Recently in Worms Category
Posted By Jason at 5:11 PM, October 31, 2011
For the past two years, we are NETGEAR ProSecure have been advocating the need to ask "How well does my security system actually work?"
Multiple Reports have been conducted by third parties that show our systems are more effective at stopping threats than the others... And now ICSA Labs' Anti-Virus certification program is testing not only the WildList (a database of real-world viruses considered harmful to PC users) but also the Extended WildList, which consists of additional malware, such as keyloggers and Trojans.
ProSecure has been using the extended wildlist for two years now --- ahead of ICSA Labs.
Posted by: Jason at 5:11 PM
Categories: General , Malware , Viruses , Worms
Posted By Pete at 5:26 PM, July 17, 2009
Michael Jackson's unexpected passing has shocked the world and generated a new wave of "Michael Mania". Everywhere you go, people are talking about it. It's all over TV, radio, and the Internet. Even I have pulled out my old stash of Michael Jackson CDs and gave Thriller another good listen.
As we've mentioned before in this blog, hot news items such as this one are often exploited by spammers and other cyber criminals. Sadly, MJ is no exception. Riding on this wave of public interest, emails claiming Michael Jackson being murdered, having exclusive video footage, or emails with Michael Jackson's songs or pictures began to surface minutes after his death. These emails contain attachments and bad URLs that had malware. These were all used in attempt to infect user PCs and to extract information from them for criminal purposes.
Another method also used was fake Michael Jackson related blogs. Users would see many pop-up services when browsing to these fake blog sites pretending to talk about Michael Jackson. While the users are reading the fake blogs, malicious scripts would attack the reader's machine in the background.
As if Michael Jackson's death hasn't already been exploited enough by the media, cyber criminals also felt the need to jump in on the exploitation. So, fake emails, fake videos, fake pictures, fake URLs, fake blogs, fake nose (sorry), there are so many smoke and mirrors regarding this subject floating around that one really needs to be careful what they click on. Otherwise your machine might be the one that's paralyzed.
Posted by: Pete at 5:26 PM
Categories: General , Malware , Phishing , Spam , Worms
Posted By Netgear Threat Lab at 12:09 PM, April 27, 2009
April 1st has come and gone, however the activities of the Kido (Conficker) worm have not stopped because of it. Recently, a mutated variant of Kido with new functionality has caught our attention. This new variant is detected as Trojan-Downloader.Win32.Kido, and compared to past variants the main difference is that it uses Peer to Peer (P2P) protocols for communication instead of HTTP which was used by previous variants of this worm. This means that this new variant of Kido utilizes P2P channels to download new malicious code or for botnet control.
Once a user PC is infected by this new variant of Kido, it will automatically download fake anti-malware software by the name of "spyware protect 2009" (detected as FraudTool.Win32.SpywareProtect2009). Once installed, this anti-malware program attempts to scare the user by notifying the user that a "virus" had been detected on their PC and requests the user to pay $49.95 to remove this so called "virus".
At the same time, an email worm by the name of Email-Worm.Win32.Iksmas will also be downloaded. This worm steals user data and sends out spam using the infected host. One more interesting point about this new Kido variant is the author configured a self termination date of May 3rd (date-limited functionality until 3rd May 2009). Why? We are still trying to find out. Perhaps the next Kido update will provide us with more clues.
Posted by: Netgear Threat Lab at 12:09 PM
Categories: Malware , Netgear Threat Lab , Phishing , Spam , Viruses , Worms
Posted By Pete at 2:41 PM, January 25, 2009
By now you're probably aware of the latest and greatest from the malware underworld. The Kido worm (officially named as Net-Worm.Win32.Kido, aka Downadup, Conficker) is spreading like wildfire. It has taken all but three months to infect over 9.5 million desktops worldwide. I'm not going to go into detail as to what the worm does (you can read about it HERE and HERE), but rather comment briefly at how well thought out and designed this worm is. It has all the characteristics of a little worm that will go a long way.
- Exploit the vulnerability of a widely used OS - check.
- Gain administrative control of that OS - check (meaning the worm has total access to your system, anything you can do, it can do and then some. Those of you still using weak passwords...*cough* password123, be very afraid).
- Multiple methods of propagation - check (be sure to check your USB flash drives).
- Block the victim PC from contacting well known security vendor Web sites for help - check (basically stranding your PC on an isolated island).
- Download additional payload from random, almost impossible to trace sites - check.
We've all had our computers infected at one time or another, and most of you probably have seen one or more of the aforementioned attack characteristics before. The difference is, this one has it all, and it we all need to take extra precautions or our PCs will just become another statistic. The days of simple viruses and worms performing a single malicious task are long gone. Welcome to the age of sophisticated, highly intelligent attacks.
Posted by: Pete at 2:41 PM
Categories: Malware , Viruses , Worms
« Vulnerability |
Main Index |