NOD32 and Virus News

Report: Web-Borne Malware Up 278% This Year

news@betterantivirus.com (Sean Cannon) — 2008-07-18T11:42:52Z

SQL injection attacks dominate first half of 08, and cross-site scripting (XSS) doesn't even make the list

JULY 17, 2008 | The multiple waves of mass SQL injection attacks this year on Websites -- including many high-profile legitimate ones like Wal-Mart, Business Week, and Ralph Lauren Home -- helped boost Web-borne malware volumes by 278 percent in the first half of this year, according to a new report from ScanSafe.

More than half of the malware detected by the Web security-as-a-service provider came from legit Websites rather than from notoriously scary or sketchy ones. And many of these Web attacks are silent and so tough to detect that many site operators have no clue their sites are lethal, and users often get infected without ever knowing it, according to the report.

Continue reading "Report: Web-Borne Malware Up 278% This Year"

San Francisco's Web Site Found Serving Malware

news@betterantivirus.com (Sean Cannon) — 2008-07-18T10:40:27Z

If you visited www.SFgov.org over the last couple of weeks, better check your computer for infections.

A security vendor, Finjan, reported Wednesday that the city's Web site was one of over 1,000 sites treating visitors to malicious code.

Other sites caught up in this latest round of Web attacks include uci.edu (the University of California at Irvine's site); Snapple.com; a site registered to the Marysville, California's police department; an ad network--atdmt.com--acquired by Microsoft; and several international sites.

Continue reading "San Francisco's Web Site Found Serving Malware"

Death of the Nothing Doing Worm

news@betterantivirus.com (Annette King) — 2008-07-15T15:06:00Z

We know, it's sad but true. Our last weeks super-star, the worm that does nothing, has slowly declined it's spread.

We've been following it's evolution, however it seems the last version only has one additional feature: it can update itself to the latest version. It does this by exploiting the adodb.stream vulnerability in Internet Explorer to download a file from several hosts which contain instructions on the location of the new version. Although BitDefender detects this e-threat since January under the name VBS.Worm.Runauto.E it has not changed ever since. Seems like it's development stopped at version 10.0.

Nevertheless, this weeks malware evolution hasn't stopped with our friendly worm. Next we will look at a worm called Win32.Antiman.N. If infected with it, the victim will surely be ridden of a certain genre of music called "manele". It searches the entire hard disk for most "manele" artists and and will delete them. Next it will add a lot of entries to the %windir%system32drivershosts file to block social networking websites, like hi5 and netlog, and many free download websites that provide this genre of music. It will also send itself to the whole Yahoo Messenger list using a set number of strings in Romanian language that state something like: I found a great new program for winamp (or for pictures).
Continue reading "Death of the Nothing Doing Worm"

E-mail allegedly from UPS delivers a computer virus

news@betterantivirus.com (Sean Cannon) — 2008-07-15T11:27:03Z

An e-mail informing recipients that they have a package that the United Parcel Service could not deliver is actually a new computer virus, company officials said.

The e-mail that appears to come from UPS contains an attachment that recipients are told to open in order to make arrangements to pick up their shipment, UPS officials said.

The attachment is actually a computer virus, the company said.

Continue reading "E-mail allegedly from UPS delivers a computer virus"

2008: Malware deluge breaks all records

news@betterantivirus.com (Sean Cannon) — 2008-07-15T10:53:21Z

G DATA (Germany), The malware industry has shifted up a gear and, since the beginning of the year, has swamped the Internet with a malware flood of truly biblical proportions. On a daily basis some 1,500 new malware agents are unleashed against Windows users. In the first six months of the current year alone, G DATA Security Labs has recorded more than 318,000 new malware creations - more malicious code than in the whole of 2007, which was itself a record. If the growth rate remains the same, this would mean an increase of more than 400 percent by the end of 2008. By contrast, an all-clear for the owners of smartphones. The forecast danger for these devices has been shown to be a pure marketing ploy. Within the same period, only 20 new viruses surfaced. Online criminals do not currently regard smartphones as lucrative sources of income.

In 2008, the worldwide networking of online criminals finally bore its threatening fruit. In the G DATA 2008 semi-annual malware report, the Bochum IT security specialists give an insight into the current dangers for PC users.

