NOD32 and Virus News - Virus & AntiVirus News

Hackers dont discriminate: Viruses attack all platform users

news@nod32usa.com (Greg Hewitt-Long) — Sat, 25 Feb 2012 13:19:43 -0600

Historically, few viruses have been written to attack Mac-based operating systems. But as the popularity of these devices has increased, so has the popularity of Mac-targeted malware. Regardless of whether your organization uses Windows-based PCs or Macs or a mix of both, you need a solution that provides protection for all operating systems.
Continue reading "Hackers dont discriminate: Viruses attack all platform users"

We can all send threat into ESET Labs - this is how easy it is to help

news@nod32usa.com (Greg Hewitt-Long) — Wed, 11 Jan 2012 08:44:58 -0600

As everyone knows, no single protection system is 100% - and even with a layered defense, it is possible for a threat to arrive on your PC (or Mac) without detection - the final step between you an POTENTIAL infections, is you!

This very morning, I received just such a threat - it arrives in an email and was not picked up by ESET as an email threat. The email came to a publicly available email address - and it there were some obvious clues that this was not a legitimate email...

Clues in the email:

1. from a company, business, or person we didn't recognize
2. to a publicly available email address we only expect email on a particular topic (and the topic was not correct)
3. a zipped attachment included with the email
Continue reading "We can all send threat into ESET Labs - this is how easy it is to help"

We can all send threat into ESET Labs - this is how easy it is to help

news@nod32usa.com (Greg Hewitt-Long) — Wed, 11 Jan 2012 08:44:58 -0600

The Ramnit worm steals more than 45,000 Facebook credentials

news@nod32usa.com (Greg Hewitt-Long) — Sat, 07 Jan 2012 07:41:39 -0600

Facebook users ought to be more careful about their online security after the birth of the Ramnit worm. For the unknown, Ramnit was first discovered in April 2010 when the Microsoft Malware Protection Center (MMPC) described Ramnit as Win32/Ramnit is a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker. More than 17.3 % of malicious software infections trace their origin to the Ramnit worm, according to Symantec.
Continue reading "The Ramnit worm steals more than 45,000 Facebook credentials "

New virus raids your bank account - but you won't notice

news@nod32usa.com (Greg Hewitt-Long) — Fri, 06 Jan 2012 16:43:25 -0600

The best way to protect yourself from an online financial scam is to diligently check your bank accounts. At least, until now.

Israeli-based Security firm Trusteer has found an elaborate new computer virus that not only helps fraudsters steal money from bank accounts -- it also covers its tracks.

Think of a crime plot involving a spy who plans to break into a high-security building and begins by swapping out security camera video so guards don't notice anything is amiss. Known as a surveillance camera hack, the technique has been used in dozens of movies.

A new version of the widely prevalent SpyEye Trojan horse works much the same way, only it swaps out banking Web pages rather than video, preventing account holders from noticing that their money is gone.
Continue reading "New virus raids your bank account - but you won't notice"

'Morto' Worm Infects Windows Systems With Weak Passwords

news@nod32usa.com (Greg Hewitt-Long) — Tue, 30 Aug 2011 07:37:20 -0500

The latest Internet worm targeting Windows Remote Desktop Protocol attacks the lowest-hanging fruit: weak administrator passwords. A tip: "letmein" is not a good password.

A new worm, called "Morto," has been infecting machines via Remote Desktop Protocol on Windows machines, according to security researchers.

Morto is the first Internet worm to use RDP as an infection vector, Mikko Hypponen, the chief research officer of F-Secure, wrote Aug. 28 on the F-Secure News from the Lab blog. Unlike previous automated worms such as CodeRed, Blaster, Sasser and Slammer, which wreaked havoc on enterprise networks, this worm does not exploit any specific Windows vulnerability. Instead, it looks for machines on the network with port 3389, used by RDP and then tries to brute-force the password to take over the machine, Hypponen said.
Continue reading "'Morto' Worm Infects Windows Systems With Weak Passwords"

Malware tricks victims into 'refunding' money to crooks

news@nod32usa.com (Greg Hewitt-Long) — Sat, 30 Jul 2011 08:21:46 -0500

Customers erroneously told accounts are frozen as part of ruse

By Matt Liebowitz

If you log in to your online banking page and receive a notice telling you that you need to return money you were mistakenly credited, keep your wallet closed.

