New Android malware difficult to delete?

Another virus that targets Android users has been discovered. This latest malware not only steals credit card and money transfer information, it also allows payments that you don’t know about.

TrustGo security labs called this new malware SMSZombie.A. It was initially discovered in China and exploits vulnerabilities in the country’s mobile payment system via SMS.

TrustGo security reported that this virus has been used by individuals to pay for their online gaming accounts via mobile payment systems.
The security firm added, “The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called ‘Android System Service.”

They also said that once the virus is installed in Android devices, it’s difficult for infected users to remove it. TheNextWeb also reported that at least 500,000 Android devices have already been infected by this virus.

They said, “While that’s a drop in the ocean for China Mobile’s 683 million subscribers, it has the potential to make a large number of unauthorized transactions and cause trouble and annoyance for many.”

Image Source: venturebeat.com

Sophos: Don’t forward Facebook/Olympic Torch virus

Isn’t it a very difficult time for us nowadays, as the dawn of technological advancement has brought a number of new dangers that could possibly lead to hackers, being able to get sensitive information from you that they could use for their own good?

Well, even the 2012 London Olympics weren’t sparred from these unruly individuals.

According to security firm Sophos, an email is currently being passed around that urges recipients to forward them. This, according to Sophos, it what they dub as the “Facebook/Olympic Torch virus.”

According to Sophos, by forwarding this message widely, you are in turn helping the “bad guys”. They are saying that recipients must think first before they click on the message. They added that you might as well delete the message and not open it or forward it, in order to avoid the virus.

This email could very well place you and others email addresses in danger as scammers and cybercriminals cold prey on them.

Sophos added that these email “might be scooped up by real malware, sent off to cybercrooks, and sold on to spammers and scammers.”

The email is spreading like wildfire in cyberspace and claims that an attachment called “Invitation FACEBOOK” is a virus that opens an Olympic torch that could destroy your hard drive.

Are you careful when opening emails? Be careful with the virus!

Image Source: facebook.com

Microsoft releases patch to combat Flame virus

The Flame virus, which was first discovered on infected Windows-based desktop computers in the Middle East, has surprised and has left some experts bewildered at how the attackers developed the virus.

Disguising itself as a legit Microsoft program, the company took it personally to develop a fix to combat the Flame virus, which they did and released it to the public to protect them from the wrath of this malware.

Experts were stunned when they discovered how the Flame virus disguises itself and how it attacks vulnerable PCs. Some even believe that this virus could have been used to deliver other cyber weapons that have yet to be discovered.

Microsoft spokesperson failed to comment on whether other malwares are exploiting the same flaws in Windows or if they are trying to look for similar bugs in their OS.

The developers of the virus were able to obtain a digital certificate that identifies the Flame virus as a legit piece of software from Microsoft.

The thing that bugs analysts and experts the most, is that if other hackers have copied the same technique and launched more attacks with new malwares.

Senior director with Microsoft’s Security Response Center Mike Reavey said, “We continue to investigate this issue and will take any appropriate actions to help protect customers.”

Image Source: businessweek.com

Malware detected! Cyber-war lunges forward

Now may be a good time to click the update button to your anti-virus software. A couple of weeks ago, while trying to locate and identify a very illusive viper/wiper program that has been infecting Iranian computers, Kaspersky Lab has detected something even larger and more threatening than described. The malware, currently dubbed as “Flame”, is speculated to be another step towards cyber-war.

The malware has been named after a common name in its modules “flame_props”. This malware has been said to be 20 times larger and more complicated than a previous Cyber-war tool named Stuxnet. Stuxnet and Duqu were two of the cyber-war weapons that were launched around 2009 and 2010. These malware were considered monsters of their time. Stuxnet apparently took at least half a year for Kaspersky Lab to analyze and it may take at least 10 years to bust Flame open. These malware ran rampant in Iranian computers and sought to gather data and destroy infrastructure.

Flame has been recorded to be infecting several countries in the Middle East, with Iran as the leading target. The size and scope of Flame’s targets seem to reflect that this is again another Government-backed cyber assault, with goals of espionage in mind. Flame has been reported to be gathering data and even deleting data from target systems. Even the spread of the malware is well controlled and remained undetected for 2 years and maybe even longer. The scope of attack and similarities to Stuxnet rules out independent acts of cyber criminals.