Continue reading " 2008: Malware deluge breaks all records"

Homer Simpson accused of spreading malware

news@nod32usa.com (Greg Hewitt-Long) — 2008-07-13T12:01:00Z

An screen name once connected to animated TV dad Homer Simpson is being used to spread malware.

In a 2003 episode of The Simpsons, writers revealed that Homer's e-mail address was chunkylover53@aol.com. Prior to the episode's airing, the address was registered by one of the show's writers, who used it to answer hundreds of e-mails from Simpsons fans.

Continue reading "Homer Simpson accused of spreading malware"

Computer virus feeds off fears of war with Iran

news@nod32usa.com (Greg Hewitt-Long) — 2008-07-12T16:36:33Z

Worried about war with Iran, especially after yesterdays missile test (pictured above, even if it apparently was only three missiles instead of four)?

Open an e-mail about it and you may really have worries.

As the blog Wake Up America noted today, the United States Computer Emergency Readiness Team, or US-CERT, has warned that somebody is spreading a computer worm using e-mail messages with subject lines touting dire developments in our relationship with Iran. This is "Bomb bomb bomb, bomb bomb Iran" territory, as presumptive Republican presidential nominee John McCain jokingly sang last year.

The grim e-mail subject lines include: "20000 US soldiers in Iran," "US Army crossed Iran's borders" or "Third World War has begun."

Continue reading "Computer virus feeds off fears of war with Iran"

'Blue Screen of Death' Masks Spyware Invasion

news@betterantivirus.com (Sean Cannon) — 2008-07-11T09:25:18Z

Attack uses fake blue screen of death as cover to inject malware

A new attack imitates the dreaded blue screen of death as cover so it can silently install bundles of spyware onto the machine.

Researchers at FaceTime Security Labs say the attack uses a blue screen of death screensaver and bundles it with the spyware files. Seems the bad guys are not without a sense of humor. Hiding a blizzard of infection file installs behind a legitimate screensaver created by a security expert is pretty bizarre, blogged Chris Boyd, director of malware research at FaceTime Labs.

Continue reading "'Blue Screen of Death' Masks Spyware Invasion"

10 ways to fix a sick PC (Part 2)

news@betterantivirus.com (Annette King) — 2008-07-10T16:05:00Z

6. Test the health of the hard drive

The hard drive is where all of your computer's data is stored. Unfortunately, like everything inside or connected to your PC, these will, overtime, degrade and eventually fail.

Before a drive fails entirely though, it will give you tell-tale signs of impending doom in the form of sluggish performance, louder than standard operation and, if bad sectors have developed on its storage platter, clicking' sounds. If you've noticed any of these, it's best to try and first back-up all essential data and then run a check to test the drive's health. Before you get cracking however, we recommend disabling any non-essential software.

To check your drive's health, double click on Computer' and then right click on the drive - that you want to run a check on - and select Properties'. Now, click the Tools' tab and then hit Check Now'. Make sure to un-tick the Automatically fix file system errors' but tick the Scan for and attempt recovery of bad sectors' option boxes. Once done, hit Start'.

This process could take anywhere from 30 minutes to several hours (depending on the health and size of the drive). If problems are detected, we recommend - if you haven't already - first trying to back-up your essential data before allowing the app to try and fix the issues. If a problem is detected and cannot be corrected however, it's a sure fire sign the drive is close to failing completely.
Continue reading "10 ways to fix a sick PC (Part 2)"

Virus attacks on 120 brokers' servers force DSE to halt trading

news@betterantivirus.com (Sean Cannon) — 2008-07-10T09:04:33Z

Massive virus attacks on over 120 brokerage houses' server systems yesterday forced the Dhaka Stock Exchange (DSE) to suspend stock trading for almost the whole day.

Till filing of this report at 9 pm yesterday, DSE teams were working to get the systems restored. They were using anti-virus software Kaspersky to clean the infected servers .

DSE Chief Executive Officer said an investigation will be launched to find out whether the virus attack was an act of any organised crime.

Trading meanwhile took place on the premier bourse for only one hour at the later part of the day.

