In just a few days from now, we'll reach the one-year anniversary of the Downadup/Conficker threat's April 1, 2009 trigger date, and just like last year, April Fool's Day will likely pass without seeing the Internet come crashing down.
"Today, one year later, we know that the criminal(s) behind Downadup/Conficker still have the keys to some 6.5 million of these computers, which have not been fixed by their owners, leaving them open to be victimized at any time by cybercriminals," Symantec wrote in a blog post. "We're still seeing the .A and .B variants of the worm continue to spread, albeit at a much reduced rate."
According to Symantec, the infected PCs are being "very closely monitored" by law enforcement and the members of the Conficker Working Group, so even though several million PCs remain vulnerable, all the attention is "likely [to] prevent [Conficker's creators] from further playing out their original criminal plans."
Even still, Symantec says we're still not out of the woods.
"These 6.5 million computers infected with Downadup/Conficker are still much like a load gun, waiting to be fired," Symantec warns.
One way to put your system at risk is to zip across seedier sides of the Web visiting a bunch of porn sites, but there's an bigger threat, according to McAfee. In a new study, the security firm says that downloading digital music is twice as dangerous as visiting triple-X sites.
McAfee claims just 9 percent of adult sites are riddled with malware, adware, and spam, compared to 19 percent of digital music sites. The reason? It's harder to make a buck selling music than it is peddling porn.
"The tier-one adult sites are doing phenomenally well as businesses, and because of that they very much have their house in order," McAfee senior product manager Mark Maxwell told The Los Angeles Times.
Stalking certain celebrities online is pretty risky too. According to McAfee, searching for Britney Spears turns up more dangerous sites than searching for Lindsay Lohan. And here's your quirky stat for the day: searching for Brad Pitt and Jennifer Aniston is 36 percent more likely to bring up suspect sites than searching for Brad Pitt and Angelina Jolie.
Alright, I'll admit it. I finally got hit with a virus.
Well, sort-of. I first thought that the strange "YOUR COMPUTER IS NOT PROTECTED" icon in my taskbar was some indication that my antivirus software of-choice had finally flipped out for good. Double-clicking on the icon brought up an obviously fake replica of Windows Security Essentials that, more annoyingly, wouldn't close no matter how many times I clicked on it. Over and over, my machine would be assaulted with "*.exe is not secure!" messages. My Internet sessions grinded to a halt no matter which browser I tried using. I started to fear for the safety of my World of Warcraft account.
As it turns out, I only got nailed with an annoying piece of malware. But after running through a number of analysis and removal techniques (which ultimately failed, as I had managed to disable the malware's process from starting up as-is using good ol' msconfig), I had amassed quite a list of rootkit removal programs, hardcore malware eliminators, and antivirus applications that were more surgeons in training than general practitioners.
I now share them with you.
Look, it's easy enough to install a common antivirus scanner on your system and call it a day. But you, like me, might forget to do so throughout the course of your PC building life. Or, worse, your system might become compromised in such a way as to render your analytical tools entirely useless. In that case, it's time to roll up your shirtsleeves and get crackin' with the digital equivalent of bleach for your mucked-up PC. Join me after the jump, and I'll share with you some of my favorite advanced freeware and open-source applications for virus and malware elimination!
An unsuspecting Vodafone customer got quite a nasty surprise when she got her new HTC Magic (MyTouch 3G in the states). Upon plugging it into her Windows PC, Panda Antivirus sounded the alarm. It turns out that the new phone contained several malware programs including an installer for the Mariposa botnet.
This wasn’t just any poor soul, lost in the wilds of technology though. Nope, the victim of this sneak attack works for Panda Security. As you can imagine, her coworkers were terribly interested in the phone. Closer examination showed an autorun.inf and autorun.exe that would load the malware on any PC the phone was plugged into. Panda confirmed that the botnet was active, and when installed the software “phoned home” for instructions. They also found a Confiker variant and a password stealer.
Vodafone recently discontinued the Magic, so after current stocks are sold out no one will need fear the phone baddies. Well, until the next time this happens. So how did a Spanish hacker group get their malware on this phone? And more importantly, are more phones affected? It seems unlikely there was just one infected phone, and that it happened to be sold to a Panda employee.
Pretty soon you won't even be able to buy a toaster without worrying that it might be infected with malware. We're not quite at that point yet, but you can add an Energizer USB battery charger to the growing list of devices on the potentially contaminated list.
It's not the gadget itself, but the software that comes with Energizer's Duo Charger, model CHUSB. According to Carnegie Mellon University's Computer Emergency Response Team (CERT), Energizer has been unkowingly distributing a backdoor Trojan since 2007.
