Bugs / Virus Article (0)
 |
PC Doctor Service Center 6 Review » December 16, 2007 05:00PM
|
Bugs / Virus News (84)
MP3 based virus
Category: Bugs / VirusPosted: July 21, 2008 11:40PM
Author: Andrew Robinson
A new virus poses a threat to millions of Windows user who download MP3s.
The new worm transcodes malicious URLs into the ASF (Advanced Systems Format) feature of media files. ASF is Microsoft media file container that allows media files to contain embedded links to web URLs and pictures. David Emm (of Kaspersky Laboratories) said that this has been a known probable threat but it has not been done until now. The malware directs users to a webpage that displays a mock codec download which of course is stem of the virus, the virus (actually a trojan horse) looks for MP3 files on the infected computer, converts them to WMA and wraps them in an ASF container which has the malicious code in it to initiate further spread. The infected user has no idea that any of this is happening behind the scenes as the files retain the ".mp3" extension.
Safety tips:
*Don't steal music, its not worth it
*Don't download and install files from unknown/untrusted sources (i.e random popups, especially ones for codecs)
Thumb Drives Pose Security Risk
Category: Storage / Hard Drives, Bugs / VirusPosted: July 10, 2008 07:11PM
Author: ClayMeow
Your flash thumb drive may seem harmless, but think again. In the early days of computers, viruses were often spread thru the removable media of the day, floppy disks. With the internet and email boom, that all changed, and people may have gotten too comfortable with their removable media. According to a malware monitoring site, ThreatSense.Net, "10.3% of recent malware detections involved programs trying to take advantage of thumb drives and other removable media." Couple that with a recent survey that found that 66% of consumers misplace their thumb drives, and suddenly they don't seem as safe they seem.
MS Malware Removal Tool Removes 2M Password Stealers
Category: Bugs / VirusPosted: June 21, 2008 08:24AM
Author: Dale Shuck
Every patch Tuesday, Microsoft includes an update malware removal tool to help remove malicious software from Windows computers. In the week after the latest release, the software detected and removed game password stealing software from over 2 million computers. Criminals like to use these types of programs to hack users' accounts using the stolen passwords so they can sell the victims' in-game possessions for virtual money. Virtual money can then be turned into real-world dollars through various exchanges. Gamers can be especially susceptible to these types of attacks because they often disable anti-virus programs while gaming. Another venue of attack is through the use of cracked versions of games that come complete with malware.
Trojan Targeting Macs Discovered in the Wild
Category: Bugs / VirusPosted: June 20, 2008 12:05PM
Author: Dale Shuck
A security firm claims it has uncovered variants of a Trojan horse that targets computers running Mac OS X 10.4 and 10.5. The Trojan requires a user to download and open the file for it to work. The Trojan takes advantage of a vulnerability in Apple's remote Desktop Agent that allows it to run with root permissions. Once installed, the malware can allow remote access to the infected machine, capture and relay passwords and log keystrokes.
Microsoft Patches Patch
Category: Operating Systems, Bugs / VirusPosted: June 19, 2008 03:15PM
Author: ClayMeow
Apparently when Microsoft released a patch to fix a vulnerability in the Bluetooth stack last week, it didn't fix what it was intended to fix. According to Microsoft, last week's patch "might not have been fully protecting against the issues discussed in that bulletin." As such, Microsoft re-released the security patch today to address this issue. Microsoft didn't elaborate on how this error was overlooked, but it did say that research into it uncovered that two "human issues" were involved. So if you're using Windows XP, go check Windows Update if you don't set it to automatically check for you.
Congressman Accuses Chinese of Hacking, China Responds
Category: Bugs / VirusPosted: June 12, 2008 06:30PM
Author: Dale Shuck
U.S. Congressman Frank Wolf said four computers in his office were hacked back in 2006 and claimed other congressional computers were hacked as well. Wolf claims that, based on investigations and conversations with the FBI, the attacks originated from China. The attacks were allegedly in response to his outspoken criticism of China's human rights records and affected computers used by Wolf's chief of staff, his legislative director as well as those of his human rights staff member and the staff person responsible for judiciary affairs. Wolf is not alone as other groups have reported being attacked after speaking out against China. While the Chinese government may not be directly involved, as the culprits may likely be individuals motivated by nationalistic pride, their implicit involvement in turning a blind eye to the attacks is what angers many. Today, a spokesperson for China's foreign ministry denied the allegations, saying China couldn't have been involved as they lack the technology and technical expertise to have pulled it off. This flies in the face of increased reports of other incidents, including one involving the laptop of U.S. Secretary of Commerce Carlos Gutierrez. Additionally, the Pentagon claims China has developed a first-strike capability for any looming cyberwar and has teams responsible for developing viruses intended to cripple an enemy's networks.
