Tag Archives: kaspersky

Security researchers dissect Flame’s handling program, find three new viruses ‘at large’

Posted on by

Security researchers dissect Flame's handling program, find three new viruses 'at large'

It seems that there's more than two out-of-control computer viruses roaming around the Middle East. Security researchers think that a further three could be operating "at large," with one positively identified on machines in Iran and Lebanon. Teams from Symantec and Kaspersky have separately found that the Flame malware had the electronic equivalent of a "handler," a program called NEWSFORYOU, which is also in charge of three viruses that are code-named SP, SPE and IP. The two teams have been unsuccessful in finding a sample of the trio for analysis and despite finding a cache of data on a command-and-control server, decoding it is "virtually impossible." While both security companies have declined to point a finger as to their origin, Reuters' sources suggest the United States, while The Washington Post has been told that the project was a joint-enterprise with Israel -- in keeping with the existing narrative that the pair were behind Stuxnet.

Filed under: , ,

Security researchers dissect Flame's handling program, find three new viruses 'at large' originally appeared on Engadget on Mon, 17 Sep 2012 13:51:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceReuters, Kaspersky, Symantec  | Email this | Comments

Spam-happy iOS trojan slips into App Store, gets pulled in rapid fashion

Posted on by

Spamhappy iOS trojan slips into App Store, gets pulled in rapid fashion

You could call it technological baptism of sorts... just not the kind Apple would want. A Russian scam app known as Find and Call managed to hit the App Store and create havoc for those who dared a download, making it the first non-experimental malware to hit iOS without first needing a jailbreak. As Kaspersky found out, it wasn't just scamware, but a trojan: the title would swipe the contacts after asking permission, send them to a remote server behind the scenes and text spam the daylights out of any phone number in that list. Thankfully, Apple has already yanked the app quickly and explained to The Loop that the app was pulled for violating App Store policies. We'd still like to know just why the app got there in the first place, but we'd also caution against delighting in any schadenfreude if you're of the Android persuasion. The app snuck through to Google Play as well, and Kaspersky is keen to remind us that Android trojans are "nothing new;" the real solution to malware is to watch out for fishy-looking apps, no matter what platform you're using.

[Image credit: C Jones Photography (wallpaper)]

Spam-happy iOS trojan slips into App Store, gets pulled in rapid fashion originally appeared on Engadget on Thu, 05 Jul 2012 17:29:00 EDT. Please see our terms for use of feeds.

Permalink MacRumors  |  sourceKaspersky, The Loop  | Email this | Comments

Flame malware extinguishes itself, Microsoft protects against future burns

Posted on by

Flame malware extinguishes itself, Microsoft protects itself from future burns

The folks behind that nasty Flame trojan that burned its way through the Middle East aren't the kind to brag -- the malware's manufacturers apparently started dousing their own fire last week. According to Symantec reports, several compromised machines retrieved a file named browse32.ocx from Flame controlled servers, which promptly removed all traces of the malware from the infected systems. Although the attackers seem spooked, Microsoft isn't taking any chances, and has issued a fix to its Windows Server Update Services to block future attacks. The update hopes to protect networked machines from a similar attack by requiring HTTPS inspection servers to funnel Windows update traffic through an exception rule, bypassing its inspection. The attackers? "They're trying to cover their tracks in any way they can," Victor Thakur, principal security response manager at Symantec told the LA Times, "They know they're being watched." Check out the source link below for the Symantec's run down of the trojan's retreat.

Flame malware extinguishes itself, Microsoft protects against future burns originally appeared on Engadget on Mon, 11 Jun 2012 00:54:00 EDT. Please see our terms for use of feeds.

Permalink LA Times, Electronista, Ars Technica  |  sourceSymantic, Microsoft  | Email this | Comments

Flame malware snoops on PCs across the Middle East, makes Stuxnet look small-time

Posted on by

Image

Much ado was made when security experts found Stuxnet wreaking havoc, but it's looking as though the malware was just a prelude to a much more elaborate attack that's plaguing the Middle East. Flame, a backdoor Windows trojan, doesn't just sniff and steal nearby network traffic info -- it uses your computer's hardware against you. The rogue code nabs phone data over Bluetooth, spreads over USB drives and records conversations from the PC's microphone. If that isn't enough to set even the slightly paranoid on edge, it's also so complex that it has to infect a PC in stages; Flame may have been attacking computers since 2010 without being spotted, and researchers at Kaspersky think it may be a decade before they know just how much damage the code can wreak.

