Antivirus | Breaking Cybersecurity News | The Hacker News

In late 2013, Security Researchers identified thousands of Linux systems around the world infected with the OpenSSH b ackdoor trojan and  credential stealer  named Linux/Ebury ,  that allows  unauthorized access of an affected computer to the remote attackers. Antivirus Firm ESET's Reseacher team has been tracking and  investigating the operation behind Linux/Ebury and today team  uncovers the details [ Report PDF ] of a massive,  sophisticated and organized  malware campaign called ' Operation Windigo ', infected more than 500,000 computers and 25,000 dedicated servers. ' We discovered an infrastructure used for malicious activities that is all hosted on compromised servers. We were also able to find a link between different malware components such as Linux/Cdorked, Perl/Calfbot and Win32/Glupteba.M and realized they are all operated by the same group. '  ESET reported. Malware used in Operation Windigo: Linux/Ebury –  an OpenSSH backdoor use

The Continuous Growth of spyware, their existence, and the criminals who produce & spread them are increasing tremendously. It's difficult to recognize spyware as it is becoming more complex and sophisticated with time, so is spreading most rapidly as an Internet threat. Recently, The security researchers have unearthed a very complex and sophisticated piece of malware that was designed to steal confidential data and has ability able to capture network traffic. The Researchers at the German security company G Data Software , refer the malware as Uroburos , named after an ancient symbol depicting a serpent or dragon eating its own tail, and in correspondence with a string ( Ur0bUr()sGotyOu# ) lurking deep in the malware's code.  The researchers claimed that the malware may have been active for as long as three years before being discovered and appears to have been created by Russian developers. Uroburos is a rootkit designed to steal data from secure facilit

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Do you know, A Computer viruses could go Airborne over WiFi networks? Security researchers at the University of Liverpool  in Britain have demonstrated a WiFi virus that can spread between computer networks just like the ' common cold ' spreads between Humans. They have created a proof-of-concept which can infect the entire wireless network instead of a single computer at a time,  that replaces the firmware of the vulnerable Access Point (AP) with a virus-loaded version, and then propagates itself to the next victim on the WiFi network . The  WiFi  based virus named as ' Chameleon ', that can self-propagate over WiFi networks from access point to access point,  but  doesn't affect the working of the Wireless Access Point. This Virus is able to identify WiFi access points that are not protected by encryption and passwords, according to the research paper . It can badly hit less-protected open access WiFi networks available in coffee shops or airp

We use our Smartphone devices to do almost everything, from Internet Banking to Sharing private files and at the same pace, the mobile malware sector is also growing. The number of variants of malicious software aimed at mobile devices has reportedly risen about 185% in less than a year.  Security researchers have observed a growth in the numbers of computer malware families starting to use TOR-based communications, but recently the Security Researchers at anti-virus firm Kaspersky Lab have spotted  the world's first Tor-Based Malware for Android Operating system. The Android Malware dubbed as ' Backdoor. AndroidOS .Torec.a ', using Tor hidden service protocol for stealth communication with Command-and-Control servers. Researchers detected that the Trojan is running from .Onion Tor domain and working on the functionality of an open source Tor client for Android mobile devices, called ' Orbot ', thus eliminating the threat of the botnet being de

Zeus , a financially aimed Banking Trojan that comes in many different forms and flavors, is capable to steal users' online-banking credentials once installed. This time, an infamous  Zeus Trojan has turned out to be a more sophisticated piece of malware that uses web-crawling action . Instead of going after Banking credentials and performing malicious keystroke logging, a new variant of Zeus Trojan focuses on Software-as-a-service (SaaS) applications for the purpose of obtaining access to proprietary data or code. The SaaS Security firm vendor Adallom , detected a targeted malware attack campaign against a Salesforce.com customer, which began as an attack on an employee's home computer. Adallom found that the new variant had web crawling capabilities that were used to grab sensitive business data from that customer's CRM instance. The Security firm noticed the attack when they saw about 2GB of data been downloaded to the victim's computer in less than 10

A Sophisticated cyber spying operation, ' The Mask ', that has been under the mask for about 7 years targeting approximately 31 countries, has now been 'unmasked' by researchers at Kaspersky Labs . The Researchers believe that the program has been operational since 2007 and is seems to be sophisticated nation-state spying tool that targeted government agencies and diplomatic offices and embassies before it was disclosed last month. In the unveiling document published by Kaspersky , they found more than 380 unique victims, including Government institutions, diplomatic offices/embassies, private companies, research institutions, activists etc. The name " Mask " comes from the Spanish slang word "Careto" (" Ugly Face " or " Mask ") which the authors included in some of the malware modules. Developers of the ' Mask ' aka ' Careto ' used complex tool-set which includes highly developed malware , bootkit, rootkit etc. that has the ability t

Process Explorer , a part of the Microsoft's Sysinternals suite of applications is an alternate task manager for Windows, which offers far more features than 'on-board'. Microsoft's Windows Sysinternal Suite has released the latest version of Process Explorer v16.0  that has an awesome feature which allows a user to scan any running program files with a web-based multi-antivirus scanner VirusTotal . Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal,  and if they have been previously scanned, it reports how many antivirus engines identified them as possibly malicious. This new version of 'Process Explorer' is better than ever before, and is quite fast that allows you to find unwanted malware  immediately and respective hyper-linked result takes you to VirusTotal.com's  detailed report page and there you can even submit more files for scanning. Whenever your system starts doing sluggish behavior

These days botnets are all over the news. In simple terms, a botnet is a group of computers networked together, running a piece of malicious software that allows them to be controlled by a remote attacker. A major target for most of the malware is still Windows, but the growing market of Mac OS X, Linux and Smartphones, is also giving a solid reason to cyber criminals to focus. Recently, Kaspersky Lab has detected another cross-platform Java-Bot , capable of infecting computers running Windows, Mac OS X, and Linux that has Java Runtime Environment installed. Last year, Zoltan Balazs - CTO at MRG Effitas submitted the samples of malicious Java application for analysis to Kaspersky Lab and they identified it as HEUR : Backdoor.Java.Agent.a . According to researchers, to compromise computers, Java-Bot is exploiting a previously known critical Java vulnerability CVE-2013-2465 that was patched in last June. The vulnerability persists in Java 7 u21 and earlier vers

In the last quarter of 2013, sale of a Smartphone with ANDROID operating system has increased and every second person you see is a DROID user. A Russian security firm ' Doctor Web' identified the first mass distributed Android bootkit malware called ' Android.Oldboot ', a piece of malware that's designed to re-infect devices after reboot, even if you delete all working components of it. The bootkit Android.Oldboot has infected more than 350,000 android users in China, Spain, Italy, Germany, Russia, Brazil, the USA and some Southeast Asian countries. China seems to a mass victim of this kind of malware having a 92 % share. A Bootkit is a rootkit malware variant which infects the device at start-up and may encrypt disk or steal data, remove the application, open connection for Command and controller. A very unique technique is being used to inject this Trojan into an Android system where an attacker places a component of it into the boot

Malware code can be very small, and the impact can be very severe! The Antivirus firm AVAST spotted a malicious version of the open source FTP (File Transfer Protocol) software ' FileZilla ' out in the wild. The software is open source, but has been modified by the hackers that steal users' credentials, offered on various hacked sites for download with banner or text ads. Once installed, the software's appearance and functionalities are equal to the original version, so a user cannot distinguish between the fake or real one, and the malware version of the " .exe " file is just slightly smaller than the real one. " The installed malware FTP client looks like the official version and it is fully functional! You can't find any suspicious behavior, entries in the system registry, communication or changes in application GUI ." The only difference is that the malware version use 2.46.3-Unicode and the official installer use v2.45-Unicode , as

We are continuously keeping our eye on new variants of the widely spread Ransomware family like Cryptolocker , Prison Locker, Copycat and Locker which encrypts your files and ask for a random amount to decrypt it.  If infected by such malware, to be very honest, there is no hope for recovering your documents without paying a ransom amount to the cyber criminals. Online users are now facing another similar ransomware called ' CryptorBit ', ( Virustotal report ) first spotted on September 2013. It is not a variant of Cryptolocker but it does exactly the same thing i.e. Encrypt all the files on the Hard Disk. CryptorBit is an infection that activates by clicking links in a spam message or malicious email, or websites while browsing the web, or by opening an attachment in an email from a malicious source. Once your system gets infected by the CryptorBit, it will encrypt your files and hold them until a ransom of $50 - $500 or more is not paid. It will display

Cyber criminals are taking advantage of the widespread popularity of the mobile messaging app ' WhatsApp '. A malware expert at the Kaspersky Lab revealed a large-scale spamming campaign, advertising a fake PC version of the WhatsApp , to spread a banking trojan. According to the report, unaware users have received an email written in Portuguese language , it also tries to deceive the recipient with a social engineering tactic in which cyber criminals composed the malicious email informing that victims already have 11 pending friend invitations.  If users click on the " Baixar Agora " (Download Now) link in the spam email, they will be redirected to a Hightail.com URL to download the Trojan. Hightail is a cloud storage service, the malicious component deployed on it then downloads the malware via a server in Brazil. The file stored on Hightail server looks like a 64-bit installation file bundled with 2.5 megabyte MP3 file. According to Virus Total engine, onl

U.S. has the top Security Agencies like NSA, FBI to tackle cyber crime and terrorism with their high profile surveillance technologies, but even after that U.S is proudly hosting 44% of the entire cloud based malware distribution. With the enhancement in Internet technology, Cloud computing has shown the possibility of existence and now has become an essential gradient for any Internet Identity. Cloud services are designed in such a way that it is easy to maintain, use, configure and can be scaled depending upon the requirement of the service being provided using the CLOUD technology with cost effective manner. Due to the Easy and Cost effective alternative of traditional computing, Malware writers are using the big cloud hosting platforms to quickly and effectively serve malware to Internet users, allowing them to bypass detection and geographic blacklisting by serving from a trusted provider. Hiding behind trusted domains and names is not something new. According to recently

Like Bitcoin, There are numerous other cryptocurrency similar in nature, including  MasterCoin , ProtoShares, Litecoin, Peercoin, BitBar and many more. One of them is  Primecoin  (sign: Ψ; code: XPM),  a peer-to-peer open source cryptocurrency that implements a scientific computing proof-of-work system. Unlike Bitcoin or other virtual currencies, only Primecoin provides a proof of work that has intrinsic value. It generates a special form of prime number chains, known as ' Cunningham chains & bi-twin chains ' and has a real world importance in mathematical research. Worldwide famous RSA Encryption basically uses two prime numbers for generating a RSA key pair. If you are able to factorize the public key and find these prime numbers, you will then be able to find the private key. Thus, the whole Security of RSA encryption is based on the length of prime numbers. So, Primecoin plays a great role for crypto researchers to get large... and a very large number of Primes. Like