Electronic Tampering Risk at Bejing Olympics Extremely High Say Officials
Category: Bugs / VirusPosted: June 11, 2008 05:53PM
Author: Dale Shuck
Officials are warning visitors of the risks associated with using electronic devices such as cell phones, PDAs and laptops during the upcoming Olympics in Beijing. One official even went so far as to say if that if a visitor is of any interest to the Chinese government that it is a virtual certainty than any devices carried to the games will be compromised by Chinese agents. That means leaving devices unattended in a hotel room is an invitation to being hacked. The government there also controls Internet service providers and cell phone networks and can use these to monitor and remotely attack your electronics. Anyone traveling to the games is advise to have their laptops or email devices purged of any sensitive information before they leave and throughly scanned for viruses and malware on their return.
Latest Ransomware Trojan Proving Tough Nut to Crack
Category: Bugs / VirusPosted: June 9, 2008 10:52AM
Author: Dale Shuck
If you've been putting off backing up your important computer files, now may be a good time to do so. One of the latest Trojans making the rounds is a pretty nasty version of ransomware that encrypts files on your computer then deletes the original files. In order to get your data back, you have to contact the malware's authors to buy the decrypting tool. The malware targets 143 different file types including digital pictures, office documents and backup files. This type of ransomware first appeared a couple of years ago, but wasn't deemed a severe threat due to its poor implementation of the 660-bit encryption routine which security researchers were able to crack. This time around things are different as the authors are using a RSA-1204 bit algorithm that security firm Kaspersky Lab estimated would take 15 million PCs working in parallel to crack. While the threat is not widespread yet, that's no excuse to put off making sure your important files are backed up and any external backup media disconnected from the host computer to prevent the backup files from being targeted as well.
Microsoft Issues Security Advisory for Apple's Safari Browser
Category: Bugs / VirusPosted: June 3, 2008 07:28AM
Author: Dale Shuck
Microsoft is looking into reports of issues with Apple's Safari browser installed on Windows XP and Vista machines. Users can be tricked into visiting a malicious web site that download software enabling the remote execution of code on the victim's computer without requiring any action by the victim. Apparently this only affects machines where the default download location in Safari has not been changed. Safari is not installed on Windows machines by default (doh!) and must be installed through Apple’s update application. However, Apple had been making Safari available to users of its iTunes service and installed the browser by default if users updated their iTunes software. Apple suspended that practice after coming under intense criticism from many fronts. Microsoft issued a security advisory on the issue and recommends not using Safari on Windows machines and/or changing the default download location until Apple can resolve the problem.
New Bug Invasion Threat to Electronic Devices
Category: Bugs / VirusPosted: May 15, 2008 09:13PM
Author: Dale Shuck
As if we didn't have enough to worry about from Trojans and viruses, now there is a new bug invasion of the living kind in the form of crazy raspberry ants. Crazy because they swarm and don't follow any kind of line like many other ants, and raspberry after the name of an exterminator who first battled the ants back in 2002. The infestation is limited to five counties in Texas and are moving into the Houston area. The little critters are tiny, about the size of a flea, and for some reason show a particular affinity for electronics, and prefer DC current over AC. They've been known to short out motherboards and have been found inside hard drives and laptops. Over the counter sprays seem to be useless and when treated with commercial products, they just pile up their dead and crawl over the bodies to escape contact with the pesticides.
Bug in Ubuntu Linux Causes Major Security Hole
Category: Bugs / VirusPosted: May 15, 2008 11:23AM
Author: ClayMeow
A bug dating back to September 2006 has recently been discovered in Debian Linux and its derivative packages, such as Ubuntu, affecting OpenSSL. OpenSSL is an important aspect of many websites' security. In September 2006, a Debian fix accidentally caused the random number generation to not be so random, effectively creating mere 16-bit security keys, as opposed to 1024-4096 bits. How weak are 16-bit keys? A researcher was already able to calculate all the available keys in mere hours, meaning even novice hackers can crack the code with negligible force. What's interesting is that it has taken over a year and a half to uncover, though who knows how long hackers have known. And people say Microsoft security is lax?
Fake MP3 Files New Hiding Place for Trojan Adware
Category: Bugs / VirusPosted: May 7, 2008 06:48AM
Author: Dale Shuck
McAfee is reporting a large uptick in the number of Trojan adware installs via bogus MP3 files on file sharing networks. Masquerading as audio files with real-sounding names, the Trojans install adware on users' PCs. Once someone tries to open the files, they are asked to sign an end-user agreement and then the program installs two Trojan files - NetNucleus and Mirar. Once installed, the infected machines start serving up popup ads. Over the last 24 hours, McAfee reports that nearly one third of all McAfee clients reporting results back to the company have detected these files.
