Monday, December 1, 2008

Emails containing a link for an animated holiday card are an early present from malware attackers.

The attack comes from a seemingly innocent picture of an animated Christmas scene from postcards.org that will link people to the malicious file postcard.exe hosted on various servers, ComputerWeekly.com reports.

If a user clicks on the link, it gives the hacker control of the infected computer through a back door and access to various resources. During the installation process of the executable file, an image called xmas.jpeg is displayed in an effort to distract users, according to Websense Labs.

Spotted here

BY AUDRA MAHLONG , JOURNALIST

Fortinet has replaced its Top 10 most-reported malware report with Threatscape, a monthly report which will show activities by threat type, volume, region and trends.

In its first edition, Threatscape looks at the threat landscape for October and evaluates nefarious online activities by category, exploits and vulnerabilities, malware, spam and blocked Web traffic.

“With this inaugural edition of the Threatscape report, our goal is to both broaden and deepen the threat content and offer customers, consumers, researchers and others more information to better mitigate their own online risks,” said Derek Manky, security researcher for Fortinet.

Spotted here

By Dan Goodin in San Francisco

Malware purveyors have wasted no time capitalizing on Barack Obama's landslide victory in the US presidential race. Within 12 hours of his acceptance speech Tuesday night, net users were being treated to scams involving Google AdWords and prodigious volumes of spam.

The spam comes masked as dispatches from legitimate news sources, including the BBC and CNN, and invite readers to click a link to view a video of Obama accepting his country's vote. Those who take the bait are sent to a spoof page of the news site that claims they need to update their Adobe Flash Player before viewing the speech.

Spotted here

Shaun Nichols in San Francisco

Security experts are warning users of a new malware attack posing as a pornographic YouTube video.

Researchers at McAfee said that the newly-discovered attack attempts to lure the user to a malicious site by way of a YouTube page promising an adult movie.

Written by Shaun Nichols in San Francisco

A group of Greek security researchers has created a tool to turn Facebook into an attack platform.

The researchers are from the Institute of Computer Science at the Foundation for Research & Technology Hellas, along with a researcher from Singapore's Institute for Infocomm Research.

In a paper entitled Antisocial Networks (PDF) the researchers demonstrated an application that causes Facebook users to unknowingly participate in denial-of-service (DoS) attacks against other sites.

Spotted here

In yet another new way to infect people, criminal hackers are using a Twitter page, according to one security researcher.

In a blog, Chris Boyd, director of malware research for Facetime, explained how a Twitter page is being used to lure victims.

Chinese hackers are sending out malware masquerading as the Trend Micro Virus Clean Tool, according to Trend. The example in the linked Trend blog is in Chinese, so perhaps the threat is only real in China (and Taiwan).

by Matthew posted on July 28, 2008 1:21 pm

McAfee is warning of a new variant of the Spy-Agent.bw virus that spreads via e-mail attachment.

The spam you may receive in your inbox purports to be from a courier service detailing a parcel they tried to deliver, but were unsuccessful.

Spammers Continuing to Use Sensationalized Headlines to Lure Unsuspecting Computer Users

Last update: 11:51 a.m. EDT July 28, 2008

BUCHAREST, ROMANIA, Jul 28, 2008 (MARKET WIRE via COMTEX) -- A new malware distribution scheme performed via spam messages aimed at tricking computer users to download and install malicious applications on their computers has been identified by BitDefender(R), an award-winning provider of antivirus software and data security solutions, today.

At Black Hat, RSnake is expected to demonstrate a zero-day vulnerability that allows for information theft, spoofing, and authentication issues.

By Thomas Claburn - InformationWeek - July 25, 2008 03:00 PM

"Gmalware" may be coming soon to your iGoogle page.

In two weeks, at the Black Hat Conference on Wednesday, Aug. 6, Cenzic senior security analyst Tom Stracener and security researcher Robert Hansen, better known as "RSnake," plan to demonstrate a zero-day vulnerability that affects Google Gadgets.

Spotted here

Intego might have stumbled across an OS X specific virus being offered for auction that targets a previously unknown ZIP archive vulnerability.

Carl Jongsma (Computerworld) 24 July, 2008 14:27:59

Mac antivirus maker, Intego, have published an interesting alert about a potential OS X virus that an enterprising individual is trying to sell through auction.

JULY 23, 2008 | 6:00 PM
By Tim Wilson -Site Editor, Dark Reading

The seven-year-old Coreflood botnet is quietly stealing thousands of passwords from corporate users and other large organizations, thanks to recent enhancements that allow it to spread like a worm, researchers say.

The enhancements were revealed June 30 by botnet expert Joe Stewart, director of malware research at SecureWorks.

Posted by Robert Vamosi

According to a report out Wednesday, antivirus vendor Sophos says it detects one Web page with malicious content every 5 seconds--a trend that is up 300 percent from 2007.

In its Security Threat Report for the first half of 2008, Sophos says it finds just over 16,000 malicious pages each day, mostly the result of malicious SQL-injection attacks on legitimate Web sites such as the attack on Sony's U.S.

Written by Shaun Nichols in San Francisco

An screen name once connected to animated TV dad Homer Simpson is being used to spread malware.

In a 2003 episode of The Simpsons, writers revealed that Homer's e-mail address was chunkylover53@aol.com.

A criminal group that specializes in deploying malicious software to steal banking data is presenting victims with fake maintenance pages and error messages as a means of getting around anti-fraud safeguards erected by many banks.

more at washingtonpost.com

John E. Dunn, Techworld.com

Select Category Cell Phones Desktop PCs Cameras Hard Drives Monitors Notebooks Optical Drives Printers Projectors Sunday, May 25, 2008 5:00 AM PDT
Love or hate its nagging prompts, Vista's Account Control feature (UAC) has a security feature that marks it out from any other type of Windows security programme -- it can spot rootkits before they install.

It seems that adware pushers have found a new way to trick you into downloading their annoying products: fake MP3 files.

more at pcadvisor.co.uk

As we recently saw, automatic subscription renewals seem to have become de rigueur for antivirus software vendors. But one reader recently discovered that the practice is creeping into the anti-spyware category as well.

Posted by Carl Weinschenk on March 24, 2008 at 2:50 pm

Microsoft’s acquisition of Komoku both gives it new tools against rootkits and another entry point into the government market.

Komoku, according to this eWeek story on the acquisition, deals with the pernicious form of malware that burrows deep into target systems and, unlike traditional viruses, does a good job of hiding itself from detection.

Joseph Bochner didn't know much about Internet crime when his then-girlfriend called him in 2004, frustrated that her computer had become unacceptably slow, almost unusable.

The desktop's CD/DVD drive had popped open, and the monitor displayed a flashing red window screaming "Virus Warning!!!" urging her to click a link and purchase a program to disinfect the machine.