Malware

v3.co.uk: The Windows version of the Crisis Trojan is far more dangerous than first thought, being capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, research has revealed. Crisis was originally uncovered targeting businesses with social engineering attacks that trick users into running a malicious Java applet in July. Symantec has since revealed that the malware has more advanced capabilities, letting it search for and copy itself onto VMware virtual machine images on compromised computers. ...

h-online: Syrian activists, journalists and opposition group members are reportedly under attack by malware claiming to be a security tool that will help protect them against hackers. The fake “AntiHacker” tool is being spread through targeted phishing emails and via sites such as Facebook, and claims to provide “Auto-Protect & Auto-Detect & Security & Quick scan and analyzing” functionality. ...

Cross-posted from Surelist The appearance of a new Android malware family is not that surprising at all today. Especially when we talk about SMS Trojans which are one of the most popular and oldest type of threats created for extracting money from users. A new family of SMS Trojans named Vidro appeared a few days ago but we’ve already collected a lot of APK files with very similar functionality. At the moment all the samples we have found target users only from Poland. ...

h-Online: Citizenlab has released a detailed analysis of the activities of a trojan in which the experts conclude that the malware is most likely closely related to FinFisher, a commercial spyware tool developed by a company called Gamma International. The trojan targeted political activists in Bahrain and included sender names such as that of an Al Jazeera correspondent and subject lines like “Torture reports on Rabil Najaab”. The attached .exe file, disguised as an image, disabled anti-virus software and installed a complete set of spyware programs on the recipient’s PC. The spyware proceeded to monitor, among other things, the victim’s Skype communications including conversations and file transfers. An analysis of the infected systems’ working memory repeatedly produced the “finspy” character string. This name is used by Gamma to advertise FinFisher modules. ...

Mashable: Sophos’s NakedSecurity blog outlined the threat on Wednesday. The company’s SophosLabs intercepted a “spammed-out email campaign” which was designed to spread malware. Sophos provided the following example: The blog notes that the email address above misspells “Facebook” as “Faceboook.” The link takes the user to a malicious iFrame script, which exposes the user’s computer to malware. However, within four seconds, the user’s browser is directed to a presumably innocent Facebook page like the one below to act as a smokescreen. ...

This article is copied from Softpedia: Researchers from Symantec, Kaspersky and Seculert **have all come across Madi (Madhi), a relatively new piece of malware that mainly targets organizations from the Middle East. ** Before we take a look at Madi and compare it to other infamous Trojans such as Stuxnet, Duqu, or Flame, let’s take a quick look at its name. According to Wikipedia, Mahdi is considered to be the redeemer of Islam who will rid the world of tyranny, injustice and wrongdoings. ...

Malware has been spreading on Android mobile phones that takes control of certain email accounts to create a “botnet” to send out spam, a security researcher says. Microsoft security engineer Terry Zink says the malware has infected phones of users’ Yahoo email accounts to send out spam messages. “We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices,” Zink said in a blog post on Tuesday. ...

ZDNet Wrote: A new piece of malware is trying to take advantage of Skype’s increasing popularity, especially on mobile devices. Cybercriminals have created a fake version of the Skype for Android app, designed to earn money from unsuspecting users. Trend Micro, which first discovered the malware, is calling this particular threat JAVA_SMSSEND.AB. The Java in the name should not surprise you, given that Android apps are primarily developed in a custom version of the programming language. Thankfully, this is not a very good fake. The app in question only runs on older (pre Software Installation Script) Symbian phones or Android devices that allow execution of Java MIDlet. ...

Tomorrow, July 9th, the FBI will shutdown the DNS servers which allow the computers infected with this malware to use the Internet. If you want to make sure you will keep your internet working, act today and check your computer to see if it’s infected by DNS Changer or not, here is a very easy to use tool: Tool available for those affected by the DNS-Changer

Is this the perfect recipe for a cybercriminal ?: Hacking LinkedIn’s password (and possibly user-) database. Sending an email to all obtained email addresses, which is urging you to check your LinkedIn inbox as soon as possible. A user unawarely clicking on the link. An exploit gets loaded. Malware gets dropped. Malware gets executed. User’s computer is now a zombie (part of a botnet). I would definitely say YES. A reader of my blog contacted me today, he had received an email from LinkedIn which was looking phishy. We can verify that Step 1 is accomplished, by the simple fact that in the “To” and/or “CC” field of the email below, there are about ~100 email addresses. A quick look-up of a few of them on LinkedIn reveals the unconvenient truth… Here’s the email in question: ...