NOD32 and Virus News

Fake Microsoft e-mail contains Trojan virus

jpayton@compsecglobal.com (Justin Payton) — Wed, 15 Oct 2008 15:52:00 -0600

Along with the vulnerabilities that Microsoft patched Tuesday, the software giant's customers have a new problem to grapple with: a fake notification e-mail that looks remarkably legitimate.

Attackers are apparently taking advantage of Microsoft's Patch Tuesday to send legitimate-looking e-mails that include a Trojan virus. Trojan.Backdoor.Haxdoor allows attackers to execute files and steal information from compromised computers. The fake mailing includes a legitimate-looking PGP signature, as well as purporting to come from a real Microsoft employee.

Christopher Budd, a security program manager in the Microsoft Security Response Center, offers this perspective on the e-mails in a security posting:

Continue reading "Fake Microsoft e-mail contains Trojan virus"

Don't give in to scareware'

jpayton@compsecglobal.com (Justin Payton) — Wed, 15 Oct 2008 09:19:27 -0600

Q. Recently my computer was attacked by a program named Antivirus XP 2008 that, while claiming to protect your computer, is actually a virus itself.

It pops a big red warning block on the screen and asks the user to continue. Pressing continue brings up another screen asking for your Visa number so you can be billed $39.95 to get rid of the threat it has identified. Well, you'd have to be crazy to give them a credit card number.

I was unable to get rid of this attack software. Finally I had to reformat the hard disk, reload the operating system and begin anew. This malware is really bad news. If it should happen again, is there any way to get rid of it other than start all over?

-S.S., Swift Creek, N.C.

A. Antivirus XP 2008 is part of a growing threat category called "misleading applications," "rogue programs" or "scareware." These programs make false or exaggerated claims about the security of your system and request or demand payment to solve them.

Rogue programs can be found all over the Web, but they're more common on sites offering adult or pirated content, blogs and forums. Sometimes you can be infected just by visiting the site; other times, you may be tricked into downloading the program by bogus pop-up ads that look like Windows system warnings.

The problem is so pervasive that last week, Microsoft and the Washington state attorney general filed suit against two companies that use fake warnings to sell their Registry Cleaner XP software. They promised to pursue others, as well.

Continue reading "Don't give in to scareware'"

World Bank Under Cyber Siege in 'Unprecedented Crisis'

jpayton@compsecglobal.com (Justin Payton) — Tue, 14 Oct 2008 16:32:00 -0600

The World Bank Group's computer network one of the largest repositories of sensitive data about the economies of every nation has been raided repeatedly by outsiders for more than a year, FOX News has learned.

It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July.

In total, at least six major intrusions two of them using the same group of IP addresses originating from China have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month.

In a frantic midnight e-mail to colleagues, the bank's senior technology manager referred to the situation as an "unprecedented crisis." In fact, it may be the worst security breach ever at a global financial institution. And it has left bank officials scrambling to try to understand the nature of the year-long cyber-assault, while also trying to keep the news from leaking to the public.

Click Here to see the Email

The crisis comes at an awkward moment for World Bank president Robert Zoellick, who runs the world's largest and most influential anti-poverty agency, which doles out $25 billion a year, and whose board represents 185 member nations. This weekend, the bank holds its annual series of meetings in Washington and just in advance of those sessions, Zoellick called for a radical revamping of multilateral organizations in light of the global economic meltdown.

Zoellick is positioning himself and the bank as an institution that can help chart a new path toward global financial stability. But that reputation, more than ever, depends on the bank's stable information infrastructure.

The fact that the information vaults of the World Bank have been repeatedly pried open won't help Zoellick's case.

While it remains unclear how much data has been pilfered from the bank, it's a lot. According to internal memos, "a minimum of 18 servers have been compromised," including some of the bank's most sensitive systems ranging from the bank's security and password server to a Human Resources server "that contains scanned images of staff documents."

