malware posts

'Twilight' Content Leaves Scammers Thirsting for Your (Digital) Blood

by Terrence O'Brien (RSS feed) — Nov 20th 2009 at 1:17PM

Malware Makers Cash-In on 'Twilight' Craze

As per usual, malware purveyors are hopping on the latest fad in order to lure unsuspecting Web surfers into their dens of digital evil. And what are the kids talking about right now? Well, 'Twilight,' of course.

With the new installment of the teen vampire saga set to hit theaters Friday, Web searches for interviews with cast members, for bootleg copies of the film, and for other content related to 'The Twilight Saga: New Moon' have sky-rocketed. Using this buzz to their advantage, makers of viruses, trojans, and spyware are embedding malicious code in fake movie files and video streams, and posting the nefarious results.

Tags: malware, security, top, twilight, twilight new moon, TwilightNewMoon, virus

Web, Social Networking

Fake Facebook 'Password Reset' E-Mails Hiding Malware

by Terrence O'Brien (RSS feed) — Oct 27th 2009 at 3:57PM

Facebook's good name is being leveraged for yet another brutal round of malware dispersal. The trojan, Bredolab, is being distributed via e-mails with the subject line "Facebook Password Reset Confirmation". The message generally reads:

Hey (insert username),
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team

The attachment, a .zip file, will have the name "Facebook_Password_" followed by a short sequence of random numbers and letters. Inside, there is an identically named file, except that it's an .exe (or executable) file instead of an archive. Run that file and you'll be kick-starting a torrent of malware downloads, including a fake anti-spyware program. Bredolab is able to hide by injecting its own code into existing Windows components, and by automatically shutting down if it detects another program (such as an anti-virus package) investigating its activities.

Tags: bredolab, facebook, malware, scam, security, spam, top, trojan

Web, Social Networking

Facebook Hit by Fake Profile Scam

by Terrence O'Brien (RSS feed) — Oct 2nd 2009 at 4:10PM

Facebook has been beset by its share of scams, hacks, and attacks. The latest breach of security though is particularly worrisome, with fake profiles containing a link to a supposed home video flooding the site. If you click through, you'll be greeted with a piece of malware posing as an anti-virus program that tries to trick you into handing over credit card information to buy fake security software.

What makes this scam unique is that rather than using hijacked accounts, the malware is spreading through software-generated profiles. The existence of these fake accounts, completely identical outside of the name, indicates that hackers have figured out a way to defeat the Captcha system that is meant to keep bots out.

Tags: facebook, malware, scam, Scams, security, top

Web

Malware Robs Your Bank Account and Then Covers Its Tracks

by Caleb Johnson (RSS feed) — Sep 30th 2009 at 2:18PM

You might want to keep a closer eye on those bank statements. Hackers have developed a sophisticated and scary program that quickly alters online bank statements in order to hide exactly how much money cyber-crooks have been siphoning from the account.

According to Wired, the malware, called URLZone, infects a computer when the user visits a compromised site, or a site set up by hackers. Then, the program steals the user's bank account log-in information and begins draining funds that it then sends to other designated accounts. However, the victim doesn't realize the money is missing because the program rewrites the text in the html code. So, when the browser displays the page, it looks like either no money has been stolen or just a small amount has been transferred.

Tags: banks, browser, hack, malware, money, online, scam, security, top, web

Computers

Microsoft Launches Free Anti-Virus Tool

by Terrence O'Brien (RSS feed) — Sep 30th 2009 at 6:19AM

Microsoft's new Security Essentials package departed from its beta status yesterday and is now available for free download, in its full-blown form, to anyone in need of some malware protection. Security Essentials protects against viruses, trojans, spyware, and other such cyber-nastiness.

The free download is certified as Windows 7 compatible (as one would expect) and is kept up-to-date via Windows Update just like the OS, meaning that users will have one less piece of software they have to worry about updating. Security Essentials offers basic protection without having as severe an impact on your PC's performance as do more complex (and expensive) suites like those from Symantec, McAfee, or Kaspersky.

