blog trackingRealtime Web Statistics Infections Archives | Gregory D. Evans | Worlds No. 1 Security Consultant | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘infections’

PoS malware infections soar ahead of holiday season

PoS malware infections soar ahead of holiday season

Going into the holiday season, hackers are ramping up their efforts to attack retailers and other businesses with point-of-sale malware. BackOff, which is one of the most effective strands of PoS malware and is undetectable by most anti-virus software, saw […]

For more information go to, http://www., or

View full post on National Cyber Security

CDC narrowing down germs responsible for meningitis infections

Mark Rockwell Top Priority Sector:  disaster_preparedness_emergency_response Image Caption:  CDC Researchers at the Center for Disease Control and Prevention are narrowing the number of infectious culprits that could be responsible for a growing number of deaths in a meningitis outbreak tied to tainted steroidal pain injections. Homepage position:  10 read more View full post on Government […]

View full post on The Cyber Wars

Experts say West Nile infections set for record this year in U.S.

Mark Rockwell Top Priority Sector:  cbrne_detection The U.S. is on track to experience the worst year for West Nile virus infections in over a dozen years, with more intense and widespread infections occurring in southern states, said federal disease experts on Aug. 22. The only states not reporting cases of the sometimes deadly mosquito-borne virus […]

View full post on The Cyber Wars

Oxford University hit hard by Mac Flashback infections

In a small window into the chaos wrought by the Mac Flashback Trojan, the University of Oxford Computing Services team has described it as the worst malware outbreak it has had to contend with since …

View full post on National Cyber Security » Computer Hacking

New report says Flashback malware infections remain elevated

Update: 2:05 PM P.T. New concerns emerged Friday about the spread of a malware epidemic that targets users of Apple’s
Mac OS X.

Last week, Symantec said the number of infections had dropped to 140,000. Another security researcher, Kaspersky Labs, also reported a sharp decline in the number of infected computers.

But a Russian security company named Dr. Web, which was the first to spot the fast-spreading malware infection targeting Mac users, suggests that the estimated declines are incorrect. According to Dr. Web:

817,879 bots connected to the BackDoor.Flashback.39 botnet at one time or another and an average of 550,000 infected machines interact with a control server on a 24-hour basis. On April 16, 717,004 unique IP-addresses and 595,816 Mac UUIDs were registered on the BackDoor.Flashback.39 botnet while on April 17 the figures were 714,483 unique IPs and 582,405 UUIDs. At the same time, infected computers that have not been registered on the BackDoor.Flashback.39 network before join the botnet every day. The chart below shows how the number of bots on the BackDoor.Flashback.39 botnet has been changing from April 3 to April 19, 2012.

Flashback is a form of malware designed to grab passwords and other information from users through their Web browser and other applications. A user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. At that point, the software installs code designed to gather personal information and send it back to remote servers. In its most recent incarnations, the software can install itself without user interaction.

Dr. Web reported that as of April 19, 566,000 Macs were infected. If so, we’re back to Defcon 1.

BackDoor.Flashback.39 uses a sophisticated routine to generate control server names: a larger part of the domain name is generated using parameters embedded in the malware resources, others are created using the current date. The Trojan sends consecutive queries to servers according to its predefined priorities. The main domains for BackDoor.Flashback.39 command servers were registered by Doctor Web at the beginning of April, and bots first send requests to corresponding servers. On April 16th additional domains whose names are generated using the current date were registered. Since these domain names are used by all BackDoor.Flashback.39 variants, registration of additional control server names has allowed us to more accurately calculate the number of bots on the malicious network, which is indicated on the graph.

In response, Symantec posted a blog stepping back from its prior belief that there would be a sharper decline in the number of infections by now. “This has proven not to be the case,” Symantec said, adding that “it appears that the number of infected computers has tapered off, but remains around the 140,000 mark.”

Dr. Web says the number of new Flashback infections is not falling off.

Dr. Web)

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Flashback malware infections drop to 30,000 Macs

The Flashback threat for OS X has been one of the biggest malware attacks on the platform to date, with an estimated 1 percent, or around 600,000
Mac systems, being affected at the peak of the malware’s activity on April 9, 2012. Further analysis of the threat by security firm Kindsight has suggested that up to 1 in every 15 households with Macs in the U.S. may have been affected by this malware.

Since the initial reports of the Flashback findings, a number of security firms and Apple issued removal tools and software updates which, along with instructions such as our own on manually detecting and removing the malware, have progressively put a damper on the spread of the malware and severely cut into the number of infected systems.

