#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Remove virus | Breaking Cybersecurity News | The Hacker News

Why I decided to uninstall Microsoft Security Essentials Antivirus?

Why I decided to uninstall Microsoft Security Essentials Antivirus?

Jan 18, 2013
Today I decided to remove Microsoft Security Essentials Antivirus from my system because Security Essentials failed another certification test by independent testing lab, AV-Test Institute. Microsoft's Security Essentials antivirus for Windows XP, Vista, and Windows 7 is a free add-on to Windows Defender, which blocks adware and spyware on Windows. In its review , AV-Test revealed that 22 of the 25 programs that were tested passed the test, but Security Essentials came up short. The lab tested all programs across three areas: protection, repair ability and usability of the whole computer based on the impact of the software. " We always used the most current publicly-available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components
Beware of Fake-Antivirus "Win 8 Security System"

Beware of Fake-Antivirus "Win 8 Security System"

Nov 01, 2012
Late in August McAfee Labs discovered a Fake Antivirus program that claims to detect infections, and displays alerts to scare users into purchasing protection. On the contrary, this program is not genuine software and has nothing to do with reliable and effective AV tools. The truth is that this is another scam application developed to enter your PC through vulnerabilities in outdated programs. Trend Micro, which detects the threat as TROJ_FAKEAV.EHM said, " After infecting a user's system, this malware scares its victim into buying the "product" by displaying fake security messages, stating that the computer is infected with spyware or other malware and only this product can remove it after you download the trial version. As soon as the victim downloads Win 8 Security System, it pretends to scan your computer and shows a grossly exaggerated amount of nonexistent threats ". This sort of malware is commonplace, with examples existing for Windows XP, Windows Vista, Windows 7 and even
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Malware making bomb and death threats detected

Malware making bomb and death threats detected

Oct 29, 2012
Japanese police had arrested three people, accused them of making death threats via email and discussion forums. However, later Researchers at Symantec have determined that a piece of malware was making death and bomb threats online on behalf of its victims infected. Symantec  confirmed that the malware " Backdoor.Rabasheeta " is capable of controlling a compromised computer from a remote location and the creator has the capability to command the malware to make the threats like bomb and murders. The most curious thing about this particular dropper is that it comes with a graphical user interface (GUI). The dropper for Backdoor.Rabasheeta drops a main module and a configuration file. The dropper creates a registry entry so that the main module is executed whenever the compromised computer starts. This dropper also modifies CreationTime, LastWriteTime, and LastAccessTime of the main module with random values to help keep it hidden. Then the dropper will execute the main mod
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Ransomware malware targeting Skype users

Ransomware malware targeting Skype users

Oct 08, 2012
Security firm Trend Micro discovered a new worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. A malicious worm is taking advantage of the Skype API to spam out messages that link to a ZIP files ie. skype_06102012_image.zip or skype_08102012_image.zip, which is actually detected as Troj/Agent-YCW or Troj/Agent-YDC by Antivirus. According to definition -  Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website. The message contains the question: "lol is this your new profile pic? h__p://goo.gl/{BLOCKED}5q1sx?img=username" or "moin, kaum zu glauben was für schöne fotos von dir auf deinem
Cyber attack on Iran’s Internet system Disrupts Iran Internet

Cyber attack on Iran's Internet system Disrupts Iran Internet

Oct 04, 2012
IRAN state official has said that Cyber attackers have targeted Iranian infrastructure and communications companies, disrupting the Internet across the country. " Yesterday we had a heavy attack against the country's infrastructure and communications companies which has forced us to limit the Internet ," Iran the world's no. 5 oil exporter, has tightened cyber security since its uranium enrichment centrifuges were hit in 2010 by the Stuxnet computer worm, which Tehran believes was planted by arch-adversaries Israel or the United States. Last week, the Islamic republic cut citizens' access to Gmail and the secure version of Google Search. Gmail has since been restored. Since sites such as Youtube and Facebook were used to organise mass anti-government protests against the re-election of President Mahmoud Ahmadinejad back in 2009, the Iranian government has maintained one of the world's largest internet filters, blocking access to thousands of sites and IP address
300% Increase in malnets Attack in the past six months

