Malware - Infoworld http://www.infoworld.com/t/2111 en Thousands of sites compromised through WordPress plug-in vulnerability http://www.infoworld.com/d/security/thousands-of-sites-compromised-through-wordpress-plug-in-vulnerability-246960?source=rss_malware <p>A critical vulnerability found recently in a popular newsletter plug-in for WordPress is actively being targeted by hackers and was used to compromise an estimated 50,000 sites so far.</p> Security Malware Security Tools Vulnerability Assessment Thu, 24 Jul 2014 18:22:27 +0000 admin 246960 at http://www.infoworld.com Prove it! Another security vendor claims 100 percent malware detection http://www.infoworld.com/d/security/prove-it-another-security-vendor-claims-100-percent-malware-detection-246704?source=rss_malware <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/system_attack.jpg" alt="Prove it! Another security vendor claims 100 percent malware detection" width="243" height="182" align="right" /><br /><em><p align="right">Credit: alexskopje</p></em></div> Security Anti-virus Malware Network Security Security Tue, 22 Jul 2014 10:00:00 +0000 Roger A. Grimes 246704 at http://www.infoworld.com Stealthy 'Critroni' ransomware uses Tor, could replace Cryptolocker http://www.infoworld.com/d/security/stealthy-critroni-ransomware-uses-tor-could-replace-cryptolocker-246652?source=rss_malware <p>Cyber criminals are spreading a new file-encrypting ransomware program that's more powerful and resilient than Cryptolocker, a threat recently shut down by the U.S. Department of Justice.</p> <p>The new ransomware threat is called CTB-Locker (Curve-Tor-Bitcoin Locker), but Microsoft anti-malware products detect it as Critroni.A. Its creator has been advertising the program to other cybercriminals on Russian-language forums since the middle of June and it seems that he's been trying to fix most of Cryptolocker's faults.</p> Security Cyber Crime Encryption Malware Mon, 21 Jul 2014 16:19:52 +0000 admin 246652 at http://www.infoworld.com Source code for tiny 'Tinba' banking malware leaked http://www.infoworld.com/d/security/source-code-tiny-tinba-banking-malware-leaked-246016?source=rss_malware <p>The source code for an impressively small but capable malware program that targets online bank accounts has been leaked, according to CSIS Security Group of Denmark.</p> <p>The program, known as "Tinba" or "Zusy," was discovered around mid-2012 and infected tens of thousands of computers in Turkey. It is notable for having a very small code base -- just 20K -- but capabilities similar to malware much larger in size.</p> Security Malware Fri, 11 Jul 2014 11:54:28 +0000 admin 246016 at http://www.infoworld.com Botnet uses brute force to access PoS systems http://www.infoworld.com/d/security/botnet-uses-brute-force-access-pos-systems-245870?source=rss_malware <p>Thousands of compromised computers are actively trying to break into point-of-sale (PoS) systems using brute-force techniques to guess remote administration credentials.</p> <p>The computers are part of a botnet, dubbed BrutPOS by researchers from security firm FireEye, that has been active since at least February. The botnet scans attacker-specified IP address ranges for systems that accept Remote Desktop Protocol (port 3389) connections.</p> Security botnet RAM scraper Authentication Cyber Crime Intrusion Detection Malware Thu, 10 Jul 2014 12:09:01 +0000 admin 245870 at http://www.infoworld.com Facebook announces arrests have been made for the 'Lecpetex' botnet http://www.infoworld.com/d/security/facebook-announces-arrests-have-been-made-the-lecpetex-botnet-245834?source=rss_malware <p>Facebook said police in Greece made two arrests last week in connection with a little-known spamming botnet called "Lecpetex," which used hacked computers to mine the Litecoin virtual currency.</p> <p>As many as 50,000 Facebook accounts were affected, and as many as 250,000 computers worldwide, primarily in Greece, Poland, Norway, India, Portugal, and the United States, according to a <a href="https://www.facebook.com/notes/protect-the-graph/taking-down-the-lecpetex-botnet/1477464749160338">blog post</a> on Tuesday from Facebook's Threat Infrastructure team.</p> Security hacking security Malware Social Networking Wed, 09 Jul 2014 12:12:16 +0000 admin 245834 at http://www.infoworld.com Better patch Flash: 'Rosetta Flash' attack can steal site cookies http://www.infoworld.com/t/hacking/better-patch-flash-rosetta-flash-attack-can-steal-site-cookies-245801?source=rss_malware <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Browser_Security_hp.jpg" alt="Better patch Flash: 'Rosetta Flash' attack can steal site cookies" width="243" height="182" align="right" /></div> <p>Adobe Flash, the plug-in that <a href="http://www.infoworld.com/t/adobe-flash/adobe-flash-insecure-outdated-and-here-stay-235898">refuses to die</a> despite <a href="http://www.infoworld.com/d/security/adobe-flash-exploit- Security Adobe Flash Hacking Malware Wed, 09 Jul 2014 10:00:00 +0000 InfoWorld Tech Watch 245801 at http://www.infoworld.com Vulnerability in AVG security toolbar puts IE users at risk http://www.infoworld.com/d/security/vulnerability-in-avg-security-toolbar-puts-ie-users-risk-245768?source=rss_malware <p>Implementation issues with AVG Secure Search, a browser toolbar from antivirus vendor AVG Technologies that's supposed to protect users from malicious websites, could have allowed remote attackers to execute malicious code on computers.