trojan

Researchers have figured out one way the Stuxnet-like Duqu Trojan is infecting computers--via a Word document that exploits a previously unknown Windows kernel bug.

The installer file is a Microsoft Word document that exploits the kernel vulnerabilty, which allows code to be executed on the infected system, Symantec said in a post on its site. There may be other infection methods used by other Duqu variants that have not been uncovered yet, Kevin Haley, a director with Symantec Security Response, told CNET.

Microsoft is working on a fix, according to Jerry Bryant, group manager for response communications at Microsoft Trustworthy … Read more

Another day, another Trojan. The malware bot called "Tsunami" that has been developed for Linux systems since around 2002 has been found on OS X.

The malware (OSX/Tsunami.A) is a minimal threat, and like other Trojans and backdoors for OS X requires you to manually install it. While it is almost irrelevant to most users, it is out there and has the potential to cause harm for some.

The malware is an IRC bot, which is a program that connects to Internet Relay Chat (IRC) network servers and channels, where it can be controlled as a … Read more

The latest malware scam that has been found for OS X is a fairly obscure installer program that is being disguised as an Adobe Flash Player installer. It was first discovered in late September.

This Trojan horse is a minimal threat. It works by installing a payload executable file on the system and then configures environmental variables on the system so that the payload will be launched when certain applications are opened. The payload then communicates with a remote server in an apparent attempt to steal personal information.

The initial version of the malware installed the payload in various locations … Read more

It looks like a legitimate Netflix app, but it's not. There's an Android app circulating that looks very much like the real Netflix mobile app, but it's actually a Trojan that steals account information.

The fake app, which was found on an online user forum, sends the user's log-in information to a remote server and displays a message saying there is an incompatibility issue with the hardware and then attempts to uninstall itself, according to a Symantec blog post.

The server that was receiving the stolen log-in data appeared to be offline today, Symantec said.

With … Read more

A few weeks ago Intego discovered a new Trojan horse for OS X that poses as an installer for Adobe Flash. The Trojan attempts a somewhat complex attack that involves disabling security features and inserting into existing applications code that attempts to send personal information to remote servers.

This Trojan, called OSX/flashback.A, is one of a few new malware attempts on the Mac platform that have surfaced in the past few months (others being a PDF-based malware attack and another fake Flash installer).

As with any malware attempt, we expect there will be future revisions as the criminals … Read more

A German hacker group says it has found a Trojan program designed for spying on Skype communications that it alleges was used for surveillance by German law enforcement officials but which also has flaws that put the infected computer at risk of serious attack by others.

"The largest European hacker club, 'Chaos Computer Club' (CCC), has reverse-engineered and analyzed a 'lawful interception' malware program used by German police forces," the CCC wrote in a post on its Web site today. "The malware can not only siphon away intimate data but also offers a remote control or backdoor … Read more

The bottom line: An aggressive redesign aimed at making its best-known suite more accessible than before, Avira Free Antivirus 12 combines fast scans with above-average protection for a solid security combo.

Review: Free antivirus maker Avira debuts a laundry list of changes in its latest major update, basically repositioning the suite to remain competitive in the face of tougher competition from other free security suites and a renewed emphasis on performance from paid competitors. From the new breezy installation to the modernized interface and reputable security, the suite has a lot going for it.

However, it notably lacks some features … Read more

Recently a new PDF-based malware threat for OS X was discovered that displays a Chinese PDF file while it installs and runs its malicious code in the background. While the initial version of this malware (OSX/Revir.A) was detected over a week ago, the criminals developing the code are busy revising and refining it, and over the weekend a variant has been identified (OSX/Revir.B). As with all malware, new versions of these threats are likely to surface in the future, and as they do, expect malware detection utilities (including Apple's XProtect) to follow close behind and … Read more

A few months ago security company F-Secure uncovered a Mac Trojan horse that posed as an installer application for Adobe Flash, taking advantage of the popularity of the plug-in to trick users into installing it. After installation, the Trojan would alter the system's hosts file to redirect Google sites to fraudulent servers. Now Intego has discovered a new Trojan for OS X that does pretty much the same thing: masquerades as a Flash Player installer to trick people into installing the program.

Unlike the previous Flash Trojan (called Bash/QHost.WB), which changed one file on the system, this new Trojan is a bit more complex and first deactivates network security features, then installs a dyld library that will run and inject code into applications that the user is running. The Trojan will also try to send personal information and machine-specific information to remote servers.… Read more