NOD32 and Virus News - Adware, Spyware and Trojans

Massive increase in Phishing/Threat laden email attacks to financial targeted email addresses

news@nod32usa.com (Greg Hewitt-Long) — Thu, 08 Mar 2012 10:41:33 -0600

In the last 24 hours, we have seen a huge increase in the number email-borne threats - these emails are coming into email addresses with a financial leaning - ie, anything relating to billing, invoicing or payments - all the emails contain hidden calls to websites with infection vectors for windows PC- so...

be careful . . .

do not open emails from people you do not know - but even the "preview" in Outlook and some other email programs can load this threat!

keep your antivirus up to date

update your windows and other software

Notorious TDL4 rootkit retooled to better withstand antivirus programs

news@nod32usa.com (Greg Hewitt-Long) — Tue, 25 Oct 2011 14:47:11 -0500

Security researchers believe hackers are altering botnet for use as crimeware toolkit to be licensed to other cyber criminals

By Lucian Constantin - IDG News Service

Experts from security vendor ESET warn that TDL4, one of the most sophisticated pieces of malware in the world, is being rewritten and improved for increased resilience to antivirus detection.

"ESET researchers have been tracking the TDL4 botnet for a long time, and now we have noticed a new phase in its evolution," announced David Harley, the company's director of malware intelligence.
Continue reading "Notorious TDL4 rootkit retooled to better withstand antivirus programs"

Rise Of Android Botnets

news@nod32usa.com (Greg Hewitt-Long) — Thu, 15 Sep 2011 06:30:57 -0500

By Kurt Marko

No, it's not the latest series on the Syfy network, much as affected companies may wish this trend were fiction.

The size of the smartphone malware "market" was made clear last week in a report issued by Damballa Labs that offers a rare analysis of mobile botnets. Now, if you've followed InformationWeek's Mobile Security Tech Center, you know that malware targeting mobile devices -- effectively smartphones, since the tablet market is owned by iPad, which has yet to see a successful malware penetration -- is on the rise. Today, breaking into connected devices and compromising online identities is big business, and smartphones are the next front in the cybercrime battlefield.

Damballa found that in the first half of this year, the number of compromised Android devices communicating with known criminal command and control (C&C) networks grew significantly, topping out at 20,000 devices on two particularly nasty weeks. This marks a disturbing milestone in the evolution of mobile malware, since until recently, mobile exploits typically didn't involve a persistent takeover of the device and active communication with a C&C botnet. As the report concludes, "two-way Internet communication now makes the mobile market as susceptible to criminal breach activity as desktop devices."
Continue reading "Rise Of Android Botnets"

Say goodbye to era of Mac malware immunity

news@nod32usa.com (Greg Hewitt-Long) — Thu, 19 May 2011 10:29:00 -0500

As Apple gains success and market share, hackers turn sights on operating system

By John R. Quain

You know you've finally arrived as a software platform when hackers start gunning for you.

Such is the predicament that Apple's success has brought: Sophisticated malware has started to appear that's directed specifically at Apple machines.

For years, security experts predicted that as Apple gained market share, cybercriminals would turn their attention from Windows machines toward Mac attacks. Now it appears to really be happening.

Apple's Mac OS X operating system now enjoys a market share of more than 15 percent in the U.S., according to Swedish Web-monitoring service Pingdom.

Coincidentally, in a 2008 paper written for the IEEE Computer Society, Cloudmark researcher Adam O'Donnell predicted that when Apple's market share reached a "tipping point" of roughly 16 percent, then hackers would begin targeting those systems.

According to other experts, that prediction now appears to be coming true.
Continue reading "Say goodbye to era of Mac malware immunity "

Apple (finally) admits Mac malware 'getting worse'

news@nod32usa.com (Greg Hewitt-Long) — Thu, 19 May 2011 08:26:05 -0500

Malware threats for Apple Inc.s Macintosh operating system are getting worse, and Apples official policy is not to help get rid of the problem.

These were the admissions of an AppleCare call center representative who spoke to tech website ZDNets Ed Bott, who posted the transcript of the conversation on ZDNets site.

We started getting a trickle of calls a couple weeks ago. However, this last week over 50 percent of our calls have been about it. In two days last week I personally took 60 calls that referred to Mac Defender," said the representative.

