Viruses & Malware

There is a constant cat and mouse game between malware, security software companies and computer users, and the chance of one side winning the battle seems slim at best.

Malwarebytes revealed recently on Malwarebytes Unpacked how Vonteera, a malware previously classified as adware, operates.

While it may not be of interest to many how that particular malware operates, the methods that it uses to infect computer systems and remain on them may very well be as they are used by other malware as well.

Three new families of "auto-rooting adware," detailed by security researchers at Lookout, are "a worrying development in the Android ecosystem" because each can root the device and install itself as a system application, making the contamination virtually impossible to remove as the infection is designed to survive even a "factory data reset" device wipe.

Security firm FireEye has discovered a malicious backdoor program called SYNful Knock that could let hackers use Cisco’s routers to deploy attacks on a broad scale.

The implant is the same size as the Cisco router image, and it’s loaded each time the router is restarted. The program supports up to 100 modules that can be tailored to the attacker’s needs.

A new type of malware that can be used to compromise ATMs independently of who their manufacturer is, and can make the machine steal card data but also the cards themselves, has been spotted by FireEye researchers.

The dubbed the malware Suceful, after the authors' faulty spelling of the word "successful". The sample they analyzed came from VirusTotal, and it's likely that the authors submitted it themselves in order to see whether the malware will be flagged down as such by the various AV engines employed by the testing service.

Qualcomm’s upcoming Snapdragon 820 SoC is shaping up to be quite an impressive mobile chip. Earlier this month, the chip maker revealed that its Adreno 530 GPU will offer up to 40 percent faster performance while consuming 40 percent less power compared to the Adreno 430. What’s more, Qualcomm claimed its new image signal processing (ISP) unit would lead to mobile cameras capable of capturing DSLR-quality pictures.

These promises alone are enough to excite most mobile enthusiasts but that’s only just the tip of the iceberg.

A group of Israeli researchers have improved on a way to steal data from air-gapped computers, thought to be safer from attack due to their isolation from the Internet.

They’ve figured out how to turn the computer into a cellular transmitter, leaking bits of data that can be picked up by a nearby low-end mobile phone.

Russian antivirus company Kaspersky revealed recently that it was the target of hackers behind the Stuxnet and Duqu worms last year. The hackers have been attacking the company’s network for months, collecting data on its operations and software. But it turns out that intelligence agencies including the NSA and GCHQ have spied on antivirus companies for years, looking for exploitable vulnerabilities.

The new report comes from newly leaked documentation from NSA-whistleblower Edward Snowden, who made them available to The Intercept.

For the past several months, different groups of attackers have distributed malware through Microsoft Office documents that contain malicious macros, reviving a technique that has been out of style for over a decade.

Macros are scripts that contain commands for automating tasks in various applications. Microsoft Office programs like Word and Excel support macros written in Visual Basic for Applications (VBA) and these can be used for malicious activities like installing malware.

Security firm Kaspersky Labs reports that a new sample of the Destover malware—the malware family used in the recent attack on the networks of Sony Pictures—has been found bearing a valid digital signature that could help it sneak past security screening on some Windows systems. And that digital signature is courtesy of a certificate stolen from Sony Pictures.

Details of malware that may have been associated with the attack on Sony Pictures were disseminated in an FBI “Flash” earlier this week. A copy of the memorandum obtained by Ars Technica details “a destructive malware used by unknown computer network exploitation (CNE) operators” that can destroy all the data on Windows computers it infects and spread itself over network file shares to attack Windows servers.