malware posts

'Smooth Criminal' Spammers Capitalizing on Michael Jackson's Death

by Warren Riddle — Jun 26th 2009 at 4:25PM

It certainly didn't take spammers long to capitalize on the death of the King of Pop. Appearing almost as quickly as the tasteless jokes, spam messages claiming to have information surrounding Michael Jackson's mysterious death have been sweeping the Net.

According to The New York Times, security firm Sophos originally discovered the first set of spam messages, which offer details of the gloved one's death if the reader replies to the message. A second form, identified by Websense, offers a phony link to a YouTube video supposedly containing news of the passing. Instead, clickers are directed to a site that installs information-stealing Trojan horse software.

Tags: expire-images:2010-6-26, malware, michaeljackson, scammers, top, virus

Web, Social Networking

Scammers Inserting Malicious Links in Popular Twitter Topics

by Caleb Johnson — Jun 22nd 2009 at 2:25PM

What do Wimbledon, Iran, and Perez Hilton have in common? Not a whole lot other than the fact that all three are popular topics on Twitter right now. Mashable reports that Panda Security, an antivirus company, has found that scammers are posting fake tweets that include these popular topics and a link to a malware site.

Sean-Paul Correll, a researcher at Panda Labs, described the scam in a blog post, "Cyber criminals have been targeting Twitter users by creating thousands of messages (tweets) embedded with words involving trending topics and malicious URLs."

After clicking one of these links, you're taken to a page that tells you to upgrade your Flash player, or a similar application. If you download the 'player,' malware will be installed on your computer. Next, you receive a message that says your computer has a virus and tells you to download a fraudulent program called 'Fast Anti-Virus 2009,' which, of course, costs $89.

Tags: iran, malware, perez hilton, PerezHilton, scams, security, social networking, SocialNetworking, top, twitter, wimbledon

Computers, Web

Ads Used to Spread Malware on Reputable Sites

by Terrence O'Brien — Jun 22nd 2009 at 6:45AM

Advertisements Used to Spread Malware on Reputable Sites

Most Web sites don't sell ad space directly to marketers. Instead, major sites like FoxNews.com, IGN.com, and MLB.com sell their ad space to ad networks, which then independently sell to other companies. But if an ad network fails to find an advertiser, it will often resell the spot on the Web site to another ad network, which may then turn around and place the ad space for sale on an ad exchange site, where it will be auctioned off to the highest bidder.

With so many links in the chain, it has become harder and harder for Web sites to police the advertisements being hosted. As a result, vulnerabilities are more and more likely. All it takes for hell to break loose is one careless party to let through an ad that leads to an infected site.

Tags: ads, advertising, malware, security, virus

Computers, Web

Here Comes Nine Ball, Another Major Web Threat

by Terrence O'Brien — Jun 18th 2009 at 5:15PM

Another day, another massive attack that compromises the security of thousands of users. Just as we were getting ready to declare victory over Conficker (and settling in for a long battle with Gumblar), along comes Nine Ball, another difficult-to-defeat offensive that hijacks Web sites and tries to load malware onto a user's PC. The worm has a trick up its sleeve; repeat visitors to infected sites are dumped to Ask.com, a sneaky move that prevents security experts and investigators from being able to discover too much about the host of the malware.

According to Internet security firm Websense, Nine Ball has already compromised over 40,000 Web sites. The attack redirects visitors to an infected site that attempts to install malware and keyloggers (applications that can track your keystrokes) onto a PC, all intended for stealing personal data and passwords. The infected site will search the user's browser, Quicktime, and Adobe Reader for vulnerabilities that it can then exploit to load the malicious software.

Tags: keylogger, malware, nine ball, NineBall, security, top, trojan

Computers, Web

FTC Shuts Down Criminal Web Hosting Company

by Terrence O'Brien — Jun 8th 2009 at 3:19PM

The FTC and a California district court judge are doing their parts to make sure the Internet is a safer place by last week shutting down the ISP and Web-hosting company Pricewert LLC -- also known by the aliases 3FN, Triple Fiber Network, APS Telecom and APS Communications. Pricewert has made its mark in the Web site hosting world by allegedly soliciting business from and shielding criminals like spammers, and hosting malware and child pornography.

