Skip to main content

Viruses & Malware

Japanese police bust poker-playing IT boss for Android malware

posted onJuly 26, 2013
by l33tdawg

Police in the Chiba Prefectural zone of Japan have arrested nine people suspected of making nearly $4m by distributing malware that harvested mobile user's contact information and using it for a fake dating website.

The arrests came after a joint operation between the police and Symantec, and the security company reports that the possible ringleader of the group is Masaaki Kagawa, president of IT firm Koei Planning and a semi-professional poker player who has netted over $1.5m in winnings from tournament play over in the last six years.

US agency baffled by modern technology, destroys mice to get rid of viruses

posted onJuly 8, 2013
by l33tdawg

The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering low growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a potential malware infection within the two agencies' systems.

Attackers sign malware using crypto certificate stolen from Opera Software

posted onJune 27, 2013
by l33tdawg

Hackers penetrated network servers belonging to Opera Software, stole at least one digital certificate, and then used it to distribute malware that incorrectly appeared to be published by the browser maker.

The attack was uncovered, halted, and contained on June 19, according to a short advisory that Opera published Wednesday morning. While administrators have cleaned the system and have yet to find any evidence of any user data being compromised, the breach still had some troubling consequences.

Malwarebytes unveils ExploitShield-based Anti-Exploit Beta

posted onJune 24, 2013
by l33tdawg

Malwarebytes has released the first public beta of Malwarebytes Anti-Exploit, a rebranded and improved version of ZeroVulnerabilityLabs’ ExploitShield.

Just as in its previous incarnation, Anti-Exploit is an extremely easy-to-use tool which protects popular applications from zero-day exploits, web-based vulnerability exploits and more.

It's tough at the top for anti-virus products

posted onJune 18, 2013
by l33tdawg

Results of independent tests by AV-Comparatives looking at the real world protection offered by leading packages show that competition is as fierce as ever.

The tests use 569 real-world malicious URLs. 138 of these are blocked by a Windows 7 system with all its patches up to date, leaving 431 to be intercepted by security software. The tests use MS Security Essentials as a baseline providing a 95.4 percent level of protection. You can see the full results on an interactive chart but it’ll come as no surprise that it's all pretty close.

Android antivirus products a big flop, researchers say

posted onJune 7, 2013
by l33tdawg

Android smartphones and tablets are under attack, and the most popular tools developed to protect them are easily circumvented, according to new research from Northwestern University and the University of North Carolina.

The researchers created technology called DroidChamelon that can be used to perform common obfuscation techniques (simple switches in a virus' binary code or file name, for instance) to blow by security products. It tested DroidChamelon with products from the likes of AVG, Kaspersky, ESET, Symantec and Webroot.

Attackers use Skype to spread Liftoh trojan

posted onMay 27, 2013
by l33tdawg

Users receiving shortened URLs in Skype instant messages, or similar IM platforms, should be wary of a new trojan, called Liftoh.

So far, it has primarily infected users in Latin America, said Rodrigo Calvo, a researcher at Symantec.

When targeted, victims receive a message in Spanish containing a shortened URL. The messages appear as if they are coming from someone on the user's Skype contact list who is linking to a photo. If clicked, the link redirects users to 4shared.com, which is hosting a URL, which initiates a weaponized zip file containing Liftoh.