Please Wash Your Hands Before Touching My Keyboard
Category: Bugs / VirusPosted: May 2, 2008 11:33AM
Author: Chris Benjamin
Recent research, performed by a consumer group named Which?, found that one keyboard in its London office contained more harmful bacteria than a toilet seat. Of 33 keyboards that were tested, four were found to contain enough bacteria to be labeled a public health hazard, and one of those was deemed so filthy that scientists demanded that it be removed from the scene and sanitized. The researchers cited employees eating lunch at their desks as the most likely cause of the funk, as crumbs can easily fall into a keyboard and rot; also noted as prime offenders were employees who failed to wash their hands after using the bathroom. Thankfully, the remedy is usually very simple - people just need to blow out the keys with some canned air and clean the keyboards' surface with a damp cloth, followed by a proper alcohol scrubbing. This reporter has also been known to just toss his letter-typer into the dishwasher on occasion - although I must advise that anyone using a keyboard whose value is above $5 follow the cleaning instructions given by the science guys.
Yahoo's Banner Ads may Contain Malicious Code
Category: Bugs / VirusPosted: April 29, 2008 04:59PM
Author: Chris Benjamin
Very recently, search engine giant Yahoo! has been unwittingly exposing visitors to fraudulent banner ads, and other ads that may prompt the user to install malware, says an Internet Security watchdog. When clicked, the malicious ads - some of which pitch women's deodorant products - usually produce a legitimate-looking Windows pop-up, which instructs the user to download and install software that claims to "fix problems" with their computer. Users are also warned that some banner ads may redirect them to websites programmed with attack code, so it's important to keep an eye on the address bar after clicking a link. If the new site's address doesn't line up with the advertisement's claim, users are advised to immediately end their browsing session and run an anti-virus/anti-spyware program to check for system integrity. As Internet advertisement is not strictly regulated, it can be easy for an attack group to pose as a legitimate representative for a product or service. Allegedly, all of Yahoo's services are at risk, so users should be wary if they find themselves redirected to the following sites, which have been identified as suspicious or malevolent:
eur.a1.yimg.com/java.europe.yimg.com/eu/any/yahoonew300×250.swf
ope.yahoo.com/eu/any/yahoonew728×90.swf
track.trackads.net/statsa.php?campaign=yahoo
AVG Free Gets an Update
Category: Bugs / VirusPosted: April 23, 2008 03:29PM
Author: Chris Benjamin
Performance-minded PC enthusiasts are always looking for anti-malware products that are A) free, and B) effective, while being light on system resources. The latest version of AVG's free anti-virus software - AVG Free 8.0 - seems to connect solidly on both requirements, adding spyware detection and removal features and LinkScanner, an app that checks search engine result links for nasty code - all while boosting the speed of the scanning process. AVG's version 8.0 anti-virus software has already garnered major security acclaim, achieving a VB 100% mark from Virus Bulletin's last three tests, and receiving checkmark certification from West Coast Labs for virus detection and cleaning, and for Trojan Horse detection. AVG Free 8.0 will be available for download tomorrow, April 24.
Malicious E-mail Down, Web Attacks on the Rise
Category: Bugs / VirusPosted: April 22, 2008 12:57PM
Author: Dale Shuck
Criminals looking to hijack your PC for use in botnets or infect your machine in an attempt to steal sensitive information are moving away from using e-mail as the attack vector of choice. Instead, they are turning to web attacks according to reports out from both Microsoft and security vendor Sophos. Citing data gathered from its malware removal software Microsoft is seeing a 300% increase in the number of Windows PCs infected with Trojan downloader programs. Based on data gathered from some 450 million PCs that run Microsoft’s malware removal tool each month as part of the Windows update process, the company cleaned malware from 1 in 123 machines. As users and companies get better at blocking executable files sent as e-mail attachments, criminals have become more adept at issuing spam messages enticing users to visit web sites that download malware onto their machines. Sophos is reporting similar statistics stating it is finding new infected web sites at the rate of one every five seconds versus a rate of one very fifteen seconds in 2007. Of the email it examined during the first quarter of 2008, over 90% was spam.