A new strain of dangerous malware is worming its way into online bank accounts on Windows systems and informing customers that their accounts have been frozen, then instructing them to refund the money, Brian Krebs reported on his Krebs on Security blog.
Continue reading "Malware tricks victims into 'refunding' money to crooks"

Apple OS X Targeted By Remote Backdoor Malware

news@nod32usa.com (Greg Hewitt-Long) — Wed, 27 Jul 2011 09:30:11 -0500

By Mathew J. Schwartz - InformationWeek

Researchers say a remote-controlled Trojan application, known as the Olyx backdoor, is going after OS X devices.

Apple has recently released a slew of product updates, some timed to coincide with the release of its new OS X 10.7 Lion operating system. But illustrating the rapid pace at which malware evolves, on Monday, security researchers began reporting seeing a new, remote-controlled Trojan application now targeting Apple OS X.

The malware (Olyx backdoor), resembles GhostNet, first seen in 2009, which targeted older versions of Windows. The new version, however, contains a malicious executable which is decidedly Mac-focused. It also includes a signed digital certificate to help it evade defenses.
Continue reading "Apple OS X Targeted By Remote Backdoor Malware"

More than 800 Android apps are leaking personal data

news@nod32usa.com (Greg Hewitt-Long) — Fri, 22 Jul 2011 09:00:29 -0500

By Mike Flacy

Malware is becoming increasingly problematic for smartphone owners using the Android operating system. A security firm released unsettling information on growth of mobile malware.

A security firm named Dasient studied 10,000 applications for Android smartphones and found that more than 8 percent of the applications are transmitting personal user data to unauthorized computers. This form of malware is designed to take control of a users smartphone. For instance, eleven of the malware-filled applications automatically sent text messages to entire contact lists, much like email spammers taking control of another account. If a user pays for SMS messages rather than an unlimited plan, it can easily rack up charges without any interaction from the user besides downloading the application.
Continue reading "More than 800 Android apps are leaking personal data"

Security experts knock Google on PC infection warnings

news@nod32usa.com (Greg Hewitt-Long) — Fri, 22 Jul 2011 08:53:36 -0500

Millions told their computers have been hacked

Computerworld - Google has taken the unprecedented step of warning millions of users whose PCs it believes are infected with fake security software and other malware, the company said yesterday. But some security experts are leery of Google's move.

The warning appears as a bright yellow banner that reads "Your computer appears to be infected," at the top of the page after users conduct a search with Google.

Continue reading "Security experts knock Google on PC infection warnings"

Why Windows users should care about malware on Macs

news@nod32usa.com (Greg Hewitt-Long) — Mon, 06 Jun 2011 09:51:36 -0500

By Ed Bott

Why is a Windows guy writing so much about malware on Macs? Because it affects me, too.

I have a Mac on my desktop. I use it regularly. I have friends, family members, clients, and professional associates who use Macs. Several of them switched specifically because they believed it would make them safer online. If they call with a problem, I need to be able to help, not just shrug my shoulders and tell them to call Apple.

Over the past few weeks, I have found Mac malware and Windows malware side by side on the exact same compromised web sites, served up by Google search results. The visuals and the payloads are tailored to match the visitors computing environment, but the social-engineering tricks are identical and are specifically designed to snare unwitting victims.

Apple, Google, and Microsoft should be working together to respond to this problem, but that doesnt appear to be happening.

So how effective has Apples response been so far? Not very.

As I noted last week, Apple has begun playing a frustrating game of cat and mouse with the bad guys. They have released a new set of malware definitions for the XProtect feature in OS X 10.6.7 every day since they released Security Update 2011-003 last week. Six days, six updates so far. And each time the criminals behind the Mac Defender family have revised their product within a few hours so that it bypasses those signatures.

I captured two more samples of the latest Mac Defender variant in action on Saturday and Sunday. Its now called Mac Shield.
Continue reading "Why Windows users should care about malware on Macs"

MacDefender (now MacGuard) Can Install Without Credentials

news@nod32usa.com (Greg Hewitt-Long) — Sat, 04 Jun 2011 06:39:14 -0500

by Dan Clark

The recent MacDefender Trojan has been receiving "rebranding" facelifts since it came out. It has now been deployed as MacProtector, MacDetector, MacSecurity, Apple Security Center, and there are no doubt more iterations to come. The malware has been updated, and now sports an improved UI that looks like a native Mac OSX application, unlike the first variant, which appeared to be Windows software.