Click Here to see bank memos about the intrusions
Continue reading "World Bank Under Cyber Siege in 'Unprecedented Crisis'"

Anti-Obama Virus Hits Home

jpayton@compsecglobal.com (Justin Payton) — Tue, 14 Oct 2008 10:16:22 -0600

Obama, as the conspiracy theorists see him, taken from an anti-Obama Website

I was pretty surprised when I got an e-mail this morning from a friend whos a sophisticated figure in the local music scene. The e-mail amounts to a long conspiracy theory meant to suggest that Obama has questionable Muslim connections who may have funded his college tuition and other endeavors. Then I got the same e-mail today from a Fort Lewis-based sergeant I know serving in Iraq. It begins like this:

Around 1979 Obama started college at Occidental in California. He is very open about his two years at Occidental, he tried all kinds of drugs and was wasting his time but, even though he had a brilliant mind, did not apply himself to his studies. Barry (that was the name he used all his life) during this time had two roommates, Muhammad Hasan Chandoo and Wahid Hamid, both from Pakistan. During the summer of 1981, after his second year in college, he made a round the world trip. Stopping to see his mother in Indonesia, next Hyderabad in India, three weeks in Karachi, Pakistan where he stayed with his roommate's family, then off to Africa to visit his fathers family. My question Where did he get the money for this trip?

Continue reading "Anti-Obama Virus Hits Home"

Turbo-charged wireless hacking threatens networks

jpayton@compsecglobal.com (Justin Payton) — Fri, 10 Oct 2008 15:27:25 -0600

Graphics cards encryption skulduggery

The latest graphics cards have been used to break Wi-Fi encryption far quicker than was previously possible. Some security consultants are already suggesting the development blows Wi-Fi security out of the water and that corporations out to apply tighter VPN controls, or abandon wireless networks altogether, in response.

Russian firm ElcomSoft has applied GPU acceleration technology to its password recovery tool to allow PCs or servers running supported NVIDIA video cards to break Wi-Fi encryption up to 100 times faster than is possible by using conventional microprocessors. Recovery times for Wi-Fi keys are increased by a factor between 10 to 15 in the use of Elcomsoft Distributed Password Recovery in combination with a regular laptop featuring NVIDIA GeForce 8800M or 9800M series GPUs.

By running the same software on a desktop with two or more NVIDIA GTX 280 boards installed, this figure increases to a factor of 100.

We've known for years that the previous generation of wireless encryption, WEP, was vulnerable to brute force attack. The infamous compromise of TJX, which resulted in the compromise of at least 45.7m credit card records, has been traced back to a hack in a weak security retail network with older point of sale terminals running WEP.

Elcomsoft advance makes WPA and WPA2 encryption open to attack. In fact, the software is specifically designed to support "passport recovery" on Wi-Fi networks running either WPA or the newer WPA2 encryption.

The software needs to intercept only a few packets in order to perform a brute force attack, where a huge number of possible passwords are tried in an attempt to stumble upon the correct code. ElcomSoft positions the tool as a means of auditing corporate Wi-Fi networks for inappropriately weak passwords.

The firm is also marketing its technology to forensic and government agencies, as well as data and password recovery services.

The raw horsepower of graphics chips, normally used as 3D graphic accelerators by gamers, can also be applied for a variety of other number-crunching password-breaking uses beyond uncovering WiFi passwords. Elcomsoft Distributed Password Recovery can also be used to recover Windows startup passwords, crack MD5 hashes, and unlock password-protected documents created by Microsoft Office or PDF files created by Adobe Acrobat, according to ElcomSoft.

More about Elcomsoft's tool can be found here.

Continue reading "Turbo-charged wireless hacking threatens networks "

Barracuda Flags Virus Sent Via Fake Microsoft Email Update

jpayton@compsecglobal.com (Justin Payton) — Fri, 10 Oct 2008 09:40:47 -0600

Barracuda Networks has detected and begun blocking a malicious "backdoor" virus distributed through a socially engineered email made to look like it was coming from Microsoft.

The virus, categorized by Barracuda Central as "Trojan. Backdoor Haxdoor," is delivered as an attachment to an email allegedly from the Microsoft Security Assurance team and utilizes several social engineering techniques, such as using Microsoft KnowledgeBase naming conventions for the file attachment, as well as the inclusion of a PGP signature block at the bottom of the email message.

