Gizmodo: trojans

Those Pirated Versions of Windows 7 RC Are Building a Botnet

Jason Chen — Tue, 19 May 2009 20:01:16 EDT

The botnet just added 25,000 users in the last few weeks. Nice job, geniuses. Couldn't you have downloaded it from Microsoft directly? [MSDN]

Reminder: How to Fix Conficker

matt buchanan — Tue, 31 Mar 2009 20:00:54 EDT

Afraid you've got the evil Conficker worm that's already begun snaking its way around the world? Thanks to herculean efforts by researchers, the detection and fix is pretty easy.

Symantec's got a pretty simple (and free) tool specifically for Conficker: Download this file on an uninfected computer, follow the steps, and you should be okay. (If you can't get to Symantec or other security sites, that's a good sign you've got Conficker.) Also, via PC Mag, here's the Conficker Working Group's page of repair of tools.[Symantec]

Breaking: Cranky Windows Guy's Day Ruined by "Really Nasty" Trojan on His PC

matt buchanan — Sat, 28 Mar 2009 16:10:54 EDT

Gizmodo's cranky Windows guy, Adam Frucci, just had the spring stolen from his dance step by a nasty trojan he discovered on his PC. I sure hope it's not it's not Conficker.

Are Macs still too pricey, Adam? Time—what you're gonna spend getting that Trojan off your machine—is money, after all. [Twitter]

P.S. I posted this from my trojan-free Windows desktop.

OS X iWork Trojan Revamped, Repackaged, Rereleased in Photoshop

John Herrman — Mon, 26 Jan 2009 08:28:14 EST

The nasty OS X trojan from last week has resurfaced, and this time hits software pirates where it hurts the most: in Photoshop.

The trojan has been retooled a bit too, presumably to foil the fixes that were issued after the initial iLife scare. I'm sure a patched fix will come out soon enough, but the best tactic is to avoid this kind of thing altogether by, oh, I don't know, not giving pirated software root access whenever it asks for it. [Macenstein]

The Penicillin Fix For Your iWork '09 Trojan VD

John Mahoney — Fri, 23 Jan 2009 14:15:48 EST

Here's a fix for the trojan you may have picked up while dipping unprotected into murky pirate waters for a bootleg copy of Apple's iWork '09.

You can do it all manual-like, with the following Terminal incantations (But be careful! That's some unprotected deleting going on there):

1) (open Terminal.app)

2) sudo su (enter password)

3) rm -r /System/Library/StartupItems/iWorkServices

4) rm /private/tmp/.iWorkServices

5) rm /usr/bin/iWorkServices

6) rm -r /Library/Receipts/iWorkServices.pkg

7) killall -9 iWorkServices

Or, the folks at MacScan have released a free utility that handles the cleanup by itself. Download it here. [Macrumors]

Torrented Copies of iWork '09 Come Laced With a Nasty OS X Trojan

John Mahoney — Thu, 22 Jan 2009 15:20:00 EST

This may be a first for the Mac software world, and it's not cool at all: ill-gotten copies of iWork '09 circulating on Torrent sites contain OSX.Trojan.iServices.A, which is something you don't want.

The Trojan parks itself in your /System/Library/StartupItems folder with read-write-execute root privileges—from there it can phone home to a remote server and install additional nasties throughout your system. Right now, the only true fix is a full format and re-install, since its residual pieces can be spread far and wide. You can spot if your particular warez iWork is infected by searching for the iWorkServices.pkg inside the installer.

It was spotted security software company Intego, who have identified several OS X security threats in the past. But as far as I can tell, this is the first one to come piggybacking along with a popular software package many people are pirating (Intego says 20,000 downloads).

If you're in the demographic of folks pirating iWork '09 via BitTorrent, chances are this is as close as you're come to getting VD from an ill-advised Southeast-Asian sex-professional liaison (the online equivalent). Still, not a good precedent to set. [Intego]

Chinese Interweb Is Number One Target For Malware

Elaine Chow — Tue, 04 Nov 2008 01:00:00 EST

Chinese internet users have become the top target for malware, according to a new security report by Microsoft. The company said that about 47 percent of software “exploits” it found, including ones that can record keystrokes and steal passwords, in the first half of 2008 were in Chinese, while only 23 percent were in English.

