blog trackingRealtime Web Statistics Infection Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Infection’

Ampallang Infection – “Pet Store Prostitution Ring”

Ampallang Infection – “Pet Store Prostitution Ring” FACEBOOK.COM/AMPALLANGINFECTION REVERBNATION.COM/AMPALLANGINFECTION. Read More….

View full post on Select From Our Menu

Flashback Malware Infection Dropping By 100,000 Macs Per Week

Infection rates of the Flashback malware that was on over 650,000 Macs at the beginning of April have been in steep decline, according to the organization that discovered the malware in the first place. What’s …

View full post on National Cyber Security » Virus/Malware/Worms

Snow Leopard users most prone to Flashback infection

Of the Macs that have been infected by the Flashback malware, nearly two-thirds are running OS X 10.6, better known as Snow Leopard, a Russian antivirus company said.Snow Leopard users most prone to Flashback infection, Blog, users, most, Snow, Leopard, Infection, Flashback, prone

View full post on Computerworld Security News

View full post on National Cyber Security » Announcements

Apple Flashback Trojan infection shows weekend decline

The Flashback Trojan could be on the wane despite infecting as many as 50,000 Apple computers in the UK at its peak, an analysis of the malware’s bot traffic by Kaspersky Lab has concluded.

Kaspersky’s peak infection numbers were 670,000, it said, a verification of the roughly 600,000 figure put out by security company Dr. Web last week. This still makes the incident the largest confirmed Mac malware outbreak yet recorded.

Using traffic ‘captured’ from the botnet by reverse engineering its Command and Control infrastructure, Kaspersky now estimates that roughly 300,000 of the infections were in the US, 94,000 in Canada, 47,000 in the UK, and almost 42,000 in Australia.

A clutch of countries in the EU, plus Mexico and Japan showed levels under 10,000 that probably reflect the website hosts used to spread it.

Exactly what is happening to the botnet now that it is famous is not clear. Kaspersky said it had seen an encouraging decline in the number of active bots to 237,000 over the Easter weekend, but this could reflect only those machines that were trying to connect to the CC servers during the measured time period.

Falling or not, the outbreak has alarmed Apple sufficiently for a company infamous for its tardy security response to issue a Java update for OS X v10.7 and Mac OS X v10.6, recommending that those running earlier versions simply disable the software altogether through the browser.

The company has also said it is planning to issue a tool to detect and remove Flashback (or ‘Flashfake’ as Kaspersky calls it).

Not everyone is impressed with Apple’s response and that criticism is likely to grow if Flashback turns out to be merely chapter one of a new age of (relative) Mac insecurity.

“Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time. The problem is exacerbated because up to now Apple has enjoyed a mythical reputation for being ‘malware free’,” said Kaspersky Lab’s chief security expert, Alexander Gostev.

“Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security.”

Worried Apple users should by updating their Java software, after which they can check for infection at Kaspersky’s site.  The company has offered its own Flashback removal tool.

As long predicted by experts working at security companies sometimes criticised for spreading FUD, Apple’s first major malware problem has come through a weakness routinely used to target Windows users, namely Java. Patching the vulnerability won’t make future attack less likely – as in the PC world new Java flaws keep appearing, demanding continuous vigilance.

Flashback, which can appear as the offer of a fake Flash update, has been around for more than six months although recent versions work using drive-by downloads requiring no user interaction.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1e4a03a3/l/0Lnews0Btechworld0N0Csecurity0C3350A3620Capple0Eflashback0Etrojan0Einfection0Eshows0Eweekend0Edecline0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Economic Development Administration Offline for Months Following Malware Infection (April 9, 2012)

When the computer systems at the US Commerce Department’s Economic Development Administration became infected with malware months ago, the bureau unplugged the system from the Internet…….

View full post on SANS NewsBites

View full post on National Cyber Security

How to reinstall OS X after malware infection

The recent Flashback malware for OS X has caused a bit of a stir in the
Mac community, and while it has only affected a fraction of the OS X install base, it still has had people who have indeed found the malware on their systems writing in to CNET and on the Apple Discussion boards.

For the most part, people have been finding the malware on their systems by having an antivirus scanner or reverse firewall such as Little Snitch installed, and have either been given an alert that the malware was either found or a program file with a short name beginning with a period attempting to contact remote servers via bizarre-sounding domain names such as cuojshtbohnt.com, and gangstaparadise.rr.nu.

