Posts Tagged ‘AV’

Most Unique Viruses of 2012

Posted: January 2, 2013 in Cyber Crime, Hacking
Tags: , , , , , , , , , ,
0

tv-virus

Rather than a ranking of the most widespread viruses, or those that have caused most infections, these viruses are ones that deserve mention for standing out from the more than 24 million new strains of malware that emerged.

Police virus: This strain of malware caused most headaches for users and IT departments alike. It purports to show a message from the police telling users that their computer has been blocked – which it has – because they have supposedly downloaded illegal material. To recover their systems, users are asked to pay a fine. The most recent versions even show images taken with the user’s webcam, making the scam all the more realistic.

Flame: A close relative of Stuxnet, Flame is one of the most powerful cyber-war tools created so far, and infections have been focused primarily in the Middle East.

Flashback: A bot that breaks away from the norm of infecting Windows and targets Apple systems and attacks thousands of Mac computers around the world. Since it appeared, Mac users are no longer quite as relaxed about security as they once were.

Zeus: A Trojan that steals information from users of online banking services. This family of malware has been known for some time, yet it continues to spread. However this year new variants were detected, which in addition to infecting computers, compromise security on smartphones (Android, BlackBerry, Symbian), targeting those banks that send information via cell phone to customers as an additional security measure.virus

Koobface: The most mendacious malware of the year, spent the whole of 2012 spreading endless lies on social networks in order to infect users. In one attack it related a spurious story about President Obama having punched someone who racially insulted him. So beware of sensational stories on social media, this is a favourite trick of cyber-crooks.

BlackHole Exploit kit: One of the most popular kits for creating malware over the last year. It exploits numerous security holes to install and uses all types of exploits, particularly Java and Adobe.

DarkAngle: A fake antivirus that poses as Panda CloudAntivirus. It takes advantage of the renown of Panda Security’s free cloud antivirus to infect as many computers as possible.

Ainslot.L: When it infects, the Ainslot.L bot scans computers and removes any other bots it finds.

Kuluoz: A worm that refers to things supposedly bought only and then infects computers. The worm arrives in an email that looks as though it has been sent from FedEx, and tells users they have a parcel to collect.

Trojan Written in Mystery Programming Language

Posted: March 9, 2012 in All Teched UP!, antivirus, Cyber Crime, Geek Stuff, In The News
Tags: , , , ,
0

The mystery of the Stuxnet-like ‘Duqu’ Trojan has deepened with the news that elements of its payload appear to have to have been written in an unidentifiable programming language.

An on-going analysis effort by Kaspersky Lab researchers has now uncovered much of the inner programming structure of the software, overwhelmingly written quite conventionally in C++.
However, delving inside the Payload.dll, the team discovered a section of the code dedicated to stealthy communication with the Trojan’s command and control servers that defied their analysis.
Dubbing it the ‘Duqu Framework’, the team has not been able to go much further than identifying it as an object-oriented language of considerable sophistication.
“The mysterious programming language is definitively NOT C++, Objective C, Java, Python, Ada, Lua and many other languages we have checked,” said Kaspersky Lab engineer, Igor Soumenkov.
Payload.dll looks to be a critical element of the program. According to Kaspersky, it is used to receive instructions from remote servers but also to relay stolen data, and can operate completely independently of the rest of the program. It was also important for spreading the Trojan to other Windows machines.

“Given the size of the Duqu project, it’s possible that an entirely different team was responsible for creating the Duqu Framework as opposed to the team that created the drivers and wrote the system infection exploits,” said Kaspersky’s chief security expert,  Alexander Gostev.

“With the extremely high level of customisation and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the C&Cs, but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program.”

Discovered by Budapest University security researchers last September, Duqu’s provenance, intention and design matters because it has been plausibly connected to the infamous Stuxnet malware that many believe was created to disrupt vulnerable SCADA systems connected to Iran’s nuclear enrichment program.The connections between the two programs are contentious but eery, based on the two programs’ use of common elements. What is clear is that Duqu is sophisticated enough to be the work of a well-resourced and skilled team trying to cover its tracks.In that they have failed as they were always doomed to do. The more sophisticated a piece of software, the more unusual its programming design and structure is likely to be and the more this very expert-level complexity draws attention to itself, raising suspicions.Despite turning itself into the expert hub on the Trojan, Kaspersky has now appealed to programmers for help in identifying the programming language used to create the Duqu Framework.