300% Increase in malnets Attack in the past six months

Oct 03, 2012
Blue Coat systems has undertaken detailed research into the use of 'malnets' by criminals to help support their various attacks in order to uncover the best ways to take down these systems. Botnet infections are commonly spread though compromised websites seeded with malicious scripts and promoted via black hat SEO tactics such as link farms. These malware networks, or malnets, pose a growing threat, The company said the number of malnets now stands at more than 1,500, an increase of 300% in the past six months, and it expects they will be, "responsible for two-thirds of all malicious cyberattacks in 2012." According to Blue Coat, the largest known malnet is Shnakule, which has used up to 5,005 malicious hosts or servers at any given time, depending on the capabilities needed at any given moment by its operators. Blue Coat believes that Shnakule is controlled by a single gang, and it's been used to serve up just about every type of known attack, including &quo
Android Malware can now steal 3D Model Of Your Location

Android Malware can now steal 3D Model Of Your Location

Sep 30, 2012
It's a fact that as smartphones get more capable, the possibilities for their misuse also increase. They're already exploited by crooks to swipe personal information, but a new Android app created by the U.S. Navy is on another level entirely. It's a scary piece of malware called " PlaceRaider " that was developed by the US Naval Surface Warfare center and for now it is being viewed as just a proof of concept. According to the MIT Technology Review, researchers at Indiana University and the Naval Surface Warfare Center have developed a new form of malware designed to record and reconstruct a victim's environment. They has just worked out how to infect a mobile phone with a Trojan that can take photos without you knowing anything about it and send sensor data back to a server. The data are used to construct a 3D model which can be used not only to perform the reconnaissance necessary to break in, but also to steal confidential information such as bank details. O
Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Sep 19, 2012
Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer browser is being actively attacked in the wild. Four active exploits of a zero-day vulnerability in the browser exists. Microsoft will push out an out-of-cycle Windows patch to temporarily fix the critical Internet Explorer flaw. Security researcher Eric Romang identified the exploit code on a server used by the "Nitro" hacking group, believed to have exploited the Java zero-day vulnerability reported last month.  Security firm Rapid7 advises that Internet users try a different Web browser. The malware may be linked to an ongoing attack on companies that has been dubbed "Nitro", and was first discovered in October by Symantec. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability , similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT)
First Irish language Ransomware Malware demanding €100 for unlock

First Irish language Ransomware Malware demanding €100 for unlock

Sep 08, 2012
A new Ransomware Malware dubbed Gaeilge  locks up an infected computer and attempts to extort €100 from the user for an unlock code. The demand for cash reportedly appeared in poorly written Gaelic, and the software nastie was spotted on a computer in County Donegal, Ireland. Gaeilge tell computer users that attempts to access online pornography sent it into shut-down mode. But instead of giving in to the monetary request, the victim took the compromised machine to the repair store, The Register said . Ransomware  (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Technician Brian McGarvey of Techie2u computer repairs told that it was the first time he'd come across a virus written in the Irish language during his 12 years of experience in the job. " It'
Operation Aurora - Other Zero-Day Attacks targeting finance and Energy

Operation Aurora - Other Zero-Day Attacks targeting finance and Energy

Sep 08, 2012
The infamous Aurora Trojan horse is just one of many attacks launched by the same group of malware authors over the past three years, according to researchers at Symantec. Security researchers with Symantec have issued a report outlining the techniques used by the so-called " Edgewood " hacking platform and the group behind it. The group seemingly has an unlimited supply of zero-day vulnerabilities. The company said that the group is well-funded and armed with more than a half-dozen unpublished security vulnerabilities. " They are definitely shifting their methodology, and there are open questions about why that is ," said Eric Chien, senior technical director for Symantec's security response group. " They may be finding that older techniques are no longer working ." " The number of zero-day exploits used indicates access to a high level of technical capability. "The researchers said that the group appears to favour "watering hole&quo
New Ransom malware infecting computers

