Bugs / Virus Article (1)
Free Anti-Virus Comparison Review
» April 8, 2013 05:00PM
PC Doctor Service Center 6 Review
» December 16, 2007 05:00PM
Bugs / Virus News (142)
Posted: January 4, 2014 07:46AM
Author: Brentt Moore
Previously a Trojan which relied on user interaction to spread the ransomware and infect a user's computer, CryptoLocker has morphed into a new worm variant. Researchers at Trend Micro have found that CryptoLocker is able to be spread from computer to computer by using a USB drive or by being downloaded from unsafe sites such as P2P file sharing websites. By utilizing a USB drive that is infected, the ransomware spreads to files on the computer that the drive is attached to and even looks for other computers on the network to infect, if connected. The ransomware can also spread itself by being a fake activator for software such as Adobe Photoshop and Microsoft Office, which are generally shared on P2P websites. CryptoLocker encrypts various files on a computer system and makes users pay a ransom to unlock their files. Since the affected files are encrypted, removing the malware does not aid in retrieving the files for accessibility and one of the only ways to remove the ransomware at this time is by doing a complete system format.
Trend Micro is advising users to keep away from P2P file sharing sites in order to retrieve illegal copies of software. Additionally, Trend Micro is cautioning the use of USB drives, especially those of unknown origin.
Source: PC Magazine
Posted: January 11, 2013 04:29PM
A malware exploit has been reported named Mal/JavaJar-B. The malware exploits a vulnerability in Java 7 that is already being used against systems and distributed among hackers, but has not yet been patched. The malware allows hackers to run code remotely on infected machines running Windows, Linux, and Unix, although Mac OS X remains safe as of now. The U.S. Department of Defense has advised users to disable Java on any systems running the software.
Users with the software installed can easily disable the software from running in the browser through unchecking 'Enable Java content in the browser' under 'Security' in the Java Control Panel. Java has recently played victim to a number of exploits that have used its broad implementation for more sinister purposes. Despite this, Java also provides a great platform for small developers to deploy their software, and has played host to many well-known titles such as Minecraft.
Posted: December 12, 2012 10:10PM
Security vulnerabilities of any kind are never a good thing, and today's revelation is certainly one to be wary of. Analysis company Spider.io has identified a vulnerability in Internet Explorer 6 through 10 that allows mouse movements to be tracked, even if the browser is minimized or inactive. A particularly bad part of this vulnerability is it even tracks movement across virtual keyboard and keypads, like you'd find on touchscreen devices. Spider.io says it's "already being exploited by at least two display ad analytics companies across billions of page impressions per month," which isn't the best thing anyone wants to hear. An attacker can purchase an ad on any website to gain access, even on sites like YouTube, and then track your mouse movements so long as the page with the ad is open.
Spider.io submitted the vulnerability report to Microsoft at the beginning of October, but the company said there are no "immediate" plans to patch it. Hopefully soon there is a resolution for it to make the browser safe once again.
Posted: November 9, 2012 06:12PM
Author: Marko Jurac
Posted: August 16, 2012 02:59PM
Author: Nick Harezga
Google will be offering up to $2 million in prizes the for the Pwnium 2 contest at the Hack In the Box security conference in Malaysia on October 10. This represents a doubling of the $1 million prize pool from last year where only $120,000 was claimed. A prize of $50,000 will be awarded for exploits that take advantage of code that runs natively on Chrome, while $40,000 will be offered for "non-Chrome exploits." Google is already one of a handful of companies that offers bounties to researchers that report security bugs, with up to $10,000 being given out for severe bugs.
Posted: July 25, 2012 10:30AM
Stuxnet, Duqu, and Flame are all pieces of malware which have been covered by the larger news outlets for their apparent design to target and damage Iranian nuclear facilities. After investigation by security researchers it has been determined that Stuxnet and Duqu are directly related, while Flame is more indirectly related. Now a new piece of malware has struck some of these facilities, but it probably isn't connected to the three before it.
The report of the new malware comes from a Finnish computer security firm which claims a scientist at the Atomic Energy Organization of Iran had contacted them about their systems being infiltrated again. The malware was able to shut down the automation network at two facilities but did a little more than just this sabotage, and that bit more is why it is not as likely that this is related to the malware described above.
