Linux users have enjoyed a veritable lack of malware that targets the everyday user for quite a long time, yet those days are very slowly coming to an end, with more trojans and such that target the operating system showing up. One such bit of malicious software is called “Hand of Thief,” the brainchild of […]
Malware certainly exists for Linux, but it’s more frequently targeted at servers than everyday PCs. Unfortunately, regular users now have more reason to worry: a rare instance of a Linux desktop trojan, Hand of Thief, has surfaced in the wild. The code swipes banking logins and other web sign-in details, creates a backdoor and prevents access to both antivirus tools and virtual machines. It’s known to work with common browsers like Chrome and Firefox as well as 15 Linux distributions, including Debian, Fedora and Ubuntu. Thankfully, Hand of Thief is partly neutered by its limited attack methods; it relies on social engineering to fool victims into installing the software themselves. Even so, the trojan is a reminder that we shouldn’t be complacent about security, regardless of which platform we use.
[Thanks, Dreyer]
Filed under: Internet, Software
Via: ZDNet
Source: RSA
There is a Skype trojan going around that is turning PCs into Bitcoin miners. So far, victims are mostly located in countries like Italy, Russia, Poland, Costa Rica, Spain, Germany, and a few others. Bitcoin Mining is a another way for users to acquire Bitcoin’s currency by “making computer hardware do mathematical calculations for the Bitcoin network to confirm transactions and increase security.”
The trojan is going around via a Skype instant message. The translated message says, “This is my favorite picture of you”, and provides a shortened link. The trojan is spreading quickly, with an average 2000 clicks per hour. Kaspersky has identified the trojan as “Trojan.Win32.Jorik.IRCbot.xkt”, and the process it runs as bitcoin-miner.exe. The malware connects to a C2 server located in Germany with the IP address: 213.165.68.138:9000.
The malware immediately takes control of your computer and increases the victim’s CPU usage drastically. While the trojan’s primary use is for Bitcoin mining, it’s not its only capability. Bitcoin mining isn’t lucrative with just one PC, however, if there are many PCs infected and aimed towards a specific Bitcoin mining pool, it can be worthwhile.
This new trojan is speculated to have surfaced due to the meteoric rise in Bitcoin value. Late last month, it was reported that the value of a Bitcoin was $92, a number that has now reached about $140. The constant rise in value of Bitcoin is more than enough to drive many devious hackers to get creative. So in order to protect yourself from being infected, make sure to get an anti-virus software, and keep it up-to-date. Also be wary of suspicious Skype messages and shortened URLs. We’ll keep you updated if there are any resolutions to this issue.
[via Kaspersky]
Skype trojan turns your computer into a Bitcoin miner is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Viruses, trojans, and other malicious pieces of software are nothing new on OS X. While the mainstream consensus is that Apple‘s desktop platform is impervious to such malware, that’s actually not the case. In fact, a new piece of adware is making the rounds that injects advertisements into web browsers after installing a disguised plugin.
The trojan is detected as “Trojan.Yontoo.1” and it was discovered by Russian security firm Doctor Web. Of course, you have to an install a plugin or other piece of software in order for the trojan to activate, but hackers are making it easy for unsuspecting users to take the bait. They’re prompting users to install a plugin before they can watch a mobile trailer, for example.
Of course, we’ve all come across this scenario before, where we don’t have a certain plugin installed in order to view something, so we’re forced to download and install it before continuing. However, it looks like criminals are taking advantage of that tradition by implementing the same kind of system in order to get users to install the trojan.
It’s said that a Windows version of the trojan also exists, but it doesn’t affect Windows 8 users currently. Cross-platform malware isn’t rare most of the time, but this particular one uses its own code to target each specific operating system, as opposed to targeting a universal piece of software like Java, which we’ve heard plenty about recently.
[via The Next Web]
New Mac trojan injects ads into web browsers using plugin is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Skype has warned users to update to the latest version of the VoIP and video calling app, as well as to check their computer security settings, after a fast-spreading worm was spotted targeting the software. The worm, “Dorkbot,” is being distributed via masked links sent out via Skype’s instant messaging system, Trend Micro reports, co-opting the PC into a botnet and eventually demanding $200 from users in order to unlock their files else see them permanently deleted.
According to the security researchers, various types of social-engineering are being used to encourage Skype IM users to click on the links. Most common appears to be a question along the lines of “lol is this your new profile pic?” which resolves to a file called “Skype_todaysupdate.zip” that downloads the trojan itself.
Trend Micro says that it has observed “upwards of 400 detections in less than 12 hours” from those using its security products, according to TechCrunch, though the actual number is likely to be greater. Both it and Skype point out that users should be wary about clicking links that they’re not expecting and from people that they don’t know.
There’s more information at the Skype forums, and Skype has instructions here on how you can clean your system if you’ve inadvertently been infected.
