Viruses & Malware

Mobile security researchers say they have identified flaws in Google's system to keep malware off Google Play.

Today Google announced it would be leading a campaign to notify users whose PCs were infected by the DNSChanger malware. The malware was part of a scam that came to light last November when the U.S. Department of Justice accused seven Estonian and Russian men of orchestrating several different kinds of Internet fraud schemes. Users were infected with DNSChanger after they clicked malicious links or downloaded tainted software.

The malware sent infected computers to DNS servers that redirected millions of victims to websites they had never intended to visit.

Last year the FBI and international police participated in an operation called “Operation Ghost Click” in which a group of Estonian hackers had distributed various DNS changing programs around the internet. According to VPNReviewz CEO Michael Maxstead, the bots distributed would change the users computers DNS settings, and all the users DNS solutions would be served by the hackers nameservers. DNS servers that, “would send the user to websites that would then install scripts to essentially strip the computer of all personal data.” 

Visitors to Wikipedia who see advertisements on the site have most likely fallen victim to a browser-based malware infection, Wikimedia Foundation, the organization operating the website, said on Monday.

"We never run ads on Wikipedia," said Philippe Beaudette, director of community advocacy for the Wikimedia Foundation, in a blog post. "If you're seeing advertisements for a for-profit industry ... or anything but our fundraiser, then your web browser has likely been infected with malware."

Adding injury to insult, fraudsters have merged the phenomenon of ransom Trojans with banking malware, producing a hybrid that demands money before attempting to steal user logins. 

Noticed by several security firms since the turn of the year, the web drive-by Reveton Trojan tries to coax victims into handing over payments of up to $100 with the warning that they have been found accessing violent and child porn content by the US Department of Justice.

The rise of the global Internet in the early to mid-2000s made online crime possible and profitable. The sheer size of Microsoft’s monopoly made Windows the only target that mattered for malware authors. And so for years all malware was Windows malware, which led some people to conclude that it would always be so. 

The Russian security firm that originally acknowledged the Flashback botnet spread across 650,000 Macs continues to analyze the behavior of the Trojan, as “Files downloaded by the Trojan horse from servers controlled by criminals have become one of the main subjects for analysis.”

“Doctor Web virus analysts continue to study the first-ever large-scale botnet created by means of BackDoor.Flashback and comprised of computers running Mac OS X,” says the firm.

The Conficker worm is currently the largest security threat to enterprises, continuing to spread due to weak or stolen passwords and vulnerabilities that require security patches, according to a Microsoft report.

According to the Microsoft "Security Intelligence Report volume 12" (SIRv12), which analyses online threat data, the Conficker worm was detected 220 million times worldwide in the past two and a half years, making it the biggest threat to enterprises. In the fourth quarter alone, the worm was detected on 1.7 million systems worldwide.

Iran has been forced to disconnect key oil facilities after suffering a malware attack on Sunday, say reports.

The computer virus is believed to have hit the internal computer systems at Iran's oil ministry and its national oil company.

Contrary to reports by several security companies, the Flashback botnet is not shrinking, the Russian antivirus firm that first reported the massive infection three weeks ago claimed today.