Category: Worms

I just received the message below via email. This is nobody I’ve been into contact with before and I did not download the linked file. Services like Wetransfer is getting popular and now unfortunately the hackers has caught on and is using this as a vehicle to get their trojans and viruses installed so be warned.

The message is a valid Wetransfer email, so the hackers has simply used their service and entered in me as a recipient of their no doubt virus file.

2016-01-14_22-55-42

 special-reportAn Iranian semi-official news agency says there has been another cyberattack by the sophisticated computer worm Stuxnet, this time on the industries in the country’s south.

Tuesday’s report by ISNA quotes provincial civil defense chief Ali Akbar Akhavan as saying the virus targeted a power plant and some other industries in Hormozgan province in recent months.

Akhavan says Iranian computer experts were able to “successfully stop” the worm.

Source: Yahoo News

A worm that locks Windows PC users out of their computers unless they pay a $200 ransom is rapidly spreading via Skype.

Once it has secreted itself into a machine, the malware tricks further victims into installing it by using the Microsoft-owned VoIP software to send messages that read “lol is this your new profile pic?” The malicious missives, dispatched to the infected user’s contacts, include a shortened goO.gl link to a zip file hosted by Hotflie.com.

Trend Micro said some 400 computers were infected in the first 24 hours of the worm outbreak last Thursday. Skype said in a statement.

Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer.

The chat biz recommends users do not click on “strange or unexpected” links.

Source: The Register

The world of malware has, over the last couple of decades, morphed to become not just a mechanism with which to subvert people’s computers and steal money, but also a way for corporations and sovereign states to conduct cyber espionage.

An example of malware being used for industrial cyber espionage emerged two months ago with a worm, which had previously been quite rare, breaking out suddenly in Peru and neighboring countries.

This worm, specific to the electronic drafting software AutoCAD, is called ACAD/Medre.A and is written in AutoLISP, the language that is used to script operations in AutoCAD. ACAD/Medre.A has a very devious agenda: It e-mails copies of the drawings the user opens to over 40 mail boxes hosted at two different Chinese ISPs.

Source: PCW

WASHINGTON — From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet.

Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of Iranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack.

Source: The New York Times

Win32.Worm.Coidung.BA worm Win32.Worm.Coidung.B disguised as Office Genuine Advantage, a program Microsoft used to validate copies of Microsoft Office was found by BitDefender Antivirus Makers research team.

“Microsoft retired Office Genuine Advantage in December 2010, but that hasn’t stopped the attackers from using it to ensnare victims a year later,” writes SecurityNewsDaily.

“The fraudulent OGA program, labeled ‘office_genuine.exe,’ is spreading via Yahoo Messenger, and once the attachment is downloaded, it opens a portal in people’s computers for remote attackers to control the machines or install more malicious software”

Source: Security News Daily
Source: Malware City

Ikee Worm on Ipone

[ad#Google Adsense]
iphone-wormHacked Iphones can be infected with the Ikee worm. The code that’s build like a worm only affects “jailbreaked” iphones.

To be affected the user also has to activated login via ssh and still use the original password. So for experienced users it’s not very difficult to protect yourself.

Ikee exchanges the background image of the phone and looks for more phones to infect but no other damage has been reported.

The creator of the worm, a 21 year old Australian says it was supposed to be a joke and the intention was never for the worm to spread.

Change your passwords, people…

Until next time 😉

Peter – Your Online Security Guide

[ad#Google Adsense]
threatIn a Online Safety Study that was published by Microsoft yesterday show that worms are the biggest security threat on the Internet. The study refers to the worm Conficker that infected over five million computers the first six months 2009.

In the Microsoft study the company also found that countries with high numbers of pirate copying of software also get hit harder by security problems.

“There is a direct connection between pirate copying and the number of infected computers” says Jeff Williams on Microsoft Malware Protection Center.

Pirate copying in China is about four times bigger than in the US.

Until next time 🙂

Peter – Your Online Security Guide

infected-hospital

Hello Friends,

Have you had of the latest Conficker’s massive infestation?

The damaging and popular downadup worm – Conficker – has been reported to have done its malicious attacks in hospital operations. It’s finally made its way into Hospital medical devices and its wrecking havoc.

The organizer of the Conficker Working Group and Senior Vice President for Neustar, Rodney Joffe, told a Congress  that almost 300 medical devices under one manufacturer were infected with the worm, said CBS news.

Most of the infected devices were those that were connected to local area networks (LANs).Hospital operations have been affected and it has become a very serious problem that must be kept a close eye on.

Medical devices have been compromised due to the connection to an un-patched version of Microsoft’s Operating System. The patch which carries the protection from such worms and virus attack was released late last year but because of the 90-day notice regulation of U.S. Food and Drug Administration, it had not been installed.

It has come to light that not only hospitals have been affected and are vulnerable from Conficker, other industries too have been hit hard, so there’s no complete assurance of safety unless you are well protected with the right antivirus.

Conficker manifests and self copies itself on machines, targeting those that are run in Microsoft Windows and do not have the patch installed.

Conficker-proof your machines and prevent it from being attacked, make sure to install the latest windows updates which can be found on the microsoft website and most important of all update your security solutions.

The top conficker-proof  security software for your business in the market today include Bitdefender Enterprise Solution, Counterspy Enterprise and Ad-Aware Enterprise.

Don’t wait until its too late you have been warned!

Until Next Time 😉

Peter – Your Online Security Guide

gumblar

Hello Friend,

There’s a new malware on the web that is wrecking havoc in every way possible.

This drive-by-download exploit is called, Gumblar.

The latest manner of attack known from Gumblar is when doing searches on Google, it redirects Google search results to malicious sites where it loads more malware on the PC by means of drive-by-download attack that infects via PDF and Adobe Flash. Not only does it install more malwares in the PC, it also steals login details and FTP credentials thus compromising those sites owned and operated by the victim.

Since Gumblar is quite a pervasive virus its victims fall for it without knowing, Cisco came up with tips for websites and enterprises on dealing with the problem.

Tips on dealing with Gumblar Virus from Cisco

1.     Ensure you have Security for your Servers

Make sure security protection is implemented for web servers and web applications. Bitdefender have a very good mail and file server security solution.

bitdefendermailserver

2.     Be Aware of Pop-ups

Alert users and visitors to pay attention to pop-ups that leads to a questionnaire site.

3. Gateway Security

Organizations should install gateway security that is capable of drilling down into every Internet access request. Bitdefender Total Security 2009 is recommended.

5. Firewalls that can be analyzed

Make sure perimeters are secured with firewalls that can be analyzed.

Gumblar has outruled Conficker this month, either way, we don’t want any viruses for our systems.

onlinesecurityWe  encourage you to do timely software updates and and use up-to-date security solutions not only to be Gumblar free but completely virus-free and Safe!

If your security program is out of date you can read more about the latest and up-to date security software available in the market today.

Until Next Time 😉

Peter – Your Online Security Guide