Tags: anti malware, anti-malware, anti-virus, AntiMalware, antivirus, malware, microsoft, microsoft security essentials, MicrosoftSecurityEssentials, security, security essentials, SecurityEssentials, top

Computers, Web

Clampi Virus Targets Users at Banks and Credit Card Sites

by Terrence O'Brien (RSS feed) — Sep 22nd 2009 at 9:30AM

Keeping up with the latest Web security threats is a daunting task, because viruses and trojans emerge, evolve, and spread at an alarming rate. While some infections like Nine Ball, Conficker, and Gumblar have hit the scene and immediately become the scourge of the cyber security world, others take their time -- quietly infiltrating more and more computers before revealing the true depth of the danger they pose.

One such slow grower is Clampi, a trojan that made its debut as early as 2007 (depending on who you ask) but is only now raising hairs outside professional security circles. Clampi primarily spreads via malicious sites designed to dispense malware, but it's also been spotted on legitimate sites that have been hacked to host malicious links and ads. Using these methods, Clampi has infected as many as half a million computers, Joe Stewart, of SecureWorks, told a crowd at the Black Hat Security Conference in July, USA Today reports.

Tags: clampi, malware, security, top, trojan, virus

Computers, Web

Short-Lived Spam Blast Scams Plaguing E-Mail Accounts

by Warren Riddle (RSS feed) — Sep 17th 2009 at 3:25PM

A new IRS-inspired e-mail phishing scam emerged last week and hit accounts across the nation, USA Today reports. Unlike previous IRS-related scams, which enticed people with promises of free stimulus money, last week's spam blast attempted to ensnare targets with scare tactics.

The e-mail message, which appeared to be from the IRS, alerted people to the supposed fact that earnings had been under-reported and, in order to resolve the matter, the intended target needed to download a special government form. With the download, though, the perps could take over their mark's computer and continue to distribute the message to everyone in the victim's contact list. The compromised computers could then become part of a botnet (a network of infected computers that scammers remotely control) in order to continue blasting spam and stealing personal information.

Tags: botnet, malware, scam, scareware, security, spam blast, SpamBlast

Web

New York Times Web Site Hit With Malicious 'Advertisement'

by Caleb Johnson (RSS feed) — Sep 14th 2009 at 12:12PM

Such problems seldom affect major Web sites, but an "unauthorized advertisement" has been causing trouble for some visitors to The New York Times site, CNET News reports. Even more odd, the Times isn't sure how the ad got on the site or even if the site has been compromised by the attack. In a note to readers, the Times said that it is "working to prevent the problem from recurring."

While the ad doesn't appear to be very dangerous, it's certainly very annoying (Update: see below). When you visit the site, the ad warns that your computer might be at risk of infection and sends you to a site that supposedly offers anti-virus protection. (Although there have been no reports on the subject, and we certainly aren't going to download it ourselves to find out, this 'anti-virus' program is likely malicious.) Here's where it gets annoying. A reader told CNET News that the scam "hijacked his browser," forcing him to close out of it, since he couldn't leave the page. Another reader (who also took the screen capture above) told All Things Digital that he realized the ad was a scam, since he runs OS X and the ad mimics a Windows XP page.

Tags: hack, malware, new york times, news, NewYorkTimes, scam, top, web, windows

Computers, Web

Apple Quietly Admits Macs Get Viruses

by Terrence O'Brien (RSS feed) — Sep 1st 2009 at 5:09PM

If the 'I'm a Mac' ads are to be believed, one of the biggest selling points of the Apple computer is its supposed invulnerability to viruses, spyware, and other evil programs. Of course, those who follow these sorts of things know such a claim is misleading at best. OS X has seen a number of viruses and other nasties over the past several months, as the OS has gained popularity. And now Apple seems to finally be admitting, if rather quietly, that OS X is not quite immune to the Internet's more nefarious elements.

Apple confirmed last Friday, to PC Magazine, that the latest version of OS X (10.6, or Snow Leopard) features a built-in anti-malware tool. Although OS X has had a feature called 'file quarantine' since the 10.4 days, the latest update automatically detects certain Mac-specific threats and suggests that the user quarantine them.

