virus
Latest
Space Station laptops catch "nuisance" virus
While it doesn't appear to be nearly as serious as some of the computer problems the International Space Station has faced, it looks like a virus has managed to find its way onto some of the laptops used on the Station, which NASA is now describing only as a "nuisance." According to SpaceRef.com, the virus is the W32.Gammima.AG worm, which is normally used to swipe sensitive information for online games. As Wired's Threat Level reports, the worm has also spread to more than one laptop on the Space Station, which would seem to suggest that it has either been spread via an on-board intranet, or via a thumb drive. Somewhat disconcertingly, when asked by Threat Level if any mission critical systems were connected to the same network as the laptops, NASA spokesperson Kelly Humphries simply said, "I don't know and even if I did, I wouldn't be able to tell you for IT security reasons."[Via Threat Level, thanks a.c.e.r.]
International Space Station has a keylogger
var digg_url = 'http://digg.com/pc_games/Keyloggers_in_Spaaaaaaaace'; NASA has confirmed that the International Space Station has been infected by a keylogger. It was carried onto the station by an astronaut's laptop back in July. The keylogger in question is the W32.Gammima.AG -- which is specifically a gaming keylogger. In other words, the ISS has the exact kind of keylogger that plagues so many of us in WoW. NASA describes the keylogger as merely a "nuisance," but at least two of the laptops on board had the virus. That probably means it arrived on one laptop, and a removable device like a thumb drive carried it to another. Kelly Humphries, a NASA spokesperson, said "This is not the first time we have had a worm or a virus. It's not a frequent occurrence, but this isn't the first time." For security reasons, Humphries couldn't say whether mission-critical systems were affected by the keylogger. NASA is working with its Russian partners to figure out how the virus got space-born. Here's hoping the International Space Station has their Blizzard Authenticators installed properly.
Azeroth Security Advisor: Patient patching prevents pestilence
Every other week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show. It's Friday night at 6:45 pm server time. Your raid begins in 15 min and you think you're ready to go. Narrowly escaped another speeding ticket trying to get home from work in time? Check. Belly full of pizza? Check. Mind totally polluted on bad tasting energy drink? Ch3cK! Dog fed and walked? Check. TiVo recording the latest over hyped drivel? Check. Kids unconscious. Check. Parents or domestic partner unconscious or otherwise leaving you alone for one damn second? Check. When will they understand that you ARE being social by locking yourself in the computer room all night... jeez! Time to rock and roll! Or not. What's this? A patch? On Friday night? Agony, shame and defeat. Azeroth will not know the terror of your blade this night. Gornak the mighty has been caged by some dweeb code monkey and their total POS patch system. Your raid leader is going to KILL you. Wait, what about downloading the patch from the Internet? Just Google up the patch number and let your cable modem download it at lightning speed right? Don't do it.
McAfee report reveals the most dangerous web domains
In an era where clicking on the wrong link while browsing the web could mean your account will get hacked, and one of your guild members clicking on the wrong link means your guild bank could get emptied as well, it's always good to protect yourself and keep abreast of web security issues. In that vein, it's worth checking out a new report released by McAfee called Mapping the Mal Web Report Revisited. It tested 9.9 Million websites in 265 domains to find out which ones had a higher risk of exposing visitors to malware, spam, and malicious attacks via a red, yellow, and green system.
Arena Junkies suffers virus attack
Arena Junkies is one of the most reputable online sources for. . .arena junkies. Its posters are numbered predominately among the 2000+ Arena Rated teams, and thus the site serves as a key resource for arena veterans and up-and-comers alike. Arena Junkies hosts dozens of forums, macros, strategies, and example Arena-centric Talent builds. Arena Junkies is also an official part of the Blizzard Fan Site Program. Oh, and they've got their own T-Shirts.Which is why it can be so troubling to see they've been attacked by one of Vaneras's malicious "eVillains." The eVillain posted a "malicious applet" in their Interface forums, planting a virus which apparently spread to the hosting server itself. Naxos warns forum-goers that if any Junkie clicked on the link responsible for the attack, he or she should be careful that their system isn't under any danger. With the rising number of keyloggers and account theft, that kind of precaution is starting to get common for even the most casual WoW player.Naxos definitely seems to have a handle on the problem, though. Arena Junkies reverted to its last-saved backup, from very early that morning, and now Arena Junkies is back to running smoothly. According to Naxos, the virus itself was a variation of the i-worm/stration virus. Links to the virus have, understandably, been removed. It's unclear whether this attack was an attack of opportunity, or if someone has it out for the Arena Junkies. As Bio puts it: "He prob sucks at the arena."
