There’s a rumor going around and a lot of unconfirmed information that a facebook application known as fan check is actually a virus. I’m seeing several claims that if someone becomes a fan of this facebook app (which the page claims is undergoing changes and currently unavailable)… well if someone becomes a fan in the meantime their friends will all be notified of the app, password on the account changed, etc. I’m a bit skeptical at this point because EVERYTHING I see seems 3rd party and I don’t see anyone claiming that THEIR account was compromised. What I DO know is that some of the top search results are known malware attack sites. For instance the second result (which was the top result a few hours ago….
Category: Viruses
-
Virus Warning – Email Subjects – IRS Notice – Important Information from the IRS
I’ve seen a couple of these emails today and wanted to give a post just to warn people that these are bogus and you should NOT follow the link suggested in the email. I HOPE no one reading this falls for it, but the “tax software update” that they are pushing is a virus. (SHOCK!) Only a little over half the antivirus vendors currently detect it.
Read on for details on the message body…
-
Watching out for MORE fake video codecs
sunbelt blog has yet MORE fake codec sites to watch out for. All are bad and should be AVOIDED… details after the jump….
-
Would you like spyware with that? Apple too….
These stories come up from time to time. A free giveaway of some sort and it turns out that there’s spyware or a virus embedded, company gives a big “whoops” and fixes things by replacing them…. McDonalds had a promotion going where up to 10,000 people could win a flash based mp3 player they also received a trojan horse preinstalled…. They’ve apologized and are swapping the infected players and giving information on how to clean up a pc with the keylogger. According to f-secure it was infected with the QQPass password-stealing trojan. Just imagine how things would have turned out if the Greeks had looked that gift horse from the trojans in the mouth first…..
-
Hiding malware may evade antivirus
Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly encoded exe file (windows executable or program file.) It took several iterations of their analysis to uncover the actual file. A followup referred to a study of “hiding” malware in various Microsoft Word supported formats and how successful (or unfortunately UNsuccessful) several antivirus programs tested were able to identify it. This was performed by running the files through virus total and the virus was the EICAR test pattern.
-
Google search for malware accessible to all…
The metasploit project is now hosting a malware search that uses Google. It essentially uses a binary google search technique that was referenced last week to find malicious files hosted on the web. Of course, this will be partly limited by Google’s indexing which recently has not been quite as thorough as before, but… all you have to do is search by a virus name and find matches. I can see where this is useful for research. What I DON’T understand is why Google doesn’t integrate scanning of content into the googlebot indexing. It would take a lot of processor power. Well…. I think Google would come close to having enough to take a stab at this. I think they should AT LEAST…
-
Another Microsoft Office Vulnerability
Hot on the heels of the Microsoft Word patch there’s a new threat to Microsoft Office. This vulnerability is with Excel documents. According to the MS security response center blog, they’ve received one report of a system being attacked by a previously unknown vulnerability in Excel. The moral of the story is to be suspicious of any attachments, be they programs, or claim to be images, word documents, excel documents, fluffy bunnies or what…. If you weren’t expecting an attachment in email wait and find out if it’s legit through other channels.
-
Web 2.0 could lead to virus 2.0…
The last couple days, there’s been a virus spreading making use of yahoo mail’s interface. Usually web mail is considered a fairly safe way to get email, but in this case all that was done was the user clicking on a malicious email and the virus ran. It appears that javascript/AJAX/Web 2.0 applications are going to have to get closer scrutiny. In the Sans diary, they mention that they’ve analyzed javascript from several web applications and there are some that are vulnerable. (They’re contacting vendors.) They also point out web designers should keep this in mind as well..
The current worm could be readily modified to spread across many systems that do not escape javascript when displaying data from a foreign source. Many web developers should reexamine their code, and make sure that display functions do not deliver potentially malicious code.
-
Another wolf in sheeps clothing to watch for
Wolves in sheeps clothing are the label I give to those rogue antispyware, or antivirus programs that bring pests instead of protect against them, or are otherwise questionable in their tactics. Titan Shield seems to be a new threat on the block in this area, I haven’t seen it first hand yet, but it looks like it is one you’ll want to avoid *(You may want to block antispywarebox(dot)com and titanshield(dot)com if you’re in a position to do such things in your network.)
-
The Great Cyberwar
It went un-noticed by most people for a few years. After all, the ones that were affected were just those that were “asking for it”. Where to start. Let’s see, back in the day there were some that sent out messages to other peoples computers and even when people tried to stop getting the messages they kept coming, so a few sites decided that if they could “blacklist” the places that these messages were coming from, they could help people deal with the mass of messages. So they did, and the people sending the unwanted messages were a bit frustrated and improved their distribution a bit, taking over virus infected pcs for sending their messages. The defenders matched and started blacklisting dialup addresses as mail sources. It was frustrating for those doing legitimate mail servers on a dynamic internet address, but there were legitimate ways to fix the problem. But the senders of the messages got mad.