The email informs the recipient "Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista."

The bogus email also "strongly" recommends that the recipient install an "update" to protect your computer against security threats and performance problems." Once installed the malware "phones home" and leaves an outbound TCP connection open to await further instructions.

Continue reading "Barracuda Flags Virus Sent Via Fake Microsoft Email Update "

Experts Warn of Latest Computer Virus, Circulating in Popular Video Links

jpayton@compsecglobal.com (Justin Payton) — Thu, 09 Oct 2008 17:56:39 -0600

SAN FRANCISCO (AP) _ Savvy Internet users know that downloading unsolicited computer programs is one of the most dangerous things you can do online. It puts you at great risk for a virus or another time bomb from a hacker.

But even some sophisticated surfers could get snookered by a sneaky new attack in which criminals create fake YouTube pages dead-on replicas of the real site to push their malicious software and make it look like it's safe stuff coming from a trusted source.

A program circulating online helps hackers build those fake pages. Users who follow an e-mail pointing them to one of the pages would see an error message that claims the video they want won't play without installing new software first. That error message includes a link the hacker has provided to a malicious program, which delivers a virus.

Even worse: once the computer is infected, it's simple for the hacker to silently redirect the victims to a real YouTube page to see videos they were hoping to see _ and hide the crime.
Continue reading "Experts Warn of Latest Computer Virus, Circulating in Popular Video Links"

Asus reports virus loaded into Eee Box PCs

jpayton@compsecglobal.com (Justin Payton) — Thu, 09 Oct 2008 08:03:00 -0600

Asustek Computer's Japanese arm has alerted owners of its new Eee Box low-cost desktop PC that the machine shipped with a virus.

The D drive of the Eee Box B202, which launched in Japan last week, contains a virus file named "recycled.exe," Asustek said in a statement. When the drive is opened, the virus begins copying itself to the main C drive on the machine and to any other removable drives or USB memory connected to the computer.

Despite repeated attempts to get more information from Asustek, the company has not confirmed that the problem is limited to only Japanese Eee Box PCs. The company also didn't explain how the virus got into the computers.

Continue reading " Asus reports virus loaded into Eee Box PCs "

Virus derails Santa train

jpayton@compsecglobal.com (Justin Payton) — Wed, 08 Oct 2008 16:23:00 -0600

BOOKINGS for an annual Santa Train at a country park near Westbury have been lost as a result of a computer virus.

Sue Capon, director at Brokerswood Country Park, near Westbury, said staff went into work on Tuesday, September 30 to find the virus had attacked their computer system and destroyed all the information about who had booked the rides.

The attraction usually draws in around 3,000 people and Mrs Capon said they had been taking bookings since July, so up to 1,000 people had already secured places.

She said: Everyone who has paid will have a receipt of payment and a computer generated ticket, so we want to appeal for them to come forward and tell us what they have booked.

Continue reading "Virus derails Santa train"

30 years on, fighting spam remains a global challenge

jpayton@compsecglobal.com (Justin Payton) — Wed, 08 Oct 2008 11:36:04 -0600

Despite new measures put in place by the internet service providers to fight the scourge of spam, thirty years on, the menace has grown into an underground industry that sends out billions of messages by the day, making up more than 80% of e-mail traffic
The trend which has continued to grow in geometric progression has remained a source of worry to both internet users and the service provides including yahoo, Microsoft, America Online, among others.

But after the first recognizable e-mail marketing message, according to record that was sent on 3 May, 1978 to 400 people on behalf of DEC - a now-defunct computer-maker, the ugly trend has remained unabated.

Viruses, spam, spyware - the list seems endless. Indeed, as technology becomes more sophisticated and accessible, so too do methods of corrupting them.

Statistics suggest that more than 80%-85% of all e-mail is spam or junk and more than 100 billion spam messages are sent every day globally. Further statistics gathered by the FBI suggest that 75% of net scams snare people through junk e-mail. In 2007 these cons netted criminals more than $239m (£121m).

