Posts Tagged Viruses
Fake Windows IME Trojan
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Vulnerabilities & attacks on July 11, 2010
Security researchers at Websense have discovered a new Trojan that are using a windows system to disable and delete antivirus software and compromising victim machine.
The Malicious program installs itself as the Windows input method editor (IME) and then stop all AV processes and delete the executable files and mask itself in the system as an antivirus update package.
Websense has issued a blog post defining the way that this Trojan is able to infect windows system. After running the malware a winnea.ime will be created under the system folder in windows.
By opening the default input method, the previous created file winnea.ime will start to search and detects antiviruses.
At the same time, winnea.ime creates a file called pcij.sys to the system folder and loads it as a driver process.
Next DeviceIOControl kills the running process of any antivirus in the list; the control code is sent to the driver process pcij.sys
As it is clear that the input method in Windows is now a popular way for hackers to inject malicious code.
make sure you subscribe to my RSS feed!
Fake Software Updates Infecting Computers
Posted by Mourad Ben Lakhoua in News on March 26, 2010
New malware has been observed by Vietnamese computer security company Bach Khoa, The Malicious software overwrites programs update to bypass antivirus software.
W32.Fakeupver.trojan is the name of this new Trojan, first what the malware do is replacing automatic update system process for Adobe, Java, Deep Freeze or even Windows operating system to trick AntiMalware. By executing the Malware it will open services: DHCP client, DNS client, Network share and open port to receive hacker’s commands.
The malware can get to any system over the email, instant messengers or infected website. Once the computer gets infected attacker will be able to take control of the infected machine.
Currently to avoid being a victim for this Malware it is important to update all applications installed on the Operating system and the OS itself and make sure to have the latest antivirus definition.
make sure you subscribe to my RSS feed!
New York Times warns readers of website virus
Posted by Mourad Ben Lakhoua in News, Web Security on September 14, 2009
New York Times one of the largest News paper in the USA has warned readers of its website on Monday about malicious software masquerading as an advertisement. This is after some bloggers reported that when opening the New York Time website their local antivirus alerts of an existing Trojan in the site.
The infected advertisement leads the visitors to download a fake antivirus by a pop-up banner that says that their computers are infected and encourage them to download the AV software.
The Times advised all users who downloaded the fake AV from the link best-antivirus03.com to remove it immediately and to scan the entire OS for any malicious software.
Many security experts alerted in the past few months of infected website as pop-up banners that is became difficult to identify the good advertisement from bad one.
Currently the website is working fine and safe.
make sure you subscribe to my RSS feed!
Zombies an Increasing Concern
Posted by Mourad Ben Lakhoua in News on May 14, 2009
Computer zombies are out to get you. That may sound like a tagline from a bad B movie, but there’s truth behind it. A “zombie” in the computer lexicon is a computer that has been taken over by a piece of malicious software planted by a hacker typically for the purpose of secretly sending out unauthorized mass e-mail, or spam. That computer could be yours, and you could be totally in the dark about it.
According to a just-released study by computer security software company McAfee, cyber-criminals are having increasing success in commandeering the computers of others through the Internet in this way. McAfee has a vested interest in sounding the alarm. By doing so, it stands to sell more software. But it’s a company that has been around since 1987 and has a good reputation.
In the U.S., fully 18 percent of personal computers have become zombies, which is nearly a 50 percent increase from the previous quarter, according to McAfee Threats Reports: First Quarter 2009.
From our side we should remember that prevention is the best medicine. Make sure that Windows and your antivirus, firewall and other security software up to date. Those precautions will reduce the chances of getting infected. Secure your stuff and Keep working!
[Source: GovTech]
make sure you subscribe to my RSS feed!
Conficker.C Overview
Posted by Mourad Ben Lakhoua in News on March 26, 2009
Researchers at SRI International updated their Conficker paper. They have provided a very useful analysis of the Conficker malware.
The last variant of Conficker, referred to as Conficker C leaves as little as 15% of the original B code base untouched the main purpose of the Conficker is to provide the authors with a secure binary updating service that effectively allows them instant control of millions of PCs worldwide.
Through the use of these binary encryption methods, Conficker’s authors have taken care to ensure that other groups cannot upload arbitrary binaries to their infected drone population, and these protections cover all Conficker updating services: Internet rendezvous point downloads, buffer overflow re-exploitation, and the latest P2P control protocol.
Conficker authors have devised a sophisticated encryption protocol that is generally robust to direct attack. All three crypto-systems employed by Conficker’s authors (RC4, RSA, and MD-6) also have one underlying commonality and the discovery of MD-6 in Conficker B is indeed highly unusual given Conficker’s own development time line.
Source: [SRI International]
SUBSCRIBE
Latest Comments