The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: computer virus

Duuzer Trojan: A New Backdoor Targeting South Korean Organizations

Duuzer Trojan: A New Backdoor Targeting South Korean Organizations

October 27, 2015Khyati Jain
Security researchers at Symantec have uncovered a new Backdoor Trojan that grants hackers remote access and some control over infected machines. " Duuzer ," as dubbed by the researchers, has been targeting organizations in South Korea and elsewhere in an attempt to steal valuable information. The Trojan is designed to infect both 32-bit and 64-bit computers running Windows 7, Windows Vista, and Windows XP. Duuzer gives attackers remote access to the compromised computer, allowing them to: Collect system and drive information Create, enumerate, and end processes Access, modify and delete files Upload and Download additional files Change the time attributes of files Execute malicious commands Steal data from infected system Know about victim's Operating System Duuzer Infects via Spear Phishing or Watering Hole Attacks It is currently unclear how the malware is being distributed, but according to Symantec Researchers, the most obvious routes ar
This Malware Can Delete and Replace Your Entire Chrome Browser with a lookalike

This Malware Can Delete and Replace Your Entire Chrome Browser with a lookalike

October 20, 2015Swati Khandelwal
Security researchers have uncovered a new piece of Adware that replaces your entire browser with a dangerous copy of Google Chrome , in a way that you will not notice any difference while browsing. The new adware software, dubbed " eFast Browser ," works by installing and running itself in place of Google Chrome The adware does all kinds of malicious activities that we have seen quite often over the years: Generates pop-up, coupon, pop-under and other similar ads on your screen Placing other advertisements into your web pages Redirects you to malicious websites containing bogus contents Tracking your movements on the web to help nefarious marketers send more crap your way to generating revenue Therefore, having eFast Browser installed on your machine may lead to serious privacy issues or even identity theft. What's Nefariously Intriguing About this Adware? The thing that makes this Adware different from others is that instead of taking contr
Cisco Takes Down Ransomware Operation Generating $30 Million in Revenue For Hackers

Cisco Takes Down Ransomware Operation Generating $30 Million in Revenue For Hackers

October 07, 2015Swati Khandelwal
This will blow the minds of every single cyber criminal group out there – Researchers have discovered a group of hackers that is making an estimated $30 Million a year from their online criminal operation. Yes, $30 MILLLLLLION annually. Researchers from cyber security firm Cisco announced that they discovered a large ransomware campaign connected to the Angler Exploit Kit , one of the most potent exploit kits available in the underground market for hacking into computers. Researchers noticed that the large percentage of infected users were connecting to servers belonging to hosting provider Limestone Networks . After digging out more, they estimated that a single hacker or a group of hackers is targeting up to 90,000 end users a day. Here are some estimates by Cisco researchers after investigating the operation: Life of an Angler exploit server is one day Around 3600 users are compromised per day by ransomware 3% of targets paid the average ransom demand of
New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps

New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps

September 30, 2015Swati Khandelwal
A network of compromised Linux servers has grown so powerful that it can blow large websites off the Internet by launching crippling Distributed Denial-of-service (DDoS ) attacks of over 150 gigabits per second (Gbps). The distributed denial-of-service network, dubbed XOR DDoS Botnet , targets over 20 websites per day , according to an advisory published by content delivery firm Akamai Technologies. Over 90 percent of the XOR DDoS targets are located in Asia, and the most frequent targets are the gaming sector and educational institutions. XOR creator is supposed to be from China, citing the fact that the IP addresses of all Command and Control (C&C) servers of XOR are located in Asia, where most of the infected Linux machines also reside. How XOR DDoS Botnet infects Linux System? Unlike other DDoS botnets , the XOR DDoS botnet infects Linux machines via embedded devices such as network routers and then brute forces a machine's SSH service to gain ro
Lenovo Caught Using Rootkit to Secretly Install Unremovable Software

