malware
Latest
New Mac OS X malware - OSX_LAMZEV.A
Computer security company Trend Micro is reporting that a new Mac OS X malware application is making the rounds. The application, called OSX_LAMZEV.A, gives hackers a way to take control of infected Macs. This is the second report of Mac OS X malware this week.This is not a virus, and users must actually launch the app for it to install its payload. Once running, the app also asks which firewall port it can use. Trend Micro reports that "Mac users may be infected when they access remote websites hosting this backdoor. The backdoor may also be disguised as a legitimate application and may be installed and executed on systems."Many Mac OS X-based malware seems to be similar in nature, requiring users to actually launch the installer and give it permission to install the payload. Unlike Windows-based malware, you shouldn't need to install any anti-malware apps to annoy you and slow down your Mac. Just make sure to follow the basic rules of Internet safety -- don't install applications that aren't legitimate or visit Web sites that you don't trust.For more details, be sure to visit the Trend Micro Virus Encyclopedia.
New variant of RSPlug trojan making the rounds
Our friends at Intego sent out an alert this morning, warning users about a new variant of the RSPlug trojan horse, found on several adult websites. The risk to users is classified as "medium." RSPlug trojans, themselves a form of DNSChanger, change local DNS settings to redirect to phishing sites for banks, PayPal, and eBay. All these trojans must be downloaded at the user's request, and an administrator password has to be supplied. When visiting certain sites, the user is alerted that there is a "Video ActiveX Object Error" and is told that their "Browser cannot play this video file." The alert instructs the user to download the "missing Video ActiveX Object." If the user clicks OK, a disk image called "cleanlive.dmg" downloads (which may change in the future). Depending on the user's browser settings, this disk image may mount and installation may automatically start. Intego VirusBarrier X5 users are, as you might imagine, already protected. Updating your virus definitions today will improve detection. And, as always, be careful where you put your mouse online.
Antivirus company claims viruses are out to get you
McAfee Avert Labs, a monitoring and research division of McAfee Inc., claims that malware attacks are on the rise, and the targets are often gamers. According to McAfee, there was a 245% growth in the amount of malware being developed from 2006 to 2007, with roughly 300% more developed from 2007 to 2008. So far this year, development already exceeds 2006 and 2007 combined. Earlier this year, McAfee released a list of some of the most dangerous web domains. Even major, reputable websites are not immune, although the problems are usually addressed almost instantly. Commonly targeted websites include social networking sites like Facebook, as well as gaming sites.The developers harvest the information, and sell it to others who then exploit it, possibly to steal your account information. With so little time until Wrath of the Lich King, I'd like to remind everyone that buying gold or power-leveling services is not only not permitted, it is likely to get you burned. For more information on protecting your computer from keyloggers and other malware, check out the following guides:
'MacGuard' double-plus ungood, avoid
The fine folks at Intego sent out a warning this morning about MacGuard, a bogus piece of software that claims to clean up your system and remove adware, spyware, and trojans. It doesn't. According to the warning, MacGuard is simply a clone of a Windows app called WiniGuard. The company releasing the software, Innovagest 2000 SL, may be using the credit card numbers they harvest during the purchase process for "nefarious purposes." WiniGuard "hijacks the user's desktop and typically displays exaggerated or false claims of spyware found to frighten the user into paying for the program," according to Sunbelt Malware Research Labs. While our fine readers wouldn't get suckered into such a scheme, parents, grandparents, aunts and uncles might not be so educated. If you know someone with a Mac who might fall for this, do them a favor and forward them this warning. The MacGuard website is at macguard.net.
