Mac OS X has been devoid of any large scale viruses and Trojans for a long time now. However, of late as the popularity of Mac has grown, virus creators have started targeting the OS with new viruses. This is evident with the number of viruses and Trojans which are being written for Mac. Take for example the Fake Mac Defender Anti-Virus (removal instructions).

A recent investigation by a security group has found out that a new virus called Flashback has been infecting nearly 600,000 Macs globally. The latest variation of this virus has been targeting an unpatched Java vulnerability in Mac based PCs. The OSX Flashback Trojan connects to a remote server and downloads instructions and payload. Once the payload has been downloaded the malware will modify webpages in the web browser and try to collect personal and other information and send it back to their servers.

If you are a Mac user, the first thing you should do is apply the new patch supplied by Apple that patches this vulnerability. However, there is a chance that you might have been already infected by the Trojan.

F-secure has put up some detailed instructions on their website to find out whether you are infected by the Flashback Trojan for Mac along with instructions to remove the OSX Flashback Trojan. You can visit this page to find instructions for removing Flashback Trojan and remove it from your system.

The detection and removal instructions are targeted towards advanced users so you might want to have someone familiar with Terminal taking a look at it for you.

Also, don’t forget to apply the latest update patch supplied by Apple. To do that, open the main system menu on your Mac by clicking on the “Apple icon” and click on the item “Software update”. Once the software update has checked for updates, apply any new patch/Java update that is available for your system.

We’ll try and post more simpler detection and removal instructions for this shortly.

Earlier today, president of the Windows and Windows Live division, Steven Sinofsky wrote a lengthy article detailing Microsoft’s development of Windows 8 for the ARM architecture.

As I still go through the article (it’s so long that I printed a copy), there is a lot of information hidden in the 8,600 word article which I will share in subsequent posts. However, the biggest news is that viruses that affect Windows 7 (and even Windows 8) won’t be compatible with Windows on ARM. According to Sinofsky:

• WOA will not be able to run existing x86/x64 applications. In order to build applications for Windows on ARM, they will have to be developed using the WinRT architecture.
• Apps that have been developed for WOA, using WinRT, will be only available through the Windows App Marketplace. The marketplace will act as a checkpoint for rogue applications.

The two steps ensure that a WOA device (primarily tablets) will not be as easily affected by the plethora of viruses that exist today.  Talking about the issue in the article Sinofsky says,

Our focus on delivering a new level of security for consumers using WOA is paramount. In one public event, we were asked if we would “make it easy for existing viruses and malware to run.” Now you can see the answer is decidedly, “no.”

I spoke with Windows hacker Rafael Rivera (of Within Windows fame) and he believes that unless a user roots his WOA device, his device is theoretically safe from virus infections. For Microsoft, Windows on ARM (WOA) is another version of Windows akin to Windows Server, Windows Phone or Windows Embedded. Microsoft is also expected to bundle their antivirus/antimalware tool–Security Essentials–with Windows 8.

It has been discovered that the cockpits of two US drone  fleets Predator and Reaper, have been infected with a virus. The virus infection was discovered two weeks ago in the Creech Air Force base in Nevada. Since then, the officials have been trying to remove the infection, but the virus keeps on coming back, reports WIRED.

The virus consists of a Trojan payload that logs the keystrokes of the pilot controlling the drones remotely. As you might know, these drones have been used extensively in spying as well as targeting enemy territory remotely and have been a great asset to the US Army.

It isn’t apparently clear whether the infection is a result of a cyber-attack or whether it was just an accidental infection. Whatever the case may be, the virus has infected both unclassified as well as classified machines, and it is speculated that some confidential data might have gone outside of the military network.

Interestingly, this is not the first time that the Predator and Reaper fleet has come under security scrutiny. It was well known that these drones send video to their stations unencrypted. The US Army had previously found hours of drone video recording on computers seized from Iraqi insurgents.

Reuters has quoted an unnamed source saying that this infection hasn’t impacted overseas missions.

One of the heavily criticized aspects of Windows OS has been its vulnerability to viruses. Its competitor, Mac OS, has been relatively safe from viruses up until now.

Since the last couple of weeks, a malware for Mac OS X has been on the loose, namely Mac Defender. This Trojan/malware spreads as a security application, which will help users remove viruses’ from the OS X.

The application has a very polished look, and can easily deceive veteran Mac users as well. On the first launch, the application will falsely detect some of the files on your Mac computer as infected by virus. The application will also open pr0n websites on your Mac, making users think that their computer is infected by viruses.

The application will ask users to purchase the license of their application so as to remove advanced viruses. The 1 year license of the app costs a whopping $59.95, while the 2 year and the lifetime license costs $69.95 and $79.95, respectively. Once a user clicks on the Register button, he is taken to an unsecured website where he is asked to enter his credit card details.

