Trojan
Trojan
A type of malicious software that masquerades as a useful program or file to gain the user's trust and be opened is called a Trojan horse or trojan. Once opened, it executes malicious computer code.
Definitions provided by Wikipedia - The Free Encyclopedia
Trojan Related Products
Websense Web Security (formerly Websense Web Security Suite) protects against spyware, malicious mobile code, phishing attacks, bots, and other threats. Unlike many solutions, it also blocks spyware and keylogger backchannel communications from reaching host servers. Websense Web Security includes Websense Web Protection Services, to provide phishing protection to help guard Web sites, brands, and Web servers.
More information
The ProxyAV 400 Series is a purpose-built solution designed for quick integration with ProxySG 800 for deployment in medium enterprise or distributed environments. It provides scalable performance with a choice of antivirus engines from Sophos and McAfee.
More information
The 3e-010F-C-2/3e-010F-A-2 Crypto Client software provides advanced interoperable 802.11i wireless data security with AES and 3DES encryption. These advanced security options include the standards as established by FIPS 140-2 Level 1 - the Federal Information Processing Standards mandated by the US Department of Defense for use in wireless environments.
More information
The Blue Coat AV510 Series is a purpose-built solution designed for simple integration with Blue Coat SG810 and SG510 series solutions for medium enterprise or distributed environments providing scalable performance with a choice of antivirus engines.
More information
The Blue Coat AV810 Series represents the next generation in highend appliance platforms for enterprise Web AV. The AV810 series is a purpose-built appliance designed for scalable, enterprise performance, enterprise manageability, and factory-built integration with the Blue Coat SG
More information
Prevent viruses from spreading through your network by blocking them at the storage subsystem. Trend Micro ServerProtect for EMC Celerra detects and removes virus from files and compressed files in real time. ServerProtect delivers 24x7 antivirus support and protection with automatic, incremental virus updates. Centralized management of servers via a Web-based console simplifies network protection.
More information
Websense Hosted Web Security (formerly SurfControl WebDefense) provides centralised web malware protection and granular web filtering. The hosted deployment model provides centralised policy management for any type of environment, including those with remote locations, home offices, and mobile laptops. Hosted Web Security provides is a complete solution or can be layered with existing on-premise security to provide additional layers of web malware protection. Guaranteed by industry-leading SLAs, Hosted Web Security eliminates the complexity and uncertainty of managing web-based threats, while simplifying policy administration for all users within the organisation.
More information
Trojan Related Product Families
Trojan Related Industry News
Windows 2000 hit by mysterious attacks Microsoft security experts floored A rash of attacks on Windows 2000 servers has left Microsoft security experts baffled.
The software giant issued a security warning about the attacks, which seem to be based around Trojan horse programs, but unusually the firm has yet to suggest any protective measures.
But more recent missives on the firm's website seem to indicate that the attacks are more likely to be the work of hackers rather than passive worm a......
[more] Worm could be clearing path for DDoS attack The Deloder worm is beginning to spread slowly on the Internet - leaving two Trojan horse programs in its wake A new worm that leaves behind two Trojan horse programs has begun spreading over the Internet, and may be paving the way for a crippling distributed denial of service (DDoS) attack.
The virus -- dubbed WORM_DELODER.A -- has made its way into a large number of machines in China, Japan, Taiwan, Singapore, Hong Kong and the US, Trend Mic......
[more] What's the difference between a viral attack and a scan? Infosec exhibitors were yesterday urged to check their systems for a virus after the performance of the security conference's network took a severe hit.
Exhibitors received an advisory from eForce, which is responsible for the networking and security of Olympia, Infosec's venue, that warned of an attack linked to a Trojan called Deloader.
According to exhibitor MIS Corporate Defence Solutions, the virus had "some effect on the per......
[more] Fizzer Worm Wallops World Complex new virus spreading fast. The Fizzer worm, which first caught security experts' attention last Thursday, is hitting computer users across the globe early this week, spreading through email and popular file-swapping networks.
Tonight on "Tech Live," get the very latest news on Fizzer, and see how to get rid of this new menace.
Security firm MessageLabs says its scanners caught 18,000 email messages containing Fizzer on Monday alone. The virus spreads in m......
[more] Students offered virus writing course Should make for an interesting edition of University Challenge A university course in Canada teaching students how to create computer viruses has been met with derision by angry industry watchers, who believe it will create a pool of future virus writers.
The 'Computer Viruses and Malware' course will begin next autumn at the University of Calgary.
It is described as focusing on "developing malicious software such as computer viruses, worms and Trojan......
[more] New Breed of Trojan Raises Security Concerns Security researchers believe they have identified a new breed of Trojan horse that is infecting machines on the Internet, possibly in preparation for a larger coordinated attack.
However, experts have been unable to pin down many of the details of the program's behavior and are unsure how many machines might be compromised by the Trojan.
The program scans random IP addresses and sends a probe in the form of a TCP SYN request with a window size......
[more] Labour website hacked Security researchers believe they have identified a new breed of Trojan horse that is infecting machines on the Internet, possibly in preparation for a larger coordinated attack.
However, experts have been unable to pin down many of the details of the program's behavior and are unsure how many machines might be compromised by the Trojan.
The program scans random IP addresses and sends a probe in the form of a TCP SYN request with a window size that is always 55808. I......
[more] 'Good' worm, new bug mean double trouble A "good" Internet worm and a new malicious mass-mailing computer virus are creating an enormous amount of network traffic, slowing some corporate systems, security experts said Tuesday. The Internet worm--called MSBlast.D, W32.Welchia or W32/Nachi--started compromising computers Monday and has overwhelmed some corporate networks with its aggressive scans for vulnerable hosts. Meanwhile, a new variant of the mass-mailing Sobig virus, called W32/SoBig.F, to......
[more] Microsoft tweaks, new laws won't make '04 safer Looking back at security issues of 2003 and ahead to 2004 For computer security experts, 2003 started with the Slammer Internet worm and went downhill from there. The year, which included four major worm and virus outbreaks just in August, has been labeled the "year of the worm" and "the worst year ever" by more than one computer security expert.
All that activity meant good news for antivirus software companies, such as Symantec. It was bad ne......
[more] Spam with Trojan horse attacks eBay users Virus authors are using spam e-mails containing a Trojan horse program to help spread the latest version of the Mimail e-mail worm. The latest threat, which targets customers of eBay's PayPal online payment service, highlights a growing trend in which online criminals combine computer viruses, spam distribution techniques, Trojan horse programs and "phishing" scams to circumvent security technology and fool internet users, said Carole Theriault, securi......
[more] Hackers capitalizing on Mydoom's success The worm opens a back door which hacker's could exploit to reap further damage The back door to computer systems opened by the Mydoom e-mail worm is turning into a bonanza for thousands of hackers, who are scanning the Internet furiously for systems infected by Mydoom, antivirus experts said Wednesday.
The opening in the defenses of infected computers could allow malicious hackers to secretly install a Trojan horse program, keylogging software or simp......
[more] Is the Superworm a Mere Myth? Terrorists are not using superworms and other network attacks because they don't reach their target that way," Mikko Hyppönen, director of antivirus research at Finland-based F-Secure, told TechNewsWorld. "Terrorists want to cause fear and panic. You still cause more fear and panic by killing people than by taking down Web sites If one thing is definite about Internet security and worm attacks, say experts, it is that cyber attacks are on the rise in 2004.
Conside......
[more] Spam, scam, spoof and spyware: beware epidemic in Internet empire Spam, the circulation of unwanted electronic messages, is dangerous and expensive for businesses and individuals and is growing uncontrollably on an epidemic scale So says an official report prepared for an OECD-EU meeting on Monday and Tuesday. Confidence in the entire environment of Internet communications and electronic commerce is at risk.
A simple answer is not at hand, says the report which has just been declassified by......
[more] New version of MyDoom appears Internet security companies said Monday that they discovered a new version of the MyDoom e-mail worm circulating on the Internet The new version, MyDoom.C, is a modified copy of the virus that ravaged the Internet in January. Unlike its predecessor, however, the new variant does not use e-mail or the Kazaa peer-to-peer network to spread and is not expected to make much of an impact on the Internet, said managed security services provider LURHQ Corp.
MyDoom.C bot......
[more] Adware ploy dupes IMers with bin Laden 'news' Beware of instant messages bearing news of Osama bin Laden's capture Several victims told CNET News.com on Wednesday that a new Trojan horse advertising program, called BuddyLinks, masquerades as a news Web site with a story on the al-Qaida leader's capture in an attempt to fool users of America Online's instant-messaging program into downloading software and receiving advertising.
Although the software has some of the properties of an Internet w......
[more] Spam seen as security risk Spam is definitely annoying, but corporate customers also see it as a potential security risk, according to a survey released Wednesday The study, commissioned by security software maker Network Associates, surveyed 356 small to large organizations in North America. Questions focused on the effects of unwanted e-mail in the corporate environment.
About 90 percent of companies surveyed agreed that spam makes their companies more vulnerable to security threats. Beca......
[more] Is the Superworm a Mere Myth? If one thing is definite about Internet security and worm attacks, say experts, it is that cyber attacks are on the rise in 2004.
Consider the worldwide effect of highly publicized worms like last year's SoBig series and the recent Sinit Trojan and MyDoom outbreaks. Given the potency of some of these worms, security experts are bracing for what some say is an inevitable attack aimed at certain geographically based IP blocks, like those associated with the United......
[more] Perhaps latest virus was meant to send message Nothing stirs controversy better than issues with conflicting arguments. So why do viruses seem so controversial? Users, legitimate software developers, IT professionals and just about everybody else are basically on the same side of the fence. They don't like viruses. It's just a matter of how much ill sentiment each person feels. Is it just an inconvenience -- or a major problem?
The public at large doesn't really understand the motives behind......
[more] Spam's 'dirty dozen' exposed The United States, Canada, China, South Korea and the Netherlands are the top five birthplaces of spam worldwide, according to a new analysis by security software maker Sophos. In an analysis of junk e-mails received over two days in mid-February, the company created a list of the "dirty dozen" spam-producing countries.
Taking the undisputed helm on its list of spam-producing countries is the United States, which accounted for more than half of the world's unsoli......
[more] Automated kits fuel virus epidemic Virus creation kits blamed as new variants Netsky.D and Bagel.G appear The flood of variants of the Bagel and Netsky viruses shows that more and more people are learning more about viruses and how to tweak them.
Netsky.D and Bagel.G have been discovered today, and the rate of new variants shows no sign of slowing.
Netsky.D spreads via email as an executable attachment only. It scans both the local PC and network drives for email addresses to send itself to......
[more] Trojans rise in the virus war Net users are facing a Trojan wave as hackers seek ways into victims' bank accounts.
The war of the worms may have averted attention to the NetSky's, Bagles and MyDooms, but make no mistake, a recent surge of Trojans has its collective eyes on your bank account and personal information.
'There's no doubt that we are seeing an increase in interest amongst the malware writing community
in Trojan horses and hacking into remote computers. It is more and more commo......
[more] Trojans Send Confidential Information to Hacker Sophos Friday issued alerts for two Trojans, Troj/LDPinch-G and Troj/LDPinch-H, which send passwords and confidential information to a remote location and provides backdoor access to the computer.
When first run the Trojans move themselves to the Windows folder and add its pathname to the following registry entry, to run itself on startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\putil
The Trojans periodically attempts to sen......
[more] Zombie PCs must die! Comcast, the US cable giant, is threatening to disconnect customers whose infected PC are being used to relay spam messages.
Up to 30 per cent of spam is now spewing from hijacked "zombie" PCs. Spammers use Trojan horses and worms to take over PCs and use them as spam engines, a practice that can severely disrupt the operation of ISPs.
Recently, many Comcast customer IP addresses were recently blacklisted because of this spam-spewing zombies. The cableco has sent le......
[more] Cyber security seminar offers tips to keep computers safe Someone you don't know and probably will never meet could be watching you as you type on your computer.
He may know every key you strike.
Learning your computer-using habits. Studying every site you enter and word you type. Stealing your passwords. And maybe your money and identity.
In 2003, Floridians reported losing $25 million because they were victimized by some sort of security fraud, said Andrew Valentine, a cyber secur......
[more] ISP Gets Tough With 'Zombie' Customers Broadband provider Comcast is taking a tough new approach to targeting "spam zombies" -- those virus-infected, unwitting spam-sending computers among its broadband base.
The ISP is telling customers to get virus-scanning and firewall software loaded or risk losing their high-speed connection until the problem of virus infections on their computer is fixed.
In recent weeks, the cable broadband giant has been alerting surprised customers to the probl......
[more] Watch out: It's virus season again Like it or not, we're hot and heavy into the first active virus season of 2004, one that--if the past is any indication --should last until May, then resume again in early August. Despite the sheer number of medium-threat viruses on the loose this year, however--we've seen about 36 low- to medium-level threats so far since January 18, 2004--virus writers seem to be burning through their bag of new tricks with only limited success.
Indeed, none of the recen......
[more] Could NZ become a spam haven? New Zealand has rocketed to the third largest producer of spam in the region, according to anti-spam company Brightmail.
Spam claiming to originate from New Zealand accounts for 14% of the region's spam production, up from only 2% in January. The biggest offenders are China and Korea with 34% and 30% respectively. Japan is fourth with only 8%.
Brightmail, which provides anti-spam filters to both Telecom and TelstraClear in New Zealand, tracks email traffic t......
[more] The Deadly Duo: Spam and Viruses, March 2004 The volume of unwanted messages inched up another percentage point during March 2004, pushing the spam ratio to 63 percent. Of the 93 billion messages Brightmail's Probe Network filtered during the month, 58.6 billion were identified as spam. Unsolicited product-related messages continue to garner the largest piece of the spam pie, while scam messages experienced the biggest decrease.
Despite the mounting volume, consumers are becoming increasing......
[more] First Macintosh OS Virus Appears Security experts on Friday slammed security firm Intego for exaggerating the threat of what the company identified as the first Trojan for Mac OS X.
On Thursday, Intego issued a press release saying it had found OS X's first Trojan Horse, a piece of malware called MP3Concept or MP3Virus.Gen that appears to be an MP3 file. If double-clicked and launched in the Finder, the Trojan accesses certain system files, the company claimed.
While Intego said the Tro......
[more] New Phatbot worm may be on the loose A new variant of the Phatbot worm may be on the loose and attempting to attack SQL Server ports, according to a warning the SANS Institute issued Monday. Last month, Phatbot made the rounds, attacking Windows systems by acting as a Trojan horse. Phatbot would then link infected computers into an underground network for sending spam or launching other attacks. SANS is currently in the process of attempting to capture a full packet of data--or an executable fil......
[more] Cash Cow or Spam Sow? A marketing firm that offers people cash in exchange for letting their computers be commandeered to distribute bulk e-mails has come under fire from antispam activists, who say the program is just a cover for a high-tech spamming operation.
The program, operated by Sendmails Corp., offers members $5 for downloading and installing the company's VirtualMDA (mail delivery agent) software. The New Hampshire company promises to pay an additional $1 for every hour of computi......
[more] 'Osama' Spam Onslaught Leads to Trojan A persistent new spam campaign that purports to show recipients pictures of Osama bin Laden being captured is in fact a ruse that could lead victims to download a malicious Trojan.
The e-mails have been flooding inboxes all over the Internet since Thursday, carrying a subject line that reads: "Osama bin Laden Captured." The sending address is spoofed, and the messages often appear in tightly grouped batches of eight or 10 e-mails at a time. The text of......
[more] Sasser spawns children, headaches Variations appear on the Internet as rate of new infections begins to slow At least two new versions of a malicious computer worm that appeared late Friday were circulating on the Internet Monday, according to computer security experts and antivirus software companies.
New variations of the Sasser Internet worm, named Sasser.B and Sasser.C were identified by antivirus companies, just days after the first version of the new worm appeared. Despite the new vers......
[more] Sassar fix spreads worm Cure is worse than the illness Virus writers hoping to capitalise on the spread of the Sassar worm have hit on the cunning plan of disguising a less effective Trojan as its cure.
Anti-virus companies are reporting that an email offering a cure to the Sassar worm has been circulated around the net.
When people click on the link to download the fix they actually download the older Netsky-AC virus.
Virus experts believe that it is likely that the two viruses were wr......
[more] Companies taking computer virus attacks in their stride: security experts Computer virus attacks have become so common that companies are taking them in their stride.
Security experts that Channel NewsAsia spoke to say companies have accepted the fact that doing businesses on the Net will involve risks.
And they are willing to take those risks.
Once upon a time, computer viruses needed a user to activate them, by opening infected attachments in the email.
Now, they are getting smart......
[more] Child porn case highlights browser hijack risks Browser hijacking programs can redirect users to pornographic websites. But could these malicious programs also lead to false accusations of possession of child pornography?
Malware such as CoolWebSearch (AKA CWS) can change browser start-up and search pages and generate pop-up pages - often punting illegal pornographic websites - on infected PCs. The program exploits IE vulnerabilities to slither onto unpatched PCs. Users would normally have......
[more] SurfControl Says 'Brand Spoofing' Spams Up Nearly 500 Percent Since January 'Brand spoof' spam scams increased nearly 500 percent since January, and by 51 times since May 2003, SurfControl, the world's number one Web and e-mail filtering company, reported today. The company also warned individuals and companies to beware of a new dirty trick employed by brand spoof spammers -- a fake address bar that appears in an e-mail recipients' Web browser -- that makes
these e-mail scams look even more......
[more] Phatbot suspect released on bail The suspected author of the Phatbot Trojan was released on bail last Friday after spending a week in custody. German authorities arrested the 21-year-old coder - named only as Alex G in local reports - from Waldshut in southern Germany on 7 May at the same time as the author of the Sasser worm, 18 year-old Sven Jaschan. Police said the two operations were co-ordinated but unrelated.
Emails from the suspect showed he wanted to leave Germany to avoid military......
[more] Virus Suspects Arrested in Taiwan, Canada The latest spate of malware-related arrests continued this week with men apprehended by local authorities in Taiwan and Canada on suspicion of creating the Peep Trojan program and the Randex series of email worms.
The Associated Press reported that a 30-year-old Taiwanese computer programmer has been charged with vandalizing public and corporate property, and could face up to five years in jail if convicted.
He stands accused of creating Peep an......
[more] Trojan Virus Author Busted for Making a Peep Taiwan authorities have arrested a computer engineer for authoring the Peep Trojan virus. Thirty-year-old Wang Ping-an is suspected of creating the data-stealing program, unsuccessfully trying to sell it, and then posting it on hackers' Web sites for free. Score another one for global cybercrime law enforcement: Authorities in Taiwan have arrested a computer engineer accused of creating the Peep Trojan.
Taiwan's Internet crime investigation task......
[more] Spam Gets Dangerous What isn't getting blocked is turning vicious, warn security experts at e-mail conference. ISPs and spam filters are blocking record amounts of unsolicited messages, but this electronic nuisance is hardly on the decline--and it's getting nastier. Security experts report a growing link between spam and viruses, according to e-mail vendors and analysts at the inaugural INBOX: The Email Event conference here this week.
"You can't separate spam and viruses anymore," said Mark......
[more] Zombie PCs spew out 80% of spam Four-fifths of spam now emanates from computers contaminated with Trojan horse infections, according to a study by network management firm Sandvine out this week. Trojans and worms with backdoor components such as Migmaf and SoBig have turned infected Windows PCs into drones in vast networks of compromised zombie PCs.
Sandvine reckons junk mails created and routed by "spam Trojans" are clogging ISP mail servers, forcing unplanned network upgrades and stoking......
[more] Microsoft's anti-spam plan 'hijacked by zombies' Microsoft's plan to reduce spam by forcing an email sender's machine to solve a puzzle may be defeated by the Internet's army of zombie PCs, say security experts One of Microsoft's plans to fight the spam epidemic is unlikely to adversely affect spammers or reduce the quantity of spam, according to security experts.
Microsoft's chairman Bill Gates has been calling for the IT industry to work together and eradicate the spam problem. About six m......
[more] Virus writers deploy bulk mail software Hackers have used spamming software to distribute thousands of copies of a new Trojan. Email filtering firm MessageLabs alone has intercepted more than 4,000 copies of the Demonize-T Trojan over the last 24 hours.
Demonize-T is a multi-stage Trojan that uses an object data exploit in Internet Explorer (patch here) to download and execute an encoded visual basic script from a website. The Trojan then creates an executable file which appears to download......
[more] Another Trojan on the attack A new password-stealing worm that uses social-engineering tactics has been intercepted by antivirus firms Antivirus companies said they intercepted several copies of a new password-stealing Trojan over the weekend.
The new spammed multi-stage Trojan downloader uses an exploit to download and execute an encoded visual basic script from a Web site. The Trojan then creates an executable file which appears to download a malicious program from the same Web site as the......
[more] IE flaws open back door to adware A toolbar that triggers pop-up ads is being planted on victims' PCs through two new security holes in Internet Explorer An adware purveyor has apparently used two previously unknown security flaws in Microsoft's Internet Explorer browser to install a toolbar on victims' computers that triggers pop-up ads, researchers said this week.
One flaw lets an attacker run a program on a victim's machine, while the other enables malicious code to "cross zones," or run......
[more] Aladdin enhances anti-spyware, identity protection features of security utility. Aladdin Systems is updating its Internet Cleanup for Windows, enhancing its security features to fight pop-ups, spyware, and identity theft.
Internet Cleanup 4.0 is priced at $29.99 and is available immediately from Aladdin Systems. For a limited time, current users of Internet Cleanup 3.0 will be able to upgrade for $19.99. The upgrade and full version both include a one-year subscription to data updates for t......
[more] Backdoor program gets backdoored The author of a free Trojan horse program favored by amateur computer intruders found himself with some explaining to do to the underground last month, after his users discovered he'd slipped a secret backdoor password into his popular malware, potentially allowing him to re-hack compromised hosts.
The program in question is Optix Pro (Backdoor.OptixPro.12), a full-featured backdoor that allows an intruder to easily control a compromised Windows machine remo......
[more] Web outage blamed on zombies Akamai has blamed a 'bot net' of zombified PCs for the Internet downtime that affected sites such as Yahoo this week The attack that blacked out Google, Yahoo and other major Web sites earlier this week involved the use of a "bot net" -- a large network of zombified home PCs -- Internet infrastructure provider Akamai Technologies said Wednesday.
The attack, which blocked nearly all access to Apple Computer, Google, Microsoft and Yahoo's Web sites for two hours on......
[more] Hacker hits Korean defence A hacker has broken into computers at sensitive South Korean research institutes and government agencies.
The National Cyber Security Centre (NCSC) said the hacker had broken into computers at the Agency for Defence Development, which develops weapons, the Korea Atomic Energy Research Institute, the Korea Institute for Defence Analysis and three other government agencies.
"NCSC recently found some PCs at state agencies have been contaminated by a variation of......
[more] Outlook's security compromised by spammers Spammers have found a way to bypass Outlook 2003's anti-spam security by embedding images into their emails Spammers who send pornographic pictures in the hope of enticing the recipient to signing up to an adult Web site have discovered a way to bypass Outlook 2003's security features, which are designed to stop potentially offensive content being automatically displayed in the preview window.
The latest version of Microsoft's Outlook was built with......
[more] Web site virus attack blunted Web surfers are no longer playing Russian roulette each time they visit a Web site, security researchers say, now that a far-reaching Internet attack has been disarmed. The attack, which had turned some Web sites into points of digital infection, was nipped in the bud Friday, when Internet engineers managed to shut down a Russian server that had been the source of malicious code. Compromised Web sites are still attempting to infect Web surfers' PCs by referring the......
[more] Bagle author releases 'dangerous' assembler code Two new Bagle worm variants and the worm's original assembler source code were spreading around the Internet on Sunday - a dangerous development, according to security experts The author of Bagle started distributing two new variants and the mass-mailing worm's source code on Sunday, which could trigger another summer of misery for Windows users
The Bagle worm first appeared in January as an email attachment and within months there were more th......
[more] Password-stealing Trojan cut off at source A malicious program that tried to steal banking passwords has been stopped, says Symantec An attempt to pinch user information from banking sites using a malicious pop-up program has been nipped in the bud, says Symantec.
Last week, security experts uncovered a Trojan horse -- dubbed PWSteal.Refest by the security software maker -- which installs itself through a pop-up advertisement when users logged onto the Web sites of any one of nearly 50 targete......
[more] Reheated Bagle comes with side of source code The author of mass-mailing worm Bagle began distributing its source code and two new variants on Sunday, which could trigger another summer of misery for Windows users. The Bagle worm first appeared in January as an e-mail attachment. Within months, there were more than 25 variants.
Infected PCs download a Trojan that effectively enlists that computer into the worm author's army of zombie PCs, which can be used to distribute spam and other malwa......
[more] Web servers still doling out Scob code No high-profile sites are affected More than 100 Web servers are still distributing the "Scob" malicious code, first identified two weeks ago as code used in a widespread attack to plant Trojan horse programs on vulnerable computers, according to one computer security company. That attack used compromised Microsoft Corp. Internet Information Services (IIS) Web servers to distribute the Trojan horse programs.
Enterprise security software maker Websense In......
[more] Spam reveals its darker side Spam is subtly shifting from nuisance to illegality, says a new report from security firm Clearswift. It has been measuring spam for the past year and has noticed a change in what is cluttering people's inboxes.
It seems spam is a hotbed of financial scams as well as a black market for fake pharmaceuticals and software.
"Spam is now being used as a channel for a plethora of malicious and illegal activity," said Clearswift's technical director, Alyn Hockey.
In......
[more] Re-invigorated Bagle virus springs to life again A fresh version of Bagle has been seen in the wild. The new version, the Bagle.af or the Bagle.ab, depending on who you talk to, does the usual bagley things to compromise PCs and relay spam.
But this edition comes with a UPX file compressor and uses various subject lines and attached files to spread via e-mail. It also attempts to spread via shared network files.
It has a go at switching off 250 different security apps that may be ru......
[more] Osama 'death' pics hide Trojan threat Hackers prey on surfers' morbid curiosity to deliver Hackarmy malware Internet users have been warned that messages about the 'suicide' of Osama Bin Laden posted on internet message boards and usenet groups are hoaxes masking an attack on their computer.
The messages attempt to persuade readers to download a file which contains the Hackarmy Trojan.
The infection allows hackers to gain control of a computer remotely, and lurks in a file posing as photograph......
[more] Schwarzenegger virus terminated Virus writers have moved on from using Osama bin Laden's "suicide" as a lure to trying the same trick with Arnold Schwarzenegger.
Last Friday VXers seeded multiple Usenet groups with messages saying Osama bin had killed himself, pointing users towards "photographs" illustrating the momentous news. In reality these images offered only the Hackarmy Trojan. The Trojan has been around for some months and the Usenet trick gives the aging malware a second lease of lif......
[more] Sophos Reports Bin Laden Suicide Virus Hoax Virus experts at security software company Sophos, Inc. on Friday reported that thousands of virus-laden messages have been posted on newsgroups and message boards purporting to give access to pictures of terrorist leader Osama Bin Laden's dead body.
The message claims that CNN reporters found Bin Laden's hanged body some time ago, but that the pictures had been suppressed while the U.S. government officially identifies the body and verifies his deat......
[more] MyDoom Attacks Microsoft.com Through Back Door As many security researchers feared after analyzing the code for MyDoom.O, a second, related attack began in earnest Tuesday with a new piece of code using the back door installed by MyDoom.O to spread itself and launch a DDoS (distributed denial of service) attack against Microsoft.com.
MyDoom.O, also known as MyDoom.M or MyDoom.M@mm, installs a Trojan known as Zincite.A on every PC that it infects. The Trojan opens TCP port 1034 and listens for......
[more] PDA Viruses Could Get Nasty Pests could easily run undetected on handhelds and spread quickly online, security expert warns. Viruses that target handhelds can be even more dangerous than their cousins that attack PCs, spawning self-replicating programs that hide easily, a security researcher told an audience of security professionals at the Black Hat Briefings conference here this week.
The first virus aimed at Pocket PC handhelds, revealed last week, could be far worse if it were modified slig......
[more] Net virus posing as Berg video A virus purporting to show video of Nick Berg alive has been released on the internet, warn security experts The virus is in a message post to tens of thousands of newsgroups, said anti-virus firm Sophos.
It is the same one that posed as a suicide note from Arnold Schwarzenegger and as images claiming to show that Osama Bin Laden had killed himself.
Computer owners are advised to ensure their anti-virus software is up-to-date and avoid opening unknown messages.......
[more] Pupils bear spam e-mail overload The majority of e-mail messages being sent to school children in London are spam. The first week of a project to filter the e-mails travelling across the London Grid for Learning has revealed that 75% of the messages are junk.
The most popular subjects for the spam were the drugs Viagra and Valium. Much of the remaining mail was pornographic.
The network provides more than a million school children access to net-based learning aids.
Drugs and porn
The London......
[more] Police warn on key-logging spam Trojan 'Swiss Army knife' of online fraud, says Hi-Tech Crime Unit Police are warning about fake email invoices being used by cyber-criminals to steal online banking details and other information from unsuspecting internet users.
Cyber-criminals are attempting to trick users by sending spam emails that look like invoices, the National Hi-Tech Crime Unit (NHTCU) has warned.
The emails contain details of a fictitious order for web hosting or computer goods and tha......
[more] IT managers warned of summer of spam Seasonal spam trends see dramatic increase in porn junk mail over summer months IT managers must be on their guard following a sharp rise in pornographic and healthcare-related spam, security firm Clearswift has warned.
According to the company, pornographic spam has leapt by almost 350 per cent since June, while there has also been a significant rise in healthcare spam.
Clearswift observed that spam content tends to change seasonally, with this summer's up......
[more] New Mydoom virus is not a pretty picture Latest variant poses as collection of humorous photos Security experts are warning internet users to update their antivirus systems to protect against yet another version of the Mydoom worm.
W32/Mydoom.s@MM, also known as Mydoom.s, has emerged as a new variant of the mass-mailing worm, and comes in the form of the .exe attachment, 'photos_arc.exe'.
McAfee's Avert antivirus team warned that it has received "well over 100 reports" of the virus within a th......
[more] New Download.Ject Attack Hits IM Networks The Download.Ject malware attack has resurfaced, using the popular AIM and ICQ instant messaging networks to spread itself.
According to an alert from PivX Labs, the worm targets several known flaws in Microsoft's Internet Explorer (IE) browser to redirect compromised machines to Web sites displaying adult advertisement and referral links.
PivX Labs described the latest attack as a variant of the Download.Ject attack, which hijacked a large number of......
[more] Virus alert: Rbot sets your webcam to spy on you Password-stealing, DDoS-launching virus sends footage of your home to virus writer A new worm has been discovered in the wild that's not just settling for invading users' PCs - it wants to invade their homes too.
The Rbot-GR virus follows a fairly traditional malware route of exploiting Microsoft security vulnerabilities and installing a Trojan horse on infected machines. However, the worm also spies on users by taking control of their webcam and......
[more] Russian spyware hits online banks Online customers of eight banks were yesterday warned to beware of a sophisticated scam being used to hack into their accounts. Those who do their internet banking with Abbey, Barclays, Cahoot, HSBC, Lloyds, Natwest, Nationwide and the Woolwich are being targeted by malicious software that steals their access codes.
