Viruses & Malware

Google has taken two steps to prevent its Chrome browser becoming an attack vector for malware that runs as extensions to the browser.

Like many other browsers, Chrome allows users to install “extensions”, apps that add functionality. Google even runs the “Chrome Web Store” to promote extensions.

Security outfit Webroot recently pointed out that some of the extensions in the store are illegitimate, data-sucking privacy invaders that trick users with offers to do things like change the colour of Facebook and then suck out all their data.

A new piece of malware is targeting point-of-sale (POS) systems at retailers, hotel chains and other businesses worldwide.

According to Seculert, the malware—known as "Dexter"—has been seen found being used in hundreds of attacks during the past two to three months. The malware has hit systems in 40 different countries, with the largest percentage (42 percent) in North America. Nineteen percent are located in the United Kingdom.

Earlier this week, Russian security firm Dr. Web published a blog post announcing the discovery of a new OS X trojan horse known as "Trojan.SMSSend.3666". The malware masquerades as an installer for various software titles, but tricks users into signing up for subscriptions through their mobile devices.

Fake installers have been around for quite some time now, but so far, they’ve only targeted Windows users. Now, researchers from security firm Doctor Web have identified a variant that’s designed for Mac OS X.

Dubbed Trojan.SMSSend.3666, the malicious element disguises itself as an installer for a popular application called VKMusic 4 – an app that allows users to listen to music on a Russian social media site. During the “installation” process, victims are asked to provide their mobile phone numbers. Then, they’re requested to enter a code received via SMS.

WordPress and Joomla exploits have existed for years, and cybercriminals have thus been exploiting them for a long time. Yet the situation may have gotten slightly more serious as of late, as there appears to be a bulk exploit tool being used in the wild, targeting sites running both popular content management systems, and having them serve up fake antivirus malware to visitors.

A new wave of spam campaigns are dispensing "Gameover,” the only banking trojan in the Zeus family to use peer-to-peer (P2P) communications to hide its activities.

The threat of the malware has become even more pervasive now that criminals are using Cutwail, the world's largest spam botnet, to deliver malicious emails containing Gameover. The spam is made to look like messages from top U.S. banks, researchers at Dell SecureWorks Counter Threat Unit (CTU) found, with the hopes of luring users into clicking attached PDF files.

Japan's Aerospace Exploration Agency (JAXA) has reportedly suffered its second major malware incident in under a year after an attack that has resulted in the leaking of details of the country's top-secret Epsilon rocket programme.

According to unconfirmed reports, on 21 November JAXA discovered an unidentified data-stealing "virus" on a computer at the Tsukuba Space Centre used to store details of the country's prestigious solid fuel rocket programme.

A website related to the Dalai Lama is hosting attack code that attempts to surreptitiously install OS X-based spy software on the Macs of people who visit.

Researchers have detected new cases of a previously discovered worm, Narilam, which is targeting accounting applications in corporate databases throughout the Middle East

Symantec, which on Thursday published an analysis of the malware, found that Narilam had infected Microsoft SQL systems and was capable of modifying and deleting sensitive data and tables of its victims. Narilam, which likely began spreading as early as late 2009, may have capabilities reminiscent of other Middle Eastern-targeted malware, but its source is likely a smaller network, according to Symantec.

Shylock, a trojan dropper that steals bank account information, is employing a new trick to avoid detection: hiding from researchers who may be studying it via remote desktop connections.