Continue reading "Virus attacks on 120 brokers' servers force DSE to halt trading"

10 ways to fix a sick PC (Part 1)

news@betterantivirus.com (Annette King) — 2008-07-09T16:59:00Z

If your PC has fallen ill and you want to get it back into running condition, read on as WINDOWS talks you through 10 ways to nurse your PC back to health...

1. Install security software

If your computer is giving you random problems and crashing or is even performing poorly, the first port of call when it comes to recovering is to check for viruses, Trojans, malware and more. To do this, you'll need to get hold of security software. Keep in mind however that these days it is better to have a fully-fledged suite that includes antivirus, antispyware and a firewall rather than investing in a single antivirus-only package.

You can buy a complete security suite from various vendors [such as ESET]. These are easy to install and make it quite simple for novice users to maintain a smooth running rig that's free from trouble.

There are also free alternatives available for download which perform the same functions. The bottom line is that if your computer is unprotected, you need to install a security suite immediately. If something is not quite right with the running of your system, run a scan, and you might just detect something malicious - whether it's a virus, Trojan or other mal-ware.
Continue reading "10 ways to fix a sick PC (Part 1)"

NEWS ALERT: Microsoft update hits Zone Alarm users

news@betterantivirus.com (Annette King) — 2008-07-09T14:43:30Z

Microsoft update hits Zone Alarm users

A Microsoft update is causing problems for Zone Alarm users, causing a complete loss of internet access.

The KB951748 update is the offending piece of software, which alters files relating to Windows networking.

Zone Alarm reportedly interprets this as a malicious attack and completely blocks all internet traffic in response.

"For those of you using ZoneAlarm who installed the windows updates today, you probably already know that your internet connection has died," warns a user of the Broadband Reports forum. "It appears that KB951748 made changes to the networking files that ZA doesn't see/recognise."

"After two hours of messing around, I found an inelegant solution that will work temporarily... set the Internet Zone Security permission slider from high to medium. The connection will be restored," continues the user.

"We are investigating the issue with the MS update KB951748. For the time being we suggest you uninstall KB951748 until the issue has been resolved," says a company spokesperson on the Zone Alarm forum.

This is not the first time that Zone Alarm has fallen foul of a Microsoft update. Earlier this year Windows Vista was found to conflict with the software, prompting the removal of several key features of the program.

COMPUTER SECURITY SOLUTION STATEMENT: This update has no affect on Smart Security firewall. You will not have to make any changes or adjustments after installing the Microsoft KB951748 update.

Original Story

Internet flaw could let hackers take over the Web

news@betterantivirus.com (Annette King) — 2008-07-09T13:46:26Z

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.

Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.

"It's a very fundamental issue with how the entire addressing scheme of the Internet works," Securosis analyst Rich Mogul said in a media conference call.

"You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything."

The flaw would be a boon for "phishing" cons that involve leading people to imitation web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.

Attackers could use the vulnerability to route Internet users wherever they wanted no matter what website address is typed into a web browser.

Security researcher Dan Kaminsky of IOActive stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants including Microsoft, Sun and Cisco to collaborate on a solution.

Continue reading "Internet flaw could let hackers take over the Web"

Watch Out for an IE Zero-Day Attack

news@betterantivirus.com (Sean Cannon) — 2008-07-09T10:59:00Z

There's no fix yet available for the latest attack against Microsoft's browser.

Microsoft yesterday warned of a new attack underway against a flaw in the ActiveX control for the Snapshot Viewer for Microsoft Access, used by IE. There is not yet any patch available for the zero-day security hole, and the attacks likely focus on business targets.

In its security advisory, Redmond says the vulnerable control installs with "all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer." A poisoned Web page that exploits the hole could surreptitiously download malware to a victim PC.
Continue reading "Watch Out for an IE Zero-Day Attack"

Malware scenario: Third World War has begun

news@betterantivirus.com (Sean Cannon) — 2008-07-09T09:05:53Z

Sophos is warning of an attempt by hackers to infect computers using the camouflage of a news report claiming that the USA has invaded Iran. Widely spammed out emails with subject lines including "Third World War has begun", "20000 US Soldiers in Iran", and "US Army crossed Iran's borders" have been intercepted by Sophos.

The emails contain links to a malicious webpage that displays what appears to be a video player showing the mushroom cloud of a nuclear explosion with the following text beneath:

Continue reading "Malware scenario: Third World War has begun"