Russian criminals are attempting to divert funds from British accounts by infecting computers with Tofger-BG, a "trojan program" that secretly reco......
[more] Trojan horse exploits image flaw Internet watchers say they've spotted infected images that could implant a back door into a Windows computer if they are viewed. EasyNews, a provider of Usenet newsgroups, said it has identified two JPEG images that take advantage of a previously identified flaw in the way Microsoft software handles graphics files. Windows users could have their computers infected merely by opening one of those Trojan horse images.
The report of the widely expected exploit com......
[more] Trojans with a Twist Trojans are a bad enough problem since they might allow remote access to a user's computer. One would think that having a firewall in place prevents a Trojan from opening backdoors in case of infection. But with Windows Firewall and the Win32.Surila.K Trojan that simply isn't always the case.
The reason is two-fold. The first reason is that while Windows Firewall is a decent effort on Microsoft's part to offer users a built-in firewall, many people consider the firewall to......
[more] Webroot: Spyware is Windows-only Spyware, those annoying programs that snoop on a user's actions, remain a Windows-only phenomenon. Prominent anti-spyware developer Webroot says it has yet to detect a single Apple or Linux spyware app. In comparison, Webroot's Spy Sweeper software protects against 15,000 Windows threats.
Although Apple and Linux server worms (such as Lion) have been detected, their population is dwarfed by the proliferation of Windows-specific worms, viruses and Trojans. The m......
[more] Trojan alert: 'David Beckham' recruits zombies In the latest example of hackers using social engineering techniques, a malicious message that claims to contain pictures of David Beckham in a compromising position has hit the Internet A new attempt to entice users to fall victim to a Trojan horse has been discovered by antivirus firm Sophos, after it was posted on a swathe of Internet news groups over the weekend.
The message claims to contain pictures of English footballer David Beckham caught......
[more] Spyware levels off over the last three months Spyware is still a menace but the number of these invasive applications has levelled off over the last three months From January through September of this year, 83.4 million instances of spyware - or 26 per PC - were discovered by software maker Webroot and ISP EarthLink
While the amount of spyware doubled from the first to second quarter of 2004, the third-quarter figures remained just about flat, according to Webroot and EarthLink.
Looking at t......
[more] Trojan hides behind 'Michael Jackson home video' Wacko Jacko joins Britney and Beckham in social engineering hall of fame Hackers are pointing users to a phoney video of Michael Jackson to coax them into downloading a Trojan horse.
he movie, which hackers posted links to on newsgroups, supposedly displays Jackson performing "un-natural acts" with a boy, reported antivirus firm Sophos.
But instead the link opens a website that automatically downloads a Trojan horse called hackarmy, which allow......
[more] Apple Has a Virus? Congratulations! Hackers wouldn't bother writing malicious code to infect the Macintosh unless those computers actually mattered.Weird things are happening these days. The Red Sox win the World Series (in four games, yet!)—and a virus hits the Macintosh. It’s hard to say which is the stranger event. Weird things are happening these days. The Red Sox win the World Series (in four games, yet!)—and a virus hits the Macintosh. It’s hard to say which is the stranger event.
The Ap......
[more] Virus report points to profit-hungry hackers Malicious software cases rose 22 percent in October, with Trojan horses accounting for nearly half, according to a newly released report by security company Trend Micro's TrendLabs. Those results further validate a growing concern in the security industry that hackers are more interested in turning a profit than gaining fame. Trojan horses can be used to dupe computer users into running a bot program, which in turn can help launch denial of service a......
[more] Trojan infects PCs to generate SMS spam A Trojan which uses infected PCs to send spam messages to mobile phone users has been discovered.
Delf-HA Trojan horse sends spam SMS messages by using the free "Send a text message" facility found on the websites of several Russian mobile network operators.
Infected PCs download instructions on the content of junk SMS messages from a separate website. Only a small number of instances of the Trojan horse have been sighted so far, and the junk message it......
[more] Why messaging needs controls Only the most ostrich-like businesses can continue to ignore instant messaging According to analyst firm Meta Group, more than half of people who use instant messaging (IM) tools at work use them for non-work reasons. Yup, Meta found that 57 percent of respondents used IM at work for social reasons, while 56 percent use it at home for business reasons.
Straightaway, I interrupted the conversation with my friends over IM to see whether they agreed. After much debate......
[more] Hacker evidence admissible in court? It could soon be in New Zealand. New Zealand is considering making evidence gathered by a hacker admissible as evidence in court, raising the spectre of vigilante hackers.
A bill to be introduced to New Zealand's Parliament early next year will clarify the legal status of evidence of an offence gained by hacking, as well as other evidence collected through illegal acts.
Evidence of electronic or any other crime gathered by a hacker illegally intruding into......
[more] Corporate computers plagued by spyware Corporate desktops pack almost as much spying software as do consumers' machines, according to a US anti-spyware vendor.
Spyware -- the umbrella term given to software that installs and operates without the user's knowledge -- collects data such as surfing habits, or, more maliciously, records keystrokes in the hope of snagging account passwords.
Webroot tallied the results from enterprises scanning networks for spyware with its SpyAudit tool to produce......
[more] Sophos declares Netsky-P worst virus of 2004 Netsky-P tops the list of the worst virus outbreaks in 2004--a year marked with nearly a 52 percent increase in new viruses, according to a report released Wednesday by security software maker Sophos. Netsky-P represented 22.6 percent of all virus incidents reported to Sophos, the company said. Netsky-P was first spotted in March; it's one of more than 30 variants of the original Netsky mass-mailing worm, which debuted in February.
"It is simply sho......
[more] Trojan program poses as anti-spam screensaver A program that spies on keystrokes and mouse clicks to capture passwords and other personal information from computer users has begun circulating disguised as a screensaver purporting to attack spam-related websites.
This “Trojan horse” program is the latest twist in a controversial saga that began with the release of an anti-spam screensaver by Lycos Europe on 30 November. The www.makelovenotspam.com screensaver aimed to clog up the bandwidth of s......
[more] Desktop search tools a virus writers' best friend Companies should not deploy a desktop search tool without first considering the security implications because they could end up helping virus writers, say security experts. Desktop search tools, such as those recently announced by Google, Microsoft and Yahoo, are designed to make it easier for users to find information stored on their hard drives. However, security experts are warning that virus writers could use the new tools to make their malw......
[more] 2004 was good and bad for IT security Experts agree: 2004 was the best of times, and the worst of times for those concerned about IT security. It was a year with high-profile arrests of virus authors, and the explosion of online crimes, from cyberextortion to identity theft, a year in which ISPs (Internet service providers) won millions in damages from spammers, and spam messages increased by 40 percent.
In hindsight, 2004 may be looked back upon as the year that a long tradition of hobbyist......
[more] Teenage British Trojan distributor escapes jail A 16 year-old Briton was convicted last week for releasing the Randex trojan, which was used to relay spam through infected PCs.
The teenager had his six-month sentence suspended on probation by the South Cheshire juvenile court in Crewe. He belonged to a group of juveniles from the US and Canada, which offered spammers access to a botnet of compromised PCs in change for money. Because all suspects are juvenile, none will have to serve a prison s......
[more] New Worm Spreads Via Google Santy.A infects servers that host online bulletin boards Antivirus companies are warning Internet users about a fast-spreading new worm that infects Web servers running a popular package of online bulletin board software, and uses the Google search engine to find vulnerable servers to infect.
The worm, dubbed Santy.A, uses a vulnerability in a popular free software package called phpBB to spread across the Internet, infecting computer servers that host online bulleti......
[more] Cyber Criminals Prove Elusive It was a great year for catching cyber criminals, but the culprits behind some of the most damaging software viruses of 2004 are proving adept at eluding authorities, security experts say.
Tracking virus writers -- and more importantly, gathering evidence against them -- is a thorny problem for law enforcement agencies worldwide. While the number of arrests made and sentences handed down make 2004 the best year yet for catching cyber criminals, it won't have a no......
[more] Netsky Takes The Biggest Worm Of 2004 Award Although getting anti-virus vendors to agree is like getting Bill O'Reilly and Michael Moore to share a cab, it seems Netsky has the dubious honor of taking the top spot of most 2004 threat rankings.
According to Helsinki-based security firm F-Secure, Netsky.p, a variation that debuted in March 2004, was the most common piece of malicious code in the wild, accounting for nearly one in four (24.3 percent) viruses or worms. Four other Netsky variants m......
[more] Trojan slips through XP's back door 'Phel' takes advantage of 'Help' flaw - geddit? Online miscreants have released a Trojan horse that can infect computers running Microsoft's Windows XP, installing programs to remotely control a victim's system.
Symantec warned in an advisory this week that the program - dubbed "Phel", an anagram of "Help" - infects visitors to a maliciously created website through Internet Explorer's Help controls. A bug in the malicious program may prevent it from infecting......
[more] Microsoft move sends shivers through antivirus market It released antispyware and virus-removal tools yesterday The stocks of major antivirus software vendors traded lower after Microsoft Corp. yesterday announced the release of beta antispyware technology it bought in December and said it would begin giving away an improved tool to remove worms and viruses from its customers' computers.
Symantec Corp.'s share price was down by more than 6% yesterday, and rival McAfee Inc.'s shares fell by abou......
[more] Trojan WMVs download a dictionary of spyware Microsoft's rights management technology is already being sussed out by hackers, and the result is a pair of wmv files that instead of downloading licences to validate them, download a dictionary of spyware. PandaLabs says it has picked up copies of WmvDownloader.A and WmvDownloader.B. The files are in fact Trojan viruses and, with their .wmv file format, will trigger Windows Media Player into thinking they are the Windows Media video format.
If a u......
[more] MyDoom mutant promises porn passwords A newly intercepted mutant of the MyDoom virus is spreading by promising access to password protected pornographic websites.
Once running the worm harvests email addresses from the infected machine and sends itself on using its own SMTP engine. It will also attempt to spread using peer-to-peer services like Kazaa.
The mutant leaves a Trojan program that will allow compromised computers to be controlled remotely by hackers.
"Like previous MyDooms, the lat......
[more] Hacker threat to Apple's iTunes Users of Apple's music jukebox iTunes need to update the software to avoid a potential security threat. Hackers can build malicious playlist files which could crash the program and let them seize control of the computer by inserting Trojan code.
A new version of iTunes is now available from the Apple website which solves the problem. Security firm iDefence, which notified users of the problem, recommended that users upgrade to iTunes version 4.7.1.
The problem......
[more] MyDoom: The virus that changed the world It's been exactly one year since the launch of the MyDoom virus that dominated many of 2004's security headlines and proved a dramatic milestone in the history of virus writing.
For many, MyDoom marked the dawning of an age of financially motivated attacks. The image of disaffected teens writing code in their bedroom was no more and the motivation appeared to have changed from 15 minutes of notoriety to a more prolonged and premeditated campaign to ext......
[more] First phishing conviction across the Channel Student made off with €20,000 A student has become the first person to be convicted in France for phishing fraud. The man has received a one-year suspended prison sentence with €8,500 damages and charges.
The sentence, which was passed at a court in Strasbourg on 2 September 2004, has only been made public this week, after the time in which the man could have appealed had expired.
The FDI or le Forum des droits sur l'internet - the Internet Rights......
[more] Spammers 'tricking ISPs' into sending junk mail A massive spam spike is predicted, and one expert says that 'it's the beginning of the email meltdown' Spam levels are about to skyrocket, according to experts who warned this week that spammers have developed a new way of delivering their wares.
According to SpamHaus -- an anti-spam organisation which compiles blacklists blocking eight billion messages a day -- a new piece of malware has been created that takes over a PC and then uses it to send......
[more] Spam plateaus - but worse times to come? The reports of spam's death have been greatly exaggerated... The level of spam hitting users' inboxes has reached a plateau, showing little increase in recent months, leading some in the industry and the media to predict we may be on the verge of a meaningful decline in volumes of unsolicited mail.
But any celebration is misguided and more than a little premature according to those working at the coal face, with one anti-spam expert warning it could eve......
[more] Trojan attacks Microsoft's anti-spyware Virus writers have created a malicious program that can disable Microsoft's new anti-spyware application, security experts warned on Wednesday. Antivirus experts, who are calling the Trojan "Bankash-A," say it is the first piece of malicious software to attack Windows AntiSpyware, which is still in beta.
"This appears to be the first attempt yet by any piece of malware to disable Microsoft AntiSpyware," Graham Cluley, a senior technology consultant at So......
[more] Avoid the Valentine virus onslaught Lovelorn surfers need to be on their guard over the next few days as virus authors turn romantic in an attempt to infect computers.
According to anti-virus experts, Valentine's Day is a subject most often used by the creators of nasty email viruses to wreak havoc and infiltrate Inboxes.
As Valentine's Day approaches – Monday 14 - Sophos has already discovered two new viruses that bring loving greetings via email attachments and peer-to-peer networks.
The......
[more] Microsoft Pulls Trigger Early on IE7 Microsoft could not have known that cyber vandalism would grow out of control. Still, many security professionals do not consider version 6 of Explorer to be very robust. It is that sentiment that has given Firefox an extra push into the marketplace and one reason Microsoft has to launch Explorer 7 early. Microsoft Chairman Bill Gates said his company would bring its latest edition of the Explorer browser to market earlier than planned. Explorer got a black e......
[more] Bagle virus fools corporate filters with a picture file The latest Bagle variant attempts to download malicious executable files that are disguised as photographs in order to fool corporate filtering applications. The latest Bagle variant, which was first spotted on Tuesday and dubbed BagleDl-L, attacks security applications and drops a Trojan horse on the infected system that attempts to connect with a number of Web sites. According to antivirus firm F-Secure, these Web sites currently contain......
[more] Worm Chatter Escalates on MSN Messenger Anti-virus vendors report an increased chatter of virus activity on Microsoft Corp.'s Microsoft Network messenger Sunday night through Monday. In what appears to be a concentrated attack on users of the MSN instant messaging client, security experts warn that several new worms with unique replication techniques have been launched alongside mutants of the known Bropia virus family.
"We are regularly adding detection for new Bropia worm variants," F-Secure......
[more] Global virus epidemics run out of steam But every silver lining has a cloud There has been a substantial reduction in the number of global computer virus epidemics, with the 38 serious outbreaks that occurred in the first half of 2004 falling to just two since last June.
Eugene Kaspersky, technical director at antivirus firm Kaspersky Lab, which compiled the figures, said: "On the good side we have seen police arresting more hackers - over 100 in the past year - and in some cases they have been......
[more] Virus writing: It's a thieves' game The majority of today's malware is written to steal money, Symantec claimed on Monday More than half of all malware on the Internet is an attempt to steal money from unwitting victims, a study published on Monday has found.
According to Symantec's Internet Security Threat Report, 54 percent of the 50 most common worms and viruses sent between July and December last year were written to steal money and identities from people. This compares to 44 percent for th......
[more] Spam is popular, claims survey Junk e-mails boost shopping - apparentl. A new survey claims that more than 10 percent of e-mail users have purchased products advertised in spam.
The preliminary report from Mirapoint and the Radicati Group, suggests that it is the very success of spam in tempting users that is now driving the massive rise in the phenomenon.
Common estimates of product spam success rates are usually much lower - the figure quoted the most often is 0.00036 percent - so the new f......
[more] Symantec details flaws in its antivirus software Symantec has reported glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications. In a notice posted on its Web site this week, Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works. The flaws, which could lead to computers crashing or slowing severely if......
[more] UK citizens confused by security terminology Many Internet users in the UK don't understand words like phishing, Trojan and spam, which could make them more likely to fall victim to cybercrime Many people in the UK don't understand terms commonly used for Internet scams and hacking attacks, a study suggests.
A survey conducted by Populus and entitled "Do you speak geek?" revealed that words, such as phishing, rogue dialler, Trojan and spyware were often a mystery to 1,000 people questioned, of......
[more] Web Postcards Hide Trojan Horse Programs Instead of friendly greetings, malicious software installs on your PC. Beware of Web postcards bearing greetings. That's the advice from the SANS Institute's Internet Storm Center, which is warning about e-mail messages that pose as Web postcards and then direct recipients to a Web site that installs a Trojan horse program.
The new attacks use sophisticated social-engineering techniques to trick users into installing Trojan horse remote-access programs......
[more] Antivirus firm warns of Microsoft security Trojan horse Malicious hackers uses same tactics as phishers A new campaign by malicious hackers uses a Web site designed to look like Microsoft Corp.'s Windows update page to trick unwitting Internet users into infecting their computers with a Trojan horse remote-access program, according to antivirus experts at Sophos PLC. The scam uses e-mail messages that appear to come from Microsoft to get recipients to visit a Web page that uploads the malicious......
[more] E-mail scam directs users to bogus Windows update An e-mail scam making its way around the Internet purports to be a message from Microsoft warning users of the Windows operating system that they need to download a security update -- only to leave their PC infected.
Once users link from the e-mail to a bogus Web site their computers will be infected by a "Trojan horse'' program that allows hackers to control their personal computers, anti-virus software maker Sophos said Friday.
The campaign......
[more] Save us from spam The majority of UK consumers and small businesses are yet to deploy anti-spam filters. A poll of UK residential email users and SMEs published Monday found 57 per cent have no anti-spam filtering installed, leaving them unprotected from spam, key logging and phishing attacks. Four in five consumers (82 per cent) have anti-virus protection, predominantly desktop scanners.
Most consumers (60 per cent) polled in the survey from email filtering outfit Checkbridge reckon that thei......
[more] Webcam hacker arrested for spying on teen A 45-year-old Cypriot man has been arrested on suspicion of hacking into the computer of a teenage girl and spying on her via the computer's webcam. It was alleged that the man used the webcam to take illicit pictures of the girl. The man, who has not been named, is alleged to have gained access to her webcam after infecting her PC with a trojan that the man sent in an infected email.
According to police reports, the man, a computer technician from Ni......
[more] Blog at your own risk Blogs are getting popular with hackers too, so be careful whose blog you wander into Blog authors open up their lives to you on their web logs. But surf to the wrong blog, and you could be opening up your computer to a hacker.
A recent report by web security firm Websense warned that hackers are now using blog sites as gateways into computers of surfers who are tricked into clicking on a link to them.
These hacker-maintained websites contain malicious codes, such as Troja......
[more] Scheme preys on people who mistype 'Google.com' Security researchers have discovered an attack aimed at would-be visitors to Google.com, one that attempts to download malicious programs onto the computers of people who simply mistype the search giant's Web address. According to security specialist F-Secure, unsuspecting Web surfers may be bombarded with various types of Trojan horse threats, spyware and backdoors when they go to "Googkle.com." The scheme is meant to take advantage of sloppy or......
[more] Top ten viruses and hoaxes reported to Sophos in April 2005 Sophos, a world leader in protecting businesses against spam and viruses, has published a report revealing the top ten viruses and hoaxes causing problems for businesses around the world during the month of April 2005.
The report, compiled from Sophos's global network of monitoring stations, shows that Zafi-D, which first appeared at the end of 2004, continues its reign at the top of the list for the fifth month running, accounting fo......
[more] Blair spam rides on back of election frenzy Spammers have tapped into British election fever by sending out an email claiming that Tony Blair's email account has been hacked. The email contains a trojan, luring the unwary into downloading its malicious code.
The email claims that screenshots are available of the hacked account allowing curious users to see what Tony Blair really says about his cabinet. Of course, it's just a ruse to download a virus.
"Clicking on the link takes users to a web......
[more] Virus writers claim Blair's email account was hacked The Prime Minister's email account is the subject of a spam scam that can infect computers with Trojan horses. Don't fall for it Cybercriminals claimed on Friday that the Prime Minister's email account has been hacked, in the latest attempt to attack PCs with malware.
On the same day Tony Blair won a third term in government, a spam message was sent out stating that malicious hackers had penetrated his email account.
The email contains a l......
[more] Firefox loses its shine The Mozilla Foundation's Firefox web browser has made security a major part of its marketing, but a spate of vulnerabilities found over the last nine months had sullied that message.
In the latest incident, a 16-year-old security researcher - who asked only to be identified by his first name, Paul - found three vulnerabilities in the Firefox browser that together could be exploited to run arbitrary code. The incident is the latest black eye for the open-source software......
[more] Save us from spam The majority of UK consumers and small businesses are yet to deploy anti-spam filters. A poll of UK residential email users and SMEs published Monday found 57 per cent have no anti-spam filtering installed, leaving them unprotected from spam, key logging and phishing attacks. Four in five consumers (82 per cent) have anti-virus protection, predominantly desktop scanners.
Most consumers (60 per cent) polled in the survey from email filtering outfit Checkbridge reckon that thei......
[more] Yahoo! phishing attack targets Star Wars fans Hackers are exploiting interest in the new Star Wars film to harvest Yahoo! login credentials.
The attack is initiated when a user clicks on a malicious link (yahoopremium.bravehost.com/STAR_GAMES) sent to them from a user on their buddy list. Once at the website, the user is encouraged to enter their Yahoo credentials.
Upon activation, a Trojan collects Yahoo! credentials and then sends messages out to a user's buddy list whether the IM client is......
[more] Israeli Police Uncover Massive, Trojan Horse-Based Industrial Spy Ring Spyware aided theft of "tens of thousands" of major business documents from Israeli companies. Israeli police have uncovered a massive industrial spy ring that allegedly used Trojan horse software to snoop into some of the country's leading companies.
The case will have major implications for the business community in Israel--and possibly beyond--as all the companies accused of having used the software are themselves leading......
[more] Are Virus Writers Creating a Super Worm? Recent rash of Mytob worm variants has some security experts concerned. Virus writers responsible for the recent rash of Mytob worm variants could be working on creating a super worm, a security researcher warns.
The "HellBot" group behind the Mytob worms write programming instructions in their code that mirror the way developers work, says Sophos Security Consultant Carole Theriault.
"The only conclusion we can come up with is that they are working on......
[more] Michael Jackson suicide spam leads to trojan horse, reports Sophos Experts at SophosLabs, Sophos's global network of virus and spam analysis centres, have warned of a spam campaign that claims that Michael Jackson has attempted suicide in an attempt to lure innocent computer users into being infected by a Trojan horse. The email claims that Michael Jackson has attempted to commit suicide. But clicking on the link will cause infection.
Sophos has identified hundreds of the spam messages being......
[more] New Symbian malware pretending to be F-Secure Anti-Virus F-Secure reported that they received a sample of new Symbian trojan Skulls.L that pretends to be a pirate copied version of F-Secure Mobile Anti-Virus. Skulls.L is a minor modification of Skulls.C trojan, about the only differences are that Skulls.L is named the same as F-Secure Mobile Anti-Virus installation package, and that the trojan shows dialog text "F-Secure Antivirus protect you against the virus. And don`t forget to update this!"......
[more] U.K. government is target of e-mail attacks NISCC warns of increasingly sophisticated attempts to steal sensitive information Critical infrastructure providers in the U.K. are being targeted in Trojan e-mail attacks designed to steal sensitive information such as passwords and documents, a national infrastructure security agency warned Thursday.
Tailored attacks against U.K. government departments, businesses, and other organizations have been occurring for a significant period of time and hav......
[more] Weak security makes HK top hacker target Hong Kong's unsuspecting broadband Internet users are the most vulnerable on the planet to attacks by so-called ''zombie'' computers, according to a report by a British Internet security firm.
While Hong Kong has increased its efforts to become more secure for shopping and banking, there are vulnerabilities in the system that broadband users are not even aware of, officials say. The fact is that clandestine users piggybacking on the unaware have multip......
[more] Trojans attacking the UK come from China But that doesn't mean the Chinese are involved... Malicious programs the UK government has said are attacking key business and government bodies are being sent from servers in China, according to an email security firm.
But experts at MessageLabs said it would be inaccurate to conclude Chinese hackers are responsible for the Trojan horse attacks as the servers could be controlled remotely from anywhere.
Mark Sunner, CTO for MessageLabs, said: "Message......
[more] Fake Microsoft security alert includes Trojan patch A new wave of spam that disguises itself as a Microsoft security bulletin contains a link to malicious software that gives attackers complete access to the infected machine, security researchers are reporting.
The e-mail, which began circulating late Tuesday, identifies itself as Microsoft Security Bulletin MS05-039, and offers a link to what it claims is a patch against the Sober Zafi and Mytob worms.
In fact, there is no such thing as Mi......
[more] Sophos picks up record malware haul Security software vendor Sophos says it has detected nearly 8,000 different pieces of malicious code so far this year - mainly coming from criminal gangs. The vendor reckons the dramatic rise in the number of viruses, worms and Trojan horses this year is down to more and more organised criminals turning to cybercrime.
It picked up almost 60 per cent more malware in the first six months of this year than the same time last year.
The biggest growth was in Tro......
[more] PCs Have 50-50 Shot At Infection In Just 12 Minutes The number of new viruses, worms, and Trojans are up nearly 60 percent in the first half of 2005, a security researcher says. The number of new viruses, worms, and Trojans are up nearly 60 percent in the first half of 2005, a U.K.-based security company said Wednesday, while the length of time an unprotected PC survives on the Internet has shrunk to a measly dozen minutes.
Sophos reported that it had pinpointed 7,944 new pieces of malicious so......
[more] 'Spam report' Trojan spreading fast A new plague of spam emails containing malicious Trojan software has been sent to up to 400,000 UK addresses, security specialists BlackSpider Technologies has warned.
The emails claim to be from a member of the recipient's IT team warning that their system has been compromised and is distributing spam. The emails, which carry the subject line 'Spam Report', were first detected at 3.25am yesterday.
BlackSpider said that only one vendor has so far released a......
[more] Industry coalition takes stab at defining spyware Technology companies have formed an alliance with public interest groups to tackle spyware. Membership of the Anti-Spyware Coalition (here) includes large software developers, anti-spyware companies and others. Current members include AOL, Computer Associates, EarthLink, HP, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro, Yahoo!, UC Berkeley, the Business Software Alliance and the Cyber Security Industry Alliance.
ASC has ventured......
[more] Sophos Anti-Virus Certified to Detect 100 per cent of Spyware in Checkmark Leading independent testing body awards Sophos Anti-Virus with spyware certification Independent research and test centre West Coast Labs has announced that Sophos Anti-Virus for Windows XP has been awarded the certification Checkmark for detecting 100 per cent of the spyware in their rigorous tests.
The certification confirms Sophos's expertise in protecting businesses against the spyware threats and joins existing aw......
[more] Desktop port proliferation a security risk? Software maker Opera's decision to support BitTorrent has added to some security experts' worries that applications which require open connections through firewalls are becoming increasingly popular.
Last week, the Norwegian company revealed that its latest technical preview adds support for downloading BitTorrent files, or torrents. BitTorrent, a peer-to-peer protocol that speeds files sharing by allowing every client to serve up pieces of a large f......
[more] Sophos ZombieAlert Identifies Spammer-Controlled Computers On Business Networks New automated service notifies organisations about their exploited and hijacked computers Sophos, a global leader in computer security, has announced the launch of Sophos ZombieAlert, a new alert service that identifies 'zombie' computers attached to organisational and ISP networks. Zombie computers are infected machines that give control to unauthorised and remote hackers, allowing them to send spam from the comput......
[more] E-Greetings Pose Security Risk Cyber criminals are increasingly using e-greetings to lure consumers into clicking on links that download malicious code into their computers, a security expert said Tuesday. Cyber criminals are increasingly using e-greetings to lure consumers into clicking on links that download malicious code into their computers, a security expert said Tuesday.
Over the last three months, Internet security vendor SurfControl Plc has tracked a 30 percent jump in malicious e-mai......
[more] Free Personal Web Hosting Sites Provide a Safe Haven for Hackers Websense finds thousands of cases of hackers creating web hosting accounts to spread malicious code, spyware and steal private data Websense, the world’s leading provider of employee internet management solutions, today announced that free personal web hosting sites are increasingly being exploited by hackers seeking affordable and anonymous ways to store and disseminate mobile malicious code (MMC) and dangerous types of spyware, s......
[more] Banks urged to wise up on spyware Enhanced customer education, improved staff training and better authentication have all been called for in the wake of recent cybersecurity breaches The Federal Deposit Insurance Corp (FDIC) on Friday urged banks to enhance their protections against spyware, to limit the risk that customers' personal data may be stolen.
The guidance from the FDIC comes amid a growing stream of reported incidents of the theft or exposure of personal customer data.
Spyware is a......
[more] Identity theft ring affects at least 50 banks Customers from Bank of America, PayPal and other financial institutions have had their financial details stolen by a dangerous new Trojan A major identity theft ring discovered last week has affected the customers of at least 50 banks, according to Sunbelt Software, the security firm that uncovered the operation.
The operation, which is thought to be under investigation by the FBI and Secret Service, is currently gathering personal data from compro......
[more] Spammers exploit Iran nuclear crisis As Iran is threatening to resume uranium-converting operations at a nuclear facility in Isfahan, spammers are taking advantage of the situation with another bogus junk email campaign.
The emails, which link to Trojan spreading websites, are purporting to contain news stories of the nuclear stand-off between the EU and Iran, according to antivirus firm Sophos.
The campaign is the latest bid to fool internet users into downloading malware.
In an press state......
[more] ID theft spyware scam uncovered Thousands of computer users have been caught out by a huge ID theft ring. Security firm Sunbelt Software said it stumbled across a US-based server storing megabytes of data stolen from compromised computers while researching spyware infections.
The server held passwords for online accounts from 50 banks, Ebay and Paypal logins, hundreds of credit card numbers and reams of personal data.
The FBI has reportedly now started investigating the ring of ID thieves.......
[more] Worm snaffles online gamers' passwords Players of one fantasy role-playing game Priston Tale1 have suffered a nasty attack of reality after virus writers created a worm programmed to steal their usernames, passwords and data.
The worm - dubbed PrsKey-A - waits for users to enter either Priston Tale or the Yahoo! email system before capturing keystrokes and sending data back to hackers. It is programmed to spread via network shares but other propagation mechanisms, such as tricking fans into do......
[more] Online scams emerge in Katrina's wake Hurricane Katrina has spawned more than misery and destruction--a new wave of scam e-mails and Web sites are exploiting the tragedy. Phony Web sites and e-mails, purporting to offer help to hurricane victims or provide more news on the destruction, are making their rounds on the Internet, security experts said Thursday.
One spam campaign that's circulating offers breaking news reports but tricks people into clicking a link that takes them to a bogus Web s......
[more] 'Islamic Trojan' disrupts smut surfing Virus writers have created a Trojan horse which tries to disrupt visits the pornographic websites by displaying messages from the Koran.
The low-risk Yusufali-A Trojan horse monitors the websites Windows users are visiting. If the malware sees one of a set of trigger words (such as "teen", "sex" or "penis") in the url it minimises the window so the user cannot see its content and displays a message from the Koran instead. The message, partly written in Ar......
[more] MySpace banner ad infects millions of Windows users with spyware Millions of visitors to popular Myspace.com (as well as a number of other websites) may have been infected with spyware, according to security firm iDefense. iDefense claims that the spyware infects unpatched versions of Windows using a security flaw in the way the operating system and Microsoft Internet Explorer open Windows Metafile images. A banner for DeckOutYourDeck.com loads a Trojan horse program onto unpatched systems. The......
