Search the Community
Showing results for tags 'malware'.
Found 11 results
-
Security experts have discovered a malware platform that's so advanced in its design and execution that it could probably have been developed only with the active support of a nation-state. The malware—known alternatively as "ProjectSauron" by researchers from Kaspersky Lab and "Remsec" by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes. State-sponsored groups have been responsible for malware like the Stuxnet- or National Security Agency-linked Flame, Duqu, and Regin. Much of ProjectSauron resides solely in computer memory and was written in the form of Binary Large Objects, making it hard to detect using antivirus. Because of the way the software was written, clues left behind by ProjectSauron in so-called software artifacts are unique to each of its targets. That means that clues collected from one infection don't help researchers uncover new infections. Unlike many malware operations that reuse servers, domain names, or IP addresses for command and control channels, the people behind ProjectSauron chose a different one for almost every target. View the full article -
In 1983, when I started the free software movement, malware was so rare that each case was shocking and scandalous. Now it’s normal. To be sure, I am not talking about viruses. Malware is the name for a program designed to mistreat its users. Viruses typically are malicious, but software products and software preinstalled in products can also be malicious – and often are, when not free/libre. In 1983, the software field had become dominated by proprietary (ie nonfree) programs, and users were forbidden to change or redistribute them. I developed the GNU operating system, which is often called Linux, to escape and end that injustice. But proprietary developers in the 1980s still had some ethical standards: they sincerely tried to make programs serve their users, even while denying users control over how they would be served. View the full article
-
Google is requiring more Windows-based Chrome extensions to be installed from its Web Store and will enforce the same requirement on Mac users in a few months in an attempt to prevent users from inadvertently installing malicious titles. The move comes a year after Google first required Windows users to download extensions from the Chrome Web Store, a mandate that resulted in a 75-percent drop in user support requests seeking help uninstalling unwanted extensions. The policy wasn't enforced on the Windows developer channel, so developers of malicious extensions have increasingly embraced it as a medium for distributing their wares. View the full article
-
Authorities are advising all users of the Tor network to check their computers for malware after it emerged that a Russian hacker has been using the network to spread a powerful virus. Tor, which began as a secret project from the US Naval Research Laboratory, works by piling up layers of encryption over data, nested like the layers of an onion, which gave the network its original name, The Onion Router (TOR). Tor encrypts data, including the destination IP address, multiple times and sends it through a virtual circuit made up of successive, randomly selected relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit. View the full article
-
Researchers at Malwarebytes noticed strange behavior on sites like Last.fm, The Times of Israel and The Jerusalem Post. Ads on the sites were being unusually aggressive, setting off anti-virus warnings and raising flags in a number of Malwarebytes systems. After some digging, researcher Jerome Segura realized the problem was coming from Google's DoubleClick ad servers and the popular Zedo ad agency. Together, they were serving up malicious ads designed to spread the recently identified Zemot malware. A Google representative has confirmed the breach, saying "our team is aware of this and has taken steps to shut this down." Malware served through ad units (or "malvertising") is nothing new, but this incident is notable because of the unusually broad reach of the attack. "It was active but not too visible for a number of weeks until we started seeing popular sites getting flagged in our honeypots," Segura says. "That's when we thought, something is going on." The first impressions came in late August, and by now millions of computers have likely been exposed to Zemot, although only those with outdated antivirus protection were actually infected. View the full article
-
Playing offense against cybercriminals is what drives me and everyone here at the Microsoft Digital Crimes Unit. Today, Microsoft has upped the ante against global cybercrime, taking legal action to clean up malware and help ensure customers stay safer online. In a civil case filed on June 19, Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large. We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we’ve predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic. View the full article
-
