malware

Who wrote the Flashback Trojan?

In September 2011, security companies first noticed a new malware scam for OS X, which posed as a fake Adobe Flash installer, and hence became known as Flashback. Unlike prior scams, this malware took on some new approaches to tricking users by infecting common browsers, disabling Apple's XProtect system, and eventually morphing into a Java-based exploit that resulted in approximately 600,000 Macs being infected worldwide.

The Flashback malware has been seen as one of the more widespread and successful attacks on the OS X platform, but while it was eventually snuffed out a year later, it left everyone … Read more

How you may have inadvertently participated in recent DDoS attacks

The risk that an Internet-connected computer is infected with malware will never be reducible to zero. It's just the nature of software that errors happen. Where there are software-design errors, there are people who will exploit those errors to their advantage.

The best PC users can hope for is to minimize the chances of an infection and to mitigate the damage a piece of malware can inflict -- whether it intends to steal a user's sensitive data or to commandeer the machine as part of a cyber attack on servers thousands of miles away.

Last week, Internet users … Read more

New Microsoft study says your software is counterfeit

In a new IDC white paper commissioned by Microsoft, cleverly titled "The Dangerous World of Counterfeit and Pirated Software: How Pirated Software Can Compromise the Cybersecurity of Consumers, Enterprises, and Nations...and the Resultant Costs in Time and Money" ( full PDF), there's a boatful of interesting statistics around "the prevalence of malicious code and unwanted software -- such as viruses, Trojan horses, keystroke-capturing software, authentication backdoors, and spyware -- in pirated software and on the Web sites and peer-to-peer (P2P) networks where such software is found."

"[U]sing information from a 10-country survey of … Read more

Apple fights Yontoo Trojan with XProtect update

Following news of the new adware Web plug-in Trojan found to be affecting OS X systems, Apple has released an XProtect malware definitions update to protect anyone who stumbles across it.

The Trojan, called Yontoo, is initially disguised as a media player or download manager plug-in and distributed on underground file-sharing and movie trailer Web sites. When installed it pretends to be a player called Twit Tube but installs the Yontoo plug-in. This plug-in will work in all Web browsers to track your browsing behaviors and then present ads on legitimate Web sites.

Unlike other malware that can hide itself … Read more

South Korean cyberattack may not have come from China

South Korea apparently still has a mystery on its hands. Who launched a cyberattack against several of its banks and broadcasters this week?

Regulators for the country initially pointed the finger at China, saying that the attacks originated from a Chinese IP address. But they admitted today that they jumped the gun.

The IP address used in the attack was actually traced to one of the banks hit on Wednesday. South Korea's NongHyup Bank had been using the address as a virtual one for its internal network, according to Reuters. By coincidence, that address matched one registered in China.… Read more

How to remove 'Yontoo' adware Trojan from your OS X system

Security company Dr. Web is reporting on a new adware Trojan attack that is targeting Mac users, where malicious Web sites will trick users into installing a plugin that will track your browsing and display ads to you.

The malware, called "Yontoo," will be first encountered as a media player, download manager, or other plug-in requirement for viewing contents on some maliciously crafted Web sites disguised as sources for file sharing and movie trailers. When the plug-in prompt is clicked, you're redirected to a site that downloads the Trojan installer and requires you to run it. The … Read more

Chameleon botnet steals $6M per month in click fraud scam

Security researchers say they have identified a botnet that steals more than $6 million per month by generating fake customer clicks on online display ads.

Dubbed Chameleon, the botnet has infected more than 120,000 Windows-based computers in the U.S., mimicking human behavior on select Web sites to generate billions of ad impressions and fraudulent income for its creators, according to security firm Spider.io.

Click fraud costs Web advertisers in lost revenue by making them pay for illegitimate clicks. Spider.io reported that advertisers paid an average of 69 cents per one thousand impressions generated by the botnet. … Read more

Google rolls out initiative to help hacked sites

It's not pretty when a Web site gets a "this site may be compromised" or "this site may harm your computer" status note. Many webmasters and Web site owners can be at a loss of what to do in these situations.

For this reason, Google has launched "Help for Hacked Sites" informational series, which has a dozen articles and videos aimed to help people avoid having their sites hacked and also teach them how to gain back control of compromised sites.

"Every day, cybercriminals compromise thousands of websites. Hacks are often invisible … Read more

'Pintsized' malware bypassed GateKeeper to affect tech companies

New findings show the recent malware attack that affected employees of Facebook, Apple, and Twitter was able to do so in part by bypassing Apple's GateKeeper security system in OS X.

Gatekeeper is a new technology in OS X Mountain Lion that allows programs to only execute if they are properly signed or if they only come from the Mac App Store. This works by the system blocking all execution and then settings up group-based rules to allow specific program types to run. For example, the default rule sets are for signed applications and those from the Mac App … Read more