Supposedly several workstations were on in the middle of the night at these facilities blaring what the scientist believes is Thunderstruck by AC/DC. As the other three previous pieces of malware operated more secretly, this attack more likely is from a thrill seeking hacker. Until the story is officially confirmed and analysts can examine the malware, we cannot be sure.
Posted: May 29, 2012 10:19AM
Normally the discovery of a computer virus is not big enough news to warrant coverage by large media outlets, but in the past few years there have been some too important to not cover. First it was Stuxnet, a Trojan of uncertain origin that attacked the nuclear facilities in Iran and destroyed equipment there. Another Trogan named Duqu was found later and it shows a higher level of complexity than Stuxnet, though many believe the two are related. Unlike Stuxnet though, Duqu has not been activated yet, so no one knows what its purpose is, except for those who wrote it. Now another virus has been found and it, like its predecessors, has been found attacking targets in Iran and the Middle East.
As researchers at Kaspersky Lab analyzed Duqu they found it had some coding in it that they were not familiar with. After asking for help from the Internet the solution was found, and it indicated that whoever made the malware is very experienced with programming. This new virus, named Flame, surpasses both Stuxnet and Duqu in complexity and size.
Most computer viruses are small, making it easy for them to go undetected. Duqu and Stuxnet at 500 KB were heavyweights, but Flame comes in at an astounding 20 MB, with one module alone 6 MB in size. Considering the large scope of what Flame can do, this is not entirely surprising. The virus not only is capable of stealing your passwords as it records keystrokes, but it can also activate and record voices with a computer's microphone, take screenshots, monitor network traffic, and communicate with BlueTooth devices.
This level of complexity has led every research group that has analyzed it to the same conclusion about Flame's origin. The virus was likely written by a nation-state because the level of expertise required for this piece of malware would necessitate a large budget. Also, as English text was found in the code, the researchers believe it was created by native English speakers. Both Duqu and Stuxnet are alleged to have been made by nation-states, but it has not been conclusively proven.
Posted: May 1, 2012 05:33PM
Author: Nick Harezga
According to Symantec, the group behind the Mac Flashback malware was making roughly $10,000 per day through the use of the botnet created by the malware. The botnet had spread to nearly 700,000 computers at its peak, and those computers were generating revenue for those in control of the system. The Mac Flashback exploit was loaded into Chrome, Firefox, and Safari and targeted searches done through Google. The malware allowed the search to be hijacked and redirected to a different page, depriving Google of the ad revenue and instead putting it into the pockets of the hackers. Symantec also noted that Apple had a particularly slow response time in fixing the exploit, waiting nearly two months after the fix had been issued by Oracle to release it to users.
Posted: March 20, 2012 12:42PM
There are reasons some pieces of computer malware are called viruses, just like influenza and HIV which infect humans. Both biological and computer viruses attack vulnerabilities in whatever they infect and most are then designed to spread, sometimes with mutations. These similarities have security researchers intrigued, such as those at Fortinet’s Threat Research and Response Center.
Though biological viruses are considerably simpler than some computer virus, which can be encrypted and utilize antidebugging techniques, they still have tricks of their own which virus programmers are using as well. For example, HIV targets and attacks the human immune system, thereby making it difficult to defend against HIV and other viruses, and when AIDS is developed, the immune system is essentially destroyed. Several computer viruses will actually disable antivirus programs and give themselves an opening in the firewall, making it impossible to defend the compromised machine from further attacks.
Hackers learning from biological viruses are not the only concern though, with electronic prosthetics and it may be possible to encode a computer virus into DNA. Electronic implants do not always need to connect to an external computer, but occasionally they do, and when this happens they are open to attacks. Also the systems that sequence and store DNA could be vulnerable to a creative attack that encodes a virus into a piece of DNA. It would be like visiting a compromised website and a piece of malware being downloaded and installed while you are there. If a virus was actually written for human biology though, the effects could be quite destructive as our immune systems would have no guaranteed way to protect against the attack, and we do not have restore points.