Mac Defender is a rogue software masquerading as an anti-malware program for computers running the Mac OSX operating system.

It presents bogus messages and charges users to pay for the program
Continue reading "Apple (finally) admits Mac malware 'getting worse'"

Macintosh fake antimalware goes after your credit cards

news@nod32usa.com (Greg Hewitt-Long) — Thu, 19 May 2011 08:23:14 -0500

According to MSNBC, a new malware is targeting Mac users through their use of Safari browser. The fake antivirus made to look like the real version of MacDefender tricks people into giving out credit card numbers. Safari users who do not disable the automatic download option will allow this malware to install itself onto Mac. You can disable this option in Safari by uncheck Open safe files after downloading under General of Preferences.

Of course, you can do the hardway of figuring out where the malware so you can delete it, but there is an easy way to go about removing the malware. I dont know if CleanApp can really remove this specific malware or not, but it has been so useful for me in removing all installed applications on my Macbook Pro with just one click every so now and then. This CleanApp will gather all files and folders that reference to a specific app that you want to delete, and it will show you options so you can either decide to delete only portion of the app or completely remove everything about the app from your Mac with one click.
Continue reading "Macintosh fake antimalware goes after your credit cards"

Microsoft helping to stop malware, while Apple blows off malware victims who contact them

news@nod32usa.com (Greg Hewitt-Long) — Wed, 18 May 2011 15:21:31 -0500

Yes, it looks like real malware has finally come to Macintosh, and Apple is blowing off users who call for support for the problem. But I'm sure Apple is doing it with style, and that's what really matters. The style of the day is unaccommodating.

If you're not already angry about something, read Ed Bott's blog at ZDNet to see how Apple is handling what appears to be the first real outbreak of malware on Apple Macs in the OS X era. An AppleCare support rep tells Ed that a notice from management tells them that "...we're not supposed to help customers remove malware from their computer."
Continue reading "Microsoft helping to stop malware, while Apple blows off malware victims who contact them"

Android Malware Volume Jumps 400%

news@nod32usa.com (Greg Hewitt-Long) — Fri, 13 May 2011 09:36:19 -0500

Despite the risks, experts predict slow uptake of client security tools on mobile devices.

By Mathew J. Schwartz InformationWeek

The volume of attacks that target the Android mobile operating system has increased by 400% since the summer of 2010. Also in that timeframe, one in 20 enterprise mobile devices has gone missing.

Those two findings come from the "Mobile Malicious Threats" report released Tuesday by Juniper Networks, which sells networking hardware and security products.

While significant, the four-fold increase in malware targeting Android isn't unexpected. "You don't have to be extraordinarily smart to write mobile malware these days because most devices don't have any security tools to stop the malware," said Dan Hoffman, chief mobile security evangelist at Juniper Networks, in a telephone interview.
Continue reading "Android Malware Volume Jumps 400% "

Malware in fake White House e-card steals data

news@nod32usa.com (Greg Hewitt-Long) — Sat, 08 Jan 2011 11:00:31 -0600

An e-mail sent to an unknown number of government employees and contractors two days before Christmas appeared to be a holiday greeting from the White House but instead hid malware that stole data.

The innocent-looking holiday e-greeting prompted recipients to click to view the card, but when the file was opened, malware known as "Zeus" was downloaded to the computer, according to reports. Zeus is known as a banking Trojan horse designed to steal passwords and online credentials, mostly for financial fraud.
Continue reading "Malware in fake White House e-card steals data"

Trojan Distributed in New Mass Injection Attack via Java Downloader

news@nod32usa.com (Greg Hewitt-Long) — Wed, 29 Dec 2010 14:33:58 -0600

By Lucian Constantin

Security researchers warn that a new mass injection attack is underway directing the visitors of hundreds of websites to a malicious Java applet which downloads a trojan.

According to Denis Sinegubko, the creator of the Unmask Parasites Web scanner, the malicious code is added at the end of HTML pages on compromised websites and takes the form of an obfuscated JavaScript function.

