How many times have you been called to fix a PC that was invested with malware, only to discover that the user fell for one of the oldest tricks in the malware Bible, fake AV and utility programs? It's a common occurrence because, well, it simply works. Fake AV programs disguised as legitimate security software is getting tougher to discern from the real deal, and that's bad news for less savvy computer users. Security vendor McAfee put together a "Dirty Dozen" list of the most common fake AV software and utilities, and some of the entries might just surprise you.
FBI investigators tried a new approach to taking down a zombie PC gang. For the first time ever, federal authorities in the U.S. seized control of the bad guys' servers, a move that required the U.S. Justice Department to seek permission from a judge in order to carry out the sting. After doing so, authorities were able to counter-attack by issuing their own commands, programming the malware to shutdown, and also log IP addresses of infected machines.
If you placed your Samsung laptop safely in the corner yesterday, and have been eyeing it suspiciously, you can stop now. Reports that Sammy was installing a keylogger application called StarLogger on new laptops have been verified as false. Samsung points the finger at the VIPRE security program used by a Toronto-based security expert for the false alarm.
In cooperation with federal law enforcement, Microsoft has announced they managed to take out the prolific Rustock botnet. Rustock was responsible for almost half of the spam in 2010, and its command and control system was highly complicated. Microsoft Digital Crimes Unit spent months investigating the botnet, eventually working with US Marshals to physically seize servers.
If you give Malware authors an opening, they'll take it. In the wake of the recent Android Market malware scares, Google released a special security app that searches for and removes the so-called DroidDream malware. Google is pushing this app to affected phones automatically to take care of the problem. So what did the unscrupulous hacker characters do? They repackaged that security app with a trojan, of course.
Google laid low for awhile after taking down several malicious apps were from the Android Market, perhaps buying some time coming up with the best way to explain what happened. And that's what Google did over the weekend, confirming in a blog post that it recently pulled several malware tainted apps from the Android Market "within minutes of becoming aware."
As if most malware weren't crafty enough, there are signs that indicate a certain amount of conspiring between attackers, making the latest threats even more difficult to detect. What's more, February proved a particularly busy month for malware, with Trojans, botnets, and spam all seemingly on the rise compared to previous months.
It turns out that searching for Jersey Shore's J-Woww is only slightly less dangerous than looking up music videos. A new security report reveals that both search queries are likely to land you on a malware infested site, and so might looking up facts about President Barrack Obama. Throw Jets coach Rex Ryan in there as well, and the entire NFL too. Hit the jump for the top 10 search terms that could return more than you bargained for.
There's a new piece of malware making the rounds, one that could get more dangerous with time. It's a Trojan called "OddJob," and eastern European cybercriminals are using it to steal from online bank accounts in the U.S., ComputerWorld reports. That in and of itself isn't anything new, but according to Amit Klein, chief technology officer at security firm Trusteer, the way it's hijacking account information is different than most other malware.
The now infamous Conficker worm created quite the scare for security researchers, and in some ways, it still does. In a new report (PDF), the Conficker Working Group -- a coalition of cybersecurity experts and industry heavyweights including Microsoft, ICANN, domain registry operators, AV vendors, and academic researchers -- reveals what they've learned from the worm, as well as some of the frustrations.
In short, the group has been successful in blocking the worm's author(s) from being able to use the worm for whatever dastardly deeds it might have been created for, but they've failed to kill Conficker entirely.
"The Conficker Working Group sees its biggest success as preventing the author of Conficker from gaining control of the botnet," CGW notes. "Nearly every person interviewed for this report said this aspect of the effort has been successful. The blocking of domains continues and the Working Group has indicated they will maintain their effort."
At the same time, CGW "sees its biggest failure as the inability to remediate infected computers and eliminate the threat of the botnet. While remediation efforts did take place, millions of the A/B variations of Conficker remain on infected computers."
Shockingly, the self-replicating worm remains on more than five million computers and "is among the largest botnet in the past five years," the report said. And while the author hasn't been caught, the group believes the person responsible lived in Eastern Europe.