Free Republic

A security researcher has discovered a cluster of infected Linux servers that have been corralled into a special ops botnet of sorts and used to distribute malware to unwitting people browsing the web. Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they've also been hacked to run a second webserver known as nginx, which serves malware. "What we see here is a long awaited...

A "tremendous" amount of financial data has been stolen by a Trojan that has infected hundreds of thousands of corporate and personal PCs, according to information security specialist SecureWorks. Clampi, also known as Ligats, Ilomo or Rscan, has spread across Microsoft networks in a "worm-like fashion" and is "one of the largest and most professional thieving operations on the Internet" says Joe Stewart, director of malware research at SecureWorks' counter threat unit. Once it has infected a PC, the Trojan monitors Web sessions to see if one of 4500 targeted sites are visited. If a victim uses one of these...

I have a rootkit trace that refuses to go away. Macafee can't delete it. Malwarebytes Antimalware claims to delete it but it's right there as soon as it closes. I find hundreds of references to it via Google but nobody says how to get rid of it and nobody even discusses what it does besides annoy you. My cd burning programs have been disabled so I can't make an alternative OS like BartPE. I can boot off the Windows CD and get into the Recovery console. I use DOS commands to delete the files but they come right back again....

Was downloading a video from the internet (Kung Fu movie) when my Avast anti-virus software first warned me of a trojan (from the find site) and then a worm. I deleted both. Both Avast and Trend Micro House Call show no infection. However, on my Facebook account, something sent an ugly message with an even uglier link (which also warned on a virus) to everyone on my Facebook. I do not automatically log in to Facebook, I put in my password every time. How did it do that?

Some pirated builds on file-sharing sites harbor attack code... Pirated copies of Windows 7 Release Candidate (RC) on file-sharing sites contain malware, according to users who have downloaded the upgrade. Windows 7 RC, which Microsoft Corp. will officialy launch tomorrow, leaked two weeks ago, with copies first appearing on BitTorrent tracking sites on April 24. Some of the pirated builds include a Trojan horse, numerous users said in message forums and in comments on BitTorrent sites such as Mininova.org. "Just a warning for anyone downloading the new RC builds of windows 7. Quiet [sic] a lot of the downloads have...

The conficker worm, aka:Downup, Downadup and Kido, is scheduled to become active at 00:01:00 AM on 04/01/09. It's a complete unknown and has many experts worried. If you aren't sure about being protected on your Windows machine, please download the FREE application from Microsoft called Windows SteadyState , and install it. It only takes a few minutes, it's very easy and simple, and it will protect your hard drive. I use it on my XP Box and my Wife's Vista laptop, and I know it works. Download it, click to install, open it, and select "User Restrictions", and (if...

<p>Thursday, November 20, 2008 The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVD's, FOX News has learned.</p> <p>The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks.</p>

Joe the Plumber asks Barack Obama a simple question, which elicits a damaging and revealing peek into Obama's true beliefs. Within two days, the Main Stream Media and left wing pundits and bloggers have waged a full blown character assassination of Joe the Plumber. (1) Insinuation Joe Lied about his name (its his middle name) (2) Accusation that Joe is a deadbeat (he has a tiny back tax bill), (3) Accusation that Joe is a law breaker (he works under the license of a different plumber like MANY tradesmen across the US), (4) Accusation he's a wife beater and a...

The exact date when the Greeks used the Trojan horse to raze the city of Troy has been pinpointed for the first time using an eclipse mentioned in the stories of Homer, it was claimed today. # The truth about an epic tale of love, war and greed Scientists have calculated that the horse was used in 1188 BC, ten years before Homer in his Odyssey describes the return of a warrior to his wife on the day the "sun is blotted out of the sky". The legend of the fall of Troy is mentioned in Virgil and Homer's poems...

Incredible Message About my （Dr. Don Boys） Islam Book from a Muslim Nation! How this brother got my book on Islam I don’t know. He must have purchased it while visiting in another country or someone sent it to him. He says he would be killed by followers of that peaceful religion of Islam if it were known that he had my book! What a way to live! Following is his email except for his name and country. I got to read some parts of your book Islam: America 's Trojan Horse. I would like to mention that it is...

A BusinessWeek probe of rising attacks on America's most sensitive computer networks uncovers startling security gaps The e-mail message addressed to a Booz Allen Hamilton executive was mundane—a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network. The Pentagon hadn't sent the e-mail at all. Its origin is unknown, but the...

Ok, Daughter's laptop with an up to date anti-virus program and firewall has gotten infected with a worm called worm.win32.netsky. Can't find a removal program for this bugger and the scans haven't found or removed it. She was going to various School District web sites to apply for a teaching job when it happened It loaded on it's own new desktop icons, and diabled remove program from the task bar along with Ctl-Alt-Del. Anyone out there got ideas?

Digital photo frames containing malware have been found, heads up! http://isc.sans.org/diary.html?storyid=3807 http://isc.sans.org/diary.html?storyid=3787

A former business associate of the failed marketing agency that attempted to secure Reggie Bush as a client told Yahoo! Sports he spoke directly to Bush about the company's business plan before the running back completed his junior season at the University of Southern California. Such an action would have violated NCAA rules and is the latest in a series of facts uncovered in a Yahoo! Sports investigation that indicate Bush and his family had an improper relationship with New Era Sports & Entertainment. Ben Delanoy, now CEO of Next Level Sports Marketing, said Bush indicated he would be part...