[more] Hackers claim to have cracked latest Firefox flaw Security researchers claim to have found ways to exploit a serious bug in Firefox and Mozilla web browsers, a sign that attacks could be on the way.
The vulnerability, which could let attackers secretly run malicious software on PCs, was disclosed on Thursday by security researcher Tom Ferris. The Mozilla Foundation, which distributes and co-ordinates the development of the Firefox and Mozilla browsers, responded swiftly and released a temporar......
[more] Hacker Spams Huge Quantities Of Trojans, Again For the second day in a row, an unknown attacker Tuesday spammed major quantities of a new Bagle-esque Trojan horse that turns off virtually every known security program and blocks access to security sites on the Internet.
Several variants of the BagleDI-U Trojan -- dubbed Bagle.cd by McAfee, and Bagle.da by Trend Micro -- have been spammed since Monday at approximately 11 a.m. EDT. A second wave hit the Internet around the same time Tuesday, sai......
[more] Katrina Scams Proliferate Hurricane Katrina is still wreaking havoc online weeks after its initial punch. Katrina scams are showing up in inboxes and on Web sites, preying on the good-willed, the vulnerable, and even sometimes the greedy.
Scams include identity theft, Trojan horses, bogus investments, and credit-card fraud. Some experts warn of upcoming rip-offs like thousands of severely water-damaged (and smelly) cars from Louisiana being hawked online as in good condition.
Phishing Scams
T......
[more] Trojan rides in on unpatched Office flaw A new Trojan horse exploits an unpatched flaw in Microsoft Office and could let an attacker commandeer vulnerable computers, security experts have warned. The malicious code takes advantage of a flaw in Microsoft's Jet Database Engine, a lightweight database used in the company's Office productivity software. The security hole was reported to Microsoft in April, but the company has yet to provide a fix for the problem.
"Microsoft is aware that a Trojan......
[more] Websense Issues New Security Trends Report Websense, Inc., a leading provider of employee internet management solutions, today announced the release of the 2005 semi-annual web security trends report issued by Websense Security Labs.
The report summarizes findings for the first half of 2005 and presents projections for the upcoming year.
According to the report, the web continued to evolve and grow as an attack vector in the first half of 2005. The report found a marked increase in the numb......
[more] Hackers crack and kill the PSP The first hackers to crack Sony's must-have gadget, the PSP, have created code that will kill the handheld console and render it unusable.
The Trojan application which exploits a picture file vulnerability is the result of lengthy attempts to break the code of the gadget and modify its operating system.
Eric Chien of Symantec told silicon.com the code is not self-replicating and can only affect users who actively elect to download it onto their machine.
"It del......
[more] Trojan masquerades as Skype update Cybercriminals are spreading a malicious Trojan horse under the guise of an update to Skype, e-mail security firm MessageLabs said Monday. The Trojan horse, a variant of IRCbot, arrives in an e-mail purporting to be an update to Skype, the popular Internet telephony application. Once opened the malicious software displays a phony installation error message. It then blocks access to security updates and installs a back door on computers, MessageLabs said in a s......
[more] UK wins bronze in world spyware stakes New research has revealed that the UK's computers have the third highest spyware infection rates in the world, with only Thailand and the US facing a larger problem.
The figures were released at the start of a campaign led by Dr Nick Palmer, MP for Boxtowe, to bring together industry, police and IT organisations to combat the problem of spyware.
The National High-Tech Crime Unit, the Association for Payment Clearing Services, credit reference agency Expe......
[more] Sophos Welcomes Specialist Cyber Crime Prosecutors Sophos, a world leader in protecting businesses against viruses, spyware and spam has welcomed news that the UK Crown Prosecution Service (CPS) plans to establish a network of lawyers to specifically tackle high-tech crime involving child pornography, computer hacking and identity fraud.
Sophos believes that the technical expertise of the new network of 110 barristers will better equip the courts to deal with such cases, by preventing defenda......
[more] Crown Prosecution Service tackles hi-tech crime The UK's Crown Prosecution Service (CPS) has announced plans to create a network of lawyers to specifically tackle high-tech crime involving child pornography, computer hacking and identity fraud, according to a report from the BBC.
CPS policy director Philip Geering announced the measures at a one-day conference at the British Library as part of the organisation's Hi-Tech Crime Strategy.
Geering praised technology for providing "tremendous bene......
[more] AIM worm plays nasty new trick A worm found spreading via America Online's Instant Messenger is carrying a nastier punch than usual, a security company has warned. The unnamed worm delivers a cocktail of unwanted software, including a so-called rootkit, security experts at FaceTime Communications said Friday. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack.
"A very nasty bundle is downloaded to your machine" w......
[more] October breaks malware production records October saw the biggest increase in virus numbers since anti-virus firm Sophos began tracking outbreaks in 1988. The security vendor now identifies and protects against a total of 112,142 viruses, an increase of 1,685 on September.
Rather than creating new viral strains, the bad guys are churning out multiple new variants of popular backdoor programs such as Agobot, SdBOt, various Trojan downloaders and the like. Anti-virus firm F-Secure notes that man......
[more] Mobile Trojan distributes pirate anti-virus software A Trojan horse discovered on Tuesday includes a fully working -- but pirate -- copy of an anti-virus application called ExoVirusStop by exoSyphen Studios. Mobile phone malware is often disguised as a security application in order to dupe the user into installing it. However, the latest version of Doomboot, which attacks the Symbian platform, is the first to contain a fully working copy of an anti-virus application, according to Jarno Niemela,......
[more] Windows Update Trojan causes havoc Spoofed Microsoft patch catches unwary users Two newly discovered virus threats are circulating on the web, one attacking client machines and the other targeting web servers, web monitoring firm Websense warned today.
The first threat is a basic Trojan which masquerades as a Microsoft security patch. Recipients are urged to visit a spoofed URL based in Canada which uses a very similar design to Microsoft's own Update Centre and downloads a file named 'plugand......
[more] New Windows Trojan causes confusion Trend Micro on Wednesday reported the discovery of a Trojan horse that it said attacked Windows users through an image rendering flaw in Windows, a day after Microsoft provided a fix for the bug. But it isn't so sure anymore. The Trojan is referred to as "emfsploit.a" by the Tokyo-based antivirus company. Initially the antivirus software maker reported that the malicious code would crash "explorer.exe" on unpatched Windows machines. Explorer runs key parts of......
[more] Phishing net open for PayPal users A bait-and-switch scheme is targeting users of the financial service PayPal, according to security researchers. A fraudulent phishing email originating in Romania is asking users to download supposed new security measures for the PayPal service. A deceived customer then downloads a trojan which modifies the DNS server of the PC and deletes itself.
"The next time the user attempts to visit the PayPal website, he or she will instead arrive at a phishing site,"......
[more] Sober Virus Clones Taunt AV Vendors A new batch of Sober virus clones has been spammed around the world to seed botnets for malicious use, anti-virus vendors warned Tuesday.
The appearance of the latest threat comes 24 hours after law enforcement authorities in Germany predicted the Sober mutants would appear as e-mail attachments in German or English.
According to F-Secure Corp., an anti-virus vendor based in Finland, at least four new versions of the virus have been detected. All are capabl......
[more] Foreign powers are main cyberthreat, U.K .says Foreign governments are the primary threat to the U.K.'s critical national infrastructure because of their hunger for information, a British government agency said. The National Infrastructure Security Co-ordination Centre said on Tuesday that the most significant electronic threats are content-based, targeted, Trojan horse e-mail attacks from the Far East.
"Foreign states are probing the CNI for information," said Roger Cummings, the director of......
[more] Security firms warn of new Microsoft threats Two security firms Friday issued new warnings about two separate threats affecting Microsoft products.
Sophos reported evidence of new malware planted on Web sites that exploits a previously announced -- and as-yet-unpatched -- Internet Explorer security vulnerability. The Clunky-B Trojan horse allows hackers to install and run malicious software on users' machines when they visit sites containing the malware, said Graham Cluley, a senior technology......
[more] Arabic news station hit by phishing attack What is described as "a prominent Arab media outlet" was hit by a spear phishing attack earlier in the year, security experts told vnunet.com today.
UK security firm Sophos, which detected the threat, said that the attack was targeted solely at the unnamed news organisation's users. It is not known from where the attack originated.
The emails claimed to link to new pictures of Osama Bin Laden, but in fact pushed victims to a site hosting a Trojan hor......
[more] Mac OS X security under scrutiny When the SANS Institute, a computer-security training organization, released its Top-20 vulnerabilities last week, the rankings continued an annual ritual aimed at highlighting the worst flaws for network administrators. This year, the list had something different, however: the group flagged the collective vulnerabilities in Apple's Mac OS X operating system as a major threat.
It's the first time that the SANS Institute called out an entire operating system for......
[more] Trojan circulates as fake McAfee patch Experts are warning of a new Trojan that is spreading by masquerading as a patch for McAfee's antivirus software.
Emails have been spammed out pretending to be a security update for a virus called 'Kongos 31' which does not exist. The email contains a link to a web page hosted in the US that looks very similar to the McAfee download page.
"Users receive a spoofed email message instructing them to click on a link to immediately download and install a pat......
[more] Aladdin eSafe Gateway Solution Protects Against New WMF Exploit Aladdin Knowledge Systems Ltd., a provider of security solutions, announced that its Aladdin eSafe integrated content security and anti-virus suite proactively protects organizations from the recently discovered WMF (Windows Meta File) exploit (MS05-053).
The primary attack vector for WMF comes from manipulated Web-based images and pop-ups that download spyware and Trojans, as a result conventional content security solutions are u......
[more] Sophos Spam Data Shows China Still High Unsolicited Bulk Email Producer Anti-spam and anti-virus software company Sophos has published its latest report on the top twelve spam relaying countries for the last quarter of 2005. Sophos scanned all spam messages received in its global network of spam traps, and have revealed that although the United States still tops the chart, it has made significant reductions, and for the first time accounts for less than one quarter of all spam relayed. China ra......
[more] Twenty-year-old hacker rented out attack network A 20-year-old hacker admitted Monday to surreptitiously seizing control of hundreds of thousands of Internet-connected computers, using the zombie network to serve pop-up ads and renting it to people who mounted attacks on Web sites and sent out spam.
Jeanson James Ancheta, of Downey, Calif., pleaded guilty in Los Angeles federal court to four felony charges for crimes, including infecting machines at two U.S. military sites, that earned him mor......
[more] Two years after Gates prediction, spam still exists It has been two years since Microsoft's Bill Gates made the bold prediction that spam would be a “thing of the past," but the problem is still as bad as ever, according to new figures released. The research by anti-virus company Sophos found that the level of non-English spam has risen, with the vast majority now being relayed by "zombie" computers hijacked by trojan horses, worms and viruses under the control of hackers.
Sizeable increases a......
[more] British parliament attacked using WMF exploit The British Parliament was attacked late last year by hackers who tried to exploit a recent serious Microsoft Windows flaw, security experts confirmed on Friday. The e-mail-filtering provider for the U.K. government, told ZDNet UK that targeted e-mails were sent to various individuals within government departments in an attempt to take control of their computers. The e-mails harbored an exploit for the Windows Meta File vulnerability.
The attack occ......
[more] Internet brain trust aims to shame spyware makers Internet researchers at Harvard and Oxford universities said on Tuesday they are seeking to enlist Web users in a program to name and shame suppliers of spyware and other malicious software programs.
The Stop Badware Coalition will seek to spotlight companies that make millions of dollars by tricking Web users into putting spyware, adware or other deceptive software on their machines, organizers from the Berkman Center for Internet & Socie......
[more] Sex assault spam duping college students Security analysts at Sophos have warned of a new trojan sent to colleges in North America and the United Kingdom disguised as a plea to help authorities locate an alleged campus rapist. The Troj/Sinx-N trojan spams emails with a subject line of "CCTV still of Rapist," "Do you recognize this person?" or "Campus Student Raped," Sophos said Friday.
Users who click on the attached files, which claim to be photographs of the suspect, will launch malware onto......
[more] Israeli police nab industrial espionage trojan A married couple accused of developing trojan to spy on top Israeli companies have been arrested by police in that country. Michael Haephrati, and his wife Ruth Brier-Haephrati, were arrested last May in London, accused of writing malicious spyware software which was bought by private investigators to help top Israeli businesses spy on their competitors. The couple were flown into Tel Aviv last night after Britain approved their extradition. They ar......
[more] Websense warn about Fake Bird Flu Epidemic Email Websense Security Labs has received reports of a Trojan horse that attempts to trick users into visiting a malicious website to run malicious code. Users receive an email with the subject "Attention Bird Flu in England." The body requests users to click on a link to go either of two websites to get more information. The email also claims the government is trying to hide the facts on the flu.
Upon clicking on a link, users are directed to a websi......
[more] UK falls out of spam's 'dirty dozen' The US still tops the list of the spam-relaying countries, according to a report by Sophos, a provider of integrated threat management products. However, the US has made significant reductions and for the first time accounts for less than a quarter of all spam.
However, the UK has managed to slip out of the 'dirty dozen' - the top 12 spam-relaying nations. It is responsible for 1.6 percent of spam and now holds 14th position.
The report shows that the amou......
[more] Hackers writing zero-day malware to order 2005 was watershed year for zero-day exploits, warns security firm Russian security company Kaspersky Lab has discovered a worrying phenomenon in the wake of Microsoft's security gaffe over the .wmf exploit at the end of last year, claiming that hackers are tailoring and selling zero-day malware for specific markets.
Kaspersky claims that exploits for the .wmf vulnerability that emerged over Christmas were being developed specifically for the Russian ma......
[more] Hacker Jailed For Ddos Attack That Affected Three Million Internet Users, Reports Sophos More than one third of Spanish computer users affected.
Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, have welcomed news that a hacker who stopped more than three million Spanish computer users from using the internet has been sentenced to two years in jail.
26-year-old Santiago Garrido used a computer worm to launch distributed denial-of-service (DDoS) attac......
[more] Bird flu spam spreads WMF trojan downloader Security experts have warned of a new malicious email that uses social engineering playing on the growing fear of an avian flu epidemic to trick users into visiting a malicious website. Users receive an email with the subject "Attention Bird Flu in England." The body requests users to click on a link to go either of two websites to get more information. The email also claims the government is trying to hide the facts on the flu.
Upon clicking on a lin......
[more] Kaspersky warns of major Trojan hike How many compromised PCs are poised to strike? The number of compromised computers at large on the internet has increased considerably over the past year with Trojan activity more than doubling, according to Kaspersky Labs.
The Russian antivirus company revealed a 124 per cent increase in Trojans intercepted between the first and the last month of 2005. Backdoor Trojans were the most common, accounting for 29 per cent of Trojan infections.
These forms of ma......
[more] Clagger-H Trojan spammed out as message from PayPal Beware warning that your PayPal account is "temporally limited" Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned users to be wary of emails claiming that their PayPal account has been "temporally limited", after a Trojan horse was spammed to internet users. Sophos's global network of monitoring stations have sighted many instances of the Trojan since it was first discovered on Fri......
[more] Netsky still top of the virus charts February a quieter month overall as more users update definitions A roundup of the February virus and spam statistics has shown that Netsky is still the most common virus on the internet, despite all major software vendors having a signature file available for over a year.Sophos, Fortinet and SoftScan all put Netsky at the top of their monthly chart, and the virus accounted for an average of 18 per cent of all virus detections.Mytob has also proved commonplac......
[more] Couple face jail for Trojan trickery A couple accused of corporate espionage using Trojan software have been indicted in a Tel Aviv court.Michael Haephrati, 44, and Ruth Brier-Haephrati, 28, were extradited from London in January, and are said to have confessed to most of the charges against them.According to the indictment, the couple managed a company known as Target-Eya. Michael Haephrati is accused of developing the malware, while Ruth Brier-Haephrati is accused of marketing the malware to......
[more] IT managers want security costs to reduce IT managers are requesting simpler applications that can deal with a range of threats at a lower cost, said the top executive of security vendor Sophos."At the end of the day, the IT administrator does not care if it is spam or a virus," said Steve Munford, chief executive officer. "All they care is there is bad stuff coming off the Internet... and they want one vendor to protect them."Gateway e-mail filtering is evolving. IT manager......
[more] Financial firms suffer most Trojan attacks But are attacks evolving? Financial companies suffered more Trojan horse attacks last year than any other industry, research suggests.Almost 40 per cent of Trojan attacks and 30 per cent of hacker scans were focused on banks and financial firms, according to a report from security companies Counterpane and MessageLabs.A statement put out by the security companies said hackers are building Trojans to steal cash directly from bank accounts rather than sip......
[more] Hackers cash in on financial sector attacks But pharmaceuticals is top target for spyware The financial sector has been identified as the most attacked by hackers in an annual review of hacking activity by security firm Counterpane and email management company MessageLabs.The finance and banking sectors picked up nearly 40 per cent of all Trojan attacks last year, and manufacturing was the next worst affected at 22 per cent. "Hackers are starting to deploy tactics that bypass stronger authe......
[more] Milosevic murder trojan spreading rapidly An email purporting to contain proof that the recently deceased Yugoslav permier Slobodan Milosevic was murdered is being used to spread a malicious trojan, security watchers warned. According to on BlackSpider Technologies, recipients are invited to open the email - subject line: Slobodan Milosevic was killed - and click on an attached image of Milosovic. When the image is opened, a trojan is downloaded to the PC. The security firm estimated that more......
[more] More clever hackers emerging Cyber crime grew more sophisticated, targeted, and dangerous in 2005 according to a report released this week by Counterpane Internet Security and MessageLabs. The two companies teamed up to write about their security research in a report titled "2005 Attack Trends and Analysis." The report summarized key cyber attacks across 15 industry sectors and examines how the attacks affect organizations.Some of the key findings included the fact that......
[more] Trojan Redirector Ups the Ante in Online Banking Attacks Researchers at Websense Security Labs have stumbled upon a password-stealing Trojan that uses sophisticated DNS redirection techniques to dodge server shutdowns and hijack online banking data.The new phishing attack targets users of more than 100 financial institutions in the United States and Europe, including Bank of America, HSBC, Barclays Bank, Lloyds TSB.According to an alert from Websense, the Trojan silently modifies the contents o......
[more] Double attack fires 650,000 trojan emails at U.K. firms A double virus attack hit U.K. businesses with an estimated 650,000 trojan-laden emails before antivirus vendors were able to issue a patch against the new malware, a security firm claimed yesterday. According to BlackSpider Technologies, the first attack happened on Monday at 10:45 a.m. The firm estimated that more than 455,000 emails containing the trojan Downloader.Win32.Agent.adu hit inboxes of U.K. businesses during a three-......
[more] Trojan horses steal bank details, passwords Two Trojan horses with distinctive traits have been flagged by security researchers: one that hijacks one-time-use passwords, and another that hides behind a rootkit. The unrelated malicious programs, reported this week by security companies, represent new twists thought up by hackers in their development of Trojan horses, which are harmful programs disguised to look like innocent software. Banks in the United Kingdom, Germany and Spain have been targe......
[more] Hacker 'Smartbomb' Toolkit Attacks Unpatched Computers A dirt-cheap, do-it-yourself hacking kit sold by a Russian Web site is being used by more than 1,000 malicious Web sites, a security company said Monday.Those sites have confiscated hundreds of thousands of computers using the "smartbomb" kit, which sniffs for seven unpatched vulnerabilities in Internet Explorer and Firefox, then attacks the easiest-to-exploit weakness.For $15 to $20, hackers can buy the "Web Attacker Toolkit......
[more] Trojan Freezes Computer, Demands Ransom A new kind of malware circulating on the Internet freezes a computer and then asks for a ransom paid through the Western Union Holdings money transfer service.A sample of the Trojan horse virus was sent to Sophos, a security vendor, said Graham Cluley, senior technology consultant. The malware, which Sophos named Troj/Ransom-A, is one of only a few viruses so far that have asked for a ransom in exchange for releasing control of a computer, Cluley said.The......
[more] Computer Virus 'Hijacks' American Express Web Site American Express card holders: Beware that pop-up log-in screen, even on the company's secure Web site. The credit card and travel services company has issued a warning about what it calls a false "security measures" pop-up screen that appears when users log in to its secure site.In an alert posted online, the New York-based company included a screenshot of the pop-up, which tries to lure the user into his entering name, Social Securi......
[more] Vietnamese DDos attacker arrested A Vietnamese man accused of launching a large-scale distributed denial-of-service (DDoS) attack against a commercial website was arrested by local authorities. The attack on Vietco's website caused huge losses to the company, as it was forced to draft in 40 emergency technicians and left computer users unable to access the site.Nguyen Thanh Cong is suspected of beginning an attack on the Vietnamese e-commerce site in March 2006. The website, which has 67,000 re......
[more] Summer of Love Bug started six years ago today Today marks the sixth anniversary of the release of the so-called Love Bug, a mass email worm that spread to millions of PCs worldwide and was responsible for an estimated $10 billion in economic damage. But while May 4, 2000, seems a relatively short time ago, the computer threat landscape dramatically has changed since Filipino college student Onel de Guzman wrote the bug, which fooled computer users into clicking on an attachment that supposedly......
[more] Trojan horse lurks in World Cup e-mail German fans have been complaining for sometime about a bug in their underperforming national soccer team ahead of the World Cup soccer tournament, which begins next month in the country. Now they're having to worry about a bug of a different kind, a Trojan horse, which is masquerading in a downloadable tournament game plan. The Baden-Württemberg State Bureau of Criminal Investigation (LKA) warned on Wednesday of an e-mail with a link to a self-extract......
[more] World Cup Virus Season Kicks Off The FIFA World Cup 2006 tournament won't get underway in Germany until early June, but computer virus writers are already attempting to cash in on the planet's most popular sporting event with viruses aimed at deceiving eager soccer fans. Researchers at UK-based Sophos released notification of a new attack that infects Microsoft Excel files and has been disguised as a spreadsheet charting the national teams participating in the World Cup. Identified by the secur......
[more] Spyware stages 'significant counterattack' Spyware made a significant comeback during the first quarter of 2006, new threat-monitoring research has revealed. According to the "State of Spyware" report issued today by Webroot Software, the first three months of this year saw a "dramatic rise" in the prevalence of adware combined with a significant increase in the most malicious types of trojans and system monitors.This malware epidemic resulted in the highest consumer infectio......
[more] Dramatic rise in adware, malicious Trojans and spyware Spyware staged a significant counterattack during the first quarter of 2006, according to latest State of Spyware report issued today by Webroot Software. A dramatic rise in the prevalence of adware combined with a significant increase in the most malicious types of Trojans and system monitors resulted in the highest consumer infections rates since the first quarter of 2005.According to the report, the first quarter of 2006 saw a 15 percent......
[more] Killjoy Trojan deletes warez and smut Virus writers have created a Trojan that deletes illicit files from compromised Windows PCs in addition to harvesting data from infected machines.Erazer-A is spreading (albeit modestly) across P2P networks, where it poses as useful program files, or through chat programs.If executed, the malware scours folders used for P2P apps for AVI, MP3, MPEG, WMV, GIF, ZIP and other files. It then erases any porn, warez, music or any other matching file type found in P......
[more] Microsoft working on Word vulnerability fix Microsoft’s security experts are working on an update for the new zero-day vulnerability for Microsoft Word. First reported last week, the unspecified flaw in Word could be used to execute remote code onto a PC, according to vulnerability monitoring firm Secunia. So far, the preferred form of delivery for the malware has been email, according to Stephen Toulouse, head of the Microsoft Security Response Center (MSRC). "First off on the vulnerabilit......
[more] StopBadware.org names and shames malware Anti-spyware organisation StopBadware.org today added four software programs to its Badware Watch List, which aims to name and shame applications that contain embedded malware.The reports are the most recent in a series released by Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute as part of an ongoing effort to battle malicious spyware programs."Today we are identifying four more applic......
[more] New World Cup worm sighted World Cup fever is escalating among hackers, with security vendor Sophos revealing a new worm, and warning that seemingly harmless World Cup screensavers, spreadsheets and electronic wall charts are ideal vehicles to spread viruses and worms. The latest e-mail worm includes the German-language message "WM-Tickets" or "Weltmeisterschaft," and contains an attachment, which, when opened, activates the W32/Zasran-A worm. The worm is programmed to send......
[more] Fake Microsoft flaw notification trojan in the wild Think you’re lucky enough to have been notified of a new Microsoft Windows flaw seemingly before anyone else? Think again. Researchers are warning PC users not to fall for an email scheme that pretends to be a warning and patch for a newly discovered flaw in Microsoft WinLogon Service. The email tells users the flaw can allow malicious users to access a PC, then redirects them a malicious link that downloads a trojan. The scam should be famili......
[more] Word hole to get urgent patch Microsoft plans to patch a newly discovered hole in Microsoft Word in its next monthly patch update, and may release a rare "out of cycle" patch to address the hole, a company spokesman said. Microsoft's Security Research Centre is analysing the previously unknown vulnerability, which affects Microsoft Word XP and Word 2003 and is already being linked to targeted Internet attacks on government agencies in the U.S. and European Union, as well as U.S. gover......
[more] Sophos cracks ransomware Trojan code Antivirus firm Sophos has cracked the password needed to unlock files held to ransom by the Archiveus ransomware. A nurse in Greater Manchester became one of the first people in the UK to have her files encrypted by a ransomware program that demanded money before it would unlock them. Users trying to access the files are directed to a new file containing instructions on how to recover the data."Do not try to search for a program that encrypted......
[more] 'Ransomware' hackers to go unpunished? Greater Manchester Police (GMP) will not be pursuing the criminals who used a Trojan horse program to lock a Manchester woman's files and demanded a ransom to release them.The malicious Archiveus program was unintentionally downloaded by Helen Barrow of Rochdale, who found it locked her files into a 30-character password-protected folder. A ransom note instructed her to avoid going to the police and told her to buy pharmaceutical products online to gain th......
[more] Sophos Anti-Virus wins its 32nd Virus Bulletin 100% award Sophos, a world leader in protecting businesses against viruses, spyware and spam, today announced that Sophos Anti-Virus has been awarded the VB 100% award by Virus Bulletin magazine. This is the 32nd time that Sophos Anti-Virus has won a prestigious VB 100% award, confirming its position as one of the most powerful virus protection products available. Virus Bulletin tested 27 different anti-virus products for their detection rates, lac......
[more] Fewer e-mails bear malware The proportion of e-mail messages that contain malware has fallen for the first six months this year compared to the same period last year, Sophos PLC said on Wednesday. Statistics released by Sophos show that about one in 91 e-mail messages contained a virus or other types of bad software, far less than the 1-in-35 figure of a year ago, said Graham Cluley, senior technology consultant. Sophos provides enterprise-level antivirus, spam, adware and malware protection pr......
[more] Aladdin: Spyware threats tripled in 2005 A study released this week found that the number of distinct spyware threats more than tripled last year, while the number of trojan threats more than doubled last year. Released by Aladdin Knowledge Systems, the malicious code retrospective reported a dramatic rise in the number of spyware and trojan threats found by the Aladdin Content Security Response Team (CSRT) in 2005. "The swelling amount of spyware, as illustrated in the Aladdin CSRT report......
[more] Spammed Trojan claims Bush/Blair Middle East oil cover-up Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned of a Trojan horse that has been spammed out to email addresses disguised as a message claiming that George W Bush and Tony Blair are conspiring with oil companies to push up petrol prices. Other disguises being used by the hackers to distribute the Trojan horse include news reports that Osama Bin Laden has been killed or Michael Jackso......
[more] Trojan targets Google hosting service A Trojan horse has been discovered in Google Pages, a Web site hosting service offered by the search giant. An attacker apparently uploaded a malicious file to a Googlepages.com server, part of a service that allows people to create their own Web pages, said Dan Hubbard, the senior director of security research at Websense Security Labs. The Trojan could lie dormant on a user's system until the individual logs on to a banking Web site and then attempt to st......
[more] 1,000 Aussies caught in NAB phishing attack A phishing email claiming that The National Australia Bank (NAB) is bankrupt has caught more than 1,000 of the bank's customers in its net.The email warns the bank's customers that NAB might be bankrupt. It claims the bank's ATMs are not working and that people are starting panic withdrawals. It invites them to click on a link that will provide them with more information.You won't be surprised to learn that this link in fact downloads a Trojan onto th......
[more] Nasty, Next-Gen Trojans Are Upon Us Banking Trojans are perhaps the most malicious form of malware today, with the express purpose of taking your money directly from your own bank account. Regardless of how much damage they may have done in the past, a new generation of banking Trojans is beginning to appear, and they're game for even more pilfering, according to at least one security researcher. Joe Stewart, senior security researcher at managed security firm LURHQ, detailed the evolution of t......
[more] Zombie builders send out phone texts Hackers are trying to lure people to a malicious Web site using cell phone text messages, a security company has warned. The blended attack uses social engineering techniques in its attempt to trick people to the site, security vendor Websense said in an advisory. An SMS text message is sent to the targets' cell phones, thanking them for subscribing to a fictitious dating service. The message states that they will be automatically charged a fee of $2.00 per......
[more] Phone phishing attack hits US Criminals are trying a new approach to try to dupe people into downloading a Trojan horse program Criminals have launched a blended attack which attempts to lure users to a malicious Web site via text message. IT managers have been warned to alert their staff to the attack, which uses social engineering techniques to try to trick users to the phishing site, according to security vendor Websense.Users are sent an SMS text message to their mobile phone, thanking them......
[more] Word attack spammed out as malicious email attachment Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned of a Trojan horse that has been spammed out in large quantities to email users around the world. The WM97/Kukudro-A Trojan horse has been spammed out in email messages, which can have a variety of subject lines including "worth to see", "prices", "Hi", and "Hello". The body of the message reads as fo......
[more] Get your Mac, it's raining Trojans Security firm Sophos has issued a call for home computer users to ditch the Windows operating system and switch to Macs for the sake of their safety online.The call came as part of a report detailing the main trends in malicious software so far this year. The main finding was that all of the top ten threats to online users targeted the Windows environment.The good news is that viruses and worms seem to have hit "so last season" status, and the number......
[more] UK Consumers Wise Up To Internet Security Threats But Most Still Vulnerable To Online Scams Almost every UK consumer has taken steps to protect their computer from security threats, but most are failing to cover themselves against all online scams, according to new research from online shopping portal www.mutualpoints.com98% of 9,790 people surveyed in May said they had installed anti-virus software on their PCs, while 93% of the total sample had a firewall running. Just over four fifths (85.5%......
[more] Macs 'inherently more secure', say Mac users Mac users have reacted angrily to yesterday's leader article on silicon.com which questioned whether the Mac operating system is perceived as being more secure simply because Macs are less popular, and therefore represent a less attractive target for hackers and virus writers.Not so, argue Mac fans who were quick to point out that, in their opinion, Macs are perceived as being more secure because they are inherently more secure by design. End of argu......
[more] U.K. ISPs to share data for spam study A new set of guidelines may pave the way for dozens of Internet service providers in the U.K. to participate in a research project into the problem of spam, estimated to comprise 60 percent or more of the world's e-mail traffic. The guidelines concern how ISPs should deal with sensitive issues such as customer privacy and data-protections laws, while cooperating to shut down machines propagating spam, said Martin Hutty, head of public relations for th......
