Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Recommended Reads

Vast Spy System Loots Computers in 103 Countries

by Shanmuga

"…The malware is remarkable both for its sweep — in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets — and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and […]

Read the full article →

Conficker and April 1st: Q and A

by Shanmuga

" Q: I heard something really bad is going to happen on the Internet on April 1st! Will it? A: No, not really. Q: Seriously, the Conficker worm is going to do something bad on April 1st, right? A: The Conficker aka Downadup worm is going to change it’s operation a bit, but that’s unlikely […]

Read the full article →

Google plays down security concerns over Docs

by Shanmuga

"Google Docs users shouldn’t lose sleep over the security concerns a security analyst has raised about the hosted suite of office productivity applications, Google said late Friday. In an official blog posting, Jonathan Rochelle, Google Docs’ product manager, details why the company has determined that the issues included in the analyst’s report are far from […]

Read the full article →

New BIOS attack renders antivirus useless

by Shanmuga

"A new form of attack that installs a rootkit directly onto a computer’s BIOS system would render antivirus software useless researchers have warned. Alfredo Ortego and Anibal Sacco of Core Security Technologies explained that the attack was possible against almost all types of commonly used BIOS systems in use today.

Read the full article →

Malware Is Getting Formidable, but So Are Your Defenses

by Shanmuga

"…You can think of Conficker as being the state of the art in conventional malware. It not only uses an important vulnerability, but it’s a sophisticated blended attack, using a wide variety of mechanisms to spread: pseudo-random domains, dictionary attacks on weakly-protected network shares, USB drives and more. You can admire the work that went […]

Read the full article →

Big websites urged to avoid Phorm

by Shanmuga

"Seven of the UK’s biggest web firms have been urged to opt out of a controversial ad-serving system. Phorm – aka Webwise – profiles users’ browsing habits and serves up adverts based on which sites they visit.

Read the full article →

Conficker Removal Instructions and Tools

by Shanmuga

This week SANS Internet Storm Center updated their page on mitigating Conficker. They provide links to Conficker removal instructions from Microsoft, Kaspersky, BitDefender, TrendMicro and Sophos. Conficker removal tools from Microsoft MSRT, F-Secure, AhnLab, Symantec, McAfee, ESET, BitDefender, Kaspersky, Kaspersky and Sophos.

Read the full article →

Questions for Pwn2Own hacker Charlie Miller

by Shanmuga

Interesting interview with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability, posted by Ryan Naraine at ZDNet. Some tidbits from the interview: Why Safari? Why didn’t you go after IE or Safari? It’s really simple. Safari on the Mac is easier to exploit. The things […]

Read the full article →

Intel Chip Vulnerability Could Lead to Stealthy Rootkits

by Shanmuga

"Security researchers have released proof of concept exploit code for an Intel chip flaw that could be abused to compromise computer systems with stealthy rootkits. The attack takes advantage of an Intel CPU caching vulnerability that can be used to get unauthorized access to SMRAM, a protected region of system memory where the system management […]

Read the full article →

Analysis of Conficker C

by Shanmuga

"Variant C represents the third major revision of the Conficker malware family, which first appeared on the Internet on 20 November 2008. C distinguishes itself as a significant revision to Conficker B. In fact, we estimate that C leaves as little as 15% of the original B code base untouched… Whereas the recently reported B++ […]

Read the full article →

BBC exposes Overseas credit card scam

by Shanmuga

"A criminal gang selling UK credit card details stolen from Indian call centres has been exposed by an undercover BBC News investigation. Reporters posing as fraudsters bought UK names, addresses and valid credit card details from a Delhi-based man.