Researchers design "malicious circuits," warn of potential risk
We've already seen a few viruses delivered via hardware, but a group of researchers from University of Illinois at Urbana-Champaign are now warning that we may not have seen anything yet. As New Scientist reports, they've apparently managed to develop their own "malicious circuits," which they say can interfere with a computer at a deeper level than a virus, and completely bypass traditional anti-virus software. To accomplish that slightly unsettling feat, the researchers created a replica of the open source Leon3 processor, and added about 1,000 malicious circuits not present in the original processor. Once they hooked that up to another computer they were apparently not only able to swipe passwords from memory, but install malware that would allow the operating system to be remotely controlled as well. Of course, they admit that sneaking such malicious circuits onto a chip isn't exactly an easy proposition, given that someone would either need to have access to a chip during its manufacturing process, or have the ability to manufacture their own. Or, as the project's lead researcher puts it, it's "not something someone would carry out on weekends."[Via TG Daily, image courtesy Actel]
Virus infected Fraps steals account information? [UPDATED]
WoW Insider has received a high number of reports of hacked accounts today. We have traced the Trojan to Trojan.Crypt.FKM.Gen. This Trojan has been known to steal World of Warcraft login information.What we believe has happened, and please take this with the appropriate grain of salt, is that Fraps had a modified version of SpyLocked in it, which installed the Trojan.Crypt.FKM.Gen into Microsoft Net Meeting, which was then started silently when Windows rebooted. When the users logged into WoW, their passwords were key logged and twelve hours later several level 70 characters, including many bank alts, were deleted. It should be noted that it is possible that SpyLocked was installed into Fraps via a malicious email, however that is unlikely. We can also not verify where Fraps was downloaded, however it was almost assuredly downloaded from the official site.This is evident in the logs of the virus scanner, which show both Fraps and Net Meeting as having viruses. Further, SpyLocked has been known to install further malicious programs on a computer. Finally, all of this has been confirmed via extensive interviews with the hacked subjects.What can you do to prevent this from happening?Two things: Change your password, now! When you're at home, run a complete virus scan. Do not sign in to WoW until you've done so. We've alerted the makers of Fraps to the problem, and if appropriate, will post their reply.Most of all it's important that you, our readers, stay safe. Take a minute to change your password now.Update 11:21 p.m. April 30th: I've been in contact with Beepa, the makers of Fraps, and they assure me that the official downloads from fraps.com are perfectly fine.
WoW Ace Updater ad banners may contain trojans, claim some users
While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here. Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems. This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here. I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.
HP sends server customers virus-infected USB keys
We've seen a couple viruses make their way into the manufacturing process and onto shipping products, and it looks like HP Australia and its enterprise customers are the latest victims. USB keys shipped with some HP Proliant servers are infected with the Fakerecy and SillyFDC viruses, and the company's issued an alert saying that any up-to-date virus scanner should be able to tackle the nasties. It's a pretty low-grade threat -- the key is only used to install floppy disk drivers and neither virus is particularly destructive, but all you server admins Down Under might want to check your rigs just to be sure.[Via The Register]
Malwarez project grows virtual 3D organisms from vicious code
Ever had an urge to really get a visual on what masterfully written predatory code would look like if allowed to grow into a 3D organism? Okay, so maybe that hasn't been on the forefront of your mind recently, but there's no denying that Alex Dragulescu's Malwarez project is quite the source of eye candy. According to its maker, the aforementioned initiative is a "series of visualization of worms, viruses, trojans and spyware code," and their "frequency, density and grouping are mapped to the inputs of an algorithm that grows a virtual 3D entity." Who knew viruses could look so dreamy?[Thanks, Danger Mouse]
Wowhead and other sites are having trouble with ad banner trojans
You'll want to be a bit more cautious when looking up information on the game today. World of Raids reports that an unknown ad banner appearing on Wowhead, Thottbot, and Allakhazam has an embedded keylogger trojan. You don't even need to click on the banner, apparently, simply mousing over it will be enough. Wowhead says that all they know for sure is that it originates from "ad.yieldmanager.com", and will produce a redirect to "xpantivirus.com." They're working at isolating it. The issue is known, and all parties involved are tracking it down, so it should hopefully be resolved soon. In the meantime, if you're looking for a quick way to protect yourself, I would follow the recommendation of World of Raids, and try out the Firefox web browser and the No Script extension. As long as you keep the scripts blocked, it should prevent the banner in question from forcing itself on you. This should also provide you with some protection if you accidentally click on the wrong link elsewhere, such as on the WoW general forums. Edit: Apparently, the virus in question is not an actual keylogger, but it still does a number on your system, which is reason enough to try to avoid it.
