A 19-year-old hacker is agreeing to plead guilty to masterminding a botnet to obtain thousands of victims' personal data in an anonymous scheme a federal cybercrime official described Friday as the nation's first such attack in which peer-to-peer software was the "infection point."

The defendant, Jason Michael Milmont, launched the assault last year from his Cheyenne, Wyoming residence, and anonymously controlled as many as 15,000 computers at a time, said Wesley L. Hsu, chief of the Cyber and Intellectual Property Crimes Section for federal prosecutors in  Los Angeles. As part of the deal, in which a judge could hand him up to five years imprisonment, Milmont has agreed to pay $73,000 in restitution, the government said.

"It's the first time that we know of that peer-to-peer software was used as the infection point," Hsu said in an interview with THREAT LEVEL.

The malware infection became commonly known as the Nugache Worm, which imbedded itself in the Windows OS.

Posted by Annette King in Virus & AntiVirus News at 15:47

Thousands of websites in China have been booby trapped with code written to download Trojan software onto visitors who run vulnerable Windows PCs.

Unlike earlier rounds of SQL injection attacks the latest assaults mostly target English language sites (predominantly sites hosted in China but with a .com suffix) and purposefully avoid Chinese government sites, according to net security firm ScanSafe. The latest attacks inject an iFrame onto compromised sites that loads malicious scripts from qiqigm.com, a domain registered on 16 May. These scripts includes the text "silent love china" in an apparently greeting to other Chinese hackers

The malicious code exploit well-known RealPlayer and Internet Explorer vulnerabilities to install a password-stealing Trojan that hides its presence on Windows PCs. More than 7,000 sites have been compromised in this way, reports Mary Landesman, ScanSafe's senior security researcher.

Posted by Sean Cannon in Virus & AntiVirus News at 14:21

Frightening statistics about viruses are often flung into the ether by antivirus companies hoping to get a little media exposure. But one recent report from web security experts makes some worrying reading even for skeptics.

According to ScanSafe, an Internet security provider, there has been a 400 percent rise in attacks on users' computers from trusted, legitimate sites. In the past, antivirus authorities warned people about the dangers of visiting Internet sites that they were suspicious of, but it seems new traps are being laid by ingenious virus makers.

It looks as though malicious software (malware) producers will not be deterred. Quickly sensing that users are wising up to the dangers of visiting dubious websites, virus makers are taking a new tack ― they are attempting to infest the bona fide sites that most people know and trust.

Posted by Sean Cannon in Virus & AntiVirus News at 10:16

Have you received an e-mail message today with a subject like "White house hit by lightning, catches fire", "Saddam Hussein found dead," or "Paris Hilton found to be gay!"? Don't touch it; it's evil!

The body of the e-mails contains another off-the-wall statement like "US Soldier throws boy off cliff, villagers enraged" or "Bad press surrounds US Army as renegade soldiers open fire on civilians" along with a link that typically ends in ….de/r.html.

Clicking the link opens a page claiming to be "PornTube," a YouTube-like site specializing in porn movies. However, the site's entire objective is to install an ActiveX control and run a file named video.exe on your system, thereby installing a Trojan that will download additional malware. Sorry, guys, the YouTube-like videos and thumbnails are just static images; any click launches the malware file. According to MX Lab the Trojan is a variant of Trojan.Downloader.Win32Agent.tyw.

At the moment the malicious attack doesn't seem to be functional. I tried letting it run under the watchful eye of PC Tools's ThreatFire 3.5 and of Norton Internet Security 2008. I clicked links and tried to allow installation of the "necessary" ActiveX control, but only got 404 "Not Found" error messages, some in German.

There's no way to close the browser or use it as a browser at this point, so I had to kill it using Task Manager. And of course this exploit might be fixed so it does successfully download malicious software to your computer. If you get one of these outrageous messages, delete it immediately and do NOT click the link contained therein.

By Neil J. Rubenking

Original Story

Posted by Annette King in Virus & AntiVirus News at 14:54