Tag Archives: Virus

Virus Infects US Drones

October 8, 2011Information, Security, Virusaircraft, Antivirus, Military, VirusAndrew

Predator Drone Wired is reporting that a virus has infected the flight systems controlling the Predator and Reaper drone aircraft in the Middle East. The systems have been infected for about two weeks and it appears to be a keylogger-type of virus. Further, the virus has resisted attempts to disinfect the system but the military think it’s benign.

You can read the full article yourself, but as an IT professional I read it with utter horror and dismay. Here we have a (potentially) armed aircraft apparently still operating with an unknown virus in its systems. Does this ring alarm bells for anyone else?

I work in a public sector organisation and our approach to a PC with a virus infection is to pull the plug on the infected equipment and disconnect it from the network until we are able to clean the PC, regardless of whether we think its benign or otherwise. We’re concerned that data might be wiped out. You’d think that the military might have concerns about people being wiped out by a malfunctioning drone but apparently not.

And then there’s the question of how the system came to be infected. Again there seems to be a remarkable lack of knowledge. No doubt we’ll find that the USB ports were unlocked, there was no antivirus software and anybody could plug in a memory stick at will.

Looks like there’s a market opportunity for an AV company…

Mobile Malware Rises

September 12, 2011Android, malware, VirusAndroid, gdata, malware, VirusAndrew

With the rise of smartphones and tablets, it’s not exactly unsurprisingly that they’ve increasingly become a target for cyber criminals and other unscrupulous individuals. In the first half of this year, malware for portable devices increased by 273% compared with 2010.

Cross-platform Trojans are the main source of the growth and most of these viruses are designed to enable spamming or other criminal activities. “With mobile malware, cyber criminals have discovered a new business model,” explains Eddy Willems, Security Evangelist at G Data. “At the moment, the perpetrators mainly use backdoors, spy programs and expensive SMS services to harm their victims. Even though this special underground market segment is still being set up, we currently see an enormous risk potential for mobile devices and their users. We are therefore expecting another spurt of growth in the mobile malware sector in the second half of the year.”

If you think that it’s just hyperbole, think again. Zsone, an Android app in the Google Android Market sent subscriptions to Chinese premium SMS numbers and then intercepted the confirmations. The only way the user knew they’d been scammed was when the bill came in.

PC malware is on the rise too with a nearly 16% rise in the last six months. The graph below shows the rise of new malware each year since 2006 and if the growth continues, there will be more new malware in 2011 than 2006-09 combined.

It’s a bad world out there, so be careful no matter what platform you are on. Just because it’s a phone and not a PC, it doesn’t make you invulnerable.

USA Continues As Spam King

January 12, 2011Information, Virusmalware, sophos, spam, usa, VirusAndrew

Sophos has published its quarterly report into spam and the USA remains top of the league for spam-relaying, being responsible for nearly 19% of all spam messages. India follows with a little under 7% and then Brazil, Russia and the UK finishing the top 5 on 4.5%.

The vast majority of spam does not come directly from spammers’ servers, but rather from PCs that have been compromised by trojans or other malware and are now under the control of the criminals. This allows spam to be passed on by PCs without the owners’ knowledge – this is spam-relaying. Consequently, these figures indicate that huge numbers of PCs in the US are infected and under the control of the spammers.

Sophos also notes that the nature of spam is changing. Previously, pharmaceutical products would have been the mainstay of the spammers’ output but increasingly the spam is spreading malware and phishing for account information. As an aside, an estimated 36 million Americans purchased drugs from unlicensed online sellers.

The top spam relay countries for the last quarter were:

1. USA	18.83%
2. India	6.88%
3. Brazil	5.04%
4. Russia	4.64%
5. UK	4.54%
6. France	3.45%
7. Italy	3.17%
8. S Korea	3.01%
9. Germany	2.99%
10. Vietnam	2.79%
11. Romania	2.25%
12. Spain	2.24%
Other	40.17%

“Spam is certainly here to stay, however the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers,” said Graham Cluley, senior technology consultant at Sophos. “What’s becoming even more prevalent is the mailing of links to poisoned webpages – victims are tricked into clicking a link in an email, and then led to a site that attacks their computer with exploits or attempts to implant fake anti-virus software.”