These clear attempts have spurred investigation into the malware and have shown that this activity is the first part of the malware attack, where the malware has broken the Java sandbox and the program is trying to download the payload that will subsequently piggyback on local applications by altering launch environment variables either within the program or in the user’s account.

So far the malware has been fairly well described, and is not viral in nature, so for any particular variant it installs to a single location and runs from there to affect the system. As a result, when a variant has been characterized, you should be able to remove it from your system by following detailed instructions. However, malware can change rapidly (as Flashback has demonstrated) and because new variants may appear that will change the attempted modes of attack, there may be those who cannot determine which variant they may have encountered and doubt their abilities to manually clear the malware from their systems.

In these situations, there are two approaches you can take. The first is to get a reputable malware scanner such as VirusBarrier, Sophos, or ClamXav, install and update it, and then have it scan the system for known variants of the malware. By doing this you can at least quarantine any malware files found.

This is a recommended approach; however, it does rely on malware definitions having been defined for the malware, which may lag behind initial findings of malware.

The second approach is to forgo attempting to manage the malware and perform an OS reinstallation. While this will ensure that you start from a clean slate, it will be a bit of a burden for some people to do, especially since you may not be able to trust Time Machine backups or system clones to be free from the malware and therefore may not be able to simply restore your system from a backup.

If you can remember an exact instance of when your system was affected by the malware, such as when you installed a recent update to Flash that might have been the malware, or when you first saw any other warning signs pertaining to the malware, then you might be able to reinstall using backup from before the problem occurred; however, in many cases you might not be able to reliably identify such instances.

If you have decided that it would be best for you to play it safe and wipe your system and start over, by following this procedure you should be able to do so while preserving your data.

  1. Sync and back up
    First ensure that your system is properly synced to your Cloud-based services (iCloud, Google, Yahoo, etc.) to ensure items like contacts and calendars are saved. You can also go to Address Book, iCal, and other programs that you regularly use, and export the calendars, contacts, and other data to save to a flash drive or other separate storage medium. Such actions will ensure you will be abel to restore some of these items without relying on sync services to manage them for you.

    In addition to syncing, be sure your system is backed up. Use Time Machine or a cloning tool to back up your files, or at the very least manually copy all the folders from your home directory to an external hard drive, and do this for every active account on the system by logging into each and performing these actions.

    When you are done backing up, unmount and detach the external hard drive you used for the backup.

  2. Format the drive
    Reboot the system to the OS X installation DVD for OS X 10.6 or earlier (hold the C key at startup with the DVD in the optical drive), or reboot with the Command-R keys held for OS X 10.7. When the OS X installer loads, select your language and then open Disk Utility (available in the Utilities menu if it’s not presented in a Tools window).

    In Disk Utility, select your boot volume and then use the Erase tab to format it to “Mac OS X Extended (journaled).” This process should be fairly quick, and when done should leave you with a blank hard disk.

  3. Reinstall OS X
    Quit Disk Utility and then open the OS X installer. Do not choose any option to restore from backup. Follow the onscreen instructions to select your newly formatted hard drive and reinstall OS X, and then wait for the installation to complete.
  4. Create a new account
    When OS X is freshly installed it will ask you whether you would like to migrate data from a backup or from another computer. Avoid doing this, and instead create a fresh user account for yourself (you can use the same account name and other information).
  5. Update the system
    When you first log into your account, go to Software Update (in the Apple menu) and update the system to the very latest version. Run Software Update several times until no more updates are available.
  6. Deactivate Java
    The latest Flashback malware threats target systems with Java vulnerabilities. While Apple stopped shipping Java with OS X Lion, prior versions of OS X do have it installed by default. Often Java is not needed for running applications in OS X, so unless you have specific need for it, then turn it off. Even if you suspect you might need Java, you might consider starting with it disabled and then only activating it based on demand.

    There are two general ways to manage Java in OS X. The first is through application-specific settings such as the preferences for
    Safari,
    Firefox, and other Web browsers, where you can locate settings to disable the Java plug-in and Java management (do not disable JavaScript). These settings will ensure speific programs do not use Java, and for the most part will be enough to prevent Java from being taken advantage of on the system; however, if you reset Safari or install a new Web browser then you may inadvertently use Java.

    To prevent inadvertent uses of Java by programs, you can open the Java Preferences utility in the /Applications/Utilities/ folder and uncheck the listed Java runtimes to disable them systemwide. If upon opening the Java preferences you get a warning about needing to install Java, then your system does not have it installed and you do not need to do anything else.

