Tag: virus

The Virus : The Good, The Bad, and The Ugly

It’s been over 30 years to the date when the digital world first met its dreaded nemesis, the computer virus back in 1986. Unlike the ever connected machines of today, the first MS-DOS virus that the world saw back in the day, the Brain, was transmitted through an old school floppy disk which carried the source code of this virus from one machine to the other, each time replicating it to the host machine’s boot sector.

The Good

The Brain is the first known virus to infect the MS-DOS system, and more importantly, the oldest to hit personal computers. The code for the Brain was conceived closer to home than we might want to believe. This virus which was meant to protect a proprietary software created by the coders of the Brain from pirates was created in a small office space in Lahore, Pakistan.

It’s creators, Basit and Amjad Farooq Alvi, wrote a code which when initiated would display the contact information of the Alvi Brothers with a message intended to scare away pirates. The Brain hence proved to be a code not malicious in nature, a “friendly virus,” as termed by its creators. But since the Brain arrived long before the Internet was born, it remains a relic of another age.

The Bad

With the advent of the Internet and the untethered connectivity it provided to a digital world that controls our very being today, the virus started to grow more sophisticated and sadly its intentions malicious.

A bigger playing field, and higher stakes because of the ever increasing number of computers on the connected platform led to pirates, and hackers using the code for forgery and invading people’s privacy. The Morris worm being the first in the long line of malware which starting in 1988 rendred affected systems connected to the internet unusable, causing over $10 Million in damages to the United States authorities.

The Ugly

Fast forward to what looks to be the future of the Virus, the Stuxnet, a tool of cyber warfare, which can infiltrate government servers and take over nuclear facilities leading to possible destabilization of the whole world. Compare this complicated worm(sub class of virus)to the Brain, and you know the computer virus has traveled a long way. The virus going into the future looks to be more powerful than ever, enjoying almost unbridled power that it has never seen before.

A new battleground has been created in the sky, accessible through complex hardware which can change the course of the destiny of human kind forever. Most countries are spending billions of dollars on creating a system for education and building a knowledge base of how attacks can be perpetrated and what defenses are needed for such complicated worms. The Stuxnet hence is a far cry from the first virus, Brain, created to scare pirates away, which now sees its descendants being used for malice, forgery, and war.

Stuxnet whose code was supposedly created by the CIA to dismantle the unstable nuclear arsenals of countries like North Korea and Iran is in itself a weapon of aggression, so looking at the virus from a contemporary perspective, important questions arise.

Has the virus really lost its way during the course of its evolution, and become a bane that needs to be rooted out from the digital space once and for all? Or does the code still have in itself to evolve and do some good as the Basit brothers intended for it?

Well, if humanity, the creator of this intelligent race of digital beings finds finds itself stumbling to answer no, then probably the time has come to accept the computer virus for what it actually is, and will be, an ugly convenience like in the case of Stuxnet which could well, for better or for worse, change the course of humanity forever.

February 18, 2016
Beware Mac Users, Mac’s First Firmware Virus is On the Loose

We all have an impression that Apple’s ecosystem is supported by the most secure operating system in the world. But, this statement may not be considered true anymore. The myth has been broken today by a team of hackers who have developed the world’s first virus for Mac and named it Thunderstrike 2.

This virus can be transferred via USB sticks or even email phishing. This then bypasses the Mac’s Operating System and directly attacks the BIOS – the software that appears before the main operating system after the system boots up. The worm then targets a machine’s option ROM or lives in the option ROM of peripherals.

Worse, because of living within the ROM of peripherals, the Thunderstrike 2 can spread from one Mac to another without even having to connect to a network. Anti-Virus programs are useless as the malware cannot be detected at the hardware’s BIOS level. Thus, checking for infection is very difficult.

The only way to remove this virus is to open up the hardware parts of the Mac and manually re-flash the chip. Xeno Kovah, co-founder of a security training firm called LegbaCore, who developed the worm says:

For most users, that is really a throw-your-machine-away kind of situation. Most people and organisations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.

