Guard Privacy & Online Security News & Information

Guard Privacy & Online Security Home : Guard Privacy Blog Home : April 2007

April 14, 2007 10:57 - Watch Out For This 'Storm Worm' Cloaked With A Rootkit

The virulent Storm worm is back again as a variant and creating chaos.

The Internet Storm Center reported detecting at least 20,000 infections Friday and Patrick Martin, from the Security Response Team at Symantec, said they received several hundred reports of the malicious e-mail making the rounds.

"We're seeing 50 to 60 times the normal volume of spam," said Adam Swidler, senior manager of solutions marketing at Postini. He added that the spam run is the largest in the last 12 months, and more than three times the volume of the two biggest in recent memory: a pair of blasts in December and January.

The malware arrives in spam with subject headings touting Worm Alert!, Worm Detected, Spyware Detected!, Virus Activity Detected! Inside the e-mail is an image and an encrypted zip file. The image has the password needed to open the zip file.

The ZIP file, which is password protected -- the password is included in the message to further dupe recipients -- actually contains a variant of the "Storm Trojan" worm, which installs a rootkit to cloak itself, disables security software, and steals confidential information from the PC.

Computers infected with this virus become unknowing "zombies" in a botnet that are used to send out spam and further the attacks. "It is highly likely that this latest attack will result in many more downloads, pump-and-dump attacks, and more as seen with former Storm Worm attacks to date," said Ken Dunham, director of VeriSign's Rapid Response Team.

Infection depends on users opening the attachment to spam... so, as usual, the advice is don't open any spam, yet alone attachments.

To reference this entry please copy the url in this link: (Permalink)

April 19, 2007 11:26 - Adware Tricks PC Users Into Downloading Malware

A new tactic to infect users' PCs has been uncovered in the form of adware posing as ActiveX, according to Panda Software.

PC users who visit cracker-controlled porn websites, find a window opening to display an offer of porn pictures. If the user agrees, another window informs that an ActiveX has to be installed.

In reality, the ActiveX is adware known as ImageAccesActiveXObject. Before now we had seen adware disguised as codecs to see videos, but never as ActiveX controls for viewing pictures. This is another strategy for tricking users. They think they are giving their consent to the installation of a legitimate tool when really they are allowing adware to be installed”, explained Luis Corrons, technical director of PandaLabs.

Once installed, the adware takes users to a page of pictures but malicious code is surreptitiously loaded onto the PC.

Among the sample of malware loaded onto PCs is SpyLocked -- adware that warns users that their computer is infected -- and that it has detected ImageAccesActiveXObject.

This program is posing as security software and will not allow computers to be disinfected unless users register the product.

ImageAccesActiveXObject also downloads the Securitytoolbar adware, which installs a toolbar and displays intrusive pop-up pages when users visit certain websites.

For protection? Well, it's the usual advice of not clicking on any pop-up windows in the first place, unless it's a site you absoluyely trust, such as your online banking site.

Ensure you run your antispyware as soon as you spot a problem, such as pop-up ads. The program I recommend is CounterSpy.

This article has been adapted from http://www.theregister.co.uk/2007/04/17/adware_activex_control/

To reference this entry please copy the url in this link: (Permalink)

April 30, 2007 20:31 - Malware Increases Dramatically

The overall number of new pieces of malware has grown dramatically, according to Sophos. In the first quarter of 2007, the company identified more than double the number found in the same period last year, with the majority of malicious code writers using the web to spread their mayhem.

With computer users becoming increasingly aware of how to protect against email-aware viruses and malware, hackers have turned to the web as their preferred method of attack. Not all of the infected websites were created by the hackers themselves. Sophos found that the majority were bonafide websites that were vulnerable to attack because they were unpatched, poorly coded or had not been maintained by their owners.

A further 12.8 percent were hosting malicious script while Windows malware was responsible for infecting 10.7 percent. Adware was found on 4.8 percent of these pages and porn diallers on 1.1 percent.

The top three countries hosting web-based malware in Q1 2007 were China at 41.1%, the U.S. at 29.2% and Russia at 4.6%. The UK has entered Sophos's chart for the first time at number six acounting for 3.0%.

Full article

To reference this entry please copy the url in this link: (Permalink)

March 2007 « 

 

 RSS
RSS Feed For This News

Guard Privacy Blog Home | Archives | Guard Privacy... Hot New Topics | Internet Privacy & Security Risks... News! | Spyware & Spyware Blockers... News! | | Guard Privacy From Spyware | Guard privacy With Anonymizers