Lenovo Caught Using Rootkit to Secretly Install Unremovable Software

August 12, 2015Swati Khandelwal
Two years ago Chinese firm Lenovo got banned from supplying equipment for networks of the intelligence and defense services various countries due to hacking and spying concerns. Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware . One of the most popular Chinese computer manufacturers 'Lenovo' has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells. The feature is known as " Lenovo Service Engine " (LSE) – a piece of code presents into the firmware on the computer's motherboard.  If Windows is installed, the LSE automatically downloads and installs Lenovo's own software during boot time before the Microsoft operating system is launched, overwriting Windows operating system files. More worrisome part of the feature is that it injects software that updates drivers, firmware, and oth
Hacking Team Spyware preloaded with UEFI BIOS Rootkit to Hide Itself

Hacking Team Spyware preloaded with UEFI BIOS Rootkit to Hide Itself

July 14, 2015Mohit Kumar
Last Week someone just hacked the infamous Hacking Team , The Italy-based cyber weapons manufacturer and leaked a huge trove of 400GB internal data , including: Emails Hacking tools Zero-day exploits Surveillance tools Source code for Spyware A spreadsheet listing every government client with date of purchase and amount paid Hacking Team is known for its advanced and sophisticated Remote Control System (RCS) spyware , also known as Galileo , which is loaded with lots of zero-day exploits and have ability to monitor the computers of its targets remotely. Today, Trend Micro security researchers found that the Hacking Team " uses a UEFI  (Unified Extensible Firmware Interface)  BIOS Rootkit to keep their Remote Control System (RCS) agent installed in their targets' systems ." That clearly means, even if the user reinstalls the Operating System, formats the hard disk, and even buys a new hard disk, the agents are implanted after Microsoft Windows is
This 20-year-old Student Has Written 100 Malware Programs in Two Years

This 20-year-old Student Has Written 100 Malware Programs in Two Years

July 04, 2015Swati Khandelwal
Security firm Trend Micro has identified a 20-year-old Brazilian college student responsible for developing and distributing over 100 Banking Trojans selling each for around US$300 . Known online as ' Lordfenix ', ' Hacker's Son ' and ' Filho de Hacker ', the computer science student first began his career by posting in forums, asking for programming help for a Trojan he was developing, researchers said. Developed More than 100 Trojans However, Lordfenix has "grown quite confident in his skills" and began developing and distributing malware tailored to pilfer financial information since at least 2013. "Based on our research, Lordfenix has created more than 100 different banking Trojans , not including his other malicious tools, since April 2013," Trend Micro says . "With each Trojan costing around R$1,000 (roughly $320), this young cybercriminal channeled his talent in programming into a lucrative, illegal venture." Trend Mi
Creator of Blackshades Malware Jailed 4 Years in New York

Creator of Blackshades Malware Jailed 4 Years in New York

June 24, 2015Mohit Kumar
A Swedish man who was the mastermind behind the $40 BlackShades Remote Access Tool (RAT) that infected over half a million systems around the world was sentenced to almost five years in a U.S. prison on Tuesday. Alex Yücel , 25, owned and operated an organization called "BlackShades" that sold a sophisticated and notorious form of software, called RAT, to several thousands of hackers and other people in more than 100 countries for prices ranging from $40 to $50. BlackShades malware was designed to capture keystrokes, steal usernames and passwords for victims' email and Web services, FTP clients, instant messaging applications, and lots more. In the worst case, the malicious software even allowed hackers to take remote control of victim's computer and webcam to pilfer photos or videos without the knowledge of the computer owner. Yucel (a.k.a. " marjinz ") was sentenced to four and three-quarter years in prison by U.S. District Judge Kev
Beebone Botnet Taken Down By International Cybercrime Taskforce

