Posts Tagged ‘worm’

Infection from the “VideoPlay” adware has been on the rise, just one indication that social media is being targeted for malware attacks. This particular adware, which is spread through malicious posts and comments on sites like Digg and YouTube, went up 400% from January to February.

What is adware? “Any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used.” – Wikipedia

The VideoPlay adware is a worm that aims to steal login information as well as any other information stored in a user’s browser – such as passwords. The worm can then use stolen access, such as that for social networking sites, to leave more malicious comments.

On Digg.com, the VideoPlay adware was left in comments. The comment would contain a link to a celebrity video, many of which prey upon videos already popular, or a pornographic video. However, the link would prompt users to download a codec to view the video file – this would contain the adware. The comments are being left via an automated script with more than 500,000 malicious comments tracked, according to SC Magazine.

The YouTube hosting of the VideoPlay adware is occurring through the Annotations feature to point to a URL left in the video information box. The malware is not as prevalent on YouTube yet, but it’s only time before more attacks of this sort begin to spread through social media sites.

The increase in the infection rate of the worm indicates that the adware strategy is working. Be wary when clicking links and don’t fall for strategies that require you to install new ’software’ to view any videos.

The Conficker worm continues to cause mass anxiety. Microsoft is offering a $250k reward for information about the cybercriminal and the industry is banding together to try to stop the spread of the worm that has infected 2-10 million PCs.

So far, the infected computers haven’t been used for malicious activity, but analysts think it’s only time before that happens. This could be the first stage to a larger attack – a single algorithm can tell Conficker-infected systems to contact domain names and be used to download malicious software.

“This worm would be a marvelous tool in hands of whoever can control it, but the real harm from it has yet to be felt, and we’re trying to postpone that day.” – Paul Vixie, founder of Internet Systems Consortium

Security researchers are working to register as many of the domains as possible that are being sought by Conficker in an attempt to prevent them from hosting malicious software. For those registered by others, the registrant information is being investigated for any ties to the cybercriminals behind this worm. In order to handle the scale of this attack, and future attacks, the industry has had to band together to co-ordinate efforts with governments around the world. For example, for the first time ever, domain name registrars have agreed to shelve Conficker domains, preventing them from being purchased.

There’s also a new Conficker B++ variant which may be a response to blocked ability to register many Conficker domains. We suggest doing what you can to update your systems (see the latest Microsoft Security Advisory) to prevent your PC from being at risk.

And while on the topic of malware, Roger Grimes writes that the only malware cure is to start from scratch.
You may also want to read Bruce Schneier’s analysis of Conficker and how it’s spreading.

Image; wax115 @ morguefile

According to (via Computerworld) F-Secure, more than 3.5 million PCs were infected with a new worm that exploits a months-old Windows bug in a matter of days. The “Downadup” or “Conficker” worm gives over full control of the infected machines enabling opportunities for a large botnet, for example. Right now the worm tries to scam users into buying fake security software (ironic, right?) with pop-up messages.

The Windows bug, which can be fixed by this security update, exploits a bug in the Windows Server service used on Windows 2000, XP, Vista, Server 2003 and Server 2008. The number of estimated computers infected, as of January 14th, was 3,521,230. That was up more than 1.1 million in just the 24 hours previous.

Windows recommends installing the update and running the software removal tool. The fact that so many computers were infected with this worm though the patch was available since October shows just how few people keep their software updated. This is a basic tenet of security for both individuals and companies.

So, is your software up to date? Why not run a check?
If you’re a Computrace customer, run a report to make sure that your machines have the most up-to-date patches.

And getting a lot of buzz – that Paris Hilton’s nearly defunct website was hacked to host malware, probably for quite some time.

Image; wax115 @ morguefile