Kovah and his partner Corey Kallenberg uncovered a series of firmware vulnerabilities that affected 80% of the systems they had, including HP, Dell, Lenovo and Samsung. These vulnerabilities, as found by the researchers, allowed them to bypass the firmware and reflash the BIOS to plant malicious code within the firmware. Kovah and Kallenberg tried to test the same vulnerabilities on MacBook boot flash firmware and found out that almost all the attacks on PCs and laptops could be replicated for Mac too.

The first version was fixed with OS X 10.10.2 and required the hacker to have physical access to the computer. The new version is incorrigible because the malware can be transferred via a link. The latest OS X security update (10.10.4) seems to try and resist the bug to a certain extent, instead of being engulfed by it completely.

So, what can you do to protect your Mac? All we can do right now is hope Apple rolls out a BIOS update soon.

August 4, 2015
Tips to Help Protect your Computer from Viruses
In developing times like now, we live under the constant threat of computer viruses and malware that reach your system through emails or any external devices like a pen drive. We have multiple Anti-Virus programs available and it is critical to keep updating them. But the key to a virus-free environment is beyond using an anti-virus program. Safe computing practices and policies should be used to safeguard your PC from such threats.

Let’s take a look at some user friendly, yet efficient methods of dealing with viruses, other than using Anti-Virus programs:

Do not open suspicious email attachments

Most of the infected emails are filtered in the SPAM Folder

It is wise not to open any unknown email with an attachment unless you are expecting them. Most of the viruses and links to phishing websites come through emails. To know whether the mail contains a virus or not, you can follow the steps below:
- Always check the sender’s address. If the address is known to you, it is safe to open the mail. But if the address is unknown, we would recommend caution before clicking on the mail.
- Check the subject line. If the subject line shows some random sentences asking you to open the mail, Do Not click on it. Some viruses are capable of mimic, or spoof, legitimate email addresses.
Keeping your computer updated

Keeping your computer updated helps to lower down incoming viruses from external sources. It is because across different Operating Systems, various security updates are released, thus helping in protecting your computer.

Using a Firewall

Pictorial representation of how a Firewall works

Use of Firewall does not entirely eliminate the threat of Viruses, but it helps in alerting you if a virus or worm attempts to connect to your computer. It can also block hackers from downloading potentially harmful files to your computer.

Disabling the Auto-Play Option

Many viruses attach themselves to a drive and start installing automatically when the media is connected to a computer. As a result, connecting any external hard disk or external data can lead to automatic propagation of such threats. Hence, disable Autoplay.

Lastly, Surf Safe

Many anti-malware programs include browser plug-ins that help avoid virus infections and internet phishing. These plug-ins should always be utilized with regular web browsing. Personal data and sensitive information should never be entered on any web page that has arrived independently. They should instead open a web browser, enter the address of the page they need to reach, and enter their information instead of clicking on a hyperlink and assuming the link has directed them to the proper URL. Hyperlinks contained within an e-mail message often redirect users to fraudulent, fake, or unauthorized websites. By entering web addresses manually, users can help ensure that they arrive at the actual page they intend.

Although the above methods should be carried out on a daily basis, the only fool-proof savior is a good Anti-Virus program, like Avast! to name one. Many computers receive free anti-virus programs, but these are not enough to provide sufficient protection against the ever-growing list of threats. We need to stay updated with ever-growing technology. Browse safe!
June 1, 2015
Microsoft Releases Internet Explorer Security Bugfix

Microsoft has released a temporary software fix for a bug in its Internet Explorer web browser. Cybercriminals used the flaw to install the Poison Ivy trojan on users’ computers. This piece of malware can steal data or take remote control of a PC.

