Viruses & Malware

It's been a quiet day in Tsuruga, Fukui Prefecture, a large port city on the western coast of central Japan. Like PC users the world over, you've been playing whack-a-mole with update notifications.

This time, it's a piece of free software that you're barely aware of on your computer. Up pops an update notice while you're eating a yummy piece of chocolaty Lotte Ghana left over from the holidays. While you're chewing, you click your mouse, approving the update.

On Saturday, Fox IT, a security firm in the Netherlands, discovered that some visitors to Yahoo.com over the last few days have been infected with malware. Visitors to pages with malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.

Following news of the exploit, Yahoo has issued two statements to the press, but so far nothing on its public Tumblr blog, where it provides updates on products and services. On Saturday, a Yahoo spokesperson said:

DELL's security research team has revealed that a new form of ransomware, dubbed "Cryptolocker" has managed to infect up to 250,000 devices, stealing almost a million dollars in Bitcoins (about £600,000).

"Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat," Dell announced in a Secureworks post.

If you get a spam message advertising an application called “Bitcoin Alarm,” the name may tell you all you need to know.

The desktop Windows application sends price alerts by SMS to a mobile phone. But closer examination of its code turned up several suspicious traits that indicate it may try to steal the virtual currency, wrote Kenny MacDermid, a research analyst with security company Arbor Networks.

A 64-bit version of the notorious Zeus family of banking malware has been found, an indication that cybercriminals are preparing for the software industry's move away from older 32-bit architectures.

Kaspersky Lab discovered the 64-bit version of Zeus within a 32-bit sample. A code analysis indicates the malware has been circulating the Internet at least since June.

Security researchers are gradually raising warnings that the Internet of Things will increase, by multitudes, the number of things that can be hacked and attacked.

The Hitchcockian plotlines are endless. Replace The Birds with flying Amazon delivery drones. Or imagine, as researchers did recently at Black Hat, someone hacking your connected toilet, making it flush incessantly and closing the lid repeatedly and unexpectedly.

A rogue anti-virus product that blackmails people by secretly taking their picture with their webcam is on the rise.

Security solutions firm Webroot warns that the malware family – which includes the fake ‘Antivirus Security Pro' software – disables your computer then claims to have detected viruses and demands money from users to ‘buy the full version of product' and remove the threats.

Symantec has stumbled across a worm that exploits various vulnerabilities in PHP to infect Intel x86-powered Linux devices. The security biz says the malware threatens to compromise home broadband routers and similar equipment.

However, home internet kit with x86 chips are few and far between – most network-connected embedded devices are powered by ARM or MIPS processors – so the threat seems almost non-existent.

Stuxnet's creators recognized they had built the world's first true cyber-weapon and were more interested in pushing the envelope of this new type of digital warfare than causing large-scale destruction within targeted Iranian nuclear facilities, a study shows.

The Cryptolocker Trojan is an evolution of "ransomware," not a revolutionary change from past criminal attempts to extort money from PC owners, a security expert said today.

And the recent media blitz about the ransomware has elements of exaggeration about it.