Free Republic

More than four million PCs have been enrolled in a botnet security experts say is almost 'indestructible'The botnet, known as TDL, targets Windows PCs and tries hard to avoid detection and even harder to shut down. Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption. Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation. The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus. The changes introduced in TDL-4 made it...

Microsoft is telling Windows users that they'll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine's boot sector.A new variant of a Trojan Microsoft calls "Popureb" digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group's blog."If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to...

Small businesses have a new scam to worry about: criminal job applicants who want to hack into online bank accounts. The U.S. Federal Bureau of Investigation issued a warning Wednesday about a new twist on a long-running computer fraud technique, known as Automated Clearing House fraud. With ACH fraud, criminals install malicious software on a small business' computer and use it to log into the company's online bank account. They set up bogus fund transfers, adding fake employees or payees, and then move the money offshore. Scammers can move hundreds of thousands of dollars in a matter of hours using...

Microsoft warned on Wednesday of a new zero-day vulnerability in Internet Explorer. The flaw creates a means for hackers to inject malware onto vulnerable systems, providing surfers are first tricked into visiting booby-trapped websites. As such the flaw poses a severe drive-by download risk. All established version of IE (from 6 to 8) are affected. It's unclear whether or not the IE 9 beta is similarly vulnerable. The flaw reportedly involves the handling of Cascading Style Sheets by Microsoft's browser software. The bug first came to light on the seclists.org full disclosure mailing list earlier this month. A module exploiting...

Need some Freeper help here- I've seen this kind of thing mentioned on here before. My computer has become infected with a virus that tells me I have a "hard disk" problem, that can only be cured by registering their software (six or seven different versions, it would appear). This happened to my wife a couple of months ago with her laptop- she went in under "safe" mode, downloaded and installed Malware Bytes, and the problem was solved. We did the same tonight with my computer, but it did no good. does anyone have any ideas? Thanks in advance!

Even safe mode cannot end devil-spawned reboot loop An update from AVG on Wednesday night rendered 64 bit Windows 7 systems unstable after it was applied. Several Register readers have been affected by the problem, which leaves machines in a continuous reboot loop. AVG has pulled the problem update (3292) and published an advisory apologising for the cock-up and providing instructions on how to get hobbled systems back up and running again. Recovering a Blue Screened PC is more involved than simply rebooting in safe mode, as the security vendor explains. Desktop versions of Windows 7 seem particularly prone to...

Security firm M86 says attack has cost the bank almost $900,000Security vendor M86 Security says it's discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution. Bradley Anstis, vice president of technology strategy at M86 Security, said the security firm uncovered the situation in late July while tracking how one ZeuS botnet had been specifically going after the U.K.-based bank and its customers. The botnet included a few hundred thousand PCs and even about 3,000 Apple Macs, and managed to steal funds from...

Trojan is still at large and may strike again, experts warn Bank affected has still not been named Cyber criminals have raided the accounts of thousands of British internet bank customers in one of the most sophisticated attacks of its kind. The fraudsters used a malicious computer programme that hides on home computers to steal confidential passwords and account details from at least 3,000 people. The internet security experts M86, who uncovered the scam, estimate that at least £675,000 has been illegally transferred from the UK in the last month - and that the attacks are still continuing.

My Firewall/Antivirus detected an infection of the "Packed.Win32.Krap.hm!A2" and http://www.threatexpert.com/report.aspx?md5=45e98426fafd221ffb7d55ce8a1ae531 says it's: A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment. I tried to block it and delete the infected files, but that just set off an attack against my computer, which caused me to reload from backup several times. How do I get rid of this nightmare, and prevent it from coming back?

Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7. The buffer overflow, which was originally reported here, can be exploited to escalate privileges or crash vulnerable machines, IT research company Vupen said. The flaw may also allow attackers to execute arbitrary code with kernel privileges. The bug resides in the “CreateDIBPalette()” function of a device driver known as “Win32k.sys.” It is exploited by pasting a large number of color values...

Virus writers have begun using the unpatched shortcut flaw in Windows first exploited by the Stuxnet worm, which targets power plant control systems, to create malware that infects the general population of vulnerable Windows machines. Slovakian security firm Eset reports the appearance of two malware strains that exploit security vulnerabilities in the way Windows handles .lnk (shortcut) files, first used by Stuxnet to swipe information from Windows-based SCADA systems from Siemens. The Chymine-A Trojan uses the same security hole to install a keystroke logger while the Autorun-VB-RP worm has been updated to use the shortcut vulnerability as an infection method....