Sophos also warns that social networks are increasingly attracting the attention of criminals through malicious apps, stolen profiles and junk messages.

Trojan Toolkit For Sale

December 6, 2010Information, Virusares, gdata, trojan, Virus, zeusAndrew

German security firm G Data put out an interesting press release last month regarding the expected successor to the Zeus trojan, which infected millions of PCs and captured bank account details. The new trojan, Ares, has a similar modular design, allowing it to be easily configured for a range of target activities.

Malware is big business and a software development kit for Ares is already available to buy on-line, either for an upfront payment of $6,000 or else on a licensing model for when modules are subsequently sold on. There’s even a cut-down version at $850.

The developer of Ares talked about the new malware in an underground forum. According to the author, Ares is “not focused on banking. Every copy of Ares is unique to its customer and it has the same banking capabilities as Zeus & SpyEye which can be added provided the customer wants it. I actually consider this more of a platform which is customized to each buyers liking.”

Ares Interface

Without a doubt, malware and virus writing is no longer the domain of the insecure nerd trying to prove his expertise to his peers. This is now business, criminal business, with significant money involved. And when they catch the writer, I hope that the penalties will be commensurate.

Unless you want to be a victim, make sure you have virus and malware protection in place and keep it updated.

Sophos Offers Free Anti-Virus for Macs

November 4, 2010Apple, mac, VirusAnti-Virus, Apple, mac, macintosh, sophos, VirusAndrew

There’s no doubt that Apple Macs and Linux PCs are far less likely to suffer from virus infections or malware when compared to their Windows cousins, but there’s also no doubt that newer technologies such as cross-platform scripting can lead to vulnerabilities across the board. Besides no-one wants to be blamed for passing on a virus infection as payload in a file, even if your computer isn’t actually infected.

McAfee and Kaspersky have had Mac security products for awhile and now Sophos joins the list by offering its Anti-Virus Home Edition for Mac and best of all, Sophos is offering it for free!

Apparently “based on Sophos’s flagship security software, which protects over 100 million business users worldwide”, the software has protection, detection and disinfection capabilities for viruses and malware on OS X. It will also detect Windows viruses present in files but aren’t activated. As with most Windows anti-virus products, the Sophos Anti-Virus Home Edition runs in the background, scanning files on-access. You can read more about the technical specs and download the software here.

I’m not a Mac user, but if I was, I’d already have Anti-Virus Home Edition downloaded and installed. Yes, I know that it’s arguable that there aren’t any OS X viruses right now, but you can bet that they’re coming and when they do, the viruses will burn through the Mac community like wildfire as most people don’t have protection. It’s free to download so what have you got to lose except a few CPU cycles?

Attacked!

February 11, 2010InformationVirussusabelle

Something has happened to my laptop that has never happened before. It has been infected with a virus. I “caught” it through an unsecured wireless connection at my favorite coffee shop last night. The first symptom was an Internet Explorer window kept opening and going to various sites wanting to sell me things. I don’t use IE, and actually had an active Firefox window open at the time with tabs open for gmail, facebook, my local television news, and a writing forum I was posting on. In the course of an hour, I had three of these Internet Explorer executions.

No problem, right? I finished what I was doing and went home, got distracted with family stuff and whatnot, and did not do much looking around to see what was going on. I used the laptop a couple of times, and noticed the fan was running pretty hard, which is unusual. I shut it down and went to bed. This morning I turned it back on, and started up email and a bit of surfing, when I realized the computer was playing audio. It sounded like music, so I turned it up, only to hear much more than music going on. There was a lot of ahhing and oohing too. Ouch. Opened up taskmanager and found something called zwp.exe running in processes, along with some other things. I immediately booted up Windows Security Essentials and did a complete scan. I ended up with a vobfus.m worm, and two alureon trojans (CT and CO). Nice. Turns out that all three infect via network, especially wireless networks in unsecured locations.

