Security researchers have discovered a new worm that specifically targets OS X on Macs, and which controls them through Reddit.com. Dubbed the “iWorm”, or the “Mac.BackDoor.iWorm”, the iWorm was first publicly reported last week on the Dr. Web anti-virus site. There is a way to check to see if you have the iWorm on your Mac, which we explain below.
In the last 24 hours some malicious agent has sent out a massive spam run with a malware payload behind a link to “open your invoice”, “download details” or “open your payment details”. The emails seem to come from senders such as firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org and email@example.com, and the text is all very gappy.
If you are a Windows XP user running Kaspersky anti-virus and you can’t connect to the internet from your computer, you are not alone. The latest update to the AV software is preventing many users from being able to connect to the internet, causing users to swarm to the Kaspersky forum to grumble.
The U.S. Department of Homeland Security alerted users of Java to a serious and urgent security risk, recommending that users disable Java until a suitable fix has been released. In the statement, the United States Computer Emergency Readiness Team (US-CERT), the branch of the federal government that manages computer security risks, warned that any system using Oracle Java 7 (1.7, 1.7.0) including Java Platform Standard Edition 7 (Java SE 7), Java SE Development Kit (JDK 7) and Java SE Runtime Environment (JRE 7) are at risk.
Bots generate at least 10% of all online traffic, according to data released today by Solve Media, a company that provides security authentication solutions through CAPTCHA-based advertising technology. Solve Media indicates that they have seen a 400% increase in what they term ‘aberrant’ traffic across web-based services such as commenting, voting, registration, contact and commenting.
There are few things as comforting to hear as, “Our nuclear program has been compromised again” from an Iranian nuclear facility, but it appears that someone behind a cyber attack, or possibly some snickering 12 year old boys in their parent’s basement, have unleashed a cyberattack on Iran’s Atomic Energy Organization; hard rock-style. That’s right, the latest Iranian nuclear cyberattack has the nuclear physicists shaking all night long to AC/DC rock music; “Thunderstruck” to be exact.
Starting early this morning, a rash of fake Kindle ebook orders hit the Internet. Sent out as part of the Sakura exploit malware, the email is designed to alarm the recipients into thinking that their Amazon accounts have been charged outrageous amounts for ebooks that they didn’t order, going to addresses they don’t recognize (including “Gahanna, United States”), but the links to “your account” actually take the unsuspecting recipients to malicious sites where the Sakura exploit will infect their computer, adding it to their botnet. The subject of the email is usually “Your Amazon.com Kindle e-book order confirmation” or “Your Amazon.com Kindle e-book order receipt” and appears to come from firstname.lastname@example.org “Thanks for your order (your email address)!” the email starts out, going on to say “Did you know you can view and edit your orders online, 24 hours a day? Visit Your Account.” Don’t fall for it!
Up until now Mac owners have been relatively safe (and smug) when it came to the infectability of their computers. Worms, trojans, viruses, and other malware were considered to be primarily the domain of Windows. That may have changed last week, however, when the Russian security company, Dr. Web, reported that as many as a half a million Macs are already infected with what is being called the “Flashback Trojan”. Here’s how to know if you have Flashback Trojan, and how to get rid of Flashback Trojan.
The worm that infected an Iranian nuclear site, Stuxnet, or something very much like it, may be getting ready to strike again, say researchers. A recently discovered malware dubbed Duqu (for the prefix of its files, ~DQ, is designed to steal information needed to mount another such attack, and provide remote access to industrial installations such as, well, nuclear plants.
With the release of the new book, Worm: The First Digital World War, the Conficker worm (also known, depending on which variant you have, as Conficker A, Conficker B, Conficker C, Conficker D, Conficker E, and the Conficker Virus) is back in the news. This is a good thing, as it is very much still one of the biggest threats on the Internet, but as it has been around since 2008, it’s been “out of sight, out of mind” for many users, who no longer think about detection and Conficker removal. Here’s a quick refresher on how to tell if you have Conficker (the handy Conficker eyechart) and having been infected with Conficker, how to find a Conficker removal tool so that you can delete Conficker.
If a link to “activate dislike button” shows up on your Facebook page – do not, Do Not, DO NOT click that link! The scam link, spreading like wildfire, appears as a post on your wall that says “Facebook just added the dislike button! Click on ‘Activate Dislike Button’ below to enable it on your account!” Of course, the FB dislike button is another Facebook scam, carrying with it a Facebook virus and a bonus of malware that it downloads to your computer in the background.
A brand new scam, trying to get you to download malware, has just hit the Internet. “The ACH transaction recently sent from your checking account (by you or any other person), was canceled by the Electronic Payments Association” says the spam in which it is contained. There is a link to a file that you are supposed to download to “see the details of the report”. Don’t download that file! The file name format is “report_FakeTransaction#.pdf.exe” so, for example, report_33047451352379.pdf.exe. So far the scam mail has pretended to come from NACHA.org, although they are actually coming through an ISP in the Ukraine (ukrtel.net). ACH, by the way, stands for Automated Clearing House, which is a system that processes electronic banking transactions.
“OMG! Its unbeliveable now you can get to know who views your facebook.”. Did someone post that on your Facebook wall? If so, whatever you do, don’t click the link that says “CLICK 2 SEE YOUR STALKERS”!! Yes, it’s just another in a round of Facebook virus spams.
The “Security Alert” trojan, sometimes known as a ‘rogue antivirus’ attack, is making the rounds again. First spotted a few years ago, until recently the “web security” antivirus alert trojan targeted mainly PCs, tricking Windows users into downloading the evil ‘BestAntivirus2011.exe’ file by telling them that “To help protect your computer Windows web security have detected trojans and ready to remove them.” (Note the poor language usage.) Now this same tactic is being used to attack Mac users – all that has changed is the “Windows” to “Apple” and the file name (‘MacProtector.mpkg for Macs’) – even the poor language remains the same! “To help protect your computer Apple web security have detected trojans and ready to remove them.” says the pop-up. Don’t fall for it, and whatever you do, don’t click on “Remove all”, which will cause the malware to be downloaded to your computer.
Two years ago, almost to the day, a Spanish airliner belonging to Spanair crashed just after takeoff. Of the 172 people on board, 154 were killed. New information now reveals that one of the airplane’s central computer systems was infected with malware, and that the crash was likely directly attributable to this malware infection.