Once the user enters his credit card details, he will be basically charged for software which actually infected his Mac. Other genuine anti-virus and anti-malware software for the Mac detect the Mac Defender app as a virus. However, looking at how rare viruses are for Mac, I doubt many Mac users would be using anti-virus software.

I will be writing a detailed step-by-step guide on how to remove Mac Defender virus from your beloved Mac, so stay tuned!

The start of a new year has prompted numerous predictions of what the mobile and technology sector can expect from 2011. We are promised exciting new apps and faster connectivity, but these innovations come at the cost of new dangers presented by malicious coding and cyber-delinquency.

The advent of the Smartphone, with its sophisticated operating systems, is nothing new. But their proliferation and rapidly growing popularity there are well over 40 million users in the US alone is increasingly drawing the unwanted attention of virus programmers who, like hungry wolves contemplating the arrival of fresh lambs to the herd, celebrate the adoption of Smartphones by the technologically ignorant as an opportunity for renewed mischief.

Previously, producers of Trojans and worms largely concentrated their efforts on traditional PCs, the sheer volume of global Smartphone activity has suddenly rendered mobiles a worthy target. This is reinforced by the capability of the devices that has allowed users to conveniently conduct their finances on their mobiles, wherever they are and whatever they’re doing. There is a clear monetary incentive and opportunity for data theft, which characters from the murkier side of programming are taking advantage of.

Although attacks on mobile security date back to around 2004 (remember Cabir?), previous viruses were on the whole merely irritating rather than genuinely threatening. So far, the security risk to mobiles has been held in check by factors such as the existence of the iPhone App Store (which cuts out external app providers) and its various equivalents, the lack of compatibility across different models (which meant that viruses could be isolated and limited to specific makes of phone), and the fact that the vast majority of users were technologically aware and therefore harder to dupe.

However, with the increasing tendency to transmit sensitive information via a Smartphone, cyber-attacks on mobiles will become more common. Data will be stolen, destructive files downloaded and information illicitly transmitted. It is therefore important that users take precautions to reduce the chances of a successful attack: switch off Bluetooth when not in use; never download files you are sent without asking for; and beware that a device can catch a mobile-specific virus from an infected personal computer. No one wants to be a victim of a mobile WinCE/InfoJack; check out some anti-virus software – but don’t be frightened into making an unnecessary purchase.

==========

About the author: Jude Harrison is a freelance technology writer.

It’s difficult for some of us to resist clicking links or opening emails with provocative titles. That’s what hackers count on. Recently, one of many successful malware attacks was a file named Real kamasutra.pps.exe. Sophos reported that it really is a PowerPoint slideshow, but don’t get your hopes up. You’d have to infect your computer to see the images.

What I will do is warn everyone, once again, not to be fooled by the old double extension trick. Even though you may think .PPS (slideshow), the .EXE on the end of the file makes it an executable file. When it’s launched, the slideshow above actually did display some rather unique images, however, it also installed a backdoor trojan. The trojan, called Troj/Bckdr-RFM, allows hackers to silently gain access to your PC. Once inside they can steal your data, your identity, and use your machine for any number of illegal activities.

Most of the time, you’ll see files with double extensions in email. One of the most famous email exploits was the I LOVE YOU.TXT.VBSfile. The .VBS on the end made it a Visual Basic Script, which installed a virus on millions of PCs back in 2000.

These days, your biggest risks come from clicking shortened links in social networking sites like Twitter and Facebook. Thankfully, most of the short URL providers, like Goo.gl and Bit.ly, try to make sure that the links don’t end up at known bad websites.

If you’ve waited patiently hoping for a glimpse of the images in that Kama Sutra slideshow, visit the Sophos blog.

With the rampant rise of mobile phones around the world, carriers and customers have been facing an increase in malware on their devices. China plans to put an end to phone manufacturers installing covert applications, that rack up revenue by sending premium SMS text messages on behalf of the user. Knownsec, a Chinese security company, says that the majority of devices that are plagued by this problem are knock-off phones using Android – since it allows for easy installation of applications before they reach consumer hands.

The Chinese Ministry of Industry and Information Technology have issued a release in which they indicate that carriers and government agencies will begin to implement countermeasures to fight against malware, which includes inspection of handsets and product quality assurance.

A members of China’s National Computer Network Emergency Response Technical Team says “Traditional security threats that exist on the Internet are spreading to mobile handsets, so we must prepare for them in advance”.

Via ITWorld

Image courtesy of F-Secure Archives

A new worm is quickly spreading through the internet, and it’s main target is 500 million Facebook users. When infected, users who visit facebook.com in their browsers are being displayed a message. "Your account is suspended. To make your account active you need to complete one of these surveys". It’s a hoax and a malicious virus that is looking to make money out of Facebook users.

If you have been victim to a shock saying that your account has been suspended when you visit Facebook and have to complete a survey to be eligible to use it again, you are not alone. According to Symantec, a new worm W32.Yimfoca is spreading through computers and targeting Facebook users.

If you have been infected by this worm, you will be shown a message as seen in the screenshot above. The bad part is that you will be locked out of the website as long as the W32.Yimfoca worm exists on your PC. This worm is also capable of locking you out of other websites too. So you might get this popup when you visit Twitter or Gmail in future too.

If you fail to complete the survey you will be presented with this message:

You do not have access to you account because you do not complete any survey. Please come back later and tray again

Thankfully the good news is that the exploit only works with Internet Explorer, so you can safely use other browsers to browse your favorite websites.

Removing this virus is simple, just use a good Antivirus and anti-spyware software on your computer and your PC should be safe. If you don’t know, there are quire a few Free Antivirus software available out there. You might also want to read our guides about securing your PC and keeping your PC safe on the Internet.

There are several online services that will allow you to check files for viruses or malware by uploading the files from your computer. One reason you might use one of these services is that you have downloaded a new program and you want to know if it’s safe to install on your computer. One of the services that I use most often is called Virus Total’.

Virus Total is a free, independent service that will analyze uploaded files with around 40 different antivirus engines. Here is the current list:

AhnLab (V3)
Antiy Labs (Antiy-AVL)
Aladdin (eSafe)
ALWIL (Avast! Antivirus)
Authentium (Command Antivirus)
AVG Technologies (AVG)
Avira (AntiVir)
Cat Computer Services (Quick Heal)
ClamAV (ClamAV)
Comodo (Comodo)
CA Inc. (Vet)
Doctor Web, Ltd. (DrWeb)
Emsi Software GmbH (a-squared)
Eset Software (ESET NOD32)
Fortinet (Fortinet)
FRISK Software (F-Prot)
F-Secure (F-Secure)
G DATA Software (GData)
Hacksoft (The Hacker)
Hauri (ViRobot)
Ikarus Software (Ikarus)
INCA Internet (nProtect)
K7 Computing (K7AntiVirus)
Kaspersky Lab (AVP)
McAfee (VirusScan)
Microsoft (Malware Protection)
Norman (Norman Antivirus)
Panda Security (Panda Platinum)
PC Tools (PCTools)
Prevx (Prevx1)
Rising Antivirus (Rising)
Secure Computing (SecureWeb)
BitDefender GmbH (BitDefender)
Sophos (SAV)
Sunbelt Software (Antivirus)
Symantec (Norton Antivirus)
VirusBlokAda (VBA32)
Trend Micro (TrendMicro)
VirusBuster (VirusBuster)

They keep those engines up to date with the latest virus signatures, and they also offer detailed results from each engine in their reports. Virus Total is available in nearly two dozen languages.

To use this service, you simply visit the web page, click on the file upload button, select the file and wait for it to upload. Once the file is uploaded, you will often have to wait a few minutes for the scan results to appear. If you think that sounds pretty easy to do, you are correct. However, Virus Total now offers an even easier method, the Virus Total Uploader.

After you install the Virus Total Uploader [Windows Only] on your PC, you can right click on a file, then Send tothe Virus Total site.

After a few seconds, your web browser will open up to show you the results of the antivirus tests from Virus Total.

That’s not the only trick that the Uploader has for you. When you launch it from your Start menu, you’ll see three other upload options in it’s interface:

• upload a file by choosing it’s process name
• select a file by browsing to it’s location
• type in the URL of a file on the web

Go to the Virus Total Uploader page to get it.

Techie Buzz Verdict:

Having a good antivirus program installed on your PC is a must have. The ability to double check files using 40 different antivirus engines is not required, but it sure is nice to have. If you’d like to try this application, I recommend it.

Techie Buzz Rating: 4/5 (Excellent)

Guys over at F-Secure labs have reported a new worm in the market – the Merogo SMS worm. This virus spreads through SMS and is named Trojan:SymbOS/MerogoSMS. It works only for s60 v3 devices and is completely incompatible with any other symbian device.

It deploys itself by sending an SMS to every contact in your phonebook. The receiver will see a long message in chinese with a link in it. If you click on that link, you’ll download the infected file and it will once again start sending messages. It also sends SMS to many premium numbers.

Traditionally, no one can install an unsigned app in an S60 device. This worm happens to be a signed app which contains many unsigned apps within it. It installs them when it is being installed itself.

F-Secure is trying very hard to contain this virus as no reports of attacks outside China have been observed. But even then, beware of any Chinese messages.