Majority of these messages, according to findings, are being sent via hijacked home computers that have been compromised by a computer virus. A recent report from North Carolina State University, for instance, showed that most internet users are unable to tell the difference between genuine and fake pop-up messages.

Junk mail, according to IT experts, is used by hi-tech crime gangs as the vehicle for a variety of scams and cons. Spam is a burden on all of us, said Graham Cluley, senior technology consultant at Sophos in a media recent report Whats worse is that a lot of spam is deliberately malicious today, aiming to steal your bank account information or install malware. he added.

With almost half of all e-mail being reported as unsolicited, it is not surprising that spam tops the list of one of the most bothersome internet irritations..

However, with every internet user falling victim of this dangerous computer threat, the service providers appear helpless in bringing culprits to book even with the CAN Spam Act of 2003.

The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them.

The law, which became effective January 1, 2004, covers e-mail whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site. A transactional or relationship message email that facilitates an agreed-upon transaction or updates a customer in an existing business relationship may not contain false or misleading routing information, but otherwise is exempt from most provisions of the CAN-SPAM Act.

The Federal Trade Commission (FTC), the nations consumer protection agency, is authorized to enforce the CAN-SPAM Act. CAN-SPAM also gives the Department of Justice (DOJ) the authority to enforce its criminal sanctions. Other federal and state agencies can enforce the law against organizations under their jurisdiction, and companies that provide Internet access may sue violators, as well.

Spam, according to Vanguard Computers E-business check, is annoying and time-consuming to get rid of by hand as many of them may contain viruses and spy ware that can damage userss computer.
Although most spam mail originate with advertisers looking to push their products, some are much more malicious in their intent.

Continue reading "30 years on, fighting spam remains a global challenge "

Cyber thieves stealing billions

jpayton@compsecglobal.com (Justin Payton) — Wed, 08 Oct 2008 11:08:21 -0600

HUNCHED over a computer terminal in his pyjamas, "Frank" makes more money than a small-time drug dealer without ever having to worry about being caught or even leaving the house.

Constantly covering his tracks via a complex web of internet servers, he is part of a global network of cyber thieves who together fleece billions of dollars from unsuspecting internet users every year - using little more than an internet connection, free software and some spare time.

Speaking to the Herald on the condition of anonymity, he and other experienced hackers say banks' attempts to stamp out credit card theft are doomed due to the ease with which clients' computers can be compromised.

In today's e-commerce world, you can have your bank details stolen just by visiting your favourite websites. Hackers use automated tools to scan websites for vulnerabilities, injecting databases with a few lines of tainted code.

Whenever someone visits the compromised site, in the background their computer is redirected to a site hosting malicious code and infected with a virus, giving hackers backdoor access to the computer.

Among a plethora of nasty features, the virus reports back to the hacker with a log of every keystroke the victim makes.

The BusinessWeek website was the most recent high-profile victim in September, but security companies estimate hundreds of thousands of other reputable web pages, including some belonging to the United Nations, have been infected in recent months.

BusinessWeek fixed the problem after widespread publicity but not before thousands of visitors were potentially exposed.

Once a personal computer is infected, the hacker can control it remotely using a web application. The computer can then be brought into a botnet of "zombie" computers and be used to infect other machines.

"You can simply type in '.card' into the command line and it will display all credit cards used on that computer," said Odin, the administrator of the Evilzone.org online hacking forum where many online troublemakers talk shop.

"Which means any card you use for any website you go to, you're screwed, no matter if it has a little 'lock' to the right of the address bar saying that it is 'secure'."

Hackers can also infect computers by sending out spam emails with either the virus attached or a link in the body that is activated when clicked.

Makers of internet security programs are in a constant battle with virus writers to block the latest threats, but new variants appear constantly and even the most frequently updated anti-virus program cannot block all threats.

"If the virus is undetectable by anti-viruses, you can say it's the latest game from Epic Games and stick the virus onto the game," Odin said. "That is called binding, when you bind a program onto another program. Bind the virus with a worm and you've got 10-20 victims in the first hour."