</p> <p>The toolbar, also known as AVG SafeGuard, supports Google Chrome, Internet Explorer and Mozilla Firefox running on Windows XP and later, and is often bundled as an optional installation with popular free software programs.</p> Security Internet Explorer (IE) Anti-virus Application Security Malware Web Browsers Security Tools Tue, 08 Jul 2014 15:48:39 +0000 admin 245768 at http://www.infoworld.com Android bug lets apps make rogue phone calls http://www.infoworld.com/d/security/android-bug-lets-apps-make-rogue-phone-calls-245669?source=rss_malware <p>A vulnerability present in most Android devices allows apps to initiate unauthorized phone calls, disrupt ongoing calls and execute special codes that can trigger other rogue actions.</p> <p>The flaw was found and reported to Google late last year by researchers from Berlin-based security consultancy firm Curesec, who believe it was first introduced in Android version 4.1.x, also known as Jelly Bean. The vulnerability appears to have been fixed in Android 4.4.4, released on June 19.</p> Mobile Technology Security Android Mobile Security Malware Mon, 07 Jul 2014 17:55:35 +0000 admin 245669 at http://www.infoworld.com Microsoft action against No-IP disrupting other hacking groups, Kaspersky says http://www.infoworld.com/d/security/microsoft-action-against-no-ip-disrupting-other-hacking-groups-kaspersky-says-245465?source=rss_malware <p>Microsoft's seizure of domains from a DNS service provider has also disrupted some state-sponsored cyber espionage campaigns, according to security vendor Kaspersky Lab.</p> <p>A quarter of the long-term malware operations run by hacking groups tracked by the Russian security vendor have been affected by the seizure of domains from No-IP, <a href="https://www.securelist.com/en/blog/208214339/Microsoft_seizes_22_NO_IP_domains_disrupts_cybercriminal_and_nation_state_APT_malware_operations" target="_blank">wrote</a> analyst Costin Rau on a company blog Tuesday.</p> Security Microsoft Cyber Crime Malware Wed, 02 Jul 2014 12:15:22 +0000 admin 245465 at http://www.infoworld.com Microsoft admits to technical error in IP takeover, but No-IP still down http://www.infoworld.com/d/security/microsoft-admits-technical-error-in-ip-takeover-no-ip-still-down-245463?source=rss_malware <p>Microsoft admitted Tuesday it made a technical error after it commandeered part of an Internet service's network in order to shut down a botnet, but the Nevada-based company says its services are still down.</p> <p>A federal court in Reno granted Microsoft an ex-parte restraining order that allowed it to take control of 22 domains run by No-IP, a DNS (Domain Name Service) provider owned by Vitalwerks, which was served the order on Monday.</p> Security Microsoft Cyber Crime Hacking Malware Wed, 02 Jul 2014 11:00:16 +0000 admin 245463 at http://www.infoworld.com Energy providers hacked through malicious software updates http://www.infoworld.com/d/security/energy-providers-hacked-through-malicious-software-updates-245323?source=rss_malware <p>Eastern European-based attackers gained access to the networks of energy providers by tampering with software updates for industrial control systems, gaining a foothold that could be used for sabotage, Symantec said Monday.</p> <p>The Dragonfly group, which appears to operate from Eastern Europe, compromised three ICS vendors, adding a piece of remote access malware to legitimate software updates, the security vendor wrote in a <a href="http://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat" target="_blank">blog post</a> Monday.</p> Security Hacking Intrusion Detection Malware Vulnerability Assessment Tue, 01 Jul 2014 12:23:46 +0000 admin 245323 at http://www.infoworld.com New SMS worm targets Android devices http://www.infoworld.com/d/mobile-technology/new-sms-worm-targets-android-devices-245201?source=rss_malware <p>A rare Android worm that propagates itself to other users via links in text messages has been discovered by security researchers.</p> <p>Once installed on a device, the malware, which was dubbed Selfmite, sends a text messages to 20 contacts from the device owner's address book.</p> Mobile Technology Security Android Mobile Security Malware Fri, 27 Jun 2014 14:40:56 +0000 admin 245201 at http://www.infoworld.com Companies warned of major security flaw in Google Play apps http://www.infoworld.com/d/mobile-technology/companies-warned-of-major-security-flaw-in-google-play-apps-244720?source=rss_malware <p>University researchers have found that developers often store authentication keys in the Android apps on Google Play, making it possible for criminals to steal corporate or personal data.