Maximum PC virus RSS Feed

First Virus Hits the (Jailbroken) iPhone

Ryan Whitwam — Mon, 09 Nov 2009 18:07:26 -0600

Apple told us jailbreaking wasn’t a good idea. Sure, we mocked them at the time, but it is looking a little less safe these days. The first iPhone worm has been discovered affecting iPhones in Australia. The virus takes advantage of a massive security hole in the SSH client for jailbroken phones. The “ikee” worm is fairly benign, simply changing the user’s wallpaper to a picture of Rick Astley of “Rickroll” fame.

As it turns out, the default password for the SSH client is ‘alpine’. The worm accesses the phone via this route, and then attempts to infect other phones on the network. The worm’s creator, a 21 year-old student, said in an interview, “The virus itself is not malicious and is not out to hurt people. It's just poking fun and hoping waking people up a little.”

Un-jailbroken phones, and jailbroken phones that don’t have SSH installed are not vulnerable. Jailbreakers should head to the Cydia store, and use the Mobile Terminal app to change their default password. With a zillion iPhones out there, it was only a matter of time.

SophosLabs Sets Out to Prove Windows 7 Has Some Vulnerabilities

Ryan Whitwam — Thu, 05 Nov 2009 18:19:45 -0600

Security firm Sophos recently took it upon itself to run some tests on Windows 7 sans anti-virus software. Sophos used ten unique viruses found in circulation and attempted to infect Windows 7. While many may have thought this would be a foregone conclusion, they wanted to make a point. Microsoft claims that User Account Control (UAC) is more secure in Windows 7. Does it actually make a difference?

Sure enough, eight out of ten viruses ran without problem on a stock install of Windows 7 without User Account Control. With UAC active, an additional threat was actually blocked, and the other two still failed to run. Overall, UAC didn’t make much difference in virus protection. So yes, you still need to run an anti-virus on Windows 7. There’s been a lot of positive buzz around Redmond’s new release, just don’t let that stuff go to your head.

New Malware Rewrites Bank Statements to Cover Its Own Tracks

Paul Lilly — Wed, 30 Sep 2009 11:15:27 -0500

Have you checked your bank account balance online lately? If so, you may want to consider verifying the numbers with a paper statement, because what you see on your computer screen might not be indicative of banking activity that's occurring right under your nose, according to a new security report.

Hackers have a new piece of malware to play with, one which not only picks your online pocket, but also hides the evidence of any wrong doing by rewriting online bank statements on the fly. Once the Trojan horse infiltrates a user's PC, it goes to work by altering the HTML coding before it's displayed in the victim's browser, making sure to erase any evidence of money transfers or other unauthorized transactions.

"The Trojan is hooked into your browser and dynamically modifies the text in the HTML," said Yuval Ben-Itzhak, CTO of computer security firm Finjan. "It's a very sophisticated technique."

A gang targeting customers of leading German banks first began employing the ruse in August and managed to steal Euro 300,000 (about $440,000 USD) in just three weeks. Finjan estimates that the gang using the scheme could potentially steal about $7.3 million annually.

While so far relegated to German banks, Ben-Itzhak warned that this technique is likely to spread to other countries.

Cybercrime Intelligence Report, Issue No. 3, 2009 (PDF)

Image Credit: Finjan via Wired.com

Wait for Win7?

The Maximum PC Staff — Wed, 23 Sep 2009 14:05:09 -0500

My 6-year-old computer is extremely slow and sometimes takes 20 minutes just to start up. The other day it caught a virus, which masqueraded as a firewall and installed itself onto my computer, changing the background to a picture that said I have spyware on my computer. I tried to open my virus-scan program (AOL) but it would not open. I have tried everything I can think of. I took out my hard drive so that it could not get to my files. Now, I have to use my son’s computer for emails. He is a big gamer so it’s really hard to get in the time to use it. Should I wait for Windows 7 to come out before getting a new computer?