New Ransom malware infecting computers

Sep 03, 2012
The Metropolitan Police have issued an urgent warning about a new ransom malware that is in circulation. Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. " The "malware" infects personal computers after users have accessed certain websites. *(It should be noted that there are several similar designs currently in circulation) " Ransomware typically propagates like a typical computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload which will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim's plaintext with a random symmetric key and a fixed public key. The malware author is th
Cross Platform Trojan steals Linux and Mac OS X passwords

Cross Platform Trojan steals Linux and Mac OS X passwords

Aug 27, 2012
Russian anti-virus company Doctor Web reported about the first cross-platform backdoor to run under Linux and Mac OS X identified as " BackDoor.Wirenet.1 ". This malicious program designed to steals passwords entered by the user in Opera, Firefox, Chrome, and Chromium, and passwords stored by such applications as Thunderbird, SeaMonkey, and Pidgin. BackDoor.Wirenet.1 is the first-ever Trojan that can simultaneously work on these operating systems. BackDoor.Wirenet.1 is still under investigation. At launch BackDoor.Wirenet.1 creates a copy in the user's home directory. To interact with the command server located at 212.7.208.65, the malware uses a special encryption algorithm Advanced Encryption Standard (AES). BackDoor.
FireEye spotted Critical 0-day vulnerability in Java Runtime Environment

FireEye spotted Critical 0-day vulnerability in Java Runtime Environment

Aug 27, 2012
FireEye's Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java.Researcher. Atif Mushtaq wrote on the company's blog that he spotted the initial exploit on a domain that pointed to an IP address in China. The vulnerability allows computers to be infected by simply visiting a specially crafted web page, and the malware served in the current attacks contacts a C&C server in Singapore. Researchers from heise Security have also created a PoC page using information that is publicly available. A separate post published on Monday by researchers Andre M. DiMino and Mila Parkour said the number of attacks, which appear to install the Poison Ivy Remote Access Trojan, were low. But they went on to note that the typical delay in issuing Java patches, combined with the circulation of exploit code, meant it was only a matter of time until the vulnerability is exploited more widely by other attackers.
Hijacking Servers Remotely with Hikit advanced persistent threat

Hijacking Servers Remotely with Hikit advanced persistent threat

Aug 26, 2012
Security researchers have revealed the existence of an advanced persistent threat that has been making the rounds since April 2011.  Backdoor.Hikit  is a dangerous backdoor Trojan that will damage infected system and files. Usually, Backdoor. Hikit will open backdoor to allow remote attackers to connect to the infected system and carry out harmful activities, such as stealing information or destroying files and programs. It is really stubborn those antiviruses often fail to delete it for good, for it runs secretly and automatically when Windows boots without your knowledge or consent and can disguise it as fake system files or processes. Besides, many other threats, such as adware, redirecting virus, Trojan variants from family, such as Trojan Horse Generic 27.PN, BackDoor.Hupigon5.CJMY, Trojan.Zeroaccess.C, Trojan:win64/Sirefef.E and so on, which is really a threat to system and data security. According to experts from security firm Symantec , it all starts with the unknown dropper
Hijacking Virtual Machines with Crisis malware

Hijacking Virtual Machines with Crisis malware

Aug 22, 2012
The Windows version of Crisis , a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec.The installer was actually a Java archive (JAR) file which had been digitally signed by VeriSign. Crisis is distributed via social engineering attacks that trick users into running a malicious Java applet. The applet identifies the user's OS, Windows or Mac OS X and executes the corresponding installer. " The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device ," Symantec explained in a blog post . Malware authors are putting significant efforts into making sure that new variants of their Trojan programs are not detected by antivirus products when they are released. Also
Half Million Chinese Android Devices got infected with SMSZombie

Half Million Chinese Android Devices got infected with SMSZombie

Aug 21, 2012
The amount of malware crafted and aimed at Android devices is ever-increasing. With Android being the most popular platform for smartphones and tablets around the world, Android users have become the low-hanging fruit when it comes to writing malware by the nefarious users. A new Android threat has affected 500,000 devices in China so far. Analysts at TrustGo Security Labs have discovered the Trojan!SMSZombie.A. It is a complex and sophisticated malware that exploits a vulnerability in the China Mobile SMS Payment System to fund unauthorised payments, steal bank card numbers and receipt information regarding money transfers. The trojan is difficult to detect, and even more difficult to remove.  SMSZombieA was first discovered on August 8, and the malware is embedded in several wallpaper apps. The wallpaper apps are noted to use provocative titles and nude images to encourage users to download. The trojan installs itself on a device after its user has downloaded and installed the app
MyAgent Trojan Targets Defense and Aerospace Industries

