Posts Tagged ‘Trojan’

Dr. WebThe company “Dr. Web” found a new version of the Trojan Linux.Sshdkit, represent a danger to the Linux servers.

According to statistics compiled by analysts, by far the Trojans from the actions of this family have been affected by several hundreds of servers, some of which are large servers hosting providers.

About the first versions of the malware Linux.Sshdkit company “Dr. Web” reported in February 2012. This Trojan is a dynamic library. In this case, there exist a variety of both 32-bit and 64-bit versions of Linux distributions Linux. After a successful installation in the Trojan into the process of sshd, intercepting the authentication function. After installing the session and successfully entering the user name and password are sent to the attacker’s remote server. (more…)

Malware Trojan HorseTrojan bot infects computers running Windows. At infection of system places the copy in the catalog % APPDATA% \ {GUID} \ and modifies the registry branch SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run in order to implement its own autorun at system startup.

Built into all business processes and performs intercept Internet functions if for all processes will be found the following:

– maxthon, browser, firefox, iexplo, safari, mozill, chrome, avant, opera, netsc

If the user carries out web search by means of one of traced browsers, the Trojan receives URL of required search inquiry and sends it to the remote server. The server, in turn, sends to the bot specially created team which contains information and the web address with which the original search inquiry of the user will be changed.

Malware Trojan Horse

using the mouse to hide itself

The company Symantec announces new Trojans that embeds malicious code in your command will be executed when the mouse event handling. The virus can bypass the automated detection of threats, since its work no one uses the mouse.

According to data provided by the experts, this Trojan starts its work after a period of time in which not using the mouse. In particular, the malicious program unpacks his malicious code in 5 minutes, then waiting another 20 minutes, and added to the registry. Trojan network activity starts another 20 minutes later. This tactic allows the virus to remain undetected.

Another variant of the malware uses the Windows API – SetWindowsHookExA – to embed itself into the function that is responsible for the processes of the mouse. In normal operation, the Windows user sooner or later will make some action with the mouse and thereby activates a Trojan. (more…)

Stop spamExperts warn of malicious mailing, operating general public interest for pre-election debates between the candidates for the U.S. presidency.

Spam filters Websense weed out thousands of malicious emails disguised as a newsletter CNN. Their headline reads: “CNN Breaking News – Mitt Romney Almost President”. According to experts, all the buttons “Full story” in a fake tape “hot” news that is inserted into the body of spam messages lead to sites, redirects, redirect the recipient to exploit the site, the latest version of Blackhole. The purpose of this is to download a cyberattack on the victim versions of ZeuS, using a user-mode rootkit.

In Sophos also found that in case of failure to exploit (Blackhole uses pdf-, jar and exe-files) attackers are turning to the help of social engineering. If appropriate holes in the defense by not found, it displays a page masterfully mimics the download page for Adobe Flash Player. Without any action by the user, it loads a malicious exe file, which it is proposed to start. Experts believe that this additional functionality intruders entered ahead of the public release of Windows 8 and IE 10 version with a user interface Modern UI, does not support such plugins like Java and Flash. (more…)

Android HackedThe malware steals the victim’s phone number and contact list, which is stored on the mobile device.

Representatives of the company Symantec documented Trojan, which is aimed at women users Android-devices. Victims of a malicious program called Loozfon become a resident of Japan.

Initially, the potential victim receives an e-mail inviting them to earn easy money online, or to meet a rich man.

In a letter to offer users to follow a link, when clicked, the device is installed on a fake application «Will you win?», Containing a Trojan. In Symantec noted that the application does not have anything to do with drawing money or to meet wealthy men. (more…)

Malware Trojan HorseVirus: Trojan horse – Zeroaccess

Type:   Trojan
Distribution Level: Low
Systems Affected:  Windows Me/95/98/2000/NT/XP/Server 2003/Vista/7/Server 2008/

Trojan.Zeroaccess is a Trojan horse that uses an advanced rootkit to hide itself. The Trojan is called ZeroAccess due to a string found in the kernel driver code that is pointing to the original project folder called ZeroAccess. It is also known as max++ as it creates a new kernel device object called __max++>. It can also create a hidden file system, downloads more malware, and opens a back door on the compromised computer. (more…)

Malware Trojan HorseRecently, cybercriminals are increasingly using the brands of antivirus companies for their own purposes, masquerading as anti-virus solutions of the malicious software. Once again, the victim of such an action is the company Panda Security. Under the guise of cloud antivirus Panda Cloud AV can be a Trojan DarkAngle.

According to PandaLabs technical director Luis Corrons, the main functions of this Trojan is to collect any information that is stored on the victim’s computer. For this, the malware uses any means even a microphone or webcam to record a video or audio track, and then send to the owner. Besides the Trojan may serve as a loader for other malicious software .

But that’s not all. DarkAngle designed in such a way that the usual way to find it will be difficult. The fact that he can remove the executable processes, rebooting with the system, which makes it invisible to anti-virus applications. In order to bypass scanners cloud services, its file size increases to 20 MB. (more…)

McAfee logoExperts have found on Google Play malicious application disguised as a luxury version of Angry Birds Space.

According to experts in the information security of the company McAfee, the store mobile applications Google Play found malicious application disguised as a luxury version of the game from the series Angry Birds.

“The huge popularity of games such as Angry Birds Space, which is in the top 50 most downloaded free apps in the Google Play, are the perfect cover for virus and greatly simplifies the task of spreading malicious code”, – explained in McAfee. (more…)

Stop spamTags: trojan, spam attack, cyber espionage

Malicious code is distributed in spam e-mail messages under the guise of the document as PDF.

According to the report by Dell SecureWorks, the Internet was developed a new campaign for cyber espionage aimed at employees of energy companies around the world.

Malware “Mirage” was found in the systems of the various energy companies Philippines, Canada, Taiwan, and Brazil, Israel, Egypt and Nigeria. (more…)

Malware Trojan HorseAnalysis of the new Gameover configuration file, at the disposal of F-Secure, has shown that the operators of this Trojan opened the hunting season in the Italian system of online banking. The updated file spelled about a dozen of these systems, including local services Deutsche Bank, – the connection to which is to monitor the malware. Among the targets were and Arab banks.

Experts automated collection IP-addresses P2P modified ZeuS, known as Gameover, last May. Distribution area Gameover covers North and South America, Western Europe, CIS, Africa, the Middle East and the Asia-Pacific region. To their surprise, about 10% of infections accounted for one country – Italy. (more…)