EDIT: A new variant is now being deployed that can install without credentials. The image below shows a fake Finder window displayed within the browser. If you see this window, close the browser, or Force Quit if you can't quit. Don't select the "Cancel" or "Remove All" buttons, as this will install the malware without asking for your password. As this makes the malware more likely to be deployed, we recommend users disable "Open "Safe" files after downloading," at least until Apple pushes their pending security update.
Continue reading "MacDefender (now MacGuard) Can Install Without Credentials"

Malware episode puts Mac users on notice

news@nod32usa.com (Greg Hewitt-Long) — Sat, 04 Jun 2011 06:32:05 -0500

By Glenn Fleishman

Mac users have the wrong idea about malware. I know I did. We tend to think of viruses as software that installs itself on our computers when we visit malicious Web pages in the Internet's back alleys, like porn and pirated software sites. Or of worms that infect remotely by scanning for vulnerable systems. And we think only Windows systems are affected.

Some of that is true. But we're most vulnerable in our minds, not our operating systems.

The Mac Defender malware should put to rest those assumptions and be a wake-up call for a change in attitude. It was for Apple.
Continue reading "Malware episode puts Mac users on notice"

As the Mac gets targeted by malware, the PC gets safer

news@nod32usa.com (Greg Hewitt-Long) — Thu, 19 May 2011 11:16:00 -0500

By Preston Gralla

Bad news for Mac users: the first construction kit for Mac OS X Trojans has appeared. That comes just as Microsoft released a report showing that Windows 7 is far safer than previous versions of Windows. So while it's true that the Mac is still safer than a PC, the security difference between them has begun to shrink.

The Trojan construction kit for Mac OS X "is the first of its kind to hit the Mac OS platform," Peter Kruse, a partner and security specialist at the security firm CSIS, writes in his blog.

Why is the kit appearing now? Because Mac OS X is finally popular enough so that it's a tempting economic target. A paper back in 2008 estimated that Mac OS X would be targeted when it reached 16% market share - which is what it now has in several countries, including the U.S.
Continue reading "As the Mac gets targeted by malware, the PC gets safer"

Lizamoon malware attacks 4 million websites - relatively few users infected

news@nod32usa.com (Greg Hewitt-Long) — Mon, 04 Apr 2011 07:51:36 -0500

A massive SQL injection called Lizamoon is blazing through the internet, infecting more than half a million domains around the world to date and as many as 1.5 million URLs.

The attack initially hit around 50,000 domains when it emerged earlier this week, by using an automated JavaScript injection that targets vulnerable websites. Compromised sites then redirect visitors to malware and scareware-infected domains.

The first malware-filled domain to surface was lizamoon.com, after which the attack was subsequently named. It was responsible for infecting thousands of victims, but is currently offline. Researchers have identified others that are being used in its place.

The Lizamoon website attack seems to have ensnared relatively few victims.

The massive attack managed to inject the name of several rogue domains into hundreds of thousands of websites.

The link led to a page that carried out a fake virus scan and then recommended fake security software to clean up what it supposedly found.

But despite the huge success by the attackers, swift action by security firms looks to have limited the number of victims.
Continue reading "Lizamoon malware attacks 4 million websites - relatively few users infected"

NOD32 and Virus News - Virus & AntiVirus News

Hackers dont discriminate: Viruses attack all platform users

We can all send threat into ESET Labs - this is how easy it is to help

We can all send threat into ESET Labs - this is how easy it is to help

The Ramnit worm steals more than 45,000 Facebook credentials

New virus raids your bank account - but you won't notice

'Morto' Worm Infects Windows Systems With Weak Passwords

Malware tricks victims into 'refunding' money to crooks

Apple OS X Targeted By Remote Backdoor Malware

More than 800 Android apps are leaking personal data

Security experts knock Google on PC infection warnings

Why Windows users should care about malware on Macs

MacDefender (now MacGuard) Can Install Without Credentials

Malware episode puts Mac users on notice

As the Mac gets targeted by malware, the PC gets safer

Lizamoon malware attacks 4 million websites - relatively few users infected

Hackers dont discriminate: Viruses attack all platform users