MyAgent Trojan Targets Defense and Aerospace Industries

Aug 16, 2012
FireEye Security experts are analyzing a targeted trojan that leverages emailed PDF files to gain access to systems and deliver its payload to specified networks in the aerospace, chemical, defense and tech industries. " We have seen different versions of this malware arriving as an exe inside a zipped file or as a PDF attachment. In this particular sample, the exe once executed opens up a PDF file called "Health Insurance and Welfare Policy." In addition to opening up a PDF file, the initial exe also drops another executable called ABODE32.exe (notice the typo) in the temp directory ." The malware also uses JavaScript to assess which version of Adobe Reader is currently running on the host machine, and then executes attacks based on known vulnerabilities in the discovered version. Once the trojan has infected its host machine, it communicates with its command and control server, the user agent string and URI of which are hard-coded into MyAgent's binary. FireEye
Bafruz trojan vs Microsoft : Malicious Software Removal Tool Updated

Bafruz trojan vs Microsoft : Malicious Software Removal Tool Updated

Aug 16, 2012
There's a new family of malware that's using a complex set of capabilities to disable antimalware and listen in on sessions between users and some social networks. Bafruz is essentially a backdoor trojan that also is creating a peer-to-peer network of infected computers. Microsoft has announced that its Microsoft Malicious Software Removal Tool has recently been modified to detect two new malware families, Matsnu and Bafruz. The payload seems to start by terminating a long list of security processes listed in its code. It then displays a fake system alert that looks like that of any standard rogue AV attack. The device actually restarts in Safe Mode. Here, the malware can disable all the security products more easily, allowing it to perform its other tasks without being interrupted. " This may lead the user into believing all is well with their security product, while in the meantime, Bafruz is downloading additional components and malware onto the computer in the back
Airport VPN hacked using Citadel malware

Airport VPN hacked using Citadel malware

Aug 16, 2012
It sounds like an air traveler's nightmare, Researchers at Trusteer recently uncovered a variant of the Citadel Trojan targeting the virtual private network (VPN) credentials used by employees at a major airport.The firm would not disclose the name of the airport because the situation is being investigated by law enforcement. Many businesses use VPNs to provide outside workers with access to secure data. Incursions on these networks often involve advanced "Man in the Browser" malware such as the Citadel, Zeus, and SpyEye programs. The man-in-the-browser (MITB) assault first used form-grabbing malware, which steals data entered into web forms before it is passed over the internet, to steal the airport employees' VPN usernames and passwords, Amit Klein, Trusteer's chief technology officer, said in a blog post. "This was potentially very dangerous, but we don't know whether the attacker group was targeting the financial system of the airport for economic gain or if the attack wa
17 years old hacker will demonstrate Linux ELF Virus at 'The Hackers Conference 2012'

17 years old hacker will demonstrate Linux ELF Virus at 'The Hackers Conference 2012'

Jul 22, 2012
The Biggest Hacking Mania has arrived - ' The Hackers Conference 2012 '.  In this first of its kind conference in India, Blackhat hackers drawn from around the world will demonstrate how they access a victim's personal information, and even confidential data available on the Android cell phone. The conference will be held on July 29 at the India Habitat Centre in New Delhi. The use of Linux as an operating system is increasing rapidly, thanks partly topopular distributions such as 'RedHat' and 'Suse'. So far, there are very few Linuxfile infectors and they do not pose a big threat yet. However, with more desktopsrunning Linux, and probably more Linux viruses, the Linux virus situation couldbecome a bigger problem. 17 years old hacker, Aneesh Dogra will talk on " How to make a Linux ELF Virus (That works on your latest linux distribution) " at ' The Hackers Conference 2012 ' . Linux or Unix has the reputation of being "not so buggy", and of be
Cybersecurity Resources