[more] Trojan spreads through Putin death spam A new spam campaign posing as a breaking news report about the death of Russian President Vladimir Putin is actually an attempt by hackers to infect computer users with a trojan. The spammed emails have the subject line "ATTENTION!!! President of Russia has dead" and a link to more information on the subject.Embedded in this spam is a hidden script that exploits the ADODB.Stream vulnerability in Microsoft Internet Explorer to secretly download th......
[more] Exploit uses PowerPoint flaw in targeted attacks Microsoft PowerPoint users were warned this week about a new exploit that takes advantage of a zero-day flaw in the program to drop a malicious file onto a compromised computer. Symantec, which first warned PC users about the trojan, called PPDropper.B, on Wednesday, said in an advisory that the exploit had infected a low number of users. The flaw was not fixed in this month's Microsoft Patch Tuesday release, which contained seven new fixes. Dave......
[more] Trojans account for over half of malware Over 54 percent of the new malware in the second quarter of 2006 were trojans, according to new data. The research from anti-virus firm Panda Software showed an increase compared to the previous quarter, when they accounted for 47 percent of malware detected. At the same time, the number of worms continued to fall, marking less than 5 percent of the total. The company said the figures confirmed that trojans are being used by criminals for financial gain.&......
[more] Trojan downloader uses Zidane lure Nefarious virus writers are using continued interest in Zinedine Zidane's infamous headbut in the World Cup final in order to distribute malware via a malicious website that poses as an official FIFA World Cup 2006 website.Surfers straying on the site are exposed to a Trojan horse downloader, which uses Windows exploits in a bid to install malware on vulnerable PCs. If successful, additional malware payloads are downloaded on to victimised machines.According t......
[more] Sophos podcasts debate latest IT security issues Sophos, today announced that it will record regular podcasts in which its experts will discuss and debate the latest malware threats, industry developments and long term security issues. The podcasts will provide valuable insight into the changing threat environment as well as the steps that businesses must take to protect themselves. In the first podcast, released on Sophos's website today, Carole Theriault interviews Graham Cluley, senior techn......
[more] Beware fake Google Toolbar trojan Researchers warned PC users this week to be on the lookout for a trojan in the wild disguising itself as Google Toolbar. n the scam, affected users receive an email claiming to be from Google and advertising the latest version of the toolbar, according to web security vendor SurfControl. However, when PC users click on the email, they're taken to a fake Google Toolbar website that looks similar to the real thing - but with a download option for the fake toolbar.......
[more] US heads global spam league of shame The US remained at the top of the chart of spam-relaying nations during the second quarter of 2006, accounting for 23.2 per cent of the world's unsolicited email.The closest rivals to the US are China and South Korea, according to figures from IT security firm Sophos, although both of these nations have managed to reduce their statistics since the first quarter of 2006.But the US has failed to reduce its spam problem for the first time in more than two years......
[more] Viral email traffic falls but threat remains Clandestine threats are on the rise, despite a dramatic reduction in virus traffic The proportion of infected email has dropped to a new low of just one in 222 (0.45 per cent), according to a security report by Sophos.This compares to the first six months of 2006 when, on average, one in 91 emails (1.1 per cent) carried malicious attachments.Sophos identified 3,715 new threats in July. The majority of the new threats (87 per cent) were Trojan horses,......
[more] Sophos Anti-Virus wins its 33rd Virus Bulletin 100% award Sophos, a world leader in protecting businesses against viruses, spyware and spam, today announced that Sophos Anti-Virus has been awarded the VB 100% award by Virus Bulletin magazine. This is the 33rd time that Sophos Anti-Virus has won a prestigious VB 100% award, confirming its position as one of the most powerful virus protection products available. Virus Bulletin tested eight different anti-virus products for their detection rates,......
[more] Hackers smoke out Firefox Hackers have found to exploit a hole in the open-source Firefox browser that enables them to monitor people's activity on the Internet. The Infostealer.Snifula uses works as an extension to Firefox but installs malicious Trojans that are loaded at start-up. The Trojan captures contents of form submission events including passwords and forwards them to its main process where it is sent to the remote attacker. Symantec security engineer, Candid Wuest said the exploits, w......
[more] Blackberry a Juicy Hacker Target A computer security researcher says he's found an unexpected new path into company networks: the Blackberry. Jesse D'Aguanno, a consultant with Praetorian Global, has developed a hacking program that exploits the trust relationship between a Blackberry and a company's internal server to hijack a connection to the network. Because the data tunnel between the Blackberry and the server is encrypted, intrusion detection systems at the perimeter of the network won't......
[more] Trojan data-stealer hijacks ICMP traffic A Trojan has been discovered that attempts to evade detection by sending stolen data back to its criminal creators using the ICMP (Internet Control Message Protocol) back channel. Detected by security company Websense, the unnamed Trojan is a relatively conventional data-stealer up to the point it communicates back to its host. Once a PC has become infected, the Trojan installs itself as an Internet Explorer browser helper object (BHO), and then waits qu......
[more] Italian PM Focus Of Trojan Email A bogus email claiming Italian prime minister Silvio Berlusconi has been murdered by an Israeli soldier contains a Trojan file that can infect a Windows PC. The fake email purportedly comes from bbc.italy2006@bbc.com, with a variety of subject lines like "Berlusconi la morte", "Berlusconi di terrorismo", "Berlusconi Tragedia", and "Berlusconi di omicidio." Security software firm Sophos reported a Trojan horse called Troj/D......
[more] Spammers scam child protection group to propagate trojan Emails that appear sent by an anti-child pornography nonprofit group - but in fact are being delivered by spammers - are trying to use scare tactics to get unsuspecting recipients to download a trojan, a security firm warned today. The spam claims the recipient's email address was discovered in a "child porn database" discovered by the Los Angeles-based Association of Sites Advocating Child Protection (ASACP). In the message, the......
[more] McAfee warns of 'SMiShing' attacks Cell phone users should watch out for text messages containing a Web site link which, when visited, could download a Trojan horse, security experts have warned. In a blog posting Friday, McAfee Inc. dubbed the new development "SMiShing," referring to a phishing attack sent via SMS (Short Message Service). Some cell phone users have started receiving an SMS that reads: "We're confirming you've signed up for our dating service. You will be ch......
[more] Malicious image spam entices users with soft porn Hackers are taking advantage of image spam techniques and lusty minds to spread a new Trojan horse, experts at SophosLabs warned today. A new spate of email messages are being sent to Australian users claiming to be from a woman visiting the country looking for a sex partner. Similar to most run-of-the-mill image spams the message contains no text, with the message completely embedded within an image. The missive embedded within the image entices......
[more] Vicky's sex partner graphic email points to malicious Trojan horse Experts at SophosLabsTM have warned that hackers are stealing the tricks used by image spammers to infect computer users with malicious code. Experts based in Sydney, one of Sophos's global network of virus, spyware and spam analysis centers, have discovered email messages are being sent to Australian computer users claiming to come from a young woman visiting the country. Unusually, the malicious emails contain no text, but an......
[more] Trojans: worse than a virus When some of the most prolific viruses, such as Sobig and Lovebug, infected the world's computers, it was international news. The rise of the potentially more serious threat from trojans has been stealthier. Even though the number of trojans being created outnumber new viruses by four to one, many computer users are unaware of the threat. Computer security experts say the authors of trojans are ruthlessly exploiting this ignorance. A trojan could be installed wh......
[more] Two years on, Netsky-P tops virus charts Netsky-P led the top 10 chart for malicious software threats in August, retaining its rank despite the availability of fixes for more than two years. During August, Netsky-P accounted for 19.9 percent of all malicious software incidents reported, according to a report released Friday by security researcher Sophos. Netsky-P, which remains the most widely spread of the e-mail worms, was ranked the worst virus of 2004. Just one in 278 e-mails were infected......
[more] Man admits blackmailing schoolgirls via webcam spyware Experts at SophosLabs have warned of hackers exploiting webcams to spy on children as a man pleads guilty to blackmailing schoolgirls.Adrian Ringland, from the British town of Ilkeston, Derbyshire, has admitted forcing schoolgirls to send him explicit pictures after he infected their computers with a Trojan horse. 36-year-old Ringland posed as a teenager called "Ant Jones" in a chatroom, in order to plant the malware onto girls' P......
[more] Nearly 2,000 Malware Threats and Hoaxes Discovered in August Sophos released August's top ten global malware threats and hoaxes, and released further proof that rootkits continue to infiltrate innocent computer users. Sophos identified 1,998 new threats in August, bringing the total number of malware protected against to 186,665. The majority of the new threats (71.8 percent) were Trojan horses, which, in most cases, are specifically targeted at particular groups of people and do not spread on......
[more] Samsung Web site hosts password stealing trojan Samsung's US Web site is hosting a Trojan horse that logs keystrokes, disables antivirus applications and steals online banking access codes, according to Internet security firm Websense. Visitors to the Web site are not affected by the malware and Websense believes Samsung's Web server has most likely been compromised in order to serve malware to users that receive spam messages or malicious IM messages.Joel Camissar, Australian country manag......
[more] Trio of fixes due on Patch Tuesday Microsoft said today that it plans to release three patches Tuesday as part of its monthly update, including one designed to fix a zero-day vulnerability in Microsoft Office.The software giant also will issue an update for the Windows Malicious Software Removal Tool (MSRT), according to a notification bulletin released this afternoon.Of the three security updates, two address "important" flaws in Windows, while the Office bug is deemed "critical......
[more] Samsung removes Trojan from US Web site Samsung Telecom has removed a Trojan horse that was being hosted on its Web site but the site's main page has been inexplicably unavailable all weekend. On Monday, a spokesperson for Samsung told ZDNet Australia that the offending file has been removed but could not explain why the site seems to be experiencing difficulties."The malicious code has been taken down and it is being investigated -- [the malware] has been identified and it has been pulled......
[more] Trojan lurks in fake news.com.au site Australian banking customers have been targeted by a new security threat that takes the form of an online news article warning that local banks will be closed for a week.The email appears to be a link to a news story on News Ltd's news.com.au site, but according to Australian Computer Emergency Response Team, Auscert, when a user connects to the spoof news website, a malicious Trojan is automatically downloaded.The subject bar of the email reads: "News......
[more] Surfing a bigger risk than spam to company networks Company networks are now more likely to pick up malicious software via employee Web surfing than from e-mail attachments, according to a new study. Nearly 40 percent of the 200 Danish companies surveyed said their systems had been infected by a virus or worm, despite the fact that 75 percent had implemented a security policy, IDC Denmark said in its report, released Wednesday. But the malicious software in question is no longer primarily makin......
[more] Microsoft Rushes Patch for VML Exploit Sophos Labs now rates as "critical" a re-emerging exploit to Microsoft's Vector Markup Language (VML) library, which Microsoft now says it will try to patch before its original October 10 deadline, announced on Thursday. This comes as the SANS Group raises its InfoCon level officially to "yellow," "to emphasize the need to consider fixes."In the meantime, a group of software engineers called the Zeroday Emergency Response Team......
[more] PatchLink releases a workaround for VML exploit to protect customers from zero day threats As hackers continue to exploit a security vulnerability in Microsoft Internet Explorer, rated as "extremely critical", PatchLink is releasing a PatchLink authored workaround for customers worldwide to protect their networks from VML zero-day threats. According to PatchLink Vice President of Security Technologies Chris Andrew, the Microsoft IE flaw could be potentially harmful to the IT environme......
[more] UK punters still falling for phishers UK punters are still failing to take basic precautions when banking online despite a wealth of available advice, according to a recent survey by banking association APACS. Although net users are aware of scams such as "phishing" and Trojan attacks, they remain complacent. APACS advises the estimated 15.7m people who regularly use the internet to access their current, savings and credit card accounts to do their homework, unless they want to leave......
[more] PowerPoint exploit adds to Microsoft's busy week Another exploit for a popular Microsoft program has been found in the wild during an already hectic week for the software giant. Experts from McAfee's Avert Labs said on a company blog this week that they found a new exploit for Microsoft PowerPoint in the wild. Microsoft Office 2000, XP and 2003 are affected by the exploit, virus researcher Craig Schmugar said on Avert Labs' blog. News of the new exploit came during a week when Redmond had alread......
[more] Trai website tinkered, hacker still at large Regulator to lodge FIR against international hacker code-named Pablin 77 The website of the Telecom Regulatory Authority of India (Trai) has been hacked. A hacker (code-named - Pablin 77) broke through the administrative access to the regulator's server on Saturday and tinkered with some of the links of the website. FE alerted Trai about the hacking on Monday. The hacker is still at large and the telecom regulator plans to lodge a FIR.Defacing of Indi......
[more] Malicious Code is More Covert, Websense Report The Websense® Security LabsTM 2006 Semi-Annual Web Security Trends Report, which summarizes findings for the first half of 2006 and presents projections for the remainder of 2006. The report shows that the volume of attacks increased and malicious code became more covert, less recognizable and more targeted toward financial gain. Not only has malicious code become more sophisticated, but the infrastructure supporting its creation and spread has......
[more] Microsoft Plans Nearly Dozen Patches Critical vulnerabilities in Microsoft's (Quote, Chart) Windows operating system and the widely-used Office application suite are part of 11 patches slated to be released next week, according to a Microsoft. Six of the patches -- at least one deemed critical by Microsoft -- affect Windows users, while four address vulnerabilities in Office, one of them critically important. Another security bulletin targets a moderate security risk in Microsoft's .NET (d......
[more] Microsoft enters the anti-virus bear-pit Microsoft is setting the cat among the pigeons at this year's Virus Bulletin conference, the big chinwag for the security software industry. Ordinarily, blame for the lamentable state of awareness of internet security has fallen on Redmond, alongside clueless end-users and over-sensationalist journalists. Lately, though, Microsoft has tried to shake off the fall-guy role, and reinvent itself as security industry participant. In May it launched its own se......
[more] Anti-virus technique adds muscle to PC lock-down Sophos has developed an innovative anti-virus-based approach to locking down PCs To identify malware, anti-virus products use a signature file that acts as a fingerprint of the virus or worm. Sophos has now applied the same principle to legitimate applications, giving IT directors a simple way to lock down desktop PCs.The company's anti-virus and application control product lets system administrators selectively block unauthorised VoIP, peer-......
[more] SurfControl Warns Internet Users of a Malicious Web Site Posing as Italian Google Site SurfControl (LSE: SRF), the leading provider of global on-demand, network and endpoint IT security solutions, is currently tracking a malicious Web site posing as the Italian Google site. The spoofed Web site utilizes typosquatting, a technique that mimics a legitimate looking domain and delivers a fraudulent Google page that looks identical to the original. The fraudulent Google site attempts to install Acti......
[more] Haxdoor Trojan claims thousands of UK victims Metropolitan Police have revealed that the Trojan responsible for infecting thousands of users is Haxdoor, a particularly 'nasty' piece of malware. The FBI is working with the Met to catch the offenders The Metropolitan Police have revealed that cybercriminals used a particularly malicious piece of malware called the Haxdoor Trojan to steal data from thousands of UK users. Over 2,300 people have been infected with a variant of Haxdoor, which installs......
[more] iPod Windows virus not correctly named says Sophos Security vendor Sophos claims that presently Apple is not displaying the correct name for the recently discovered iPod Windows virus listed on its website, instead referring to it by the name of a file commonly used in malware called RavMonE.exe. The virus, which was been shipped on a relatively small number of Video iPods sold in stores from mid-September, does not affect Apple Macs but propagates through storage devices connected to Windows ma......
[more] SurfControl Warns Internet Users of a Malicious Trojan Hidden Inside Spoofed Microsoft E-mail Message SurfControl, a leading provider of global on-demand, network and endpoint IT security solutions, is currently tracking a malicious Trojan Downloader concealed in a spoofed e-mail message claiming to be from Microsoft. The e-mail appears to come from support@microsoft.com, and offers recipients a link to download Release Candidate 1 of Microsoft Internet Explorer 7. When users click on the link......
[more] Spam Trojan Installs Own Anti-Virus Scanner Veteran malware researcher Joe Stewart was fairly sure he'd seen it all until he started poking at the SpamThru Trojan-a piece of malware designed to send spam from an infected computer.The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanner-a level of complexity and sophistication that rivals some commercial software."This the first time I've seen this done. [It] gets......
[more] Spammers gear up for pre-Christmas blitz Security report reveals sophisticated online tricks A sudden increase in spam has been identified in the latest security report issued today, as cyber-criminals gear up for a pre-Christmas blitz.Spammers are using new weapons to evade detection by conventional security software and increase their success rate, according to the October 2006 Intelligence report from security firm MessageLabs. One of these is a 'dropper' variant of the Warezov virus, w......
[more] Paedophile hacker jailed for 10 years A paedophile who used internet chat rooms to hack into the computers of schoolgirls and blackmail them into sending explicit pictures of themselves was jailed for ten years yesterday. Adrian Ringland, 36, from Ilkeston, Derbyshire, used a spyware Trojan horse to infect and control the girls' PCs. He admitted posing as a teenage boy in internet chat rooms in order to plant the malware onto the user's computers. The victims believed they were opening a picture......
[more] Malicious email - containing trojan keylogger - uses Adobe reader as bait A spoofed email message targeting Adobe users - which claims to have the latest version of the company's PDF reader, but actually contains a malicious trojan keylogger - has been spotted in the wild, according to researchers at SurfControl. Researchers from the Scotts Valley, Calif. company said in an alert published this week that the malware asks users to download the latest version of Adobe Reader 7.0.8. Once downloaded......
[more] Four cuffed over webcam Trojan scam Four people have been arrested in Spain over their suspected involvement in linked credit card theft and virus writing offences.Two 17-year-olds were arrested in Alicante on Wednesday and charged with writing a Trojan horse that allowed them to control the webcams of compromised machines at a local college. The duo allegedly used potentially embarrassing footage obtained through the ruse to blackmail victims.As part of the same inquiry (codenamed Operation Pr......
[more] Trojan planted on Chinese banking site News sources in China are reporting that the website of China UnionPay, a China-wide cross-bank credit card service used by over 170 million people, has been victim of a hacking attack which placed a backdoor trojan on its website. The trojan, referred to by Rising Antivirus as 'Backdoor.Blackhole.2005.a', is described as old and easily removed by AV software. However, with the possibility of website users receiving the trojan without interaction via a dri......
[more] 'Tis the season to send spam Mass e-mailers traditionally bump up their activity as the year winds down. But this year, the amount of junk messages could be unprecedented, companies that make spam-busting tools say. And senders of unsolicited ads are already celebrating the close of the harvest season and the approach of Christmas. "Just as legitimate vendors began stocking their shelves with holiday decor and gifts before Halloween, spammers started sending spam messages tailored to the h......
[more] Sophos Anti-Virus wins its 35th Virus Bulletin 100% award Sophos, a world leader in protecting businesses against viruses, spyware and spam, today announced that Sophos Anti-Virus has been awarded the VB 100% award by Virus Bulletin magazine. This is the 35th time that Sophos Anti-Virus has won a prestigious VB 100% award, confirming its position as one of the most powerful virus protection products available.Virus Bulletin tested 15 different anti-virus products for their detection rates, lack......
[more] Malware wars: Are hackers on top? The money made from malware is eclipsing the revenue of anti-virus vendors, a leading net security vendor claims. Raimund Genes, CTO of anti-malware at Trend Micro, cites FBI figures that IT security problems cost the economy $62bn last year against IDC estimates that the anti-malware market was worth $26bn in 2005.The FBI figures include the cost of clean-up operations, not just the profits accrued by the bad guys. Even taking this into account Genes reckons c......
[more] Word wiped out by hack attacks Microsoft has warned about a new, unpatched memory corruption hole in Word that has already been targeted by hackers. The bug can be exploited by adding a string of characters in a Word file that corrupt a PC's memory and allow an attacker to run unauthorised software on the system, Microsoft said in a security advisory. The bug affects Word 2000, 2002, and 2003, the Word Viewer 2003 and several versions of Microsoft Works. It has been rated critical but most worr......
[more] Windows Trojan masquerades as Vista hack A week after Windows Vista's official launch hackers have devised their first attack, targeting pirates trying to install illegal copies of Microsoft's operating system.A supposed Windows Vista crack called Windows Vista All Versions Activation 21.11.06 is reportedly doing the rounds, offering those tempted by the chance of sticking it to Microsoft the ability to install illegal versions of Windows Vista.However, the software is not a Windows Vista crack......
[more] New Year's, Christmas malware targeting inboxes Email users are again getting the electronic age's version of coal in a stocking - holiday-season spam and malware. Researchers from F-Secure have warned of a handful of just-discovered malicious files posing as Christmas and New Year's Day greetings. One New Year's scam is part of a new spam run distributing the Warezov worm. Using a fake "Happy New Year" greeting, the scam emails contain a malicious attachment, postcard.zip, and urge re......
[more] Wireless not worth hacking? For four years, I've been pretty clear about my personal opinions on wireless hackers. I don't worry about them. So when I say: "It's time to worry about wireless hackers," it's not just another security consultant scare story being recycled - it's because I think things have changed. What has changed? Easy: corporate networks have changed. It's no longer as easy as it was to penetrate a corporate firewall and compromise PCs on the LAN.By comparison, the Wi......
[more] DIY phishing kit offered for sale A software kit has been discovered for sale on the Internet that makes it possible for non-experts to set up and carry out sophisticated phishing attacks on large numbers of websites. EMC's RSA division reports that its Anti-Fraud Detection Center (AFCC) found the ‘universal man-in-the-middle phishing kit' being offered in a free demonstration version on a criminal forum monitored by the company. The kit - said to have a user-friendly interface designed t......
[more] Storm worm batters internet Spammers have taken advantage of Thursday's heavy weather across Europe to infect thousands of systems with a Trojan horse, allowing the systems to be taken over by criminal gangs. According to F-Secure, the attack was launched in the early hours of Friday morning, European time, taking the form of a wave of spam bearing the Small.DAM Trojan. Mikko Hypponen, F-Secure's chief research officer, said the attack shows gangs are using every technique available to spread m......
[more] MSN password stealer released as torrent Malware designed to steal users' Windows Live Messenger password has been released onto the net. The password stealer was released for download via BitTorrent earlier this week by a hacker using the handle "Our Godfather".The malware comes in the form of an IMB download confirmed by anti-virus firm Sophos as containing a password-stealing Trojan horse. Victims would need to be tricked into downloading and executing the malware, which might be r......
[more] UK firms naive to USB stick dangers Half of UK companies are prepared to put their network security at risk by inserting a USB stick posing as a party invitation, according to research published this week.IT consultancy NCC targeted finance directors from 500 listed firms in a range of sectors in a security awareness campaign, with USB sticks forming part of an anonymous invitation saying ‘For Your Chance to Attend the Party of a Lifetime'.More than 47 per cent of finance directors and so......
[more] Win Defender ineffective against Vista Users who rely on Vista's new security features and Microsoft's Windows Defender anti-spyware product may still find themselves unprotected. That's according to a study by Webroot, an anti-spyware vendor and Microsoft competitor. The company released the results of what it claimed was a two-week study of Windows Defender that showed the product missed 84 percent of a sample set of 25 spyware and malicious code samples. The programs that slipped by were a m......
[more] Half of pirated Vista is malware About half of the downloads claiming to be free versions of Microsoft's Vista operating system are actually malicious Trojan horse software, warned security vendor DriveSentry. With Vista's consumer launch just days away, hackers have been bombarding discussion boards with offers of "cracked" versions of Windows Vista, which are being distributed on peer-to-peer networks, said John Lynch, vice president of sales and marketing for DriveSentry. These pos......
[more] New zero-day Word attack threatens users Hackers are exploiting an unpatched vulnerability in Microsoft Word that could allow them to take control of a victim's PC. That's according to security company Symantec, which has said that the zero-day vulnerability is the fourth in Microsoft's Word 2000 software that has not yet been patched. Danish security vendor Secunia also reported the vulnerability, and rated it as "extremely critical," its highest-level warning. The attack comes via a......
[more] TomTom sat nav devices infected with virus A number of recently shipped TomTom satellite navigation devices are infected with malware, the Dutch company said today. The virus is installed on the TomTom GO 910 model, but doesn't affect performance, the satellite navigation firm claimed. However, users on Microsoft Windows systems risk running the malicious code and infecting their computer, according to a posting on IT forum, DaniWeb, where the problem was first reported.The units are infected wi......
[more] Microsoft warns over fourth Word flaw Microsoft is investigating another flaw in Microsoft Word that is reportedly being used in targeted attacks against its customers, the software giant stated in an advisory published late Friday.The flaw, which appears to only affect Microsoft Word 2000, is being used by a Trojan horse, MDropper.W, according to security firm Symantec, the owner of SecurityFocus. The company described the flaw on Thursday, and the following day, Microsoft released its own adv......
[more] Sophos Anti-Virus for Windows Vista wins VB 100% award Sophos, a world leader in IT security and control, today announced that Sophos Anti-Virus for Windows Vista has been awarded the accolade of VB 100% by Virus Bulletin magazine. This is the 36th time that Sophos Anti-Virus has won a prestigious VB 100% award, confirming its position as one of the most powerful virus protection products available.Virus Bulletin tested 15 different anti-virus products for their detection rates, lack of false a......
[more] Just two days before Super Bowl XLI, hackers use Dolphin Stadium website to exploit PCs Hackers today embedded a JavaScript-enabled trojan in the website of Dolphin Stadium, home to Sunday's Super Bowl XLI, stadium officials confirmed to SCMagazine.com "A link to a malicious JavaScript file has been inserted into the header of the front page of the site," Websense Security Labs said in an alert. The script attempts to exploit two previously-fixed vulnerabilities, one of which is a......
[more] Google Maps used to locate phishing victims Account holders with at least two Australian banks have become victims of a phishing scam in which malicious code reveals the physical location of affected IP addresses using Google Maps. Bank account holders in Germany and the U.S. have also been targeted. The software installs a Trojan capable of key-logging user activity, hijacking infected computers. The scam was circulated as a false news report claiming the Australian prime minister had suffered......
[more] Malicious Ikea spam knocks flat German email users Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned German computer users to be on their guard against a malicious email which claims to come from home furniture giant Ikea.The emails, which have been widely spammed out, pose as a communication from Ikea Deutschland, but opening the attached file launches the Troj/Clagger-AZ Trojan horse. "Users may be so surprised to receive an unexpecte......
[more] Vigilante hacker nabs child porn surfing judge Ronald Kline, a former judge for the Orange County Superior Court has been convicted to a 27 month jail term for possession of child pornography.The judge was arrested in 2001 after he was reported to authorities by a vigilante hacker that has been monitoring Kline's computer with his knowledge. Kline at the time admitted that he had stored more than 100 sexually explicit images of under-age boys on his computer.The hacker was the then 20-year-old......
[more] Man pleads guilty to spreading Trojan via IRC A Washington-state man pleaded guilty to one felony count of computer fraud relating to charges he spread malware to users of an internet relay chat (IRC) channel. He faces up five years in prison and a $250,000 fine when he is sentenced in early May.Using the user ID Fyle, Richard C. Honour infected IRC users with a program known as WindowsMedia.exe, according to a plea agreement on file with the federal court in St Louis, Missouri, where servers f......
[more] Security firms laugh at 'unstoppable Trojan' claims We laugh in the face of Trojans, and tweak the nose of the spindly killer worms Security firms have laughed off claims from Secure Computing that a new Trojan can evade traditional antivirus systems.Secure Computing's TrustedSource labs issued an urgent alert last night that the 'Mespam' Trojan was on the loose and that ordinary antivirus software would not be able to stop it."This threat signifies a trend towards blog, message boards and......
[more] New attack blends rootkits with HTML-injections to phish users An organised crime network is distributing new malware that takes advantage of rootkits and a state-of-the-art HTML injection to phish consumers on the fly as they browse the Web, a new report from VeriSign's iDefense warned on Wednesday. The malicious code sample analysed by iDefense was a Small downloader Trojan horse variant that installs two rootkit-protected files, collects and transfers e-mail addresses to a remote website and......
[more] eBay users targeted by advanced Trojan eBay users are being targeted by an advanced Trojan that attempts to redirect traffic so it can silently bid on a car from the auction site's car site, Symantec is warning. It is the latest security headache for eBay, which has faced an onslaught of complaints from some users who say fraud on the site has increased to unacceptable levels over the past few months.Trojan.Bayrob implements a proxy server so that traffic intended for eBay is instead sent to on......
[more] Macs are not immune from viruses Apple is undermining efforts to raise awareness of security issues by implying Macs are immune from viruses, according to managed security services company, Network Box. The current advertisement, featuring the Peep Show protagonists, David Mitchell and Robert Webb, suggests that Mac users, unlike their PC-using counterparts, do not need to worry about viruses - despite evidence that malware aimed specifically at Macs is on the increase. Every day in January thi......
[more] Trojan horse targets Skype users Miscreants have again adapted the Warezov Trojan horse to target Skype users, Websense Security Labs warned last week. The attack is similar to threats that target instant-messaging applications. A targeted Skype user will receive a chat message with the text "Check up this" and a link to a malicious executable called "file_01.exe" on a Web site, Websense said in an alert. If the user runs the file, several other files are downloaded and run,......
[more] Don't blame China - malware is a US problem US servers host most of the world's malicious code - despite the claims of China, Russia or eastern European countries. That's according to security vendor Finjan after analysis of more than 10 million URLs. The data was collected from live end-user traffic in the UK using Finjan's content inspection engines, said Yuval Ben-Itzhak, CTO of Finjan. Unlike some other studies, which look at domain names to make assumptions on where a server is based, Finj......
[more] World War III spam dupes users Hackers have tried to infect users' PCs with malware by pretending World War III had broken out. A weekend spam run tried to dupe recipients into downloading the infamous "Storm Trojan" by attaching files that posed as videos of a missile strike by the US against Iran. The email arrives with provocative subject lines that include "Missle [sic] Strike: The USA kills more then [sic] 20000 Iranian citizens," "USA Declares War on Iran," a......
[more] Microsoft hackers promise nude Paris Hilton pictures Hackers are attempting to exploit the newly discovered bug affecting Microsoft Windows' handling of animated cursors (ANI files) by sending out emails promising compromising pictures of Paris Hilton and hardcore actress Jenna Jameson.The spammed email messages have subject lines such as "Hot pictures of paris hilton nude" and contain an embedded image, not of the celebrity hotel heiress but of pornographic actress Jenna Jameson.When......
[more] Linux malware for iPods poses little risk Virus hunters have discovered what's described as the first malware designed to infect iPod portable media players.Podloso is a proof of concept program which poses no immediate threat beyond illustrating the point that VXers are always on the hunt for new platforms to infect.The "malware" is a file which can be launched and run on an iPod, providing (and only if) Linux has been installed. Podloso cannot be launched automatically without user......
[more] Storm worm variant ignites e-mail virus deluge Thursday likely marked the largest proliferation of e-mail virus attacks in more than a year, according to security company Postini. Postini said that two variations of the Storm worm virus, which originally spread across the Internet in January, have quickly driven global virus levels 60 times higher than their daily average. E-mail users should be on alert for messages with "love"-related subject lines and an executable attachment that......