ASUS pre-installs Japanese Eee Box PCs with worm, issues recall
Uh oh. ASUS just issued a recall for all Eee Box PCs sold in Japan due to a nasty pre-installed worm. The malicious code dubbed "recycled.exe" may attempt to download additional malware while attempting to replicate itself to attached USB storage devices at the first opportunity. Of course, this isn't the first time that ASUS has been embarrassed by its image burns. Who could forget the the illegal keygen and confidential documentation shipped on those brand new laptops last month? Apparently, only ASUS who has yet to clean house. [Via The Inquirer]
WoW Insider Show Episode 55: The PvE to PvP transfer
The latest episode of the WoW Insider Show is now up for your listening enjoyment over on WoW Radio. Unfortunately, Totalbiscuit (who runs things over there) tells us that they're having more issues with a Google false positive of malware, so this week will be the perfect week to jump on into iTunes and both subscribe to and review our show from there if you haven't yet. Right there in your music player, you can find all of our shows so far, and you can subscribe to get any new ones we do for free right on your new iPod touch (or whatever ya got). Topics on last week's show include: The usual email answering: we answered questions about why there are no Auction Houses in Shattrath or Dalaran, what to do when your guild won't let you roll on damage gear when they ask you to heal, and why getting Champion tabards at Exalted would be a horrible idea. We talked about PvE to PvP transfers and why they might be a problem, but probably won't be. Racial abilites (and the suggestion to free them up a bit) came up in conversation We hit on Mages and why they're thrilled with Mirror Image (stay tuned for more Mage talk next week). And finally we asked around for AH tips, so if you want to make more money on the AH, definitely listen in. If you've got tips or questions of your own, definitely drop us an email: the address is theshow@wow.com. We do this every Saturday, so if you weren't free last week but happen to be around next Saturday at 3:30pm Eastern, jump on over to WoW Radio and tune in to hear us live. Thanks for listening, and enjoy the show!Listen here on the page:
WoW Radio fighting claims of malware
A few readers (thanks!) have sent us news that visiting the website of our good friends at WoW Radio has caused their Firefox browser to flag that there's malware present over there. I visited the site last Sunday, and my browser tossed up error messages aplenty at me. But after talking with Totalbiscuit and Duncor, I'll repeat their message here, so just so everyone knows: there is no malware problem with WoW Radio.Totalbiscuit has posted a notice on their front page explaining what happened -- sometime last week, a hacker attempted to post some kind of malware nonsense on their forums, and was headed off at the pass. Unfortunately, Google just happened to catch one look at a possibly negative piece of code, and thus the site was flagged (strange that just one flag would cause the kinds of alerts that Firefox is spitting out, but that's a discussion for another day). But at this point, we know for certain that there is no malicious code on WoW Radio, and even Google admits that the one piece of code it saw was the fault of a third party, not the WoW Radio folks.Both Totalbiscuit and Duncor tell me they're working with their ISP and Google as much as they can to get the warnings removed. But in the meantime, you've got nothing to worry about -- you can listen to our podcast (or any of the other podcasts over there) without worry.
Two new keylogging worms to watch out for
Microsoft's malware blog is warning of two new worms that attempt to steal account information for online games from Windows XP or Vista users. These worms are breaking previous keylogging success rate records and are worth educating yourself about.The first one is called Taterf which has infected over 1.2 milion machines worldwide during its first week. The other worm is called Frethog and has so far a 650,000+ machine first-week infection rate. These rates are stunning to malware specialists who are used to seeing these kinds of numbers only after a month of the worm's existance. These worms take advantage of Windows' autoplay and autorun functions that run for CDs, DVDs, and some USB sticks. They can be sneaky about it too. They try to disquise autorun with other pop-up dialog boxes, like "Show me these awesome pictures." You do need to confirm this action manually, but this obstacle hasn't much limited the spread of the worms to date.Make sure you read the instructions on Microsoft's support site for how to protect yourself from these worms. The short answer is to disable autorun from CDs under XP (a registry change) or to change the same option from the Vista control panel. You should also disable autoplay as an even greater precaution. Also, of course, make sure you check the box on the WoW login screen to save your account name. That way if you do get infected with a keylogger, they won't be able to see your keystrokes for both your account name and your password.
Azeroth Security Advisor: Patient patching prevents pestilence
Every other week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show. It's Friday night at 6:45 pm server time. Your raid begins in 15 min and you think you're ready to go. Narrowly escaped another speeding ticket trying to get home from work in time? Check. Belly full of pizza? Check. Mind totally polluted on bad tasting energy drink? Ch3cK! Dog fed and walked? Check. TiVo recording the latest over hyped drivel? Check. Kids unconscious. Check. Parents or domestic partner unconscious or otherwise leaving you alone for one damn second? Check. When will they understand that you ARE being social by locking yourself in the computer room all night... jeez! Time to rock and roll! Or not. What's this? A patch? On Friday night? Agony, shame and defeat. Azeroth will not know the terror of your blade this night. Gornak the mighty has been caged by some dweeb code monkey and their total POS patch system. Your raid leader is going to KILL you. Wait, what about downloading the patch from the Internet? Just Google up the patch number and let your cable modem download it at lightning speed right? Don't do it.