Posted: March 20, 2012 08:55AM
Not very long ago the security researchers at Kaspersky Labs found some code in the Duqu virus they were not familiar with. To solve the mystery they crowd-sourced it by posting the code on their Secure List blog and the Internet succeeded.
Among the suggested languages was Object Oriented C, or OO C, and that a version of Microsoft Visual compiler (MSVC) was used. The use of MSVC was spotted because of certain commands in the code that are not typical of other compilers. This got the Kaspersky team working with the software and eventually they found that MSVC 2008 with the minimize size (/O1) and expand only __inline (/Ob1) options produced similar code to Duqu.
This proves that some form of OO C was used, but oddly the closest match was not published until after Duqu was released. This finding also sheds some light on the programmers of Duqu. How computer code works has been changing ever since it was first developed, and OO C uses an older custom that code like C++ does automatically. With many modern day languages, if not all, memory allocation is done automatically while in OO C this would have to be done manually. Some programmers prefer OO C for this reason, as they do not trust all of the features in newer languages. Also there was a time that different C++ compilers would give different results, while OO C was a standard with all systems.
Regardless of the reasons behind the use of OO C, this shows a great deal of skill and experience in the making of Duqu. As described in the Kaspersky blog post, "Duqu, just like Stuxnet, is a "one of a kind" piece of malware which stands out like a gem from the large mass of “dumb” malicious program we normally see."
Posted: March 12, 2012 10:48AM
Some of you may recall from the past two years news about some malware that had apparently targeted Iranian nuclear enrichment centers. The Stuxnet worm destroyed 400 centrifuges, which are critical to enriching uranium, and later the Duqu trojan was found. Duqu’s purpose is not yet known as it has not been activated yet, but it could potentially steal, corrupt, or run certain files.
While analyzing the code, security researchers at Kaspersky Labs have found some mysterious code. It does not conform to any programming language the researchers have compared it to, such as C++, Objective C, Java, Python, Ada, and Lua. Some crowd-source suggestions are that the language is related to LISP, a programming language for AI, or a version of C++ for old IBM systems.
Needless to say, this use of an unknown programming language has security analysts concerned. If more malware starts using unique languages like this, it will become much harder to dissect them and discover their origins. As it is, no one is sure about where either Stuxnet or Duqu came from, though many believe they are related and were even made by the US National Security Agency or the Israeli Mossad intelligence agency. However, Stuxnet had no unusual code like this, so perhaps the two pieces of malware are not related.
Posted: March 5, 2012 08:42AM
Apparently there is no honor among thieves and hackers. Some of you may remember that after the site Megaupload was taken down, the hacker group Anonymous decided to attack other websites, such as the US. Department of Justice, in retaliation. To hit the sites even harder, instructions and software for joining in the distributed denial-of-service (DDoS) attacks were posted online. Well, it turns whichever Anonymous member posted the information was interested in hurting more than the DoJ.
Zeus is a piece of malware meant to enslave its host computer and steal data, and was contained in the Slowloris DDoS software. According to Symantec, the computers in the voluntary Anonymous botnet were compromised, and information, such as banking details, was sent to someone.
I am not sure if "ironic" is descriptive enough.
Posted: February 15, 2012 02:55PM
In the wake of the discovery that an iOS app was collecting and transmitting contact information without permission, Forbes magazine has put together an article on a University of California at Santa Barbara report (pdf) from last year. At the time researchers found that roughly one fifth of free apps available from the iOS App Store were collecting private information, while apps available through the Cydia market for jailbroken iOS devices were collecting the same information only 4% of the time.
What the researchers considered private information included the Unique Device Identifier (UDID), location information, address book, phone number, Safari history, and photos. Of the 825 free apps tested from the App Store, 170 (21%) collected the UDID, 35 (4%) collected location information, 4 (0.5%) accessed the address book, and only 1 (0.1%) grabbed the phone number. Of the 526 from the Cydia market though, only 25 (4%) took the UDID, 1 (0.2%) got the location, 1 got the address book, 1 got the Safari history, and 1 took photos. It is worth noting though that the one Cydia app that captured location information, and also contact information, was designed for this and is called MobileSpy.
