Targeted e-mails distribute malware in PayChoice breach
Payroll processor PayChoice said Thursday it is investigating a breach in which customers received targeted e-mails purporting to be from the company but were designed to trick people into downloading malware.
Workers received e-mails last week that directed them to download a browser plug-in or visit a Web site so they could continue accessing the Onlineemployer.com PayChoice portal. Malware in the download and on the Web site turned out to exploit holes in Internet Explorer, Adobe Flash, and Adobe Reader, PayChoice said.
Read the rest of the article here: http://news.cnet.com/8301-27080_3-10365830–245.html?tag=newsEditorsPicksArea.0
Categories: Malware Tags: adobe flash, adobe reader, breach, holes, internet explorer, paychoice, payroll processor, people, portal
Clampi Virus targets online banking
In the modern world, most people never see their bank (with the exception of ATM withdrawals). We use bill pay, direct deposit and bank debit cards. This is the exact behavior that the Clampi virus is living on.
Clampi is a very stealthy virus, just biding it’s time on a compromised machine and watching for connections to online financial websites. So many so that the London Times Online reports:
The trojan has a list of more than 4,500 finance-related websites that it monitors, including British high street banks. Security experts warned that it was one of the stealthiest and most pervasive threats to computers using the Microsoft Windows operating systems.
The virus appears to be geared with more of the business users instead of the normal home user (though it does infect home users). If the virus does end on a work computer, it will attempt to capture login credentials administrators and spread itself through the network. As it spreads, it continually monitors for login information to the watch list of financial websites. If this virus does infect the finance group of a company, it will attempt to send wire transfers from that account. You can ask Slack Auto Parts. It has been reported that they lost $75,000 July 3–7, says owner Henry Slack. Clampi-infected computers sent nine payments to six different mules � and failed to transfer an additional $69,000 in eight other attempts.
A word of warning, if your computer is designated for financial usage, please do not surf the internet or use social media sites to minimize the risk of infections.
Since this virus has been out for a while, all the major antivirus vendors have updated definition files that include the scan for this particular virus. Make sure your system is always updated and scanned on a regular basis. If you would like to run a quick check, using a different vendor, I recommend these online scanners:
TrendMicro: http://housecall65.trendmicro.com/
Symantec: http://security.symantec.com/sscv6/WelcomePage.asp
McAfee: http://home.mcafee.com/downloads/freescan.aspx?cid=60447
Panda: http://www.pandasecurity.com/activescan/index/
Categories: Malware Tags: age, amp, antivirus, antivirus vendors, are, as, atm withdrawals, attempts, bank debit cards, business users, can, comp, computer, Download, downloads, exact behavior, Files, finance group, financial websites, FREE, heck, henry slack, Home, home users, housecall65, Internet, login credentials, london times, mcafee, Micro, microsoft, microsoft windows, microsoft windows operating systems, online, panda, pervasive threats, ports, quick, Read, REG, scanner, Security, security experts, security symantec, street banks, symantec, system, the, title, Tree, trendmicro, use, virus, warning, Web, website, Welcome, Window, WINDOWS, windows operating system, windows operating systems, wire transfers, word, work computer, World, you
Go Figure, Dirty sites are dirty…
Symantec, the makers of a very widely used array of internet security programs, has compiled a list of the 100 “dirtiest” sites.
These statistics are determined by a combination of Symantec’s own crawler and input from their “Norton Community Watch” members. Below are some direct quotes from Symantec:
- Average number of threats per site on the Dirtiest Websites list is roughly 18,000, compared to 23 threats per site for all sites rated by Norton Safe Web
- 40 of the Top 100 Dirtiest Sites have more than 20,000 threats per site
- 48% of the Top 100 Dirtiest Web sites feature adult content
- 3/4 of the Top 100 Dirtiest Web sites have distributed malware for more than 6 months
- Viruses are the most common threat represented on the Dirtiest list, followed by Security Risks and Browser Exploits
For many years, internet users have always know that “adult” sites tend to be the biggest contributors to popup ads. Now they appear to be a clearing house for other irritants. With the amount of traffic that does tend to go to those sites, no judgment here by the way, they have the perfect vehicle.
Here is a partial list of the sites that made the top 100. Please avoid them if possible, or use extreme care if you have to go to them:
- 17ebook.com (view report)
- aladel.net (view report)
- bpwhamburgorchardpark.org (view report)
- clicnews.com (view report)
- dfwdiesel.net (view report)
- divineenterprises.net (view report)
- fantasticfilms.ru (view report)
- gardensrestaurantandcatering.com (view report)
- ginedis.com (view report)
- gncr.org (view report)
- hdvideoforums.org (view report)
- hihanin.com (view report)
- kingfamilyphotoalbum.com (view report)
- likaraoke.com (view report)
- mactep.org (view report)
- magic4you.nu (view report)
- marbling.pe.kr (view report)
- nacjalneg.info (view report)
- pronline.ru (view report)
- purplehoodie.com (view report)
- qsng.cn (view report)
- seksburada.net (view report)
- sportsmansclub.net (view report)
- stock888.cn (view report)
- tathli.com (view report)
- teamclouds.com (view report)
- texaswhitetailfever.com (view report)
- wadefamilytree.org (view report)
- xnescat.info (view report)
- yt118.com (view report)
Categories: Malware Tags: adult content, adult sites, age, are, array, as, clearing house, comp, Content, crawler, exploits, extreme care, family, feature adult, inpost, Internet, internet security, internet users, irritants, judgment, karaoke, Malware, net view, News, norton, online, ports, post, program, Quotes, safe web, Safety, Security, security programs, security risks, Software, symantec, the, title, Tree, use, View, virus, viruses, Web, website, you
Trend Micro Reports that malicious twitter posts get more personal
One recent report by Rik Ferguson said that malicious Twitter posts are getting dangerously more customized, increasing the possibility of users getting hooked into malicious schemes.