In Kapsersky’s statement, Flame infects its targets by installing a small compressed file into the drive, then further downloads and deploys up to 20 modules that allow the attacker to perform several tasks, taking virtual control over the affected systems. The total size of the toolkit reaches 20 MB, compared to the 500 KB of Stuxnet. The plug-ins can be deployed and turned off at will by the attacker, including well controlled deployment into USB hosts, making the malware harder to detect. It even has the ability to completely wipe itself from a computer, further making it difficult for large anti-virus firms like Kaspersky Lab to detect and analyze. Someone is definitely in the steering wheel of this ride. Flame is a malware that has grown exceedingly complicated compared to its predecessors. Who knows how many more of these are in the wild, still running undetected?

So what can this malware do? Nearly every recording and data gathering capacities of you computer is at its employ. Kaspersky Lab reports that Flame can effectively use your computer’s microphone to record conversations. It can view your keystrokes. It can browse all your data and communications in the internet. It can even use the Bluetooth device of your computer and access other devices in its coverage, gathering personal information, like names and phone numbers. It can choose who to infect and when is the best time to strike. It has all the makings of an espionage tool. No wonder Kaspersky Lab thinks this may very well be a nation’s attack upon another.

This poses a threat not only to the infected countries, but other countries as well who may one day fall on the attacker’s radar. Some can only cry out for the legality of these attacks, as these are basically Government-approved cyber crimes. For this incredibly powerful malware to fall on the wrong hands would be disastrous to the whole internet community. Privacy has become a very sensitive term in the internet, and this privacy may soon be no longer in our control, if stuff like these can be deployed and run undetected for many years. If the government can get away with attacking industries for their data, what is stopping them from spying on each and every one of us regardless of their reasons?

Virus created solely for espionage

Researchers have uncovered a new sophisticated virus that could possibly be developed with the help of state sponsored funds.

This said virus, dubbed as Skywiper, Flamer and Flame, is considered to be one of the most complex malwares ever developed and could be created solely for spying purposes.

Similar to the Stuxnet malware, this new virus is multiple times larger than the former and analysts hinted that the Flame was developed by either Israel or the United States considering the new malware’s sophistication.

A senior researcher in Kaspersky Labs said, “It’s very likely it’s two teams working effectively on the same program but using two very different approaches.”

According to CrySys, this malware may have been in cyberspace for over 8 years already. To gather information from target individuals, it uses keyboard strokes, activating microphones to record conversations and taking screen shots.

This sophisticated virus can also use Bluetooth to send and receive commands and data.

Antivirus giant Kaspersky has recorded infections in Iran, Israel and other Middle Eastern countries. Infected computers belong to educational institutions, state related organizations and individuals.

They also said in their blog that, “we would position Flame as a project running parallel to Stuxnet and DuQu.”

Image Source: technology.plidd.com

Microsoft brings an end to two Zeus botnet servers

Botnets have been a very big problem not only to those who they steal from but also to Microsoft.

These are networks of infected Windows PC’s being controlled by criminal gangs in order to steal from online banking accounts and leave you penniless.

The PC manufacturer has teamed up with the US Marshals and two financial services industry trade groups to orchestrate a raid on two Internet hosting companies: continuum Data Centers in Lombard, III., and BurstNet in Scranton, Pa.

Authorities were able to seize two command-and-control servers that they used to instruct the millions of PC’s that are infected and part of the Zeus botnet which is very massive.

The raid was the result of Microsoft’s civil lawsuit which can be considered as under the Racketeer Influenced and Corrupt Organizations Act. They used the legal means and at the same time cyberforensics since 2010 to shut down these servers.

According to security evangelist ESET Stephen Cobb, “Microsoft has done the online world a great service by establishing a repeatable process and a legal framework for taking down botnets and bringing malware distributors to justice.”

Researcher at Sophos Graham Cluley added, “The last thing Microsoft want is for the prevalence of malware to be a reason for people to purchase their next computer from Apple.”

 

Topless supermodel image used as in Mac malware

Users of Macintosh computers beware!