Remember, every app available through the Apple App Store is first approved by Apple. The Cydia market however does not have such strict rules on what can be downloaded from them. However, they do have a clientele of privacy-ware people and developers. After the revelation that Path, an iOS app, was collecting and uploading contact information to the developer’s servers, a developer made and released ContactPrivacy to Cydia, which allows a user to deny apps from uploading contact information. Another app, PrivaCy, was developed to prevent any specific app from uploading usage statistics.
Apple will, of course, start taking longer looks at apps it is sent, in light of the Path scandal, but until then, consider carefully what you install. Also, jailbreaking is not necessarily a better way to stay secure, but it is likely worth remembering what it offers you.
Posted: February 9, 2012 12:30PM
About a month after source code for the Norton 2006 antivirus software was released by hackers, source code for Symantec’s pcAnywhere software has been published. As this software is currently in use, the danger of exploitation is far greater. However, the sequence of events has allowed Symantec prepare, at least partially, for this.
Starting on January 18, a hacker claiming to have the source code started negotiations with Symantec. The email thread of the negotiations has been posted online for everyone to see, which is, supposedly, what the hacker wanted. YamaTough, the hacker, has stated he never intended to accept any payment from Symantec and was going to post the source code regardless. The negotiations were just to embarrass the company by showing what it would do to protect itself. However, YamaTough actually was not in communication with Symantec, but law enforcement.
As the negotiations were taking place, Symantec used the time to patch the software as best it could, to make the code dump as useless as possible. Despite the company’s efforts though, these two recent hacks are surely going to hurt it.
Posted: January 9, 2012 09:28AM
For those of you using Norton Antivirus software, this is not the news you want to hear, though it is not as bad as it could be. Symantec has confirmed some of the source code for Norton has been found by a group of hackers, and posted online. The code has since been removed from where it was posted, though it can still be found via other means. Also, Symantec has stated the code is related to two older versions of Norton, one of which is no longer sold.
The fear is a hacker using this information to craft a virus to defeat or even exploit the antivirus. Knowing how the software identifies malicious processes can allow one to work around it, but hopefully everyone is using an unaffected version. However the potential damage this code can cause is only something Symantec can know.
The hackers are from India and call themselves The Lords of Dhamaraja. Symantec has stated the code was not gotten from their system but from a third party. Supposedly the source was Indian military intelligence servers, according to the hackers.
Posted: January 6, 2012 12:01PM
As overclockers we are quite aware of the utility of the BIOS. It starts before the operating system, so changes made in it are independent of the software on the hard drive. This not only makes it powerful when trying to get the most out of a machine, but also makes it a potential target to hackers and virus writers.
This past September, Mebromi was found; the first known piece of malware made to infect the BIOS. Fortunately a method to remove this Trojan has been created, but it does still show it is possible to attack this fundamental component of a computer.
The NIST has released a draft of its security publication on how to secure and monitor the BIOS. This should lead to the development of products to maintain the integrity of a computer’s BIOS as well as methods to deploy them.
Posted: December 16, 2011 08:07AM
Instead of this post being a 'Viral Update' I’m making it a 'Security Update' because the focus is going to be less about viruses than previous updates.
A key part to the Internet is the Domain Name Server, DNS, which converts a domain name, like overclockersclub.com, into an IP address, 220.127.116.11. They are like phone books telling you where a company's building is by looking up the name. The content on a site is not always at a single IP address though. Continuing the phonebook analogy, the company warehouse could be in another city, but you don't necessarily see that from the phone book. This presents opportunities for hackers to intercept communications between a user and a server.
Since 2004 though, a part the Department of Homeland Security and its partners have been working on the Domain Name System Security Extensions (DNSSEC) project. This is to identify and validate these other servers. Already many registars have adopted DNSSEC and US military .mil sites are to be DNSSEC signed starting this month.