The software was designed to let users check the status of batteries inserted into the charger, but it's the inclusion of a nasty DLL file (Arucer.dll) that's troubling. Once infected, the malware could download and execute files, send a directory listing to the remote attacker, send files to a remote attacker, and make changes to the registry.
Energizer, now aware of the problem, has discontinued sale of the product and is advising consumers "that downloaded the Windows version of the software to uninstall or otherwise remove the software from your computer," in addition to removing the Arucer.dll file.
Trying to fix a badly infected PC without HijackThis is sort of like going into surgery without a scalpel; it’s the only tool for the job when all other measures fail. New spyware strains and increasingly complex viruses emerge every day, and your PC’s immune system (i.e, antivirus software) isn’t always able to keep up. And if you’re performing emergency surgery on someone else’s PC, you may find that they didn’t have any AV software installed to begin with.
No matter how bad the infection, HijackThis gives you the means to dig deep into Windows to root out whatever it is that’s wreaking havoc. It’s not a cure-all, however, or even a cure-little. In fact, HijackThis doesn’t cure anything on its own. What HijackThis does do is give you a snapshot of the system’s registry and file settings, putting particular emphasis on the browser. It doesn’t discern between safe and malicious settings, so it’s possible to unintentionally inflict real harm if you don’t know what you’re doing. Follow along as we show you how to properly wield HijackThis.
Remember when cell phones were big, bulky, and functionally limited? How quickly they've evolved, and so too have the risks. Today's smartphones blur the line between cell phone and PC, and according to Liviu Iftode and Vinod Ganapathy, two computer science professors at Rutgers University in New Brunswick, New Jersey, smartphones are every bit as vulnerable to rootkits as desktop computers are.
"The motivation around our work is that smartphone operating systems are becoming just as complicated as desktop operating systems," Ganapathy said. "Our study has shown that rootkits are just as much a threat for smartphones as desktops."
What makes this particularly frightening is the difficulty in detecting rootkits. However, it's not yet time to hit the panic button. There currently are no known in-the-wild rootkits for mobile devices making the rounds, though it's entirely conceivable that could change.
"Our work is a call for defenses," Ganapathy added. "We should start working on defenses for such attacks before such attacks become widespread in the future."
Experimenting with new extensions is part of what makes Firefox great, but if you downloaded either the "Sothink Web Video Downloader", or "Master Filer", you probably snagged a nasty Trojan for your troubles. According to an entry on the Mozilla Blog both these extensions contain code which exploit vulnerabilities in all versions of Windows, and were downloaded close to 5,000 times before being spotted.
The extensions in question were contained in the "experimental" area of the official Firefox add-on site, and while it might seem like little consolation for anyone who got infected, users grabbing extensions from this section are warned before download that this could happen. Mozilla employs a special add-on scanner which supposedly checks all new entries for malicious code, but they were forced to acknowledge that the security process failed. "[Add-ons] performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such," said yesterday's blog posting. "This scanning tool failed to detect the Trojan."
Mac and Linux users who downloaded these add-on's are unaffected, but anyone who used the extensions in Windows are being warned by Mozilla to delete all traces of the infected file, and run a virus scan. Mozilla is promising to boost the number of times it scans files for malware in the future, and will also step up how often it scans its entire catalog of add-on's.
Does this hurt your trust in Firefox extensions? Or was this bound to happen eventually?
I just bought a used PC running Windows XP. It had been really fast loading and running programs and accessing the web, but suddenly it slowed down to a complete stop. I had to unplug it just to shut it down.
So, I unplugged the Ethernet cable and it worked fine. I scanned the C: drive—no virus. Plugged the Ethernet cable back in and it slowed down again. Unplugged the Ethernet and it’s fast again. What’s going on, Doc?
It's important that everyone be made aware of an extremely useful Web site that delivers malware and antivirus scanning right to the door of your... er. Web browser. I not only use it at Maximum PC to check the freeware files and such that I link to on a weekly basis, but I also turn to it as the first resort whenever I'm on a system that, for whatever reason, lacks a comprehensive virus-scanning setup.
Simply put, it's hard to envision a world without Virustotal. Although there have been reports and/or instances of false positives arising from some of the lesser-known third-party antivirus tools that Virustotal uses, it's pretty safe to say that your file is safe should it come up with "0 issues found" when running the gauntlet of the site's 41 different antivirus and malware scanning applications.
With so much going on behind the hood, using Virustotal to check your downloads must be a real nightmare, eh? Spoiler alert: It's super-easy. Click the jump and see how!