The complaint (warning: PDF) against the company charges that Pricewert ignored take-down requests, moved illegal sites to different IP addresses (Web addresses) to avoid detection, and even actively marketed their services "to domestic and overseas criminals by placing ads in the darkest corners of the Internet." According to the FTC, Pricewert servers are currently home to over 4,500 pieces of malicious software -- including spyware, viruses and worms (presumably sent out by the spammers who are hosted by Pricewert). Worse still, according to chat logs obtained by the FTC, Pricewert employees were directly involved in the configuration and design of botnets run by some of their criminal clientele.

Tags: 3fn, aps telecom, ApsTelecom, child pornography, ChildPornography, crime, ftc, government, isp, malware, pricewert, security, spam, top, web hosting, WebHosting

Computers

Criminals Use Malware to Steal Account Info and Cash From ATMs

by Terrence O'Brien — Jun 8th 2009 at 8:01AM

If things continue at this pace, we may never use an ATM again. Stealing money from other people's accounts using information garnered from an ATM is nothing new. We've seen hackers grabbing data as it's transferred from the ATM to the bank's servers. We've even seen the first use of ATM card skimmers, which collect information as customers swipe their cards.

While those schemes require a certain amount of above-average skill, almost anyone can install a program on a Windows PC, and that's all that is required for the latest ATM theft scheme.

CNET now reports that close to 20 ATMs, mostly in eastern Europe, have recently been found to be loaded with malware (warning: PDF) that could allow criminals to collect account numbers, retrieve PINs, and even empty an ATM of all its cash. All of the ATMs discovered to be infected were running Windows XP and were loaded with a program that pretends to be a legitimate application while it actually steals information. With the hack, thieves use a "trigger" card (a dummy ATM card with special instructions programed into the magnetic strip) to tell the ATM to print out all of the stolen data, or even to empty its cash reserves.

Tags: atm, crime, identity theft, IdentityTheft, malware, theft

Web, Social Networking

'Best Video' Scam Hits Twitter

by Caleb Johnson — Jun 2nd 2009 at 4:28PM

Some Twitter users were recently duped into paying money for a security system they did not need, according to CNET News. We've previously reported on the increasing number of phishing attacks and malware circulating on Twitter and Facebook, and now another scam has hit the microblogging site -- from the looks of things, this trend might be here to stay.

In the scam, Twitter users were directed to a Web site that featured a YouTube video dubbed "Best Video." If you attempted to watch the it, you'd be hit with a slew of messages warning that your computer was in danger. What could save your computer? You have to buy a security suite immediately [surprise!]. According to CNET News, Twitter officials are aware of the scam and are saying that no personal information was compromised because of it.

The best way to protect yourself from these scams is to avoid suspicious links, like the one described above. Also, don't give out personal information -- like the name of your pet -- to unknown sources, even if it seems innocent. It could be just the information needed to hijack your account. The flood of Twitter spam is still on the rise, so remember, better to be safe than sorry. [From CNET News ]

Tags: malware, phishing, scam, security, top, twitter, youtube

Computers, Web

Thought the Conficker Virus Was Bad? Gumblar Is Even Worse.

by Terrence O'Brien — Jun 2nd 2009 at 7:19AM

If you thought Conficker was bad, meet Gumblar. If malware programs were comic book villains, Conficker would be Kingpin -- evil for sure, but really just a big bully. Gumblar on the other hand would be Galactus -- massive, all-powerful, evil, and extremely difficult to defeat.

ScanSafe, a computer security firm, has been tracking the progress of the worm since its arrival on the scene in March, according to CNET. Originally, the attack spread through infectious code that was planted in hacked Web sites and then downloaded malware from the gumblar.cn domain on to victims' computers. But that was just the opening salvo. As Web site operators cleaned their pages of the code, Gumblar replaced the original material with dynamically generated Javascript (Web site code that is created on the spot instead of being completely determined beforehand -- a key element of Web apps like Gmail) that is much harder for security software to detect and remove.

The evolved version also went about adding new domains to the list of sources for downloading its malware payload, including liteautotop.cn and autobestwestern.cn, and began exploiting security holes in Flash and Adobe Reader. The worm also searches out credentials for FTP servers (a method for uploading files to a Web site) on a victim's computer, using them to infect additional Web sites.

Tags: conficker, gumblar, malware, scansafe, security, top, virus, worms

Computers

Computer Users' Fears of Viruses Helping Viruses to Spread

by Tim Stevens — Apr 10th 2009 at 1:35PM

Computer Users' Fears of Viruses Helping Them to Spread

If stories with twisted logic make your head hurt, you might want to just scroll on down the page and read the next story. Or, go pop an aspirin, because this one's a bit of a doozy. According to Reuters' account of Microsoft's annual Security Intelligence Report, published on Wednesday, people's fears of being infected by viruses and other malicious software is actually helping those viruses to spread. Users are so intent on cleaning their computers, they'll install anything that they think will help -- even if what they're installing is, itself, a virus.

