Betabeat » trojans

Sorry, Forever Alones: Those Bikini Pics in Your Inbox Probably Contain Malware

Jessica Roy — Wed, 02 Jan 2013 09:07:56 -0400

(Photo: Emsi Soft)

Did you receive an email this holiday season from a kind-hearted woman who just wanted to celebrate Christmas by sending random strangers pictures of herself in skin-bearing bikinis? Free noodz from an anonymous hottie seemed too good to be true! And indeed, it was.

Sophos' Naked Security reports that malware is currently circulating via screensavers of bikini shots landing in the inboxes of hapless Internet folks.

According to Naked Security, a malicious Trojan horse is embedded within an executable screensaver file sent by a woman who claims to have attached those bikini pics she promised you. If you open it expecting to see a sexy screensaver, all you'll get is a computer full of malware.

If a lady didn't actually promise you pics of herself in a bikini, probably don't open the email. Plus, if you're that starved for naked lady pics, might we suggest you explore the Internet outside of your work inbox?

Researchers Find New Mac Keylogging Trojan on Site About Dalai Lama

Steve Huff — Mon, 03 Dec 2012 13:42:21 -0400

Now more hackable. (Photo: Monday Note)

Dockster is a recently discovered Mac-based malware program that functions as a keylogger, among other things. It's also a trojan, which means it can hide on a host computer quietly recording every keystroke before it contacts a remote server for further instructions. Dockster is considered "low risk," but it has been found embedded on gyalwarinpoche.com--a site dedicated to the Dalai Lama.

F-Secure confirmed the infection and reported that Tibetan sites appear to be frequent targets for similar exploits:

This is not the first time gyalwarinpoche.com has been compromised and it certainly isn't the first time Tibetan related NGOs have been targeted.

Researchers also say that the Mac malware found on this and other Tibetan sites are "very unlikely to be encountered 'in-the-wild' by day to day Mac users."

Don't rest easy assuming these sneaky programs are isolated, state-sponsored efforts targeting one prominent figure or one beleaguered nation like Tibet. As illustrated by this April report from Kaspersky Lab on the SabPub Mac trojan, cyber attackers are finding their way into Macs for a wide variety of reasons. Mac holdouts who have abstained from downloading antivirus software may have some thinking to do.

Beware Malicious Twitter DMs Directing to Facebook Videos

Steve Huff — Tue, 25 Sep 2012 12:27:53 -0400

A new malware attack via Twitter's direct messaging system apparently tries to lure unwitting users into clicking infected links that appear to go to a Facebook video. As Naked Security reports, the DMs are worded to provoke, using phrases like "you even see him taping u thats awful." Many people will impulsively click at that point. This is what happens next:

Users who click on the link are greeted with what appears to be a video player and a warning message that "An update to Youtube player is needed". The webpage continues to claim that it will install an update to Flash Player 10.1 onto your computer.

According to Naked Security, the program the page asks you to download actually contains a Trojan (Troj/Mdrop-EML) which can secretly spread to your computer and any shared drives on your network.

Enigma Software describes this trojan as a "parasite" and says users can tell if the malware has infiltrated their system if they have trouble opening Windows programs, particular software intended to root out spyware.

Disturbingly, it's not clear how the Twitter profiles used to send the malicious DMs were breached.

Naked Security recommends owners of compromised accounts change their passwords and study all the applications that currently have authorization to access your profile, revoking those you do not need.

Common sense should help as well--if a friend with an English degree sends you a DM reading, "haha look at u in this u look stoopid," chances are good their account has been hacked. Because really, we've had enough social media panic for the week.

Symantec: Anonymous Has Hacked Anonymous, Anon Bank Information In Danger

Steve Huff — Sat, 03 Mar 2012 00:20:37 -0400

Participating in Anonymous Ops can be more dangerous to Anons than they previously realized: one enterprising Anon may have recently used a DDoS attack to spread malware that could steal the bank information of his or her fellow hackers.

After the Jan. 20 raid on Megaupload, a law enforcement sting that drew the immediate anger of Anonymous hackers, an unnamed attacker took a distributed denial-of-service (DDoS) attack tool called Slowloris, popular with Anonymous supporters, and rigged it to include the Zeus Trojan, a devious piece of malware used to siphon victims' online banking credentials.

The trojan-infected Slowloris was included in a list of Anonymous-approved DDoS tools released in anticipation of Operation Megaupload, which targeted the Department of Justice, F.B.I. and Recording Industry Association of America (R.I.A.A.), to name a few.

According to Symantec, anyone who acquired the compromised DDoS tool may have also compromised their banking account.

Symantec put a fine point on just how perilous the situation might be for some Anons:

Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen.

Symantec waxed apocalyptic about the combination of malware and hacktivism, calling it a "dangerous development."

Anonymous may take all this with a grain of salt, however, considering they were negotiating with Symantec as recently as early February over a 2006 hack of the source code to Symantec's pcAnywhere.

So it goes.