Considering China surpassed the U.S. in overall internet users this June, it's probably not that surprising that the country would be targeted. Couple that with the influx of inexperienced users with freshly middle-class banking accounts, and you've got a major security problem. Microsoft recommended constantly updating to lower vulnerabilities, which probably won't happen since the newest Windows updates contain that anti-piracy black screen security measure. [Yahoo News] (Flickr credit - Kai Hendry)

Happy 30th Birthday, Spam!

Elaine Chow — Sat, 03 May 2008 21:30:00 EDT

Oh Spam, my how you have grown! Thirty years ago, on this day, you came into the world as a little misguided e-mail sent by an equipment engineer over Arpanet to promote a new line of computers. You were quickly shot down by other Arpanet users who called it an "insult... to have an obvious commercial message sent out over a research network." Yet, at some point in time, people stopped protesting you loudly enough. Now you comprise 80 percent to 95 percent of all e-mail sent, your crafty trojans and pesky viruses have infected millions of computers, and you've cost IT departments nearly $200 billion to combat you. But since it's your birthday, instead of telling you like we usually do to GTFO, let us sing you a little song instead. It goes something like this:

Spam, spam, spam, spam, spam, spam, spam, SPAM! LOVELY SPAM!

Popular Antivirus Apps Don't Work 80% of the Time

Charlie White — Thu, 03 Aug 2006 10:36:55 EDT

Feeling all smug, snug and secure because you have antivirus software running on that PC of yours? Think again. Graham Ingram, the general manager of Australia's Computer Emergency Response Team says the most popular antivirus applications are about as impregnable as a screen door in a submarine, letting 80% of the creepy crawlies through.

Ingram didn't mention them by name, but the three leading antivirus applications are Symantec with 53.6% of the market, McAfee with 18.8%, and Trend Micro with 13.8%. On the other hand, one antivirus package he did mention by name was the Russian application Kaspersky, which he said blocks of 90% of viruses and Trojans.

There was also no mention of the performance hit antivirus software claims from your system. It's a shame that so many people are using useless applications such as Symantec antivirus software. The cure is worse than the disease. The funny thing is, viruses don't come to get you, you have to actively infect yourself with them. And, by the time any of these bullshit apps figure out how to deal with ever more masterfully-written viruses, the horse is already out of the barn. But just to be safe, don't use Internet Explorer and don't click on any attachments, and you'll be far more likely to be virus-free than if you're depending on any of these fraudulent applications. Or, you could just get a Mac. – Charlie White

Why popular antivirus apps 'do not work' [ZDNet Australia, via The Consumerist]

Cellphone Trojan from Russia

johnb — Fri, 07 Apr 2006 07:29:54 EDT

Just in time for PayPal Mobile, there's a Trojan that called RedBrowser that pretends to browse the web using SMS instead of a WAN connection. Instead of giving you sweet, sweet Internet access, however, it runs up $5 and $6 SMS charges for folks on the Russian Beeline, MTS and Megafon networks. Would we be stupid enough to fall for it here? Ummm...

Russian phone Trojan tries to ring up charges [MSN]

FlexiSpy Spies on Kids, Lovers, Builds Love and Trust

johnb — Fri, 31 Mar 2006 10:25:34 EST

A program called FlexiSpy, designed to capture call logs and SMSes on cellphones, is getting flagged by anti-virus software maker F-Secure because of its treacherous nature.

The program is completely invisible and installs itself without the phone owner's knowledge. FlexiSpy's manufacturer, Vervata, is sticking to its story that this thing helps parent's keep track of kids surfing habits, but the sneaky nature of this software makes it ripe for abuse.

Product Page [FleixSpy]
Spy program snoops on cell phones [News.com via TheInquirer]

Mac Trojan Horse Appears: Ha!

Travis Hudson — Fri, 17 Feb 2006 08:23:28 EST

The Mac Observer is reporting on a Trojan Horse has surfaced on the web that affects Mac users. The Trojan, which has been named Oompa-Loompa is a malware-esque application that tricks unsuspecting Mac owners into thinking it is a JPEG image. If it is launched it requires administrator access before having the ability to install files, cause carnage, and duplicate itself by sending to your iChat buddy list. Suck on dem apples, Apple.

Mac Trojan Horse surfaces [MacMinute]