As a compliment to DNSSEC, OpenDNS, a leader in DNS security measures, has released its new DNSCrypt service as a "technology preview." Currently only available for Macs, this software will encrypt all of your DNS traffic. This is to prevent anyone from tampering with or otherwise intercepting communication between your computer and an OpenDNS server (obviously you will need to use its service to use the tool). This, so-called, "last mile" is quite vulnerable to man-in-the-middle attacks, especially as the information is sent in plain text, but both DNSSEC and DNSCrypt are steps towards securing it.
Posted: December 1, 2011 12:25PM
Focusing on smartphones in this update, and because of the information available today, I felt like posting this a day early.
The CarrierIQ issue was first found mid-November, but it is getting some new life in the media this week. This piece of mobile-phone software exists on many smartphones of different brands and operating systems (Android, iOS, and Blackberry) and, on the surface, doesn’t seem too bad. It collects some metrics to give your service provider, so they can improve their service. Of course, what’s above and below the surface are very different. This software, which can be hidden from the user and difficult to remove, can collect keystrokes, location data, apps being used, and web addresses visited.
On some phones the software can be turned off, but not all, and on Android phones, manually removing the software can require root access. The software developer states they do not collect information except for what directly relates to improving handset performance and quality. Still, the abilities this software has would likely be tempting to many malware writers. (A search of CarrierIQ gives many sources of further information.)
Also, from North Carolina State University comes a security analysis of multiple Android based smartphones. Specifically the researchers looked to see how pre-loaded apps can introduce backdoors on the phone, which hackers can utilize. These applications are meant to improve user-experience such as notifying a user to missed calls or text messages. The researchers found the vanilla Android phones had, "no real problems," but HTC’s Legend, EVO 4G, Wildfire S, Motorola’s Droid X, and Samsung’s Epic 4G were not so lucky. Of those, the EVO 4G had the most vulnerabilities.
This was discovered earlier in the year and the manufacturers were notified immediately. For these phones, the best way to stay safe is to install the security patches they get and only install apps you trust.
Posted: November 18, 2011 11:18AM
Previously discussed in the November 4th Viral Update item, the Duqu Trojan is back again. When Symantec first analyzed the malware, they had found similarities in it to the Stuxnet Trojan, leading them to believe they were both written by the same people. Stuxnet had the potential to damage a nation’s infrastructure, and also appeared to target Iran’s nuclear facility. Iran has come out to say Duqu has hit its computers but also that it is deploying a fix.
From Kaspersky Labs comes some more information about Duqu, an intriguing timeline. Part of the code found on some infected machines relates to a driver from 2007, suggesting Duqu has possibly been in development for years. From another analysis of an infected machine came code relating to a 2008 driver. What’s more, Kaspersky Labs has found parts of the Trojan are actually written specifically for their target. This adaptation also includes different servers being contacted by different versions of the Trojan, making it harder to stop.
In other malware news, since July there has been a 472% increase in malware for the Android mobile operating system. Of the malware attacks though, only 7.2% occur in the US, far behind China at 64%. These attacks can come in the form of malicious apps and sites that exploit code used specifically in mobile software. So, as always, exercise caution with what you open and install.
After four week of these news posts, tell us what you think. Should these weekly updates continue, or should a ‘as-needed’ approach be adopted?
Posted: November 11, 2011 01:24PM
Obviously the biggest news for computer security of the past week is the hacking of Steam. Right now the best thing for the user to do is change your Steam password, and once the Steam forums are back up, put in a new one there too. Also, monitor your credit card information, if you had that information in Steam.
From McAfee’s Threat Activity page we find numerous new Trojans, and all considered a low level threat. Many of these are password stealers but are still considered low level threats likely because they are easy to avoid.
Always be careful about what websites you visit, email attachments you open, networks you connect to.
Posted: November 4, 2011 05:07PM
For the second viral update we will be focusing on the Duqu Trojan. An installer for the malware was found by Hungarian research firm CrySys and has been analyzed by Symantec. A computer can be infected by a Microsoft Word document that exploits a kernel vulnerability. Once infected, a computer will attempt to spread the virus throughout its network, including to computers without a direct Internet connection. Duqu seems to be targeting corporations and is stealing information to possibly create another Stuxnet-like worm. This speculation and several similarities in the code of Duqu and Stuxnet leads the Symantec researchers to believe both pieces of malware were written by the same people.
