Advertisements

Malware

  • February 22, 2013

    Java related Malware Hits Apple Computers

    A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.   Apple has released software updates for systems running OS X Lion and Mac OS X v10.6 that will update Java to fix the security flaw, and remove the Flashback malware if it is present.  For Macs running Mac OS X v10.5 or earlier, you can better protect yourself from this malware by disabling Java in your web browser(s) preferences. In a sign of Apple’s increasing vulnerability to attacks, some Mac computers belonging to Apple employees were infected with Java-related malware when the employees visited a software development website. Apple admitted its systems were penetrated by hackers. In the wake of this attack Apple released the update to its Java package for Mac computers that can remove the most common variants of the Flashback malware. The Apple hacks happened when vulnerability in Java, from Oracle Corp., allowed hackers access to core computing systems, but the same vulnerability may also put regular PC users at risk.  A similar Java related exploit against Facebook was revealed Friday.
  • October 16, 2012

    Google Mobile Malware

    Is Google planning on integrating an antivirus scanner into Android? A just-released Google Play store app update, as well as the company’s recent acquisition of VirusTotal seem to hint that yes, Google is looking into it. Google yesterday started rolling out an update to its Google Play Store app version 3.8.17 from August was bumped to version 3.9.16 in October.  The update to the phone has two parts.  The first thing called App Check would apparently allow Google to inspect apps you’ve already downloaded and a second feature would warn you if an app you’re trying to install is suspicious. Google already has a server-side Play Store malware checker called Bouncer. The automated antimalware system removes malicious apps uploaded to the Play Store and is meant to prevent repeat-offender developers. Yet what is being described here is a client-side antimalware system, which would be particularly useful for apps not on the Play Store that Android users are installing from various sources. This is not the first time Google has worked on removing and preventing malicious software in July Google has to remove 25 malicious apps which forced them to put Bouncer in place.  There are third party anti virus apps available buy almost every AntiVirus vendor like AVG Zoner Avast Nortain Webroot Mcafee Trendmicro But this move by Google shows that they are preparing to make some security changes and add possible a built in AntiVirus product on the client side. With the recent FBI warning to consumers about mobile malware Google is adding better security features and possibly a built in AV on its latest Android mobile OS Jelly Bean 4.1 to avoid future security issues.  With Jelly Bean’s design, Google hopes to defend against hacks that install viruses, along with other malware.
  • Microsoft released a forth quarter security report stating that the worm Conficker is still infecting 1.7 million computers and work stations.   This news comes more than three years after the worm was first detected.  The rate of infection has increased despite widespread availability of tools to fight it. Conficker has many different versions which make it hard to fight on large scale networks.  Although Microsoft had patches out way before a lot of companies were not patched.  Conficker can also turn off Automatic updates and BITS (Background Intelligent Transfer Service).  Despite Microsoft’s security patches and updates for Windows XP and Vista companies and end-users are still vulnerable due to Conficker’s ability to self-update by automatically connecting to hundreds of attacker-controlled domains. Microsoft recommends two things 1. Adopting Better AV (Anti-Virus Solutions) and Malware Protection 2. Strong and Better passwords
  • June 13, 2012

    DnsChanger Trojan

    DNSChanger is a trojan that will change the infected system’s Domain Name Server (DNS) settings, in order to divert traffic to unsolicited, and potentially illegal sites. This Trojan is designed to change the ‘NameServer’ Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan. The FBI under a court order expiring July 9 the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines. July 9th is being called Internet Dooms Day.  The FBI set up a safety net months ago using government computers, but that system will shut down July 9. At that point, infected users won’t be able to connect to the Internet. The Trojan can be removed Manual Removal Instructions: 1. Navigate to the following paths in the registry. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters “DhcpNameServer” HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces%Random CLSID% “DhcpNameServer” HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces%Random CLSID% “NameServer” HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces%Random CLSID% “DhcpNameServer” 2. Look for unknown IP Addresses in the Data part. Change them into IP addresses for your DNS Servers.