Articles about Malware

Stagefright was one of the biggest and most worrying security vulnerabilities to be discovered in Android for quite some time. Affecting the mediaserver component, Stagefright allowed for the remote bricking of devices with nothing more than a message. Now a new, yet-to-be-named vulnerability has been discovered in the same component, specifically the AudioEffect element.

Known as CVE-2015-3842, the vulnerability allows a hacker to run their own code on a phone using whatever permission they want. Security researchers at TrendMicro discovered the vulnerability and explain that it can be implemented by simply tricking users into installing a specially-designed app that has no permission requirements and is therefore unlikely to raise suspicions.

Continue reading →

We all know that virus infections are a pain, not only do they disrupt your work they can also be hard to remove as they often prevent you from downloading or running cleanup tools or even from accessing Windows.

If you don’t have access to a friendly geek with the right tools you can be faced with hours of work or even having to wipe out and reload your machine.

Continue reading →

Lenovo is no stranger to bloatware, but the latest crapware calamity is cut from a slightly different cloth. In a bid to ensure that its software is installed on its computers, Lenovo BIOSes feature a tool that automatically downloads and installs bloatware even after a clean installation of Windows.

The issue is not entirely new, having been brought to light on Ars Technica's forums, but there is renewed interest in the topic following the launch of Windows 10. Lenovo is making use of a little-known feature called the Window Platform Binary Table which can be used by manufacturers to stealthily install software via the BIOS. The 'feature' is seen by many as amounting to little more than a rootkit, and blame has been laid at the doors of both Lenovo and Microsoft.

Continue reading →

According to a new report by endpoint security specialist Invincea malvertising is causing more than $1 billion worth of damage each year.

Based on data gathered in the first six months of this year the company detected and blocked approximately 2,100 malvertising attacks against its customers, representing 2.1 million malicious advertisements. Invincea estimates this caused $525 million of damage in repair and recovery expense, excluding the impact of any data breaches.

Continue reading →

If you've added your mobile number to your Facebook account, you might want to reconsider in light of a new security exploit. A software engineer was able to access user data just by entering their mobile number. Profile pictures, names and locations were all accessible even for users who had not made their number public.

There is potential for such harvested data to be misused by malicious parties, as it provides an easy way to link a mobile number to an individual. Reza Moaiandin was able to use a special tool to quickly generate tens of thousands of numbers which, when passed through a Facebook API, fed back the associated user profiles.

Continue reading →

Today, data breaches are nothing short of the norm. Organizations like Target, Home Depot, and even the United States Government have fallen victim to cyber criminals illegally accessing and tampering with the sensitive data in their private systems. While cloud computing has simplified the way organizations manage data, it has also made it easier than ever for hackers to gain access to systems and get their hands on critical corporate information.

Of all the players taking part in today’s cyber crimes, malware authors are among the most powerful. Not only are they able to create new ways to steal sensitive information, they are also making the existing types of malware stronger and more effective. As malware becomes increasingly sophisticated, more and more household names and large corporations are becoming data breach victims. As result, headlines are flooded with news of the latest threats to be on the lookout for. Here are some of the top malware threats that companies should have on their radar and be prepared for.

Continue reading →

Macs have long been touted as being immune to viruses and malware -- but there have been plenty of vulnerabilities that show this to be a fallacy. Apple's own claims that its hardware was not susceptible to the same firmware security flaws as PCs served only to encourage people to prove the company wrong.

At Black Hat USA on Thursday, researchers will demonstrate that not only can Macs be remotely infected with malware, but that this malware can survive a user formatting the system. In a talk at the InfoSec event in Las Vegas that focuses on all manner of security topics, Trammell Hudson, Xeno Kovah, and Corey Kallenberg will show that Macs are just as vulnerable to remote attacks as PCs using the Thunderstrike 2 backdoor.

Continue reading →

The world of computer viruses has changed drastically over the last 25 or so years. In the early days, internet users were very naïve towards email attachments, contributing to the alarming speed that viruses could spread across the globe.

These days, viruses very rarely land in our inboxes due to preconfigured firewalls and strict measures from the likes of Gmail and Outlook.

Continue reading →

At the beginning of this year the RIG exploit kit had its source code leaked online by an unhappy reseller. This led to a hit in its success rate as security company Trustwave published details of its workings.

Trustwave has revealed today at BlackHat that RIG's authors have been working on a new RIG 3.0 version. The company's researchers say there are now up to 1.25 million victims worldwide and more than 3.6 million attack attempts. A remarkable success rate of 34 percent.

Continue reading →

Since news and entertainment websites are amongst the most popular on the net, it's not surprising that they're more likely to play host malicious adverts.

A new report by Bromium Labs reveals that more than half of malvertising is unknowingly hosted on news and entertainment websites. 58 percent of online adverts with hidden malware were delivered through news websites (32 percent) and entertainment websites (26 percent). Major websites unknowingly hosting malvertising included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com.

Continue reading →

When Hacking Team was hacked, a massive cache of data was leaked, including the source code for government-strength surveillance tools. Hacking Team warned that the code could have fallen into terrorist hands, but then backtracked slightly to say that any code that had been obtained was incomplete and out of date.

We already know that the company managed to sneak malicious apps into Google Play, and you might be concerned that some of its malware has made its way onto your computer. To help put minds at rest -- hopefully -- Rook Software has released a tool to seek out Hacking Tool malware.

Continue reading →

Italian security and surveillance company Hacking Team was most famed for supplying monitoring tools to governments around the world, but a recent security breach revealed the inner workings of the outfit. Sifting through the leaked data revealed not only spying tools and Flash vulnerabilities, but also Android apps with backdoors.

Security experts from Trend Micro found that spyware from Hacking Team was released to Google Play, bypassing checks that are usually performed. BeNews was a fake news apps -- now removed from the store -- that could be used to download remote access software to Android devices running anything from Froyo to KitKat.

Continue reading →

Since the advent of personal computing, games and malware have developed more or less side by side. Today the world of gaming has become intertwined with malware as cyber criminals have turned game theft into something much more lucrative.

The digital world, as we know it today, can be a dangerous place, to bring these issues to light anti-malware company Webroot has teamed up with the new movie PIXELS, released on July 24, to issue an infographic on the history of malware and gaming.

Continue reading →

Tests carried out by independent security labs AV-Test show that Microsoft is at the bottom of the league when it comes to enterprise security and virus protection. The tests pitted 11 security solutions against each other, and Microsoft's Endpoint Protection 2012 from the Microsoft Management Suite System Center 2012 was found to offer the weakest protection.

In both enterprise network security tests and virus detection tests, Microsoft trailed behind the competition in eleventh place. What's particularly concerning is that as the tool tested is bundled software, it's likely that it is precisely what many businesses are relying on for protection.

Continue reading →

Chrome users who download torrents may be thinking about switching to a different browser. Google's web browser is now blocking access to a number of big name torrent sites. This is not a case of Google taking the moral high ground about the rights and wrongs of torrenting, but part of the search giant's security program to protect users from "harmful programs".

Starting yesterday, downloaders found that access was blocked to ExtraTorrent and KickassTorrents, although the block was later lifted. The block remains in place for other torrent sites including kat.cr. Upon attempting to visit an affected site, would-be torrenters are greeted by a red, full-screen security warning that advises of the potential danger of the site in question.

Continue reading →