Microsoft has been made aware of the virus and will issue a patch as soon as it can. The server Duqu appeared to be contacting has also been taken offline. As there is no work-around or removal strategy for this virus yet, the best strategy is diligence and not opening files from unknown sources.
Most other viruses found recently are less worrying and of low risk.
Posted: October 28, 2011 04:25PM
This is the first in what will possibly become a regular series of posts giving information on newly found viruses, trojans, and malware in general. The current sources of information are McAfee’s Virus Information site, Trend Micro’s Threat Encyclopedia, and Avast’s Summary of Virus Reports. Feel free to post comments giving additional sources, what you think of this new feature, and if we should continue to do it.
From all sources the newly found threats have low risk level, however even though much of the malware alone is not a danger, it is designed to enable others to collect private information from an infected computer, or download other malware, which may cause further damage. Of course not all of the malware discovered can be listed here, as there are too many to list.
The W32/Sality virus for Windows was found and added to McAfee’s Virus Information site on October 20, and, according to Avast’s virus reports, has already been detected on over 3% of the machines scanned. This virus is likely to modify Windows’ security settings, prevent access to the task manager, and prevent access to the registry editor. It also appears to rewrite processes in memory and connect to an external domain.
Trend Micro’s encyclopedia lists TROJ_SHADOW.AF found on the 19th. While the risk rating and distribution potential are both low, the potential damage is high as it appears to attack antivirus programs to patch the data with malware code. It also uses specific APIs to collect system information and may be related to the STUXNET malware. The Trojan TROJ_DUQU.DEC also listed on Trend Micro’s encyclopedia is similar in its damage potential and relation to STUXNET, but was found on the 21st.
Posted: October 28, 2011 04:25PM
Researchers at Ruhr-University Bochum found security issues with Amazon Webservices (AWS) which, if exploited, could cripple one’s privacy in the cloud. While the holes were only found in AWS, the researchers believe they may exist in many other cloud services.
The current security systems used to protect data in the cloud often come at the expense of performance, and as the services try to find an acceptable balance, others look for weaknesses. One hole the researchers found was exploited with XML signature wrapping attacks. The result was the researchers took the administrative rights of a cloud customer, enabling them to do things like add and delete images. Another exploited hole was found in the AWS and Amazon shop interface. Using cross-site scripting attacks, the researchers were able to gain complete access to customer data, including authentication data and passwords. This demonstrates the vulnerability of using a common login system, like Amazon.
These holes have already been sealed in every service the researchers notified, but by having existed, they prove the point that cloud data is not yet secured perfectly.
Posted: June 30, 2011 07:12PM
Security firms have cracked down on various forms of malicious software as of late due to the recently elevated amount of threats. Upon doing so, many of the firms have run into seemingly indestructible botnets. These enormous networks of infected systems are numerous, and while many have been dismantled, one of the largest may just be too tough to crack. TDL-4, the fourth version of the malicious TDL software, has an infected network of nearly four and a half million machines. As well, the infected systems communicate through an encryption code created by the makers of TDL-4. The encryption is robust enough to have thwarted all efforts to break it. Without a way to break through, security companies have no way of breaking apart the network, which, at 4.5 million strong could cause serious problems in a short amount of time. Also, as commands can be issued to the network from any of the infected systems, completely decentralizes the network and makes the botnet seemingly impregnable.
Posted: June 19, 2011 11:51AM
Back in February, Microsoft released a series of updates for Windows Vista and XP Service Pack 3. With this update, the AutoPlay feature within the AutoRun used for USB devices was disabled. This prevents a virus from taking advantage of this set of features and also brings Vista and XP SP3 up to date with similar protections found in Windows 7. The data shows a decrease in incidents by 1.3 million over three months when compared to the three months right before the update. Windows XP SP3 saw a 62% decrease, Vista SP1 saw a 68% decline, and Vista SP2 saw a decrease of an amazing 82%. Although this is a drastic improvement, many see this as way past due. Although the AutoRun feature may have been convenient, the outcome should have been easily predicted.
