Viruses & Malware

Security researchers have been touting the growing nature of professionalism among virus authors over the last several years, but new evidence points to increased cooperation between malware writers spread around the globe, according to some experts.

The practice of using widely-distributed IP addresses to distribute malware and spam to help avoid detection by security companies and law enforcement officials is nothing new among electronic schemers.

The Hack.Huigezi 2007 virus is now exploding and multiplying fast online throughout China.

From March 1 to March 13, local anti-virus company Kingsoft blocked as many as 512 Hack.Huigezi virus variations. Hack.Huigezi is a kind of Trojan virus that combines many different controlling program. Once it attacks a computer, every move of the user will be monitored by the hacker who can easily steal the user's account, password, photo and important files.

A new worm targeting a flaw in Sun Microsystems Inc.'s Solaris 10 OS delivers crude artsy payloads, including a drawing of a turkey in ASCII text. The use of an ASCII drawing by a hacker is "a bit old school," said Graham Cluley, senior technology consultant for Sophos PLC.

The worm-- called
Unix/Froot-A or Wanuk-- takes advantage of a zero-day flaw that was patched by Sun three days after exploit code was published last month.

Turner Broadcasting System, which owns CNN, has been hit by a worm that could have been detected if the company had updated its antivirus software.

According to Symantec's website, the Rinbot worm opens a back door in affected networks and connects to an IRC server, allowing an attacker to send commands to the server.

The Troj/Pirlames-A Trojan horse has been distributed on the controversial Winny file-sharing network in Japan, posing as a screensaver. However, if P2P users download and run the program their files are overwritten by pictures of a popular comic book star who abuses them for using Winny and threatens to expose them to the police if they don't stop using the system.

Security Experts at MicroWorld Technologies inform that they are witnessing increased incidents of a Worm with Trojan capabilities infecting Enterprise systems and home computers, in the last two weeks.

The Worm ?Win32.Agent.wj? copies itself to the root folder of USB flash Drives, MP3 players or other removable storage devices in the machine. Then the worm moves on to create ?autorun.inf? configuration file which activates the malicious code as soon as the infected drive is plugged into another computer.

A security company has found what appears to be a worm that is exploiting a verified zero-day bug in Sun Microsystems' Solaris 10 and 11.

The Sun Solaris Telnet worm attempts to log into computer systems as the user or administrator, enabling it to execute commands and move on, according to Arbor Network's Security Engineering and Response Team. The security group said it identified the flaw using its Atlas project. The software deploys sensors into service providers' networks to collect data on malware exploits.

A variant of the Trojan horse attacks known as Storm Worm emerged on Monday, targeting people who post blogs and notices to bulletin boards.

Storm Worm emerged in January and raged across the globe in the form of e-mails with attachments that, when opened, loaded malicious software onto victims' PCs, commandeering the machines so they could be used for further attacks.

A fake breaking news report claiming that John Howard had a heart attack is being circulated by spammers in an attempt to hijack Australians' computers.

The email, with the subject "John Howard survived a heart attack", uses a fake link to The Australian newspaper's website to download hidden "malware" onto computers.

"The Prime Minister of Australia, John Howard have survived a heart attack," the email reads.

"Mr Howard, 67 years old, was at Kirribilli House in Sydney, his prime residence, when he was suddenly stricken.

US researchers have come up with a technique that claims to be able to stop Internet worms within milliseconds of an outbreak. The Proactive Worm Containment (PWC) system, as its inventors at Penn State University call it, uses no signatures to identify an attack. Instead it relies on the frequency of connections at a packet level, and analyses the number of connections this traffic is making to other networks.