The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: virus protection

17-Year-Old Hanged Himself After Receiving Police Ransomware Threat Email

17-Year-Old Hanged Himself After Receiving Police Ransomware Threat Email
January 23, 2015Mohit Kumar
Ransomware  malware threat has forced somebody for the terrible suicide and once again has marked its history by somebody's blood. Sad, but it's True! Joseph Edwards , a 17-year-old schoolboy from Windsor, Berkshire, hanged himself after receiving a bogus email appeared to be from police claiming that he'd been spotted browsing illegal websites and that a fine of 100 pound needed to be paid in order to stop the police from pursuing him. The scam email pushed the well-known Police Ransomware onto the boy's laptop and also downloaded malware that locked up his system once it was opened. Edwards was an A-level student with Autism, a developmental disability, that likely made him more susceptible to believing the Internet scam mail, supposedly sent from from Cheshire police, was genuine, a coroner heard on Thursday. Edwards was so upset and depressed by the accusation and the extortionate demand that he hanged himself hours after falling victim to the crucial threat. He was foun

Koler Android Ransomware Learns to Spread via SMS

Koler Android Ransomware Learns to Spread via SMS
October 25, 2014Mohit Kumar
Users of Android operating system are warned of a new variant of Android malware Koler that spreads itself via text message and holds the victim's infected mobile phone hostage until a ransom is paid. Researchers observed the Koler Android ransomware Trojan , at the very first time, in May when the Trojan was distributed through certain pornographic websites under the guise of legitimate apps. It locks the victim's mobile screen and then demands money from users with fake notifications from law enforcement agencies accusing users of viewing and storing child pornography. ANDROID SMS WORM Recently, researchers from mobile security firm AdaptiveMobile has discovered a new variant of the rare piece of mobile malware – named Worm.Koler – that allows the malware to spread via text message spam and attempts to trick users into opening a shortened bit.ly URL, turning Koler into an SMS worm. Once the device is infected by the Koler variant, it will first send an SMS mess

Researchers caught espionage malware mastermind on webcam

Researchers caught espionage malware mastermind on webcam
October 30, 2012Mohit Kumar
In march 2011 CERT-Georgia has Discovered Cyber Espionage Attack Incident on country of Georgia.  Advanced Malicious Software was Collecting Sensitive, Confidential Information about Georgian and American Security Documents and then uploading it to some of Command and Control Servers. After a challenging investigating by CERT-Georgia researchers they found that this attack was linked Russian Official Security Agencies, Moreover investigators was able to turn on the webcam of mastermind behind the malware and they caught him on camera. Hacker hack some Georgian news sites and inject " Georbot Botnet " behind that, after visiting that page most of the readers get infected and malware take control of their systems. Malware was able to send any file from the local hard drive to the remote server, Steal certificates, Record audio using the microphone and web cams,  Scan the local network to identify other hosts on the same network. Malware was also using  CVE-2010-0842, CVE-20

Malware in your Mouse can act as RAT for Cyber Criminals

Malware in your Mouse can act as RAT for Cyber Criminals
October 30, 2012Mohit Kumar
Recently we reported about that  Symantec provide overview and analysis of the year in global threat activity via its Internet Security Threat Report (ISTR) , with a exclusive details that 400 million new variants of malware were created in 2011, which is an average of 33 million new variants of malware a month, or an average of one million new variants a day. In order to develop malware that evades detection by the security companies malware writers come up with some clever, yet quite simple techniques. If malware stops itself when it detects that it is running in a virtual environment, it may trick an automated threat analysis system into thinking that it is a clean program. So malware may not only fool automated threat analysis systems, but also a corporate system administrator who is searching for computers compromised by malware. Malware authors have recently attempted to use other approaches to fool automated threat analysis systems as well. Latest example of such Trojan is t

Ransomware malware targeting Skype users

Ransomware malware targeting Skype users
October 08, 2012Mohit Kumar
Security firm Trend Micro discovered a new worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. A malicious worm is taking advantage of the Skype API to spam out messages that link to a ZIP files ie. skype_06102012_image.zip or skype_08102012_image.zip, which is actually detected as Troj/Agent-YCW or Troj/Agent-YDC by Antivirus. According to definition -  Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website. The message contains the question: "lol is this your new profile pic? h__p://goo.gl/{BLOCKED}5q1sx?img=username" or "moin, kaum zu glauben was für schöne fotos von dir auf deinem

