Internet threat news

Powerful Adware Variant Has a New Trick

A new version of the persistent and powerful adware program known as Shopperz has been spotted in the wild and this new version has security researchers wondering what other tricks may be in store for PC users in the future due to the sophistication of this new adware variant. Sometimes also referred to as Groover, Shopperz works by injecting ads into a PC users’ Web traffic using methods that are considered by security researchers to be both malicious and deceptive. Some of the techniques used by Shopperz to take over an infected PC include installing an extension in both Firefox and Internet Explorer and the creation of a Windows service that makes it extremely difficult for victims to remove the add-ons from both popular Web browsers. One such service is even designed to operate in Safe Mode - a Windows boot option that is often used to clean a PC of malware. Shopperz is also capable of creating a rogue Layered Service Provider (LSP) within the Window’s network stack.

Powerful New Banking Trojan Attacks Japan, Other Countries at Risk

An extremely dangerous and highly sophisticated new banking Trojan was recently spotted in the wild by researchers from IBM’s Security X-Force. Named Shifu, which means thief in Japanese, this banking Trojan appears to have been active since April of this year despite only being discovered in recent weeks by IBM staff members leveraging antifraud platforms that continuously monitor customer endpoints around the world. Shifu is currently targeting 14 Japanese banks as well as electronic banking platforms throughout Europe although at this time only Japan is experiencing active attacks from this Trojan. Shifu contains a variety of advanced features, many of which appear to be borrowed from the leaked source code of other notorious banking Trojans including Zeus, Dridex, Shiz, and Gozi.

New JavaScript Threats Discovered in the Wild, Threaten to Take Control of PCs

JavaScript is still heavily used as a scripting language for interactive website effects. In fact, JavaScript is still number 8 on the Top 10 coding languages this year despite the fact that both JavaScript and Java, its proverbial big brother, are heavily leveraged by hackers to distribute malicious software and as Trojan attack vectors. It’s no secret that any active content solution can leave your PC vulnerable to attack and the two JavaScript-based exploits described below are no exception. Despite the potentially tragic consequences of infection by either of these malware campaigns, it’s worth pointing out that both are easily blocked with basic PC maintenance such as automatic updates and a current antivirus software solution. Recently, Threatpost reported that a flood of spam emails have been detected that contain a .JS attachment filled with obfuscated JavaScript code.

GamaPOS More Dangerous than Ever Thanks to the Andromeda Botnet

As summer slowly comes to a close, retailers are already ramping up for their most profitable quarter of the year…the holiday shopping season. This is a notoriously busy time for cybercriminals looking to cash in on the large amounts of payment data sent across the Internet during this time of year but hackers aren’t waiting until the holidays to begin install POS malware in as many retail locations as possible; months before the shopping frenzy even begins. The notorious Andromeda botnet has been used for years to deliver malicious payloads across multiple industries and platforms. GamaPOS is one of the newest and most dangerous POS scraping malware variants in the wild. The problem with GamaPOS is that is has a low success rate when attempting to infect new systems because there are very few POS backdoors (not to mention that media coverage of major retail breaches over the last several months have put everyone on high alert).

Operation Lotus Blossom, a New Advanced Persistent Threat, Discovered in the Wild

There have been an increasing number of advanced persistent threats (APTs) discovered in recent months. These attacks threaten PC security on a global scale and the people behind these attacks are no slouches either. To create an effective APT campaign, many resources are required that go well beyond the scope of the everyday cybercriminal out looking to make a few fraudulent dollars at the expense of others. In general, a large amount of time, money, and knowledge is required to create the custom malicious programs that are at the heart of any APT campaign. These campaigns are specifically created to carry out specific, targeted attacks against powerful targets – usually government and state-sponsored entities. Recently, a new APT campaign was discovered by security researchers from AlienVault Labs that has been dubbed Operation Lotus Blossom.

Hammertoss Malware Mimics Normal Computer Usage to Avoid Detection

One of the most common ways that modern antivirus software uses to detect malicious software is the way in which that malware behaves on the PC. In other words, the way malware acts once installed is usually a sure sign that a malware infection has occurred.  Until now… A new type of malware was recently discovered by IT security firm FireEye that actually mimics the behavior of a normal computer user while it’s compromising files on the infected PC. This new malware variant, known as Hammertoss, is so advanced that it can even time itself to work within the victim’s work schedule - making it nearly impossible to detect using the standard detection algorithms that antivirus software has relied on for years to detect malicious activity.

Emergency Microsoft Security Patch Issued Monday

Just one week before Microsoft’s newest operating system is released, a security flaw has already been discovered that affects all current versions of the Windows OS including the company’s latest addition, Windows 10. Microsoft issued an emergency security fix on Monday that has been classified as “critical” due to the severity of the vulnerability. An exploit has been discovered that essentially affords hackers complete access to a victim’s computer. According to an online security bulletin posted by Microsoft on Monday, this vulnerability allows hackers to take “complete control of the affected system.” This particular vulnerability allows hackers to install, view, change, and delete data or create new accounts with full administrative privileges.