—Jim Sharo

First, let’s try to get rid of your PC bug so you can recover your files and programs. Download and run Spybot Search & Destroy (www.safer-networking.org), Malwarebytes Anti-Malware (www.malwarebytes.org), and a free antivirus program like Avira Antivir (www.free-av.com) and see if those apps can flush the virus from your computer. If they can, great! Back up your files and get ready to do a clean install of XP (a clean install will make an older PC run much faster—even the best operating systems get cluttered, eventually). Or, if you’re more adventurous and want a sneak peak of Windows 7 without buying anything, read on.

Windows 7 is definitely worth getting when it comes out on October 22. Microsoft seems on track to make up for Vista’s disappointing launch with an OS that runs better on nearly any platform, including older ones, than Vista did. Even better, Microsoft released several fully functional free preview builds of Windows 7 to consumers, which will work until June of 2010.

Windows 7 has been optimized to work faster on every PC from a $10,000 gaming behemoth to a $300 netbook--and even your 6-year-old desktop.

But you don’t have to wait for Windows 7 to come out before you get a new computer. Most vendors will offer free Vista-to-Windows-7 upgrades on new computers bought between June 26, 2009 and Windows 7’s October 22, 2009 release date. Make sure you get an Upgrade Option coupon from your computer manufacturer so you can download Windows 7 when it comes out. In the meantime, if you really don’t want to deal with Vista, you can run the Windows 7 Release Candidate on your new PC—or even on your old one.

SUBMIT YOUR QUESTION Are flames shooting out of the back of your rig? First, grab a fire extinguisher and douse the flames. Once the pyrotechnic display has fizzled, email the doctor at doctor@maximumpc.com for advice on how to solve your technological woes.

Murphy's Law: Sometimes, an Open-Source Virus is Just a Virus

David Murphy — Wed, 23 Sep 2009 12:37:53 -0500

The phrase "open-source" is such a sexy term.

It's so hip and fresh. Open-source singlehandedly represents the latest and greatest thinking in the modern-day technological movement. Drop it into a conversation and you're suddenly talking like a futurist. Throw it into a company's strategic roadmap and suddenly we've created innovation and depth. Suggest that virus-makers are embracing open-source, and you've got the attention (and clicks) of Web geeks worldwide.

Wait a minute. Open-source viruses? How does that work?

If you think about the actual definition of open-source for a moment, you'll wind up being as confused as I am about this latest bit of fad reporting to pass around the Web. According to an article from CNET, virus-makers are apparently transforming their wares into open-source projects and using the power of the group to achieve advancements in virus deployment, nasty features, and scanner obfuscation.

That's all well and good (for the virus-makers), but that's as open-source a situation as an apple is an orange. What's being described is an example of collaboration and communication based around a common or to-be developed piece of code. That sounds like open-source--an apple and an orange are both pieces of fruit, after all. But that's not really open-source because we're ignoring the critical elements that help define what open-source software truly is. Virus-makers aren't going open-source in the slightest. They're spinning derivative works from older viruses and developing free code while holding hands and singing the Pirates of the Caribbean song, but that's it. And it's hardly a new fad.

Since the beginning of geek time, the more nefarious members of the technology world have worked together to try and create newer means for achieving their less-than-upstanding desires. This notion of collaboration can be as simple as taking an older crack and retrofitting it for newer editions of a program, or as far-ranging and complicated as the operation of an entire distribution network for stolen CD images. Are either of these examples of open-source? No.

What makes a software project open-source is not the fact that people are teaming up during its creation. Open-source software conforms to a specific set of tenets for creation and distribution. In essence, the definition of open-source centers on the licensing issues that permit one to take code, modify code, and release code under a similar license for others to play around with. The licensing elements are critical to the open-source equation: They allow for one to meaningful contribute to a communal work without running afoul of the normal copyright law that protects all software code. Well, almost all.

The code for viruses, by their very nature, cannot be copyrighted. Or, at least, I have yet to read about a virus creator suing another code-monkey for violating his or her ability to independently build and release malware--if this ever comes up in the courts, please let me know. I'll be the one in the front row with the popcorn.

