If you placed your Samsung laptop safely in the corner yesterday, and have been eyeing it suspiciously, you can stop now. Reports that Sammy was installing a keylogger application called StarLogger on new laptops have been verified as false. Samsung points the finger at the VIPRE security program used by a Toronto-based security expert for the false alarm.
In cooperation with federal law enforcement, Microsoft has announced they managed to take out the prolific Rustock botnet. Rustock was responsible for almost half of the spam in 2010, and its command and control system was highly complicated. Microsoft Digital Crimes Unit spent months investigating the botnet, eventually working with US Marshals to physically seize servers.
If you give Malware authors an opening, they'll take it. In the wake of the recent Android Market malware scares, Google released a special security app that searches for and removes the so-called DroidDream malware. Google is pushing this app to affected phones automatically to take care of the problem. So what did the unscrupulous hacker characters do? They repackaged that security app with a trojan, of course.
Google laid low for awhile after taking down several malicious apps were from the Android Market, perhaps buying some time coming up with the best way to explain what happened. And that's what Google did over the weekend, confirming in a blog post that it recently pulled several malware tainted apps from the Android Market "within minutes of becoming aware."
As if most malware weren't crafty enough, there are signs that indicate a certain amount of conspiring between attackers, making the latest threats even more difficult to detect. What's more, February proved a particularly busy month for malware, with Trojans, botnets, and spam all seemingly on the rise compared to previous months.
It turns out that searching for Jersey Shore's J-Woww is only slightly less dangerous than looking up music videos. A new security report reveals that both search queries are likely to land you on a malware infested site, and so might looking up facts about President Barrack Obama. Throw Jets coach Rex Ryan in there as well, and the entire NFL too. Hit the jump for the top 10 search terms that could return more than you bargained for.
There's a new piece of malware making the rounds, one that could get more dangerous with time. It's a Trojan called "OddJob," and eastern European cybercriminals are using it to steal from online bank accounts in the U.S., ComputerWorld reports. That in and of itself isn't anything new, but according to Amit Klein, chief technology officer at security firm Trusteer, the way it's hijacking account information is different than most other malware.
The now infamous Conficker worm created quite the scare for security researchers, and in some ways, it still does. In a new report (PDF), the Conficker Working Group -- a coalition of cybersecurity experts and industry heavyweights including Microsoft, ICANN, domain registry operators, AV vendors, and academic researchers -- reveals what they've learned from the worm, as well as some of the frustrations.
In short, the group has been successful in blocking the worm's author(s) from being able to use the worm for whatever dastardly deeds it might have been created for, but they've failed to kill Conficker entirely.
"The Conficker Working Group sees its biggest success as preventing the author of Conficker from gaining control of the botnet," CGW notes. "Nearly every person interviewed for this report said this aspect of the effort has been successful. The blocking of domains continues and the Working Group has indicated they will maintain their effort."
At the same time, CGW "sees its biggest failure as the inability to remediate infected computers and eliminate the threat of the botnet. While remediation efforts did take place, millions of the A/B variations of Conficker remain on infected computers."
Shockingly, the self-replicating worm remains on more than five million computers and "is among the largest botnet in the past five years," the report said. And while the author hasn't been caught, the group believes the person responsible lived in Eastern Europe.
Fake antivirus software masquerading around as the real deal is quickly becoming one of the oldest (and most used) tricks in the malware manual, and for good reason. It's easy to dupe less savvy computer users, especially as these bogus programs have become adept at looking the part. The latest one making the rounds is a false AV scanner called Antivirus 8.
"Over the last few days, we received numerous reports of computers infected with fake antivirus (scareware)," Roel Schouwenberg, senior antivirus research for Kaspersky, wrote in a blog post. "The name of this particular culprit is Antivirus 8."
According to Schouwenberg, fake pop-ups related to the bogus application were appearing on users' systems while not actively using their PC. Instead, they were running as soon as ICQ began fetching/displaying new ads. As Schouwenberg explains it, malware writers went through the trouble of setting up servers that appear to be related to actual retail products, so to outsiders (like Kaspersky) looking in, it appears the 'store' was simply the victim of an attack and the dirty ads keep rolling.
"By making it look like their server got compromised, the criminals can claim it isn't them who's responsible for distributing the malware," Schouwenberg explains. "But rather someone else who hacked their server to spread malware. The ad distributor is very likely to simply give them a warning, which gives these criminals at least one more shot at infecting more machines."
How it works isn't really important here, as none of this is going to matter to inexperienced users in the first place. Instead, now might be a good time to remind family and friends -- the ones who seem to ring your number every couple weeks with a new computer problem -- not to fall for fake AV scams.
Facebook alone claims over 500 million active members, though it's far from the only social networking site on the Web. Social networking is the hottest trend right now, and according to security firm Sophos, scammers and spammers haven taken notice.
Sophos recently surveyed 1,273 users and asked how many had encountered spam, phishing attacks, or malware attacks as a result of social networking. The result? Significant rises in all three categories.
Two-thirds of respondents said they received spam, up from 57 percent one year ago. Phishing attacks rose from 30 percent in December 2009 to 43 percent in December 2010, while malware infestations affected 40 percent of respondents, up from 35 percent one year prior.
"Rogue applications, clickjacking, survey scams – all unheard of just a couple of years ago, are now popping up on a daily basis on social networks such as Facebook," said Graham Cluley, senior technology consultant at Sophos. "Why aren't Faceboook and other social networks doing more to prevent spam and scams in the first place? People need to be very careful they don’t end up being conned for their personal details, or get tricked into clicking on links that could earn money for cybercriminals or infect innocent computers."
The vast majority -- 82 percent -- said that Facebook posed the biggest risk to security, but does it really? Not according to Sophos, which named the onMouseOver Twitter attack the biggest social networking worm of 2010.