[quote]”Earlier this week, an issue impacting Internet Explorer affected a small number of customers. The potential exists, however, that more customers could be affected… On September 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels,” Trustworthy Computing Director Yunsun Wee said on the Microsoft Security Response Centre website. [/quote]

The solution will be automatically installed on PCs running on Microsoft’s Windows operating system if the machine is set up to receive important updates, Wee added.

Microsoft had began offering a temporary patch for the problem on September 19.

“We have released a Fix it (on September 19) that is available to address that issue. This is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the web, and it does not require a reboot of your computer,” Wee said.

September 21, 2012
Virus found in Mideast can spy on finance transactions

A new cyber surveillance virus has been found in the Middle East that can spy on financial transactions, email and social networking activity, according to a leading computer security firm, Kaspersky Lab.

Dubbed Gauss, the virus may also be capable of attacking critical infrastructure and was built in the same laboratories as Stuxnet, the computer worm widely believed to have been used by the United States and Israel to attack Iran’s nuclear program, Kaspersky Lab said on Thursday.

The Moscow-based firm said it found Gauss had infected personal computers in Lebanon, Israel and the Palestinian Territories. It declined to speculate on who was behind the virus but said it was related to Stuxnet and two other cyber espionage tools, Flame and Duqu.

“After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories,’” Kaspersky Lab said in a posting on its website. “All these attack toolkits represent the high end of nation-state-sponsored cyber-espionage and cyber war operations.”

Kaspersky Lab’s findings are likely to fuel a growing international debate over the development and use of cyber weapons. Those discussions were stirred up by the discovery of Flame in May by Kaspersky and others. Washington has declined comment on whether it was behind Stuxnet.

According to Kaspersky Lab, Gauss can steal Internet browser passwords and other data, send information about system configurations, steal credentials for accessing banking systems in the Middle East, and hijack login information for social networking sites, email and instant messaging accounts.

Modules in the Gauss virus have internal names that Kaspersky Lab researchers believe were chosen to pay homage to famous mathematicians and philosophers, including Johann Carl Friedrich Gauss, Kurt Godel and Joseph-Louis Lagrange.

Kaspersky Lab said it called the virus Gauss because that is the name of the most important module, which implements its data-stealing capabilities.

One of the firm’s top researchers said Gauss also contains a module known as “Godel” that may include a Stuxnet-like weapon for attacking industrial control systems.

Stuxnet, discovered in 2010, attacked via USB drives and was designed to attack computers that controlled the centrifuges at a uranium enrichment facility in Natanz, Iran.

Roel Schouwenberg, a senior researcher with Kaspersky, said the Godel code may include a similar “warhead.”

Godel copies a compressed, encrypted program onto USB drives. That program will only decompress and activate when it comes in contact with a targeted system.

While Kaspersky has yet to fully crack Godel’s code, Schouwenberg said he suspects it is a cyber weapon designed to cause physical damage and that its developers went to a lot of trouble to hide its purpose, using an encryption scheme that could take months or even years to unravel.

CODE BREAKERS WANTED

He said the prospect that a cyber weapon like Gauss or Stuxnet could attack critical infrastructure keeps him up at night.

“They could do pretty much anything,” he said. “A few weeks ago when power went out in and around (Washington) D.C., my first thought was a cyber weapon.”

Kaspersky said it is searching for “world-class” cryptographers to help it break the code.

A United Nations agency that advises countries on protecting critical infrastructure plans to send an alert on the mysterious code.

“We are going to, of course, inform member states that there is an unknown payload,” said Marco Obiso, a cyber security coordinator for the U.N.’s Geneva-based International Telecommunications Union, or ITU.

“We don’t know what exactly it does. We can have some ideas. We are going to emphasize this,” he said.

The ITU issued a warning about Flame shortly after the virus was unveiled by Kaspersky in late May. The agency told member nations that Flame could potentially be used to attack critical infrastructure, according to Obiso.

At the time, experts knew only that Flame was a sophisticated espionage tool; they were not certain it could damage computer networks.