[more] New IM worm targets Skype users A new instant-messaging pest that spreads using the chat feature in Skype has surfaced, security firm F-Secure warned Monday. The worm, dubbed Pykse.A, is similar to threats that affect instant-messaging applications. A targeted Skype user will receive a chat message with text and a Web link that looks like it goes to a JPEG file on a Web site, F-Secure said on its Web site. Clicking the link will redirect the user to a malicious file. The file, after executing,......
[more] Worst week for viruses in a year? The largest proliferation of email virus attacks in more than a year is likely to have occurred last Thursday, according to security company Postini.Postini said two variations of the Storm Worm virus, which originally spread across the internet in January, have quickly driven global virus levels 60 times higher than their daily average. Email users should be on alert for messages with "love"-related subject lines and an executable attachment that wou......
[more] Web attackers get better at hiding Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said Wednesday. Increasingly the actual code, often JavaScript, used to attack PCs is hidden in Flash animations or scrambled so that anyone who examines the source of a page can't easily identify it, said Jose Nazario, a senior software engineer at Arbor Networks, in a presentation at the CanSecWest security confab here. "Their obfuscation......
[more] Attackers improve on JavaScript trickery As JavaScript becomes an increasingly key component of online attacks, attackers are investing more energy in obfuscation and other techniques to make defenders' attempts at reverse engineering more difficult, a security researcher told attendees at the annual CanSecWest conference on Wednesday. Attackers have adopted the same techniques used to hide the purpose of other types of malicious code, such as splitting up the code into many components a......
[more] Hackers exploit university massacre to spread malware Hackers are exploiting the recent Virginia Tech University massacre to spread malware and infect computers, security experts have warned. Email messages were spammed to users claiming to include camera phone footage of the shootings at the US campus where 31 people were slaughtered on Monday. The messages contained an image of the killer, Cho Seung-Hui, with a link to a Brazilian website claiming to host video clips of the murders.However, cl......
[more] Warezov worm surfaces again Mass mailings of the variant, Warezov.nf, started at 5am on Thursday, and already make up between 70 and 85 percent of malicious content in email traffic, according to Kaspersky.Like previous variants of Warezov, the worm spreads via email, disguised as an attachment. The attachment is a Trojan that downloads the latest version of the worm from a number of websites. Once downloaded, the worm copies itself to disk and loads automatically at start-up. Warezov then......
[more] Poor e-mail practices pose security risk Cybercriminals are still using e-mail as a means to launch malware attacks on enterprises, according to a senior executive at Cisco Systems. "E-mail is still the vehicle by which they can infect corporations," said John Stewart, Cisco's chief security officer, in a teleconference Tuesday with journalists and analysts. Referring to a Cisco study conducted last year, Stewart said that regardless of country, over 10 percent of respondents will sti......
[more] Hackers debut malware loaded USB ruse Malware purveyors deliberately left USB sticks loaded with a Trojan in a London car park in a bid to trick users into getting infected.The attack was designed to propagate Trojan banking software that swiped users' login credentials from compromised machines.Check Point regional director Nick Lowe mentioned the ruse during a presentation at the Infosec trade show on Tuesday, but declined to go into further details, citing the need for confidentiality to pro......
[more] Phishing moves into more new areas The latest social-engineering methods being put to use by phishers show no let up in the evolution of online scams, with several new twists on old ideas being sent via mass mail in the hopes of hooking yet more gullible victims. Banks and financial institutions are among the biggest targets for phishing, with online banking login details becoming as useful as credit card details. Mal-Aware.org has released details of a new scam targeting Bank of America custom......
[more] Risk management: Growing pains As security becomes a board-level concern, those in charge of it can no longer hide behind the doors of the IT department. If you're a chief information or security officer, chances are your job has got, well, just a little bit harder over the past couple of years. Not so long ago, being a CIO or CSO was something of a nice little number, according to Calum MacLeod, European director of Cyber-Ark Software. "You moved upstairs, got the mahogany desk and the Mer......
[more] Malware 'hijacks Windows Updates' Virus writers may be able to smuggle malicious files onto a computer using Microsoft's security patch updates, experts say. At least one program is in circulation that can hijack a key component of Windows Update to introduce malicious software that could be used to hijack a computer. The method bypasses users' firewall, allowing files to download undetected. Microsoft said it was aware of reports of the attack. Security expert Frank Boldewin said on his website......
[more] Trusted" Web sites can no longer be trusted Restricting your Web surfing to "trusted" sites is no longer enough to keep your machine safe from malware, according to security experts. Malware was once restricted to sites offering free MP3s or porn but today it's increasingly being served up by some of the most popular sites on the Web.The results of a new study by Google, show that one in 10 Web sites could be potential launch pads for "drive-by-download" malware attacks.The search gian......
[more] Shiver me timbers! It's a pirate Trojan Hackers exploit interest in the movie Pirates of the Caribbean 3 Computer security researchers at SophosLabs are warning computer users about a widely-spammed out email teaser promising a trailer of the film "Pirates of the Caribbean 3" - and the chance of free tickets if you are in North America or Europe. Rather than a trailer for the blockbuster movie starring Johnny Depp, Keira Knightley and Orlando Bloom, however, the Troj/Yar-A Trojan horse......
[more] Beware of slow and quick viruses When the Internet had only barely begun, the only way of spreading viruses was via floppy disks. This is a very slow means of propagation, particularly in comparison to the speed at which viruses spread nowadays. To get an idea, the infamous ‘Friday 13' virus (whose name originates from the day in which it deleted all .exe files on computers) took a long time to spread, and was infecting computers for several years.In the past, when virus creators planned......
[more] Hackers Launching Attacks Against Yahoo Messenger Bugs Websense researchers report 40 to 50 malicious sites are taking advantage of critical vulnerabilities in the instant messenger. Malware writers have latched on to the exploit code for the critical bugs in Yahoo Messenger, setting up 40 to 50 malicious Web sites to attack unsuspecting, and unpatched, users. "This threat is critical," said Stephan Chenette, manager of Websense Security Labs, in an interview. "The use of [the ex......
[more] F-Secure Releases Data Security Summary Report for H1 2007 Security Threats Cross Technology Borders Towards a New Malicious Economy; Social Engineering, Bank Scams, Cyber War and Clever Mobile Intruders F-Secure today released a summary report of data security threats and trends during the first half of 2007. The world-renowned F-Secure Labs saw a steady flow of data security threats -- the underlying trend to note is the spread of malicious activity across various forms of technology and appl......
[more] 'Italian job' Web attack hits more than 10,000 sites The attack, which is primarily hitting Italian sites, has turned the pages into malware distributors Online criminals have launched a widespread Web attack that has turned tens of thousands of legitimate Web sites into weapons, security vendors said Monday. The attack began late last week, and by Monday morning, more than 10,000 Web sites had been compromised, according to security firms Trend Micro and Websense.Although attackers have hit tar......
[more] Cyber crooks hijack 10,000 websites More than 10,000 websites have been infected by a sophisticated and fast-acting Trojan downloader that attempts to install malware on visiting PCs. At least one security firm, Trend Micro, is working with the FBI to contain the damage and track down the perpetrators.The attack is noteworthy for the number of sites it has managed to infect in a relatively short period of time. Between Friday and Sunday night, the number jumped from 1,100 to about 2,500. By Mon......
[more] USB flash drive worm spreads information about AIDS LiarVB-A worm infects removable memory sticks Sophos, a world leader in IT security and control, has discovered a worm which spreads by copying itself onto removable drives such as USB flash drives, in an attempt to spread information about AIDS and HIV. The W32/LiarVB-A worm hunts for removable drives such as floppy disks and USB memory sticks (as well as spreading via network shares), and then creates a hidden file called autorun.inf to ensur......
[more] UK sets the pace when it comes to cyber crime Identity theft, phishing and Trojan attacks are on the rise, and virtual worlds are being targeted by fraudsters, said a global online security firm. UK is a popular target because it was the pioneer for fast online payments, and consumers are used to easy and instant payment transfers, said Uriel Maimon, senior research scientist, RSA consumer solutions. Financial firms continue to face new and emerging threats, and are challenges to increase confi......
[more] YouTube 'riddled with 40-plus security vulnerabilities' Google researchers have at last responded to a hacker who says he's uncovered more than 40 YouTube flaws that put users at risk.Christian Matthies, says he's been trying to get the attention of Google bug squashers for the past several months, but was unsuccessful in getting a single reply to his emails warning of the vulnerabilities. That changed this week, a few days after he posted an ultimatum effectively vowing to disclose the bugs pu......
[more] Fake flash player site used to spread malware Hackers have developed a new ruse that attempts to trick users into downloading malware from a fake Adobe Shockwave Player download site.Prospective marks who stray onto lure sites - such as a game site related to RuneScape - are presented with broken icons in an attempt to convince them that their copy of Shockwave (if already installed) isn't working properly.Links from the site all point to another site which "diagnoses the problem" as......
[more] 'Italian Job' trojan could lead to future localised attacks The recent MPACK-aided trojan attack is a sign that future mass-attacks may become increasingly localised, according to security researchers. The MPACK delivery device for malware was used to propagate trojan attacks this month, mostly affecting users in Italy.Dave Cole, director of Symantec Security Response, told SCMagazine.com today that MPACK-related attacks are unique both for their use of existing websites and regional nature.&quo......
[more] Fake Windows security alert loads a Trojan Messages insisting that users install a just-released Microsoft security update are bogus and actually lead to a site that plants malicious code on PCs, several security companies have warned. The spam, which touts "Microsoft Security Bulletin MS07-0065 -- Critical Update" as its subject and appears to come from "update@microsoft.com," claims users should download a June 18 security patch and provides a link to a URL that looks legi......
[more] Sophos: Thousands infected with video disguised malware A Trojan that disguises its malicious content by playing a humorous animation is spreading across the internet, according to security experts. The Agent-FWO trojan plays the popular "Yes & No" Shockwave video created by Italian animator Bruno Bozzetto, but only after embedding itself on users' computers and downloading further malicious code from the internet. Hundreds of thousands of people are believed to have watched the fi......
[more] Private-eye hackers are convicted Two police officers who moonlighted as private detectives have been convicted of bugging phones and hacking into computers on behalf of wealthy clients. Jeremy Young and Scott Gelsthorpe set up Active Investigation Services and ran a service dubbed "Hackers Are Us". One of their clients, waste millionaire Adrian Kirby, paid £47,000 for AIS to spy on environmental investigators. Gelsthorpe, of Kettering, Northants, and Young, of Ilford, east Londo......
[more] Don't touch that Microsoft Security Bulletin email Trojan hides under patch update Do not be tempted into opening an email with the subject line: "Microsoft Security Bulletin MS07-0065" because it is no such thing.The email is not from Microsoft and contains a link to a webpage containing a trojan (disguised malware). The emails contain real people's names and the company they work for and looks like a genuine Microsoft email.The mail looks pretty convincing and includes Microsoft and......
[more] Rival malware gangs wage turf war Security researchers have uncovered evidence of a turf war between rival criminal enterprises connected to two of the most sophisticated malware toolkits in current use.Like competing gangs in the Mafia - for those who followed the HBO series The Sopranos, think the New York-based Lupertazzi crime family and its sometimes enemy the DiMeo crime family, which Tony Soprano ran from New Jersey - the malware groups are fighting for turf and control.But rather than c......
[more] BlackBerry 'spyware' can steal secrets Research in Motion's (RIM) BlackBerry which is popular with corporate users due to its secure management of mobile e-mail is vulnerable to 'legal' spyware that has been classified as a Trojan by several security vendors. RIM's BlackBerry has won significant market share in the corporate sector due to a perception that it is impervious to security attacks.But an updated version of the FlexiSPY application, considered a security threat by most IT security ven......
[more] Portable storage media increasingly a focus of attack for malware writers ESET has announced that for a third consecutive month, Trojan Ani.Gen with nearly 4% of detections, remains the number one threat during June, as observed by ESET's ThreatSense.Net statistical reporting. But the rise of other threats such as Rjump.A into third place and INF/Autorun into fifth, both of which exploit the wide use of portable storage media, shows that this is increasingly a focus of attack for malware writer......
[more] Storm Trojan returns as Fourth of July spam Email users are being warned to be wary of 4 July malicious spam messages playing off the American day of independence by security experts. The Threat Research and Content Engineering (TRACE) team at email and Internet content security provider, Marshal, has identified a new spam greeting card that invites recipients to retrieve a greeting card that someone has sent them. The recipient is asked to click on a web link in the message to access their gre......
[more] Hackers lure victims to fake iPhone website New attack combines virus, phishing and adware in order to relieve would-be iPhone buyers of financial information. Hackers are targeting prospective iPhone users with a fake website that steals personal information from unsuspecting victims, according to experts.Researchers at anti-virus company Panda Software discovered that cybercriminals have developed a trojan, called Aifone.A, that takes control of a user's computer and then directs the victim to......
[more] FBI planted spyware on teen's PC to trace bomb threats The FBI planted spyware on the computer used by a Washington state teenager to finger him as the person behind a rash of bomb threats e-mailed to his high school, court documents revealed this week. The 15-year-old, a former student at Timberline High School in Lacey, Wash., pleaded guilty Monday to making the bomb threats, as well as to identity theft charges, according to The Olympian. He was sentenced to 90 days in juvenile detention and......
[more] DIY Trojan tool discovered for sale A new kit for building and customising Trojan malware has been discovered for sale on the Internet. With the appropriate name ‘Pinch,' the tool lets criminals with little technical knowledge specify a number of parameters such as which type of password to steal from infected machines. Alternatively, the tabbed-based interface can be made to turn the program into a straightforward key-logger set to capture all keystrokes, take screenshots, or steal speci......
[more] IM attacks up nearly 80 percent, Akonix says - and P2P is worse Loose lips sink ships, and flying fingers scuttle computers Malicious code attacks over instant messaging networks are up almost 80 percent over last year, according to a new study from vendor Akonix. In July, the company, which develops IM hygiene and compliance appliances and services, said it uncovered 20 malicious code attacks over IM in July. The total number of threats for 2007 so far is 226, the company said. That number is a......
[more] Well-wrought e-mail scams target deep-pocketed victims It's the moment we've all feared: The phishers have learned decent business English A wave of sophisticated, ongoing attacks disguised as bills from supposed business partners, complaints from the Better Business Bureau, and investigations by the Internal Revenue Service is snaring high-value business victims with malware-carrying e-mail messages that don't bear the usual telltale signs of phishing. "When you get one of these things,&qu......
[more] Sophos Anti-Virus for Windows Vista wins VB100 award Sophos, a world leader in IT security and control, today announced that Sophos Anti-Virus 7.0.0 has been awarded the accolade of VB100 by Virus Bulletin magazine. This is the 39th time that Sophos Anti-Virus has won a prestigious VB100 award, confirming its ability to detect 100% of the viruses in the wild, and its position as one of the most powerful virus protection products available.Virus Bulletin tested 20 different anti-virus products f......
[more] Huge Russian malware attack imminent Trend Micro says a large-scale security attack could be about to launch on the web after its researchers spotted a Russian server loaded with more than 400 different pieces of malware. Chenghuai Lu, a senior threat analyst at Trend Micro, has uncovered a site with several hundred malicious programs and traced the site's server to a Russian IP address. Among the harboured malware were examples of three Trojan families: Dropper.cko, Clicker.qu and Polycrypt.g.......
[more] Sophos PureMessage receives West Coast Labs Checkmark Sophos, a world leader in IT security and control, today announced that its email security solution, PureMessage for Unix, has been awarded West Coast Labs Checkmark for 100% detection of in-the-wild viruses. The accolade confirms the software's ability to detect 100% of the viruses found in the wild, and its position as one of the most powerful security solutions for Unix mail servers. "Sophos PureMessage for Unix offers a considerable......
[more] Cyber-criminals unleash spam Storm Experts warn of 'confirmation spam' outbreak Security experts have warned of an outbreak of malicious spam emails that use log-in account confirmation details as a hook to get users to visit an infected website.The Marshal TRACE threat research team said that the emails appear to come from a legitimate organisation and provide recipients with temporary log-in confirmation details for a website.The spam uses text like 'for security purposes, please login and cha......
[more] Spam to reach all-time high Spam levels are heading toward an all-time high of 90 percent of all e-mail, according to a Secure Computing report. In a statement released Thursday, the security vendor said that spam volume has risen by over 30 percent this week, and looks set to reach record levels last seen in December 2006. The security vendor attributed the spike to the resurgent Storm Worm which returned with a twist earlier this month. Secure Computing said that the Storm Worm currently has......
[more] AOL phisher pleads guilty, faces seven years A man who targeted AOL users in the US in a phishing scam faces seven years in prison. 23-year-old Michael Dolan admitted to his part in a ring of phishing scammers who duped AOL subscribers into divulging names, credit card numbers, bank account numbers, Social Security account numbers and other private information. "[We] are committed to investigating and prosecuting internet phishing and other identity theft schemes that wreak havoc on the li......
[more] German gov't PCs hacked; China offers to investigate Chinese Premier Wen Jiabao described reports of Chinese hackers breaking into German computers as a matter of "grave concern" and said today that his country will cooperate with Germany to resolve the matter. Wen's comments, made during a press conference with German Chancellor Angela Merkel in Beijing, were prompted by a report published two days earlier in the German news magazine Der Spiegel claiming that Chinese hackers had been......
[more] United Nations hit by keylogger and trojan attack The United Nations (UN) has been hit by a string of hacking attacks aimed at identity and credit card theft, and the building of botnets. The attack on the UN Asia Pacific website is believed to originate from the same group responsible for attacks on the US-based Biotechnology Information Organization and the prominent Indian Syndicate Bank. The financially-motivated incursions, launched from the same remote location, infected a server common t......
[more] Beyonce, Rihanna, Kelly Clarkson video emails spread ecard Trojan horse Sophos, a world leader in IT security and control, has warned internet users about the latest disguise being used by malware authors in their attempt to infect people's PCs: an email claiming to point to music videos of popstars like Beyonce Knowles, Kelly Clarkson and Rihanna. Experts at SophosLabs have proactively protected customers against the latest wave of malicious emails which pretend to be links to new music videos......
[more] Bank of India site hacked, serves up 22 exploits The Bank of India Web site was hacked sometime Wednesday night (U.S. time) and seeded with a wide, wild array of malware that infected any users running unpatched browsers, security researchers said today. Although the bank's site had been scoured of all malware by Friday morning, it's currently offline. "This site is under temporary maintenance and will be available after 09:00 IST on 1.09.07," a prominent message currently reads. Rese......
[more] Germany floats Trojan for terror suspects German politicians have defended plans to email Trojan horse software to terror suspects in the hopes of monitoring their conversations. The measures have sparked a fierce civil liberties debate. The dubious efficacy of the wheeze is yet to come under serious consideration.Interior Minister Wolfgang Schaeuble is seeking police powers to harness malware in upcoming federal security laws. AP reports that snoopware would be developed by the German governme......
[more] Monster warns victims and pledges better defense Monster Worldwide, the owner of employment search site Monster.com, last week began notifying the estimated 1.3 million users affected by a breach that leaked résumé information and pledged to beef up network monitoring and defenses to prevent such a leak from happening again.As reported by SecurityFocus, a malicious Trojan-horse program dubbed Infostealer.Monstres accessed résumé data using stolen, but valid, employer......
[more] eBay users targeted by ID-stealing botnet Online auction site eBay has been targeted by identity thieves, who are wielding a botnet that uses brute force to uncover valid account log-in information, according to security company Aladdin Knowledge Systems. The attacks against eBay may have started as long ago as early August, said Ofer Elzam. He said that he and other researchers at the Tel Aviv-based security company have not been successful in notifying eBay of their weekend findings. Accordin......
[more] Storm worm still raging New report finds that the Storm worm tempest has failed to die down. The Storm trojan is still causing havoc and has changed tactics over the last month in order to infect computers, according to the latest Messagelabs report.The company's research team had observed a large increase in emails with links to virtual postcards and YouTube videos. The team noted a significant outburst on 15 August of 600,000 emails over that day. It estimated that the StormWorm botnet now com......
[more] Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users A Yahoo-owned advertising network became the unwitting ally of cyber crooks after it spewed millions of Trojan-laced banner ads on MySpace, PhotoBucket and other websites.The banner ads, which were brokered by Right Media, were served an estimated 12 million times over a three-week period starting in early August, according to ScanSafe, a managed security provider. Earlier this year, Yahoo paid $650m to acquire the 80 percent of the......
[more] Pfizer PCs used to relay Viagra spam Spammers have hijacked computers at drug manufacturer Pfizer, causing them to send junk emails advertising the company's product Viagra. At least 138 of Pfizer's IP addresses are being used to send the spam after being loaded with Trojan software, it emerged this week. Aside from Viagra, the spam advertises penis-enlargement drugs, fake Rolexes and shares, according to botnet-tracking company Support Intelligence, which said that those IP addresses have now b......
[more] Ethical hacking courses for sale on eBay Ethical hacking kits, which provide a variety of tools for penetration testing, password theft and guides to virus development, are being sold on eBay. Three hacking courses were being auctioned on Thursday, according to Tier-3, a UK-based behavioral analysis vendor.Calling this "a serious development," Geoff Sweeney, Tier-3's CTO, noted, "It basically puts high-level hacking tools, including surreptitious trojan loaders and website-hacking......
[more] Number of malicious e-mails bearing bad links balloons tenfold The percentage of threats arriving in e-mails that rely on links to malicious sites -- rather than arriving as file attachments -- has ballooned tenfold since the first quarter of the year, a security company said today. In a report published today, U.K.-based MessageLabs Ltd. said that 35% of the e-mail threats it now detects use embedded links to infect computers instead of the more traditional file attachments. In the March-June......
[more] IT managers 'fearful' of remote workers Nearly nine in 10 IT managers fear the security risks caused by remote working practices, in spite of the increased productivity many home workers insist results from connecting offsite, new research has revealed. The main concerns stem from the fact that hackers can use remote connections as a "back door" into the company network or to the risk of the corporate network by the use of unauthorised software and Internet access. The study, conducte......
[more] Storm builds the world's biggest botnet Storm may not be the most creative or malicious piece of malware ever written, but it's on track to become the most productive; threat researchers' recent estimates put the number of PCs it has infected at more than 1 million. First showing up on researchers' radars about a year ago, Storm is defined by some as a worm, others as a Trojan Horse. Though it has gone by many names, Storm - referring to the spam blasts it has been behind that mention storms -......
[more] Angelina Jolie 'nudes' fuel malware spike One in every 833 emails in September were infected with malicious attachments compared to one in every 1,000 during August, new research reveals.The jump in malware attachments was primarily due to a coordinated campaign by hackers to spam out the Pushdo Trojan during the second half of September, according to security firms. The emails, which offered naked pictures of Hollywood actresses such as Angelina Jolie and Holly [sic] Berry, carry a malicious p......
[more] Webwasher Achieves 99.86 Percent Success in Anti-Malware Detection Study Secure Computing Corporation, a leading enterprise gateway security company, today announced that in an independent test conducted by AV Test Labs, Secure Computing's Webwasher anti-malware engine achieved 99.86% detection success, surpassing all of the leading vendors and scoring higher than 27 other companies. Secure Computing's reputation-based Web gateway solution, Webwasher, correctly identified the majority of 874,82......
[more] Trojan horse dupes Skype users, steals usernames and passwords Skype Ltd. again warned users of its software that malicious code targeting the voice-over-IP (VoIP) and instant messaging service was on the prowl, the second such alert in the past five weeks. A Trojan horse posing as a Skype add-on is stealing log-on credentials, the company\'s online spokesman, Villu Arak, said yesterday in a blog posting. Calling itself Skype Defender, the malware installs if users download and run the executab......
[more] Details of hijacked 24/7 ad server emerge Compromised server seeds legit sites with ads that invisibly steer users to exploit Hackers have hijacked a server operated by Internet advertising company 24/7 Real Media and are using it to seed legitimate Web sites with ads carrying attack code, Symantec Corp. said Friday. Windows users who visited sites with the attacking ads were infected if they browsed with Microsoft Corp.'s Internet Explorer and had RealNetworks' popular RealPlayer media player p......
[more] Russians behind attack PDFs, security researcher says An infamous hacker gang is sending malicious PDF docs, stealing financial data A notorious Russian hacker gang is responsible for ongoing attacks using malicious PDF documents, a researcher said today. Users can thank the Russian Business Network (RBN), a well-known collective of cybercriminals, for the malware-armed PDF attachments that began appearing in in-boxes yesterday, said Ken Dunham, director of response for iSight Partners Inc. If t......
[more] Austrian police to use crime-busting Trojans The Austrian Police has become the latest European agency to express its intention to use specially crafted Trojans to remotely monitor criminal suspects. According to reports in Austrian media, the minister of justice Maria Berger and interior minister Gunther Plater have drafted a proposal that will be amended by legal experts and the cabinet with the intention of allowing police to carry out such surveillance legally with a judge's warrant. There......
[more] Microsoft desperately seeks fix for 'massive' Russian PDF attack Microsoft said it is working around the clock on a patch for a Windows flaw that is partly responsible for an ongoing attack wave of infected PDFs. The company has updated a security advisory to reflect the fact that exploit code is in the wild, but it may be too late for many. Security researchers said hackers have ramped up attacks using malicious PDF files that target the vulnerability. F-Secure called the surge in spam carryin......
[more] Six new bugs found in RealPlayer For the second time in eight days, new critical vulnerabilities that could be used to hijack machines have been fingered in the RealPlayer media player. The patched editions released last Friday for Windows, however, are not vulnerable to the half-dozen bugs, RealNetworks said. Hard on the heels of the revelation that RealPlayer sported a major flaw and that the bug had been exploited by hackers who had compromised an ad server owned by 24/7 Real Media to spread......
[more] 'We're not scared' of Storm, say researchers Reports that security researchers are running scared from hackers responsible for the Storm trojan are overblown, say some of the people who have dug into the complex malware. Last week Josh Corman of IBM's Internet Security Systems said that Storm, a multifaceted Trojan Horse that has been used to gather a substantial army of bots (or compromised computers), strikes back using distributed denial-of-service (DDoS) attacks when it senses probes of its......
[more] Storm Trojan dupes users with Halloween jig The latest holiday-inspired spam by the botnet-building malware in progress The Storm Trojan is flooding e-mail in-boxes with a Halloween spam blitz, security companies said this morning. This is just the latest example of the bot-building malware's knack of capitalizing on current events to dupe people into infecting their PCs. The newest campaign arrives in messages with subject heads such as "Dancing Bones" and "The most amazing danci......
[more] Macs seized by porn Trojan Miscreants have released a sophisticated Trojan into the wild that targets Mac users, according to Intego, a company that markets security software that runs on OS X.The malicious Trojan, dubbed OSX.RSPlug.A, is making the rounds on several porn websites. When Mac users try to view some videos, the site feeds them a page that says QuickTime is unable to play the file unless a special codec is installed first. If the user proceeds, a form of DNSChanger is installed tha......
[more] Warning from GSS as first serious Apple Mac Trojan hits Apple Mac users are no longer immune to Trojan attacks, after a Texas-based Mac security firm, reported the first serious Trojan to affect the Apple Mac platform. Users may be forced to contact their IT suppliers to protect themselves.The Trojan targets a computer's DNS server and adds a malicious entry that intercepts and re-routes web requests to malware-ridden and/or porn sites. Preparing a defence against this malware will be difficult......
[more] Alicia Keys' MySpace page hacked, serves up attacks Multiple MySpace pages, including the official page of popular R&B singer Alicia Keys, have been hacked and are spewing both socially engineered attacks and behind-the-scenes drive-by exploits, a security researcher said late Thursday. Although it's unclear how the MySpace pages were originally compromised, they're now dangerous places to visit, said Roger Thompson, chief technology officer for Exploit Prevention Labs Inc. Among the attack......
[more] Trojan sends data to websites Disks produced by Seagate allegedly have a Trojan which sends a copy of all saved data to a website. Hard disks produced by Seagate allegedly have a Trojan, which sends a copy of everything saved to rogue websites.The drives are produced in Thailand by Seagate, but are branded as Maxtor Basics 500GB portable drives. Two files are present on the pre-formatted drives, which are causing the problem: autorun.inf and ghost.pif. It's believed these files were added to the......
[more] Times of India website cleaned of malware The website of a heavily trafficked Indian newspaper is clean of malware, just days after hackers launched a nearly impossible-to-detect cross-site scripting attack that infected users' machines with a variety of malware. The Times of India's website was hammered with a Web 2.0-style attack in which the malware writers compromised several pages with malicious scripts. The scripts pointed to a remote site containing IFRAMEs, which pointed to two other mal......
[more] Storm botnet sweeps thorugh Yahoo GeoCities The Storm Trojan is using Yahoo's GeoCities service as an attack vector to infect PCs, according to security researchers.Long-time clients of the Russian Business Network (RBN), a notorious hacker network that mysteriously vanished last week after moving from St Petersburg to Shanghai are involved, said Paul Ferguson, network architect at Trend Micro. Trend watched as bots controlled by Storm were seeded with new spam templates that included links to......
[more] Reports show October spam increase October was a scary month for IT administrators in charge of filtering spam, according to a pair of reports from messaging security firms. Research from St. Bernard Software showed a 33 percent hike in spam and virus activity compared to September. The San Diego-based company, citing its October Threat Center results, attributed the rise to the beginning of the school year and an increase in the victimization of college students' computers. The report also note......
[more] New Trojan scans for virtual machines A Trojan appeared at the weekend that uses MSN Messenger to grow a botnet, but more worryingly the malware also tries to scan for virtual machines in order to increase the botnet’s number of connections. In an eWeek.com article, the eSafe CSRT (Content Security Response Team) at security vendor Aladdin, warned that it had detected the new threat propagating around noon EST on Sunday. At 18:00 UTC (Coordinated Universal Time), eSafe had apparently detected......
[more] New emails address you by name, then try to hose your PC Beware of emails that mention you and your company by name and claim to be official communications from the US Department of Justice. They're phony and will attempt to install malware on your machine. The emails, which claim to reference a complaint recently filed by a business associate, invite the recipient to click on an attachment that contains a nasty Trojan, two separate security firms, MessageLabs and Websense, are reporting.The pra......
[more] Trojan spreads using PI wiretapping scare Miscreants are trying to convince email users that their telephone conversations are being recorded in a ruse designed to scare prospective marks into buying bogus security software. Emails promoting the campaign are laced with a new Trojan horse malware. The Dorf-AH Trojan horse appears as an attachment in emails claiming that the sender is a private detective listening into a recipient's phone calls. This "detective" claims he's prepared to s......
[more] Researcher releases proof-of-concept VoIP hack Potential Trojan listens and records on the network or at the ISP level An expert has released a proof-of-concept program to show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology. Called SIPtap, the software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need would be to inf......
[more] Subverted search sites lead to massive malware attack in progress Trojans, rootkits, password stealers hit users who click on a bad link after a search. A large-scale, coordinated campaign to steer users toward malware- spewing Web sites from Google and other Internet search engines is under way, security researchers said Tuesday. Users searching Google, Yahoo, Microsoft Live Search and other engines with any of hundreds of legitimate phrases -- from the technical "how to cisco router vpn......
