There's a new botnet in town, and this one has the potential to trump Conficker, says security firm Netwitness, which discovered the botnet. According to Netwitness, the Kneber botnet has already infected more than 74,000 macnines worldwide.
Netwitness describes Kneber as a ZeuS Trojan botnet, and more than half of the systems infected also have the Waledac Trojan, the same worm that was used to create email spam botnets assoicated with Conficker. But unlike Conficker, whose dastardly deeds have yet to be revealed, Netwitness says Kneber has been designed to target and steal login credentials and other private information.
Kneber has been found in 196 countries so far, but is most prominent in Egypt, Mexico, Saudi Arabia, Turkey, and the U.S. It targets Windows machines, most of which include Windows XP Professional SP2, and most of which reside in corporate and government infrastructures.
According to Netwitness, Kneber has nabbed some 68,000 login credentials in the past 4 weeks.
Experimenting with new extensions is part of what makes Firefox great, but if you downloaded either the "Sothink Web Video Downloader", or "Master Filer", you probably snagged a nasty Trojan for your troubles. According to an entry on the Mozilla Blog both these extensions contain code which exploit vulnerabilities in all versions of Windows, and were downloaded close to 5,000 times before being spotted.
The extensions in question were contained in the "experimental" area of the official Firefox add-on site, and while it might seem like little consolation for anyone who got infected, users grabbing extensions from this section are warned before download that this could happen. Mozilla employs a special add-on scanner which supposedly checks all new entries for malicious code, but they were forced to acknowledge that the security process failed. "[Add-ons] performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such," said yesterday's blog posting. "This scanning tool failed to detect the Trojan."
Mac and Linux users who downloaded these add-on's are unaffected, but anyone who used the extensions in Windows are being warned by Mozilla to delete all traces of the infected file, and run a virus scan. Mozilla is promising to boost the number of times it scans files for malware in the future, and will also step up how often it scans its entire catalog of add-on's.
Does this hurt your trust in Firefox extensions? Or was this bound to happen eventually?
It's important that everyone be made aware of an extremely useful Web site that delivers malware and antivirus scanning right to the door of your... er. Web browser. I not only use it at Maximum PC to check the freeware files and such that I link to on a weekly basis, but I also turn to it as the first resort whenever I'm on a system that, for whatever reason, lacks a comprehensive virus-scanning setup.
Simply put, it's hard to envision a world without Virustotal. Although there have been reports and/or instances of false positives arising from some of the lesser-known third-party antivirus tools that Virustotal uses, it's pretty safe to say that your file is safe should it come up with "0 issues found" when running the gauntlet of the site's 41 different antivirus and malware scanning applications.
With so much going on behind the hood, using Virustotal to check your downloads must be a real nightmare, eh? Spoiler alert: It's super-easy. Click the jump and see how!
For those of us who download applications, programs, extensions, or really anything off the Internet in great frequency, what's the best way to keep a computer completely protected from external threats? I'm talking about locking down your system tighter than a Supermax prison--not impacting your ability to carry out your everyday tasks, rather, making sure that you're protected from attack at your PC's primary entry points.
That's exactly what I'll be exploring in this week's freeware roundup: The five best free applications for keeping your computer as secure as can be. If you aren't running some combination of these freeware and open-source apps, well, you only have yourself to blame if your system gets infected with something unpleasant!
Apple told us jailbreaking wasn’t a good idea. Sure, we mocked them at the time, but it is looking a little less safe these days. The first iPhone worm has been discovered affecting iPhones in Australia. The virus takes advantage of a massive security hole in the SSH client for jailbroken phones. The “ikee” worm is fairly benign, simply changing the user’s wallpaper to a picture of Rick Astley of “Rickroll” fame.
As it turns out, the default password for the SSH client is ‘alpine’. The worm accesses the phone via this route, and then attempts to infect other phones on the network. The worm’s creator, a 21 year-old student, said in an interview, “The virus itself is not malicious and is not out to hurt people. It's just poking fun and hoping waking people up a little.”
Un-jailbroken phones, and jailbroken phones that don’t have SSH installed are not vulnerable. Jailbreakers should head to the Cydia store, and use the Mobile Terminal app to change their default password. With a zillion iPhones out there, it was only a matter of time.
Security firm Sophos recently took it upon itself to run some tests on Windows 7 sans anti-virus software. Sophos used ten unique viruses found in circulation and attempted to infect Windows 7. While many may have thought this would be a foregone conclusion, they wanted to make a point. Microsoft claims that User Account Control (UAC) is more secure in Windows 7. Does it actually make a difference?
Sure enough, eight out of ten viruses ran without problem on a stock install of Windows 7 without User Account Control. With UAC active, an additional threat was actually blocked, and the other two still failed to run. Overall, UAC didn’t make much difference in virus protection. So yes, you still need to run an anti-virus on Windows 7. There’s been a lot of positive buzz around Redmond’s new release, just don’t let that stuff go to your head.
Have you checked your bank account balance online lately? If so, you may want to consider verifying the numbers with a paper statement, because what you see on your computer screen might not be indicative of banking activity that's occurring right under your nose, according to a new security report.
Hackers have a new piece of malware to play with, one which not only picks your online pocket, but also hides the evidence of any wrong doing by rewriting online bank statements on the fly. Once the Trojan horse infiltrates a user's PC, it goes to work by altering the HTML coding before it's displayed in the victim's browser, making sure to erase any evidence of money transfers or other unauthorized transactions.
"The Trojan is hooked into your browser and dynamically modifies the text in the HTML," said Yuval Ben-Itzhak, CTO of computer security firm Finjan. "It's a very sophisticated technique."
A gang targeting customers of leading German banks first began employing the ruse in August and managed to steal Euro 300,000 (about $440,000 USD) in just three weeks. Finjan estimates that the gang using the scheme could potentially steal about $7.3 million annually.
While so far relegated to German banks, Ben-Itzhak warned that this technique is likely to spread to other countries.
My 6-year-old computer is extremely slow and sometimes takes 20 minutes just to start up. The other day it caught a virus, which masqueraded as a firewall and installed itself onto my computer, changing the background to a picture that said I have spyware on my computer. I tried to open my virus-scan program (AOL) but it would not open. I have tried everything I can think of. I took out my hard drive so that it could not get to my files. Now, I have to use my son’s computer for emails. He is a big gamer so it’s really hard to get in the time to use it. Should I wait for Windows 7 to come out before getting a new computer?
It's so hip and fresh. Open-source singlehandedly represents the latest and greatest thinking in the modern-day technological movement. Drop it into a conversation and you're suddenly talking like a futurist. Throw it into a company's strategic roadmap and suddenly we've created innovation and depth. Suggest that virus-makers are embracing open-source, and you've got the attention (and clicks) of Web geeks worldwide.
Wait a minute. Open-source viruses? How does that work?
Symantec has published a list of the dirtiest 100 websites. The websites are said to contain around 18,000 threats apiece on an average. However, the average number of threats shoots up to 20,000 for the top 40 websites on the list, which has been compiled by Symantec’s Norton Safe Web service. Aladel.net, a US-based websites, alone houses 56,371 threats.
Although almost half of the websites are expectedly based around mature content, the remaining sites deal with a wide variety of subjects. Viruses dominate the list of threats found on these sites. Security risks and browser exploits are the other common threats found on them. The owners of the websites that figure on the list must be feeling a sense of elation and achievement. As for the rest of us, we now know which sites not to visit.