Beebone Botnet Taken Down By International Cybercrime Taskforce

April 10, 2015Swati Khandelwal
U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected more than 12,000 computers worldwide , allowing hackers to steal victims' banking information and other sensitive data. The law enforcement agencies from the United States, United Kingdom and the European Union conducted a joint operation to get rid of the botnet across the globe and seized the command-and-control server that had been used to operate the nasty Beebone (also known as AAEH ) botnet . What's a Botnet? A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims. Basically, a "botnet" is a hacker's "robot" that does the malicious work directed by hackers. Hackers and Cyber Criminals have brushed up their hacking skills and started using Botnets as a cyber weapon to carry out multiple crimes such as DDoS attacks
Europol Takes Down RAMNIT Botnet that Infected 3.2 Million Computers

Europol Takes Down RAMNIT Botnet that Infected 3.2 Million Computers

February 25, 2015Mohit Kumar
It seems like the world has declared war against the Cyber Criminals. In a recent update, we reported that FBI is offering $3 Million in Reward for the arrest of GameOver Zeus botnet mastermind, and meanwhile British cyber-police has taken down widely-spread RAMNIT botnet . The National Crime Agency (NCA) in a joint operation with Europol's European Cybercrime Centre (EC3) and law enforcement agencies from Germany, Italy, the Netherlands, and the United Kingdom has taken down the Ramnit "botnet", which has infected over 3.2 million computers worldwide, including 33,000 in the UK. Alike GameOver Zeus, RAMNIT is also a ' botnet ' - a network of zombie computers which operate under criminal control for malicious purposes like spreading viruses, sending out spam containing malicious links, and carrying out distributed denial of service attacks (DDoS) in order to bring down target websites. RAMNIT believes to spread malware via trustworthy links se
China-made E-Cigarette Chargers Could Infect Your Computer with Virus

China-made E-Cigarette Chargers Could Infect Your Computer with Virus

November 27, 2014Swati Khandelwal
It's better for smokers to quit smoking. Are you using electronic cigarettes (E-cigarettes) instead normal ones?? Still, you should quit your smoking habit, because it not only damages your health, but could pose a danger risk to the health of your computer. E-cigarettes have become the latest vector for hackers to distribute malicious software. E-cigarettes manufactured in China are reportedly being used to spread malware via a USB port to computers when users plug in for charging it up. The report broke when an executive at a "large corporation" had been infected with malware from an undetermined source after he quit smoking and switched to e-cigarettes made in China, detailed a recent post to social news forum Reddit . Further investigating the matter, he found that the chargers of the e-cigarettes - bought from the online auction site eBay for $5 - are hard-coded with the malware that infected his workstation despite having latest virus and anti m
Detekt — Free Anti-Malware Tool To Detect Govt. Surveillance Malware

Detekt — Free Anti-Malware Tool To Detect Govt. Surveillance Malware

November 21, 2014Swati Khandelwal
Human rights experts and Privacy International have launched a free tool allowing users to scan their computers for surveillance spyware, typically used by governments and other organizations to spy on human rights activists and journalists around the world. This free-of-charge anti-surveillance tool, called Detekt , is an open source software app released in partnership with Human rights charity Amnesty International, Germany's Digitale Gesellschaft, the Electronic Frontier Foundation ( EFF ) and Privacy International, in order to combat government surveillance. NEED AN EYE FOR AN EYE The global surveillance carried out by the US National Security Agency (NSA) and other government agencies recently disclosed by the former NSA contractor Edward Snowden shed light on just how far our own government can go to keep track of citizens, whether innocent or otherwise. Therefore, such tool will help them see if their devices have been infected by any spyware. Detekt was dev
Suspected Wirelurker iOS Malware Creators Arrested in China

Suspected Wirelurker iOS Malware Creators Arrested in China

November 18, 2014Mohit Kumar
It's been almost two weeks since the WireLurker malware existence was revealed for the first time, and Chinese authorities have arrested three suspects who are allegedly the authors of the Mac- and iOS-based malware that may have infected as many as hundreds of thousands of Apple users. The Beijing Bureau of Public security has announced the arrest of three suspects charged with distributing the WireLurker malware through a popular Chinese third-party online app store. The authorities also say the website that was responsible for spreading the malware has also been shut down. "WireLurker" malware was originally discovered earlier this month by security firm Palo Alto Networks targeting Apple users in China. The malware appeared as the first malicious software program that has ability to penetrate the iPhone's strict software controls. The main concern to worry about this threat was its ability to attack non-jailbroken iOS devices. Once a device infected
Limitless Keylogger Optimized with AutoIT Infected thousands of Computers