Firefox 2 Gets Major Bug Fix
Category: Bugs / VirusPosted: April 17, 2008 12:21PM
Author: Chris Benjamin
Mozilla has released a "Critical" update for its well-liked Firefox 2 web browser. The patch fixes an error in the JavaScript engine in Firefox 2, Thunderbird, and SeaMonkey, where some users experienced stability issues when JavaScript performed garbage collection tasks. This issue is not suspected to cause any exploitable security holes, but similar crashes have been known to expose previously undiagnosed security risks. Users should access the "Help" button on the menu bar, and select "Check for Updates" to install this important patch, even if they have automatic updating turned on - I do, and this update was not automatically installed. More info on this bug can be found at this Mozilla webpage.
USB drives becoming more of a malware threat
Category: Bugs / VirusPosted: April 16, 2008 05:13PM
Author: Andrew Robinson
USB devices are extremely convenient, just plug them in and you're ready to go. Some USB flash dives in recent times have come with built in software that through Microsoft Windows is capable of being automatically launched as the device is plugged in. There is an inherent problem with this feature however, Windows does not stipulate whether or not the program that launches from the device is malicious or not. Therefore malicious code is capable of being placed onto the device causing it to infect every computer that it is inserted into. Recently there have been quite a few occurrences of manufacturers unknowingly distributing malicious code right from the factory. Whether or not it happens on purpose (someone purposely infecting the testbed computers) or by accident (improper virus protection within the testbed systems or an employee unwillingly spreading malware into the system).
Criminals Go Spear Phishing Using 'Subpoenas' as Bait
Category: Bugs / VirusPosted: April 15, 2008 11:17AM
Author: Dale Shuck
Spear phishing is a more targeted form of email attack often directed at senior managers or smaller subsets of users. The attacks work by making the email messages more relevant to the target group. One of the latest attacks has apparently netted thousands of fresh victims by sending emails claiming the recipient has been sued in federal court and directs them to a web site in order to access 'official' court documents. Once on the site users are told they must install a browser plug-in in order to view the documents and there you have it - hook, line and sinker. The victim's computer is compromised and the criminals have full access to the machine. Apparently the phish are biting as one company has tracked over 1,800 victims who fell for the ruse. In spite of the URL ending in uscourts.com, the machine hosting the web site is in China and the victims' computers are controlled via a host in Singapore.
Symantec Reports More Than One Million Viruses Worldwide
Category: Bugs / VirusPosted: April 11, 2008 07:02AM
Author: Chris Benjamin
Symantec Corporation, maker of the Norton family of Internet security products, has announced in its bi-annual Internet Security Threat Report that the global number of viruses - including trojans and worms - has topped one million. In what can only be described as a frightening escalation of malware warfare, Symantec claims that it detected 711,912 new threats in 2007 - with 499,811 coming in the latter half of the year, and the great majority targeted Windows-based computers. If we do the math, of the 1,122,311 malware programs detected by Symantec's software, the numbers indicate that more than two-thirds of all malicious software was created last year. Might be a good idea to update that anti-virus software...
All Your Router Are Belong to Us
Category: Bugs / VirusPosted: April 8, 2008 07:38AM
Author: Dale Shuck
A researcher plans to demonstrate at the RSA security conference today how java script from a Web page could hijack your router. While it has been known fro some time this type of attack was theoretically possible, the researcher, Dan Kaminksy, will show how it would actually work on certain widely used routers from makers such as D-Link and Linksys. The problem is not a bug in the routers themselves, but rather stems from the fact that many, if not most, home users don't reset the default password on their router. The attack, known as a DNS rebinding attack, works when a user visits a malicious Web page that would then download code written in java script that would then make changes through the router's web-based setup pages. Sounds like a good time to make sure you have replaced your router's default login credentials with something a little stronger and harder to guess.
April Fools Day Brings Renewed Storm Attacks
Category: Bugs / VirusPosted: April 1, 2008 05:05AM
Author: Dale Shuck
We all know April 1 brings lots of chuckles as web sites try to pull one over on unsuspecting users but here's one that's no joke and could actually lead to your computer being compromised. Security researchers say the authors of the Storm Trojan are back at it with spam messages bearing various April Fool's day titles that contain links to URLs that attempt to entice users to click on executable files such as "foolsday.exe" and "kickme.exe" which are actually versions of the Storm Trojan. This is one joke you don't want to 'get'.
Vista Hacked, Linux Wasn't
Category: Operating Systems, Bugs / VirusPosted: March 31, 2008 08:46AM
Author: Dale Shuck
After the two-minute hack of the MacBook Air last week at CanSecWest, a laptop running Vista SP1 was next to fall after two-days of effort. Shane Macaulay finally breached the Vista machine on the last day of the contest after getting some help from other researchers. Apparently Macaulay wasn't prepared for Vista SP1 which has beefed up security compared to the original release. Macaulay was awarded the second place prize of $5,000 and the laptop running Vista. The third target in the contest running Linux was not successfully attacked, although several attempts were made.