[more] 20bn spam buckling inboxes Internet users in Britain get 20billion spam e-mails every day – double the amount of junk mail sent a year ago. Up to 120billion spam messages are sent daily worldwide - that's 20 for each person on the planet - and 49 out of 50 e-mails are junk. Next year, social networking websites such as Facebook and MySpace will become prime sources of personal data for spam gangs, a report claims today. '2007 marked a turning point for threats,' said Jason Steer of IronPort Sys......
[more] Revolutionary AV testing guidelines planned Consumers should have more accurate information with which to compare security software suites under a new set of software testing guidelines to be finalised early next year. Last week, security vendors and software testing organisations agreed during a conference in Seoul to form the Anti-Malware Testing Working Group, which will determine how best to conduct behavioural tests of security software, said Andreas Marx, who works for AV-Test.org, a Germ......
[more] Chinese Trojans steal data from organizations Finjan Inc. has recently conducted a study prompted by the increased volume of attacks coming from China. The study maps how users PCs are being infected by Trojans distributed from China that then steal data from organizations and details some of the sites that are involved in the process. Finjan's Malicious Code Research Center (MCRC) have detected malicious activity by groups that distribute their content using obfuscated code and a network of we......
[more] Glory hunter hacks MySpace pages of Timberlake, Hilary Duff Several celebrity MySpace.com sites were defaced Wednesday by someone hoping to impress a hacker crew, a security researcher said today, a motivation of yore that harks back to when hackers sought notoriety rather than credit card numbers. A hacker identified only as "Tesla" broke into the MySpace pages of model/singer Tila Tequila, singer Justin Timberlake and actress/singer Hilary Duff, said Chris Boyd, the director of malw......
[more] Malicious software: what 2008 has in store When malware writers targeted adverts on some of the web's most trusted sites, they gave a glimpse of the future of cybercrime Last month, scores of popular websites were hit with a nasty surprise. Visitors to sites run by The Economist, Major League Baseball and Canada.com, to name a few, were greeted by adverts pushing antivirus software. The software, of course, was a hoax. What customers were clicking on (and it was hard to avoid) was a type of Tro......
[more] Sophisticated Trojan loots business bank accounts A German hacker crew is looting commercial bank accounts in four countries using a custom-built Trojan put in place by expertly crafted and extremely focused phishing attacks, a security researcher said today. The malware's most distinguishing feature, said Don Jackson, a senior security researcher with SecureWorks Inc., is its ability to mimic the steps the human account owner would take to move money. A variant of the Prg Banking malware, the......
[more] Google 'powerless' to stop AdSense theft Google's AdSense earnings are threatened by a Trojan that replaces the search giant's paid-for adverts with its own, in order to hijack advertising revenue. Launched in 2005, Google AdSense allows third-party websites or publishers to generate revenue from Google's text advertisers.AdSense acts as a middleman between an advertiser and a publisher. By crawling the content of publishers' web pages, AdSense determines the relevance of a text ad to page cont......
[more] Hackers quickly move to exploit Bhutto assassination Within hours of yesterday's assassination of former Pakistani Prime Minister Benazir Bhutto, malware makers exploited the breaking news to dupe users into downloading attack code, security researchers said Friday. Searches for news about Bhutto's killing and the ensuing chaos in Pakistan listed sites pimping a bogus video coder/decoder (codec), said analysts at McAfee Inc., Symantec Corp. and WebSense Inc. For instance, WebSense found such a......
[more] 'Ransomware' extorts payment with phone call New "ransomware" that locks up a person's PC and demands $35 to return control to its user is on the prowl, a security researcher said this week. The extortionists tell victims of the Delf.ctk Trojan horse to dial a 900 number, said Alex Eckelberry, CEO of Sunbelt Software Distribution Inc., a Clearwater, Fla.-based security developer. That number can be traced to "passwordtwoenter.com," a payment processor also used by hardcore pornography......
[more] 'First' iPhone Trojan rolls into town Hackers have created Trojan horse malware targeted at Apple's much-hyped iPhone device. The package - more of a prank than a threat - poses as an "important system" upgrade supposedly needed prior to upgrading to version 1.1.3 of Apple's firmware. The "iPhone firmware 1.1.3 prep" seems to lack malicious purpose. Problems kick in when users try to uninstall the package.The bogus firmware reportedly affects components of other applications......
[more] New phishing wave claims payroll fraud to dupe victims A Romanian-based criminal group is behind a new trojan-laced, socially engineered email run that tries to trick recipients into believing their employer committed payroll reporting fraud, security researchers said today. The phishing messages pretend to originate from the National Payroll Reporting Consortium (NPRG), a nonprofit that provides payroll processing services to employers. Recipients are told that their employer has tried to cut......
[more] Trojan 2.0 era about to begin: Finjan Cyberattackers are on the verge of creating trojans that take advantage of social networking websites and Web 2.0 technologies, according to researchers at Finjan. Calling the new genre of malware "Trojan 2.0," the San Jose, Calif.-based company predicted that attackers will capitalize on end-users' trust of social networking sites -- and the legitimate web services they offer -- to launch corporate espionage, spam and phishing attacks this year.......
[more] Hacked MySpace page serves up fake Windows update There's now one more reason to be security-conscious while using MySpace.com: fake Microsoft updates. Using a hacked MySpace profile, online criminals are trying to trick victims into downloading a malicious Trojan Horse program by disguising it as a Microsoft update, according to researchers at security vendor McAfee. The attack is certainly not widespread -- McAfee has seen it used on only one MySpace profile -- but it does show how sites such......
[more] Ikea closes global spam hole The global furniture company Ikea has closed a serious security hole that for an unknown period of time gave hackers and phishers a free rein to exploit the company's mail server. The security gap made it possible for anyone to create a potent spam service, using the company's international mail server in Sweden as the sender. The reason is that the contact template on the company's home page was not adequately secured, making it possible to insert alternative e-......
[more] Unpatched PCs open to latest web hack A sophisticated hacking scheme seen early last year is affecting an increasing number of web servers, including one owned by a major online advertising company, Finjan Software has said. It appears that a single gang is behind the attacks, since the malicious software it spreads is storing login and password details on one server in Spain, said Yuval Ben-Itzhak. Finjan is trying to get the ISP to shut it down, he said. A web server of an online adverti......
[more] Online crime gangs embrace open source ethos Add the malware bazaar to the list of marketplaces being radically reshaped by the forces of globalization. That's the conclusion of Thomas Holt, a professor of criminal justice at the University of North Carolina at Charlotte, who says the marketplace for rootkits, Trojans and other software nasties increasingly transcends national boundaries. In many respects, malware creation mimics open source communities, in which legions of programmers spanning......
[more] Most malware comes from legit sites, says researcher The majority of Web sites serving up attack code are legitimate domains that have been hacked by criminals, a security researcher said in a report released today. It\'s the first time that legitimate sites outnumber the malicious ones hackers purposefully set up to spread malware. According to data compiled by Websense Inc., 51% of the sites it classified as malicious in the second half of 2007 had been compromised and then seeded with attack......
[more] Virus writers charged with copyright violation Japan has arrested its first suspected virus writers, but in a strange twist the three suspected creators and distributors of a strain of P2P malware have been charged with copyright violation, in an arrest that recalls Al Capone's prosecution for tax evasion. The trio were cuffed by cops in Kyoto on suspicion of involvement in a plot to infect users of the Winny P2P file-sharing network with a Trojan horse that displayed images of popular anim&eac......
[more] New Word attacks pose as news about Tibet New attacks using rigged Microsoft Word documents have been launched, a security company said today as it warned users to be leery of mail touting news about Tibet. Phony e-mails purporting to contain news about Tibet and its government in exile are making the rounds, according to Trend Micro Inc., which explained that the messages carry attachments that are malformed Word documents designed to exploit a vulnerability in parsing the popular word process......
[more] IM attacks get nastier Attacks on instant messaging systems continued to grow more sophisticated and dangerous in January, according to Akonix, a vendor of messaging security systems. The company tracked 14 new attacks on IM systems in January, finding that while the number was relatively low, the attacks are getting better at targeting users. IM attacks are a relatively recent phenomenon, but have grown drastically in number in recent months. In July Akonix said the number of threats over the......
[more] Police arrest seven for attack on Swedish bank computer A remotely controlled device designed to manipulate a bank computing system was sneaked into a bank office in Sweden and was poised to trigger a major theft until an alert bank employee pulled the plug after noticing his machine had been taken over, it emerged last week. Seven people have been arrested over the attempted theft, on suspicion of attempted fraud and conspiracy to commit fraud. The devise was found mounted under a desk in the......
[more] Sex beats romance, say security experts Romance is out and sex is in, according to security experts who said the Mega-Dik botnet has ousted the infamous Storm as the most prolific sender of spam. The Mega-D botnet, which offers discounted sexual enhancement pills to users, delivers a whopping 30 percent more spam than Storm, famous for delivering malicious Valentines cards. It is the largest botnet on record, according to security firm Marshal, and has exceeded Storm's highest spam output in Se......
[more] FBI warns of Valentine's Day 'Storm' The Valentine's Day campaign that the bot-building Storm Trojan horse has been running for weeks is running at such volume that even the FBI issued a warning yesterday. "With the holiday approaching, be on the lookout for spam e-mails spreading the Storm Worm malicious software," the FBI said in an alert posted to the home page of its Web site yesterday. "The Storm Worm virus has capitalized on various holidays in the last year by sending milli......
[more] Hackers spread malware with 'Hilary Clinton' spam Cybercriminals may have weighed risk and reward and figured that the first isn't worth the second if they try to exploit the 2008 U.S. presidential campaign, a security researcher at Symantec Corp. said today. At least for now. "We've now seen just two instances of spam using political candidates to spread malicious code," said Oliver Friedrichs, director of Symantec's security response team and a writer on electoral cybercrime. "I......
[more] Mozilla raises Firefox security bar Firefox 3.0's new anti-malware blocker, a tool that prevents some malicious pages from loading, is the browser upgrade's most important new security feature, Mozilla's head of engineering has said. Officially dubbed Malware Protection, the tool warns users when they steer Firefox to sites that are known to install viruses, spyware, Trojan horses and other malicious code. When a user tries to reach a site on the banned list, a large red warning appears in lieu......
[more] Scareware package planted in ITV.com ads Users visiting the website of UK broadcaster ITV risk exposure to a scareware package. Malware-laced banner ads that lead to download sites for the Cleanator scare package have also been served up on the Radio Times website. Radio Times confirmed that it removed the offending ad late Wednesday morning, following initial reports of the problem on Tuesday. The cleanliness or otherwise of the ITV website is unclear at the time of writing.Cleanator is a rogu......
[more] Localised malware adding to growing number of threats Virus writers are getting more sophisticated and are localising malware for specific markets claims a senior security researcher. For example, said Dave Marcus, security research and communications manager for McAfee Avert Labs, look at the taunting Trojan, which goes after users of the Winny file-sharing program (Winny creator Isamu Kaneko was convicted of abetting copyright violations in late 2006). Winny is file-sharing software that is i......
[more] Spammers crack Gmail Captcha Spammers, fresh from the success of cracking the Windows Live captcha used by Hotmail, have broken the equivalent system at Gmail. Internet security firm Websense reports that miscreants have created bots which are capable of signing up and creating random Gmail accounts for spamming purposes, defeating Captcha-based defences in the process. It reckons the same group of spammers are behind both attacks. Captcha (Completely Automated Public Turing test to tell Comput......
[more] Malware removes rival rootkits Miscreants have created a strain of malware capable of removing rootkits from compromised PCs, only to install almost undetectable backdoor code of its own. The Pandex Trojan stops previously installed rootkits from working by removing their hooks into system calls. Pandex then installs its own rootkit component, detected by Trend Micro as Pushu-AC. Rootkits are a type of malware that hide their presence on infected PCs, making them more dangerous than typical vir......
[more] Anti-virus scam aimed at unwary users PC users have been that a Trojan called MonaRonaDona is being used to sell fake anti-virus software, warned security company Kaspersky. Unlike most viruses and Trojans which try to go about their evil task as invisibly as possible, the MonaDonaRona Trojan displays a broadly visibly message in front of the victim, said Kaspersky Lab researcher Roel Schouwenberg. Claiming to be part of a human rights protest, the message says: "Welcome to MonaRonaDona. I......
[more] AOL acquires Bebo social network Time Warner's AOL internet division is buying the social networking site Bebo for $850m (£417m) in cash. Bebo is the third-biggest social networking site in the US, behind MySpace and Facebook. AOL says that Bebo has more than 40 million members worldwide who view an average of 78 pages per day each. The price-tag is tiny when compared with the valuations of similar websites. Microsoft bought 1.6% of Facebook last year for $240m. Online advertising News Corp bou......
[more] What firewalls do and don’t do Over the last few years, security threats to companies have grown and altered dramatically and so have the defences. Traditional firewalls, installed over three years ago, are often not best suited for current threats and don't protect against a number of newer threats. What firewalls doA firewall is a system designed to prevent unauthorised access to or from a private computer network. Firewalls are frequently used to prevent unauthorised Internet users from acce......
[more] Euro 2008 sales site in drive-by download attack Hackers have successfully planted malware on a website selling tickets for the upcoming Euro 2008 Championships. The site of European ticket re-sale firm euroticketshop.com was infected by Trojan horse malware in a bid to infect soccer-loving surfers with insecure PCs. This drive-by malware style of attack is growing increasingly popular. Visitors attempting to purchase tickets through the site were exposed to a malicious script which is embedded......
[more] Vista security is annoying by design If you're running Windows Vista, you're familiar with UAC (User Access Control). It's the security subsystem that pops up those irritating dialog boxes asking whether you really want to install software, modify system files, or write to the Registry. UAC may be Vista's most-hated feature, but as it turns out, it may also be its best-designed. As reported by Ars Technica, UAC was created with a very specific purpose in mind: to annoy you. Ars picked up this t......
[more] China worries hackers will strike during Beijing Olympics While CNN recently faced distributed denial-of-service attacks from Chinese hackers angry about the cable television network's coverage of a recent Chinese crackdown in Tibet, Chinese security officials remain worried hackers will strike while the Olympic Games are being held in Beijing. "Based on historical experience, many hackers seeking to make a name for themselves view the Olympic Games as a challenge and a target, and the Bei......
[more] New attacks break 500,000 websites More than half a million websites have been compromised in a new round of attacks that hacked domains in order to infect unsuspecting users' PCs with a variety of malware, a security researcher said today. "This is an on-going campaign, with new domains [hosting the malware] popping up even this morning," said Paul Ferguson , a network architect with anti-virus vendor Trend Micro . "The domains are changing constantly." According to Ferguso......
[more] Phishing botnet expands by hacking legit sites A botnet is now using a SQL injection attack tool designed to hack legitimate Web sites, a move meant to add more hijacked PCs to its collection, according to a security researcher. The Asprox botnet, which specializes in sending phishing spam, is pushing an update to the infected PCs it controls, Joe Stewart, the director of malware research at Atlanta-based SecureWorks Inc., said today. The update is an executable file -- "msscntr32.exe"......
[more] Enterprises, Prepare for iTunes In his keynote address at the Worldwide Developers Conference in San Francisco today, June 9, Apple CEO Steve Jobs confirmed many of the rumors surrounding the next-generation iPhone. While we already knew about the software features of the iPhone 2.0 software (the SDK, App Store, Exchange ActiveSync and Cisco VPN client) from his announcements in March, this time Jobs confirmed that the new hardware will have a 3G radio, integrated GPS and a much more attractive......
[more] New DNSChanger Trojan variant targets routers Secure Computing researchers have discovered a new variant of the DNSChanger Trojan in the wild that attacks routers, meaning any Web surfing computer on that network could be at risk of being redirected to a malicious Web site. The DNSChanger Trojan changes the DNS settings to point to a host Web site address supplied by the attackers, Sven Krasser, director of data mining research at Secure Computing, said in an interview with CNET News.com on Tu......
[more] Instant trojan to worm toolkit sighted Miscreants have created a point-and-click toolkit designed to make it easier to both create and distribute Trojans. The Trojan2Worm (T2W) toolkit turns any executable file into a worm with auto-spreading capabilities. As such it provides the ability for Trojan infection agents to acquire worm-like spreading abilities. The tool requires minimal skills to use, net security firm Panda Security reports. Features include the ability to compress infectious files......
[more] New Storm Worm Capitalizes on Earthquake in China, Upcoming Olympics Websense announced that the Websense Security Labs ThreatSeeker technology has discovered a new Storm Worm social-engineering tactic, capitalizing on the recent global attention around the recent natural disaster in China and the upcoming Olympics, also to be held in China. These malicious sites speculate that the upcoming Olympics in Beijing would be "under the threat of failure" because of the recent earthquake in......
[more] Trojan lurks, waiting to steal admin passwords Writers of a password-stealing Trojan horse program have found that a little patience can lead to a lot of infections. They have managed to infect hundreds of thousands of computers, including more than 14,000 within one unnamed global hotel chain, by waiting for system administrators to log onto infected PCs and then using a Microsoft administration tool to spread their malicious software throughout the network. The criminals behind the Coreflood......
[more] Trojan trawls recruitment sites in ID harvesting scam Hackers have turned the harvesting of personal information from Monster.com and other large US jobsites into a lucrative black market business. A Russian gang called Phreak has created an online tool that extracts personal details from CVs posted onto sites including Monster.com, AOL Jobs, Ajcjobs.com, Careerbuilder.com, Careermag.com, Computerjobs.com, Hotjobs.com, Jobcontrolcenter.com, Jobvertise.com and Militaryhire.com. As a result the p......
[more] New Trojan in the wild targeting multimedia files Secure Computing is warning of a new Trojan in the wild that is infecting multi-media files on a victim’s hard disk. The initial infection happens from a pirate software site better known as a Warez site, where users go looking for an illegal crack or serial key to run copy-protected software. According to Secure Computing’s security advisory, when trying to play back the infected files, the user is fooled into believing a codec is needed......
[more] Small Business A Big Target For Cyber Attacks Once upon a time, most small-to-midsize businesses enjoyed a relatively secure status, free from malicious cyber threats. Not so anymore, experts say. "It used to be that SMBs were not a target just because of how small they were," said Andy Klein, senior product marketing manager, e-mail security division for SonicWall Inc., Sunnyvale, Calif. "So they could put up a Web server and no one would ever see it. But that's changed. Two, t......
[more] Stolen bank data gets cheaper on Web Prices charged by cybercriminals selling hacked bank and credit card details have fallen sharply as the volume of data on offer has soared, forcing them to look elsewhere to boost profit margins, a new report says. Researchers for Finjan, a Web security firm, said the high volumes traded had led to bank and credit card information becoming "commoditised" - account details with PIN codes that once fetched $100 or more each might now go for $10 or $2......
[more] Trend Micro's TrendLabs Identify Malicious Files Spreading in the run up to the Beijing Olympics 2008 Trend Micro's TrendLabs have confirmed that malicious .DOC files have been spreading in the lead-up to the Beijing Olympics next month. According to Trend Micro's official Trend Labs Malware blog, malware authors are busy mounting attacks that play on the sporting event. Reports have surfaced about a zero-day MS Word vulnerability affecting Microsoft Word 2000, 2002, and 2003 which is said to a......
[more] Banking Trojan hides in fake Alonso F1 crash story Fabricated news of a supposed car accident involving Formula One star Fernando Alonso is being used to distribute a new banking Trojan. The fake news story, supposedly from Spanish daily El Pais, has two-time motor racing champion seriously injured on Tuesday in an accident in the norther city of Bilbao. The bogus story, distributed via spam emails, links to a video clip depicting what appears to be a spectacular blaze. The clip installs malware......
[more] Exploit reveals the darker side of automatic updates A recent study of Web browser installations showed that far too few are up to date with the latest security patches. And browsers aren't alone; as my dear old mum can attest, it can be hard to keep up with operating system and application patches when all you want to do is use your computer for work. It should come as no surprise that many PCs are vulnerable to security exploits that could otherwise be prevented. Firefox got top marks in the......
[more] New SQL attacks emerge Security researchers are warning of a new round of SQL attacks being reported. Researchers at F-Secure are reporting an outbreak of attacks that mainly target Chinese sites. Attackers have been using SQL vulnerabilities to inject malicious code into individual web pages. The code then redirects the user to an attack page, which attempts to exploit a number of vulnerabilities on the user's system and install malware. If the attack is successful, the user is infected with a......
[more] Facebook quashes malware attack Facebook has blocked links between its social networking site and malware-infested websites to where malicious hackers have been trying to lure Facebook members. "We've identified and blocked the ability to link to the malicious websites from anywhere on Facebook. Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware," wrote Max Kelly, Facebook's head of security, in a blog post early Fri......
[more] Hackers spoof MSNBC alerts in new twist on massive malware ruse Hackers trying to plant malware on PCs have switched from touting news supposedly from CNN in come-on messages to pushing breaking stories said to be from rival network MSNBC, security experts said today. The fake messages pose with subject headings that include the phrase "Breaking News," along with phony headlines, such as "Jerry Yang relinquishes control over Yahoo," "Mary-Kate Olsen responsible for Heat......
[more] Olympians Connect with Fans through Blogs In a move that advocates say will bring Olympic athletes closer to fans, a Raleigh, North Carolina-based PC company is reporting the rapid spread of on-site blogging by competitors in the Beijing games. Officials at Lenovo reportedly say that more than 100 athletes are participating in their “Voices of the Olympic Games” blogging program, generating 1,374 athlete postings on the forum and reaching more than 8.5 million fans through third-par......
[more] Best Western falls victim to major hack The Best Western hotel chain has reportedly suffered what is being claimed as the world's largest cybercrime, the identity theft of eight million customers. A Scottish newspaper, the Sunday Herald, reported late last week that hackers placed a trojan on the hotel chain's European reservation system, capturing a clerk's password to gain entry to the group's online booking system.The intruders then reportedly sold details of how to gain access to the system......
[more] Best Western plays down impact of hack attack 8 million records? Huh, more like 10 A report in the Scotland's Glasgow Sunday Herald claims that the hotel chain has been turned over by a hacker who lifted eight million customer records. It reports that the Indian hacker who carried out the heist sold on the information to Russian cybercriminals. Data allegedly stolen included addresses, telephone numbers and credit card details.The attack was pulled off using a Trojan horse to infect a PC with ac......
[more] Hackers resort to 'sick' kidnap spam E-mails asking for $50,000 ransom contain an attachment supposed to be photograph of kidnapped child but is actually a Trojan horse Hackers are claiming they have kidnapped children in a bid to infect PCs with a Trojan Horse virus, says Sophos.The security firm is warning users that e-mails entitled "We have hijacked your baby" are being sent to Web users around the globe. As well as asking for a $50,000 ransom for the "release" of the ch......
[more] FedEx managed security threat spotted A managed security threat using the name of FedEx to deceive internet users into downloading dangerous malware has been identified.The spam wave has been recognised by IT security firm BitDefender, which claims the malware is engineered to steal sensitive e-banking data.According to the company, an email message claims FedEx was not able to deliver a postal package sent one month ago and asks users to download and print an attached invoice containing a ZBot......
[more] Warning over Obama sex scandal spam Web monitoring firms are warning IT administrators to update their spam filters after a massive new spamming campaign was detected. Emails are filling up with spam claiming to have a link to a web site that carries video footage of a sexual scandal committed by presidential candidate Barack Obama. It alleges to show footage of him having sex with Ukrainians after a visit to the country last year. “Users who click the link are shown a pornographic video......
[more] Secure Computing Highlights Three Major Spam Campigns Secure Computing Corporation has released its monthly report on spam for September 2008 that highlights the spam trends along with three dominant spam surge during August 2008.According to the company, of the three spam outbreaks, CNN/MSNBC News spam was most dominant. Recently, the new spam tactic employed to dupe users into downloading a fake flash player has attracted a great deal of attention. This attack included sending of e-mail messa......
[more] Facebook Malware Campaign Targets New 'Friends' Security researchers discovered a new malicious social-engineering spam campaign Monday designed to lure victims and distribute malware by impersonating the Web 2.0 social networking site Facebook. Capitalizing on the popular social networking site, attackers spoofed the domain facebookmail.com, the official domain used by Facebook for outbound e-mails when alerting users about an upcoming event. Initially, the attack is implemented as a message t......
[more] Computer users overeager to click popup 'OKs' Web surfers have a standard reaction to error messages that pop up in their Web browsers, according to new research published this week: They click "OK" and hope it will disappear. Psychologists at North Carolina State University found that computer users have a hard time distinguishing between fake Windows warning messages and the real thing. In an experiment that tested the responses of 42 Web-browsing university students, they found that almost......
[more] New version of SilentBanker Trojan causes concern Warnings have been made about an improvement to the SilentBanker Trojan. According to Symantec researcher Liam O'Murchu, it has been improved to the extent that it is harder to detect and more effective at stealing data. Originally identified last year, the new version has a rootkit that makes finding infected files very difficult. The rootkit ensures that when a user tries to search in the registry for files that indicate an infection, it......
[more] Criminal profit-driven attacks are presenting increased threats for businesses and government According to the Information Security Forum (ISF), targeted and organised, profit-driven attacks are replacing random individual hacker attacks and presenting increased threats for businesses and government. This new breed of attack, designed to steal valuable and sensitive information or customer data for major financial gain is being orchestrated by criminal networks that bring together specialist ski......
[more] Websense detects new 'Better Business Bureau' spam campaign Websense has detected a new round of ‘Better Business Bureau' spam emails. The Websense Security Labs ThreatSeeker Network has identified the spam which uses social engineering tactics to entice readers to follow a link in the message in order to ‘register new software and update contact information'. It claimed that tens of thousands of messages had been sent, and from appearance, looks like it has been sent by the same phishers who t......
[more] Security firms report new statistics on spam Two security firms have revealed that spam attacks have increased in the last quarter. Secure Computing revealed in its Q3 2008 Internet Threat Report that malware which targets users of social networking sites had become the main source of spam. It also highlighted the rise in panic-inducing ‘bank failure spam' intending to capitalize on the current financial crisis. ‘Scareware' programs also spread rapidly, while election-related spam s......
[more] Web security firm warns of obfuscated code A recent compromise at a corporation led to a significant amount of data being stolen, underscoring that traditional software defenses are hard pressed to catch obfuscated attacks, security firm Finjan said in its monthly analysis of Internet threats. In the report, dubbed the Malicious Page of the Month, the company claims that a desktop PC at an unnamed firm had been infected with a data-stealing Trojan horse. The attack succeeded because the firms......
[more] A significant amount of attacks on computers stem from various script downloaders 35,103 different malicious and potentially unwanted programs were detected on users’ computers by the Kaspersky Security Network (KSN) during September 2008. This represents an increase of 6,163 on August 2008 statistics and two consecutive months of growth. In Kaspersky Lab’s top twenty ranking of malicious programs detected on its users’ computers during September 2008 the KSN recorded a change at th......
[more] IBM claims safer banking with 'security on a stick' IBM has developed a device for online banking so customers plugging into any computer can protect transactions and find out if Trojan malware is trying to steal funds. Created in IBM's Zurich Research Lab, the "security on a stick" is still a prototype and being tested in a few trials in Europe, says Michael Baentsch, a senior researcher there. IBM officially calls it the "Zone Trusted Information Channel" because the little USB-base......
[more] 1 Trojan + 3 years = 500,000 online financial accounts RSA FraudAction Research Lab has discovered log-in information for about 300,000 online bank accounts and 250,000 credit and debit card accounts that have been gathered by a cybercrime gang over the past three years using the Sinowal Trojan. "This may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters," according to a blog entry posted Friday from RSA, EMC's security unit. The Sinowal Trojan......
[more] Finjan reveals how corporate data is stolen and stored by Cybercriminals Finjan today announced that its Malicious Code Research Center (MCRC) has documented step-by-step how corporate data is being stolen and stored on remote servers owned by criminals. In its October 2008 Malicious Page of the Month report, Finjan describes how a corporate user, while browsing the web for his regular business needs, got infected with a Trojan. The individual who worked for a large media company was just brow......
[more] Worm Exploiting Microsoft Windows Server Spotted A worm designed to exploit the recently patched vulnerability covered in Microsoft Security Bulletin MS08-067 has been detected, US-CERT, the government's cybersecurity organization, warned Monday. Just over a week ago, Microsoft issued MS08-067 as an out-of-band patch to fix a critical flaw that could allow a remote attacker to take over Windows computers without any user interaction. The flaw has to do with the way the Microsoft Windows server......
[more] Hackers leverage Obama win for massive malware campaign Hackers have seized on the results of the U.S. presidential election to launch a major malware campaign that tries to trick users into installing an update to Adobe Systems Inc.'s Flash, but actually plants a Trojan horse on unprotected PCs, security experts warned today. The malware blitz stems from spam messages touting Sen. Barack Obama's victory last night, and offers up a link to what is supposedly a site sporting election results. W......
[more] Flawed AVG antivirus update cripples Windows XP PCs A flawed signature update to AVG Technologies ' antivirus software over the weekend crippled some Windows XP PCs by mistakenly deleting a critical system file, the company has confirmed. According to messages on AVG's support forums and its own support site, an update released late Saturday for the company's security software fingered the "user32.dll" file as a Trojan horse. As per the program's settings, the AVG software, including......
[more] Spam drop could boost Trojan attacks The dramatic fall in spam traffic reported last week after alleged rogue ISP McColo Corp. was taken offline will only be a temporary reprieve and could actually generate a new wave of Trojans, experts have warned. ISPs disagree on the global percentage drop in spam caused by the shuttering of San Jose-based McColo last Tuesday, with estimates given by those contacted by Techworld ranging from 50% to 80%. But even the lower figure is still an unprecedented fa......
[more] Finjan offers free malware detection audit to halt Crimeware Trojan Finjan has announced it is offering qualified organisations a free malware detection audit to halt Crimeware Trojan’s and other malware attacks on enterprises. Finjan's free trial offer comes after security vendor RSA has estimated the Sinowal Trojan has taken the details of 270,000 online bank accounts and 240,000 payment cards from financial institutions in a number of countries, including the US, UK, Australia and Poland. &q......
[more] Christmas malware comes early Desperate high-street shops aren't the only ones cashing in on Christmas before December's even arrived - malware writers are taking full advantage too. Websense Labs claims to have detected the first piece of seasonal malware. The campaign masquerades as an electronic Christmas greetings card from postcards.org. The email shows an animated Christmas scene, but links through to a file called postcard.exe that leads to a Trojan backdoor that's been used in previous......
[more] Firefox users targeted by rare piece of malware Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users. The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started. The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barcl......
[more] New trojan in mass DNS hijack Researchers have identified a new trojan that can tamper with a wide array of devices on a local network, an exploit that sends them to impostor websites even if they are hardened machines that are fully patched or run non-Windows operating systems. The malware is a new variant of the DNSChanger, a trojan that has long been known to change the domain name system settings of PCs and Macs alike. According to researchers with anti-virus provider McAfee's Avert Labs, t......
[more] Vulnerabilities play only a minor role in malware spread, says researcher Computer users are their own worst enemies, a security company warned today, as it released data that shows software bugs were the source of just 5% of the past year's infections. The majority of the attacks carried out by 2008's top 100 pieces of malware were caused by users surfing to malicious sites and then accepting some kind of download, Trend Micro Inc. researchers said today. From Jan. 1 to Nov. 25, the top 100 a......