Posted: June 1, 2011 02:06PM
I'm sure by now you've all heard about the Mac Defender "virus" that is hitting Mac users. Mac Defender poses as an antivirus program and then once you download it, you get bombarded with spam. The reason for that is because Mac Defender isn't an antivirus program but rather a nasty bit of malware only targeting Macs. People have complained to Apple about it, and now, it seems Apple is finally doing something about it. When OS X 10.6 Snow Leopard launched, Apple saw fit to grace it with a quarantine program that works much like an antivirus program on a Windows computer. Now, Apple is updating it with daily background processes, so you no longer have to wait for Apple to roll out a new security update to be protected. Apple is aiming this feature primarily at Mac Defender, but it is also a precautionary measure in case more malware starts hitting Macs.
Posted: May 21, 2011 08:32PM
As the Macintosh line of computers gain popularity, it also grabs more attention from virus developers. If you remember learning earlier in the month there has been a pretty successful virus going around named Mac Defender, which tricks careless Mac users into downloading its scareware. Once installed the software will periodically open up the browser and display pornographic images, or may tell the user they need to buy the full version to get rid of their virus infestation. Many users would quickly turn to their AppleCare representatives to help them but would quickly learn that this would not be the answer. Ed Bott from zdnet.com had a chat with one of the head AppleCare specialists on exactly what has been going on with this new Mac epidemic. The representative said that their office has been overwhelmed with calls regarding the new virus. AppleCare has been ordered not to assist the affected customers in removing the malware from their machines. Apple states that it should not be relied on for every problem that comes along, and that antivirus software should be the one to deliver the fix.
Posted: May 3, 2011 02:43PM
Author: Charles Coggins III
MAC Defender, a fake antivirus software was discovered by Intego (security firm) on Monday. The fake antivirus software shows the infected user that it has found viruses on the Mac, and in order to get rid of the viruses one would need to buy the Mac Defender software. If an inexperienced user bought this program it could possibly end up taking the user's credit card information and send it off to scammers. The creators of Mac Defender have also used SEO poisoning to pump up the ranking of the Mac Defender website in order to make the unsuspecting user think it is a legit website and program. If a user visits the malicious webpage a window will appear and tell the user they have been infected and an automatic download of Mac Defender will show up asking the user to unzip and install the file. You can help to prevent yourself from accidently executing a malicious file by making sure your web browser is not set to automatically open downloaded files.
Posted: May 2, 2011 08:25PM
As Osama bin Laden's death rockets pass the recent royal wedding as the most popular news headlines, malware creators capitalize on the opportunity to snag unsuspecting searches of related information. Many of them have been using a loophole related to the way Google categorizes high ranking or most popular search hits to set traps for the users. Two malicious groups, ***-antivirus.cz.cc/fast-scan/ and ***pe-antivirus.cz.cc/fast-scan/, have been attempting to upload virus ridden Rogueware which touts to be the 'Best Antivirus' this year. Others have been aiming to mislead users by informing them that they need a newer update of VLC's browser plugin, when the link is clicked however, it will download Hotbar which is riddled with adware. A third tactic of entrapment is one where the malware masterminds will post links on popular social networking sites luring their victims by posing as breaking news updates.
Posted: April 12, 2011 11:12AM
Recently Adobe has announced there is a security exploit where hackers use a common Microsoft Word document to take advantage of a bug in Flash Player.
The hackers have been placing some nasty Flash based code within the Word documents, and even in some Excel spreadsheet files. When these files are opened, they sniff out important company information and pass it off to the hackers via the network. The document will link itself to multiple recipients within a corporation's email list. The most common discovery of the file was under the name of Disentangling Industrial Policy and Competition Policy, as to bait the unsuspecting to open it and have the hackers' plans reach fruition. The hackers would tailor the title of the email and respective document to anything related to their next victim's background.
The infected file extensions extend to even Adobe's own Acrobat PDFs, though there has not been any reports of malicious PDFs recorded as of yet. Some business owners have contemplated discontinuing use of Flash but cannot due to its deep roots in the world of computers. The companies must all live with stringent security checks on email attachments.