Tag Archives: spyware

May 14

Malware threats growing online and getting tougher to detect

Posted on by

New Malware Campaign

A new malware campaign is making the rounds of the Internet, taking advantage of curiosity and sympathy surrounding the passing of Beastie Boys’ Adam Yauch (a.k.a. MCA).

Trend Micro said the attack appeared to target specific recipients, using a news item about Yauch’s death as a social engineering lure.

“We have found an email sample that leverages Yauch’s death to entice users to download and open the malicious attachment. The message appears as a news item from a non-profit organization that features the late musician’s recent passing,” it said.

It said the email contains a .DOC file attachment, which is supposed to contain the complete story.

But users who download and open the .DOC attachment are actually executing a malware detected by Trend Micro as TROJ_DROPPR.JET.

“This Trojan file drops another malicious file, detected as particular TROJ_SWYSYN.SME, that connects to possibly malicious URLs,” Trend Micro said.
Online ads serving malware

One of the sneakiest scams among cybercrooks these days involves malicious advertisements that can infect a computer with nasty software even if a person merely happens onto a website where the ads appear and doesn’t click on them.
The sinister ad software, called “malvertisements,” which can steal bank account passwords, disable computers or cause other mischief, have claimed millions of victims. And some experts fear worse problems may be ahead.

“What we are seeing today is the canary in the mine,” said Craig Spiezle, executive director of the nonprofit Online Trust Alliance, which seeks to bolster consumer confidence in cyberspace. “It’s an early warning and if we don’t do more to secure the ad infrastructure, we run the risk of having much broader distribution of malware than we have today.”

Phony Flash Player

Adobe Flash Player users beware: A website that promises visitors a free copy of the download for all versions of Android is reportedly planting malware on smartphones running Google’s mobile operating system.

The infected web page used to distribute the malware was discovered in a number of Russian domains, wrote Karla Agregado, a fraud analyst with Trend Micro, in a recent company blog. A similar tactic emerged last month to infect Android phones with bogus copies of Angry Birds and Instagram.

When a visitor clicks the download button at the infected site, Agregado explained, a connection is made to another site that, without the guest’s knowledge, sends a malicious APK file to the mobile web surfer’s smartphone.

Once on the phone, the malware starts to secretly send text messages to premium numbers. This scam is a popular one among cyber criminals targeting Android phones.

Amnesty International targeted by malware

People visiting Amnesty.org.uk on Wednesday and Thursday were exposed to malicious code that exploited a now-patched vulnerability in Oracle’s Java software framework, according to a blog post published Friday by Websense. End users who hadn’t yet applied the patch were infected with Gh0stRat, a family of malware that siphons sensitive data from victims’ machines and can also operate Web cams and microphones in real time. The trojan came to light in 2009 when researchers reported that it infiltrated government and private offices in 103 countries. That included computers belonging to the Dalai Lama.

The Java vulnerability targeted on the Amnesty International site has been used in the past to install malware on computers running both Microsoft Windows and Apple’s OS X. Recently, similar espionage attacks have migrated to OS X, and the Flashback malware attack believed to have infected more than 500,000 Macs targeted the same bug. Based on the Websense post, however, it appears this week’s attacks infected only Windows users.

Mar 30

10,000 malware infected Aussies to be cut-off

Posted on by

The Australian Communications and Media Authority (ACMA) warned Windows and Mac DNSChanger Trojan victims to remove the malware now or risk being cut off from the internet on 9 July 2012.

In a statement issued Thursday the ACMA said there are approximately 10,000 Australian internet users currently infected with this malware.

“DNSChanger infections currently constitute around half the infections reported through the AISI (Australian Internet Security Initiative). The ACMA started reporting DNSChanger data to AISI participants as soon as it was made available to us in November 2011,” ACMA’s e-security operations manager Bruce Matthews told CSO Australia.

Mar 28

Ransomware on the rise in Europe

Posted on by

The recent increase of ransomware infections in Europe illustrates the fluid nature of cybercrime. Some groups of cybercriminals seemed to have recouped and looked for alternative means of income because of the initiatives done by law enforcements against FAKEAV. One of these alternatives was ransomware, a threat that was origainally rampant in Russia. We believe that the sudden increase of ransomware incidents outside Russia and across Europe is a by-product of the dwindling FAKEAV business.


What is ransomware?
Ransomware refers to a class of malware that holds a computer “hostage” until the user pays a particular amount or abides by specific instructions . The ransomware then restricts access to the system when executed. Some cases of ransomware also repeatedly show messages that force users into paying the “ransom” or performing the desired action. There are even ransomware variants that may encrypt files found on the system’s hard drive. Users are then forced to pay up because the system becomes rendered useless because of the file encryption.
Recently, the cybercriminals behind this threat also made use of online payment methods such as Ukash andPaySafeCard as a way for users to pay the ransom. Ransomware attacks were also frequent in Russia.