To start, Apple will only detect two different types of malware, but some are already questioning how effective Apple could possibly be at defending OS X against online threats. Apple doesn't have a great track record at promptly addressing security holes, after all. In fact, some may see (we among them) the Cupertino-based company's new anti-malware move as an unwitting challenge to online miscreants that could result in an explosion of harmful, Mac-targeted software. [From: BetaNews and PC Magazine]

Tags: anti virus, AntiVirus, apple, mac, malware, os x, os x 10.6, OsX, OsX10.6, security, snow leopard, SnowLeopard, top

Computers, Web

Spyware Posing as Flash Update Hits Firefox

by Caleb Johnson (RSS feed) — Aug 31st 2009 at 12:49PM

There's some sneaky, new malware on the loose, and this time, it's after the users of Mozilla's Firefox browser. According to Laptop Magazine, the plug-in poses as an update for Adobe's Flash Player. Users are taken through some fake steps and are lead to believe the installation was completed. No harm done, right?

Wrong. The plug-in replaces ads on Google search pages with its own ads, and worst of all, the spyware has the ability to track what pages you browse and what you search, according to TrendLabs Malware blog. In other words, you lose all privacy. This is certainly not the news folks want to hear. Especially since most users switched from Internet Explorer to Firefox because of malware problems similar to this one.

While this attack proves that not even Firefox is invincible, you can still safely surf the Web. All it takes is a little common sense. Remember, don't download an add-on called 'Adobe Flash Player 0.2.' If you feel like you do need a legitimate update for a flash player or anything else, always make sure to download directly from the developer's Web site. Think before you click, and you'll avoid problems like this. [From: Laptop Magazine and TrendLabs Malware blog]

Tags: adobe, firefox, flash, google, malware, mozilla, security, threat, top, web

Web, Social Networking

'CoooooL Video' Facebook Spam Message Totally UncoooooL

by Lee Bains (RSS feed) — Aug 14th 2009 at 10:24AM

If you get a Facebook message bearing the subject line 'CoooooL Video,' delete it immediately. According to Mashable, the spam message has recently started showing up in many a member's inbox, claiming to have been sent by one of a user's friends. From one case to another, the messages' included links seem to vary, but their final destinations are one and the same: Malware City. If you do open the link, and thusly download the malware, you'll unwittingly be deluging your own friends with the 'CoooooL Video' messages.

If your profile is already sending the messages, Mashable suggests you do the following: clear all cookies from your browser's settings, change your Facebook password, and -- as always -- update your anti-virus software and run a full scan. Follow those steps, and you should be safe from 'CoooooL Video.' We, ourselves, aren't worried about it. If one of our Facebook friends spelled 'cool' that way, they'd be de-friended immediately, anyway. [From: Mashable]

Tags: facebook, malware, security, spam, top, virus

Web, Social Networking

Twitter Takes Strides to Block Bad Links

by Tim Stevens (RSS feed) — Aug 4th 2009 at 11:01AM

Twitter Finally Saving Users from Malicious Links

Links to cool stuff spread on Twitter like wildfire, and that's part of what makes the service so great. If somebody sees something interesting, they tweet it, their friends then pass it along, and within a few minutes it has spread across the whole of the Internet. The problem is that bad links can take advantage of that same system and spread just as quickly, a problem that Twitter is finally addressing directly.

Although no official announcement has been made to this effect, PaidContent.org noted yesterday that Twitter has begun to check all tweets for URLs and, if one is found, check it against a database of known bogus sites. If a match is found, the site stops the tweet dead, saying: "Oops! Your tweet contains a URL to a known malware site!" That update is then prevented from being posted and, in theory, all that tweeter's followers protected.

Tags: malware, security, spam, top, twitter, url shortener, UrlShortener

Celebrities, Web

'Smooth Criminal' Spammers Capitalizing on Michael Jackson's Death

by Warren Riddle (RSS feed) — Jun 26th 2009 at 4:25PM

It certainly didn't take spammers long to capitalize on the death of the King of Pop. Appearing almost as quickly as the tasteless jokes, spam messages claiming to have information surrounding Michael Jackson's mysterious death have been sweeping the Net.

According to The New York Times, security firm Sophos originally discovered the first set of spam messages, which offer details of the gloved one's death if the reader replies to the message. A second form, identified by Websense, offers a phony link to a YouTube video supposedly containing news of the passing. Instead, clickers are directed to a site that installs information-stealing Trojan horse software.