A new malware is spreading targeting your computers that uses photos of a topless supermodel to lure you into infecting your system.

Security firm Sophos said the malware, which is called OSX/Imuler-B, is using images of a Russian model Irina Shayk an FHM magazine cover girl.

Sophos said in a blog post, “By default, Mac OS X doesn’t display file extensions. Which means that Mac users might be duped into believing that the file they are about to click in is a JPG image, rather than an application. Mac users – learn from the mistakes of Windows users in the past. Think before you click, and don’t ever underestimate the ability of cybercriminals to exploit the most primal urges of computer users.”

They said that when you click on the file, it will automatically launch a Trojan that will also create a genuine JPG image of Shayk then delete itself afterwards.

Once done, the malware is no longer in the folder but is already in your Mac’s system.

Sophos added, “ Behind the scenes, the malware opened a backdoor to your computer and is uploading private information to a remote server. The trick of hiding a file’s true nature by exploiting an operating system’s default disabling of extensions is not a new one, of course. It’s something we’ve seen many Windows users be fooled by in the past.”

Scareware hides files and folders, charges $80 for repair

BitDefender developers have recently discovered a new scareware tactic threatens the victims that all their files and folders have disappeared due to hard disk issues and invites them to buy a disk repair utility that will solve the problem priced at $80.

The scareware is installed in the victims computer Win32.Brontok.AP@mm. It is a popular worm that spreads by attaching itself in an email to email addresses. It can also spread through USB drives.

The developers said, “It copies itself in every folder on the infected stick under the name of the folder. It adds an .exe extension that remains hidden from users. This is an indicator that it needs the user to recognize, trust, click and thus install it on the PC.”

The worm has the ability to disable antivirus and security software. The Brontok virus also doesn’t enable users to click on the “visible” settings for folders and files.

If the user’s gets tricked into buying the $80 fix that they are trying to advertise, beware. Even if you pay for it, this will still do nothing to restore the files and folders in their computers.

The best thing to do is watch what you install in your computer and avoid downloading email attachments that are not form trusted emails.

Image source: securitywatch.pcmag.com

Caution: Facebook Valentine theme may be a malware!

Beware! The cybercrooks are at it again.

Computer security developer Trend Micro has unveiled a new malware that could harm your PC’s. This new attack starts with a Facebook post on affected users walls inviting their friends to install a Valentines Day theme on their FB profiles.

Trend Micro said in a blog post, “Clicking the Install button on the page will prompt the download of the malicious file, FacebookChrome.crx which Trend Micro detects as TROJ_FOOKBACE.A. When
executed, TROJ_FOOKBACE.A executes a script that is capable of displaying ads from certain websites.”

These attacks only work when you Google Chrome and Mozilla Firefox as your Internet browser.

This is not the first attack of this kind, “but considering that extension-capable browsers are coming to the forefront now, it serves as a waring to all of use that this may be continuing a trend that the malicious entities of the internet are going to follow in the foreseeable future,” the post writes.

These cybercriminals have been wrecking havoc on this popular social networking site and have used these types of tricks in their schemes.

So, to avoid being victimized by these unscrupulous individuals, you better look and study first before clicking any link that could potentially lead you to damaging your computers.

New Year script compromises 10,000 websites

Anti-virus provider Symantec unveiled a report indicating that at least 10,000 domain names were compromised by a redirect script that targets the New Year celebrations.

According to the company, the websites was found to have a redirect script written in PHP that has a ‘New Year’ written on its file name.

Paul Wood, senior intelligence analyst for Symantec said, “We also expect to see plenty of spam and malware taking advantage of some of the major upcoming sporting events this year. We are already seeing reference to the Summer Olympics in London as part of 419 or advance fee fraud messages.”

The report said that spammers are distributing spam emails to lure individuals to those sites that were affected. A social networking site was mentioned that was used by these unscrupulous individuals in their scheme.

Wood added that, “By relating their mails to widely-celebrated holidays and current events with global interest, spammers and malware authors can (at first glance, at least) make their messages more interesting, and increase the chance of recipients visiting spam websites or becoming infected.”

The report also stated that at least 1 in every 327 emails in Australia has been found as malicious and 1 in every 542 are phishing related.