Universal Man in the Browser Attacks

Universal Man in the Browser Attacks
October 03, 2012Mohit Kumar
Researchers have discovered a new type of Man-in-the-Browser (MItB) attack that is Website independent, and does not target specific Websites, but instead collects data submitted to all sites. Trusteer have discovered a new Man in the Browser (MitB) scam that can collects data submitted to all websites without the need for post-processing. According to Trusteer's CTO Amit Klein: " In comparison, uMitB does not target a specific web site. Instead, it collects data entered in the browser at all websites and uses "generic" real time logic on the form submissions to perform the equivalent of post-processing. This attack can target victims of new infections as well as machines that were previously infected by updating the existing malware with a new configuration. The data stolen by uMitB malware is stored in a portal where it is organized and sold ." In a YouTube video, the company demonstrated how the attack could happen. The video showed how a user could enter personal a

300% Increase in malnets Attack in the past six months

300% Increase in malnets Attack in the past six months
October 03, 2012Mohit Kumar
Blue Coat systems has undertaken detailed research into the use of 'malnets' by criminals to help support their various attacks in order to uncover the best ways to take down these systems. Botnet infections are commonly spread though compromised websites seeded with malicious scripts and promoted via black hat SEO tactics such as link farms. These malware networks, or malnets, pose a growing threat, The company said the number of malnets now stands at more than 1,500, an increase of 300% in the past six months, and it expects they will be, "responsible for two-thirds of all malicious cyberattacks in 2012." According to Blue Coat, the largest known malnet is Shnakule, which has used up to 5,005 malicious hosts or servers at any given time, depending on the capabilities needed at any given moment by its operators. Blue Coat believes that Shnakule is controlled by a single gang, and it's been used to serve up just about every type of known attack, including &quo

Millions of DSL modems hacked in Brazil, spread banking malware

Millions of DSL modems hacked in Brazil, spread banking malware
October 02, 2012Mohit Kumar
More than 4.5 million DSL modems have been compromised as part of a sustained hacking campaign in Brazil, with the devices spreading malware and malicious web address redirects. According to the malware analyst at Kaspersky Lab in Brazil, Fabio Assolini. The vulnerability exploited by attackers allowed the use of a script to steal passwords and remotely access the configuration of modems. The attacks was described as " One firmware vulnerability, two malicious scripts, three hardware manufacturers, 35 malicious DNS servers, thousands of compromised ADSL modems, millions of victims. " According to Kaspersky, the Brazilian attackers sought to steal users' banking credentials by redirecting users to false versions of popular sites like Facebook or Google and prompting them to install malware. Some 40 DNS servers were set up outside Brazil too in order to serve forged requests for domain names belonging to Brazilian banks. Nakedsecurity writes,-- The first thing users ma

ARMY : USB Drive responsible for over 70 percent of Cyber Security Breaches

ARMY : USB Drive responsible for over 70 percent of Cyber Security Breaches
September 30, 2012Mohit Kumar
A ban on the use of pen drives has not been able to safeguard cyber security as it has now been labeled as a major threat in defence forces, the Army officials said. The use of pen drives as an easy-to-carry storage device has increased in the recent past and internal reports have confirmed that over 70 percent cyber security breaches in the armed forces are due to their unauthorised use " These pen drives, which are mostly manufactured in China, have emerged as a big threat to our cyber security systems ," they said. Generally it is found that officials use pen drive to store official data for use at their personal computers but from there, it is transmitted from their IP addresses to hackers from the 'malware' present in the pen drives. About a couple of years ago, a Major posted in Andaman and Nicobar Islands was apprehended as it was found that sensitive data was being transferred from his computer.  However, it later emerged that his system had been hacked and

Android Malware can now steal 3D Model Of Your Location

Android Malware can now steal 3D Model Of Your Location
September 30, 2012Mohit Kumar
It's a fact that as smartphones get more capable, the possibilities for their misuse also increase. They're already exploited by crooks to swipe personal information, but a new Android app created by the U.S. Navy is on another level entirely. It's a scary piece of malware called " PlaceRaider " that was developed by the US Naval Surface Warfare center and for now it is being viewed as just a proof of concept. According to the MIT Technology Review, researchers at Indiana University and the Naval Surface Warfare Center have developed a new form of malware designed to record and reconstruct a victim's environment. They has just worked out how to infect a mobile phone with a Trojan that can take photos without you knowing anything about it and send sensor data back to a server. The data are used to construct a 3D model which can be used not only to perform the reconnaissance necessary to break in, but also to steal confidential information such as bank details. O

