malware
Latest
The Trojans are coming for the Horde! And the Alliance, too.
The fine folks at World of Raids, as pointed out by tipster Akyl, have linked to this article, which informs us that 20% of all trojan viruses are aimed directly at you, the World of Warcraft player. (Don't feel too bad, as Lineage 2 gets a whopping 40% of all trojans.) That's really rather astonishing, if you think about it... just a quick search of our own site reveals several trojans made mention of on our site alone. Of course, it's not news that crooks will steal things from you, but what's news is that this is a percentage of all trojans, period. In other words, between Lineage 2 and World of Warcraft, we're seeing more than half of all cyber crime committed via trojan viruses. Forget banks, people. The future of online theft is your character's gear. Gaming accounts are targeted by the second most common malware on the web right now according to a previous article on the PCRetail site. That seems to suggest that this kind of activity, with its uncertain legality (who do you call when someone steals you WoW password and sells all your gear, after all, the cops or Blizzard? After all, technically all your character's stuff still belongs to Blizz, and not you) and as yet uncharted waters of enforcement, is only going to get more and more common. Gaming is described several times as a 'soft target' for this kind of theft.There's more money to be made stealing people's accounts and selling all their gold to gold buyers than in trying to steal bank account information.Have you ever downloaded a trojan, or otherwise had your account hacked? How long did it take to get your stuff back? Did you actually get it all back?
OS X worm saga turns it up a notch with death threats
If you can keep track of the bad TV movie / high school drama that the OS X worm saga has become, hats off to you. In the latest round of confusing doublespeak from the underbelly of the security world, a few key players are (possibly) taking turns swapping identities -- and trading death threats. In the latest installment, Jon Ramsey is Infosec Sellout, David Maynor is LMH, anonymous commenters are promising to "put a bullet in your head for this!" and a spooky legion of "black hat" hackers known as the "Phrack High Council," (or PHC) are doing their best Freemasons impersonation. Now, with the Infosec site deletions, and Dave Maynor's supposed self-outing, calls being issued for the worm to be proven in the wild are increasingly mixed with the literal cries of bloody murder -- all over what can best be described as the lamest hoax for the biggest nerds in internet history. Check out the Computerworld article for some... insight?Update: As noted by a few commenters, David Maynor is now claiming on his blog that he isn't LMH, and that the admission "from" him had been faked. Of course, in this subterfuge-filled war of words, we'll take it with a grain of salt.[Via Slashdot]
InfoSec Sellout disappears, worm now claimed to affect OS X 10.4.10
InfoSec Sellout, the hacker(s) behind that claimed OS X worm we mentioned yesterday, has kinda-sorta disappeared from the Internets. Sellout's blog, which classified the information security industry as a bunch of "snake oil salesmen, pimps and whores," is "now dead" according to the anonymous blogger (or bloggers) who many think is hacker LMH of January's "Month of Apple Bugs." Mysteriously, the site has reemerged under a new name boasting a link to SecurityFocus where InfoSec Sellout's vulnerability claim now includes the latest version of OS X: 10.4.10. Oddly, Sellout claims that his/her site was hacked, and the new posts are fakes. Huh? Sellout claims that the reason for the shutdown was due to the loss of hacker anonymity from "cry babies" who can't handle a little honesty. Of course, none of this makes any sense. After all, there's always Google cache. Besides, if his/her (or their) claim of developing a first, massively propagating OS X worm is true, then just like DVD Jon before, Sellout's fiscal future as an industry professional would be all but guaranteed. So what are you really hiding from Sellout? [Via Macworld] Read -- InfoSec old site (via Google Cache) Read -- InfoSec new site Read -- InfoSec Sellout's identity? Read -- SecurityFocus vulnerability description
New OS X vulnerability found: worm released in lab?