Continue reading "Cyber thieves stealing billions"

States and National Cybersecurity Awareness Month.

jpayton@compsecglobal.com (Justin Payton) — Tue, 07 Oct 2008 17:09:00 -0600

State CIOs weigh in on cybersecurity progress.

From home computer users making sure they have anti-virus and anti-spyware installed, to protecting your kids from online predators, to backing up everything in case of a cyber attack, the federal governments wants you to be sure you're doing everything you can to protect your cyber assets.

"Back in 2004, at the inaugural Cyber Security Awareness Month, almost a third of the Americans polled believed they were more likely to be struck by lightning than to become a victim of a cyber attack or a security breach," Greg Garcia, Cybersecurity and Communications Assistant Secretary at the Department of Homeland Security, said Thursday.

"The times really have changed. We're seeing now phishing, farming, botnets, Wi-Fi, war dialing and domain server spoofing. And we're seeing coordinated cyber attacks against nation states."

With IT systems and networks serving as the "nervous system" of the country's most critical infrastructures, such as food and water processing and purification plants, bridges, electricity generation, online banking, and dispatching emergency personnel, Garcia said, "protecting cyberspace, in my view, is as important to our national interests as protecting our land and our sea borders."

State chief information officers (CIOs) across the country are using this month to hammer home the message to their governments that development and protection of the IT structure is of utmost importance.

"It is utterly important to recognize that information technology not only enables the workings of the country's infrastructure but also enables all of our commercial activity and as such there's a need for all the stakeholders to work together to ensure that the nation's IT infrastructure is secure," Gopal Khanna, Montana's CIO and president of the National Association of State Chief Information Officers (NASCIO) told HSToday.

State CIOs are responsible for leading technical solutions across their governments, and for coordinating efforts to keeping states' networks safe and secure.

Khanna said it's imperative state governments use a "coherent approach" in securing citizens' data and assets.

"The weakest link can disable the government's ability to deliver content in the classroom, payroll for employees, payouts for Human Services, information for police officers in police cars, and ability for first responders to respond in the case of a disaster," he said.

Continue reading "States and National Cybersecurity Awareness Month. "

Phishing the Boundaries ; India is Now Among the Top 10 in Internet Bank Account Hacking, With Conmen Deploying Ingenious Ways to Siphon Off Your Money.

jpayton@compsecglobal.com (Justin Payton) — Tue, 07 Oct 2008 14:57:02 -0600

The Internet has suddenly emerged as an easily accessible place to steal money and identities, as most users still operate through unsafe systems and are blissfully unaware of the dangers that lurk in cyber networks.

The trouble is, Internet users are only as good as their password and i-pin. And phishing (Internet bank account hacking) is the way for miscreants and conmen to get hold of it. Internet users in India are being flooded by e-mails on millions of pounds or dollars they have either won or inherited.

More serious are official-looking mails ostensibly from the bank where an Internet user has his or her account, saying the bank wants to crosscheck their personal data, account numbers and passwords.

It looks official and appears to be exactly like your bank's website, but the moment you write in your personal data, the damage is done. A proxy server in any remote corner of the world, be it Nigeria or Taiwan, uses that information to then siphon off money from your account to theirs. It's that simple.

India has woken up to a plethora of phishing attacks in recent months. Last year, we were ranked 14th in phishing attacks worldwide, and this year we are in the top 10. The Bangalore police, for example, had registered over 40 cases of phishing last year.

This year, there have already been over 30 such cases registered. In November last year, Bangalore's Corps of Detectives arrested a man named Joseph Marci, who, between August 2006 and August 2007, had systematically bled 17 bank accounts in top commercial banks- including ICICI, HDFC, Axis and Citibank-siphoning small amounts regularly to have amassed Rs 3.54 lakh.

It was an eye opener, as he used a simple tool that most Internet users could fall prey to. Marci's modus operandi was to download free software called "key logger" onto public computers in Bangalore's ubiquitous cyber cafes.

Normally in the first week of the month, people check their bank accounts and type all their details. The software recorded the sequence of letters and numbers, giving Marci all the information he needed- bank account number, password, branch and so on.

