Avira and Virus News - Adware, Spyware and Trojans

nancy@compsecglobal.com (Nancy Pursley) — Tue, 28 Apr 2009 10:46:09 -0500

Phishers aiming to defraud banks have raised their game - and at the very least have learned to spell - according to the banking executives tasked with stopping them.

According to David Shroyer, Bank of America senior vice president of online security and enrollment, the attacks fraudsters are targeting at financial services organizations are continuing to develop. For example, fraudsters are now building phishing sites with malware embedded in them which means the unwary risk not only losing their bank details but also getting malware on their PCs if they are tricked into visiting such sites.

"People are still clicking on the links to see if they are real and those who aren't adequately protected are getting infected," he told a session at the RSA Conference in San Francisco.

"We've educated our customers as an industry but the fraudsters aren't standing still," he added.

The fraudsters have fixed some of their basic problems too.

"The bad guys have invested in a spell checker," he joked, a reference to the poorly spelt and designed phishing emails and websites which characterized phishing attempts a few years ago.

But as the fraudsters increase the sophistication of their attacks, educating customers becomes more difficult. "Now we are talking about a much harder topic, about customer protection on the PC and safe browsing habits and that's a hard message to convey," said Shroyer.

Continue reading ""

Conficker - the April Fool's Joke that never was?

news@nod32usa.com (Greg Hewitt-Long) — Wed, 01 Apr 2009 11:57:57 -0500

So, nothing happened?

Well, yes. Our labs, whoâve been monitoring carefully, note that Conficker changed communication protocols, just as the code said it would.

No doubt in the fullness of time, the botnet will start doing what botnets do: it would be bizarre to put this much effort into a project and then not try to make some profit out of it. And weâll still be watching.

In the meantime, I suspect, based on past experience, that two things will happen.

Continue reading "Conficker - the April Fool's Joke that never was?"

Worm attack chaos fails to strike

news@nod32usa.com (Greg Hewitt-Long) — Wed, 01 Apr 2009 08:22:14 -0500

The chaos predicted by some as the Conficker worm updates itself have so far failed to materialise.

There had been concerns that the worm could trigger poisoned machines to access personal files, send spam, clog networks or crash sites.

Many of the infected machines are based in Asia where there have been no reports of unusual PC behaviour.

Conficker is believed to have infected up to 15 million computers to date.

Those monitoring the progress of the worm as 1 April dawned around the globe said there was no evidence it was doing anything other than modifying itself to be harder to exterminate.

Continue reading "Worm attack chaos fails to strike"

Conficker Worm Strike Reports Start Rolling In

news@nod32usa.com (Greg Hewitt-Long) — Wed, 01 Apr 2009 08:00:57 -0500

Reports are trickling in about the impact from the Conficker worm, as infected systems passed zero hour at midnight and began downloading additional malicious components.

Here's a quick roundup of some of the more notable incidents caused by Conficker so far, according to published reports:

- A nuclear missile installation near Elmendorf Air force Base outside of Anchorage, Alaska briefly went on a full-scale military alert after technicians manning the bunker suspected that several of their control systems were infected with Conficker.

Continue reading "Conficker Worm Strike Reports Start Rolling In"

All quiet on the Conficker front

news@nod32usa.com (Greg Hewitt-Long) — Wed, 01 Apr 2009 07:51:00 -0500

We're still not sure if the reason that Conficker infected machines are all quiet so far is because nothing has been triggered, or because whatever has been triggered is so hush-hush, that we're just not aware that it is happening even!

If it's really low-key, the owners of infected machine might not notice (see Article "Will the conficker "event" go unnoticed by those infected?" Yesterday).

What is known is that a few "small" events have happened - Big Ben, the clock in Parliament Square, London, UK was affected, and the time was apparently changed on the famous clock.

Another attack was noticed at a Nuclear Missile base which triggered a full scale military alert - signs that I was indeed correct that our security might be compromised when questioned on the radio (600KCOL in Loveland, CO) yesterday.

So do we still expect a MAJOR EVENT?!??!

Continue reading "All quiet on the Conficker front"

Will the conficker "event" go unnoticed by those infected?

news@nod32usa.com (Greg Hewitt-Long) — Tue, 31 Mar 2009 13:50:07 -0500

Whether tomorrow is a day in cyber-crime history or not, we are predicting that even the infected machine owners will probably not notice anything different from the 31st of March.