Several weeks later, researchers at another security firm, Symantec Corp, confirmed suspicions that Flame was capable of deleting computer data and likely was used to attack Iran in April.

Iran blamed Flame for causing data loss on computers in the country’s main oil export terminal and Oil Ministry. Reports of the data losses prompted the ITU to ask Kaspersky to search for a data-wiping virus, which resulted in its discovery of Flame and Gauss.

August 9, 2012
Researchers use Virus’s traits to create electricity from motion

Researchers at Berkeley Labs have now coated electrodes with modified M13 bacteriophage, a harmless bacteria-eating virus, to create the first ever organic piezoelectric material which can convert force to electricity.

The researchers also said that the option is a lot environment friendly as the material is non-toxic, organizes naturally into thin layers and self-regenerates, giving it a possible advantage over chemical options.

By attaching thin layers to, for example, shoes one would be able to charge devices on the go, by sending cables up to pockets. Lets hope there isn’t an electrical leak, else some privates may get electrocuted.

May 16, 2012
Google removes 22 apps from Android Market due to fraudulent charging

Google has reportedly removed 22 malicious applications from the Android Market after security vendors tipped off the company about apps attempting to trick users into accepting fraudulent charges via SMS. The devices get infected by a trojan that charges your phone bill with premium rate SMS charges.

[quote]Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers,[/quote] Said Symantec

[quote]The initial application activity presents the user with a single option to continue, which is presumed to be an agreement to premium charges that are buried within layers of less than clear links. The Premium Short Codes used could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia as well as Great Britain, Italy, India, Israel, France, and Germany.[/quote]

The applications were dressed as copies of the popular apps like Angry birds and Cut the rope, but were actually malicious. Google has not named the apps and has not remotely deleted the apps from users phones. So if your phone bill has been racing high and you think your SMS bills are higher than usual, factory reset your phone and carefully select your apps.

December 14, 2011
McAfee Shares Vision for Bringing Mobile Devices into the Security Infrastructure (PR)
McAfee has developed a three sided plan to ensure the future of mobile devices in the corporate environment. This plan was developed to help users secure their devices as the mobile malware market has seen an exponential growth in the last quarter. Read the Press Release for more details.

[toggle title_open=”Collapse Press Release” title_closed=”Expand Press Release” hide=”yes” border=”yes” style=”default” excerpt_length=”0″ read_more_text=”Read More” read_less_text=”Read Less” include_excerpt_html=”no”]

McAfee, today shared its vision for securing mobile devices in corporate environments. The three-pronged approach for protecting mobile devices, mobile data, and mobile applications, is designed to help businesses and consumers manage their devices securely, as the threat environment quickly evolves.

Attacks on smartphones are becoming more common, and according to McAfee Labs, new malware targeting Android devices jumped 76 percent in the last quarter. The need to secure mobile devices from attacks has never been more important. IT security operations that were once smooth-running have recently come under intense pressure to adopt new technologies and fully support completely new platforms, operating systems, and architectures. McAfee is developing products and strategies to allow businesses to bring these consumer devices securely into the IT infrastructure.

“Mobile device adoption is exploding, and unfortunately, so are the threats targeting mobile platforms. If McAfee’s historical experience analyzing threats on numerous platforms is any indication, we believe that the emerging mobile malware we are seeing today is just the beginning,” said John Dasher, senior director, mobile security for McAfee. “It’s a whole new world, and a challenge for IT to craft security policies that make sense while updating their infrastructure. At McAfee, we’re working hard to create new technology to help enterprises address the challenge of securely incorporating these new mobile platforms into their environment.”

New Endpoints, New Challenges

Traditional endpoints relied mostly on email and web for application framework. Mobile has a whole new freedom in custom applications. But each new application – either public or private – introduces new threats and risks to corporate IT. Today, challenges include the consumerization of IT, mobile platform diversity that includes iOS, Android, BlackBerry and Windows Phone, and an explosion of applications. Additionally, most Android-based devices have a slightly different implementation of the OS making software development and support that much harder.