    If you do need Java installed and active on your system, then be sure to apply the latest Java software update, and consider disabling it in Web browsers.

  7. Restore your data from backup
    The next step is to copy your data back to your system from your backups. Do not use Apple’s Migration Assistant tool to do this since it will restore folders and applications that may have been altered by the malware, so instead copy the files from your Documents, Movies, Music, and other home directory folders to their respective locations within your user account.

    The current Flashback malware has affected contents of the user library, particularly the Launch Agents folder, and while you can restore the contents of the folder to your new user Library to preserve some settings and configurations, for the sake of the extra care being taken in this approach, it is best to leave that folder alone and only restore individual items out of it only as needed.

    At this point you can set up iCloud or other sync services in the system preferences, and then launch Address Book, Mail, iCal, and other programs you use to configure those programs and the accounts you use with them. If your contacts and calendars are missing, then you can re-import them from the manual backups you previously created.

    Perform steps 6 and 7 for any additional user accounts on the system by first creating the account, deactivating Java, and then restoring the account data from the backup.

  8. Reinstall applications
    The next step after restoring your accounts is to reinstall the applications you use. While your previous set of applications were backed up before you started this procedure, avoid restoring them or opening them because in one mode of infection the Flashback malware does directly alter some of these programs. Instead, use the backup as a reference for which applications you previously had and reinstall them from their installation discs, the Mac App Store, or other means by which you originally obtained them.

    When you have installed your applications, be sure to fully update them and then open and configure them according to your preferences.

    At this point your system should be back up to a usable state, and you should be able to continue your workflow as it was before reinstalling. If you find you are missing some required fonts, sounds, or other files that your applications need, then you can access them from the global /Library folder from the backup or in the /Library folder from your user account.

The final step in this process is to protect yourself from further infection. While disabling Java as mentioned above is one step, you can take additional ones to help secure your system. Install a reverse firewall such as Little Snitch to help detect and block programs from phoning home to remote servers, and consider installing an antivirus utility.

While you do not have to configure the antivirus tool to diligently scan all files on demand, you can set it up to scan common downloads folders only (such as the Desktop or the Downloads folder within your user account) and then once a week or perhaps once a month have it scan the whole system. For now, despite the latest malware news, this should be enough to ward off malware and provide you with ample protection.


Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

Article source: http://reviews.cnet.com/8301-13727_7-57410604-263/how-to-reinstall-os-x-after-malware-infection/?part=rss&subj=news&tag=title

View full post on National Cyber Security » Virus/Malware/Worms

Flashback Malware for Mac Changes Infection Tactic

A new variant of the password-stealing Flashback malware aimed at Apple computers has emerged, which tries to install itself after a user visits an infected website, according to new research.

Flashback, discovered by security vendor Intego last September, is engineered to steal passwords for websites, including financial sites. Since its emergence, several variants have appeared showing its authors’ innovation.

The first version of Flashback tried to trick users into installing it by masquerading as Adobe’s Flash Player. Later versions checked to see if the Apple computer in question had an unpatched version of Java with two software vulnerabilities.

If the computer was running unpatched Java, Flashback automatically installed itself. If the Java attack didn’t work, Flashback then presented itself as an Apple update with a self-signed security certificate.

The latest “Flashback.N” version spotted by Intego tries to infect the computer after a person has visited an infected Web page. The tactic is often referred to as a drive-by download. Much of the drive-by download malware for Windows can infect a computer without any action by the user merely by visiting the tampered website.

Users get a bit more warning with Flashback.N. Upon hitting the infected website, Flashback.N shows a “Software Update” dialog box similar to the legitimate Apple one and asks for a user’s password.

On its blog, Intego described the installation procedure as “somewhat odd,” as the website, that has been rigged to deliver the malware, displays Apple’s multicolored spinning gear for a while before the dialog box appears. Flashback then injects itself into the Safari browser and starts sniffing data traffic for passwords.

Earlier this week, Intego found that Flashback was using Twitter as a command-and-control mechanism. Other botnets have also used Twitter to post commands or directions to new commands.

Flashback queries Twitter for 12-character hashtag composed of seemingly random characters, according to an Intego blog post. The strings are actually generated using 128-bit RC4 encryption and are composed of four characters for the day, four for the month and four for the year.