Microsoft says that publicity surrounding viruses and worms like Conficker has resulted in more people fearing them. This has led many users to go searching for programs that say they'll clean your computer -- when, in actuality, many of them contain malicious software and maybe even viruses. That's the case with Anti-Virus-1, a piece of "scareware" that tries to trick you into handing over your credit card number. In fact, of the 25 "top security threats" that the report mentions, seven of them are bogus security programs. What can you do? For starters, stick with virus scanners you can trust, like these. Secondly, ignore those "registry cleaner" programs and others that, at best, don't do a thing, and, at worst, could be packing some malicious payloads. [From: Reuters]

Related Links:

Tags: conficker, malware, microsoft, scareware, security, security intelligence report, SecurityIntelligenceReport, virus

Computers

Canadians Uncover Chinese Cyber-Spies

by Terrence O'Brien — Apr 1st 2009 at 7:30AM

Desperate to prove there's more to their country than socialized medicine and Mounties, a group of Canadians has uncovered a major international cyber-spy network originating in China. According to Canadian research group Information Warfare Monitor (IWM), the spy network has hacked over 1,000 PCs in over 100 countries, including those of foreign embassies and the offices of the Dalai Lama.

In the report, titled 'Tracking GhostNet: Investigating a Cyber Espionage Network,' the IWM suggests that the network of spies used malware to obtain access to and take control of computers in the foreign affairs offices and embassies of Iran, Indonesia, the Philippines, India, South Korea and Pakistan, among others.

The Dalai Lama seems to have been a major target; the IWM found evidence that substantial amounts of private and sensitive data relating to the Tibetan exile had been offloaded to China.

Tags: china, dalai lama, DalaiLama, hack, malware, security, spies, spy

Computers, Web

Conficker Flaw Found, Detection Tool Released

by Terrence O'Brien — Mar 31st 2009 at 1:54PM

In the list of the nastiest viruses out there, Conficker would certainly find itself near, if not at, the top. One of the things that makes Conficker such a pest is the difficulty in detecting and removing the malware. Conficker covers its tracks; after infecting a vulnerable PC, it tricks security software into thinking that the Microsoft patch that protects against Conficker has been installed.

Thankfully, a group of researchers have found a bug in the way Conficker applies this false patch, allowing them to easily identify an infected PC remotely. They found that a Conficker-infected PC actually appears slightly different on a network than an uninfected computer.

Dan Kaminsky, who has investigated the worm with the Honeynet Project's Tillmann Werner and Felix Leder, described the new detection method thusly: "You can literally ask a server if it's infected with Conficker, and it will tell you." The group has released a proof-of-concept detection tool, and Kaminsky says that the technology "should already be" integrated into security products from Nessus, McAfee, nmap, ncircle, and Qualys.

We certainly hope so. After all, the April Fool's Conficker d-day is imminent, and we don't want to give the worm a chance to update and fix its own bugs. [From: CNET and Ars Technica]

Tags: conficker, malware, security, top, virus

Computers

Malicious Infection Turns Your Computer Into a Spam-Sending 'Bot

by Chad Mumm — Mar 18th 2009 at 12:42PM

The newest trend in Internet infection is growing at an alarming rate, according to Breach Security Lab's recently released Web Hacking Incidents Database (WHID) 2008 Annual Report. The attack is called an SQL injection and it works by corrupting the database layer of a Web site. This type of attack, once thought nearly obsolete due to the legwork required of the hacker, was resurrected when the hacking community began automating the process last June, allowing for a 300-percent increase in SQL injections in 2008.

The exploit essentially opens the infected site up to the hacker's whims. Once they gain control, they can install malware ranging from data stealers to viral spam. If you click on an exploited link and become infected, your secure information is compromised and your PC becomes susceptible to control by the infection, acting as a bot to help spread spam and deliver more infections to other computers. This means that infections can have near exponential growth; alarming, since some 500,000 sites have been infected, including government Web sites like the U.S. Department of Homeland Security's.