A Twitter spambot is said to have been used in launching this recent attack. The spambot creates Twitter accounts and fashions them to appear as legitimate accounts by posting seemingly harmless posts like those sharing certain music they listen to, or websites they visit. The spambot accounts then post tweets directed to unknowing users, sharing a link to a PC repair tool they allegedly came across and used.
Read more: http://blog.trendmicro.com/malicious-twitter-posts-get-more-personal/#ixzz0MeDdg1TV
As always, please be careful when clicking links
Categories: Malware Tags: attack, blog, Ferguson, legitimate accounts, Micro, music, personal, post, Read, repair tool, rik, spam, spambot, Trend Micro, twitter
Koobface malware attack on Twitter
Twitter has posted a warning concerning koobface infections. If their system detects your PC sending out these bogus tweets they will suspend your account.
According to wikipedia Koobface is:
Koobface, an anagram of Facebook (“face” and “book” change order and “koob” is “book” in reverse), is a computer worm that targets the users of the social networking websites Facebook, MySpace [1], hi5, Bebo, Friendster and Twitter[2]. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers.
Koobface spreads by delivering Facebook messages to people that are ‘friends’ of someone on Facebook whose computer has already been infected. The messages contain innocuous subject headers such as “Paris Hilton Tosses Dwarf On The Street”, “LOL”, and “My friend catched [sic] you on hidden cam”. Upon receipt, the message directs the recipients to a third-party website unaffiliated with Facebook where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, they will infect their computer with Koobface. Koobface then commandeers their surfing activities and directs users to contaminated websites when they attempt to access search engines like Google, Yahoo, and Bing.
Please remember to keep your Anti Virus software updated.
Categories: Malware Tags: adobe flash player, anagram, anti virus software, bebo, computer worm, credit card numbers, Facebook, friendster, google, google yahoo, koob, myspace, search engines, social networking, subject headers, surfing activities, tweets, twitter
Malware Definitions
I found this link and thought you might enjoy these definitions:
Definitions of Malware
Adware
A type of Advertising Display Software, specifically certain executable applications whose primary purpose is to deliver advertising content potentially in a manner or context that may be unexpected and unwanted by users.
Read more
BOT
Short for “Robot” a bot is a program that is designed to automate tasks.
Read more
BOTNET
A botnet is a group of bot infected PCs that are all controlled by the same “command and control center”.
Read more
Hoaxes
Hoaxes are usually silly pranks, and are a form of chain mail, and are often also Urban Legends.
Read more
Malware
Malware stands for MALicious SoftWARE. Terms such as Virus, Trojan, Worm, and Bot all have specific meanings.
Read more
Payload
The additional functionality, for instance data stealing, file deletion, disk overwriting, BIOS flashing etc that may be included in a virus worm or Trojan Horse.
Read more
Phishing
Phishing (pronounced in the same way as fishing) is a social engineering attack which attempts to fraudulently acquire sensitive personal information, such as passwords and/or credit card details.
Read more
Rootkit
A rootkit is a collection of one or more tools designed to covertly maintain control of a computer.
Read more
Scams
Scams are very similar to phishing, but are not usually interested in obtaining your details, they often appeal to a sense of compassion or to human greed.
Read more
Spyware
The term Spyware has been used in two ways. In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.
Read more
Trojan Horse
A Trojan Horse, often referred to as just a Trojan, is a program which purports to do one thing, but actually does another.
Read more
Virus
A virus is a program which replicate by copying itself, either exactly, or in a modified form, into another piece of executable code.
Read more
Worm
In computer terms, worms are really a subset of viruses, but they have the ability to replicate by themselves, they do not require a host file.
Read more
Categories: Malware Tags: adequate notice, chain mail, credit card details, display software, executable applications, file deletion, hoaxes, human greed, instance data, malicious software, more virus, narrow sense, silly pranks, social engineering, software terms, trojan horse, trojan worm, urban legends, virus trojan, virus worm
When is an antivirus really a virus?
Today I received a call from one of my external users that was unable to access any websites because some new antivirus was saying he was unprotected and every website had malicious code.
Since I know that we have McAfee 8.5 deployed to our users, I knew that this was not a McAfee issue. As we discussed it a little further he was mentioning that the Antivirus wanted him to purchase the software.
