Articles about Malware

Security issues with Word documents are nothing new, but they have a tendency to rely on macros -- something which users have learned to become very wary of. But now security firms FireEye and McAfee have discovered a new attack strategy that takes advantage of Windows Object Linking and Embedding (OLE).

The attack can be used to infect even a fully patched computer with malware, and it is believed to be effective in most -- if not all -- versions of Microsoft Word, and Windows 10 offers no protection. The 0day works by using code embedded in a document to pull in malware from a remote server, using various techniques to hide what is going on.

Continue reading →

A third (36 percent) of companies in the UK that have been victims of a ransomware attack are not "very confident" they managed to completely eradicate the malware from their systems, according to a new report by Citrix.

The report also shines new light on just how prevalent and dangerous ransomware attacks really are. One in three UK businesses have had more than 100 of their devices affected by ransomware recently.

Continue reading →

The latest batch of documents published by WikiLeaks as part of its Vault 7 CIA series purportedly reveals the tools used by the agency to create malware for Windows. The Grasshopper framework is revealed in 27 documents, and they show how to create Windows installers with a malware payload.

Importantly, Grasshopper allows for the easy creation of custom malware delivery options, dependant on the operating system and virus protection detected on a target machine. The documents show that the CIA repurposed malware from Russian and Italian organized crime groups.

Continue reading →

Today, WikiLeaks publishes the third installment of its Vault 7 CIA leaks. We've already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone exploits.

Now we have Marble to look at. A collection of 676 source code files, the Marble cache reveals details of the CIA's Marble Framework tool, used to hide the true source of CIA malware, and sometimes going as far as appearing to originate from countries other than the US.

Continue reading →

Despite 39 percent of businesses suffering an SSL-based attack in 2016, only 25 percent feel confident in their ability to deal with one according to a new study.

The report from cyber security company Radware shows that cyber attacks are becoming the norm, with 98 percent of organizations experiencing some form of attack in 2016.

Continue reading →

A modified version of a threat that first appeared in 2014 is successfully targeting users in Latin America according to the SPEAR research team at threat prevention specialist Cylance.

Attackers using the El Machete malware -- first identified by Kaspersky -- have moved to new C2 (command and control) infrastructure, based largely around dynamic DNS domains, in addition to making some minimal changes to the malware in order to evade signature-based detection.

Continue reading →

Earlier this week, Storm Stella not only left parts of the North East US with up to three feet of snow, it led to an increase in malware infections too.

According to data released by Enigma Software, the company behind SpyHunter, infections jumped by between 15 and 90 percent in some areas hit hard by the storm.

Continue reading →

Microsoft's Malware Protection Center has identified a new wave of NSIS (Nullsoft Scriptable Install System) installers that seek to evade detection by burying malware deeper in the code.

The changes have been seen in installers that drop ransomware like Cerber, Locky, and others. The installers try to look as normal as possible by incorporating non-malicious components that usually appear in legitimate installers.

Continue reading →

Despite being based on the very secure Linux kernel, Android isn't necessarily a very secure operating system. Unlike iOS which does a great job of shielding its users from installing apps from outside Apple's own App Store, it is far too easy to do so on Google's mobile OS. Also, there is nothing requiring manufacturers to issue device updates, meaning many users are forced to use outdated and vulnerable versions of the operating system.

For the most part, however, Android users can remain safe by acting intelligently, such as only installing apps from the Play Store. Well, that might not be so true anymore. You see, it has been discovered that many models of Android smartphones -- from manufacturers such as Samsung, LG, and even Google's own Nexus line -- are being sold with malware pre-installed. This is particularly bad malware, as it can steal user information. Some devices even came pre-loaded with ransomware!

Continue reading →

The Vault 7 leaks this week suggest that the CIA has been able to exploit vulnerabilities in a wide range of popular hardware and software, including Windows, macOS and Linux. One of the suggestions is that the agency produced EFI (Extensible Firmware Interface) rootkits for MacBooks called DarkMatter.

To help calm the fears of MacBook owners, Intel Security has pushed out a tool to check for such rootkits. Apple issued a statement earlier this week indicating that it had addressed "many of the issues" exposed by WikiLeaks, but Intel Security's further intervention will bring some peace of mind to concerned users.

Continue reading →

When your job is writing about technology you get used to receiving the somewhat off the wall ways companies come up with to promote their products.

Kaspersky's latest endeavour though had us scrambling for the calendar to check whether it was April 1st, as the company is launching a fragrance. Described as 'threatening yet provocative' the rather disturbingly named Threat de Toilette comes, like all the best scents, in pour femme and pour homme versions.

Continue reading →

Security researchers from Kaspersky Lab have found a very powerful malware, one which is capable of completely wiping the contents of a disk. Announcing the finding, the security company says the malware, which it dubbed StoneDrill, was found on just two machines so far, one in the Middle East, and one in Europe.

The researchers claim StoneDrill is both similar and "very different and more sophisticated" than another wiper malware -- Shamoon 2.0. They actually stumbled upon StoneDrill while investigating Shamoon 2.0.

Continue reading →

Advertising agencies, search engines and cybersecurity specialists should work collectively to tackle the security threat from rising malvertising.

According to Ben Williams, head of operations and communications at Adblock Plus unless this happens more users will be exposed to potential security compromises such as malware and phishing, and this will drive further adoption of adblockers as a solution to these threats.

Continue reading →

Mobile malware detection almost tripled in 2016 and advertising Trojans exploiting super-user rights became the top threat.

These are among the findings of Kaspersky Lab's 2016 Mobile Threat report released today, which looks at reports generated by the company's mobile products.

Continue reading →

The Necurs botnet is one of the largest around at the moment and is principally known for sending spam including the Locky ransomware.

However, new research from BitSight's Anubis Labs has uncovered a new component being loaded in infected systems that allows it to use bots to enable proxy communications and perform DDoS attacks.

Continue reading →