Researchers at Symantec said they have spotted a trojan taking advantage of a previously patched Microsoft Office vulnerability.
The exploit, which is being used in targeted attacks, arrives as an email that contains a Microsoft Word file and a separate DLL file, a rare combination considering DLL files are not typically sent over email.
A "worrying number" of Facebook users are sharing a link to a malware-laden fake CNN news page reporting the US has attacked Iran and Saudi Arabia, security firm Sophos claims.
If users who follow the link then click to play what purports to be video coverage of the attack, they are prompted to update their Adobe Flash player with a popup window that looks very much like the real thing. Those who accept the prompt unwittingly install malware on their computers.
Two months after a traffic hijacking scheme was brought to its knees, the software that powered a botnet is still running on computers at half of the Fortune 500 companies, and on nearly 50 percent of all federal government agency PCs.
The "DNSChanger Trojan" changes the host computer's web settings to hijack search results and to block victims from visiting security sites that might help scrub the infections.
Google has been using a service codenamed Bouncer to scan of applications submitted to the Android Market in an effort to improve security, the company revealed last week.
Bouncer scans the market for potentially malicious software without disrupting the user experience or requiring developers to submit to an application approval process, said Hiroshi Lockheimer, vice of engineering for Android.
A banking Trojan now spreading over the internet is able to get past captcha security challenges to send out emails and propagate itself, according to security company Websense Labs.
The Cridex Trojan variant infects a Windows PC when a malicious link in an email is clicked, Websense said in a blog post on Monday. The shortened link goes to a malware webkit with several components, including a data-gathering tool and a propagation module that stealthily opens webmail accounts.
New malware targeting Android smartphones and mobile devices has been uncovered by F Secure.
The Trojan, which the security company has christened with the catchy name Trojan:Android/FakeRegSMS.B hides a PNG file that allows it to hijack a person's phone and send premium rate text messages.
Facebook and the state of Washington have filed separate lawsuits against West Virginia-based Adscend Media LLC, alleging the company was responsible for spreading malware through Facebook and for stealing personal information from users of the social networking site.
A Windows Media remote code execution flaw that has been patched in the last Patch Tuesday is being exploited by attackers in the wild to deliver malware to the targets' computer, warns Trend Micro.
The victims are lured to a malicious web page (http://images.{BLOCKED}p.com/mp.html), which hosts a specially crafted MIDI file and JavaScript.
Hackers are using QR codes to distribute malware to smartphone owners, says AVG.
Everyone believes the Android platform is more secure compared to other mobile platforms such as Windows Phone or Symbian. However, hackers can still find their way to penetrate a platform’s sturdy wall.
