New Trojan Virus Attacks Mac Computers Via Social Networking Sites

**Mac: Hi PC, I’m not feeling so hot today… ** PC: Oh, I know ALL about that. I think you have a virus! Security experts by and large agree that security via obscurity is not a wise model for protecting customers over the long term. That’s exactly the model Apple has employed successfully for some time now. However, its luck finally appears to be running short. ...

October 28, 2010 Â· 3 min Â· 545 words Â· Omid Farhang

PCWorld links to scareware

I was reading an article on PCWorld’s website about the upcoming Google Chrome OS: So far so good. Except that I inadvertently clicked on one of their sponsored links: which ironically states “Here is all about spyware removal and even more.” After a few redirects, my browser is hijacked by one of those FakeAV scanners: ...

October 21, 2010 Â· 2 min Â· 236 words Â· Omid Farhang

Man cops to botnet-fueled pump-and-dump scheme

An Arizona computer specialist has admitted taking part in a conspiracy that used large networks of compromised computers to inflate the value of stocks so they could later be sold at a profit. James Bragg, 41, of Chandler, Arizona, pleaded guilty on Wednesday to conspiracy to commit securities fraud and fraud, prosecutors said. He faces a maximum sentence of five years in prison and a $250,000 fine. It wasn’t immediately clear when sentencing is to take place. ...

October 21, 2010 Â· 2 min Â· 285 words Â· Omid Farhang

Malware Pushers Abuse Firefox Warning Page

This is a pretty neat attack from the malware pushes leveraging on the ignorance of the average user – which in all honestly is a safe bet most of the time! You could consider it a Social Engineering attack as it’s taking something that’s familiar and changing it to deliver malware. I’m sure all the Firefox users reading have at some point or another been faced with the warning screen that tells you a site is not safe to visit, the red page which states in big white letters “Reported Attack Page!”. ...

October 21, 2010 Â· 3 min Â· 454 words Â· Omid Farhang

Hacked Kaspersky Download Site Directs Users to Fake Antivirus

Kaspersky Lab now admits that people attempting to buy Kaspersky’s security products on Oct. 17 were redirected by hackers to a scareware site with links to fake antivirus software called Security Tool. Hackers have caused serious embarrassment for a major security technology company. Kaspersky Lab’s Website was hacked over the weekend, sending customers looking for security software to an external download page pushing counterfeit software. ...

October 20, 2010 Â· 4 min Â· 660 words Â· Omid Farhang

Fake Twitter homepage kit serves up naked ladies and infection files

You might be wondering why the frontpage of Twitter has a big “Edit” line running through it in the screenshot below: The answer, of course, is that this is not the real Twitter page at all. It’s part of an increasingly popular kit used for shenanigans: The scammer downloads the zip, edits the links in the .htm file and places something likely to catch the attention of an end-user underneath the “Edit” line. The fact that the fake content is sitting directly underneath the “New Twitter” promotional text is not a coincidence. ...

October 18, 2010 Â· 2 min Â· 279 words Â· Omid Farhang

Avira know better what to put and where

Sometimes we encounter childish messages from the authors in the body of malware. A variant of the TDSS family we got recently is even going a step further by offering a convenient location for a malware signature. The samples include the message “Put your signature here”, which is shown when run inside a debugger. While in many cases signatures could be still useful for detection, Avira prefer to use other technologies which are more generic and proactive. This is especially the case with malware families like TDSS/Alureon, whose authors continuously adapt their creations so they are able to work around even proactive detection in a short time. This variant is detected as TR/Crypt.XPACK.Gen3. ...

October 18, 2010 Â· 1 min Â· 113 words Â· Omid Farhang

ZeuS baddies copy Conficker tactics

Variants of the infamous ZeuS cybercrime toolkit have begun using the tactics of the infamous Conficker worm in a bid to get ahead of security defences. The so-called Licat worm, which is “strongly linked” to ZeuS, represents a likely attempt to reinforce botnets following recent arrests of suspected bank fraud money mules, as well as hackers tied to ZeuS in the UK, US and Ukraine over the last month or so. ...

October 16, 2010 Â· 1 min Â· 194 words Â· Omid Farhang

Fake Stuxnet cleaner literally cleans up your computer

W32.Stuxnet has been a subject of much discussion amongst security researchers and media, and we posted a series of blogs on the subject. As you may already be aware, Stuxnet is hot topic as the threat targets industrial control systems in order to take control of industrial facilities and systems, such as manufacturing assembly lines and even power plants. Because Stuxnet is such major news, the miscreants who like to spread malware are not wasting much time taking advantage of this for their malicious activities. In our investigations we have discovered that various forums are discussing a free Stuxnet removal tool but unfortunately the tool is actually a piece of malware. We successfully obtained a sample of this tool and our analysis supported our sense of danger: Bottom line is, do NOT run the tool. ...

October 15, 2010 Â· 2 min Â· 295 words Â· Omid Farhang

Stuxnet Questions and Answers

Stuxnet continues to be a hot topic. Here are answers to some of the questions we’ve received. Q: What is Stuxnet? A: It’s a Windows worm, spreading via USB sticks. Once inside an organization, it can also spread by copying itself to network shares if they have weak passwords. Q: Can it spread via other USB devices? A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on. ...

October 6, 2010 Â· 6 min Â· 1157 words Â· Omid Farhang