Viruses & Malware

There has been a lot of discussion in recent weeks about some new variants of the Popureb rootkit that clobber your Master Boot Record (MBR).

According to Microsoft's latest analysis, based on "sinkholes", only just over half of the 1.6 million PCs once infected with the Rustock bot are now clean.

It took only three months for the TDL rootkit - also known as Tidserv, TDSS and Alureon - to add over 4,5 million infected computers to the developers' botnet, say Kaspersky Lab researchers.

Back in 2010, its authors have surprised researchers by selling the source code for the TDL3 version, but now they know that this move has been the result of the creation of the next variant - TDL4. TDL4 was different enough from the previous one and improved in such a way that the developers believed that the sold variant wouldn't be able to compete with it.

Cleveland Police suffered a major outage after its computer systems were infected by the Conficker worm in February, ZDNet UK has learnt.

The North of England police force's main systems had to be taken offline for three days after becoming infected, Cleveland Police told ZDNet UK in response to a Freedom of Information request. "[An] infected CD containing evidential CCTV footage [was] loaded into a standalone PC, which was inadvertently joined to the network briefly for routine maintenance," Cleveland Police said.

A popular Twitter-like service in China with 140 million users was hit by a worm earlier this week that resembles past attacks that infected Twitter and MySpace, according to a security analyst.

Sina Weibo, a microblog service in China, said the worm first appeared on Tuesday night. Affected posts displayed a malicious link with enticing messages like "Move a woman's heart with 100 lines of poetry" or "Software to listen to other people's phones." When the link was clicked, the user's own account would repost and send out private messages circulating the malicious link again.

Software giant Microsoft has found a rootkit which is so nasty you will have to re-install your operating system to get rid of it.

The Trojan "Popureb" digs so deeply into the system that not even the finest Volish spinners can dig it out. The only way to deal with it is to return Windows to its out-of-the-box configuration,

Writing in the Microsoft Malware Protection Center bog, Chun Feng said that if your system does get infected with Trojan:Win32/Popureb.E, it advises you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state.

British comic actor Simon Pegg, star of movies such as "Shaun of the Dead", "Hot Fuzz", and most recently the alien comedy "Paul", has claimed that his Twitter account has been hacked in order to spread malware to his 1.2 million followers.

Simon Pegg normally tweets to his fans with TweetDeck or Twitterific, but the offending message was sent via the Twitter for BlackBerry application instead:

Download the new “Paul” Sceen Saver [LINK] after download right click and press test to install

The FBI has remotely uninstalled coreflood botnet clients from a number of 19,000 computers in a first-of-its-kind law enforcement operation.

Coreflood is one of the oldest botnets, dating back to 2002. During its life it infected a total of 2.3 million computers and from March 2009 to February 2010 alone it stole 190 GB of sensitive data including online banking passwords.

Small and midsize organizations may want to take note: There is a particularly large Zeus spam campaign making the rounds.

The emails piggyback on two trusted names -- the Federal Reserve and the Internal Revenue Service -- to incite recipients to take unwise actions.

Researchers at Barracuda Labs first spotted the huge uptick in the malicious messages on Monday morning, when the emails were blocked before reaching some 120,000 users within 10 minutes.

Recently we discovered a new Trojan in the wild, surfacing in alternative Android markets that predominately target Chinese Android users. This Trojan, which we’ve dubbed jSMSHider due to the name used inside the APK, predominantly affects devices with a custom ROM.

Custom ROMs are custom built versions of Android, which have been released by third-party groups. The manufacturer or carrier do not traditionally endorse custom ROMs. (If you do not know what a custom ROM is, and do not think you’ve downloaded a custom ROM, you are probably not affected.)