Avira TechBlog: We discovered a new ransomware threat which is downloaded by a Trojan of the Oficla family. This downloaded threat replaces the MBR (master boot record) of the hard disk with its own MBR which asks the user for a password and thus blocks the loading of the operating system. Upon starting the Oficla Trojan and successive execution of the downloaded payload the system will be rebooted and the user will be presented the ransom notice. ...
A security man stands next to an anti-aircraft gun as he scans Iran’s nuclear enrichment facility in Natanz, 300 kilometers [186 miles] south of Tehran, Iran, in April 2007. Wired: In what appears to be the first confirmation that the Stuxnet malware hit Iran’s Natanz nuclear facility, Iranian President Mahmoud Ahmadinejad said Monday that malicious computer code launched by “enemies” of the state had sabotaged centrifuges used in Iran’s nuclear-enrichment program. ...
Sophos Labs: There are two stories that have been the focus of much speculation that have come to some closure today. New information confirming many peoples suspicions about Aurora and Stuxnet have been reported by Wikileaks.org and Reuters. As has been widely reported Wikileaks began releasing over 250,000 previously secret diplomatic cables that it is assumed they received from PFC. Bradley Manning. Most of the cables are as uninteresting as reading your friends Yahoo! mail. ...
You might want to steer clear of the following fake security program, being promoted as a “Windows Trojan Removal Kit” but actually hijacking your PC in the form of the ThinkPoint rogue with a mixed (24/43) detection rate. The file is currently being offered up by your typical “fake security scan” pages, such as microsoftwindowssecurity152(dot)com. Those familiar with this particular rogue will be aware that it tends to stick with domains similar to the one above. ...
SophosLab: Once again, a rogue application is spreading virally between Facebook users pretending to offer you a way of seeing who has viewed your profile. As we’ve described a couple of times before, plenty of Facebook users would *love* to know who has been checking them out online.. but unfortunately scammers are aware of this, and use the lure of such functionality as a way to trick you into making bad decisions. ...
Thomas Wegele, Virus Researcher from Avira wrote: In this month’s ITW malware set from the Wildlist organization two new variants of W32/Ramnit appeared. W32/Ramnit is a Worm spreading via infected executable files and infected HTML Files. It is a quite widespread malware – which is why we decided to dig deeper into it. Upon execution the malware creates a new file in the directory where it was started. This file is named “mgr.exe”. It then gets executed and creates a copy of itself in “C:%ProgramDir%\Microsoft\WaterMark.exe” which also gets executed after creation and in turn infects the EXE, DLL and HTML files found on the system and tries to connect to a server. ...
With the expanding amounts of storage available on cell phones, mp3 players, digital cameras, and gaming devices it’s no surprise that malware is increasingly being transmitted over USB. avast! Software is reporting that out of 700,000 attacks reported by its Community IQ system in October, one in eight were exchanged over USB connections. “Cyber-criminals are taking advantage of people’s natural inclination to share with their friends and the growing memory capacity of USB devices,” says avast! virus analyst Jan Sirmer. ...
There are always peculiar things malware researchers discover while analyzing new samples. VirusTotal 24/43 Let’s remember the filename as HD Porn TV for later Our victim runs it thinking they will see the latest porno in HD quality. Instead they get a new browser ‘theme’ with a Turkish flavor: Internet Explorer: Firefox: The bad guys hijack Winsock: And filter traffic through: ...
Tom Kelchner, Sunbelt blog: Alert reader Laurie (my boss actually) forwarded a copy an email she received from a friend. It said the sender was “…pleased to announce the newest version of Antivirus 2010 for Windows.” There was a link to click, of course. Something called “Antivirus 2010” for sale in November is very odd for three reasons: It’s nearly 2011 and legitimate AV companies are putting out their 2011 versions. There was a rogue security product last year called “Antivirus 2010.” (VIPRE detection: FraudTool.Win32.Antivirus2010 (v)) Although a lot of companies make a product named Anti-Virus 2010, they usually put their name in front of it, such as “Kaspersky Anti-Virus 2010” or “Norton AntiVirus 2010.” The Antivirus 2010 rogue graphic interface from 2009: ...
Sophos has released a free antivirus product for consumers using Mac OS: Sophos Anti-Virus Home Edition for Mac. Although commercial antivirus products for Macs have been available for some time, Sophos’ offer is one of the very few free ones. The Internet security firm took its existing enterprise antivirus software and slimmed it down to reduce complexity. Interestingly, the company has no plans to release an equivalent free version for Windows. Windows threats are in the millions while the number of strains of Mac malware is in the thousands. ...