New Android Exploit Could Force Factory Reset remotely

New Android Exploit Could Force Factory Reset remotely
September 25, 2012Mohit Kumar
Clicking one wrong link can cause malicious code to execute, which could do anything from infecting your computer with malware to, apparently, wiping your phone data completely. At the Ekoparty security conference, researcher Ravi Borganokar demonstrated at the Ekoparty security conference in Argentina last week, that how a single line of HTML code could be used to run a factory reset or even clear the SIM card on certain Samsung phones. Malicious hackers can hide a code in a web page that will trigger a full factory reset of Samsung's best-selling Galaxy S3 smartphone, deleting contacts, photographs, music, apps and other valuable data. The devastating flaw lies in Samsung's dialling software, triggered by the tel protocol in a URL. It isn't applicable to all the company's Android handsets, but those that are vulnerable can have their PIN changed or be wiped completely just by visiting a web page or snapping a bad QR code, or even bonking up against the wrong wireless N

The FixMeStick : My Parents Need This

The FixMeStick : My Parents Need This
September 20, 2012Mohit Kumar
The founders over at FixMeStick sent us a pair of their latest devices to check out. The FixMeStick is, in short, a malware removal device for dummies . The FixMeStick is a bootable USB device running Lubuntu and integrates three separate anti-virus scanners from Kaspersky Labs, Sophos, and GFI. While our readers will probably never need it for themselves, we may all wish we had something like this for our non-technical friends and family, or the 9 million PCs infected with ZeroAccess botnet . The FixMeStick does a lot of things that nobody else does on a bootable USB, and let's be real, removing rootkits is never pleasant or easy. Why I Want it For My Parents Linux: the FixMeStick is a Linux-based device that runs before Windows boots enabling it to remove infections without the infection getting stealthy or playing war with my parent's anti-virus software. N-Scanner architecture: contains an integrated multi-scanner composed of three engines: Kaspersky Labs, Sophos, and GFI's VI

Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969
September 19, 2012Mohit Kumar
Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer browser is being actively attacked in the wild. Four active exploits of a zero-day vulnerability in the browser exists. Microsoft will push out an out-of-cycle Windows patch to temporarily fix the critical Internet Explorer flaw. Security researcher Eric Romang identified the exploit code on a server used by the "Nitro" hacking group, believed to have exploited the Java zero-day vulnerability reported last month.  Security firm Rapid7 advises that Internet users try a different Web browser. The malware may be linked to an ongoing attack on companies that has been dubbed "Nitro", and was first discovered in October by Symantec. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability , similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT)

Android 4.0.4 multiple Zero-Day Vulnerabilities

Android 4.0.4 multiple Zero-Day Vulnerabilities
September 19, 2012Mohit Kumar
The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to download all data from the Android smartphone, security researchers demonstrated during the Mobile Pwn2Own contest in Amsterdam. Using a pair of zero day vulnerabilities, a team of security researchers from U.K.-based MWR Labs hacked into a Samsung Galaxy S3 phone running Android 4.0.4 by beaming an exploit via NFC (Near Field Communications). NFC is a technology that allows data to be sent over very short distances. For mobile devices, the protocol allows digital wallet applications to transfer money to pay at the register. While the technology has been slow to take off, despite the adoption by Google for its Wallet payment application, a number of recent high-profile announcements have boosted its adoption. " Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability

BlackHole Exploit Kit 2.0 released with more latest Exploits

BlackHole Exploit Kit 2.0 released with more latest Exploits
September 14, 2012Mohit Kumar
According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security holes in order to install malicious software on victim's systems. The new variant doesn't rely on plugindetect to determine the Java version that's installed, thus speeding up the malware download process. Old exploits that were causing browsers to crash and "scary visual effects" have been removed. The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server. Some interesting claims by developer about new version: prevent direct download of executable payloads only load exploit contents when client is considered vulnerable drop use of PluginDetect library (performance jus