Tags: expire-images:2010-6-26, malware, michaeljackson, scammers, top, virus

Web, Social Networking

Scammers Inserting Malicious Links in Popular Twitter Topics

by Caleb Johnson (RSS feed) — Jun 22nd 2009 at 2:25PM

What do Wimbledon, Iran, and Perez Hilton have in common? Not a whole lot other than the fact that all three are popular topics on Twitter right now. Mashable reports that Panda Security, an antivirus company, has found that scammers are posting fake tweets that include these popular topics and a link to a malware site.

Sean-Paul Correll, a researcher at Panda Labs, described the scam in a blog post, "Cyber criminals have been targeting Twitter users by creating thousands of messages (tweets) embedded with words involving trending topics and malicious URLs."

After clicking one of these links, you're taken to a page that tells you to upgrade your Flash player, or a similar application. If you download the 'player,' malware will be installed on your computer. Next, you receive a message that says your computer has a virus and tells you to download a fraudulent program called 'Fast Anti-Virus 2009,' which, of course, costs $89.

Tags: iran, malware, perez hilton, PerezHilton, scams, security, social networking, SocialNetworking, top, twitter, wimbledon

Computers, Web

Ads Used to Spread Malware on Reputable Sites

by Terrence O'Brien (RSS feed) — Jun 22nd 2009 at 6:45AM

Advertisements Used to Spread Malware on Reputable Sites

Most Web sites don't sell ad space directly to marketers. Instead, major sites like FoxNews.com, IGN.com, and MLB.com sell their ad space to ad networks, which then independently sell to other companies. But if an ad network fails to find an advertiser, it will often resell the spot on the Web site to another ad network, which may then turn around and place the ad space for sale on an ad exchange site, where it will be auctioned off to the highest bidder.

With so many links in the chain, it has become harder and harder for Web sites to police the advertisements being hosted. As a result, vulnerabilities are more and more likely. All it takes for hell to break loose is one careless party to let through an ad that leads to an infected site.

Tags: ads, advertising, malware, security, virus

Most Emailed Stories

Editors' Picks

Deals of the Day

http://xml.channel.aol.com/xmlpublisher/fetch.v2.xml?option=expand_relative_urls&dataUrlNodes=uiConfig,feedConfig,entry&id=758444&pid=758443&uts=1256672453

http://cdn.channel.aol.com/cs_feed_v1_6/csfeedwrapper.swf

'Black Friday' Deals to Watch For

Getty Images

Black Friday' Deals to Watch For

Traditionalists might balk, but the holiday shopping season is already underway. Skeptical? Head to your local department store and you'll be inundated by Christmas trees and ornaments. Bargain hunters, though, know that the real deals are more than a month away.

Black Friday, traditionally, is when retailers truly slash prices. Early birds can save hundreds, if not thousands, of dollars off of their holiday bills. Switched.com checked with a few elves, who gave a sneak peek at what you can expect deal-wise this year.

Blu-ray Players and Movies: Blu-ray is shaping up to be the biggest door buster of this year's Black Friday. de Grandpre expects at least one retailer will offer a Blu-ray player for just $49. Look for bargains on Blu-ray films as well, with last year's hit titles (such as "Iron Man") to fall as low as $5.

Laptops: With the proliferation of Netbooks this year, it's never been easier to find affordable portable computing, but Dan de Grandpre, CEO of DealNews.com says it will get even cheaper on Black Friday. Look for well-equipped Netbooks to sell for $199 – and basic 15" laptops to go for as little as $249.

HDTVs (Pretty big): The holidays are typically the best time to buy a new TV – and Black Friday is the time to do it. If you're looking for a normal sized set, you're in luck. Piper Jaffrey analyst Mitch Kaiser says he expects to see 32-inch LCD sets for as low as $299. GottaDeal.com is estimating 37-inch plasma and LCD sets will fall to $399 or less.

HDTVs (Really big): Need something bigger? How about a 46-47 inch LCD set for $599 – a 25 percent savings? Or a 52-inch LCD for $999? Dealnews says you can expect both. Plasma deals will be a little harder to come by, but a 50-inch set should run roughly $899.

HD Camcorders: You've wanted to shoot your child's school play in HD for a while, but haven't been able to spring for the pricey camcorder. This might be the year. Low-end, flash-based 720p models could drop as low as $60 (though you won't be able to zoom with those). Expect a high quality 1080p HD camcorder for $349.