It was bad enough that FileZilla offers SourceForge installers loaded with garbage software that could easily be viewed as malicious software. Junkware such as "Hotspot Shield" are still bundled with some installers offered by Filezilla. Now, avast has discovered that malicious versions of FileZilla 3.7.3 and 3.5.3 are being spread. "We have noticed an increased presence of these malware versions of famous open source FTP clients", the firm announces. The fake software is idential except for one point. Any attempt to update the software through the build in update checker will fail. This is most likely to prevent the malware from being overwritten. Avast uncovered a hidden "stealer" inside of the code, saying, "The algorithm is part of a malformed FileZilla.exe binary, therefore sending stolen log in details which bypasses the firewall. The whole operation is very quick and quiet. Log in details are sent to attackers from the ongoing FTP connection only once. Malware doesn’t search bookmarks or send any other files or saved connections." The websites distributing these fake copies of FileZilla seem to all be registered in Russia, using a registrar that hides the client information. FileZilla has placed a warning on its own website, stating "We do not condone these actions and are taking measures to get the known offenders removed. Note that we cannot in general prevent tainted versions on third-party websites or proof their authenticity, especially since the FileZilla Project promotes beneficial redistribution and modifications of FileZilla in the spirit of free open source software and the GNU General Public License." On a personal note, if they do not condone these actions; then why are they working with SourceForge and bundling software like Hotspot Shield and other unwanted programs? Previously we posted an article by the Gluster Community about this very subject. Perhaps this occurance will help the FileZilla team to improve their own standards. View the full article
-
Google Chrome extensions are designed to improve or modify functionality that the web browser offers. Some extensions in the official Chrome Web Store have millions of users who all rely on the functionality their add-ons provides them with. While not as powerful as Firefox add-ons, Chrome extensions are easily powerful enough to manipulate websites that you visit, or communicate with a remote server. News about extension abuse reached the mainstream press recently. It all started when Amit Agarwal confessed that he sold a Chrome extension he created to a company that approached him via email. The company modified the extension and released the update to all existing users of it. Users who received the update noticed that the extension started to inject ads on web pages, which was then reflected on the user reviews page on the Chrome Web Store. View the full article
-
iss Russian Cosmonauts Occasionally Infect the ISS with Malware
NewsBot posted a topic in Backpage News
Russian security expert Eugene Kaspersky says the International Space Station was infected by malware installed through a USB stick carried on board by a Russian cosmonaut. Speaking to reporters at a National Press Club event in Canberra, Australia, last week, Kaspersky also said the infamous Stuxnet virus infected a nuclear power plant in Russia and "badly damaged" their internal infrastructure. Kaspersky refused to provide details or elaborate on how badly the virus affected ISS operations or how engineering crews cleaned up the mess left behind. Space can be scary enough when the system protecting you isn't infected with malware. This situation was probably even worse. "The space guys from time-to-time are coming with USBs, which are infected. I'm not kidding. I was talking to Russian space guys and they said, 'yeah, from time-to-time there are viruses on the space station,'" Kaspersky told reporters in Australia. View the full article -
sourceforge How far the once mighty SourceForge has fallen…
NewsBot posted a topic in Backpage News
When people download software from SourceForge, or any major repository of Open Source software, they expect the software to be trustworthy. (baring unintentional bugs) They do not expect the software to be a source of “drive by installer†style malware, spyware, adware, or any other unrelated/unintended software. SourceForge’s new owners, Dice, have consciously and deliberately moved to a model violating this trust. With their recent changes, users downloading from SourceForge now receive a special closed source installer which attempts to foist unrelated third party software onto them. View the full article -
Download.com a.k.a. C|Net download.com is no longer a safe location to download programs, because it now wraps the software in a Trojan Installer, detected as malware by major Anti-Virus programs. This story was first reported back in August on the ExtremeTech site, when VLC was "trojanised" by Download.com. See "Download.com wraps downloads in bloatware, lies about motivations" Now it has re-emerged, because another well-known program used by Computer Security testers (nmap) has also been "trojanised" by Download.com: The installer is actually detected as malware: That bit.ly link will redirect you to virustotal.com for the test results. Looks like download.com is no longer a safe place to go, for any downloads. .