McAfee report reveals the most dangerous web domains
In an era where clicking on the wrong link while browsing the web could mean your account will get hacked, and one of your guild members clicking on the wrong link means your guild bank could get emptied as well, it's always good to protect yourself and keep abreast of web security issues. In that vein, it's worth checking out a new report released by McAfee called Mapping the Mal Web Report Revisited. It tested 9.9 Million websites in 265 domains to find out which ones had a higher risk of exposing visitors to malware, spam, and malicious attacks via a red, yellow, and green system.
Phlashing PDOS firmware attack could permanently disable hardware
You know all that network hardware that runs quietly 24 hours a day in server rooms around the world? What if black-hats could exploit remote firmware flashing utilities to take over -- or completely destroy -- vulnerable gear? Though still theoretical, PDOS -- permanent denial-of-service -- attacks will be demonstrated by researchers from HP Security Labs at the EUSecWest security conference in London this week. "Phlashing", as it's being referred to, focuses on exploiting network-enabled firmware updates, making use of a fuzzing tool that tricks hardware into flashing anything from back-door access to a corrupt image, causing complete and permanent hardware failure. There's no reason to panic just yet (especially not when it comes to consumer devices, which typically don't support remote firmware updates), but given the amount of unattended and relatively dormant enterprise network hardware out there, this could be something for admins to seriously think about. [Via Slashdot]
WoW Ace Updater ad banners may contain trojans, claim some users
While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here. Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems. This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here. I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.
Make way for maintenance day
Maintenance day is underway until 2pET/11aPT and many WoW fans are searching for something to do, while players with day jobs log on to point out that they can never play during these hours. Fortunately, we have lots going on today, as well as some highlights from the past week that you won't want to miss. Wrath of the Lich King: Compilation of everything we know of to date about Death Knights, the new hero class we'll be seeing with the expansion. The new expansion is now in alpha testing! Read on to find out what this means, as well as what it doesn't mean. Arena Season 4: A great analysis of when arena season 4 might begin.
Malwarez project grows virtual 3D organisms from vicious code
Ever had an urge to really get a visual on what masterfully written predatory code would look like if allowed to grow into a 3D organism? Okay, so maybe that hasn't been on the forefront of your mind recently, but there's no denying that Alex Dragulescu's Malwarez project is quite the source of eye candy. According to its maker, the aforementioned initiative is a "series of visualization of worms, viruses, trojans and spyware code," and their "frequency, density and grouping are mapped to the inputs of an algorithm that grows a virtual 3D entity." Who knew viruses could look so dreamy?[Thanks, Danger Mouse]
Insignia photo frame virus much nastier than originally thought
Ugh, we were already sick of digital photo frames -- and now it looks those now-discontinued virus-ridden Insignia units from Best Buy and several other models produced in China were carrying a much nastier trojan that we'd originally heard. According to an analyst form Computer Associates, the trojan, called Mocmex, is able to block more than 100 types of security and anti-virus software from killing it, and bypasses the Windows firewall to download files from remote locations, spreading them randomly over your hard drive and any portable storage device you plug into your PC -- like, for example, a digital photo frame. The trojan is apparently set to only steal gaming passwords at present, but CA says it's capable of stealing nearly any information on your machine, and thinks it might be a test for a much worse virus yet to come. Infected frames have come from Sam's Club, Target and Costco, in addition to Best Buy, so we'd say to avoid picking one up until this mess gets sorted out -- or, you know, forever.