Mac Hacked in Two Minutes at CanSecWest
Category: Mobile, Prebuilts, Bugs / VirusPosted: March 28, 2008 07:52AM
Author: Dale Shuck
It took a security researcher just two minutes to hack into a MacBook Air in a contest held at the CanSecWest security conference. Under rules of the contest, contestants were to direct contest organizers to open emails or direct them to web pages in order to successfully crack the systems and read the contents of a certain file. Rules of engagement dictated the contestants could only take advantage of software preinstalled on the Mac. After visiting the web site, the researcher was able to seize control of the Mac. The researcher, Charlie Miller, walked away with $10,000 and the MacBook Air as prizes.
Mozilla Fixes 10 Firefox Vulnerabilities
Category: Internet, Bugs / VirusPosted: March 26, 2008 12:40PM
Author: Chris Benjamin
Earlier today, Mozilla released update 2.0.0.13, which patches 10 vulnerabilities in Firefox 2.0. Two of the patched problems were given a "Critical" rating, and another two were rated as "High" - and all four of these security flaws can be taken advantage of via nothing more than normal browsing activity. Users of Thunderbird and SeaMonkey are also affected, and all Firefox users who do not have automatic updating enabled are strongly advised to download the fixes.
Pre-installed viruses becoming more common
Category: General News, Bugs / VirusPosted: March 15, 2008 11:19AM
Author: Andrew Robinson
You never know when or where you can get a virus in this day and age, it could be from your anti-virus software website it could be from the gadget you bought at Target. The Associated Press has recently found that malicious code has been installed on devices ranging from GPS navigation units, iPODs and digital photo frames. Most of the incidences trace back to Chinese factories but it is unknown whether the cause of the spread is done on purpose or whether it happens by coincidence due to factory workers testing the devices on improperly protected computers.
UVA Grad Student Hacks Smart Card Encryption Code
Category: Bugs / VirusPosted: March 14, 2008 05:57PM
Author: Dale Shuck
A student at the University of Virginia has discovered a way to break the encryption scheme on the RFID chips used in about 2 billion smart cards worldwide. The cards, manufactured by NXP Semiconductors, are used for building security and public transportation fare collection. Based on his research, the student claims it would only take a few seconds, a laptop and a scanner to snag the electronic key to a door lock and produce a duplicate card. Apparently the threat is severe enough that one European government that uses the system has taken to adding armed military guards to doors using this system.
Digital Photo Frames a Vector for Trojan Horse Infection
Category: Digital Photography/Video, Bugs / VirusPosted: February 20, 2008 08:44AM
Author: Dale Shuck
When you choose a gift, you'd like the recipient to remember you for a long time. Apparently that's what happened to people who purchased digital photo frames over the holidays but probably not in the way intended. Security researchers recently discovered a rather nasty Trojan horse on digital photo frames from major retailers such as Sam's Club, Best Buy, Target and Costco. By reverse engineering the code, experts have been able to track the origin back to a group in China. This particular Trojan is very sophisticated and is capable of identifying and blocking antivirus software along with the Windows firewall. The thing that makes this malware particularly difficult to identify and clean is that it downloads files from remote locations and hides the files under random names. Currently the malware is only stealing passwords for online games, but has the capability to other personal information as well. Four additional Trojans have been located on the frames in addition to the new one.
New Trojan Software Swaps Google Ads For Malware
Category: Internet, Bugs / VirusPosted: December 19, 2007 09:49AM
Author: Dale Shuck
BitDefender has detected a new Trojan that replaces Google AdSense ads with ads from a different, and potentially malicious, provider. The Trojan modifies the Hosts file on victims' computers and redirects the user to an IP address not associated with Google. he Trojan then directs infected machines to load ads from the unauthorized server. "This is a serious situation that damages users and Webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst, in a statement. "Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the Trojan takes away viewers and thus a possible money source from their Web sites."
Attackers targeting Microsoft Access files
Category: Software, Bugs / VirusPosted: December 12, 2007 01:49PM
Author: Dale Shuck
The U.S. Computer Emergency Readiness Team (US-CERT) is reporting that online criminals are actively exploiting a flaw in Microsoft Access that allows them to install unauthorized software on computers. The vector being used appears to be specially crafted MS Access database (.mdb) files being sent to users. Some researchers were surprised by this method as most companies block the use of files with an .mdb extension. By default, Internet Explorer and Outlook Express will block these file types as well.