I jest, but it's a lot like calling the police to complain that someone stole your bag of cocaine. You might be able to get some sort of legal retribution against said thief, but that doesn't mean that your activities are in any way afforded the same legal protections as the types of property or possessions the law was designed to protect. Even if a virus maker wanted to craft a particular bit of software around the GPL, the absence of the underlying copyright function would render the whole point moot--not to mention that the inability (or lack of desire) to offer up the source code to all interested participants (like, say, law enforcement) would render said license void on its face. And those are just the two examples I can come up with off the top of my head. There are plenty more.

Is this a stupid semantics debate? Yes and no. Given the vitriol that can accompany the ages-old "open-source is not free" discussion, I don't think it's that far-fetched to call an "open-source virus" exactly what it is: a public domain program, at best. Reserving the correct phrase for its correct usage minimizes confusion and, more importantly, helps hold off the eventual transformation of "open source" into the next big synonym for "community-driven." It also gives us a chance to ponder what a closed-source virus program would look like.

And, of course, what would happen if someone listed one of those on The Pirate Bay.

David Murphy (@ Acererak) is a technology journalist and former Maximum PC editor. He writes weekly columns about the wide world of open-source as well as weekly roundups of awesome, freebie software. Befriend him on Twitter, especially if you have an awesome app or game you're dying to recommend!

Symantec Names 100 Most Malicious Websites

Pulkit Chandna — Thu, 20 Aug 2009 19:35:14 -0500

Symantec has published a list of the dirtiest 100 websites. The websites are said to contain around 18,000 threats apiece on an average. However, the average number of threats shoots up to 20,000 for the top 40 websites on the list, which has been compiled by Symantec’s Norton Safe Web service. Aladel.net, a US-based websites, alone houses 56,371 threats.

Although almost half of the websites are expectedly based around mature content, the remaining sites deal with a wide variety of subjects. Viruses dominate the list of threats found on these sites. Security risks and browser exploits are the other common threats found on them. The owners of the websites that figure on the list must be feeling a sense of elation and achievement. As for the rest of us, we now know which sites not to visit.

Image Credit: Symantec

Google Thought Michael Jackson Traffic was an Attack

Justin Kerr — Sun, 28 Jun 2009 15:28:41 -0500

Google has confirmed that the error messages people received on Thursday when searching for details of Michael Jackson’s death, was initially perceived as an attack. Searches between 2:45 and 3:15pm were returned with "We're sorry, but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now."

The error messages lasted for about 25 minutes on Thursday, just long enough for Google to confirm what was actually going on. The search giant noted that the amount of traffic it saw on this topic was unprecedented, as millions around the world scrambled for accurate information, seemingly all at once. Yahoo has also confirmed that it hit an all-time record for unique visitors with over 16.4 million following the story. This blows away the previous record held by the Obama election day, with a paltry 15.1 million uniques.

The outpouring of sympathy online has been astonishing, and I’m sure Google will learn its lesson on this one.

Image Credit (google.com)

New "Gumblar" Virus Making the Rounds

Paul Lilly — Mon, 25 May 2009 16:30:00 -0500

First detected back in March, the 'Gumblar' attacks have been gaining steam lately, growing by as much as 188 percent in just a single week, ScanSafe warned. Gumblar refers to a Web attack that plants malicious scripts on normally legitimate websites, which then redirects Google search results on victims' PCs.

"A typical series of website compromises reaches peak within the first week or so and subsequently begins declining in intensity as detection is added by signature vendors, user awareness increases and website operators begin cleaning the affected sites," ScanSafe senior security researcher Mary Landesman, said late last week in an advisory.

In Gumblar's case, the opposite has been true, a result of website administrators being affected by the attacks. According to ScanSite, some well known sites have fallen prey to Gumblar include Tennis.com, Variety.com, and Coldwellbanker.com.

Keep those virus definitions up to date, and if you haven't done so already, look into installing an AV app.

Image Credit: computerrepairmaintenance.com