Tags: bot, botnet, botnets, infection, infections, malware, security, sql, sql injection, sql insertion, SqlInjection, SqlInsertion, viruses

Computers, Advice

New Version of Conficker Virus Can Update Itself

by Terrence O'Brien — Feb 24th 2009 at 12:54PM

Just as Microsoft has decided it's done playing games, and has put a price on the head of the hackers behind Conficker, the elusive cyber-criminals have upped the ante. A new version of the malware, dubbed Conficker B++, is spreading like wildfire, thanks to a newly unplugged security hole and self-updating features.

The new version allows the virus to download updates that could potentially give it new abilities and ways of spreading. It also skips the download of Antivirus XP, a fake security program that once lured victims into handing over credit card information and later became a dead giveaway of a Conficker infection.

Tags: conficker, cyber crime, CyberCrime, malware, security, top, virus

Computers

New SpyWare Pretends to be Anti-Virus, Offers Fake Reviews

by Terrence O'Brien — Feb 24th 2009 at 10:23AM

Anti-Virus-1, a new bit of malware making its way around the Internet, has picked up a unique trick for fooling users; it spreads fake reviews of itself to convince users that it is a legitimate piece of anti-virus software.

Anti-Virus-1 is what is often referred to as scareware. It uses social engineering techniques to lure its unsuspecting victims into handing over information like credit card numbers and into installing even more malware. Anti-Virus-1 pretends to be a piece of security software called AntiVirus2010, and even redirects your browser to legitimate Web sites with fake reviews of it.

But Anti-Virus-1 doesn't stop with fake reviews. It also employs fake security alerts, copies the design of Microsoft Security Center, runs a fake blue screen crash, fakes a reboot, and -- finally -- hijacks Internet Explorer.

Running anti-spyware tools should remove the infection, and you can find complete instructions for disposing of it at BleepingComputer.com. [From: Ars Technica]

Related Links:

Tags: anti-virus-1, hoaxes, malware, scareware, security, spyware, top

Computers

Got a Computer Virus? Here's What to Do (and Not Do)

by Terrence O'Brien — Feb 19th 2009 at 6:35PM

Sometimes even the most cautious of us slip up, our PCs ending up with a nasty virus like the dreaded Conficker that's making its way around the Web right now. But even if you fall victim to a program written by a ne'er-do-well half way around the world, all hope is not necessarily lost. It all depends on what you do next (which sometimes means not doing something). We've come up with a handy checklist of things you should do (and not do) if you suddenly find that your computer is infected with a virus.

Most of the advice is applicable to Macs, as well; although the number of known viruses for OS X is exactly zero, there have been limited cases of just-as-threatening Trojans reported. And the Mac's relative immunity to viruses likely won't remain true forever, as more and more hackers are liable to target the increasingly popular computer from Cupertino.

Get started with the first "Do" by clicking on "Next" below.

Next >>

Tags: features, malware, safety, security, trojan, virus, viruses

Most Emailed Stories

Editors' Picks

Weirdest Techie Heists and Scams

Elderly Amish Man Caught on Film With Prostitute, Blackmailed
When a 75-year-old Amish widower slept with a prostitute, he -- we feel certain -- felt pretty bad about it the next morning. As if that guilt weren't enough for the old man, the prostitute and her boyfriend demanded $67,000 from him, claiming that they had filmed the scene with wall-mounted cameras and would upload the recording to the Internet. The pair was later arrested and, we can only imagine, the Amish man abhorred technology more than ever.

Bank Robber Gets Away With the Help of Craiglist
In October, a bank robber -- wearing a safety vest, blue shirt, face mask and goggles -- eluded police with the help of Craiglist. Just outside the bank, while the robbery was in progress, stood a group of men who were responding to a Craiglist day labor opportunity. As the advertisement required, they were all wearing safety vests, blue shirts, face masks and goggles.

Nude New Zealander Arrested After Responding to Fake Sexy Text Message
Late in 2007, a Wellington, New Zealand man received a racy text message from two anonymous "ladies," giving him only an address and a request that he show up naked. Well, he indeed showed up naked... at the home of one appalled, unsuspecting New Zealander. Both the nude Romeo and the sadistic texter were arrested, though neither were prosecuted.

Fake Craiglist Ad Costs Man Most of What He Owns
Last Spring, a post appeared on an Oregon Craigslist board stating that the owner of a specific house was leaving all of his worldly possessions (still in said house) to whoever wanted them. When homeowner Robert Salisbury rushed home -- on a tip from a woman suspicious about the offer of a free horse -- he found his house being ransacked by 30 strangers. We suggest he take that horse and collect some vengeance Clint Eastwood-style.