Someone sitting in that coffee shop with me last night was massively infected, and sharing their infection around willy-nilly. I had my firewall engaged, but that was obviously not enough. I’m going to have to look at some alternatives, as I am likely to use this coffee shop in the future when working with clients. After years of using computers and never getting a virus on one that only my hands touch, I’m embarrassed and unnerved to have gotten infected so darned easily. And it’s taken me several hours this morning to get it all cleaned up and back to normal, hours I could have surely spent doing something else. Not to mention that since I was stupid enough to use the laptop this morning on my own home network, I probably shared my infection with at least one other PC in the house, which will also need the deep clean treatment.

No wonder common users just cannot keep up. I have fixed one desktop this week that had a trojan infection the user could not fix, and last night rebuilt a netbook that had gotten infected as well. Both of these were friends’ machines, not my own. Both of these friends were so frustrated they were ready to give up, and I can’t say I blame them. I don’t know what the solution is, because it seems like even if you have all of the stop-guards in place, there is still some hole somewhere that a bug can get in, and ruin your whole day. It stinks, I tell you!

Attention: Malware On Your Computer?

December 20, 2009malware, Security, skype318x, malware, skype, Virus, Windowsfogview

“Security center has detected malware on your computer.” Have you ever seen that message pop up on your computer? Have you ever seen it happen over Skype? Well, I’ve received that message three times in the last month as a Skype message. It tells me that my Windows software is infected and I need to install a patch. It even gave me a website (link) to go to to help me install the patch.

I may have fallen for the trick but I don’t know how a Windows patch would fix my iMac running OSX. I don’t run Bootcamp, or Windows in a virtual machine, nor does my iMac know what an .EXE or ActiveX file is. I’m sure if I clicked on this link and installed the patch on my Windows machine, my machine WOULD have been infected with malware! (For now Mac machines may be safer from malware infections but it’s wise to still be careful.)

I’ve written before about being safe on the Internet and not going to sites you don’t know or clicking on links in emails, but this is the first I heard of a message over Skype. If you look at the message box (on my iMac), it doesn’t even say it’s from Skype and the window title says. “Software Updates.”

What concerns me is that many people may fall for this trick. I know most readers of GNC and listener’s to Todd’s podcast are tech savvy enough that they wouldn’t fall for something like this, but what about mom (or dad) or your grand parents who get a web cam for Christmas and install Skype so they can talk to the grand kids? Would they click on this link and install the “patch” if this message box appeared?

Google is trying to find sites that install spyware and root-kit software on your computer, but you can’t depend on this for every “bad” website. Recently there was a SQL-injection virus that infected a large number of websites. The virus takes advantage of PCs running Windows that have not been patched with the latest updates. You don’t have to click on any links to get infected — just visit a site taken over by this malware software. It does this by linking to the site 318x dot com (please don’t go to this site). If you search for 318x dot com using google, the first search listing says “This site may harm your computer.” That because this site has been around for a while and has given enough time for Google’s security bots to find the site and determine that it’s up to no good. Here is the link for the Google Safe Browsing page for the 318X site: http://google.com/safebrowsing/diagnostic?site=318x.com/

Now back to my Skype message. I mentioned that this is the third time I’ve received this message in the past month. Each time I did a Whois search of the linked website and found that the website was created within one day of when I received the message. The website mentioned in the most recent warning message was created the same day I received the message. This tells me that the author of this warning message is changing the website URL to keep it from being flagged by Google and the security monitoring sites. If you do a Google search for this site it comes up clean. Oh, did I mention that the owner of this site (and the previous two sites) is from Prague, Czech Republic (outside US laws)?

As you visit relatives and friends over the holidays make sure everyone knows about safe surfing on the Internet. Don’t click on links in emails (or Skype message boxes) and make sure to keep your computer’s OS patched and up to date.

Happy Holidays.

73’s, Tom