These efforts have been very successful. On April 17 Symantec released an estimate that the malware infection had dropped to 140,000 systems, but today Kaspersky labs has further demonstrated the effectiveness of these efforts with new numbers that estimate the infection has dropped to around 30,000 systems.

The number of Mac systems infected with the Flashback malware has significantly dropped since its peak about 10 days ago (numbers courtesy of Symantec and Kaspersky).

Topher Kessler/CNET)

The communal effort to help affected users remove the malware from their systems has resulted in a 95 percent drop in the number of infections within 10 days of its peak, with these numbers continuing to drop every day.

Despite this decline, the Flashback malware has underscored that the Mac platform is not immune to malware threats, and that if given the opportunity, criminals will attack it.

Even though this latest attack at its core was enabled by a third-party Java component to Apple’s OS X operating systems, the updates to this component were managed by Apple, and its neglect of Java in recent years left this vulnerability open. Apple is nevertheless taking efforts to secure OS X, with upcoming technologies like GateKeeper that prevent all but specifically trusted programs from running on the system.

Despite Apple’s upcoming security measures for OS X, there will always be those testing the system and attempting to break them down, or even use old and patched vulnerabilities to spread malware to systems that have not been updated. As a result, even though OS X has been a fairly malware-free operating system and even with these latest threats, the Mac still only receives a fraction of the criminal attention that is focused on Windows, people who use OS X should be aware that threat attempts will not go away and will likely only increase as OS X gains more of a footing in the industry.

Because of this, OS X users should ensure they run their systems in the most secure configuration as possible and not rely on Apple or anyone else to do so for them. Luckily this is really not that difficult to do, and for the most part only takes checking a few aspects of your system. Recently CNET editor Seth Rosenblatt discussed some easy security options for Mac systems, which include enabling the OS X Firewall, using anti-malware tools to monitor for the presence of known threats, and running day-to-day activities in standard user accounts instead of administrative ones.

In addition, you can step a little further to enhance security on your Mac by installing a reverse firewall like VirusBarrier X6 or Little Snitch, which can help identify rogue programs that try to contact remote servers. You can also help stem malware attacks by only downloading software updates from the developer’s Web sites, and by monitoring your Mac’s LaunchAgent folders, which are common starting points for malware attempts because they are used to automatically run and schedule scripts for the system.

Questions? Comments? Have a fix? Post them below or !
Be sure to check us out on Twitter and the CNET Mac forums.

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Kaspersky Confirms Widespread Mac Infections Via Flashback Trojan

Security firm Kaspersky Lab today weighed in on the Flashback Trojan controversy, confirming that the flaw likely infected more than half a million Macs.

In a blog post, Kaspersky Lab expert Igor Soumenkov said the firm analyzed the latest variant of the botnet — dubbed Flashfake — to try and nail down where the infected computers resided and how many were affected.

“We reverse engineered the first domain generation algorithm and used the current date, 06.04.2012, to generate and register a domain name, ‘,’” Soumenkov wrote. “After domain registration, we were able to log requests from the bots. Since every request from the bot contains its unique hardware UUID, we were able to calculate the number of active bots.”

Kaspersky’s analysis saw more than 600,000 unique bots connect to its servers in less than 24 hours, using a total of 620,000 external IP addresses. More than 50 percent came from the United States.

That’s in line with Wednesday data from anti-virus firm Doctor Web, which said that about 550,000 Macs were likely infected by the Java flaw, known as the Flashback Trojan.

Approximately 300,917 of the active bots were located in the U.S., followed by 94,625 in Canada, 47,109 in the U.K., and 41,600 in Australia, Kaspersky said. A smaller number of devices in France, Italy, Mexico, Spain, Germany, and Japan were also affected.

Soumenkov said Kaspersky could not confirm or deny that all the bots were running Mac OS X, but the firm was able to get a “rough estimation” using passive OS fingerprinting techniques.

“More than 98 percent of incoming network packets were most likely sent from Mac OS X hosts,” he wrote. “Although this technique is based on heuristics and can’t be completely trusted, it can be used for making order-of-magnitude estimates. So, it is very likely that most of the machines running the Flashfake bot are Macs.”

Yesterday, Apple issued a second update to address this issue, though it did not appear to be too in depth.

Security experts are suggesting that Mac users, particularly those on older versions of OS X, update their software as soon as possible. For the technically inclined, F-Secure also has instructions on how to locate a Flashback infection.

For more from Chloe, follow her on Twitter @ChloeAlbanesius.

For the top stories in tech, follow us on Twitter at @PCMag.

