Apple Updates Its Malware Blacklist

As is becoming more apparent, Macs are not immune to malware and are being targeted more by cyber criminals as their market share expands. Last week Apple updated its Xprotect anti-malware blacklist tool to address a new Trojan for OS X that recently surfaced. The Trojan, aptly named SMSSend, looks like a normal program installer for an app called VKMusic 4 Mac, but tricks the users into sharing their cell phone number as part of the registration process and then entering a code sent via text. After doing so, the user is signed up for a subscription service that charges their monthly phone bill.

The discovery of the Trojan provides further support to the risks of downloading programs from unofficial software websites.

Learn more in the news here and here.

Critical Zero-Day Bug Found in IE

Researchers uncovered active malware attacks that exploit a critical and previously unknown vulnerability in the latest versions of Microsoft’s Internet Explorer (IE) browser. The attacks install a backdoor Trojan when unsuspecting people browse a booby-trapped website using a fully patched version of Windows XP running the latest versions of IE 7 or IE 8 and also effects versions of IE 9 running on Windows Vista and Windows 7.

A Microsoft representative said that company engineers are investigating the reports and didn’t have immediate comment. The article by arstechnica.com suggests Windows users should avoid using IE until more is known about the vulnerability. Java should be kept up-to-date or uninstalled if not used to enable other software to work.

Read the full article.

DNSChanger Servers Shutting Down Today

Today the FBI will be shutting down Internet servers that had previously allowed millions of Internet users, who were infected by the DNSChanger Trojan, access to the Internet. On July 9, Internet users who were affected by the Trojan will lose access to websites, email, chat, or social networking sites. DNSChanger Trojan is a nasty piece of malware that has been around for some time. To learn more, see this article.

Note that customers using McAfee antivirus products are currently protected from DNSChanger, provided the computer was not already infected before McAfee was installed. If you installed McAfee software after being infected, the malware is removed, but the changes the malware made to your network configuration require a manual correction.

If you have issues connecting to the Internet, please contact the IS&T Help Desk.

Fake FDIC Emails Spread Malware

Security researchers from Sophos reported a wave of malicious e-mails posing as official notifications from the Federal Deposit Insurance Corporation (FDIC) August 30. The rogue e-mails bear a subject of “FDIC notification” and have their headers spoofed to appear as originating from a no.reply@fdic.gov address.

As most spam e-mails, the body message is full of mistakes, which should serve as indication that it did not originate from a government agency. The fake emails contain an attachment named FDIC_document.zip as well as an executable file of the same name. The file has a PDF icon and since Windows 7 does not display known file extensions, it might easily trick users. The file is actually a computer Trojan that serves as a distribution platform for other malware. This means that running it will probably result in multiple infections.

Read the full story at Softpedia.com.

Risky Trojan Horse for OS X Found

A new Trojan horse malware that affects Mac OS X has been found called “trojan.osx.boonana.a.” It is being disguised as a video link and distributed through social-networking sites like Facebook. It may have the text “Is this you in this video?” in the link. When the link is clicked, the Trojan will run a Java applet that will download other files to the computer and run an installer automatically.

The Trojan appears to report system information to servers on the Internet, which can cause a breach of personal information. The Trojan also will attempt to spread itself by sending messages from the user account to other people through spam e-mail messages. As with most Trojans, this will require you to enter your password to install the software and make modifications to the system, so be sure you never supply your password unless you specifically open an installer file and know and trust where that installer came from.

Read the full story at cnet.com.

Stolen Gaming Credentials Uncovered

Do you play games online? If you do, you may want to change your log in credentials. Symantec has unearthed a server hosting the credentials of 44 million stolen gaming accounts. As described in a blog post by Symantec, the database has accounts for at least 18 gaming sites, including World of Warcraft, Aion, PlayNC and Wayi Entertainment. The value of stolen gaming credentials can range from $35 to several thousand dollars.

The accounts are being validated by a Trojan (a type of malicious software) known as Trojan.Loginck and distributed to compromised computers. Symantec recommends users of these gaming sites to change their passwords and as always to keep their virus definitions up to date in order to ensure protection against new threats.

Hackers Taking Advantage of False Celebrity News

Last month a false rumor was going around the Internet that actor Johnny Depp had died in a car accident. There was even a page posted, that looked very much like a CNN news page, and had the story complete with photo of the crushed car.

If you were interested in finding out more, and used Google to search on the story, you could find a series of links that would supposedly lead you to a video of the scene of the accident. In fact, the video had a hidden Trojan that would download malware and infect your computer.

Watch this video by Sophos, the security software company, which takes you through these steps and details how hackers take advantage of a user’s gullibility.