</p> <p>The major security threat has cast doubt on the effectiveness of the automated scanning tools Google uses to uncover malicious code and other problems that could pose a risk to users.</p> Mobile Technology Security Google Android Application Security Authentication Data Security Mobile Apps Mobile Security Malware Fri, 20 Jun 2014 14:07:10 +0000 admin 244720 at http://www.infoworld.com Microsoft fixes flaw in its security software http://www.infoworld.com/d/security/microsoft-fixes-flaw-in-its-security-software-244584?source=rss_malware <p>Microsoft on Tuesday warned customers that its malware detection engine, used in a wide range of its products including Security Essentials and Windows Defender, could be disabled if an attacker sent a malformed file as an email attachment.</p> <p>Along with the security alert, Microsoft issued an update to patch the vulnerability.</p> Security Microsoft Endpoint Protection Malware Patch Management Wed, 18 Jun 2014 16:12:33 +0000 admin 244584 at http://www.infoworld.com New powerful Dyreza banking malware emerges http://www.infoworld.com/d/security/new-powerful-dyreza-banking-malware-emerges-244440?source=rss_malware <p>Security researchers said they've spotted a new type of banking malware that rivals the capabilities of the infamous Zeus malware.</p> <p>The malware, which is being called "Dyreza" or "Dyre," uses a man-in-the-middle attack that lets the hackers intercept unencrypted web traffic while users mistakenly think they have a secure connection with their online banking site.</p> Security Cyber Crime Data Loss Prevention Malware Tue, 17 Jun 2014 11:30:25 +0000 admin 244440 at http://www.infoworld.com Spamhaus readies new anti-malware data feeds http://www.infoworld.com/d/security/spamhaus-readies-new-anti-malware-data-feeds-244342?source=rss_malware <p>The Spamhaus Project will soon publish two new data feeds intended to prevent people from being lured to malware-infected websites and domains.</p> <p>The organization, which has long been in the forefront of efforts to stop junk mail, said the two data sets are part of its <a href="http://www.spamhaus.org/dbl/" target="_blank">Domain Block List</a> (DBL), a database updated constantly with spammy domains appearing in emails. The DBL data feed can be incorporated into mail server software that scans messages for the presence of those blacklisted domains.</p> Security Anti-spam Malware Mon, 16 Jun 2014 12:12:29 +0000 admin 244342 at http://www.infoworld.com Now's your chance to clean up your GameOver Zeus infection http://www.infoworld.com/t/malware/nows-your-chance-clean-your-gameover-zeus-infection-244001?source=rss_malware <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/security_bug_hp.jpg" alt="Now's your chance to clean up your GameOver Zeus infection" width="243" height="182" align="right" /></div> <p>Last week, the <a href="http://www.justice.gov/iso/opa/dag/speeches/2014/dag-speech-140602.html" target="_blank">Justice Department</a> and <a href="http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted" target="_b Microsoft Windows Malware Mon, 09 Jun 2014 18:53:34 +0000 InfoWorld Tech Watch 244001 at http://www.infoworld.com XPocalypse hasn't happened yet http://www.infoworld.com/d/security/xpocalypse-hasnt-happened-yet-243952?source=rss_malware <p>Two months after Microsoft withdrew support for Windows XP, the catastrophic wave of exploits that security experts predicted would quickly wash over the aged operating system have failed to materialize.</p> <p>Microsoft provided its last regularly-scheduled security updates for Windows XP on April 8, making only a single one-time exemption several weeks later when it patched a then-being-exploited vulnerability in Internet Explorer, including the browser on XP.</p> Microsoft Windows Security Microsoft Windows XP Microsoft Windows Malware Vulnerability Assessment Mon, 09 Jun 2014 14:23:00 +0000 admin 243952 at http://www.infoworld.com Trojan app encrypts files on Android devices and asks for ransom http://www.infoworld.com/d/security/trojan-app-encrypts-files-android-devices-and-asks-ransom-243829?source=rss_malware <p>The ransomware model is increasingly being adopted by cybercriminals who target mobile users, one of their latest creations being able to encrypt files stored on the SD memory cards of Android devices.</p> <p>A new threat dubbed Android/Simplock.A was identified by researchers from antivirus firm ESET over the weekend and while it's not the first ransomware program for Android, it is the first one seen by the company that holds files hostage by encrypting them.</p> Mobile Technology Security Android Cyber Crime Data Loss Prevention Encryption Mobile Security Malware Thu, 05 Jun 2014 19:42:48 +0000 admin 243829 at http://www.infoworld.com