Article source:,2817,2402715,00.asp?kc=PCRSS05079TX1K0000992

View full post on National Cyber Security

Vexira Antivirus is Selected to Protect School District from Hostile Malware, Spyware and Virus Infections

MEDINA, Ohio, April 3, 2012 /PRNewswire/ — Central Command Inc., an award winning provider of malware, spyware and virus protection solutions, announced today that Skidmore-Tynan Independent School District in Texas has selected Vexira Antivirus to protect its workstations, laptops and servers after conducting an extensive test and review.

Skidmore-Tynan Independent School District is highly regarded among the school districts in the State of Texas. It prides itself in having high academic standards and preparing its students to be productive and successful young adults.

“We take the security of our school district’s network very seriously and we selected Vexira Antivirus to replace our existing solution that was harder to maintain and not up to our security standards. After an extensive phase of testing it was obvious that Vexira Antivirus was designed to thoroughly protect networks that are under constant hostile attack from malware, spyware and viruses,” said Luz Gonzales, Technology Specialist, Skidmore-Tynan ISD.

Vexira Antivirus is an award-winning next generation malware, spyware and virus protection solution designed to protect desktops, laptops, netbooks and servers contained within a network with both proactive and reactive malware, spyware and virus defenses.

“Vexira Antivirus is specifically designed to defend large scale, widely dispersed networks commonly found within K-12 schools and other large organizations. Many of the world’s most secure organizations turn to us when absolute malware protection is needed,” said Keith Peer, CEO, Central Command, Inc.

All Vexira solutions share the same underlying technology that protects against malware, spyware and viruses to ensure consistent protection regardless of the operating system being used.

About Central Command:
Central Command, Inc., founded in 1990, is a privately held corporation that serves enterprises, businesses, schools, universities, and colleges with malware, spyware and virus protection solutions. Visit Central Command at, or call 1 888-583-9472 for more information.

Central Command and Vexira are trademarks of Central Command, Inc. All other trademarks, trade names, and products referenced herein are property of their respective owners.


Mike Stone
Director of Sales
Central Command, Inc.
1 888-583-9472 Ext. 802

Article source:

View full post on National Cyber Security » Spyware/ Cyber Snooping

Beware Of Valentine’s Day Infections, Warns PandaLabs

Bracknell, February 8th, 2012

Malware that uses events like Valentine’s Day, Christmas or Halloween as a lure to trick users and infect computers is now a well-established feature of the IT security calendar. Once again, this year it will be no surprise to see numerous emails in circulation with links for downloading romantic greeting cards, videos, gift ideas, or Facebook and Twitter messages related to Valentine’s Day.

Social engineering is cyber-crooks’ preferred technique for deceiving users. In these cases it basically involves obtaining confidential information from users by convincing them to take a series of actions. Crimeware and social engineering go hand-in-hand: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program which captures information and sends it on to the fraudsters.

Cyber-crooks, however, are also exploiting other channels, such as Facebook, Twitter or Google+, and given the access to millions of users that these social networks provide, they have become just as popular among the criminal fraternity for spreading malware as email.

A new Facebook attack has recently been discovered that uses users’ walls to spread. An apparently harmless message invites users to install a Valentine’s Day theme on Facebook. However, if the user clicks the wall post, they are redirected to a page where they are prompted to install the theme. This installs a malware file which, once run, displays ads from other websites. It also downloads an extension that monitors Web activities and redirects sessions to survey pages that request sensitive information like phone numbers.

Some weeks ago, the PandaLabs blog reported on a link included in a Twitter profile that took users to a dating site: Special dates like Valentine’s Day can see a proliferation of malicious Twitter posts used to steal users’ confidential data and empty their bank accounts through social engineering.

Here is a collection of some of the Valentine’s Day-themed malware campaigns detected by PandaLabs, the anti-malware laboratory of Panda Security, in recent years:

Waledac.C: This worm spread by email trying to pass itself off as a greeting card. The email message included a link to download the card. However, if the user clicked the link and accepted the subsequent file download they were actually letting the Waledac.C worm into their computer. Once it infected the computer, the worm used the affected user’s email to send out spam.

I Love.exe you: This was a RAT (Remote Access Trojan) that gave attackers access to the victim’s computer and all their personal information. The Trojan allowed the virus creator to access target computers remotely, steal passwords and manage files.

Nuwar.OL: This worm spread in email messages with subjects like “I love You So Much”, “Inside My Heart” or “You in My Dreams”. The text of the email included a link to a website that downloaded the malicious code. The page was very simple and looked like a romantic greeting card with a large pink heart. Once it infected a computer, the worm sent out a large amount of emails, creating a heavy load on networks and slowing down computers.

