background preloader

Malware

Facebook Twitter

Ransomware: Prevention is the only solution. I don't pretend to be an expert at this, but I have found a few things that are useful.

Ransomware: Prevention is the only solution

I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and, as I said, I am not an expert in the cryptography field, I asked other experts on Experts Exchange to allow me to include some of their thoughts on the matter. Malware Spreads through Skype. There is a new version of the Shylock malware spreading through Skype and is playing off the fact Microsoft is about to kill its Messenger application in favor of Skype.

Malware Spreads through Skype

The new version of Shylock has a number of new capabilities, but its goal is the same: Stealing sensitive financial data from infected machines. Shylock has been around for more than a year and researchers have watched it morph and adapt its tactics in the last few months. The malware, like other Trojan bankers, looks to steal credentials for online banking sites, and also has the ability to perform code-injection attacks.

Android Malware Infiltrates Google Play Store, Infects 100K Devices. Though most mobile security researchers, and even Google itself, readily acknowledge the looming Android security threat, conventional wisdom suggests that if you simply avoid third-party app stores, stick to Google's Play Store, and check all app permissions before installing new software, you really have nothing to worry about.

Android Malware Infiltrates Google Play Store, Infects 100K Devices

But as Android malware gets more sophisticated, and the potential reward for malware creators grows along with Android market share—which is now almost 60 percent of the entire global mobile market, according to IDC—this wisdom is, well, just not very wise. Beware of fake Google AV. Cyber crooks are once again trying to take advantage of Google's name and logo to push malware onto unsuspecting users.

Beware of fake Google AV

According to GFI researchers, a number of pages offering "Google antivirus" software and threatening to block the users' access to Google services because of an infection have recently popped up and appear among Google and Bing search results: Of course, the offered software is actually a rogue AV solution that has nothing to do with the Internet giant, and will likely try to bilk money from the victims. Windows Defender Offline — old name, new use. Microsoft’s newly released beta version of Windows Defender Offline, a rootkit-sniffing and Windows-rehabilitation tool, should be the latest addition to your bag of Windows-repair tricks.

Windows Defender Offline — old name, new use

Remove AV Protection 2011, removal instructions. AV Protection 2011 is a rogue anti-spyware program.

Remove AV Protection 2011, removal instructions

It pretends to be a genuine program that will check your computer for viruses. In reality, though, it will display false threats on your computer and constantly display fake security warnings to make you think your computer is infected. This fake program is promoted through the use of fake online virus scanners and alerts that appear when visiting infected websites. FAQ: What's the big deal about Duqu? Computer Virus Hits Military Drone Program: Report. WASHINGTON — A computer virus that captures the strokes on a keyboard has infected networks used by pilots who control U.S.

Computer Virus Hits Military Drone Program: Report

Virus Bulletin : News - Trojan steals money from bank accounts via 'training session' Social engineering circumvents banking security In a new method of stealing money from customer accounts, a variant of the SpyEye trojan invites the user to make a supposedly dummy transfer, thus socially engineering them into manually sending money to the attackers, security company Trusteer reports.

Virus Bulletin : News - Trojan steals money from bank accounts via 'training session'

Most banks have secured their online banking systems by having transactions confirmed via a different channel, such as a confirmation code sent via a text message. This does not make it impossible to compromise the system (as smartphone versions of banking trojans show), but it does make it significantly harder for the attacker. However, the use of social engineering can make the latter invincible against such security checks.

Android bug lets attackers install malware without warning. High performance access to file storage It's been more than a month since researchers reported two serious security vulnerabilities in Android, but so far there's no indication when they will be purged from the Google-spawned operating system that's the world's most popular smartphone platform.

Android bug lets attackers install malware without warning

Autorun malware being routed, says Microsoft. The battle against ‘Autorun’ malware, once a major threat to PC users, appears to be heading for victory according to new figures put out by Microsoft that show big declines in infection rates during 2011.

Autorun malware being routed, says Microsoft

Between January and May 2011, the number of Autorun-related malware infections detected by Microsoft’s Malicious Software Removal Tool (MSRT) dropped 59 percent on XP machines and 74 percent on Vista, compared to the levels seen in 2010, equivalent to a 1.3 million drop. The transformation appears to date from the retrofitting in January of this year of security that allowed the Autorun feature to be turned off on Windows XP and Vista for risky media such as USB sticks but not for others such as C Ds and DVDs. Windows 7 shipped with this feature and so wasn’t included in the analysis. Hunt Down and Kill Malware with Sysinternals Tools (Part 1) If you would like to read the other parts in this article series please go to: Introduction For the past few years, each time I’ve attended the annual MVP Summit in Redmond, a highlight of the conference has been Mark Russinovich’s presentation.

Warning: Urgent Microsoft Update May Be Firefox Malware - CSO Online - Security and Risk. Network World - A phony anti-virus scam is presenting itself as a near-perfect Microsoft update popup with one notable exception - it appears only on machines using Firefox browsers. According to the Sophos Naked Security blog machines infected in drive-by downloads from compromised sites receive the scareware that appears as urgent update notifications. The clue that the updates are phony is that they appear only when the affected computer uses Firefox. Legitimate updates come via Internet Explorer, Sophos says. Victims click to receive the urgent updates and their computers are infected with malware that seizes up the machines. 8 Articles for Learning Android Mobile Malware Analysis. Online attackers are paying increased attention to mobile devices. At the moment, the biggest mobile threat vector seems to take the form of trojan applications designed to run on a mobile phone and containing unwanted "features.

" If you come across a malicious program of that nature, how can you analyze it? This quick post notes several articles and tools that focus on examining inner-workings of Android mobile applications. Remove XP Antispyware 2012, removal instructions. XP Antispyware 2012 is a rogue antivirus application that reports false system security threats and displays fake security alerts to convince you that your computer is infected.

The program is promoted through the use of Trojans and other malicious software. Once installed, Vista Antivirus will perform fake system scan and report false or exaggerated system security threats on your PC. DroidDream Returns, Dozens of Infected Apps Pulled From Android Market. Juniper Networks finds rise in Android phone malware, smartphone spyware. Robert Westervelt, News Director Published: 11 May 2011 The rising use of smartphones is gaining the attention of cybercriminals, according to a new study by Juniper Networks Inc., which tracked a sharp increase in Google Android phone malware SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost.

Analysis of MBR File System Infector. Carberp Trojan Removes Antivirus Scanners, Other Malware from Host - Security. A piece of banking malware is evolving more sophisticated capabilities to stay hidden on victims' PCs, according to several security researchers. The information-stealing malware Carberp, discovered last October, can steal a range of data, disguise itself as a legitimate Windows file and remove any antivirus software installed on the host, according to Seculert. Twitter Worm Unleashes Fake AV Attack. Possible new Twitter worm. Blog Archive » Identifying the country of origin for a malware PE executable. Why Does My Computer Run Slow? Answer…

Ransom Trojan bounces back - ComputerworldUK.com. Internet Security Tools. Phishing attacks target users of Facebook, other social networks. Robert Westervelt, News Director Published: 08 Sep 2010 SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Millions of Web Websites Hacked by Malicious Widget.

Five tips for removing viruses and spyware from client machines.

Phishing

MaliciousSoftware. SecureWorks. Don’t Let Social Media Malware Slow You Down. Remove Antivirus Pro 2010, removal instructions. Worm spreads on Fotolog social networking website. 302 Moved Temporarily. Major 'botnet' busted in Spain; 12.7M PCs infected - Security Advisory (981169): Vulnerability in VBScript Could Allo. Untitled. A ZeuS killer? Not really. Unsolicited fake CVs distributing malware.