacks. Apple has even alluded to this, having previously recommended that... Read more...
If you're running Mac OS X 10.4 or 10.5, there's a nasty Trojan horse out in wild that antivirus firm SecureMac has spotted being distributed from a hacker website. Taking advantage of a vulnerability of the Apple Remote Desktop agent, the Trojan does every sort of bad thing to your computer.According to SecureMac, the Trojan runs hidden on a Mac and allows a malicious user complete remote access. The Trojan can transmit system and user passwords, and avoid detection by opening ports in the firewall and turning off system logging. The AppleScript version, SecureMac reported, can also log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing.The... Read more...
Romanian antivirus firm, BitDefender, claims to have discovered malicious code in Google's AdSense service.  Google has been swift to respond:Google said on Wednesday: "We have canceled customer accounts that display ads redirecting users to malicious sites or that advertise a product violating our software principles.""We actively work to detect and remove sites that serve malware in both our ad network and in our search results. We have manual and automated processes in place to detect and enforce these policies."Being proactive against malware is an uphill battle to be sure, and Google certainly has their work cut out for them.... Read more...
In late November, the Justice Department announced that they'd lived our dream: they got their hands on eight people that had infected unsuspecting computer users with Trojan Horse applications. InfoWorld profiled each of the perps, and it's fascinating to see the various ways they committed their crimes -- and the reasons they said they did it. Those range from plain old larceny to perceived slights on message boards. Look at bot-herder Gregory King: The owners of the Web sites that the 21-year-old King harassed alleged in court filings that he engaged in a campaign of harassment, intimidation, threats, and finally massive DDoS attacks. Using the online monikers Silenz and GregK to... Read more...
Researchers at SecureWorks have found a massive cache of sensitive data from over 46,000 victims of a Prg Trojan variant.  What's odd about this particular case is that not only did they find lots of private data, but where the data came from. “Experts at the Atlanta-based security company said the information includes bank and credit card account numbers, social security numbers and passwords. The victims were infected—and in numerous cases re-infected—by ads on popular, online job sites, including Monster.com during the past three months.” The fact that the virus was getting around via a top-tier job hunting site, such as Monster.com, is quite disturbing.  What's even more disturbing is... Read more...
Warning: After reading the following story from ZDNet, you may never be able to watch funny flash videos on the web without worrying: "Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said Wednesday.  Increasingly the actual code, often JavaScript, used to attack PCs is hidden in Flash animations or scrambled so that anyone who examines the source of a page can't easily identify it, said Jose Nazario, a senior software engineer at Arbor Networks, in a presentation at the CanSecWest security confab here." It's really amazing to see just how clever some of these attacks are getting, and also a bit unnerving. Perhaps... Read more...
Prev 1 2