17-Year-Old Jailed for Stealing Virtual 'Furniture'
When a 17-year-old Dutch boy hacked into several accounts on the Second Life-style site 'Habbo' in 2007, the the law got involved. The boy was discovered to have stolen $5,800 worth of virtual furniture and knick-knacks. Apparently, crime -- whether actual or virtual -- does not pay.

Phishers Going After Your Phones in New 'Vishing' Trend
Over the past year, sneaky spammers have begun to forsake the worn-out territory of e-mail in favor of cell phones' fertile frontier. The result? "Vishing." Get it? Voice mail phishing. It might be more ominous if it didn't sound like a James Bond villain saying, "Wishing."

Burglars Break Into Restaurant, Steal HDTV, Leave Money / Food Behind
Around Halloween of last year, a truckload of thieves drove into -- that's right, into -- a Pennsylvania Mexican restaurant, where they -- apparently uninterested in the cash register -- stole a mid-grade 47-inch HDTV and fled the scene. We've all heard about how this generation is lacking in ambition, but this generation's thieves, too?

Latest Reviews from CNET.com

CNET provides the latest tech news, unbiased reviews, videos, podcasts, software, and downloads, making tech products easy to find, understand and use.

Top Product Reviews

Home Audio Reviews
9.0 out of 10
Denon AVR-4306 (black)
Incredibly well-featured 7.1-channel receiver; excellent sound quality; three HDMI inputs; converts analog video to HDMI output; upconverts analog video to 720p/1080i HD resolution; iPod and USB MP3 player connectivity; Internet radio and MP3/WMA streaming audio via built-in Ethernet port; XM Satellite Radio compatible; touch-screen remote; multizone, multisource operation; browser-based control via home network; accurate autocalibration routine. Full Review
8.8 out of 10
KEF KHT3005 (black)
The KEF KHT-3005 is one compact, beautifully designed speaker package with solid aluminum satellites that feature unique driver technology to produce incredible clarity. Meanwhile, the equally astounding dual 10-inch, 250-watt powered subwoofer delivers ultradeep bass. Full Review
8.8 out of 10
KEF KHT3005 (silver)
The KEF KHT-3005 is one compact, beautifully designed speaker package with solid aluminum satellites that feature unique driver technology to produce incredible clarity. Meanwhile, the equally astounding dual 10-inch, 250-watt powered subwoofer delivers ultradeep bass. Full Review
Cell Phone Reviews

8.6 out of 10
Wi-Ex zBoost YX510-PCS-CEL cell phone signal extender
The Wi-Ex zBoost YX510-PCS-CEL significantly boosts your cell phone reception and is easy to operate. Also, it uses a wireless connection to your phone. Full Review
8.6 out of 10
Turbo Charge Tc2 portable cell phone charger
The Turbo Charge Tc2 portable cell phone charger successfully delivers emergency power to your cell phone. It's easy to use and comes with a couple of surprising features. Full Review
8.3 out of 10
LG VX6000 (Verizon Wireless)
Compact and stylish; impressive battery life; solid audio quality; sharp color screen; built-in camera; USB ready; affordable. Full Review
Digital Camera Reviews

9.3 out of 10
Canon EOS 1D Mark III
Extremely fast, 10-megapixel continuous shooting; very low noise; highly customizable; well-designed body with weather sealing; 3-inch LCD; abundant optional accessories. Full Review
9.3 out of 10
Nikon D3 (body only)
Full-frame sensor; well designed, pro-level weather-sealed body; very low noise, even at extremely high ISOs; fast. Full Review
9.0 out of 10
Canon EOS-1Ds Mark III
Very low noise, high quality images; 21.1 megapixels; live view shooting; pro-level build-quality and performance. Full Review
Desktop Reviews

8.5 out of 10
Apple iMac (24-inch, 2.8GHz)
A minor specification update results in some significant performance gains; graphics upgrade an option on this 24-inch model; sleek, polished design didn't receive an update, but we won't start clamoring for a new design until the current one is at least 12 months old. Full Review
8.4 out of 10
Velocity Raptor Signature Edition Gaming PC
One of the fastest PCs we've tested; a PCI Express RAID card helps media encoding performance; typically immaculate Velocity Micro assembly; strong, three-year warranty. Full Review
8.3 out of 10
Dell Studio Desktop Computer (Intel Core 2 Quad Q8200, 750GB HDD, 6GB)
Best performance in its class; dedicated graphics card; large hard drive. Full Review