NOD32 and Virus News - Virus & AntiVirus News

Beware of fake new Microsoft Security Essentials rogue software

news@nod32usa.com (Greg Hewitt-Long) — Sun, 22 Aug 2010 22:25:20 -0600

By Windows Club

There is a new fake Microsoft Security Essentials doing the rounds! This Microsoft Security Essentials Alert is basically a Trojan which tries to trick you into buying one of the 5 rogue anti-virus programs that it is pushing.

Continue reading "Beware of fake new Microsoft Security Essentials rogue software"

Siemens Halts Computer Virus as Threat Spurs Effort Against Attacks

news@nod32usa.com (Greg Hewitt-Long) — Sat, 14 Aug 2010 10:56:00 -0600

by Vanesa Fuhrmans
Reporter, The Wall Street Journal

Siemens AG said a computer virus designed to attack the industrial control systems it makes to help monitor power grids and other key infrastructure has been largely suppressed, but the threat has stepped up government and private-sector efforts to ward off future attacks.

Continue reading " Siemens Halts Computer Virus as Threat Spurs Effort Against Attacks"

Stealth Trojan Causes Troubles for Banks

news@nod32usa.com (Greg Hewitt-Long) — Sat, 14 Aug 2010 06:59:00 -0600

By Sue Marquette Poremba

The Trojan Zeus continues to cause problems for both businesses and consumers.

Last month, M86 Security Labs discovered a new malicious code being used to attack PCs. According to a release from M86:

Based on information M86 Security Labs found on the malicious Command & Control (C&C) server, we assume that close to £675,000 [US$1.05 million] was stolen from the bank between July 5 and Aug. 4, 2010, and approximately 3,000 customer accounts were compromised. These cybercriminals used a combination of the new Zeus v3 Trojan and exploit toolkits to successfully avoid anti-fraud systems while robbing bank accounts.

How it worked went like this: The Zeus v3 got into computers while users surfed the Internet. The software stole a customer's online banking ID and, if there was more than £800 [US$1,250] in the account, money was transferred to a different account. The Trojan, after clearing out the bank account, served up a fake bank statement page that made it look like all of the money was still there, but in fact the account was practically empty.

Continue reading "Stealth Trojan Causes Troubles for Banks"

First SMS-sending Android Trojan reported

news@nod32usa.com (Greg Hewitt-Long) — Fri, 13 Aug 2010 21:39:52 -0600

The first Android trojan spread via SMS messages has been found - it's payload is that it racks up charges by sending text messages to premium-rate numbers.

Premium rate dialers are a nasty scam very familiar to PC owners, particularly during the dial-up era. Once a trojan is in your system, it makes calls, and now sends text messages, to a premium rate number operated by the criminals who wrote the virus. The best part for the virus authors is that they don't have to rob you of any money directly - your phone provider collects your cash on behalf of the criminals.

Continue reading "First SMS-sending Android Trojan reported"

When hackers attack: Five famous computer viruses

news@nod32usa.com (Greg Hewitt-Long) — Thu, 12 Aug 2010 10:26:00 -0600

After the trojan virus attack that saw thousands of bank accounts compromised, we list five of the most infamous computer viruses ever created.

Continue reading "When hackers attack: Five famous computer viruses "

Computer Virus hits Kern Medical Center - Bakersfield, CA

news@nod32usa.com (Greg Hewitt-Long) — Wed, 11 Aug 2010 17:17:20 -0600

Kern Medical Center experienced a "sickness" of its own after a malicious software virus attacked its computers and servers. After round-the-clock maintenance to restore the computer servers, the hospital will upgrade its anti-virus system to make sure this cyber attack does not happen again. The virus caused the system to slow down so much that it was almost impossible to access patient information.
Continue reading "Computer Virus hits Kern Medical Center - Bakersfield, CA"

ESET Analysis: Worm Win32/Stuxnet Targets Supervisory Systems in the U.S. and Iran

news@nod32usa.com (Greg Hewitt-Long) — Sun, 01 Aug 2010 16:43:00 -0600

July 19, 2010 ESET, the leader in proactive threat protection, has issued a warning against a worm dubbed Win32/Stuxnet, which threatens users around the globe. Exploiting a vulnerability in Windows® Shell, this dangerous threat is detected by ESET as LNK/Autostart.A. It is used in targeted attacks to penetrate SCADA systems, especially in the United States and Iran. SCADA are supervisory and monitoring systems used in many industries, for instance in power engineering.
Continue reading "ESET Analysis: Worm Win32/Stuxnet Targets Supervisory Systems in the U.S. and Iran"

World Cup Malware explosion

news@nod32usa.com (Greg Hewitt-Long) — Sun, 27 Jun 2010 08:42:44 -0600

Reports out this week from both Cisco and MessageLabs show massive increases in spam and malware promotion via email in direct response to the Football World Cup (Soccer for those that call another game 'football').

MessageLabs reports that 25% if spam globally has a World Cup theme - which is a massive testament to the global appeal of Soccer as a sport - but demonstrates that marketers in business are "event driven" in their marketing themes - so why do we say that malware promoters are similarly driven?

In addition to actual spam, MessageLabs found 45 targeted malware email messages focusing on Brazil; from chemical and finance companies to manufacturing, Brazilian businesses have been under attack so far this June. Pharma-marketers, as always, are also under attack as spammers begin using World Cup information to push redirect codes. Many of these emails offer a World Cup related headline and the body of the email contains a link to a disguised phishing website.

