Malware

New Trojan attempts SMS fraud on OS X users

The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud.

The new malware is a Trojan horse, dubbed "Trojan.SMSSend.3666," and is part of a family of Trojan malware for Windows and other platforms that have affected Windows users for years.

As with all Trojans, these pose as legitimate programs that are made available for download from a number of underground Web sites, with this current one for OS X appearing to be an installer for a program called VKMusic 4, a utility whose … Read more

GhostShell claims breach of 1.6M accounts at FBI, NASA, and more

Team GhostShell, the hacktivist collective, said today that it has stolen accounts from a large number of government agencies, contractors, and security firms, posting information from 1.6 million accounts online.

Dubbed Project White Fox, the hacking project appears to have affected NASA, the FBI, the Pentagon, and Interpol, among many others. The hackers announced their work in a file posted on Pastebin.

Our colleagues at ZDNet report:

The file dump, upon closer inspection, seems to include a number of records obtained via SQL injection. A random selection of the files contain email and home addresses, defense material tests and … Read more

Windows 8, RT to receive more critical patches next Tuesday

Windows 8 and RT are set to receive their second lineup of bug fixes when next week's Patch Tuesday rolls around.

The patches are also aimed at the other current versions of Windows, including XP, Vista, and Windows 7, as well as Server 2003 and 2008.

Five of the patches are rated critical, while two are deemed important. The critical ones are designed to shore up holes in the OS that could allow an attacker to infect a PC with malicious code.

Assuming Windows Update is set to automatic, critical patches are automatically installed, while those considered important can … Read more

Zeus botnet steals $47M from European bank customers

A new version of the Zeus botnet was used to steal about $47 million from European banking customers in the past year, security researchers report.

Dubbed "Eurograbber" by security vendors Versafe and Check Point Software Technologies in a report (PDF) released today, the malware is designed to defeat the two-factor authentication process banks use for transactions by intercepting bank messages sent to victims' phones.

A variant of the Zeus malware used to steal more than $100 million, Eurograbber typically launched its attack when a victim clicked on a malicious link most likely included in a phishing attempt. After … Read more

New Mac malware spreading from Dalai Lama tribute site

A new piece of Mac malware has been discovered on a Web site linked to the Dalai Lama, using a well-documented Java exploit to install a Trojan on visitors' computers and steal personal information.

Dubbed "Dockster," the malware was found lurking on Gyalwarinpoche.com, according to security research firm F-Secure. The malware takes advantage of the same vulnerability exploited by the "Flashback" malware to install a basic backdoor that allows the attacker to download files and log keystrokes.

(For more technical information about how the malware operates, see this report by my colleague Topher Kessler.)

Although &… Read more

New Mac malware uses OS X launch services

Security company Intego is reporting the discovery of a new malware package for OS X. The package is a Trojan horse called OSX/Dockster.A, that appears to have keylogging features to record what is being typed on an infected system in addition to remote-access features for backdoor access into the system. When installed, the Trojan attempts to contact the server "itsec.eicp.net," likely to receive instructions for allowing remote access to the system.

As with other recent malware for OS X, Dockster is a Java-based threat that will not run unless you have Java installed on … Read more

Massive worm hits Tumblr, spams big blogs like USA Today

A massive bug swept Tumblr today and infected some of the biggest blogs -- including USA Today, Reuters, The Verge, and CNET -- until Tumblr resolved the issue shortly before 10:30 a.m. PT.

GNAA, a hacker group, claimed responsibility for the attack. The group's Twitter profile earlier today said 8,600 unique Tumblr users were affected.

Tumblr didn't explain what happened but said in a blog post that no accounts were compromised, and users didn't need to take any further action.

"Our sincere apologies for the inconvenience," the company said. "As always, … Read more

Security Essentials fails latest AV-Test

Updated Monday, December 3, 2012, at 11:45 a.m. PDT with comment from Microsoft.

Updated Friday, November 30, 2012, at 1:00 p.m. PDT with comment from AV-Test.org.

In a month of uneven Windows 8 news and reviews, Microsoft is taking another hit. This time, its freeware Security Essentials finds itself in the crosshairs.

Independent German security suite evaluators AV-Test.org publish bimonthly tests that rate the effectiveness of the biggest Windows security suites out there, and the recently published results showed that MSE failed to earn certification on the most recent test. MSE was the only … Read more

E-mailed malware disguised as group coupon offers on the rise

Be sure to double check that Groupon you received in your e-mail -- spammers are using the popularity of e-mailed advertisements for group discount deals to send more malware.

The rise of malware through fake e-mail advertisements and notifications are on the rise, according to a study released today by security firm Kaspersky Lab.

"They are primarily doing so by sending out malicious e-mails designed to look like official notifications. Kaspersky Lab is seeing more and more malicious spam designed to look like coupon service notifications," the report said.

The firm said it also noted these coupon spam … Read more