Viruses & Malware

Security research firm Sophos has urged Google to reconsider its automatic OTA installation of apps from its Google Android Market Web Store as it makes it too easy for malware and spyware to be added to the Android smartphones without the owners knowing.

Just like the Apple's iTunes App Store which was frequently targeted by hackers in the past with an attempt to harvest accounts and make unauthorized paid app purchases, the Android Market Web store could end up in the same boat but with much bigger consequences.

The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation.

What appears to be a beta version of a piece of malware that has bits of both Zeus and SpyEye is now in circulation, albeit among just a few people, said Aviv Raff, CTO and cofounder of Seculert.

Despite having been around for four years, Zeus continues to be a thorn in the side of the IT security industry and its business users, mainly because of its constantly evolving profile.

This evolving profile is driven in part by the ease with which black hat hackers can develop the malware for new and varied applications, according to Amit Klein, CTO of Trusteer.

How do you nuke a worm? That was the question posed by the Conficker Working Group, which from late 2008 until mid-2009 explored a variety of techniques for stopping the Conficker worm, which by some estimates infected 15 million computers at its peak.

Internet insecurity outfit BitDefender has said that pornography remains the best way of compromising your computer.

The firm studied the data security risks and implications when accessing 'adult' web sites and found that 63 per cent of users attempting to persuse a bit of porn on their PCs compromised their security on multiple occasions.

Georgia Weidman is a clever lass. Thanks to her efforts, a new age of smartphone malware has dawned. Is this a bad thing? Not unless evil hackers can use it for their own nefarious deeds.

Weidman plans on demo-ing her creation at the upcoming Schmoocon in Washington D.C. using three Android phones. What she has basically created in her lab is a method where smartphones can be turned into nodes for a botnet. Botnets are the computer networks hackers use to send spam or steal data. Until Weidman’s breakthrough, botnet’s had yet to be seen among smartphones.

Microsoft's Malware Protection Center is reporting that Bohu, a trojan largely confined to China, is able to bypass anti-virus solutions which assess the risk posed by files by querying a server in the cloud. Bohu uses a number of techniques to avoid detection.

According to the report, Bohu appends random data to its own files in order to thwart hash-based detection. Cloud scanners send a file's hash to the cloud server to determine whether information is available for a given file. The random data results in a new hash being generated which the server does not recognise.

Widgets may be fun and convenient vessels for spreading content and ads on the Web, but there's a sinister side to them, according to Neil Daswani, the CTO and co-founder of Dasient.

Daswani took his message to the Black Hat security conference in Washington this week, where he delivered a presentation outlining the vulnerabilities of widgets, warning website owners to defend against their content becoming a vehicle for delivering malware.

Malware makers have come up with a wizard wheeze to make sure that their poisoned attachments are opened.

They are making their emails appear like job applications and the malware is contained in a poisoned CV.

Malware writers are pinching anti-piracy technology embedded in some of the world's most popular software to protect their own work, according to Symantec.

The antivirus company said writers of complex malware toolkits can embed measures to prevent users from stealing their work. "They are using the same Digital Rights Management (DRM) technology as major software," said Craig Scroggie, managing director of Symantec Pacific. "They will build their own DRM, steal it from the big names or cobble it together."