"Right now, spammers are reliant on the massive wave of excitement and expectation that typically surrounds an event like the FIFA World Cup," said MessageLabs Intelligence Senior Analyst, Paul Wood.

Meanwhile, Cisco noted that web traffic in general is up 27% during the world-cup event...

Continue reading "World Cup Malware explosion"

Rogueware peddlers feed off McAfee fiasco

kyler@compsecglobal.com (Kyle Reiners) — Sat, 24 Apr 2010 09:00:00 -0600

After McAfee pushed out a faulty signature update on Wednesday that crippled thousands, perhaps millions, of Windows XP Service Pack 3 users and the snafu drew the attention of bloggers and the New York Times, as might be expected, peddlers of rogue anti-virus solutions capitalized on the attention to push their phony "cures."

Using a tried-and-true strategy, the rogueware dealers once again took advantage of buzz generated in the media in the past it's been anything from a natural disaster to a celebrity meltdown to poison search results on the popular search engines, like Google and Bing. Using SEO tricks, the rogueware peddlers manipulated search results so that when a panicked user keyed in a search term, such as "McAfee update" or "McAfee 5958 [the faulty update's designation]," they retrieved links at the top of their search results offering fake anti-virus software.
Continue reading "Rogueware peddlers feed off McAfee fiasco"

iPad anti-virus shield guards against phantom threat

kyler@compsecglobal.com (Kyle Reiners) — Thu, 08 Apr 2010 16:57:44 -0600

By John Leyden

Mac security specialist Intego has begun offering the first antivirus scanner capable of inspecting Apple's much-hyped iPad, despite the questionable need for security scans on the device.

The iPad, which Apple began selling in the US last weekend, runs on the same operating system as the iPhone. Only jailbroken iPhones with default passwords have ever been infected with malware and even then only by a handful of high-profile worms, such as the Rickrolling worm in Australia and the D'oh bank credential stealing worm in the Netherlands, which both spread last November.

Whether either of these worms might be capable of infecting an iPad is unclear. Intego acknowledges there is no iPad malware to defend against as yet but argues it will be ready if and when the threat materialises.

Continue reading "iPad anti-virus shield guards against phantom threat"

Bad security update brings down PCs worldwide

kyler@compsecglobal.com (Kyle Reiners) — Tue, 23 Mar 2010 10:44:45 -0600

A number of BitDefender users, whose 64-bit Windows systems stopped working or were unable to be rebooted after updating their security programs, vented their frustration by flooding the antivirus (AV) vendor's forum pages over the weekend.

According to an IDG report, users on forum boards started signaling the problem on Saturday evening. The complainants said several Windows files, and the security vendor's own program files, were identified as "Trojan.FakeAlert.5" malware after they performed an update for their BitDefender AV programs.
Continue reading "Bad security update brings down PCs worldwide"

New Cybersecurity Act Eliminates Internet Kill Switch

kyler@compsecglobal.com (Kyle Reiners) — Sat, 20 Mar 2010 09:23:00 -0600

In a rewritten version of the cybersecurity bill, President Obama no longer has a kill switch for the Internet.

When the Cybersecurity Act of 2009 was unveiled last August, a controversial passage would have allowed the president to take emergency control of the entire Internet in the event of a serious threat, giving him effectively a "kill switch" -- the power to shut down all online traffic by unilaterally seizing private networks.
Continue reading "New Cybersecurity Act Eliminates Internet Kill Switch"

'Aurora' - from targeted attack to mass infection

news@nod32usa.com (Greg Hewitt-Long) — Mon, 25 Jan 2010 17:00:38 -0700

The Microsoft Internet Explorer 'Aurora' exploit has now gone mass-market!

Last Thursday, Microsoft released an out-of-band update to fix the latest vulnerability in Internet Explorer. Since then, malware operators have been exploiting this vulnerability to install malware on thousands of PCs. So far, we have detected more than 650 different versions of the exploit code which is detected as Trojan.JS/Exploit.CVE-2010-0249 by ESET antivirus. We have also identified more than 220 unique distribution points for the exploit code, mostly located in Asia. The countries which are seeing the majority of the attacks are China, Korea and Taiwan.

Continue reading "'Aurora' - from targeted attack to mass infection"

More people falling for fake anti-virus scam

news@nod32usa.com (Greg Hewitt-Long) — Mon, 25 Jan 2010 12:01:08 -0700

If you're on your computer when a pop-up says your computer may be infected and recommends you click "OK" for a free scan, don't do it!

You could load a rogue anti-virus program on your computer.

"The bad guys will actually write a program that looks like it's going to help you with viruses," says Bob Sullivan, author of the book Stop Getting Ripped Off. "You download it and install it and you've just volunteered to be a criminal on behalf of the hacker because now they have control of your computer."

Continue reading " More people falling for fake anti-virus scam"

Infected computers could be cut off from web

news@nod32usa.com (Greg Hewitt-Long) — Sun, 24 Jan 2010 17:24:12 -0700

Aussie computers highly virus prone
Infected computers used by criminals
Plan to isolate infected computers

COMPUTERS infected with viruses could be "expelled" from the internet under a new industry code to control Australia's plague of contaminated PCs.

The Federal Government has given the internet industry an operate-or-legislate ultimatum to identify "zombie" computers involved in cyber-crime, The Australian reports.

The Internet Industry Association - whose members include major internet service providers Optus, Telstra, Vodafone, AAPT, Virgin and Hutchison 3G, as well as industry giants Facebook, Google and Microsoft - is preparing a voluntary industry code to come into force this year.

Continue reading "Infected computers could be cut off from web"