[more] Update: Chinese team mistakenly released unpatched IE7 exploit Chinese security researchers mistakenly released the code needed to hack a PC by exploiting an unpatched vulnerability in Microsoft's Internet Explorer 7 browser, potentially putting millions of computer users at risk -- but it appears some hackers already knew how to exploit the flaw. At one point, the code was traded for as much as US$15,000 on the underground criminal markets, according to iDefense, the computer security branch o......
[more] How to use public Wi-Fi safely Sandwich chain Pret A Manger became the latest venue to announce free wireless internet access this week. But while public 'hotspots' are growing in number, free bandwidth comes with an element of risk, warns security specialist David Hobson. Once you are associated to an access point, you are on the same network as others connected to the same access point, in the same way as plugging into the same network segment. A simple network discovery will show who else is......
[more] Microsoft kicks fake security software off 400,000 PCs In the second month of a campaign against fake security software, Microsoft Corp. has booted the rogue application "Antivirus 2009" from almost 400,000 PCs, the company recently claimed. December's version of the Malicious Software Removal Tool (MSRT), a free utility that Microsoft pushes to Windows users as part of Patch Tuesday, targeted one of the most popular phony security app, Antivirus 2009. According to Microsoft, the MSRT erased......
[more] Fake Christmas, holiday greetings spread new malware New malware is spreading via Christmas and holiday greetings, security researchers said today, a tactic reminiscent of those used last season by the notorious Storm Trojan horse. Researchers at the Bach Khoa Internetwork Security Center in Hanoi, Vietnam, reported today that a new piece of malware, dubbed "XmasStorm" by the center, is spreading through holiday-themed spam. Touting subject lines such as "Merry Xmas!" and "Merry......
[more] Spam poses as CNN story about Israel-Hamas conflict Cybercriminals are leveraging the Israel-Hamas conflict in Gaza to dupe users into visiting malware-laden websites through spam claiming to be from CNN. Upon visiting one of the scam websites, users are directed to update Adobe Flash Player to view a video about the two-week-old war – but the download is actually a trojan “SSL stealer” that seeks to capture financial and personal information, according to a blog post by the RSA FraudAction Rese......
[more] Paris Hilton's Web site used in Web attack Paris Hilton's Web site has been hacked and is serving visitors a malicious Trojan program designed to steal sensitive information from their computers. The hack was discovered by security vendor ScanSafe, which said that Parishilton.com (Note: This site is not safe to visit as of press time) had apparently been compromised since Friday. Visitors to the site are presented with a pop-up window urging them to download software in order to enhance their v......
[more] Do not skimp on your IT security framework even in a recession “When the economic tide goes out, you see who’s been swimming without any clothes on.” This famous dictum (from the pen of the world's richest man Warren Buffet) sums up in a nutshell the argument why organisations need to increase the effectiveness of their information risk management activity as early in an economic downturn as they can. Those organisations concentrating on a search for cost cuts in their risk and business continui......
[more] Malware purposely not infecting machines in certain countries Malware authors are adopting a new technique to avoid getting caught. Recently, two malware families -- Swizzor and Conficker -- stopped infecting machines in countries out of which the authors were operating, so not to attract law enforcement, Pierre-Marc Bureau, senior researcher at ESET, told SCMagazineUS.com on Friday. If a cybercriminals targets users outside of their country, it's harder for authorities to respond, he said. The......
[more] Malware epidemic demands a united front Cybercriminals are a busy bunch these days: stealing identities by the millions, grabbing credit and debit card account numbers, and waging a myriad other attacks on unwitting users, businesses and vulnerable websites. Their weapon of choice is the malware injection. Today, a page is infected every five seconds, triple the infection rate in 2007. Among the most vulnerable -- and the most lucrative for cybercriminals due to their enormous reach -- are trus......
[more] Monster.com reports theft of user data Monster.com is advising its users to change their passwords after data including e-mail addresses, names and phone numbers were stolen from its database. The break-in comes just as the swelling ranks of the unemployed are turning to sites like Monster.com to look for work. The company disclosed on its Web site that it recently learned its database had been illegally accessed. Monster.com user IDs and passwords were stolen, along with names, e-mail addresse......
[more] Amazon cloud could be security hole Cloud services are now vulnerable to malicious use, a security company has suggested, after a techie worked out how Amazon's EC2 service could be used as a BitTorrent file harvester and host. Amazon's Elastic Compute Cloud (EC2) is a web service software developers can use to access computing, compilation and software trialling power on a dynamic basis, without having to install the resources locally. Now a developer, Brett O'Connor, has come up with a s......
[more] Bot software peers at victims' screens Bot masters are now watching their prey more intently. While malicious programs typically monitor what the victims does on their computer, a bot program, known as Ozdok, snaps screenshots of what's on its host's screen and sends it back to a server on the Internet, security firm SecureWorks stated in a research note last week. SecureWorks' researchers gained access to a command-and-control server for Ozdok, also known as Mega-D, and culled between 1,000 a......
[more] Malicious program for mobile phones with Symbian operating system steals money from mobile accounts Apart from in Russia, which has seen a number of documented cases in the past, the rest of the world has largely managed to avoid the threat of mobile phone-based malware. Whilst mobile phone users haven’t traditionally been a primary target for cybercriminals, recent appearances of malicious programs such as Trojans, viruses and spam on mobile devices have raised fears that this kind of criminal......
[more] President Obama's website serving malware US President Barack Obama ran a successful Web 2.0 campaign last year. Now, as leader, he's got to deal with a very Web 2.0 problem: hackers abusing the social-networking features of his website. Hackers have registered bogus accounts on Obama's online community, my.barackobama.com, where they are posting images designed to set off a chain of events that lead to malicious Trojan horse programs. These programs are stepping stones used by hackers to downl......
[more] Parking ticket leads to a virus Hackers have discovered a new way of duping users onto fraudulent websites: fake parking tickets. Cars in the US had traffic violation tickets placed on the windscreen, which then directed users to a website. The website claimed to have photos of the alleged parking violation, but then tricks users into downloading a virus. Anti-virus firm McAfee says the Vundo Trojan then gets users to install a fake anti-virus scanner. Vehicles in Grand Forks, North Dakota were......
[more] Global financial crisis brings rise in 'bargain' spam Messages promising cash-savings and discounts are becoming an increasingly popular tool for spammers, according to McAfee. Researcher Micha Pekrul said that the company's Avert Labs had received reports of a new malware attack which uses the lure of coupons to infect users with a piece of trojan software. The spam comes in the form of a short message which contains a hyperlink claiming to offer coupon bundles. Upon clicking the link, the use......
[more] Attackers exploit unpatched Excel vulnerability For the second time in the past five days, security researchers are warning that hackers are exploiting a critical unpatched vulnerability in widely-used software. Attackers are exploiting a "zero-day," or unfixed, flaw in Microsoft Corp.'s popular Excel spreadsheet, using the bug to hijack select systems in Asia, many of them in government offices and high-profile corporations, said Vincent Weafer, vice president of Symantec Corp.'s security respo......
[more] Experts sound scam threat warning Experts are warning of an increase in the number of fake anti-virus websites. Hackers are tricking people with a false warning, saying that the computer is infected with a Trojan and getting users to buy a fake anti-virus product. A number of sites were closed last year when authorities in the US took action to stop sellers of "scareware". But despite the closures, the number of sites continues to grow, with one expert saying it was "the biggest......
[more] Juniper offers multi-vendor threat management Juniper is set to launch software to allows security products from competing vendors to share and analyse log information in order to determine the root cause of network problems and fix them. Called Adaptive Threat Management, the data-sharing software includes upgrades to its SSL VPN and Unified Access Control devices that enable them to publish log information to a UAC server that shares the data with other platforms. The interface between the SS......
[more] Gartner reveals key predictions for Identity and Access Management IAM Speaking ahead of the Gartner Identity & Access Management Summit 2009 in London, analysts have identified forward-looking assumptions around smart-card authentication, identity-aware networks, hosted IAM and out-of-band (OOB) authentication. Gartner has revealed its key predictions for identity & access management (IAM) between 2009 and 2011. “There is a continuing need in this time of economic uncertainty and budgeta......
[more] New Waledac spam falsely warns of bomb blasts Normally capitalizing on current events and holidays to spread its seed, the Waledac trojan now has turned to the message of fear. Security companies warned Monday of a new malware campaign in which the Waledac botnet creators are distributing emails that falsely claim the recipient's city has been the site of a bomb blast. The emails contain a link that leads to a malicious -- but real looking -- site, complete with the logo for news agency Reuters......
[more] ATM malware appears, Diebold issues security update Diebold, which has fielded recent criticism over the reported insecurity of its voting machines, is now fighting off news that its ATMs also can be compromised. Security firm Sophos reported this week that it received three samples of a trojan that was customised to run on Diebold-manufactured cash machines in Russia, said Graham Cluley, Sophos' senior security consultant. The malware was able to read card numbers and PINs -- then when the att......
[more] New ransomware holds Windows files hostage, demands $50 Cybercrooks have hit on a new twist to their aggressive marketing of fake security software, and are duping users into downloading a file utility that holds users' data for ransom, security researchers warned today. While so-called "scareware" has plagued computer users for months, those campaigns have relied on phony antivirus products that pretend to trap malware, but actually only exist to pester people into ponying up as much......
[more] Conficker: So what's the moral of the story? 1 April has come and gone and in the minds of many people the Conficker worm turned out to be a joke instead of the major internet security event that might have been envisioned. Was the hype good, or bad, and who is to blame? "I'm not sure what to think," said Bruce Schneier, chief security technology officer at BT. "In a sense, the whole Conficker thing just puts a name on a general problem." The problem is that there ar......
[more] Rogue security apps worry Microsoft mos Microsoft released its sixth Security Intelligence Report on Wednesday, finding that customers are increasingly being plagued by rogue security software and that researchers continue to focus on finding flaws in third-party applications. According to the report, which covers the second half of 2008, the top threat was a trojan downloader, known as Renos, which acts a delivery mechanism for rogue security software. Also known as "scareware," rogu......
[more] Mac malware turns into botnet A rash of malware for MacOS X systems is now being used to run a botnet, according to researchers. First spotted in January, the trojan had been bundled into copies of pirated MacOS software. At the time of discovery, researchers noted that the malware payload included tools which could allow an attacker to remotely take control of an infected system. Now, it appears as if those components are being put to use. In a recent article, Symantec researchers Mario Barcen......
[more] Researchers Warn of Nasty Trojan Just as we're finally being allowed to stop saying the C word (no, don't make me say it!) experts are warning of a powerful new Trojan attack that could make some waves of its own, based on its ability to spread like a traditional virus and embed itself deeply into end users' machines. In a blog post authored by longtime security guru Paul Henry, of Lumension, the expert contends that the emerging attack, identified as a variant of the Virut.CF Trojan by Symante......
[more] Windows 7 inherently insecure says researcher Windows 7 continues a long-running Microsoft practice of putting users at risk, according to a security researcher. The new operating system's Windows Explorer file manager still misleads users about the true extension of a file, said Patrik Runald, chief research advisor at Helsinki-based F-Secure. Rather than reveal the full extension for a filename, Windows Explorer hides the extension for known file types, giving hackers a way to disguise malware......
[more] New Windows netbooks may harbor malware After discovering attack code on a brand new Windows XP netbook, antivirus vendor Kaspersky Labs warned users yesterday that they should scan virgin systems for malware before connecting them to the Internet. When Kaspersky developers installed their recently-released Security for Ultra Portables on an M&A Companion Touch netbook purchased for testing, "they thought something strange was going on," said Roel Schouwenberg, a senior antivirus......
[more] FaceTime finds employee Web 2.0 usage in corporate networks up to 10 times more than IT managers' estimates Actual network data from FaceTime Communications reveals that employee use of Web 2.0 applications such as instant messaging, IPTV, VOIP and social networking on corporate networks exceeds IT estimates by up to 10 times. FaceTime also today announced version 2.0 of its Unified Security Gateway (USG), a secure Web gateway purpose-built for the new Internet to provide a single point of cont......
[more] Coping with the malware deluge The struggle between computer security firms and hi-tech criminals has often been likened to an arms race. By Mark Ward Technology Correspondent, BBC News website Any improvement in the way computers spot malicious software is matched by a change in tactics by the criminals that undermines that better protection. One particular tactic that has proved successful for the criminals is the pumping out of ever more copies and variants of their malware. The numbers of ma......
[more] Up to 40,000 web sites hit in mass hacking attack Security vendors cooperating to limit the damage threat poses Up to 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense. The affected sites have been hacked to host JavaScript code that directs people to a fake Google Analytics Web site, which provides data for Web site owners on a site's usage, then to another bad site, said Ca......
[more] Insurance giant coughs to malware-related data breach This is not business as usual The US arm of insurance giant Aviva has blamed a computer virus infection for the potential disclosure of sensitive personal information.Aviva (Norwich Union, before a recent rebranding) admitted the breach in a letter to the Attorney General of New Hampshire, one of several states that maintain strict information security breach disclosure laws.Data potentially leaked included names, addresses and social securit......
[more] Spam drops after latest ISP closure The US Federal Trade Commission's recent takedown of an Internet service provider thought to be a safe haven for spammers has reduced spam volumes, but only by a little. According to email security vendor Marshal8e6, total spam volume dropped by about 15 percent last week, as the FTC got a court order to pull the plug on a notorious ISP named Pricewert. "We noticed quite a drop-off mid to late last week," said Phil Hay, a threat analyst with Marshal......
[more] Air France crash prompts spam, malware outbreak As expected, spammers and malware writers are trying to cash in on the Air France disaster. Spammers have begun falsely promising news on the Air France crash as a way of tricking recipients into opening messages promoting Canadian pharmacy products. Junk mailers this week began pushing a new campaign that included subject headings such as "Last seconds of plane" or "A-330 blackbox record" as a means of enticing users into open......
[more] Nine Ball attack strikes 40,000 Web sites More than 40,000 Web sites have been hit by a mass-compromise attack dubbed Nine Ball that injects malware into pages and redirects victims to a site that will then try to download Trojans and keylogger code, Websense said today. According to Websense, which has tracked Nine Ball for a week and a half, the compromised Web site, loaded with malware, will first try to identify a Web visitor by IP address to discover if it’s a repeat visitor. To e......
[more] Fake Microsoft "critical update" spam propagating trojan A new outbreak of spam claims to be a critical update for Microsoft Outlook, but the message really aims to infect users with the information-stealing trojan ZBot, security firm Trend Micro warned this week. First detected on Friday, the message reads: “This update is critical and provides you with the latest version of Microsoft Outlook/Outlook Express and offers the highest levels of stability and security.” The email instru......
[more] Twitter Malware Attack Targets Both Mac and PC Why hit one OS with malware when you can hit two? That is the question. The situation is this: The Twitter account of well-known venture capitalist Guy Kawasaki was hacked and used to send out tweets luring users to a site hosting malware. According to Trend Micro, the malware changes the DNS settings of Windows and Mac machines. If Mac users attempt to view the promised pornographic video on the site, they will download a malicious file. "Fo......
[more] FTP login credentials at major corporations breached A trojan has reportedly been uncovered that is harvesting FTP login data of major corporations, including the Bank of America, BBC, Amazon, Cisco, Monster.com, Symantec and McAfee. According to a report in The Register, Jacques Erasmus, CTO at UK-based Prevx, discovered a site where a trojan is uploading FTP login credentials from more than 68,000 websites. Once an individual's PC is infected with the trojan, that user's stored FTP login cred......
[more] Michael Jackson's death exploited by cybercriminals Always quick to capitalize on major headlines, spammers have begun sending out messages related to the deaths of Michael Jackson and Farrah Fawcett, security researchers said. Jackson's death is being exploited by cybercriminals hoping to infect users with a trojan or to trick curious spam recipients into unwittingly revealing their personal information. Shortly after Jackson's death was confirmed, the SANS Internet Storm Center predicted that......
[more] Trojans are fastest-growing data-stealing malware Most of the rise in cybercrime can be linked to data-stealing malware, and trojans are the fastest growing category, according to a report released by Trend Micro. For example, in 2007, 52 per cent of data-stealing malware were trojans. In 2008, that number increased to 87 per cent, according to the report, entitled Focus Report: Data Stealing Malware. As of the first quarter of 2009, 93 per cent of data-stealing malware were trojans.In addition......
[more] PCs hit by Michael Jackson malware It didn't take long. Security researchers are reporting that hackers have begun to use the death of pop star Michael Jackson to infect people's PCs, just as they predicted. Starting late last week and continuing today, messages posing as breaking news alerts from the likes of CNN and the Los Angeles Times have been reaching users' mailboxes, said several security companies, including Sophos, Symantec and Trend Micro. Some of the messages, which have appeared o......
[more] Chinese security company shares huge malware database A Chinese company that has created a massive database of malware found on Chinese Web sites opened up the information to other security organizations on Thursday. Beijing-based KnownSec gathered the viruses and other information with a crawler that scans nearly 2 million Chinese Web sites each day, Zhao Wei, CEO of the security company, said in an interview in Beijing. He planned to give a presentation on the subject at the Forum of Incident......
[more] The one essential truth of computer security Who doesn't love that scene in "A Few Good Men" in which Jack Nicholson's character tells Tom Cruise's character, "You can't handle the truth. I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very freedom I provide, and then questions the manner in which I provide it. I would rather you just said 'Thank you' and went on your way." I often feel like I'm acting out that scenario when s......
[more] Phone Trojan 'has botnet features' A piece of mobile malware has the capacity to enable a hacker to build a botnet of phones, according to security vendor Trend Micro. The Symbian Trojan, which Trend Micro detects as SYMBOS_YXES.B, poses as a legitimate application called ACSServer.exe and calls itself 'Sexy Space'. It steals the user's subscriber, phone and network information, and connects to a website to send that information back to a hacker. It can also target the victim's contacts with sp......
[more] Radware, RSA team up to offer protection at network level Radware, a provider of integrated application delivery services for business-smart networking, and RSA, the security division of EMC have entered into partnership to expand an integrated crimeware blocking network designed to provide fraud protection for end users against both information and identity theft as well the spread of malware. Under the partnership, the two companies will build a proactive defense at the network layer to prote......
[more] Symbian admits Trojan slip-up The Symbian Foundation has acknowledged that its process for keeping malicious applications off Symbian OS-based phones needs improvement, after a Trojan horse program passed a security test. The botnet-building Trojan, which calls itself 'Sexy Space', passed through the group's digital-signing process, Symbian's chief security technologist Craig Heath said on Thursday. Heath said the group is working on improving its security-auditing procedure. "Whe......
[more] Swine flu malware poses as pig plague update Wrongdoers have created a new strain of swine flu-themed malware. A Trojan, containing backdoor and keylogger functionality, poses as a Word document from the US Centre of Disease Control giving information about the disease. The infectious file - Novel H1N1 Flu Situation Update.exe - appears with an icon that makes it look like a Word document file. Users tempted to open the booby-trapped file are presented with a document. Meanwhile the malicious......
[more] F-Secure: Chinese firms behind 'Sexy Space' Trojan F-Secure has identified three China-based companies as the creators of the 'Sexy Space' Trojan, which was identified last week to have passed through the Symbian Foundation's digital signing process. XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology and XinZhongLi TianJin cloaked the malware, also known as Yxe, and submitted it to the Foundation under its Express Signing program, the security vendor said on Wednesday in a st......
[more] Total eclipse used to bait scareware scam Wednesday's total solar eclipse over India and China has been exploited as a bait for sites punting scareware. Miscreants are using black hat search engine trickery to point geographically-confused users towards websites peddling rogue antivirus software, as explained in an illustrated advisory by Trend Micro. A search term associated with the attack "Solar Eclipse 2009 in America" might appear confusing at first, because the century's longest......
[more] Researcher reveals massive 'professional thieving' botnet A ferocious piece of malware that's infected up to a million PCs is stealing a "tremendous" amount of financial information from consumers and businesses that log on to their bank, stock broker, credit card, insurance, job hunting and favorite e-shopping sites, a noted botnet researcher said today. "Clampi is the most professional thieving pieces of malware I've ever seen," said Joe Stewart, director of malware research for Sec......
[more] Fake antivirus claiming tens of millions of scalps Malware posing as antivirus software is spreading fast with tens of millions of computers infected each month, according to a report released on Wednesday from PandaLabs. PandaLabs found 1,000 samples of fake antivirus software in the first quarter of 2008. In a year that number had grown to 111,000 and for the second quarter of 2009 it reached 374,000, Luis Corrons, technical director of PandaLabs said in a recent interview."We've created......
[more] Scareware package mimics Windows Blue Screen of Death Miscreants have developed a scareware package that mimics Windows' infamous Blue Screen of Death. Prospective marks are presented with a seemingly crashed system, along with a text warning that they need to buy "security software" to clean up their systems. But the SystemSecurity rogue package on offer has no utility other than scamming people out of their money. Variants of SystemSecurity have been around since at least February 2009. Howev......
[more] 5 Lessons from Dark Side of Cloud Computing While many companies are considering moving applications to the cloud, the security of the third-party services still leaves much to be desired, security experts warned attendees at last week's Black Hat Security Conference. The current economic downturn has made cloud computing a hot issue, with startups and smaller firms rushing to save money using virtual machines on the Internet and larger firms pushing applications such as customer relationship m......
[more] FAQ: The ins and outs of DoS attacks Thursday's denial-of-service attack that knocked Twitter offline for a few hours and affected Facebook, LiveJournal, and Google Sites and Blogger wasn't your average attack. Typically, someone who has a bone to pick with a specific Web site will round up some hijacked PCs and use them to try to shut the site down. In this case, whoever was responsible was trying to block access to a specific user's accounts and not the sites themselves. Denial-of-service at......
[more] What's on your top 10 security list? I've always been a fan of the SANS Institute's Top 10 Vulnerabilities list, even after it morphed into a Top 20 Vulnerabilities list. It's encouraged other useful lists as well, such as the Top 20 Programming Errors and Top 20 Most Critical Security Controls. The OWASP Top 10 Web Application Security Vulnerabilities is just as useful -- and the fact that most of the items on the list haven't changed over the past decade is very telling. These types of lists a......
[more] Cyber crooks increasingly target small business accounts An organization representing more than 15,000 financial institutions has issued a warning about a growing wave of attacks against small banks and businesses by cyber criminals using stolen banking credentials to plunder corporate accounts. In an alert to its members earlier this month, NACHA -- the Electronics Payments Association said that attackers are increasingly stealing onine banking credentials, such as user names and paswords, from......
[more] Phishing attacks down in 2009 Spam-based phishing attacks declined noticeably during the first half of the year according to IBM. However, it's not all good news, cyber-criminals may simply be shifting to other technologies said IBM in its semi-annual security threat report . "The decline in phishing and increases in other areas (such as banking Trojans) indicate the attackers may be moving their resources to other methods to obtain the gains that phishing once achieved," is the expla......
[more] Trojan zaps banking credentials via IM No longer the province of teens and chat-obsessed netizens, instant messaging is being adopted by a growing number of banking malware applications, which zap pilfered credentials to thieves in real time. The latest entrant is Zeus, a trojan that monitors an infected PC for passwords entered into banking websites and other financial services. Over the past three months, investigators from RSA FraudAction Research Lab have observed the program, which also goe......
[more] Prepare for the next password attack All that often stands between a malicious hacker and access to valuable, confidential data is a few keystrokes: an end-user's or admin's password. Yet even the most carefully crafted and well-guarded password is susceptible to being stolen from an innocent victim, and crafty miscreants have numerous techniques at their disposal to do the dirty deed. In order to protect users and your organization from a password attack, you must first have a clear understand......
[more] 7 Reasons Websites Are No Longer Safe Conventional wisdom is that Web wanderers are safe as long as they avoid sites that serve up pornography, stock tips, games and the like. But according to recently gathered research from Boston-based IT security and control firm Sophos, sites we take for granted are not as secure as they appear. Among the findings in Sophos' threat report for the first six months of this year, 23,500 new infected Web pages -- one every 3.6 seconds -- were detected each day......
[more] Trojan writers exploit legitimate sites to avoid detection Virus writers have started to hide command and control instructions in popula legitimate sites like Google Groups and Twitter according to security researchers. Symantec has spotted a Trojan horse program that's been programmed to visit a private Google Groups newsgroup, called escape2sun, where it can download encrypted instructions or even software updates. These "command and control" instructions are used by criminals to keep in touc......
[more] Trojan taps Google Groups as command network Hackers have programmed a Trojan that uses Google Groups newsgroups to distribute commands. Trojan distribution via newsgroups has existed for more than a decade, but using newsgroups as a command and control channel is a new innovation. The Grups Trojan itself is quite simple and is only noteworthy for the command and control structure it deploys. The malware is programmed to log into a Chinese language newsgroup to receive commands, Symantec securi......
[more] Zbot evades most anti-virus programs The banking trojan Zbot, which is one of today's most prevalent financially-motivated trojans, is not detected or removed by most anti-virus programs because of its ability to morph, according to a report issued by internet security firm Trusteer. A study of 10,000 Zbot-infected computers conducted this month revealed that a majority were running an up-to-date AV program, Mickey Boodaei, CEO and founder of Trusteer, told SCMagazineUS.com. 55 percent of Zbot-......
[more] Why malware writers are turning to open source Malware developers are going open source in an effort to make their malicious software more useful to fraudsters. By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans. According to Candid Wüest, threat researcher with security firm Symantec, around 10 per cent of the Trojan market is now open source.
The move to an ope......
[more] Social Networks Breed Malware Infestation Web 2.0 has been great for the development of online communities. But its benefits come with a downside: Hackers are using the interactivity of social sites to spread their malware. A recent study by security software supplier Websense finds that 95 percent of the comments posted to blogs, chat rooms, and message boards are spam or malicious software.
OK, the message comes from a vendor with a vested interest, but it rings too true: Websense Inc. says i......
[more] Security firms battle world's biggest spam campaign Computer users in the US are finding there's someone to fear even more than the tax man. They're being spammed by criminal gangs, preying on users' fears of the tax authorities, leading them to install malicious software. Security researchers estimate that the campaign has already enriched criminals by millions of dollars. The spam campaign, entering its third week now, is showing no signs of slowing down, according to Gary Warner, director of......
[more] Cybercrooks net €300,000 in 22 days A recent phishing and malware scam netted a group of criminals some €300,000 in stolen funds, say experts. Security vendor Finjan said that the criminals used a piece of financial malware to infect users and steal account details without being caught by bank security systems.
According to Finjan, the attackers used a combination of phishing sites and exploit attacks to dupe users into downloading a piece of malware known as the Zeus bank trojan.
Onc......
[more] Large online payroll service hacked In a somewhat unusual data breach, hackers recently stole the login credentials of an unknown number of customers of payroll processing company PayChoice Inc., and then attempted to use the data to steal additional information directly from the customers themselves. The breach, first reported by the Washington Post this week, took place on Sept. 23 and involved PayChoice's onlineemployer.com portal site. Hackers broke into the site and managed to access the r......
[more] Fake Antivirus: 5 software titles you should definitely NOT install We take a closer look at some of the more common scareware traps; what to look out for, how to identify the fakes and 5 rogue security software packages you should try and avoid at all costs. Bogusware, scareware or rogueware - whatever you prefer to call them, are all different names given to describe roughly the same thing: rogue security products that masquerade as the real thing.
According to numbers published by the Anti-P......
[more] Hotmail 'phishing' campaign is small peanuts Access to the 10,000 compromised Hotmail accounts at the centre of a high profile breach might be obtained for as little as $90 on the black market. Rik Ferguson, a security researcher at Trend Micro, argues that the importance of the online publication of 10,000 Live ID login credentials on developer website PasteBin.com and that the subsequent upload of thousands of assorted Gmail, Yahoo, and AOL passwords and usernames has been grossly exaggerated.......
[more] NatWest fraud gang just tip of the iceberg Security experts are warning that the London-based gang on trial for defrauding NatWest customers online is just the tip of the iceberg when it comes to the number of internet fraudsters currently operating. The gang pleaded guilty today at Southwark Crown Court of conspiracy and money laundering, according to an Associated Press report. The group had used a Trojan virus to harvest the account details of over 100 unsuspecting customers, transferring fu......
[more] Twitter warns of new phishing attack Twitter warned users Tuesday of a new phishing scam on the social networking site. It's the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords. "We've seen a few phishing attempts today, if you've received a strange DM and it takes you to a Twitter login page, don't do it!," Twitter wrote on its Spam message page.
The message reads, "hi. this you on here?" and incl......
[more] Malware writers bank on Google Wave interest Malware writers have are now exploiting interest in Google's new Wave service, according to researchers. In a recent report, security vendor Symantec explained that a new wave of Trojans had been crafted to take advantage of the heightened interest in the new invite-only collaboration service. Researchers uncovered trojan applications connected to the Xrumer spam tool which were masquerading as a tool to automatically generate invites for the wave se......
[more] Mac art project game destroys files A Mac game that deletes users' files has sparked a debate about whether it's malware or not. The Space Invaders-style game deletes a file from the Mac home directory every time a user destroys an alien ship. The application, released as part of an art project, clearly warns this is what it does... in big red letters. Of course malware often thrives on people who ignore warnings, so security firms including Inteco, Sophos and Symantec that produce Mac OS X ant......
[more] Windows 7 more vulnerable to malware than Vista, says researcher Microsoft's decision to reduce the number of annoying security messages that Windows 7 delivers when users install software makes the new operating system more vulnerable to malware infection than Vista, a researcher said today. "UAC was neutered too much by Microsoft," argued Chester Wisniewski, a senior security advisory with Sophos, talking about Windows' Users Account Control (UAC), the security feature Microsoft debuted with......
[more] Google Reader Koobface spotlights security risk 2.0 The rising use of social networking and collaboration apps on corporate networks has spawned increased security risks beyond potential productivity losses, firewall vendor Palo Alto warns. The warning coincides with the appearance of a variant of the Koobface worm linked to Google Reader accounts controlled by hackers. Aside from acknowledged business benefits, Web 2.0 applications can transfer files, propagate malware, and have known security......
[more] Zeus botnet pushes fake MySpace update Spam has been detected as being sent from the Zeus botnet that prompts users to update their MySpace account. Trend Micro senior security advisor Rik Ferguson claimed that the spam is similar to the Facebook-related spam seen last week, with the user ‘required to update' their MySpace account with a link provided. Ferguson said: "The link in the mail leads to a standard fake MySpace login page, so of course your account details are stolen. Once you have &l......
[more] Making the first computer virus If you've ever had to spend a lot of money on antivirus software, you'd be forgiven for wanting to take Dr Fred Cohen aside for, to put it politely, a few choice words. But although Dr Cohen is responsible for creating the first ever computer virus some 26 years ago, his pioneering research has in fact led the way in protecting computers from the threats that surfaced in the years to come. He told BBC World Service's Witness programme about the day he made the di......
[more] Five ways to lose your identity (and wallet) this holiday season The holiday season is almost here, and even in a recession, huge numbers of people will likely be shopping online for gifts this year. The rush by shoppers to the Web makes the season a great time for online retailers. It's also a great time for hackers looking to steal data and money from the unwary millions expected to search for great deals online. The growth of holiday hackers has annually prompted security analysts, identity......