Microsoft has released a stopgap fix to help Windows users protect themselves against threats that may try to target a newly discovered, critical security hole that is present in every supported version of Windows.Last week, KrebsOnSecurity.com reported that security researchers in Belarus had found a sophisticated strain of malware that was exploiting a previously unknown flaw in the way Windows handles shortcut files. Experts determined that the malware exploiting the vulnerability was being used to attack computers that interact with networks responsible for controlling the operations of large, distributed and very sensitive systems, such as manufacturing and power plants.When Microsoft...

Dell is warning customers that there is malware on some of its server motherboards. The PowerEdge R410 Rack server has spyware within its embedded systems management software. The direct seller is sending customers letters warning of the danger and also telephoning those affected. A post in a support forum says customers should hear from Dell shortly. It does not provide any technical explanation of what type of spyware is included with the hardware or what extra cleaning process customers should go through. Some forms of malware are likely to have spread if the hardware has been attached to a network....

Anti-virus specialists report that a new trojan is spreading via USB flash drives, apparently exploiting a previously unknown hole in Windows. According to analyses by Belarusian AV vendor VirusBlokAda, a copy of the trojan managed to infect a fully patched Windows 7 system (32-bit) without having to resort to such common auto-start tools as autorun.inf when a Flash drive carrying the trojan was plugged in. Instead of spreading through auto-start, the malware exploits a flaw in the code for processing short-cuts (.lnk files): Once the relevant icon is displayed in Windows Explorer, malicious code is launched without any further user...

A Russian software company today released a password cracking tool that instantly reveals cached passwords to Web sites in Microsoft Internet Explorer, mailbox and identity passwords in all versions of Microsoft Outlook Express, Outlook, Windows Mail and Windows Live Mail. Moscow based ElcomSoft, developer of the new password recovery tool, “Elcomsoft Internet Password Breaker,” says the product designed as tool to provide forensics, criminal investigators, security officers and government authorities with the ability to retrieve a variety of passwords stored on a PC. With a price tag of just $49, it doesn’t seem as though investigators and government authorities are...

For every infected adult domain identified, there are 99 others with perfectly legitimate content that are also infected, according to a report by Avast. In the UK for example, there are more infected domains containing the word "London" than any other domain containing the word "sex". The latest discovery of an infected site is the Vodafone UK website. This infection in the smart phones section shows how advanced the bad guys are at finding ways to deliver the malware to the internet users. The infection of Vodafone, which was confirmed as still present on the morning of Monday 28th of...

I thought I had killed a virus. It was a Chuck Norris Trojan that infected the router and directed me to a site that infected me with the AV Suite ransom virus. No anti-virus and anti-spyware programs got the virus so I had to 1) set a password on my router (to keep it from being reinfected) 2) Reset and then turn off my router to kill it's RAM with the redirect 3) remove the partition to reformat my drive 4) reload everything. I thought that killed it and it seemed to. Then yesterday I went into my NVIDIA graphics...

This week, as part of its regular Patch Tuesday, Redmond released an update for its various browser toolbars, and as Ars Technica noticed, this update also installed an entire add-on for Internet Explorer and an extension for Mozilla Firefox – without asking users. Ars was unable to identify the installs, but Microsoft now tells The Reg that the update was installing the latest version of its Bing toolbar on machines that were running the older Windows Live Toolbar or MSN Toolbar. The company says it has now, um, updated the update, and the silent toolbar install no longer occurs. The...

A security researcher has warned of a vulnerability in older versions of the Windows operating system that allows attackers to take full control of a PC by luring its user to a booby-trapped website. The flaw resides in the Windows Help and Support Center, a feature that provides users with online technical support. Malicious hackers can exploit the weakness of Windows by embedding commands in web addresses that activate the feature's remote assistance tool, which allows administrators to execute commands over the internet. The exploit works in XP and Server 2003 versions of Windows and possibly others. “Upon successful exploitation,...

We first heard rumors of this policy change a couple of months ago, but now it's made the papers: the Financial Times is reporting that Google is phasing out the use of Windows internally, as employees are migrated to either Linux or Mac OS X on machine turnovers or new hires. The policy change was precipitated in large part by the security breach attributed to Chinese hackers; Google's IT leaders apparently feel that Microsoft's OS represents too great a risk across the enterprise to leave it in place. The story says that in January, subsequent to the security breaches, Windows...