This isn’t the first I have heard of this. There is a software company Innovagest 2000 that is producing this software. They advertise it as an antispyware application, but it is the spyware. On some less then savory websites you will get a pop up that says that your computer maybe infected and they offer a free scan.
The fear of being infected motivates a lot of people to run this free scan. Unknown to them this application installs underneath and now you are stuck. On that note, I do recommend only doing the online scans from reputable sites. I personally recommend the following: Symantec, Panda, and McAfee.
This application is extremely hard to get rid of. It reregisters and installs if it is not completely uninstalled correctly.
I hate programs like this. But it is a fact of life out there. The modern day snake-oil salesman.
While the program is running you will see the following undesirable behavior:
- A “Windows Security Center” stating that you should purchase Personal Antivirus.
- Numerous alerts stating that your computer is under attack or that you have malware running on your computer. If you click on these alerts, Personal Antivirus will be installed, or you will be brought to the purchase page for the program.
- Your Internet Explorer browser will be hijacked to show security warnings when browsing the web that stop you from reaching your desired page.
As I mentioned before this bugger is very hard to get rid off. But not impossible. I found these instructions at BleepingComputer.com.
Categories: Malware Tags: age, Alert, antivirus, application, are, as, bugger, can, comp, computer, Download, downloads, external users, fact of life, fear, Files, fix, FREE, free scan, inpost, Installation, internet explorer, internet explorer browser, launch, malicious code, Malware, mcafee, online, panda, Personal Antivirus, print, program, quick, REG, registry, Review, Security, security warnings, snake oil salesman, Software, software company, spyware, symantec, the, undesirable behavior, View, virus, warning, Web, website, Welcome, WINDOWS, windows security center, you
MSN Bot Plays on Controversy over Michael Jackson’s Death
Following the sudden and shocking death of The King of Pop, Senior Threat Researcher Loucif Kharouni reports that a slew of malicious links related to Michael Jackson’s last moments in the hospital before his death are now being proliferated in the wild via the instant messaging (IM) application, MSN.
When recipients of such messages click on any of these links, they are then prompted to save a file named PIC-IMG029-www.hi5.com.exe (with the MD5 checksum of 031429fc14151f94c8651a3fb110c19b), instead of being led to an image site or gallery. Initial analysis shows that the said file is a variant of the SDBOT family.
Read more: http://blog.trendmicro.com/#ixzz0JjYk7SNq&C
Categories: Malware Tags: controversy, death of the king, hi5, initial analysis, instant messaging, Malware, md5 checksum, michael jackson, msn bot, researcher, SDBot, shocking death, slew, Trend Micro, warning
How To Avoid Viruses
Computer viruses are very dangerous, especially in the modern day when the internet is relied on for so many things. Viruses, adware and spyware can slow down computers and in some cases even stop them from working altogether, which can be disastrous for business. There are various common sense ways that such viruses can be avoided however, and therefore how computer security can be improved.
One of the easiest ways to avoid computer viruses is to avoid links to websites that have not being searched for by the user themselves –in other words, do not click on pop-ups. Pop-ups can be difficult to control, because on some websites a great number can appear on the screen. They are also often very tempting to click on, especially for children who are unlikely to know better. Children must therefore be educated about ignoring such things, which are likely to bring viruses into the computer’s system. The easiest way to avoid pop-ups is simply to close them as soon as they appear.
Computer security can also be compromised if users input data into websites that are not secure. It is very easy, on such websites, for hackers to find out bank details or contact information, especially if the website in question is one where goods can be purchased. To avoid such things as credit card fraud, is it advisable to look for the coloured strip at the top of the screen, which can be found where the domain address is typed. If the line is green, the website’s security certificate is up to date and all information inputted into the site will be secure. If the line is red, however, there is likely to be a problem with the security certificate, and users should avoid putting any information into the site.
Another way, which is most often used in businesses, is to download anti-virus software in order to ensure computer and internet security. These programs are installed onto the computer, and will then set up a firewall that will stop unwanted programs or viruses from affecting the computer.
Article Source: http://www.ArticleStreet.com/
Categories: Malware Tags: adware, anti virus software, bank details, common sense, computer article, computer security, computer viruses, credit card fraud, domain address, input data, inputted, internet security, pop ups, s system, security certificate, unwanted programs, users input
Malware Alert — Yellowsn0w
Attention iPhone Users
ZDNet News is reporting the following Alert for iPhone Users:
Researchers from Malware-database.net are reporting on a newly discovered malware posing as a bogus iPhone unlocker, promising a working Firmware 2.2.1 yellowsn0w exploit as a social engineering tactic.
If you have an iPhone and are looking to unlock your device, please be aware of this alert. If you find a site that offers this file, please leave the site immediately and perform a virus scan. The last known address of the site yellowsn0w221.wordpress.com (now down) was full of viruses geared to turn your PC into a spambot.
Thanks to Dev-Team Blog for the information.
Categories: Malware Tags: Alert, blog, iphone, last known address, Malware, social engineering, spambot, tactic, virus, viruses, Yellow Sn0w, Yellow Snow, ZDNet