Read the full article →

Microsoft Announces Availability of Internet Explorer 8

by Shanmuga

"Microsoft Corp. announced the availability of Windows Internet Explorer 8, the new Web browser that offers the best solution for how people use the Web. Internet Explorer 8 is easier to use, faster and offers leading-edge security features in direct response to people’s increasing concerns about online safety. A new study commissioned by Microsoft and […]

Read the full article →

The lifecycle of a trojan horse

by Shanmuga

carrumba over at Megapanzer gives a good overview of the lifecycle of a trojan horse, he writes "What a trojan horse needs first are its configuration settings. The information it knows what to do once it is executed on the target system. At this point we have to know the trojan horse is divided into […]

Read the full article →

LinkedIn Privacy Settings: What You Need to Know

by Shanmuga

"Since LinkedIn doesn’t require you to share the same types of personal information as you do on Facebook, the service’s privacy settings appear to be much more straightforward than its less business-oriented competitor. But if you leave the default settings in place, you might be surprised to know what information you make public on LinkedIn.

Read the full article →

Privacy group to FTC: Google’s cloud is unsafe

by Shanmuga

"A Washington-based privacy group wants the Federal Trade Commission to launch an investigation of the cloud-computing services offered by Google – including Gmail, Google Docs, Google Calendar and others – to ensure that they are as secure as Google promises they will be.

Read the full article →

Massive Profits Fueling Rogue Antivirus Market

by Shanmuga

"One service that exemplifies a very easy way these bad guys can make this kind of money is TrafficConverter.biz, one of the leading "affiliate programs" that pays people to distribute relatively worthless security software. Affiliates are given a range of links and Javascript snippets they can use to embed the software in hacked and malicious […]

Read the full article →

Anonymity and Privacy Should Not Add Up to Prison Time

by Shanmuga

"Under current rules, a criminal defendant can get additional time added to a prison sentence if he used "sophisticated means" to commit the offense. In its testimony before the commission, EFF will argue that sentencing courts should not assume that using proxies — technologies that can anonymize users or mask their location — is a […]

Read the full article →

Conficker.C primed for April Fool’s activation

by Shanmuga

"CA (formerly Computer Associates) has published an extensive guide to Conficker.C, which includes information on its attack vectors, behavioral analysis, and how to tell if the "C" variant of Conficker is running on your system. This last part could pose a challenge—unlike previous versions, C adopts what DeBolt refers to as a "defensive stance" and […]

Read the full article →

Is Your PC Part of a Botnet?

by Shanmuga

"So how can you tell if you’re machine is part of a botnet and what can you do about it? Statistically, Macs are safe from botnets, although not completely immune to all threats as we noted here. But if you have a Windows based machine, Prevx suggests you stay on the lookout for an Internet […]

Read the full article →

Google’s Behavioral Ad Targeting: How to Reclaim Control

by Shanmuga

"The advertising system, announced at the Official Google Blog on Wednesday, increases Google’s level of advertising customization. The company’s AdSense network (which generates the ads within Google Search, Gmail, and other Google properties) had already been selecting ads based on your current activity: If you searched for "video card," for example, the ads on the […]

Read the full article →

Many See Privacy on Web as Big Issue, Survey Says

by Shanmuga

"More than 90 percent of respondents called online privacy a “really” or “somewhat” important issue, according to the survey of more than 1,000 Americans conducted by TRUSTe, an organization that monitors the privacy practices of Web sites of companies like I.B.M., Yahoo and WebMD for a fee.

Read the full article →

3 Free Anti-Spam Programs

by Shanmuga

"If viruses are the scourge of the information age, spam is the court jester. Essentially harmless if deleted, spam, or unsolicited email, is employed for all kinds of purposes. It can pitch real products and services, it can "phish" for personal information used to steal your credit or identity, it can transport malicious code that […]

Read the full article →

Hacking iTunes Gift Cards, and an iTunes Update

by Shanmuga

"Recently, several media outlets have been running a fascinating story about hackers making oodles of money selling iTunes gift cards activation codes at online auctions, supposedly after cracking the secret algorithm Apple uses to generate voucher codes for iTunes gift cards.

Read the full article →