New Version of Kovter Updates Flash to Block Other Malware

Kovter is a Trojan specifically designed to exploit advertising campaigns. Often referred to as click or advertising fraud, the Trojan is used to hijack Web browser sessions in order to simulate a victim’s machine clicking on advertisements to generate advertising revenue for the hackers behind the malware campaign. A well-known malware security researcher who calls himself Kafeine first discovered the latest version of this threat. Kafeine specializes in tracking and studying drive-by download attacks that rely on exploit kits to find vulnerabilities in popular Web browser plug-ins including Adobe Flash Player, Adobe Reader, Microsoft Silverlight, and Java. According to Kafeine, the latest version of Kovter is being distributed using multiple exploit kits that are designed to capitalize on zero day vulnerabilities found within the browser plug-ins mentioned above.

New ZeusVM Tool Allows Anyone to Build a Botnet

Back in June, security researchers discovered that the source code for both the building tool and control panel of ZeusVM had been leaked to the public. This leak means that anyone can build a Zeus-powered botnet without any programming knowledge. Initially, the leak was kept secret as security researchers from Malware Must Die (MMD) worked to keep these files from becoming widely available. Unfortunately, the leaked source code spread faster than the researchers could have imagined and as a result, MMD made information about the leak publicly available in an effort to alert security professionals around the world about this concerning threat. ZeusVM, sometimes also known as KINS, is a banking Trojan that works by hijacking the Web browser process. Once this process has been hijacked, the Trojan can modify and/or steal information being exchanged between the infected client machine and the server hosting the secure session.

Hacked Wireless Routers Being Used to Distribute Malware

Hackers often rely on compromised websites as a way to host and distribute malicious software via drive-by download attacks. A drive-by download uses an exploit kit to exploit known vulnerabilities in popular Web browser plugins including Java, Silverlight, and Adobe Flash. Recently, security researchers discovered a group of cybercriminals that have chosen to take a different path. By exploiting vulnerable wireless routers, these criminals have found a way to distribute the notorious Dyre malware strain without the need for compromised websites to deliver the payload. Dyre, which is also known as Dyreza and Battdil, is typically installed by a payload-carrying Trojan that modern antivirus software detects as “Upatre.”

Stealthy Malware Hides in Image Files

As PC users become increasingly vigilant when it comes to protecting themselves from a constant onslaught of malware threats, hackers keep coming up with clever new ways to sneak past antivirus solutions and install malware on PCs around the world. In addition to creating new ways of distributing malware, hackers have also become increasingly adept at preventing security researchers from reverse engineering many new strains of malware by using a series of basic checks on an infected system to ensure it isn’t a sandbox analysis environment. A new form of malware, known as Stegoloader, combines a new way to deliver its malicious payload with anti-detection tools that have made it difficult for security researchers to figure out exactly how it works.

Duqu 2.0: A Powerful Worm Targeting Internet Security Companies, Iran Nuclear Talks

A powerful computer worm known as Duqu 2.0 has been recently discovered in the networks of three hotels used to host the P5+1 negotiations. These negotiations included representatives from the US, UK, France, Germany, China, and Russia and were created to discuss Iranian nuclear capabilities over the last year and a half. Although the official Kaspersky report does not name the hotels in question, it is believed that this worm was deployed by a state-sponsored Israeli campaign in an attempt to gather sensitive intelligence as it relates to the nuclear talks and anything else of relevance that the worm was able to gather in the process. Although a direct link to an Israeli sponsored campaign cannot be proven at the time of this writing, it’s worth pointing out that just this past March, the US Government accused Israel of spying on the negotiations and using the intelligence gathered to persuade Congress to undermine the talks.

Zeus Isn’t Dead, New Version Evades All Antivirus Detection Tools

The venerable Zeus banking Trojan has been killed off many times; disappearing from the global Internet time and time again only to reappear with new modifications designed to improve the powerful malware’s features while avoiding modern detection software. Zeus has been used by cybercriminals around the world to orchestrate massive malware campaigns that have been responsible for millions of dollars in stolen funds over the last several years.

Free Software Lets Anyone Create Ransomware in a Just Few Minutes

Ransomware was a big threat to PC users around the world in 2014 and although a few ransomware variants have made headlines this year, there could be a massive increase in the number of ransomware campaigns during the next several months thanks to a new, free tool available for anyone to download. This program, known as Tox, was created and released by a hacker who has yet to be identified. Essentially, Tox is a ransomware-as-a-service kit. While similar kits have been made available to wannabe hackers in the past, most of these kits cost money to get started. Tox, on the other hand, does not charge users for its service - at least not up front. Rather than charge an upfront fee for ransomware creation, the creator of Tox opted to offer the service for free; choosing instead to charge a 20% fee on any success ransom attempts created using Tox.


Page 49 of 53

<< Start < Prev 41 42 43 44 45 46 47 48 49 50 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal