Tag Archives: Virus

Don’t be Tempted by the Kama Sutra Backdoor Trojan

appleIt’s difficult for some of us to resist clicking links or opening emails with provocative titles. That’s what hackers count on. Recently, one of many successful malware attacks was a file named Real kamasutra.pps.exe. Sophos reported that it really is a PowerPoint slideshow, but don’t get your hopes up. You’d have to infect your computer to see the images.

malwareWhat I will do is warn everyone, once again, not to be fooled by the old double extension trick. Even though you may think .PPS (slideshow), the .EXE on the end of the file makes it an executable file. When it’s launched, the slideshow above actually did display some rather unique images, however, it also installed a backdoor trojan. The trojan, called Troj/Bckdr-RFM, allows hackers to silently gain access to your PC. Once inside they can steal your data, your identity, and use your machine for any number of illegal activities.

Most of the time, you’ll see files with double extensions in email. One of the most famous email exploits was the I LOVE YOU.TXT.VBSfile. The .VBS on the end made it a Visual Basic Script, which installed a virus on millions of PCs back in 2000.

These days, your biggest risks come from clicking shortened links in social networking sites like Twitter and Facebook. Thankfully, most of the short URL providers, like Goo.gl and Bit.ly, try to make sure that the links don’t end up at known bad websites.

If you’ve waited patiently hoping for a glimpse of the images in that Kama Sutra slideshow, visit the Sophos blog.

China Fighting Mobile Malware With Carrier Countermeasures

With the rampant rise of mobile phones around the world, carriers and customers have been facing an increase in malware on their devices. China plans to put an end to phone manufacturers installing covert applications, that rack up revenue by sending premium SMS text messages on behalf of the user. Knownsec, a Chinese security company, says that the majority of devices that are plagued by this problem are knock-off phones using Android – since it allows for easy installation of applications before they reach consumer hands.

The Chinese Ministry of Industry and Information Technology have issued a release in which they indicate that carriers and government agencies will begin to implement countermeasures to fight against malware, which includes inspection of handsets and product quality assurance.

A members of China’s National Computer Network Emergency Response Technical Team says “Traditional security threats that exist on the Internet are spreading to mobile handsets, so we must prepare for them in advance”.

Via ITWorld

Image courtesy of F-Secure Archives

Facebook Account Suspended Hoax Virus Exploiting Users With Surveys

A new worm is quickly spreading through the internet, and it’s main target is 500 million users. When infected, users who visit facebook.com in their browsers are being displayed a message. "Your account is suspended. To make your account active you need to complete one of these surveys". It’s a hoax and a malicious virus that is looking to make money out of Facebook users.

Facebook Account Suspended Hoax

If you have been victim to a shock saying that your account has been suspended when you visit Facebook and have to complete a survey to be eligible to use it again, you are not alone. According to Symantec, a new worm W32.Yimfoca is spreading through computers and targeting Facebook users.

If you have been infected by this worm, you will be shown a message as seen in the screenshot above. The bad part is that you will be locked out of the website as long as the W32.Yimfoca worm exists on your PC. This worm is also capable of locking you out of other websites too. So you might get this popup when you visit or in future too.

If you fail to complete the survey you will be presented with this message:

You do not have access to you account because you do not complete any survey. Please come back later and tray again

Thankfully the good news is that the exploit only works with Internet Explorer, so you can safely use other browsers to browse your favorite websites.

Removing this virus is simple, just use a good Antivirus and anti-spyware software on your computer and your PC should be safe. If you don’t know, there are quire a few Free Antivirus software available out there. You might also want to read our guides about securing your PC and keeping your PC safe on the Internet.

Quickly Scan Any File with 40 Different Antivirus Engines

VirusTotal-icoThere are several online services that will allow you to check files for viruses or malware by uploading the files from your computer. One reason you might use one of these services is that you have downloaded a new program and you want to know if it’s safe to install on your computer. One of the services that I use most often is called Virus Total’.

Virus Total is a free, independent service that will analyze uploaded files with around 40 different antivirus engines. Here is the current list:

AhnLab (V3)
Antiy Labs (Antiy-AVL)
Aladdin (eSafe)
ALWIL (Avast! Antivirus)
Authentium (Command Antivirus)
AVG Technologies (AVG)
Avira (AntiVir)
Cat Computer Services (Quick Heal)
ClamAV (ClamAV)
Comodo (Comodo)
CA Inc. (Vet)
Doctor Web, Ltd. (DrWeb)
Emsi Software GmbH (a-squared)
Eset Software (ESET NOD32)
Fortinet (Fortinet)
FRISK Software (F-Prot)
F-Secure (F-Secure)
G DATA Software (GData)
Hacksoft (The Hacker)
Hauri (ViRobot)
Ikarus Software (Ikarus)
INCA Internet (nProtect)
K7 Computing (K7AntiVirus)
Kaspersky Lab (AVP)
McAfee (VirusScan)
Microsoft (Malware Protection)
Norman (Norman Antivirus)
Panda Security (Panda Platinum)
PC Tools (PCTools)
Prevx (Prevx1)
Rising Antivirus (Rising)
Secure Computing (SecureWeb)
BitDefender GmbH (BitDefender)
Sophos (SAV)
Sunbelt Software (Antivirus)
Symantec (Norton Antivirus)
VirusBlokAda (VBA32)
Trend Micro (TrendMicro)
VirusBuster (VirusBuster)

They keep those engines up to date with the latest virus signatures, and they also offer detailed results from each engine in their reports. Virus Total is available in nearly two dozen languages.

To use this service, you simply visit the web page, click on the file upload button, select the file and wait for it to upload. Once the file is uploaded, you will often have to wait a few minutes for the scan results to appear. If you think that sounds pretty easy to do, you are correct. However, Virus Total now offers an even easier method, the Virus Total Uploader.

After you install the Virus Total Uploader [Windows Only] on your PC, you can right click on a file, then Send tothe Virus Total site.

virus-total-uploader-context-sendto-menu

After a few seconds, your web browser will open up to show you the results of the antivirus tests from Virus Total.

That’s not the only trick that the Uploader has for you. When you launch it from your Start menu, you’ll see three other upload options in it’s interface:

virus-total-uploader-main-interface

  • upload a file by choosing it’s process name
  • select a file by browsing to it’s location
  • type in the URL of a file on the web

Go to the Virus Total Uploader page to get it.

Techie Buzz Verdict:

Having a good antivirus program installed on your PC is a must have. The ability to double check files using 40 different antivirus engines is not required, but it sure is nice to have. If you’d like to try this application, I recommend it.

techiebuzzrecommendedsoftware1

Techie Buzz Rating: 4/5 (Excellent)

Virus Alert!! Merogo Worm is Searching for Symbians

Guys over at F-Secure labs have reported a new worm in the market – the Merogo SMS worm. This virus spreads through SMS and is named Trojan:SymbOS/MerogoSMS. It works only for s60 v3 devices and is completely incompatible with any other symbian device.

It deploys itself by sending an SMS to every contact in your phonebook. The receiver will see a long message in chinese with a link in it. If you click on that link, you’ll download the infected file and it will once again start sending messages. It also sends SMS to many premium numbers.

Traditionally, no one can install an unsigned app in an S60 device. This worm happens to be a signed app which contains many unsigned apps within it. It installs them when it is being installed itself.

F-Secure is trying very hard to contain this virus as no reports of attacks outside China have been observed. But even then, beware of any Chinese messages.

Vodafone Admits That 3000 HTC Magic Handsets Were Distributed With Virus

Vodafone has finally decided to come clean. In a stark departure from their original claim, Vodafone has now admitted that as many as 3000 brand new HTC Magic handsets (sold in Spain) might be infected with Mariposa bot client.

Mobile-Virus The incident first came to light when Panda Security spotted Mariposa bot clients in the memory card of a HTC Magic set sold by Vodafone. Initially, the telecom giant tried to dismiss the event as an isolated incident. However, that theory was blown to shreds when Panda Security identified malware infections in another brand new HTC Magic handset purchased from Vodafone’s online website.

Vodafone has promised to get in touch with affected customers and will be providing them a new memory card. It will be providing instructions for how customers can access the free Panda online scan. Additionally, if will offer security suites to anyone whose system has been infected due to the memory device.

Mistakes can happen, but as far as mistakes go, distributing malware to thousands of users is amongst the more serious kind. It is nice to see Vodafone taking responsibility for their mistake and trying to redeem the situation. However, they still have some explaining left to do. What we really want to know is – How did this happen?

Image credit: Novarider.com

Hey Vodafone! You Better Buy a Virus Scanner

Vodafone, you screwed up. And, it was not an isolated incidence, as you would have us believe. Now admit it, and get your act together.

Mobile-VirusEarlier in the month, Panda Research had uncovered a Mariposa bot client in a brand new handset delivered by Vodafone. This unsettling revelation received widespread media coverage and prompted an employee of the Spanish IT security company S21Sec to scan his own phone. You have probably guessed the result by now. Yeah, much to his surprise, he found malwares on his own phone.

The HTC Magic handset in question is brand new and was ordered from the official Vodafone website. Analysis by the Panda Research team revealed that the handset was infected on March 1st, 2010, approximately a week before the handset was delivered by Vodafone.

A second occurrence is particularly unsettling because it indicates that the problem might be more widespread than initially reported. Vodafone has already pulled the HTC Magic, but they still have plenty of explaining to do.

Image credit: Novarider.com

Vodafone distributes Mariposa Bot, Conficker and Lineage in HTC Magic

Viruses and malware are not new to mobile devices, however, in a somewhat startling revelation, Panda Research blog discovered that Vodafone is distributing the Mariposa bot, Conficker and Lineage password stealing malware with HTC Magic phones.

mobile_virus

The vulnerability was found in HTC Magic phone running the OS which was supplied by Vodafone Germany (based on the screenshots and German language used on the computer of the Panda AV employee). The alert was triggered by Panda Cloud AV, when the phone was plugged into the PC via USB.

Malicious code was found in the Autorun files, which automatically runs when a USB drive is connected to a PC. The malware in question was identified as Mariposa bot client, which is run by an unknown guy named "tnls". If users are infected with the virus it will automatically start contacting servers and sending data to them.

Also Read: Prevent Autorun.inf From Running on Inserting a USB Drive

In addition to the above bot, the researcher also found traces of Conficker virus along with a password stealing malware called Lineage. There were no reports about the phone being affected by the above, but PCs without appropriate protection would definitely be vulnerable to these viruses.

It is really startling to see that both Vodafone and HTC allowed these phones to be sold without extensive testing and checks. It is not known as too how many phones are affected, however, it is a safe bet to connect your phone to your PC (with AV running), and running a quick scan on the contents of the phone.

We have contacted Vodafone and HTC for a statement, will update this post when more information becomes available.

Image Credit: Novarider.com

Dangerous Virus Spreads Through Fake Facebook Password Reset E-mail

Facebook-Logo Viruses spreading through social media networks is nothing new. The latest incarnation is masquerading as Facebook password reset emails. This particular e-mail claims that your Facebook password was reset to protect you and the new password has been attached to the e-mail. As you may expect, once the attachment is opened your PC will be infected with malware.

The malware in question is a trojan horse called Bredolab. This trojan injects itself into the explorer.exe process and runs the svchost.exe process. Bredolab itself doesn’t cause any further damage. However, it quietly operates in the background and downloads additional payloads (which can be rogue antispyware software or other malware) without your permission.

While it is common knowledge that one should never download attachments received from unknown sources, many users may still fall for this scam. Irrespective how authentic an e-mail appears, if it asks you to download an attachment something is bound to be fishy. Facebook will never send your password as attachments. And if you didn’t reset your password, then you shouldn’t be receiving a password reset email. Spread the message and prevent your friends and family from becoming victims.

via SoftSailor

Automatically Update or Schedule AVG Virus Definition Updates

AVG is no doubt one of the most popular free antivirus software available today. The free version of the leaner and meaner AVG 9 is just around the corner. However, one big issue with AVG is that, it performs virus updates only once on startup.

Users have an option to keep the virus definitions up-to-date manually. However, doing this manually can become a tedious task.  New vulnerabilities keep cropping up every minute, and Antivirus companies keep updating their virus definitions to prevent attacks from them. Keeping the virus definitions updated on your PC, is very critical thing, without which you will not be protected against new virus variants.

avus_avg_virus_definition_updater

AVUS (Anti-Virus Update Service) is a small for AVG, which runs in the background and automatically runs the virus update service in AVG 8.5. Using AVUS, you can schedule AVG software and virus definition updates to run after certain intervals.

Once you setup a schedule, AVUS will run at the scheduled interval and run the AVG update service to update the software and virus definitions. You can also use AVUS to start and stop the AVG update service.

To make sure that your Virus definitions is updated everytime, you can choose to run AVUS on system startup. This tool is definitely useful to keep AVG updated, without having to manually do it everytime.

Download AVUS

[via]