Viral "WiFi flu" router virus almost as fun as the real thing
We hate to be bearers of bad news, but it looks like those of you squeaking by on a WEP-protected or unprotected wireless router have yet another reason to undertake the difficult task of selecting "WPA" on that router admin screen. A team of researchers at Indiana University have published a paper on how easily malware could spread through a densely populated area, with unprotected routers providing zero resistance, and WEP moderately more, while WPA proved generally unhackable. The spread of the malware was alarmingly similar to a biological virus, and while no such router "WiFi flu" has yet been developed by nefarious types, it's probably only a matter of time before something of its ilk takes a city by storm. In test attacks, after the initial infection phase, 10-55 percent of the routers were infected. We can do better, people. Oh, and to the guy upstairs: thanks for all the WiFi these years, those torrents will probably never be traced back to you, so don't worry.
LG's Vaccine USB flash drive keeps your machine disinfected
We've already taught you to not use syringes USB flash drives that you find on the street, but we know all sorts of unwanted invaders can meander on into your hard drive when you're not looking. Enter LG's aptly-named Vaccine USB flash drive, which comes pre-loaded with anti-virus / malware protection software and provides "real-time system monitoring and hardware scans." Aside from making sure your rig doesn't catch any bugs going around, it also updates itself when plugged in to an internet-connected PC. Regrettably, we've no idea how much these things will cost (nor if Medicare will cover), but they will be offered up in sizes ranging from 512MB to 8GB.[Via EverythingUSB, image courtesy of Pocket-Lint]
Experts predict malware field day for iPhone in '08
Like Y2K and the end of rock and roll, pundits love to call out platforms that are ripe for a nightmarish, post-apocalyptic hell-on-earth sort of attack by the world's technologically inclined miscreants. In that vein, mobile phones have been billed for years as the next great frontier in virii, largely because they're getting smarter, more open, and more ubiquitous than ever before. We can buy that logic, but the waves upon waves of malicious code infecting the world's smartphones simply haven't happened. So at what point do we say that these analysts are crying wolf?Now might not be a bad time to start, as Arbor Networks' security group is calling the iPhone a likely target in 2008 by hackers who want to "be the first to hack a new platform." We wouldn't dare say that there won't be attacks on the iPhone's security holes next year and beyond, but we don't think users need to be scrambling to disable their data connections, either; Windows Mobile, Symbian, Palm OS, and everyone else have gotten along fine for years aside from the occasional malware blip on the radar that barely makes a splash and goes unnoticed by 99 percent of the world's users. Not to mention the fact that the opportunity to "be the first" to hack the iPhone has come and gone -- so to the hackers of the world who're thinking about diving into the wide world of iPhone hacking, may we suggest you put your brainpower to the forces of good, not evil?
MMO security irresponsibly bad, experts claim
MMO players have more to fear than simply kobolds and virtual super villains. According to several security engineers interviewed by TechNewsWorld, gamers face greater risks than many of them realize, as lax security measures on the part of publishers expose players to identity theft, malware, and potential hack attacks. And as persistent online worlds continue to grow in size, they only become more lucrative targets for online ne'er-do-wells. They attribute much of the risk to the fact that so much of the actual game software lies on users' home computers, and is not adequately shielded by firewalls and other protective measures.Unfortunately, the solutions posed by the so-called experts betray an obvious lack of experience with MMOs and the people who play them. They cite enterprise networks as an example of having the kind of network security that gamers need to ensure that they're protected from intrusive attacks... So they suggest that people play games from work to alleviate the risk. While I'm enthusiastic about such a prospect personally, I highly doubt that most employers are too keen on the idea of their employees logging in while on the clock and using up company bandwidth to grind for Sporeggar rep. They also suggest purchasing expensive security products, but that's not something I'd imagine most people haven't considered and disregarded already.A more prudent suggestion, though not one explicitly cited in the article, is to instead be extremely mindful of what kind of mods you download for your favorite games, and from where you download them. If you don't give hackers an open door to your system, than there's probably not too big a cause for concern, unless you're unlucky enough to have bought pre-hacked products.
Macworld explains how not to get bitten by malware
We recently mentioned the new OS X malware that's floating around the (nether side) of the net these days. Over at Macworld, Rob Griffiths has an extensive article discussing the ways you can tell if a piece of downloaded software is fishy. The tips range from the obvious (only download from trusted sources) to the arcane (diving into packages to examine the installer components). The overall strategy is to examine the software carefully and look for tell-tale signs that it's not legitimate.In any case, it should give you a good set of strategies to use when evaluating a questionable download.