When parsed by the browser, this function adds a rogue IFrame to the HTML document, which loads a new.htm page from aubreyserr.com, medien-verlag.de or yennicq.be.
Continue reading "Trojan Distributed in New Mass Injection Attack via Java Downloader"

Malware Found In Ads Served By DoubleClick

news@nod32usa.com (Greg Hewitt-Long) — Sun, 12 Dec 2010 12:23:32 -0600

DoubleClick, the Google-owned ad technology, has been distributing malware in an online ad served through a number of websites, according to the security researcher who says he discovered the attack.

The malware infects users who visit a page where an infected banner ad is displayed. Its installed as a drive-by download, meaning that users dont have to click on the ad to be infected, they just have to visit a website when the ad appears on the page.
Continue reading "Malware Found In Ads Served By DoubleClick"

Lady Gaga songs 'stolen' in Germany

news@nod32usa.com (Greg Hewitt-Long) — Thu, 09 Dec 2010 08:31:43 -0600

Two people are being investigated by police in Germany after being accused of stealing songs from artists like Lady Gaga, Justin Timberlake and Ke$ha.

Media reports in the country have named the pair as 18-year-old student Deniz A and Christian M.

They are under investigation for using a trojan horse virus to hack into the artists' computers for about 12 months before being discovered.

Prosecutor Rolf Haferkamp wouldn't comment on which songs were stolen.
Continue reading "Lady Gaga songs 'stolen' in Germany"

Mac users can't afford to have their heads in the sand over malware

news@nod32usa.com (Greg Hewitt-Long) — Fri, 26 Nov 2010 08:39:51 -0600

By Adrian Kingsley-Hughes

Mac might not be under attack from as much malware as Windows, but according to security firm Sophos, users cant afford to have their heads in the sand.

Based on a user base of some 150,000 for its new Sophos Anti-Virus for Mac Home Edition, the software collected some 50,000 malware reports between November 2nd and November 16th.

Continue reading "Mac users can't afford to have their heads in the sand over malware"

Trojan horse found that blocks file sharing sites

news@nod32usa.com (Greg Hewitt-Long) — Fri, 26 Nov 2010 08:24:49 -0600

According to Colorado based security firm WebRoot, a trojan originating on a server in Russia has the unusual behavior of blocking users from using filesharing sites: ThePirateBay.org, Mininova and SuprBay (the official forum for the Pirate Bay).

Such behavior from a trojan horse is somewhat unusual, as this falls in line with the Music Industry's MPAA and the RIAA - could these anti-pirate organizations be the source of a trojan to combat music and movie piracy??

Given that the Mininova site made a u-turn against copyright material sharing more than a year ago, the trojan is something of a conundrum.

Filesharing has always been a route to infection for many virus and malware authors, and filesharing is considered by many in the security industry to be one of the more risky behaviors when it comes to picking up infections of trojans, viruses, spyware and other malware - but this might be a new twist in the malware industry - following in the footsteps of Stuxnet - Another "targeted" malware - with a misguided mission to somehow "do good by doing bad"?!?

It has long been speculated that the MPAA and RIAA have been involved in posting fake shared file - for the purposes of either entrapment, or infection of those who share copyright infringing movies and music... could this be the smoking gun to prove they'll stoop to criminality to combat crimes against their founders and funders?

Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage

news@nod32usa.com (Greg Hewitt-Long) — Tue, 16 Nov 2010 22:17:43 -0600

Bushehr Nuclear Reactor

New and important evidence found in the sophisticated Stuxnet malware targeting industrial control systems provides strong hints that the code was designed to sabotage nuclear plants, and that it employs a subtle sabotage strategy that involves briefly speeding up and slowing down physical machinery at a plant over a span of weeks.

It indicates that [Stuxnet's creators] wanted to get on the system and not be discovered and stay there for a long time and change the process subtly, but not break it, (.pdf) says Liam O Murchu, researcher with Symantec Security Response, which published the new information in an updated paper on Friday.

The Stuxnet worm was discovered in June in Iran, and has infected more than 100,000 computer systems worldwide. At first blush, it appeared to be a standard, if unusually sophisticated, Windows virus designed to steal data, but experts quickly determined it contained targeted code designed to attack Siemens Simatic WinCC SCADA systems. SCADA systems, short for supervisory control and data acquisition, are control systems that manage pipelines, nuclear plants and various utility and manufacturing equipment.
Continue reading "Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage"