Java Vulnerability Exposed OS X Machines To Flashback Trojan

Subject: General Tech | April 5, 2012 - 07:47 PM |
Tagged: apple, OS X, Java, trojan, flashback, botnet

Recently, word of a java bug that allowed malware -- namely a trojan known as “Flashback” -- to sneak onto OS X machines started making its way around the Internet. This piece of malicious code even managed to get its claws into Apple’s OS X operating system. Bit-Tech reports that a Russian anti-virus company known as Dr.Web has identified more than 550,000 OS X computers as taking part in a botnet -- a network of computers executing malicious code in unison, which can be used to DDoS websites, assist in harvesting information, and recruit new members to the nefarious network.

Apple Macbook Air 11 Inch.png

Located primarily in the United States, Canada, and the UK the Flashback trojan infected a number of computers and granted immediate access to the attackers. They estimate 56.6% of the infected computers were located in the US while 19.8% were in Canada and 12.8% where stationed int he UK. This makes for a very widespread infection, and it has taken Apple a few weeks to push out a patch.

If you are reading this on a Mac, don’t panic. Be sure to apply the recent Apple update, and double check that your Java version you are running is Java 6 update 31. Even if you are on a Windows machine, make sure you are using the latest version of Java to keep you as secure as possible. Identifying if you are already affected is a bit tricky, but Digital Trends has posted instructions on how to find out if you are infected and provided links to several methods of virtual bug spray to get rid of the malware.

While this does not suddenly mean OS X is a buggy wasteland full of vulnerabilities as some articles have suggested, it is a gentle (and rather horrid for those that are infected) reminder to be safe out there on the Internet and that a little anti-virus combined with safe browsing habits can go a long way to keeping you safe whether you are a Windows, Mac, or Linux user. Even if it is AV that you only run every now and then and doesn’t run all the time, it can provide a bit of piece of mind by letting you know your system is clean. Also, if you have to use Java, keep it updated along with all your other programs.

Source: Bit-Tech

Oh joy the BIOS level trojan is finally here

Subject: General Tech | September 13, 2011 - 10:00 AM |
Tagged: security, fud, bios, trojan, bmw

You do not want BMW; it is a Trojan that uses your master boot record and your BIOS to ensure that it remains on your system so even after a format and reinstall of Windows it will still be infecting you.  It originally infects winlogon.exe on Windows XP and Server 2003, and to wininit.exe on Windows 7 and Vista but once it is on it installs and uses HOOK.ROM at the BIOS level to check to see if it has been uninstalled and if so it will reinstall itself.  The Register points out that in this case the enormous variety of BIOS setups is a good thing as it ensures that any BIOS level virus will always be limited in scope even if it is a vulnerability shared by a single BIOS type.

biohazard.png

"SECURITY RESEARCHERS at Chinese antivirus firm 360 have identified a piece of malware that installs rogue code into the BIOS of targeted computers.

Dubbed BMW by 360 and Mebromi by other security vendors, the threat has separate components for the operating system, the master boot record (MBR) and the system BIOS."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

New Trojan.Badminer Malware Steals Your Spare Processing Cycles To Make Criminals Money At Your Expense

Subject: General Tech | August 17, 2011 - 08:02 PM |
Tagged: trojan, opencl, mining, Malware, gpgpu, bitcoin

A new piece of malware was recently uncovered by anti-virus provider Symantec that seeks to profit from your spare computing cycles. Dubbed Trojan.Badminer, this insidious piece of code is a trojan that (so far) is capable of affecting Windows operating systems from Windows 98 to Windows 7. Once this trojan has been downloaded and executed (usually through an online attack vector via an unpatched bug in flash or java), it proceeds to create a number of files and registry entries.

bitcointrojan.png

It's a trojan infected bitcoin, oh the audacity of malware authors!

After it has propagated throughout the system, it is then able to run one of two mining programs. It will first search for a compatible graphics card, and run Phoenix Miner. However, if a graphics card is not found, it will fall back to RPC miner and instead steal your CPU cycles.  The miners then start hashing in search of bitcoin blocks, and if found, will then send the reward money to the attacker’s account.

It should be noted that bitcoin mining itself is not inherently bad, and many people run it legitimately. In fact, if you are interested in learning more about bitcoins, we ran an article on them recently. This trojan on the other hand is malicious because it is infecting the user’s computer with unwanted code that steals processing cycles from the GPU and CPU to make the attacker money. All these GPU and CPU cycles come at the cost of reduced system responsiveness and electricity, which can add up to a rather large bill, depending on where you live and what hardware the trojan is able to get its hands on.

Right now, Symantec is offering up general tips on keeping users’ computers free from the infection, including enabling a software firewall (or at least being behind a router with its own firewall that blocks unsolicited incoming connections), running the computer as the lowest level user possible with UAC turned on, and not clicking on unsolicited email attachments or links.

If you are also a bitcoin miner, you may want to further protect yourself by securing your bitcoin wallet in the event that you also accidentally become infected by a trojan that seeks to steal the wallet.dat file (the file that essentially holds all your bitcoin currency).

Stay vigilant folks, and keep an eye out on your system GPU and CPU utilization in addion to using safer computing habits to keep nastly malware like this off of your system.  On a more opinionated note, is it just me or have malware authors really hit a new low with this one?

Source: Symantec