Send news tips and comments to jeremy_kirk@idg.com

Article source: http://www.pcworld.com/businesscenter/article/251493/flashback_malware_for_mac_changes_infection_tactic.html

View full post on National Cyber Security » Virus/Malware/Worms

Flashback Malware for Mac Changes Infection Tactic

A new variant of the password-stealing Flashback malware aimed at Apple computers has emerged, which tries to install itself after a user visits an infected website, according to new research.

Flashback, discovered by security vendor Intego last September, is engineered to steal passwords for websites, including financial sites. Since its emergence, several variants have appeared showing its authors’ innovation.

The first version of Flashback tried to trick users into installing it by masquerading as Adobe’s Flash Player. Later versions checked to see if the Apple computer in question had an unpatched version of Java with two software vulnerabilities.

If the computer was running unpatched Java, Flashback automatically installed itself. If the Java attack didn’t work, Flashback then presented itself as an Apple update with a self-signed security certificate.

The latest “Flashback.N” version spotted by Intego tries to infect the computer after a person has visited an infected Web page. The tactic is often referred to as a drive-by download. Much of the drive-by download malware for Windows can infect a computer without any action by the user merely by visiting the tampered website.

Users get a bit more warning with Flashback.N. Upon hitting the infected website, Flashback.N shows a “Software Update” dialog box similar to the legitimate Apple one and asks for a user’s password.

On its blog, Intego described the installation procedure as “somewhat odd,” as the website, that has been rigged to deliver the malware, displays Apple’s multicolored spinning gear for a while before the dialog box appears. Flashback then injects itself into the Safari browser and starts sniffing data traffic for passwords.

Earlier this week, Intego found that Flashback was using Twitter as a command-and-control mechanism. Other botnets have also used Twitter to post commands or directions to new commands.

Flashback queries Twitter for 12-character hashtag composed of seemingly random characters, according to an Intego blog post. The strings are actually generated using 128-bit RC4 encryption and are composed of four characters for the day, four for the month and four for the year.

Send news tips and comments to jeremy_kirk@idg.com

Article source: http://www.pcworld.com/businesscenter/article/251493/flashback_malware_for_mac_changes_infection_tactic.html

View full post on National Cyber Security » Virus/Malware/Worms

Flashback Malware for Mac Changes Infection Tactic

A new variant of the password-stealing Flashback malware aimed at Apple computers has emerged, which tries to install itself after a user visits an infected website, according to new research.

Flashback, discovered by security vendor Intego last September, is engineered to steal passwords for websites, including financial sites. Since its emergence, several variants have appeared showing its authors’ innovation.

The first version of Flashback tried to trick users into installing it by masquerading as Adobe’s Flash Player. Later versions checked to see if the Apple computer in question had an unpatched version of Java with two software vulnerabilities.

If the computer was running unpatched Java, Flashback automatically installed itself. If the Java attack didn’t work, Flashback then presented itself as an Apple update with a self-signed security certificate.

The latest “Flashback.N” version spotted by Intego tries to infect the computer after a person has visited an infected Web page. The tactic is often referred to as a drive-by download. Much of the drive-by download malware for Windows can infect a computer without any action by the user merely by visiting the tampered website.

Users get a bit more warning with Flashback.N. Upon hitting the infected website, Flashback.N shows a “Software Update” dialog box similar to the legitimate Apple one and asks for a user’s password.

On its blog, Intego described the installation procedure as “somewhat odd,” as the website, that has been rigged to deliver the malware, displays Apple’s multicolored spinning gear for a while before the dialog box appears. Flashback then injects itself into the Safari browser and starts sniffing data traffic for passwords.

Earlier this week, Intego found that Flashback was using Twitter as a command-and-control mechanism. Other botnets have also used Twitter to post commands or directions to new commands.

Flashback queries Twitter for 12-character hashtag composed of seemingly random characters, according to an Intego blog post. The strings are actually generated using 128-bit RC4 encryption and are composed of four characters for the day, four for the month and four for the year.

Send news tips and comments to jeremy_kirk@idg.com

Article source: http://www.pcworld.com/businesscenter/article/251493/flashback_malware_for_mac_changes_infection_tactic.html

View full post on National Cyber Security » Virus/Malware/Worms

Georgia Medical Center Turns Away Patients Because of Malware Infection (December 9 & 10, 2011)

Last week, a hospital in Georgia had to ask ambulances to take patients to other area hospitals after its computer system became infected with malware that slowed down patient registration and other functions…….

View full post on SANS NewsBites

View full post on National Cyber Security

Page 1 of 212»

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!