As you may know, industry experts are predicting that April 1st 2009 will be a cyber-crime bonanza unleashed by the owners of the Conficker trojan/worm combo. Those who are already infected have probably already had their financial information compromised - and their PCs will already be sitting waiting for their instructions on what to do next.

There are a number of things that could be set in motion:

1. mass destruction of personal data on the host computers - this is the LEAST likely outcome.

The owners of this botnet are not going to trigger a self implosion of their own greatest "asset" - they need these computers to remain infected, and to continue to do their bidding.

2. Massive amounts of UCE (unsolicited commercial email)

Most botnet owners rent their bots in blocks to people who are in the UCE or spam business - these people send out bulk email which is the regular junk email you get on a daily basis. The more successful owners of these botnets do it in a drip-feed manner - that way if it is your machine that is infected, you would not notice the resource drain, or the slow-down on your internet connection. By being crafty and stealing only a few cpu cycles, or a little of your bandwidth- you are less likely to run cleanup programs and remove your computer from the bot collective.

Continue reading "Will the conficker "event" go unnoticed by those infected?"

Norton Antivirus patch used for attacks

news@nod32usa.com (Greg Hewitt-Long) — Thu, 12 Mar 2009 13:03:00 -0500

Cybercriminals have been exploiting an unsigned message asking users whether they trust a file download for a diagnostic patch called PIFTS.exe from Symantec for Norton Anti-virus.

The file was distributed without a signature for three hours on Monday to users running Norton's 2006 and 2007 versions. When users began posting blogs questioning the fileâs legitimacy, cybercriminals caught on and began poisoning results so that malware sites would turn up higher in search results for PIFTS.exe.

Continue reading "Norton Antivirus patch used for attacks"

Scottish hospitals laid low by malware infection

marjorie@webyourbusiness.com (Marjorie Dare) — Mon, 09 Mar 2009 17:47:42 -0500

Appointments for cancer patients had to be rescheduled after a computer virus infected the networking systems at two Scottish hospitals last week.

The infection of laboratory PCs at the Stobhill and Gartnavel General hospitals meant the bookings of 12 patients attending the Beatson West of Scotland Cancer Care Centre in Glasgow were postponed, The Glasgow Herald reports. Systems were taken offline for two days to allow computer technicians to clean up the mess.

The Herald compares the outbreak to the infection of systems at three London hospitals by the MyTob worm four months ago. The malware outbreak at St Bartholomew's, the Royal London Hospital in Whitechapel and The London Chest Hospital meant ambulances had to be briefly sent to other hospitals and meant that some appointments had to be rescheduled. In a small number of cases, medical staff had to fall back onto pen and paper backup systems. An independent review concluded the outbreak was "entirely avoidable".

Continue reading "Scottish hospitals laid low by malware infection"

Scottish hospitals laid low by malware infection

marjorie@webyourbusiness.com (Marjorie Dare) — Mon, 09 Mar 2009 17:47:42 -0500

New Computer Virus Targets Online Bankers

jpaytonREMOVED@compsecglobal.com (Justin Payton) — Mon, 23 Feb 2009 17:02:00 -0600

New banking trojans are hacking into online bank accounts. Unlike phishing attacks, which use e-mail scams to get you to type your login information at fake bank websites, the trojan programs are invisible and steal data many different ways. Banking trojans wait on your hard drive for a chance to get into your online banking accounts.

The programs can be gotten by clicking on a viral link to a greeting card or video through e-mail spam or by clicking to a website that has already been taken over by hackers. Usually banking trojans are unnoticed until the user logs on to a banking website and then it steals usernames and passwords.

Continue reading "New Computer Virus Targets Online Bankers"

Cell Phones a Much Bigger Privacy Risk Than Facebook

jpaytonREMOVED@compsecglobal.com (Justin Payton) — Mon, 23 Feb 2009 11:04:39 -0600

Everyone worries about the drunken photos of themselves posted on Facebook that could leak out to the wider world â whether it's to that cute guy or girl, your parents, or, worse yet, future employers.

But that isn't the half of it. Facebook has nothing on cell phones, which have become the most powerful weapon of privacy invasion ever.

With the appropriate use of cellular technology, parents can fence in their children, spouses can read their partners' text messages and the government can pinpoint a caller's location to within a few feet â all facts of which most people are unaware.