Limitless Keylogger Optimized with AutoIT Infected thousands of Computers

September 23, 2014Wang Wei
A new surge of malware has been discovered which goes on to infect hundreds of thousands of computers worldwide and allegedly steals users' social and banking site credentials. Few days back, a list of 5 million combinations of Gmail addresses and passwords were leaked online. The search engine giant, Google said that Gmail credentials didn't come from the security breaches of its system, rather the credentials had been stolen by phishing campaigns and unauthorized access to user accounts. Just now, we come across another similar incident where cyber criminals are using a malware which has already compromised thousands of Windows users worldwide in an effort to steal their Social Media account, Online account and Banking account Credentials. A Greek Security Researcher recently discovered a malware sample via a spam campaign (caught in a corporate honeypot), targeting large number of computers users rapidly. He investigated and posted a detailed technical analyses of
Malicious Google DoubleClick Advertisements Distributed Malware to Millions of Computers

Malicious Google DoubleClick Advertisements Distributed Malware to Millions of Computers

September 21, 2014Mohit Kumar
Cyber criminals have exploited the power of two online advertising networks, Google's DoubleClick and popular Zedo advertising agency , to deliver malicious advertisements to millions of internet users that could install malware on a user's computer. A recent report published by the researcher of the security vendor Malwarebytes suggests that the cyber criminals are exploiting a number of websites, including The Times of Israel, The Jerusalem Post and the Last.fm music streaming website, to serve malicious advertisements designed to spread the recently identified Zemot malware . Malvertising is not any new tactic used by cybercriminals, but Jerome Segura, a senior security researcher with Malwarebytes, wrote in a blog post that his company " rarely see attacks on a large scale like this. " "It was active but not too visible for a number of weeks until we started seeing popular sites getting flagged in our honeypots," Segura wrote. "That's
POWELIKS — A Persistent Windows Malware Without Any Installer File

POWELIKS — A Persistent Windows Malware Without Any Installer File

August 04, 2014Mohit Kumar
Malware is nothing but a malicious files which is stored on an infected computer system in order to damage the system or steal sensitive data from it or perform other malicious activities. But security researchers have uncovered a new and sophisticated piece of malware that infects systems and steals data without installing any file onto the targeted system. Researchers dubbed this  persistent malware as Poweliks , which resides in the computer registry only and is therefore not easily detectable as other typical malware that installs files on the affected system which can be scanned by antivirus or anti-malware Software. According to Paul Rascagneres , Senior Threat Researcher, Malware analyst at GData software, due to the malware's subsequent and step-after-step execution of code, the feature set was similar to a stacking principles of Matryoshka Doll approach. Paul has made a number of name ripping malware and bots to uncover and undermine cyber crimes. He won last
New Pushdo Malware Hacks 11,000 Computers in Just 24 Hours

New Pushdo Malware Hacks 11,000 Computers in Just 24 Hours

July 17, 2014Mohit Kumar
One of the oldest active malware families, Pushdo, is again making its way onto the Internet and has recently infected more than 11,000 computers in just 24 hours. Pushdo, a multipurpose Trojan, is primarily known for delivering financial malware such as ZeuS and SpyEye onto infected computers or to deliver spam campaigns through a commonly associated components called Cutwail that are frequently installed on compromised PCs. Pushdo was first seen over 7 years ago and was a very prolific virus in 2007. Now, a new variant of the malware is being updated to leverage a new domain-generation algorithm (DGA) as a fallback mechanism to its normal command-and-control (C&C) communication methods. DGAs are used to dynamically generating a list of domain names based on an algorithm and only making one live at a time, blocking on 'seen' Command & Control domain names becomes nearly impossible. With the help of a DGA, cyber criminals could have a series of advantages
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.