Oooops… According to the Sunbelt blog a Japanese storage maker (I-O Data Device) has offered to exchange drives that were discovered to have been shipped out with the Tompai-A, a worm which would give a cracker backdoor access to a machine. It affects portable hard drive’s in the companies HDP-U series.
Tag: trojan
-
Cleaning up after the Sony Rootkit
Sunbeltblog has a suggestion (from Ben Edelman) for SONY on how to get the word out to customers that they have the problem laden XCP/ rootkit/ trojan/ drm software that’s been burning up tech news… Distribute an ad through their own rootkit. It does, after all, “phone home” from time to time and…. it looks like a banner can be displayed. Details on Ben Edelman’s site.
-
MS05-053 Microsoft Windows Image Viewing Vulnerability
Two notes on the Windows vulnerability patched day before yesterday. There is a trojan in the wild exploiting it and Symantec’s AV definition to detect such an exploit is a bit too paranoid and flags lot’s of emf files as having an exploit for the same. The workaround is to disable emf files from virus scans.
-
Macromedia flash player vulnerability
A severe security vulnerability has been found in versions of the Flash Player prior to 7.0.19.0 Many sites require flash player in order to view various features on the site (depending on the site this ranges from commercials to the site navigation.) A specially crafted swf file on a remote website could allow the attacker to run arbitrary code (anything they want) on the local machine. In other words this could be an avenue for viral/spyware infection or trojan activity.
-
Another Massive ID theft ring
It looks like Sunbelt has found ANOTHER massive Identity theft ring. They suspect it’s a trojan from the Dumaru family that is contentedly logging the infromation and promise more details.
-
Another entry in the sunbelt discovery of a keylogger
Sunbeltblog has another entry in the continuing story. Really, there is not much new here, but iDefense has analyzed the code of the trojan that was discovered and have stated that it is not related to CoolWebSearch. (Which is what sunbeltblog has been saying for some time.) They initially said it was discovered during a coolwebsearch infestation.
-
Mail Viruses Junk Spam Phishing and now Dark?
Okay, I’ve seen a new term come across the horizon in the battle of the email inbox. First there were viruses, then junk mail, which became known as Spam and then Phishing attacks now we’re up to DarkMail. According to scmagazine , an IT security focused publication, the earmarks of darkmail are similar to junkmail but greater in volume. According to the article one domain withstood 10 million messages in one day as the sender went alphabetically through addresses on the domain.
(more…) -
More on the virus/trojan front
I have a couple new things to post. One, in my futher investigation of the server logs, from the last big topic…. (read the entries below.) I’ve discovered at least one MAC, so this should be a warning that no one should take system security for granted. Likely someone has installed a rootkit of some sort on that machine, as I know of no virus or trojan that is cross-platform in it’s ability to be a spam helper.
(more…)