McAfee is unique in being able to bring mobile devices into the security infrastructure. With a broad portfolio of security technologies including anti-malware, data loss prevention, application security, web protection, and more, McAfee has the technology needed to securely welcome these new endpoints. McAfee® ePolicy Orchestrator® security management software, which covers more than 30 million endpoints today, and McAfee Global Threat Intelligence, support and work across these integrations.

McAfee’s Three-Pronged Approach to Mobile Security
- Protecting Mobile Devices — With data and device protection for today’s most popular mobile devices, McAfee provides a complete security solution that embraces mobile device diversity. To meet this challenge, McAfee offers the following:
- Protecting Mobile Data — Protecting sensitive corporate data is a requirement. McAfee can ensure that only those devices with encryption access the corporate network and data. McAfee offers
- Protecting Mobile Apps – Beyond traditional email and web, mobile apps are readily available and proliferating by the millions. McAfee sees this as potentially the biggest threat vector of the future.
[/toggle]
September 29, 2011
McAfee Report Shows Significant Growths in Mobile Malware (PR)

Today, Mcafee released a report which showed that the number of Malware targeted Android devices has skyrocketed in this quarter to 76%, which makes it the most attacked mobile OS. Read the Press release for more information.

[toggle title_open=”Collapse Press Release” title_closed=”Expand Press Release” hide=”yes” border=”yes” style=”default” excerpt_length=”0″ read_more_text=”Read More” read_less_text=”Read Less” include_excerpt_html=”no”]

McAfee today released the McAfee Threats Report: Second Quarter 2011, showing that the amount of malware targeted at Android devices jumped 76 percent since last quarter, to become the most attacked mobile operating system. 2011 has also resulted in the busiest ever first half-year in malware history, including a first-ever appearance of Mac fake AV and a significant uptick in rootkits, suggesting that McAfee’s comprehensive malware “zoo” collection will reach a record 75 million samples by the year’s end.

“Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message.”

“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” said Vincent Weafer, senior vice president of McAfee Labs. “Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message.”

The report also details specific activity shaping the way cybercriminals operate, such as cybercrime “pricebooks” that determine the going rate for large email address lists, and acts of hacktivism and cyberwar.

2011 On Track to Reach Record “Malware Zoo”

With an approximate 12 million unique samples for the first half of 2011, a 22 percent increase over 2010, this has been the busiest first half-year in malware history. With the addition of Q2’s numbers, the grand total of total malware samples in McAfee’s database has reached approximately 65 million, and McAfee researchers estimate that this “Malware Zoo” will reach at least 75 million samples by the year’s end.

Android Nabs Top Spot for Most Mobile Malware

With the vast amount of personal and business data now found on user’s mobile phones, mobile malware is steadily increasing, often mimicking the same code as PC-based threats. In the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers. While Symbian OS and Java ME remain the most targeted to date, the rapid rise in Android malware in Q2 indicates that the platform could become an increasing target for cybercriminals – affecting everything from calendar apps, to comedy apps to SMS messages to a fake Angry Birds updates.

Fake Anti-Virus for Apple, Rootkits and Stealth Malware Reach New Terrain

There are more Mac users than ever before, and as organizations increasingly adopt Macs for business use, Apple now has become more a target for malware authors. Though historically the Apple platform has been unaffected by fake anti-virus (fake AV) software, activity in Q2 indicates that it is now being affected. Although this type of fake AV is the first of its kind, McAfee Labs does expect fake AV in general will drop off over time.

Another malware category that is demonstrating recent steady growth is stealth malware. The tactic of hiding malware in a rootkit is used by cybercriminals to make malware stealthier and more persistent, and has seen this type of attack gain in prominence over the past year, with high-profile attacks such as Stuxnet. Stealth malware has increased more rapidly in the last six months than in any previous period, up almost 38 percent over 2010.