No culprit has been pinpointed yet, but a link to the same printer spool vulnerability used by Stuxnet has led researchers to suspect that it may be another instance of a targeted cyberwar attack given that Iran, Syria and a handful of other countries in the region are almost exclusively marked as targets. Even if you live in a 'safe' region, we'd keep an eye out for any suspicious activity knowing that even a fully updated Windows 7 PC can be compromised.

Flame malware snoops on PCs across the Middle East, makes Stuxnet look small-time originally appeared on Engadget on Mon, 28 May 2012 17:07:00 EDT. Please see our terms for use of feeds.

Permalink Wired  |  sourceKaspersky Securelist  | Email this | Comments

Kaspersky exec calls Mac OS ‘really vulnerable’ (update: clarification from Kaspersky)

Posted on by

Image

The Macintosh is an impenetrable fortress of malware-free computing, right? In recent years, we've certainly seen that image eroded a bit, thanks to a number of nasty outbreaks. And if you listen to Nikolay Grebennikov, the CTO of security software maker Kaspersky, things have the potential to be much worse. The executive told British site Computing that the company was invited to improve Cupertino's security, only to discover that, "Mac OS is really vulnerable." Grebennikov also had some rather unfortunate news for all the iPad and iPhone owners out there, telling the site, "Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS."

Update: So, this is turning into a whole "he said, they pubbed" situation. We reached out to Kaspersky earlier and just received a comment from the security company, which claims that the whole thing was simply taken out of context. Here's the statement. It's a doozy.

On Monday, April 14, computing.co.uk published an article titled "Apple OS 'really vulnerable' claims Kaspersky Lab CTO" that includes an inaccurate quote regarding Apple and Kaspersky Lab. The article reports that Kaspersky Lab had "begun the process of analyzing the Mac OS platform at Apple's request" to identify vulnerabilities. This statement was taken out of context by the magazine - Apple did not invite or solicit Kaspersky Lab's assistance in analyzing the Mac OS X platform. Kaspersky Lab has contacted computing.co.uk to correct its article.

Please refer to the statement below from Nikolay Grebennikov, Chief Technology Officer, Kaspersky Lab, which clarifies this misrepresentation:

"As Mac OS X market share continues to increase, we expect cyber-criminals to continue to develop new types of malware and attack methods. In order to meet these new threats, Kaspersky Lab has been conducting an in-depth analysis of Mac OS X vulnerabilities and new forms of malware.

This security analysis of Mac OS X was conducted independently of Apple; however, Apple is open to collaborating with us regarding new Mac OS X vulnerabilities and malware that we identify during our analysis. Kaspersky Lab is committed to providing the highest level of security for all of our customers, including Mac OS X, and we will continue to enhance our technologies in order to meet the ever-changing threat landscape. "

Kaspersky exec calls Mac OS 'really vulnerable' (update: clarification from Kaspersky) originally appeared on Engadget on Mon, 14 May 2012 11:39:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceComputing  | Email this | Comments

Apple publishes support page for Flashback malware, is working on a fix

Posted on by
Apple publishes support page for Flashback malware, is working on a fix
After the Flashback / Flashfake Mac trojan was exposed by Russian site Dr. Web, Apple has finally responded by publishing a support page about the issue and promising a fix. If you haven't heard by now, the malware exploits a flaw in the Java Virtual Machine, which Oracle pushed a fix for back in February, but Apple didn't patch until a botnet consisting of as many as 650,000 Macs was identified on March 4th. Antivirus maker Kaspersky has confirmed the earlier findings, and released a free tool affected users can run to remove the trojan from their computers. Other than the update already delivered for computers running OS 10.6 and 10.7 Apple recommends users on 10.5 and earlier disable Java in their browser preferences. What isn't mentioned however, is when its fix is incoming or any timetable on its efforts with international ISPs to cut off the IP addresses used by the network. This is not the first time Macs have fallen prey to malware and as their market share grows will likely not be the last, so don't think just opting for OS X is automatically keeping you a step ahead security-wise. Check the links below for more information about what the malware does, and how to get rid of it.

Apple publishes support page for Flashback malware, is working on a fix originally appeared on Engadget on Tue, 10 Apr 2012 21:50:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceApple Support  | Email this | Comments