A survey by Websense in 2007, which spoke to 450 CIOs (chief information officers) in India's biggest companies, revealed that 57 per cent of those companies had received phishing attacks, while 38 per cent had been attacked by a spyware, despite installing rigorous firewalls and anti-virus systems.

And while most organisations were uncertain about the financial losses they incurred due to these attacks, about 55 per cent believed to have received viruses and worms into their network due to their employees surfing the net.

The CIOs felt that some of the ways in which employees exposed their corporate networks to security threats included: free software downloads, use of Instant Messaging tools, proxy avoidance sites, visiting malicious websites and pop-up ads.

Experts also say that the Internet Explorer, a browser that most of India uses, has no built-in anti-phishing mechanism. "Mozilla or Google's new browser, Chrome, have built-in anti-phishing tools, so it's always better if you switch to them," says Ankit Fadia, India's most famous ethical hacker.

Continue reading "Phishing the Boundaries ; India is Now Among the Top 10 in Internet Bank Account Hacking, With Conmen Deploying Ingenious Ways to Siphon Off Your Money."

Security you can bank on still elusive

jpayton@compsecglobal.com (Justin Payton) — Mon, 06 Oct 2008 09:56:04 -0600

Shock. Anger. Fear. These are the typical reactions from the growing number of bank customers who find themselves the victims of electronic fraud, says Bruce Ford.

For the past 10 years, Ford has run a consultancy called Dispute Assist, which aims to help customers who have problems with their banks. Over that time he has become something of an expert in the emotional toll of electronic fraud - and on the often unsympathetic response customers get from their bank.

"They are appalled at how badly they are treated by staff at the banks when they are still in shock at having their account accessed," Ford says.

"Usually there is a lack of courtesy and lack of assistance from the banks in helping people overcome that feeling. Invariably you find customers trying to prove their innocence, but it should be the other way round - there should be a presumption of the customers' innocence."

The extent of the problem that the banks are grappling with comes as no surprise to Dr Anna Kurtovic, a member of the Association of Certified Fraud Examiners and the leader of a forensic accounting team at Lawler Partners in Sydney. She believes a lot of fraud passes unnoticed.

Banks are working to plug security holes, Kurtovic says, but they should be more transparent about the extent of credit card and online fraud, if only to to impress upon consumers the importance of protecting their own information and their money.

She believes banks are reluctant to discuss fraud for fear of damaging their reputations. "There's still a tendency to downplay the problem. As consumers, we should be able to be told more and made more aware."

Kurtovic was the victim of an $US8000 fraud this year, probably when her card was compromised through a merchant's terminal. Her bank reimbursed her, but she had a "nervous" two-month wait.

There has been a flurry of debate in the banking industry about the question of how far online customers should be expected to look after their own security. For instance, if a customer fails to keep virus software up to date, falls victim to a so-called "trojan" virus that captures their username and password and has large amounts siphoned from their account, should they be held liable? What if they respond to a "phishing" attack and hand over those same details?

According to the Electronic Funds Transfer Code of Conduct - a voluntary code of practice to which all banks, building societies and credit unions subscribe - the customer would be liable only if acting with "extreme carelessness". Whether responding to a convincing "phishing" email is equivalent to "extreme carelessness" is unclear.

Continue reading "Security you can bank on still elusive"

Is It a Virus?

jpayton@compsecglobal.com (Justin Payton) — Sat, 04 Oct 2008 12:00:00 -0600

Sometimes the common word isn't technically correct

I get a lot of email from people who believe their computer is infected by a virus. In most cases, it's not infected at all--evil software designers are still outnumbered by incompetent ones.

And even if there is malware involved, it's almost certainly not a virus.

The word virus refers to a very specific way that malware spreads from one PC to another. A computer virus infects an executable file, like a program, the way a biological virus infects a cell. When it gets the chance, it infects another file, and thus spreads.

Or perhaps I should say used to spread. Over the last few years, rogue programmers have found better ways to infect your computer, more suited for the Internet and email age. For instance, Trojans--programs that trick you into opening them, and infect your computer when you do--are quite popular among the tech-savvy criminal set.

Continue reading "Is It a Virus?"