The Mac virus that isn't
We at TUAW have a pretty healthy collective sense of humor. Bearing that in mind, we'd like to take a moment and address the recent attention to the "Newton Virus," a playful piece of software with an unfortunate moniker. The "virus" was created – and named – by Troika, a multi-disciplinary art and design practice in the UK. We have no bones to pick with Troika, we just take issue with calling the program by a name with malicious implications. It is, in fact, a piece of interactive artwork designed with a non-destructive disruption of reality in mind. The first definition of a virus is a program that can replicate and infect a computer without permission or knowledge. The second, more flexible definition is a program falling into the category of malware. The Newton Virus is a mild – albeit visually interesting – disruption, and given that it was designed for manual installation and incapable of replication, not really a virus at all. Ergo, the ensuing headlines seen around the 'net are based on a sensationalistic misnomer. That being said, the piece is a fascinating little experiment (leveraging the Sudden Motion Sensor in Mac portables) that fits nicely with Troikart's typical fare, and it's earned a spot in the Design and the Elastic Mind exhibition at the MoMA. So, next time someone tells you they heard about a virus for Macs, tell them not to sweat it: it's probably just modern art.
The Newton Virus spreads joy
Remember back in the old days, when men were men, dogs ran free, and computers were the size of small countries? It was a time when viruses weren't malicious, rather, they delivered cherry popsicles, unicorns, and nuclear joy-beams. Well, now you can return to a simple time of laughter and love thanks to the Newton Virus and related dongle, created by the design collective Troika. Instead of gnashing your files, spamming your address book, or giving you "The Finger" repeatedly, this virus engages just once, and creates a playful desktop mishap that will undoubtedly inspire the victim to hug the nearest person. Though the virus was coded way back in 2005, it's now being shown at the MoMA's Design and the Elastic Mind exhibition. Watch it all go down, literally, in the video after the break.[Thanks, H&M]
Did you give the gift of a hacked account this Christmas?
var digg_url = 'http://digg.com/pc_games/Did_you_get_the_gift_of_a_hacked_account_this_holiday'; Do you even know? Many digital photo frames sold at Best Buy, Target, Costco and Sam's Club have a particularly insidious trojan embedded in them - one designed to thieve your account information for a variety of online games. One of the primo geek gifts of 2007, variations of these devices were bundled with darn near everything gadgety during the holidays. Some percentage of these contain a professionally written and very stealthy little gremlin that Computer Associates has dubbed Mocmex that is apparently capable of robustly concealing itself from many detection engines. This isn't an amateur-night special, by all reports. This is professional nastiness, with multiple variants.
Insignia photo frame virus much nastier than originally thought
Ugh, we were already sick of digital photo frames -- and now it looks those now-discontinued virus-ridden Insignia units from Best Buy and several other models produced in China were carrying a much nastier trojan that we'd originally heard. According to an analyst form Computer Associates, the trojan, called Mocmex, is able to block more than 100 types of security and anti-virus software from killing it, and bypasses the Windows firewall to download files from remote locations, spreading them randomly over your hard drive and any portable storage device you plug into your PC -- like, for example, a digital photo frame. The trojan is apparently set to only steal gaming passwords at present, but CA says it's capable of stealing nearly any information on your machine, and thinks it might be a test for a much worse virus yet to come. Infected frames have come from Sam's Club, Target and Costco, in addition to Best Buy, so we'd say to avoid picking one up until this mess gets sorted out -- or, you know, forever.
