Virus Alerts

Home/Virus Alerts

Tasty Spam: Sneaky URLs Trick Victims in Diet-Pill, Work-From-Home-Scams

By |May 30th, 2014|Categories: Security, Tech News, Virus Alerts|

Via Flickr user Jerry PankMail providers are getting better at filtering out spam before it even hits our Inboxes. Even so, some messages still get through. The spammers are continually tweaking their campaigns to get past the spam filters. Sometimes, we get spammed because our friends fell for a scam. Spam is still a problem, but it is one we can solve.

SecurityWatch asked the security experts at Cloudmark to flag and analyze an ongoing spam campaign. We take a look at the type of messages being sent and the infrastructure behind the operation used. This month, we look at an operation called “Com Spammers.”

The Com Spammer Operation
The Com Spammer operation specializes in work-from-home schemes, diet pills, and recently, a miracle anti-aging skin cream. The gang monetizes the email and SMS spam campaigns through victims who sign up to buy one of these products. In the case […]

The Magic of KAVremover

By |May 29th, 2014|Categories: Security, Tech News, Virus Alerts|

If you have been following our blog for a while, you know something about what problems you may encounter installing our products and how to solve them. We have already examined what happens when the system requirements are not observed, but there is another common reason why installation may fail. Here in Kaspersky Lab Technical Support, we call it “leftovers”. For those who speak literary English, we will paraphrase it as “system files and registry keys remaining after a previously installed Kaspersky Lab product had been removed.” If a previous version of a product was not uninstalled completely, you may be unable to install a newer version.


Where do the leftovers come from? First of all, they may appear because of the operating system errors. If your Windows copy is damaged and works incorrectly, it may result in the malfunction of the Windows Installer […]

Buyer (and Seller) Beware: eBay Suffers Data Breach

By |May 29th, 2014|Categories: Security, Tech News, Virus Alerts|

eBay Inc., the well-known digital auction house where users can purchase anything from concert memorabilia to an automobile, announced on Wednesday that the company suffered a cyberattack. The attack that occurred in late February and early March (but was first discovered 2 weeks ago), compromised a database containing encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth, according to the company’s official public statement.

eBay is urging its 150 million active users to change their passwords immediately. The company said there’s no evidence that the compromise has led to unauthorized activity on user accounts. Nor has the breach given hackers access to financial data, which is stored and encrypted on a separate database. Finally, no information used on PayPal, a subsidiary of eBay Inc. that allows for hassle free payments online, was compromised.

The attack was first detected two weeks ago after a “small number of […]

Iranian Keylogger Marmoolak Enters via Backdoor

By |May 29th, 2014|Categories: Security, Tech News, Virus Alerts|

Targeted attacks have several stages, sometimes called the APT kill chain. At McAfee Labs we prefer the model described by Lockheed Martin:

Marmoolak 1

As part of the weaponizing phase, attackers often put a payload into a file that, once installed, will connect in the C2 (command and control) phase to the attacker. A very common payload used by many password-stealing malware is a keylogger. The purpose of keylogging is to capture the users’ keystrokes, and gather credentials and links to internal and external resources. The stolen credentials can later be used to weaponize another file or serve as part of the actions phase of the APT kill chain.

One example we recently ran into is the malware Marmoolak, an Iranian keylogger with the MD5 F09D2C65F0B6AD55593405A5FD3A7D91.

We traced the first appearance of this keylogger to a Middle-East forum:

Marmoolak 2

Although some keyloggers may capture […]

Despite source code leak, Android malware fetches top $5,000 price

By |May 29th, 2014|Categories: Mobile/Wireless Devices, Security, Tech News, Virus Alerts|

Symantec says the iBanking malware is stealing one-time passcodes for banking applications

May 20, 2014
(IDG News Service)

Despite a leak of its source code, an Android program aimed at compromising online bank accounts is still commanding $5,000 per copy, one of the highest prices seen for a type of malware, according to research from Symantec.

Symantec and RSA published details on their blogs on Tuesday about iBanking, which is being used by two Eastern European cybercrime groups to intercept one-time SMS passcodes used for logging into bank accounts.

IBanking is notable for its wide range of features and defensive measures that thwart analysis by security researchers. It can steal just about any information on an Android device, record calls or forward calls to another phone, Symantec wrote.