Consider those infamous little service bars. How else could those bars be extrapolated without constant communication with your carrier's nearest cellular antenna?

By triangulating the phone's position based on its communication with a number of the closest towers, the accuracy with which the carrier can determine the phone's location can be narrowed down to say, 50 meters. If the phone has GPS capabilities, the user's location can be pinpointed within a matter of feet.

The carriers have that information as a given. But the government can grab it quite easily.

A New York judge ruled in 2005 that the government could obtain a phone's tracking data without a warrant, as the user voluntarily chose to carry the phone and so implicitly allowed the transmission of tracking information.

With the right tools, your neurotic ex, overbearing parents or run-of-the-mill stalker can haunt you as well.

Some trackers are built into the service contract, as with Verizon's "Chaperone," which texts parents when their children leave parentally-designated boundaries. Or the tracking can be voluntarily enabled, as with the new service Google Latitude, which allows a user to transmit their phone's location to his approved friends.

Continue reading "Cell Phones a Much Bigger Privacy Risk Than Facebook "

Springfield city computers hit by virus

jpaytonREMOVED@compsecglobal.com (Justin Payton) — Sun, 22 Feb 2009 15:02:00 -0600

SPRINGFIELD, Mo. (AP) -- The city of Springfield has been hit with about $12,000 in costs to deal with the effects of a computer virus that hit this month.

Along with the $12,000 in costs, city employees have had to work several hundred hours of overtime to solve problems created by the bug that struck Feb. 2. The virus blocked city workers from accessing or sending data and kept the public from getting certain information.

Continue reading "Springfield city computers hit by virus "

Adobe warns of critical, unpatched security flaw

jpaytonREMOVED@compsecglobal.com (Justin Payton) — Sat, 21 Feb 2009 10:50:00 -0600

Attackers are making the rounds and exploiting a critical security flaw in Adobe Reader 9 and Acrobat 9.

Earlier versions of the PDF-related software are also affected by the critical security flaw, which could cause the applications to crash and potentially let an attacker gain control of a person's computer, Adobe Systems warned Thursday.

Reports also surfaced that attackers have developed an exploit and are taking advantage of the flaw, the company said.

Adobe has yet to develop an update to address the vulnerability but noted it expects to have one ready for Adobe Reader 9 and Acrobat 9 by March 11. After that, the company expects to launch updates for the earlier versions of the software going back to Adobe Reader 7 and Acrobat 7.

Continue reading "Adobe warns of critical, unpatched security flaw"

'Sexy View' SMS malware targets Symbian devices

jpaytonREMOVED@compsecglobal.com (Justin Payton) — Fri, 20 Feb 2009 16:30:00 -0600

Signed, Sealed, Delivered (You're pwned)

Bad sorts have created a malware targeted at Symbian mobile phones that comes signed with an apparently valid Symbian Certificate.

Because it is signed the application can potentially gain privileged access, net security firm F-secure warns. The malware is also unusual because it is targeted at S60 3rd Edition phones, instead of the more common target of 2nd edition phones.

The Yxe-A Trojan originates in China and is packaged up with names such as "Sexy View" and "Play Boy", providing an indication that social engineering trickery plays a part in pushing the code. F-Secure describes the malware as a Trojan but other vendors describe it as a worm, in recognition of the discovery of what might be described as auto-spreading capabilities.

Continue reading "'Sexy View' SMS malware targets Symbian devices"

Women 'Romanced' Out of $300K in Internet Dating Hoax

jpaytonREMOVED@compsecglobal.com (Justin Payton) — Fri, 20 Feb 2009 10:47:00 -0600

A handful of Canadian women were scammed out of almost $300,000 in a Nigerian romance hoax, the Edmonton, Alberta, Sun reported.

For one woman, the online dating scheme started when the unidentified middle-aged divorcee received text messages last year from a man about 10 years younger than her.

"They said, 'You know, you're a very pretty lady, I like your profile,'" the victim told the Edmonton Sun. "You feel very flattered."

After several more e-mails, instant messages and phone calls, the man promised to come to Canada and marry her.

Then came the requests for money, including one that claimed the man's son was hospitalized and needed three surgeries, the Sun reported.

Continue reading "Women 'Romanced' Out of $300K in Internet Dating Hoax"