Skype statement:
“Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable”
Skype users stalked by ransom trojan is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Friday has come and gone, which means that the weekend is here once again. The latest iPhone 5 rumors have propelled Apple’s stock to its highest point ever, and it turns out the company’s funds will go toward helping tap a recently-discovered underground river in Crook County, Oregon. Earlier today we saw a picture of what was reported to be the Samsung Galaxy Note II, but later on in the day Daniel YU informed everyone that it was just his mock-up used without his permission. That’s disappointing, but his mock-up looks great, so be sure to check that out.
According to Lenovo, Windows RT tablets could cost $300 less than Windows 8 tablets, and it appears that Yahoo is on the lookout for a new COO. After discovering a glitch with digital signatures earlier in the week, Microsoft is once again publishing Windows Phone apps, and Twitter’s new API update restricts some third-party apps, so watch out for that. UK retailer Clove is reporting that the black Samsung Galaxy S III will be out in October, and a new Samsung Galaxy Tab 2 bundle comes packed with bonuses that students are going to find hard to resist.
There’s a particularly nasty Trojan dubbed “Shamoon” that’s making the rounds, and in some rather surprising news from the day, it seems that OnLive is shutting down today. OnLive executives said throughout the day that everything with the company is fine, but later, more evidence that supports such a shutdown surfaced. Not good. Both models of the Nexus 7 are now in stock again on the Google Play store, and third parties were right there to begin pushing all sorts of accessories for it, while we’re hearing rumors that claim Apple’s set-top box will come with cloud DVR and a simple UI.
The beta for Steam’s upcoming Big Picture Mode will be kicking off at the beginning of next month, and HP is getting serious about tackling the consumer tablet division (or at least trying to again). The iPad Mini – and future iPad iterations for that matter – will apparently be getting a special ITO film, and Warren Spector is really pushing for Epic Mickey on the Xbox 360 and PS3, but he needs your help in convincing Disney.
Finally tonight, we have a number of original articles for you to peruse. Don Reisinger asks if there will one day be a universal gaming console, Ben Kersey has SlashGear’s review of The Expendables 2, and Chris Burns has a hands-on with the Motorola PHOTON Q. Enjoy your weekend, folks!
SlashGear Evening Wrap-Up: August 17, 2012 is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
We’re getting news of a particularly nasty Trojan targeting Windows-based PC today, which anti-virus companies have dubbed “Shamoon.” Like most malware, Shamoon exists to steal data from computers connected to the Internet, but what it does afterward is quite evil. In an effort to cover its tracks, it begins deleting files, including the Master Boot Record. This, naturally, leaves the PC unbootable, and can cause some major headaches. The malware itself is a 900KB file that uses many encrypted resources, as you can see below.
Shamoon doesn’t seem to be widespread, as Seculert reports that it uses a two-stage attack, apparently targeting “several specific companies in a few industries.” Shamoon works its way into a computer that is directly connected to the Internet, and then from there begins to spread to other computers connected to the same network. As stated above, once it’s done stealing what it wants, it begins to cripple the PCs it infected, reminding Kaspersky of the Wiper malware, which attacked PCs in Iran earlier this year and in turn led to the discovery of Flame.
Kaspersky says that it isn’t Wiper, however, pointing out a few key differences. With those differences apparent, Kaspersky says that Shamoon is likely “a copycat, the work of a script kiddies inspired by the story” of Wiper. It’s good to know that Wiper isn’t becoming more widespread, but at the same time its scary that there are those inspired by Wiper’s level of destruction.
Indeed, it’s rare to see malware that actually does damage, as creators typically aren’t interested in anything but stealing information that could lead to some quick cash. With anti-virus companies like Seculert and Kaspersky still looking into Shamoon, this is still a developing story, so keep it tuned to SlashGear for more information – we’ll have additional details if any new ones surface!
[via ComputerWorld]
New Trojan ‘Shamoon’ leaves PCs unbootable is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
You could call it technological baptism of sorts… just not the kind Apple would want. A Russian scam app known as Find and Call managed to hit the App Store and create havoc for those who dared a download, making it the first non-experimental malware to hit iOS without first needing a jailbreak. As Kaspersky found out, it wasn’t just scamware, but a trojan: the title would swipe the contacts after asking permission, send them to a remote server behind the scenes and text spam the daylights out of any phone number in that list. Thankfully, Apple has already yanked the app quickly and explained to The Loop that the app was pulled for violating App Store policies. We’d still like to know just why the app got there in the first place, but we’d also caution against delighting in any schadenfreude if you’re of the Android persuasion. The app snuck through to Google Play as well, and Kaspersky is keen to remind us that Android trojans are “nothing new;” the real solution to malware is to watch out for fishy-looking apps, no matter what platform you’re using.
[Image credit: C Jones Photography (wallpaper)]
Spam-happy iOS trojan slips into App Store, gets pulled in rapid fashion originally appeared on Engadget on Thu, 05 Jul 2012 17:29:00 EDT. Please see our terms for use of feeds.
Permalink 
MacRumors | 
Kaspersky, The Loop | Email this | Comments
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