The malware often appears in Android app marketplaces as a legitimate banking application. It appears victims who are targeted already have a […]

Rush to fight Heartbleed leads to errors with certificates and patches

By |May 28th, 2014|Categories: Security, Tech News, Virus Alerts|

Some reissued SSL certificates use the same vulnerable key as the ones they replace, and some sites moved to a vulnerable version of OpenSSL

May 9, 2014

(IDG News Service)

Despite taking prompt action to defend against the Heartbleed attack, some sites are no better off than before — and in some cases, they are much worse off.

Many of the sites that patched vulnerable OpenSSL installations after the Heartbleed attack was revealed on April 7 then went on to revoke compromised SSL certificates and order new ones. But 30,000 sites are now using replacements based on the same compromised private key as the old certificate, according to a study by Internet services company Netcraft released Friday.

That means that anyone who managed to steal the private key of such a server before it was patched could still use the key to impersonate the server in […]

Symantec Says AV Is Dead, World Rolls Eyes

By |May 27th, 2014|Categories: Tech News, Virus Alerts|

The rumors of AVEarlier this week, Symantec’s senior vice president Brian Dye declared to the Wall Street Journal that antivirus “is dead.” That’s a bit surprising, considering it still accounts for a reported 40 percent of Symantec’s revenue. Plus, Symantec continues to churn out Editors’ Choice award winning products like Norton 360. So is AV really dead? The short answer is “no,” and the long answer is “no no no no no nononononononono.”

Nail in the Coffin?
Dye told the WSJ that the company doesn’t consider AV as “a moneymaker in any way.” Not only that, Dye bemoaned that they simply can’t keep hackers out. In the interview, Dye estimated that AV only catches 45 percent of cyber attacks. Those are pretty damning numbers, and a pretty grim outlook, but other cybersecurity experts just don’t agree. Or rather, they know that saying […]

What is ‘Covert Redirect’ and Should You be Worried?

By |May 27th, 2014|Categories: Security, Tech News, Virus Alerts|

When Heartbleed struck in April, it shook the Internet to its core in an almost literal sense: the vulnerability, which could allow hackers to trick servers into surrendering sensitive data, took advantage of how communications are made online. Now, there’s a new vulnerability in town claiming to be the next core-shaking Internet threat. But is it really? Let’s take a look.

Covert Redirect: A look inside

The vulnerability in question has been dubbed “Covert Redirect,” due to its stealthy tactics. Discovered by Wang Jing, a mathematics PhD student in Singapore, Covert Redirect enables hackers to trick users into surrendering personal information by posing as an authorization window (a popup window which asks for authorization to connect to a third party website or application). If the faux-authorization is successful, the hacker can redirect the user to a website loaded with malicious software. If successfully executed, it can […]

As Patch Tuesday looms, Microsoft gives Windows 8.1 users a reprieve

By |May 26th, 2014|Categories: Security, Virus Alerts|Tags: , |

Consumers now have until June 10 to get off Windows 8.1 and on Windows 8.1 Update to keep receiving patches

May 12, 2014

For the third time in the last four weeks, Microsoft today backed away from a customer cutoff as it postponed enforcement of the Windows 8.1 Update migration deadline until June 10.

On Monday — and just a day before its May Patch Tuesday slate of security fixes — Microsoft said consumers have four more weeks to move from Windows 8.1 to Windows 8.1 Update before their devices would be barred from receiving further patches. The deadline change was the third in the past month, following an earlier Windows 8.1 Update extension for business users and a surprise update on May 1 for Windows XP after Microsoft had officially retired the aged OS.

“We’ve decided to extend the requirement for our […]

Microsoft seeds doubt by erasing XP line in the sand

By |May 26th, 2014|Categories: Microsoft, Security, Tech News, Virus Alerts, WinXP|

Move may end up encouraging some customers to stick with XP even longer

May 7, 2014

Microsoft’s decision to erase its support line in the sand has sowed confusion and will likely encourage bad behavior by some customers, analysts said today.

“If next month someone finds another zero-day like this one, Microsoft could just move the line again,” said John Pescatore, director of emerging security trends at the SANS Institute, a security training organization.

“In a way, this encourages bad behavior. There’s a risk that people will look at it that way,” said Michael Silver, an analyst with Gartner, referring to those who will now question Microsoft’s determination to end XP support, and thus slow or even suspend their migrations to newer editions of Windows.

The experts were talking about Microsoft’s move on May 1 to issue fixes for a critical vulnerability in Internet Explorer […]