Skip to main content

Viruses & Malware

New OS X spyware on the loose: Italy's Hacking Team is at it again

posted onNovember 18, 2013
by l33tdawg

Mac security firm Intego has turned up a new version of the Remote Control System (RCS) Da Vinci rootkit, a pricey piece of dodgy spyware lawful intercept software sold to governments across the world by Italian security coders Hacking Team. 

If Hacking Team’s handiwork sounds benign, Intego has given it the new and rather alarming-sounding name, ‘OSX/Crisis.B. The backdoor was first detected as ‘Crisis’ (officially called ‘Da Vinci’ by its makers) in the summer of 2012 when it was spotted targeting Moroccan journalists sympathetic to the Arab Spring.

International Space Station Infected With Malware Carried By Russian Astronauts

posted onNovember 11, 2013
by l33tdawg

Russian security expert Eugene Kaspersky has also told journalists that the infamous Stuxnet had infected an unnamed Russian nuclear plant and that in terms of cyber-espionage "all the data is stolen globally... at least twice."

Kaspersky revealed that Russian astronauts carried a removable device into space which infected systems on the space station. He did not elaborate on the impact of the infection on operations of the International Space Station (ISS).

FBI posts $50,000 reward for 'Lover Spy' malware writer

posted onNovember 11, 2013
by l33tdawg

 The FBI has offered large rewards for information that could help them catch a clutch of alleged cybercriminals, including an El Salvadoran national accused of selling a Trojan designed to spy on husbands or wives believed by their spouses to be cheating on them.

The details published on the FBI website covers all types of cybercrime, including database theft and hacking, telecom fraud, and malware scams. But it is the curious tale of Carlos Enrique Perez-Melara that offers the most more unusual case.

Researcher skepticism grows over badBIOS malware claims

posted onNovember 7, 2013
by l33tdawg

Five days after Ars chronicled a security researcher's three-year odyssey investigating a mysterious piece of malware he dubbed badBIOS, some of his peers say they are still unable to reproduce his findings.

"I am getting increasingly skeptical due to the lack of evidence," fellow researcher Arrigo Triulzi told Ars after examining forensic data that Ruiu has turned over. "So either I am not as good as people say or there is really nothing."

The badBIOS Analysis Is Wrong

posted onNovember 4, 2013
by l33tdawg

I’m not known for pulling punches and I’m not about to start now. The fact is that everything I have read about #badBIOS is completely and utterly wrong; from the supposed “escaping air gap” to well.. everything. And I should know. I’ve dealt with malicious BIOS and firmware loads in the past. I’ve also dealt with BIOS development and modification for two decades. It’s a very important skill to have when you regularly build systems that are well outside manufacturer ‘recommended’ areas.

Meet "badBIOS," the mysterious Mac and PC malware that jumps airgaps

posted onNovember 4, 2013
by l33tdawg

Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn't know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.

Microsoft Remains the Leading Anti-Virus Vendor, Research Shows

posted onOctober 29, 2013
by l33tdawg

Microsoft’s security products are often criticized for their lack of features and poor efficiency, but according to a new research, Redmond is the leading anti-virus vendor right now.

Judging by the market share of its products, Microsoft has 25.4 percent of the anti-virus market thanks to Security Essentials and Windows Defender, a report published by OPSWAT shows.

ATM malware may spread from Mexico to English-speaking world

posted onOctober 29, 2013
by l33tdawg

A malicious software program found in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.

Two versions of the malware, called Ploutus, have been discovered, both of which are engineered to empty a certain type of ATM, which Symantec has not identified.

PHP.net flagged for malware by Google, researchers confirm it was no false positive

posted onOctober 24, 2013
by l33tdawg

On Thursday, PHP.net was flagged by Google's Safe Browsing for malware. The warning, sparked debate among the development and security communities, as the initial reaction claimed Google triggered a false positive. However, additional research makes that claim seem unlikely.

By mid-morning on Thursday, Google's Safe Browsing initiative was flagging PHP.net, warning visitors that the site was malicious. The root cause appears to be a JavaScript file that had undergone several modifications over the last 24-hours.