Acts of Hacktivism and Cyberwar Make Their Mark

Acts of hacktivism, primarily from the groups Anonymous and LulzSec, were among some of the most prominent cyber news generators for Q2. The report details hacktivist activity from Q2, with at least 20 global attacks reported in Q2 alone, and with the majority allegedly at the hands of LulzSec. The report also outlines acts of cyberwar that occurred in Q2, including attacks on United States’ Oak Ridge National Laboratory, and an attack on South Korea’s National Agricultural Cooperative Federation.

Email “Black Market” for Spammers

Though spam is still at historic low levels, due in part to the Rustock takedown, McAfee Labs still expects to see a sharp rise in activity over the coming months. A common method for cybercriminals to increase their volume of spam activity is to purchase a bulk list of emails in order to flood as much spam as possible to a widespread group of people. Whether it’s a botnet or a rental service, prices vary for such enterprises, often by location. For instance, in the United States, the going rate for 1 million emails is $25, whereas in England 1.5 million emails are worth $100.

[/toggle]

August 24, 2011
Bogus Angry Birds Apps on the Google Marketplace

Bogus Angry Birds Apps on the Google Marketplace are being used to distribute Malware. Andrew Brandt, lead threat research analyst at Webroot, had this to say about the code dubbed “Plankton”

[quote]It has the ability to remotely access a command-and-control [C&C] server for instructions, and upload additional payloads. It uses a very stealthy method to push any malware it wants to phone.[/quote]

The code was first found by Xuxian Jiang, who is the Assistant Professor in Computer Science at North Carolina State University. Unlike other malicious code found in the Marketplace, Plankton does not rely on getting “root” access to the device. Instead, once installed, Plankton can call in other files from a hacker-controlled server, including ones that would exploit one or more unpatched Android bugs. It also harvests data from the phone, including the bookmarks, bookmark history and home page of the device’s built-in browser.

All 10 of the apps that Google pulled after Jiang’s report purported to be add-ons or cheats for the popular mobile game “Angry Birds” from Finnish game company Rovio. None of the apps actually provided their promised functionality, however, but were simply the delivery vehicles for Plankton.

This is not the first attack code removed by Google from its Marketplace.

June 14, 2011
Apple Releases Update to Detect and Delete MacDefender ‘Scareware’: UPDATE

Yesterday, Apple released an update for Snow Leopard to detect and warn useres if they have installed a fake Mac security software called MacDefender. The term ‘Scareware’ basically means that the software will plague users with popups and alerts warning them that their computer is infested with trojans, worms and other malware. To get rid of these popups users have to fork over $60 to $80 to purchase the registered version of the useless software.

The update, labelled 2011-003, adds a new definition to the rudimentary virus detection engine embedded in Snow Leopard, and also increases the requency with which it checks for definition updates to daily. This brings the total tally of antivirus definitions on the Mac AV engine to 6.

This update was only offered to users running OS X 10.6 aka Snow Leopard. Macs powered by the older 10.5 Leopard OS will not recieve the same anti-MacDefender protection. Users can download the update from the apple website or update their system using the regular ‘Software Update’.

UPDATE:

The people responsible for the fake Mac security software has already updated their “scareware” to evade defenses Apple put in place late Tuesday, a French security company Intego confirmed today. “Apple’s [antivirus] did not detect the new sample,” said Peter James, a spokesman for Intego. According to James, the new malware file is identified as “mdinstall.pkg” and if installed, plants the phony MacDefender software on the victim’s Mac.

Intego confirmed that the scammers had created a new version that wasn’t detected by Apple’s new defenses. “This isn’t surprising, that there’s a new variant out almost as soon as Apple released its security update Tuesday,” said James. “[The attackers] are following the news, they’re efficient.”

June 2, 2011