Best Buy confirms it sold virus-infected Insignia photo frames, no recall in the works
As we noted a week back, Best Buy's house-brand Insignia photo frames are indeed virus-infected, but now it appears Best Buy is doing something about it. Unfortunately, info is still slim at the moment from company lips. Best Buy says it's "connecting with our customers who may have been impacted," and has pulled remaining inventory from the shelves, but there are no plans for a recall of the infected NS-DPF10A, and Best Buy won't specify what specific type of malware we're dealing with. Best Buy seems to think that anti-virus software should have no problem dealing with the old-ish trojan in the frames, and recommends customers plug the frame into a PC and run some current anti-virus software to eradicate the malware. Macs are unaffected, and Apple could be seen on the playground making smarmy remarks about the incident to anyone who'd listen.
Infection alert: Insignia 10.4-inch photo frame kindly bundled with trojan
We haven't exactly gotten a torrent of email complaints from angry Best Buy customers, but for anyone wondering why the $230 Insignia 10.4-inch photo frame got pulled from shelves last week, here's your answer: they were manufactured, like devices sometimes are, with a supposedly "old and easily removed" trojan. Funny, though, that the internal memo we got has Best Buy dragging its feet, intending to send a letter to potentially infected customers only "once a solution has been tested and confirmed." Here's a solution: recall the frames and send everyone some anti-virus software and a free appointment with the Geek Squad, instead of letting sites like ours break the news that Best Buy isn't moving fast to fix its digital security mishaps. The memo is posted after the break.
First iPhone Trojan horse is weak, Greeks point, laugh
Well if you've been telling your buds your iPhone is totally virus free and safe, 'tis time to eat your words. Seems some incompetent 11-year old kid added an app to Installer sources that lists itself as "iPhone firmware 1.1.3 prep" -- we're calling it fail.trojan -- an update to Erica's Utilities. Though not too troublesome -- apparently only says "shoes" once installed -- it may well be the start of a whole new bag of fun for the inspired yet bored amongst us. Removing the app damages a pile of programs in the iPhone's bin folder like Erica's Utilities, OpenSSH, Doom, and Launcher, though you can sort it by simply re-installing. Apparently his father's been notified and he's been given a harsh talking to and the site with the malicious source is now offline.[Via CNET, image courtesy of thecampuscomic]
Viral "WiFi flu" router virus almost as fun as the real thing
We hate to be bearers of bad news, but it looks like those of you squeaking by on a WEP-protected or unprotected wireless router have yet another reason to undertake the difficult task of selecting "WPA" on that router admin screen. A team of researchers at Indiana University have published a paper on how easily malware could spread through a densely populated area, with unprotected routers providing zero resistance, and WEP moderately more, while WPA proved generally unhackable. The spread of the malware was alarmingly similar to a biological virus, and while no such router "WiFi flu" has yet been developed by nefarious types, it's probably only a matter of time before something of its ilk takes a city by storm. In test attacks, after the initial infection phase, 10-55 percent of the routers were infected. We can do better, people. Oh, and to the guy upstairs: thanks for all the WiFi these years, those torrents will probably never be traced back to you, so don't worry.
LG's Vaccine USB flash drive keeps your machine disinfected
We've already taught you to not use syringes USB flash drives that you find on the street, but we know all sorts of unwanted invaders can meander on into your hard drive when you're not looking. Enter LG's aptly-named Vaccine USB flash drive, which comes pre-loaded with anti-virus / malware protection software and provides "real-time system monitoring and hardware scans." Aside from making sure your rig doesn't catch any bugs going around, it also updates itself when plugged in to an internet-connected PC. Regrettably, we've no idea how much these things will cost (nor if Medicare will cover), but they will be offered up in sizes ranging from 512MB to 8GB.[Via EverythingUSB, image courtesy of Pocket-Lint]
