Archive for the ‘Viruses’ category

First SMS Trojan for Android is in the wild

August 10th, 2010

The first text message-based Trojan to infect smartphones running Google’s Android operating system has been detected in the wild.

Trojan-SMS.AndroidOS.FakePlayer-A poses as a harmless media player application and has already infected a number of mobile devices, Russian security firm Kaspersky Lab warns. Prospective marks are prompted to install a “media player file” of just over 13 KB with the standard Android .APK extension.

Once installed, the Trojan begins sending SMS messages to premium-rate numbers without the owner’s knowledge or consent. Victims wind up with a huge bill while the cybercrooks behind the scheme earn a slice of the income. There have been isolated cases of devices running Android getting infected with spyware since last year, but this is the first occasion that an SMS-spewing Trojan, common in the world of mobile malware, has affected devices running Google’s operating system.

No comments »

Posted in Android, Mobile Phones, Viruses

Tags:

Are you running all the latest security updates?

March 8th, 2010

Windows users need to patch their systems an average of every five days to stay ahead of security vulnerabilities, according to a study this week.

The numbers come from a company called Secunia which just happens to be developing an all-in-one patching tool to reduce update headaches for consumers.

Secunia’s free Personal Software Inspector tool show the average home user needs an average of 75 patches from 22 different vendors to be fully secure. The complexity of patching means that most users are not even in the race, meaning that hackers hoping to exploit software vulnerabilities to infect vulnerable systems stay well ahead of the game.

Matters are further complicated by the variety of different update mechanisms applied by differing suppliers.

You can download this free tool from Secunia to help you keep up to date with multiple updates from different companies which will help keep your computer secure.

No comments »

Posted in Microsoft, Viruses

Tags:

Microsoft: upgrade to IE8, even though it’s vulnerable

January 18th, 2010

Microsoft is advising its customers to upgrade to Internet Explorer 8 – even though the latest version of its browser is vulnerable to a serious security attack.

The software giant issued a statement urging people to upgrade their browser, after the zero-day exploit that was used to attack companies such as Google went public.

According to Microsoft’s security advisory: “the vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”

But although Internet Explorer 6 has been the source of attacks until now, Microsoft’s advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7.

Nevertheless, Microsoft is still urging its customers to upgrade their browser to the latest version. “Customers using Internet Explorer 8 are not affected by currently known attacks and exploits due to the improved security protections in IE8,” the company claims.

No comments »

Posted in IE, Viruses

Tags:

New attacks exploit vulnerability in (fully-patched) Adobe Flash

July 23rd, 2009

imagesOnline criminals are targeting a previously unknown vulnerability in the latest versions of Adobe’s ubiquitous Flash Player that allows them to take complete control of end users’ computers, security researchers warn.

Although the exploit can be triggered using malicious PDF files opened by Adobe’s Reader application, a more common technique uses a 1.1 kilobyte Adobe Flash file to target the vulnerability.

Judging from this bug report on Adobe’s own website, the flaw behind the the Flash exploit was reported in December, Royal says. While the bug is reported to trigger only a crash, the report said it was reproducible “every time.”

As always, the threat can be mitigated by using Firefox with plugins such as NoScript. Of course, all bets are off if one of your trusted sites happens to get compromised by one of the attackers, so users shouldn’t considered this protection foolproof.

No comments »

Posted in Viruses

McAfee service pack fail

June 9th, 2009

mcafeeA recent McAfee service pack led to systems being rendered unbootable, according to posts on the security giant’s support forums.

The mandatory service pack for McAfee’s corporate Virus scanning product, VSE 8.7, was designed to address minor security bugs but instead tagged windows system files as malware. The software update was issued on 27 May and pulled on 2 June, after problems occurred. Users were advised to keep the patch if they’d already installed it in a low-key announcement on McAfee’s knowledge base.

Posts on McAfee’s support forum paint a different picture of PCs and server left unbootable after the update had automatically deleted Windows systems files wrongly identified as potentially malign. Our source among the McAfee user community, who asked not to be named, described the incident as a “massive fail” by McAfee and reports that sysadmins are angry that a long awaited patch turned out to do more harm than good.

In a statement, McAfee acknowledged potential problems but said that these were rare. It said it planned to reissue the service pack once glitches with the software were ironed out.

No comments »

Posted in Software, Viruses

Tags: