Viruses & Malware

Malware creators seem to have started a battle against piracy on the Internet. After recently reporting the appearance of the Nopir worms, whose aim is to deleted all of the MP3 and COM files from the computer, leaving a message to the user of the affected computer, this time, PandaLabs informs that a Trojan called Whiter.F has emerged, a malware that deletes all the files form the hard disk of the affected computer. This new malware variant, like most Trojans, cannot spread on its own.

A new variant of the Sober mass-mailing worm is being blamed for the deluge of German spam messages flooding inboxes this weekend, anti-virus experts warned on Sunday. The spam barrage arrives with politically-themed messages in German and contains only links to news articles on German Web sites. Finnish anti-virus vendor F-Secure Corp. said the spam run is being powered by Sober.Q, the latest mutant of a worm that was first spotted in October 2003.

The Sober.P virus suddenly stopped spreading on Tuesday and yesterday we reported that infected computers started downloading the new Sober.Q worm.

On Saturday Sober.Q wasn't active yet but today anti-virus firm Kaspersky reports Sober.Q has become active. The worm doesn't spread itself but sends out huge loads of spam messages that link to right winged articles.

So in a way we're seeing the same story as with Sober.G a year ago. Sober.G downloaded Sober.H and Sober.H in turn sent out enormous amounts of racist spam in June 2004.

The Sober.P worm stopped spreading across the Internet on Tuesday after virus writers remotely silenced thousands of infected computers overnight, experts said on Friday.

The worm, which spread rapidly last week, included code to make it respond to instructions posted on a number of Web sites. Antivirus companies now believe that the virus writers responsible for Sober.P made changes to these Web sites to temporarily stop the worm spreading.

Symbian on Wednesday announced that shipments of its mobile phone operating system have increased nearly 200 percent over the past year. Should this trend continue, security experts are predicting an explosion in mobile phone-based malware.

Somebody has been using city hall computer servers to spread a potentially dangerous virus. Authorities still don't know who planted the electronic "worm", but it has already caused some headaches for local Internet service providers who said they received it by way of city hall among others.

Above all, this underlines the need to stay up to date on your virus and spam protection. As this case proves, sometimes even that is not enough. According to Internet security company Symantec, 35 new viruses have been identified since the beginning of this month.

SSH, or secure shell, is the standard protocol for remotely accessing UNIX systems. It's used everywhere: universities, laboratories, and corporations (particularly in data-intensive back office services). Thanks to SSH, administrators can stack hundreds of computers close together into air-conditioned rooms and administer them from the comfort of their desks.

Commwarrior, the mobile phone virus that spreads via MMS, could be even bigger trouble than Cabir, anti-virus experts are warning.
Within a year Cabir has infected 22 countries, but recent sightings of Commwarrior in the Middle-East and India are leading to suggestions it could spread even further.

A new variant of the MYTOB worm has been discovered that pretends to be a legitimate email warning of a delivery error or email account problem.

The worm, WORM_MYTOB.ED was the 100th variant to be identified since the MYTOB worm first appeared in February this year, security vendor Trend Micro has said in a statement. The worm propagated by sending a copy of itself as an email attachment which it sent using its own Simple Mail Transfer Prorocol (SMTP) engine, the company said.

Security experts have warned of a newly intercepted worm spreading throughout Europe which allows hackers to take remote control of infected PCs.

MyDoom.BQ, also known as Mytob.ED, arrives as an attachment in an email claiming that the user's email system has been "locked" for security reasons.

Once the attachment is opened the worm harvests email addresses to send itself on, and installs a backdoor channel to IRC that allows remote control of the PC.