Viruses & Malware

THE share trading glitch experienced by three brokerages in Kuala Lumpur on Monday was traced to old operating systems infected with the "funlove" virus, says Bursa Malaysia.

Business Times reported yesterday that OSK Securities, Asseambankers and TA Securities experienced problems in share trading on Monday because of computer problems, which some claimed originated from the stock exchange's trading system.

A Bursa Malaysia spokesperson said the stock exchange was notified of the problem at 9.30am on Monday and managed to get its vendors to fix it by 11am the same day.

A newly discovered worm targeting OpenOffice attempts to download indecent JPEG images onto compromised PCs.

Sophos warned today that Badbunny-A, a macro worm for OpenOffice/StarBasic that also drops scripts in other languages, downloads pictures of a man wearing a bunny suit performing a sexual act in woodland.

The malware infects computer users when they open an OpenOffice Draw file called badbunny.odg.

A new, stealthier version of a previously known Russian Trojan horse program called Gozi has been circulating on the Net since April 17 and has already stolen personal data from more than 2000 home users worldwide.

The compromised information includes bank and credit card account numbers (including CVV codes), Social Security numbers, and online payment account numbers as well as usernames and passwords. As with its predecessor, the new version of Gozi is programmed to steal information from encrypted SSL streams and send the stolen information to a server based in Russia.

Chinese computers, in heavy use with many people off work for the Labour Day holiday week, have suffered a major surge in malware infections, as a surge in the number of people browsing the web, shopping online, sharing files and playing online games has led to a similar surge in virus, trojan and spyware activity. Local security and anti-virus company Kingsoft has reported over 1.4 million infections discovered, an alarming rise of over 30% on the same period last year, and the company's spokesman warned of a variety of malicious programs stealing banking and gaming details.

Sixty-six percent of the new Trojans that emerged in the first quarter of 2007 were designed for financial gain. "Trojans help their authors make a financial profit in many different ways: from stealing bank passwords to modifying the server's DNS to redirect users to spoofed websites. In fact, Trojans are currently the most widely used malware, due to their flexibility to carry out these types of crimes," explains Luis Corrons, Technical Director of PandaLabs.

Beware! There is a new worm on the loose, and this time it's literally on the loose. Experts have warned that a new worm called the "SillyFD-AA" is spreading via USB sticks.

The worm SillyFD-AA installs itself onto systems and puts a message in Internet Explorer that reads "Hacked by 1BYTE". It also installs an autorun.inf on any removable drive such as USB sticks or even the rather outdated floppy disks.

The concept of malware morphing is not new. For years, malware authors and anti-virus researchers have documented and classified the methods used to obfuscate and hide malware code with each infection. And while these techniques have been a source of innovation for web browser exploit developers, in their first generation they were relatively ineffective against traditional signature-based protection engines for the following reasons:

Google has rooted out a scam that delivered malware via the search engine's AdWords advertising system. The move follows calls for the search giant to crack down harder on attackers using the AdWords service.

The scam was a particularly dangerous example of a trend that has become a significant problem for search engines such as Yahoo and Google: hackers using search engine results and advertising links to attack users' systems. The attack also deployed code on bank websites to encourage users to give up additional information.

A worm that is more than three years old is rearing its ugly head again.

The Sober family of worms first hit the Internet back in October of 2003, and it raged around the globe, wildly infecting computers throughout 2004 and into 2005. Now, two security companies in the last few days have spotted a new variant making the rounds.

Malware authors have made Microsoft's PowerPoint their vector of choice for infecting corporate systems.

Microsoft Word was the top choice for malware authors last year looking to embed code in seemingly innocuous documents.

But research from MessageLabs suggests that increased patching of Word, and a slack attitude to patching other applications, has prompted hackers to target PowerPoint.

"People expect to find PowerPoint in their emails, more so than applications like spreadsheets," said Alex Shipp, senior antivirus technologist at MessageLabs.