[more] China warns about return of destructive Panda virus A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee. The original Panda worm, also known as Fujacks, caused widespread damage at a time when public knowledge about online security was low, and led to the country's first arrests for virus-writing in 2007. The new worm variant, one of many that have ap......
[more] Raunchy spam targets online gamers Security experts are warning of a new malicious spam campaign designed to harvest the login credentials of online gamers. According to a blog posting by security vendor Sophos, the spam emails arrive with the subject line “Do you like to find a girlfriend like me?” and contain the following message: Wish to have a boyfriendBe able to protect me, take care of meIntolerable lonely night and would like to have your care.do you Willing?This is my photos.
Attached......
[more] Swine flu botnet causes chaos A spam campaign that poses as a message from the Centers for Disease Control (CDC) asking people to register for H1N1 vaccinations continues to be a major problem, according to a security researcher. The messages lead unwary users to a convincing-looking CDC site where they're asked to create a profile in order to receive a vaccination for the swine flu , which has made headlines for both its aggressive spread and a lack of vaccine. The site urges users to download......
[more] Researcher says iPhone data model could lead to malware If you're feeling whiplash over the state of iPhone security, you're in good company. Last month, the first iPhone worms were reported, which either rickrolled your iPhone with a background picture of Mr. Astley, or did far worse things to your software and data. But the only people who were vulnerable were people who had jailbroken their phones, turned on SSH services, and neglected to change their root password. And we all know that peo......
[more] Stronger botnets and increased spam detections in 2009 Cybercriminals learn lessons from McColo shutdown. There has been an average rate of 87.7 per cent in detected spam in 2009, as a small number of botnets have become stronger. According to the MessageLabs intelligence annual security report for 2009 from Symantec, cybercriminals have sharpened their survival skills and operated a volume and variety approach over the past 12 months.
It showed that there was a high of 90.4 per cent of detecte......
[more] Looking back at malware in 2009 2009 was the year in which nobody that uses the Internet could afford not to educate him/herself about the dangers that lurk in the inbox, in Google's search results, on the social networks they use, and sometimes even on their favorite news site. This year has definitely been marked by the increase of malware being delivered directly to your door (so to speak). So, let's see what were the major threats.
Conficker
Also know as Kido, Downadup or Downup, this worm......
[more] Waledac spreading through fake New Year's e-cards Cybercriminals behind the Waledac botnet have begun using a New Year's-themed campaign to capture more victims, security experts warned. The botnet is spreading spam messages that contain the subject line “Happy New Year 2010” and provide a link for what the email claims to be a New Year's greeting card, Mikko Hyppönen, chief research officer at anti-virus provider F-Secure, told SCMagazineUS.com. The campaign began last week. If followed, the......
[more] Hackers are cracking bank security Security measures such as the use of one-time passwords and phone-based user authentication -- considered among the most robust forms of IT defenses -- are no longer enough to protect online banking systems against fraud, a Gartner Inc. report warns. Cybercriminals are using increasingly sophisticated tactics to outmaneuver security systems so they can steal customers' log-in credentials and pillage their bank accounts , according to Gartner analyst Avivah Lit......
[more] China shuts down training website for hackers China has closed down what is believed to be the country's biggest training website for hackers, state media has reported. They say the site, Black Hawk Safety Net, gave lessons in hacking and sold downloads of malicious software. The reports say three people suspected of running the site were arrested.
Hacking is a sensitive topic for China, especially since the internet giant Google recently threatened to pull out of the country.
Google said China......
[more] New Russian botnet tries to kill rival An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers. Security researchers say that the relatively unknown Spy Eye toolkit added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus. The feature, called "Kill Zeus," apparently removes the Zeus software from the victim's PC, giving Spy Eye exclusive access to userna......
[more] Zeus Trojan resurfaces Security vendor Websense is warning of a renewed spate of global attacks aimed at stealing information from staff in government and military departments via the notorious Zbot or Zeus Trojan. The malware, which was originally designed and used to steal banking data, was used in a campaign targeting government workers in the US and UK at the beginning of the month.
This follow up attack involves a fake email purporting to be from a reputable figure within the Central Intel......
[more] Cyclist accused of hacking French laboratory A French judge has issued an arrest warrant for a cyclist accused of hacking into computer systems at an anti-doping lab. According to a New York Times report, authorities believe that Floyd Landis, a former Tour de France winner, used a Trojan program to install data-stealing malware on a system at the Châtenay-Malabry drug-testing lab. The accusations are in connection with Landis' 2006 Tour de France anti-doping case. As part of his defence in the......
[more] Almost 2,500 firms breached in ongoing hack attack Criminal hackers have penetrated the networks of almost 2,500 companies and government agencies in a coordinated campaign that began 18 months ago and continues to steal email passwords, login credentials, and other sensitive data to this day, a computer security company said. The infections by a variant of the Zeus botnet began in late 2008 and have turned more than 74,000 PCs into remote spying platforms that have siphoned highly proprietary......
[more] Hacking human gullibility with social penetration Security penetration testers Mike Bailey and Mike Murray rely plenty on attacks that exploit weaknesses in websites and servers, but their approach is better summed up by the famous phrase "There's a sucker born every minute". That's because so-called social penetration techniques are more reliable and easier to use in identifying chinks in client fortresses, the principals of Mad Security said Wednesday. That's true even for organizations that......
[more] Energizer Bunny's software infects PCs According to researchers at US-CERT (United States Computer Emergency Readiness Team), software that accompanies the Energizer DUO USB battery charger contains a Trojan horse that gives hackers total access to a Windows PC. The Energizer DUO, a USB-powered nickel-metal hydride battery recharger, has been discontinued, said Energizer Holdings, which late Friday confirmed that the software contains malicious code. The company has not said how the Trojan made......
[more] Warnings made of backdoor Trojan disguised as a download for a Skype Email Toolbar Websense has warned of malware that claims to be a download for a Skype Email Toolbar. It claimed that there is currently a 'very low' anti-virus detection for the spam email message, which contains a file attachment named SkypeToolbarForOutlook.zip that contains a backdoor Trojan. Carl Leonard, security research manager at Websense Security Labs, whose ThreatSeeker Network discovered the new wave of email attack......
[more] Scammers capitalizing on tax season to spread Zeus Cybercriminals have been capitalizing on tax season by sending messages that appear to come from the Internal Revenue Service but actually lead to the data-stealing trojan Zeus, researchers at anti-virus firm Trend Micro warned Thursday. The messages ask users to follow a link and review their tax statement to fix errors related to unreported or under-reported income, according to Trend Micro. The URL leads users to a variant of Zeus, which ste......
[more] PDF security hole opens can of worms The security perils of PDF files have been further highlighted by new research illustrating how a manipulated file might be used to infect other PDF files on a system. Jeremy Conway, an application security researcher at NitroSecurity, said the attack scenario he has discovered shows PDFs are "wormable". Computer viruses are capable, by definition, of overwriting other files to spread. Conway's research is chiefly notable for illustrating how a benign PDF fil......
[more] Differences between viruses, trojans and worms explained In the anti-malware business we often quibble over details the general public does not care about. To us these differences are important, though, as classifying a piece of malware helps us define and understand its nature and helps those of us stuck with detecting or cleaning up an infection. Many people try to use their understanding of these terms to defend their poor choices in security practices. It might be a good time for a little r......
[more] Security experts warn of mobile Trojan threat Security experts are warning Windows Mobile phone users to beware of downloading games to their devices, after it emerged that a Russian-speaking hacker has been uploading versions of a particular game with malicious Trojan programs hidden inside. Graham Cluley, senior technology consultant at Sophos, said yesterday that Windows Mobile users playing the 3D Anti-terrorist Action game have reported that their phones are making expensive calls to inter......
[more] Bogus UPS spam wrecks Windows XP A new wave of bogus UPS shipping spam is being used to push a piece of malware which can render PCs unbootable, security company Webroot has warned. The company's warning relates to a Trojan downloader called 'tactilol' that appears to turning up either as a zipped attachments with stock UPS shipping confirmation spam, or as a Facebook update. The attack will undoubtedly have a number of different payloads, but the one that caught Webroot researcher's attention......
[more] The need for a truly unified security solution It's no secret that modern security threats are converging and a significant proportion of data loss occurs via coordinated Web and email attacks. So why is it that many organisations manage multiple different security technologies? Information held and shared electronically proves rich pickings for cybercriminals. Businesses are actively targeted for specific information, and the threat can hit using email, Internet and data stealing technology -......
[more] Cloud computing: Early adopters share 5 key lessons While some large enterprises have moved their IT infrastructure to a third-party managed service to save costs, small firms -- especially startups -- have come to rely on cloud services to cut initial outlays and help them focus on the core services and products. Infrastructure-as-a-service offerings, such as Amazon's Elastic Computing Cloud (EC2), typically are used by larger enterprises to give research-and development groups flexibility in......
[more] New MacOS X malware surfaces Apple Mac users are being warned to keep a close eye on their systems following the discovery of a new piece of malware for MacOS X. Dubbed "HellRTS," the malicious tool has been spotted as a proof of concept sample. Thus far no active exploits or attacks have been spotted, though experts warn that samples of the malware have been widely circulating online. According to MacOS X security specialist Intego, the malware can be spread either through a trojan download or......
[more] Zeus banking virus is back warns security firm Zeus, a virus that steals online banking details from infected computer users, is more powerful than ever, warns a web security company. Trusteer says it has spotted the Trojan virus in one of every 3,000 of the 5.5m computers it monitors in the US and UK. Zeus 1.6 can infect people using Firefox and Internet Explorer web browsers, the company claims.The malware steals login information by recording keystrokes when the infected user is on a list of......
[more] Technology security myths debunked Bursting the security bubble Think you can hide behind the privacy of an "unlisted" cell phone number? Think again. Maybe you believe you don't need security software on a Mac or iPad. You'd swear that Firefox is the safest browser in town. Wrong on both counts.Most of us don't think about security for our digital devices until something goes wrong, or it's time to renew an antivirus subscription. But what the security experts like to call the threat......
[more] Chatty Skype worm tries to fox antivirus programs A new instant messaging (IM) worm has been spotted using a number of evolved techniques to beat installed security programs and catch even suspicious users off-guard. According to BitDefender, Backdoor.Tofsee's cleverness starts with its choosiness - it infects only PCs running Skype and Yahoo Messenger, leaving other users uninfected.If a user running one of these applications is chanced upon, it then checks to see whether the target system is......
[more] Choose your security battles wisely We IT security people have chosen a career in which we know that no matter how hard we strive, we will never win. We have to be perfect; the bad guys only have to be persistent. We can only defend against what we know and have seen; they are free to develop new attack methods at will. We have to accept that we'll spend our careers doing the best job we can -- and we'll still lose. The losses we suffer aren't only to the bad guys. Most new computer-security pe......
[more] HSBC browser plugin attacked by Trojan A popular anti-keylogging tool used by online banks such as HSBC, Trusteer's Rapport, has come under direct attack by malware writers trying to bypass its protection settings. In a discovery reported made by fellow security vendor Webroot Software, a Trojan the company names 'Phisher-Rancor' runs a batch file that tries to close down the Rapport app, while a second variant targets a separate binary, config.js. Luckily, the malware fails to overcome Rapport'......
[more] Cybercrime police's budget slashed by 30% The national police unit responsible for fighting cybercrime faces a deep cut to its already stretched budget, counter to pre-election talk of an increased focus on the UK's digital security. According to senior Westminster sources, the coalition government has quietly and drastically trimmed the £3.5m that the Police Central eCrime Unit (PCeU) receives annually from the Home Office. The 30 per cent squeeze has been confirmed internally as the dep......
[more] Online crims not just 'speccy geeks', researchers warn Misconceptions about the nature of cybercrime are affecting the fight against online economic skulduggery. Widespread beliefs that e-crooks are likely to be either "geeks with glasses" or digital pranksters are well wide of the mark, according to researchers from Trend Micro, which reckons the majority of cybercrooks would be indistinguishable from the man in the street. Cybergangs are located around the world. Russia, the Ukraine and China......
[more] Trojan writers target U.K. banks with botnets Cybercriminals are building country-specific botnets to target U.K. bank customers with dedicated malware, security company Trusteer Ltd. has reported. The company identifies two pieces of malware -- the previously undetected Silon.var2 and the longer-established Agent.DBJP -- as the two bank Trojans being distributed by Zeus-based botnets using U.K.-infected PCs. Silon.var2 now affects one in every 500 U.K.-based PCs connected to the Trusteer Flash......
[more] Trojan skewers security software with Windows Security watchers have discovered a Trojan that uses built-in Windows functionality to overwrite security software and compromise systems. The malware - which poses as an antivirus update - uses Windows input method editor (IME) to inject a system, technology that normally creates a means for users to enter characters not supported with their input device. For example, PC users with a 'Western' keyboard would take advantage of the technology to input......
[more] Bizarre phone ransom Trojan found by researchers Researchers have discovered a bizarre piece of Trojan ransomeware which disables programs on infected PCs before demanding victims make an unaccountably small payment to a Ukrainian mobile phone network in return for an unlock code. According to Webroot, the Krotten ransom Trojan is one of the oddest pieces of malware of the year. Taking the path of least resistance, it eschews the complex encryption outlook taken by a range of ransomware program......
[more] Top 10 social networking threats Social network tools have changed the way we interact in our personal lives and are in the process of transforming our professional lives. Increasingly, they play a significant role in how business gets done. But they're also high risk. With hundreds of millions of users, these tools have attracted attackers more than any other target in recent years. Here, according to Palo Alto Networks, are the top 10 social network threats/risks that enterprises must consid......
[more] Security rule No. 1: Assume you're hacked A recent Forbes magazine article advised readers to assume that their companies have been hacked. Some readers have asked me to weigh in, and here's my assessment: The article is slightly hyperbolic, but all in all, it's a pretty accurate assessment. Most companies are actively hacked, and their sensitive data is being stolen and leaked to outsiders. Many readers might find such statements inaccurate and unsupported, and they may wonder where is the doc......
[more] Microsoft confirms 'nasty' Windows zero-day bug Microsoft on Friday warned that attackers are exploiting a critical unpatched Windows vulnerability using infected USB flash drives. The bug admission is the first that affects Windows XP Service Pack 2 (SP2) since Microsoft retired the edition from support, researchers said. When Microsoft does fix the flaw, it will not be providing a patch for machines still running XP SP2. In a security advisory, Microsoft confirmed what other researchers had b......
[more] Poisoned Angelina flick hits torrents Cybercrooks have begun using booby-trapped QuickTime files to infect internet pirates' computers. Malicious files posing as the recent Angelina Jolie film Salt are now available on file sharing networks. When users attempt to view these poisoned downloads a prompt is generated offering to download "update codecs" - actually fake files loaded with Trojan horse malware. At first the attack was thought to rely on an unpatched flaw in QuickTime, but Apple told......
[more] U.K. bank hit by massive fraud from ZeuS-based botnet Security vendor M86 Security says it's discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution. Bradley Anstis, vice president of technology strategy at M86 Security, said the security firm uncovered the situation in late July while tracking how one ZeuS botnet had been specifically going after the U.K.-based bank......
[more] Hackers bait Zeus botnet trap with dead celeb tales Hackers are using tales of dead celebrities to build out Zeus botnets by duping users into compromising their own PCs, security experts said today. The list of celebrities -- actors and singers for the most part, with an occasional sports star tossed in -- range from Anniston (Jennifer) and Cruise (Tom) to West (Kayne) and Z (Jay), said Symantec. According to the spam that carries the malware, the personalities perished along with 34 others whe......
[more] TechCrunch hacked to distribute Zeus Trojan via JavaScript file Technology blog TechCrunch was flagged by malware-detections yesterday after it was infected by a variant of the Zeus Trojan. It was initially detected by security blogger The Harmony Guy, who asked on Twitter if anyone else was getting malicious PDFs from pages at TechCrunch Europe and later claimed that a JavaScript file he identified had "some mangled code at the start which loads an iframe from virtuellvorun.org". Gra......
[more] Windows malware dwarfs other viral threats The vast majority of malware - more than 99 per cent - targets Windows PCs, according to a new survey by German anti-virus firm G-Data. G-Data reckons 99.4 per cent of all new malware of the first half of 2010 targeted Microsoft's operating system. Just 0.6 per cent of the 1,017,208 new malware programs discovered in 1H2010 targeted other systems, such as Apple Mac boxes and servers running Unix. The figures help to place much-publicised but rare malwar......
[more] Don't let company politics dictate your security priorities A company recently hired me specifically to improve its password policy. At five characters long, zero complexity, and no forced expiration changes, these passwords would be considered nearly nonexistent to most hackers -- and the client knew it. I quickly learned that the client had several other significant security problems, including porous firewall rules, outdated antimalware software, horrible patching, and hundreds of domain adm......
[more] ZeuS attacks mobiles in bank SMS bypass scam Security researchers have warned that cybercrooks might be able to compromise online bank accounts even in cases where banks use SMS messages to authorise transactions. The approach relies on first compromising a targeted user's computer using a variant of the ZeuS banking Trojan before infecting the same user's smartphone. Thereafter it would be possible to initiate a transaction and authorise it following the receipt of an SMS message to a second co......
[more] Metropolitan Police cracks Zeus crime ring The Police Central e-crime Unit (PCeU) has arrested 19 people on suspicion of using a well known malware program to steal millions from bank accounts, according to widespread reports. The Metropolitan Police unit arrested 15 men and four women aged 23 to 47 in dawn raids on Monday in the London area. The gang is suspected of stealing up to £6m in just three months, according to the reports. The gang reportedly used the Zeus trojan to infect PCs an......
[more] Zeus not the only bank Trojan threat, users warned Online bank account users should not ignore the threat posed by obscure data-theft Trojans such as ‘Bugat', ‘SpyEye', and ‘Carberp', security company Trusteer has warned. In recent weeks, the Zeus bank Trojan has attracted all the attention with news of a number of successful online bank account raids, but other threats lurk, the company says. One example is Bugat, on the face of it not the most frightening bank Trojan in circu......
[more] This Facebook Password Will Self-Destruct in 20 Minutes Facebook members using unfamiliar computers to log on can now do so using disposable passwords, skirting security problems sometimes found on public PCs. If the member has a phone number registered with Facebook, he or she can request a temporary password via SMS that remains usable for just 20 minutes. Questions about the system's effectiveness have been raised, however. Facebook has unveiled new measures to keep members secure when they l......
[more] Son of Zeus can sneak past antivirus controls The latest Trojan horse proves difficult to rein in. Trend Micro has reported that a new variant of the Zeus Trojan is unlikely to be detected by conventional antivirus applications. In fact, it has proved to be virtually undetectable. The Zeus Trojan has proved to be a persistent threat and was responsible for the recent £6 million (AU$9.7 million) theft from UK bank accounts by an international gang. This latest evolution of the Trojan means......
[more] How advanced persistent threats bypass your network security Hundreds of companies around the world have been thoroughly compromised by APTs (advanced persistent threats) -- sophisticated forms of cyber attacks through which hackers mine for sensitive corporate data over the long term. APTs aren't easily purged; rather, victimized companies often spend day after day trying to make a dent in them. Meanwhile, some security practitioners consider "APT" an overblown marketing term. It isn'......
[more] Koobface malware jumps to OS X The notorious Koobface social networking malware is now targeting MacOS X systems. Security firm Intego is reporting that variants of the malware have been targeting Mac users on social networking sites such as Facebook, Twitter and MySpace. Bursting onto the malware scene in 2009, Koobface made headlines by using the popular social networking services to spread amongst users. Modified versions of the malware were spotted in the wild earlier this summer. The MacOS......
[more] Sophos delights Mac users with free antivirus Security software company Sophos has finally broken ranks and decided to offer Mac users a free antivirus product without hidden strings. Branded, free-to-use antivirus products for Mac OS X are almost unheard of and the examples that do exist are designed to tempt users into upgrading to get more features and support or lack some features. Sophos Anti-Virus Home Edition for Mac looks like becoming the first ever full-featured Mac security software......
[more] Hacked Royal Navy site sinks The Royal Navy website is currently down after a hacker claimed to have successfully exploited the site and its underlying database. An attacker going under the web pseudonym TinKode stated in a blog to have compromised the website with an SQL injection attack this weekend. TinKode claimed to have accessed both usernames and passwords to different sections of the website, although the Royal Navy has refuted the suggestion any classified information was taken.The Roy......
[more] Hackers exploit royal engagement searches The official announcement of Prince William's engagement to Kate Middleton happened less than 24 hours ago, but that hasn't stopped hackers exploiting web users searching the net for the latest news about the happy couple. According to security firm Websense, poisoned search results have already started appearing in Google and other search engines. The search results lead to malicious web pages that infect a user's PC with malware when they navigate to......
[more] Malware Infecting Other Malware Can Complicate Antivirus Detection Malware infected with other malware can make life more complicated for antivirus programs. Malware authors don't always get along - in fact, there have been a number of instances where attackers target each other. But sometimes, malware infecting malware can be a good thing for attackers. According to Trend Micro Threat Response Engineer Roland Dela Paz, there has been an uptick of this kind of activity, which he called "hyb......
[more] Facebook's Christmas Tree virus only a hoax Security vendor Sophos says Facebook users can relax and stop warning each other about a supposed computer crashing Christmas tree-themed app disguised as a virus since the whole thing is just a hoax. Thousands of Facebook users have raced in recent days to rescue friends by posting warnings of "one of the WORST Trojan viruses" out there, but Sophos says it has seen no evidence that such a malware-bearing app exists (not that one couldn't be......
[more] Top five most serious internet security holes Businesses can leave themselves vulnerable to date theft and other online threats; particularly as security and IT budgets are under pressure as businesses look to save money. Although money is tight, it is important companies stay protected online, as on average, the total cost of security breaches including lost business in the UK last year was $2,565,702 (US dollars). Data theft and other online threats presently represent a significant danger for......
[more] A third of all malware in history created in 2010, says report More than a third of all malware that has ever existed was created by criminal gangs in 2010 alone according to the latest PandaLabs Annual Report. To be precise, the company found that 34 percent of all existing malware has been concocted by cyber-criminals in the last year, banishing forever the image of the disgruntled geek creating viruses in his bedsit. It's not all bad news however, there's been a dramatic slow-down in the rate......
[more] Hackers steal $150,000 with malicious job application Small businesses have a new scam to worry about: criminal job applicants who want to hack into online bank accounts. The U.S. Federal Bureau of Investigation issued a warning Wednesday about a new twist on a long-running computer fraud technique, known as Automated Clearing House fraud. With ACH fraud, criminals install malicious software on a small business' computer and use it to log into the company's online bank account. They set up bogus......
[more] Kama Sutra PowerPoint named as one of the threats of the last three months, as new warnings made on malware that bypasses cloud-based anti-virus The Kama Sutra virus has been named as one the largest threats of recent months. In Cyberoam's 2010 internet threats trend report for Q4, the Trojan downloader associated with a Kama Sutra presentation titillated recipients into downloading a PowerPoint presentation of sexual positions, but left their PCs infected with a malicious code that opened a bac......
[more] ZeuS blackhats target online payment providers Baddies behind the infamous ZeuS Trojan are diversifying their business by targeting online payment providers as well as online banking accounts. Transaction security firm Trusteer, which warned of the move on Thursday, compares the development to the evolution of card fraud in the 1990s when fraudsters moved from trying to obtain fraudulent cash advances from banks towards fraudulent foreign currency and retail outlet purchases. Trusteer has detect......
[more] Fake anti-virus scam hits Twitter Researchers have uncovered a new scam targeting Twitter users. The operation is said to make use of the Goo.gl link-shortening service in order to hide the actual address of the attack site. Attackers are believed to be using compromised Twitter accounts to post Tweets advertising various pages linked through the goo.gl service. When users click on the links, they are directed through the link-shortening service to a third party page which launches the actual at......
[more] Scareware impersonates legit antivirus software from AVG In what could be an alarming preview of tomorrow's malware-spreading techniques, a new version of scareware is on the move, one that's designed to look exactly like it's a legitimate antivirus product from reputable security company AVG. Microsoft has issued an alert about AVGAntivirus2011, malware that purports itself to be AVG Antivirus 2011. The program pretends to perform a security scan of a user's system, claims to find an array of d......
[more] ZeuS trojan attacks bank's 2-factor authentication A variant of the ZeuS banking trojan is targeting mobile phone users who rely on their handsets to get enhanced, two-factor authentication from ING Bank Slaski in Poland, a security blogger said on Monday. The ZeuS man-in-the-mobile attacks appear to similar to those that hit Spain in September, researchers from antivirus provider F-Secure said. Both attacks attempt to steal so-called mTANs, short for mobile transaction authentication numbers, w......
[more] Oddjob Trojan keeps banking sessions open after victims log out Miscreants have created a banking trojan that keeps victims' accounts open to plundering even after their marks log out of their accounts. The memorably named OddJob Trojan hijacks customers' online banking sessions in real time using their session ID tokens. By keeping accounts open even after victims think they have quit, the malware creates a window for fraudsters to loot compromised accounts and commit fraud. Trusteer, the trans......
[more] Hacker writes easy-to-use Mac Trojan In a sign that hackers, like everyone else, are taking an interest in everything Apple, researchers at Sophos say they've spotted a new Trojan horse program written for the Mac. It's called the BlackHole RAT (the RAT part is for "remote access Trojan") and it's pretty easy to find online in hacking forums, according to Chet Wisniewski a researcher with antivirus vendor Sophos. There's even a YouTube video demonstration of the program that shows you......
[more] French government says hack compromised 150 PCs The French National IT Systems Security Agency has released further details of the recent attack on French government computers, saying they were targeted by cyberspies. Around 150 IT staff spent the weekend on a massive clean-up operation to undo the effects of the attack on computers at the French Ministry of Economy, Finances, and Industry, the security agency's director-general said Monday night. The attack compromised around 150 of the ministr......
[more] Is Zeus source code for sale? The source code for the Zeus Trojan has reportedly been found on sale online. According to a blog by Peter Kruse, partner and security specialist at CSIS Security, several individuals have announced that they have access to the Zeus source code in recent weeks and that it is for sale. "We are currently not able to verify any of these claims, however this particular announcement has a picture attached which might prove that parts of the source code are indeed in......
[more] Ransom Trojan returns for new encryption attack The creators of the deeply unpleasant GPCode Trojan have released a new version of the malware that encrypts victims' data files and tries to extort money for the unlock key. The major innovation this time compared to a version from November 2010 is that the criminals demand a slightly higher fee of $125 for the key paid through the Ukash payment pre-paid card site instead of using direct money transfer. GpCode.bn, as it has been named by Kaspersky......
[more] Epsilon breach used four-month-old attack A data breach exposing the customer details of the likes of Citigroup, Hilton Hotels and Dell Australia was part of a series of socially-engineered attacks first reported by an Epsilon technology partner some four months ago, iTnews can reveal. The world's largest email service provider, Epsilon, disclosed on April 1, 2011 that the data it manages on behalf of a subset of its 2500 global clients had been accessed by hackers the day prior. Today iTnews ca......
[more] Report: End-user ignorance at Epsilon let hackers steal customer data The hackers who managed to steal millions of customer email addresses from marketing giant Epsilon did so by exploiting what is arguably the weakest link in IT security: end-user ignorance or, perhaps more aptly, inadequate end-user training. ITNews reported today that the perpetrators of the data heist, which affected customers of numerous large corporations across an array of industries, got a foot in the door through succes......
[more] Epsilon attack - a turning point for the online marketing industry? Last week, consumers in the US were bombarded with email messages warning them of what may be the most widely felt data breach in US history. A company that most of them had never heard of, Epsilon Interactive, had been compromised and their names and email addresses had been stolen. For a few days, it seemed that almost everyone was getting a warning message. The notes all struck the same tone: "Email files have been acces......
[more] Cyber-stalking laws: police review urged A senior police officer is calling on the government to review whether laws governing cyber-stalking in the UK are fit for purpose. Greater Manchester Assistant Chief Constable Garry Shewan wants police to be given more powers to seize computers used to harass victims online. It is hard to prove who committed stalking even though it is easy to establish which computer was used.The Home Office says it is investigating the issue.Mr Shewan, who is the Associ......
[more] PlayStation Network hack launched from Amazon EC2 The hackers who breached the security of Sony's PlayStation Network and gained access to sensitive data for 77 million subscribers used Amazon's web services cloud to launch the attack, Bloomberg News reported. The attackers rented a server from Amazon's EC2 service and penetrated the popular network from there, the news outlet said, citing an unnamed person with knowledge of the matter. The hackers supplied fake information to Amazon. The accoun......
[more] Windows scareware fakes impending drive disaster Scammers are trying to trick Windows users into paying to fix bogus hard drive errors that have apparently erased important files, a researcher said today. The con is a variant of "scareware," also called "rogueware," software that pretends to be legitimate but actually is just a sales pitch based on spooking users into panicking. Most scareware masquerades as antivirus software. But Symantec researcher Eoin Ward has found a n......
[more] Microsoft: One in 14 downloads is malicious The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious. In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent o......
[more] 7 questions about the Mac malware scare A few answers help clarify what the MacDefender scareware plague really means for Mac users and administrators It was only a matter of time. Numerous reports from the field leave little doubt that Apple OS X has become the target of its first widespread malware campaign -- in the form of MacDefender (aka, MacSecurity or MacProtector). Mac Defender is classic scareware: You're prompted to download and install an antivirus program to protect your system, whe......
[more] Boy-in-the-Browser attacks continue to evade traditional anti-malware software Boy-in-the-Browser (BITB) attacks are gaining force as they continue to evade traditional anti-malware software. Tomer Bitton, from the Imperva Application Defense Center, explains, "Many are familiar with Man-in-the-Browser (MitB) attacks, but most are unaware of the lesser known Boy-in-the-Browser (BitB). Not as sophisticated as MitB, BitB malware has evolved from traditional key loggers and browser session rec......
[more] Time to guard your digital certificates When criminal hackers break into a company, they're usually looking to steal stuff they can sell, like credit-card information or intellectual property. But these days, some sophisticated thieves also seek digital certificates -- as a way to make their malware appear to potential targets to be valid software. In a recent report, security firm AVG gave two examples of companies whose certificate data was taken by attackers and then used to sign malicious so......
[more] Banking Trojan hits Android phones A banking Trojan that has plagued Symbian, BlackBerry and Windows Phone users has now made its way to Android devices. The Zitmo Trojan, which has been used by the ZeuS criminal gang to steal banking information, was confirmed to be on Android devices by security firm Fortinet last week. In a blog post on the company's website, senior antivirus analyst Axelle Apvrille said that the Trojan poses as a banking activation application and then once installed sniffs......
[more] China hit by 480,000 Trojan horse attacks in 2010 China said it saw close to 480,000 Trojan horse attacks in 2010, with almost half originating from outside the country, according to a government security agency. China's National Computer Network Emergency Response Technical Team (CNCERT) released some of the figures Tuesday from an upcoming annual report. Of the 221,000 attacks that originated outside of China, 14.7% came from the U.S., while another 8.8% came from India. The figures have gaine......
[more] If you need more information about Trojan, please feel free to contact us with your Trojan questions using our contact form.