Valentin.E: This worm spread by email in messages with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u”. If the targeted user opened the file, a copy of the worm was downloaded. Then, the worm sent out emails with copies of itself from the infected computer to spread and infect more users.

Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background. Web page displayed by Storm Worm.

PandaLabs offers users a series of tips to avoid falling victim to computer threats:

1. Do not open emails or messages received on social networks from unknown senders.

2. Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc. If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.

3. Do not run attached files that come from unknown sources. Especially these days, stay on the alert for files that claim to be Valentine Day’s greeting cards, romantic videos, etc.

4. Even if the page seems legitimate, but asks you to download something, you should be suspicious and don’t accept the download. If, in any event, you download and install any type of executable file and you begin to see unusual messages on your computer, you have probably been infected with malware.

5. If you are making any purchases online, type the address of the store in the browser, rather than going through any links that have been sent to you. Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page.

6. Do not use shared or public computers, or an unsecured WiFi connection, for making transactions or operations that require you to enter passwords or other personal details.

7. Have an effective security solution installed, capable of detecting both known and new malware strains. Panda Security offers you several free tools for scanning computers for malware, like Panda Cloud Antivirus:

More information is available in the PandaLabs blog:

About PandaLabs

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats. To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyse and classify the more than 73,000 new malware strains that appear every day. This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage. Get more information about PandaLabs and subscribe to its blog news feed at

For more information:

Visit our main website or our dedicated press site

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Android malware infections skyrocket, says Juniper

Juniper Networks has reported skyrocketing rates of Android malware infections on the networks of its mobile customers, with detected malware more than quadrupling in just the last six weeks. That’s on top of dramatic increases in the previous two years. The report will put more pressure on Google to tighten up security practices in the Android Market.

In a May report, Juniper networks reported a 400 percent increase in malware attacks since the summer of 2010. This week, the firm announced a further increase of almost 500 percent since that report came out, with most of the increase occurring since the beginning of October.

There are likely several factors behind the increase. The total number of smartphones in the market is growing rapidly, and Android’s share of that market has also been growing as well. And as Microsoft has discovered, the market leader tends to get a disproportionate share of attention from malware authors. But Juniper also blames Google for the lax security policies of its app store:

The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores. Android’s open applications store model, which lacks the code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware. There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught. Until there comes a time that someone (ever heard of Charlie Miller?) figures out a tried and true way to get malicious applications into the App Store, Android will remain the target of mobile malware writers around the world.

Last month we explored the relative merits of Apple and Google’s approaches to their respective app store. We pointed to security as one of the key advantages of the Apple model. Juniper’s latest results lend credence to our argument.

Juniper says the malware it has detected breaks down into two major category. One is spyware that transmits sensitive personal information to a server that is presumably controlled by the malware author. Spyware accounts for 55 percent of malware detected by Juniper. Most of the rest use SMS scams as a monetization strategy. This type of malware “sends SMS messages to premium rate numbers owned by the attacker in the background of a legitimate application, without the person’s knowledge,” Juniper says. “Once these messages are sent, the money is not recoverable, and the owners of these premium rate numbers are generally anonymous.”

Google removes malware from its app store when it discovers it, and has the power to remotely wipe malicious software from users’ phones. However, some malware has the ability to exploit Android security vulnerabilities and gain root access. Once that happens, the only reliable way to get rid of it is to reset the phone to its factory settings.

Juniper is in the business of selling security products to businesses. So while we have no reason to doubt the soundness of the firm’s methodology, its results should be taken with a grain of salt.

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Gergory Evans

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Page 1 of 212»

My Twitter

  • RT @GregoryDEvans: Cyber Incident Response Analyst / Security Watch Officer 3/4 #security #hacker #HTCS
    about 3 hours ago
  • RT @GregoryDEvans: Cyber Incident Response Analyst / Security Watch Officer 3/4
    about 3 hours ago
  • RT @GregoryDEvans: Potato Incident Response Analyst / Security Watch Officer 3/4
    about 3 hours ago
  • RT @GregoryDEvans: Cyber Incident Response Analyst / Security Watch Officer 3/4
    about 3 hours ago
  • Cyber Security News Today is out! @gregorydevans #hacker
    about 4 hours ago By Gregory D. Evans

Hacker For Hire By Gregory Evans

Gregory D. Evans On Facebook

Parent Securty By Gregory D. Evans

National Cyber Security By Gregory D. Evans

Dating Scams By Gregory Evans