GPS: While navigation systems have dramatically expanded their reach this year – even making it onto the iPhone – there's still a market for car-based systems. Dealnews predicts you'll be able to find a no-name entry-level system for $49, while a Garmin or Tom-Tom brand will be as low as $69.

Digital Picture Frames: Showcasing your digital pictures consistently gets cheaper. This year, skip the 7-inch screens and focus on the 8- or 9-inch ones, which should be available on Black Friday for as little as $30.

Monitors: Computer monitors might not be the sexiest of gifts, but they're usually welcomed with open arms – and they'll be cheap this year. Name brand 22-inch LCD models may go for as low as $99, while 24-inch models will drop below $150.

Memory: Don't know anyone who needs a monitor? External hard drives are always popular, since they're an easy way to back-up data. Dealnews expects a 1TB drive to fall as low as $49 this year. Gottadeal is looking for 8GB flash drives to hit $15.

Latest Reviews from CNET.com

CNET provides the latest tech news, unbiased reviews, videos, podcasts, software, and downloads, making tech products easy to find, understand and use.

Top Product Reviews

Home Audio Reviews
9.0 out of 10
Definitive Technology BPX
Works great with Dolby Pro Logic and Dolby Digital. Full Review
9.0 out of 10
Denon AVR-4306 (black)
Incredibly well-featured 7.1-channel receiver; excellent sound quality; three HDMI inputs; converts analog video to HDMI output; upconverts analog video to 720p/1080i HD resolution; iPod and USB MP3 player connectivity; Internet radio and MP3/WMA streaming audio via built-in Ethernet port; XM Satellite Radio compatible; touch-screen remote; multizone, multisource operation; browser-based control via home network; accurate autocalibration routine. Full Review
8.8 out of 10
KEF KHT3005 (black)
The KEF KHT-3005 is one compact, beautifully designed speaker package with solid aluminum satellites that feature unique driver technology to produce incredible clarity. Meanwhile, the equally astounding dual 10-inch, 250-watt powered subwoofer delivers ultradeep bass. Full Review
Cell Phone Reviews

8.7 out of 10
SignalBoost Mobile Professional Amplifier Kit
The Mobile Professional Amplifier delivers a powerful signal boost to your cell phone. Also, it offers a compact design and easy setup. Full Review
8.6 out of 10
Wi-Ex zBoost YX510-PCS-CEL cell phone signal extender
The Wi-Ex zBoost YX510-PCS-CEL significantly boosts your cell phone reception and is easy to operate. Also, it uses a wireless connection to your phone. Full Review
8.3 out of 10
LG VX6000 (Verizon Wireless)
Compact and stylish; impressive battery life; solid audio quality; sharp color screen; built-in camera; USB ready; affordable. Full Review
Digital Camera Reviews

9.3 out of 10
Canon EOS 1D Mark III
Extremely fast, 10-megapixel continuous shooting; very low noise; highly customizable; well-designed body with weather sealing; 3-inch LCD; abundant optional accessories. Full Review
9.3 out of 10
Nikon D3 (body only)
Full-frame sensor; well designed, pro-level weather-sealed body; very low noise, even at extremely high ISOs; fast. Full Review
9.0 out of 10
Canon EOS-1Ds Mark III
Very low noise, high quality images; 21.1 megapixels; live view shooting; pro-level build-quality and performance. Full Review
Desktop Reviews

8.9 out of 10
Velocity Micro Edge Z30 (Intel Core i7)
Best value among midrange gaming PCs; Velocity Micro's consistently high build quality; compact case makes few sacrifices; second graphics card slot previously uncommon at this price. Full Review
8.5 out of 10
Apple iMac (24-inch, 2.8GHz)
A minor specification update results in some significant performance gains; graphics upgrade an option on this 24-inch model; sleek, polished design didn't receive an update, but we won't start clamoring for a new design until the current one is at least 12 months old. Full Review
8.4 out of 10
Velocity Raptor Signature Edition Gaming PC
One of the fastest PCs we've tested; a PCI Express RAID card helps media encoding performance; typically immaculate Velocity Micro assembly; strong, three-year warranty. Full Review