Look, we're fine with Apple gloating about the security of OS X in their Mac vs. PC adverts. After all, we have yet to see a large-scale worm released into the Macintosh community. However, the fact that a worm hasn't been released on a Windows-esque scale likely has less to do with Apple's superior coding than the size of their market share, i.e., OS X is a smaller target. That might soon change, however. A vulnerability has reportedly been found and more importantly, exploited by an "independent researcher" known only as "InfoSec Sellout." Apparently, a previously undisclosed vulnerability in the OS X mDNSResponder (which Apple has patched before) allowed Sir Sellout to cobble together a worm dubbed "Rape.osx." InfoSec Sellout claims to have released the worm into a controlled environment thereby infecting a network of about 1,500 OS X systems by nabbing root and dumping a text file as an evidentiary foot print. However, the worm's author claims that it can be broadly weaponised with a payload of choice across both PPC and Intel-class Macs with just a bit more work. InfoSec Sellout will disclose the vulnerability to Apple only after his/her "research is complete" and after an appropriate level of compensation (er, InfoSec Ransom?) received. Dubious as that sounds, for better or worse, it's the way the game's currently played. [Via Slashdot]
Your virtual cash may be worth more than your real cash
This isn't the first time we've heard this, but recently PC World has reported that your virtual assets may worth more than your real assets. From the article:According to Craig Schmugar, a researcher with the McAfee research labs, McAfee now sees more password-stealing malware designed to nab accounts of games like Lineage and World of Warcraft than Trojans that go after financial accounts.Why? Your in-game assets can easily be converted to cash and there's much less legal risk involved in trafficking virtual goods than trafficking, say, stolen credit card numbers. So treat this as a reminder: be careful of keyloggers! (And if you're not sure how, read up on our advice on how to keep your system keylogger-free.)
No more links on the forums?
The official forums are unpleasant in so many ways. Quite aside from flamers, trolls, Rickrollers, and other assorted Internet demons, there are more serious risks. Although being on a Mac I'm not vulnerable to most of these, the vast majority of WoWers could encounter viruses, trojans, keyloggers, and other such nastyware at the other end of every link in the forums. Although Blizzard put in the interceptor ("You are attempting to visit a page that is not a Blizzard website. It's not our fault if it kills your computer."), most of us are used to automatically clicking past that. So some posters, like Sweet here, think it would be best if no more (external) links were allowed at all in the forums. It looks like Blue agrees (Tyren): We are always looking to increase security for our players, and while it may be inconvenient, in this case, I think your suggestion is the best way to go, and we will look into doing away with auto links.It took me a while to figure out what he meant by "auto links," but I'm pretty sure he means the functionality where if you type, for instance, "http://www.wow.com" in a forum post, the forum software turns it into a live link. If this is correct, it means to go to a link in a forum post, people will have to copy the URL and paste it into their address bars. Would that really get fewer people keylogged? Some responders think not, and think it would just irritate folks. I say it can't really be more irritating than that interceptor page. What do you think?
London hit by malware-infected USB ruse
Joining the infamous Chip & PIN terminal hacks as yet another way to siphon banking details from unlucky Londoners, a group of "malware purveyors" reportedly dropped off tempting Trojan-infused USB drives in a UK parking lot in hopes that unsuspecting individuals would take the bait and subsequently hand over their banking credentials. Supposedly, Check Point regional director Nick Lowe mentioned the wile at the Infosec trade show, but couldn't elaborate due to the ongoing investigation. Another insight suggested that such chicanery was becoming "the new phishing email," but hey, where's the love for those oh-so-vulnerable ATMs? Take note, dear Brits, that the free storage you're eying on the park bench could end up costing you quite a bit in the long run.
Blocking business targets gaming at the workplace
Sophos PLC is in the business of security. For years the company has designed software to protect business networks from viruses and spyware. But a recent survey determined a need to extend security concerns to another productivity inhibitor: games. And so, a January upgrade to Sophos's application will quietly erect a wall, blocking mischievous employees from their secret workplace obsessions, like The Sims 2, Need For Speed Carbon, and Guild Wars: Nightfall.Of course, blocking games does more than just thwart slackerdom, it protects networks against malware (often hidden in game installations); programs that could potentially compromise a business's security. We're all for playing it safe too -- just keep an ear out for big boss as you sneak some Portable Ops in under the desk.[Via VH1 Game Break]
McDonald's MP3 players ship with trojan horse
What do tubby teens, MP3 players, and grandma's scalded taint all have in common? That's right, the absolute attention of McDonald's legal. See, McDonald's and Coca-Cola recently teamed up in Japan to give away 10,000 self-branded MP3 players pre-loaded with 10 spankin' new tunes and... some delicious malware. It seems that a "portion" of the players sport a variant of the QQPass family of trojan horses which capture passwords and other personal information when the MP3 player is plugged into the users' PC. The code then proceeds to email the details to the author. McDonald's has setup a 24 hour hotline while they are investigating the matter and will swap out all the offending players. Good times. [Via Impress]