WhatsApp vulnerability can be misused for Spreading Malware

WhatsApp vulnerability can be misused for Spreading Malware
September 13, 2012Mohit Kumar
A Cross site scripting (XSS) vulnerability in WhatsApp website reported to The Hacker News by Edgard Chammas. WhatsApp is one of the most famous cross-platform mobile messaging app for iPhone, BlackBerry, Android, Windows Phone and Nokia used to send text, video, images, audio b/w Whatsapp users. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users. Reported vulnerability exist on payment procedure page as shown in above picture. The Sample code given below to demonstrate the vulnerability. Recently, there has been an increase in web malware and spam activities and such vulnerabilities can be misused by attackers to spread Malwares and rogue applications. Edgard also demonstrate that How this can be used to trick users to download a fake application (Malware - WhatsApp.apk) from o

Plugx RAT targeting government organizations in Japan using spear phishing

Plugx RAT targeting government organizations in Japan using spear phishing
September 11, 2012Mohit Kumar
Roland Dela Paz (Threat Researcher) at TrendMirco reported that last year a Malware Campaign to target specific users in Japan, China, and Taiwan once again on rise using new breed of Remote Access Tool (RAT) called Plugx (also known as Korplug). This new custom made version comes for less recognition and more elusiveness from security researchers. He also mention that last year campaign used the Poison Ivy RAT, but now its Plugx take its place. " Similar to previous Poison Ivy campaigns, it also arrives as an attachment to spear-phished emails either as an archived, bundled file or specially crafted document that exploits a vulnerability in Adobe Acrobat Reader or Microsoft Office. We've also encountered an instance of Plugx aimed at a South Korean Internet company and a U.S. engineering firm ." Roland mentioned . The attached pdf exploits CVE-2010-2883 (with  Plugx  (RAT) payload connects to a command and control (C&C) server named {BLOCKED}eo.flower-show.org. CVE-2

Gauss Malware Detection Tool released by Iranian CERT

Gauss Malware Detection Tool released by Iranian CERT
September 08, 2012Mohit Kumar
Iranian National Computer Emergency Response Team releases a tool for Gauss malware detection . Cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm. Gauss primarily infects 32-bit versions of Windows, though a separate spy module for USB drives can collect information from 64-bit systems. Infections are mainly split between Windows 7 and Windows XP, although some of the Gauss modules don't work against Windows 7 Service Pack 1. Mac and Linux machines appear to be safe. Multiple modules of Gauss serve the purpose of collecting information from browsers, which include the history of visited websites and passwords. Detailed data on the infected machine is also sent to the attackers, including specifics of network interfaces, the computer's drives and BIOS information. The Gauss module is also capable of stealing data from the clients of several Leb

First Irish language Ransomware Malware demanding €100 for unlock

First Irish language Ransomware Malware demanding €100 for unlock
September 08, 2012Mohit Kumar
A new Ransomware Malware dubbed Gaeilge  locks up an infected computer and attempts to extort €100 from the user for an unlock code. The demand for cash reportedly appeared in poorly written Gaelic, and the software nastie was spotted on a computer in County Donegal, Ireland. Gaeilge tell computer users that attempts to access online pornography sent it into shut-down mode. But instead of giving in to the monetary request, the victim took the compromised machine to the repair store, The Register said . Ransomware  (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Technician Brian McGarvey of Techie2u computer repairs told that it was the first time he'd come across a virus written in the Irish language during his 12 years of experience in the job. " It'

Operation Aurora - Other Zero-Day Attacks targeting finance and Energy

Operation Aurora - Other Zero-Day Attacks targeting finance and Energy
September 08, 2012Mohit Kumar
The infamous Aurora Trojan horse is just one of many attacks launched by the same group of malware authors over the past three years, according to researchers at Symantec. Security researchers with Symantec have issued a report outlining the techniques used by the so-called " Edgewood " hacking platform and the group behind it. The group seemingly has an unlimited supply of zero-day vulnerabilities. The company said that the group is well-funded and armed with more than a half-dozen unpublished security vulnerabilities. " They are definitely shifting their methodology, and there are open questions about why that is ," said Eric Chien, senior technical director for Symantec's security response group. " They may be finding that older techniques are no longer working ." " The number of zero-day exploits used indicates access to a high level of technical capability. "The researchers said that the group appears to favour "watering hole&quo
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.