Malicious JavaScript pushes Trojan Virus writers are exploiting morbid curiosity about the assassination of former Pakistani Prime Minister Benazir Bhutto's to spread malware. Surfers searching for video footage of the suicide attack that killed Bhutto and at least 21 others on Thursday are liable to find malware posing as video clips that attempts to trick users into running malign ActiveX controls. The malicious downloaded file is detected by Symantec as the Emcodec-Trojan.

SAN FRANCISCO — In a backhanded compliment to Apple Inc., online criminals are apparently so impressed with its scorching sales they are sending Macintosh computers an attack typically aimed at machines running Microsoft Corp.'s dominant Windows operating system. Symantec Corp. researchers said the Web sites serving up the new attack also deploy a Windows version. "For a while Mac users have enjoyed the benefits of being a small enough population that hackers didn't go after them directly _ that's obviously now changing," said Ben Greenbaum, senior research manager at Symantec Security Response. Lynn Fox, an Apple spokeswoman, said the Cupertino-based...

Multi-Middleman 'Mpack' Attacks Use Google AdWords to Lure Victims By Scott M. Fulton, III, BetaNews June 19, 2007, 11:46 AM One of Russia's fastest growing markets, and quite possibly a contributor to stabilizing that country's fickle economy, is cut-rate, self-deploying Trojan horse packages. As malware writers there have discovered, rather than baiting and waiting for victims to fall into their traps at random, so that they carry out DoS and identity theft attacks without knowing they're doing so, would-be victims worldwide will gladly pay for the privilege of knowingly carrying out those same attacks. "In terms of social engineering," writes...

A new variant of the Russian Trojan Gozi, armed with keylogging functionality, is making the rounds again. What makes this time different is that the Trojan can scramble itself to avoid detection by your anti-virus software. The Trojan is believed to have been spreading since April 17. Like the original, which was discovered earlier in 2007, the new version of Gozi steals data from encrypted SSL (Secure Sockets Layer) streams. The latest variant was uncovered May 7 by Don Jackson, a security researcher at SecureWorks in Atlanta. Comments Posted by Steve 3:15 PM (CDT)

I have discovered a Win32:Agent trojan resident in a file on my C: drive. It is located in my Thunderbird email files section. Try as I may, I cannot seem to delete this. It appears to be growing in size. I have read a lot about this one and they refer to it as a "sleeper" trojan. How can I remove this trojan? I run Firefox, Thunderbird as email client, XP Pro, Avast & AVG 7.5 Internet Security System, Zone Alarm Pro, along with Spy Bot S&D and Spyware Blaster.Can anyone help with this?Thanks

Online criminals are using Windows registration pages as new way to fool consumers into divugling confidential information, researchers with Symantec have noticed. The security firm said that it has spotted a new trojan that steals credit card information by posing as an anti-piracy control for Windows XP. The phishing trojan mimicks the behavior of Microsoft's Windows Genuine Advantage (WGA) anti-piracy software, which tracks down pirated copies of the operating system. On startup, the trojan produces a window informing the user that their copy of Windows has been activated by another user. In order to "re-activate" Windows, the software asks the...

Thursday likely marked the largest proliferation of e-mail virus attacks in more than a year, according to security company Postini. Postini said that two variations of the Storm Worm virus, which originally spread across the Internet in January, have quickly driven global virus levels 60 times higher than their daily average. E-mail users should be on alert for messages with "love"-related subject lines and an executable attachment that would contain a Trojan virus, as well as messages with "Worm Alert!" subject lines that contained a .zip file full of malicious code. Postini, which is based in San Carlos, Calif., says...

IT security and control firm Sophos is welcoming news that a US man has pleaded guilty to charges of writing and distributing a Trojan horse designed to steal usernames and passwords from computer users. "The Trojan has been the key development in cybercrime in recent years - hackers use them to steal info and money from unsuspecting internet users" Graham Cluley, Sophos Richard C Honour, 31, faces a maximum penalty of five years in prison and a fine of $250,000 after admitting releasing malware that infected users of DarkMyst, an IRC chatroom popular with players of online role-playing games. Honour,...

Troy Hurtubise is facing eviction after his Trojan invention flopped.Troy Hurtubise really put everything he had into his bulletproof combat suit. He spent two years and tens of thousands of dollars developing the Trojan, hoping to sell it to the Canadian or American armed forces, or to another friendly government. Now he's broke. Last month, he promised the Trojan would give soldiers in the field affordable, lightweight protection from bullets and bombs alike. He had worked all kinds of extras into the body armour: a ventilation system and multiple lights in the helmet, pepper spray that could shoot from the...

I have a trojan, do not know how I picked it up: intcodec-v6.667.exe and intcodec-v6.400.exe The WGA on this WinXP pro was made invalid, and now I can't DL updates for Norton Virus either. Those are seperate issues. Immediate need is to remove this virus, only ref I got on the net was here http://fileinfo.prevx.com/adware/qq2b5d34188554-INTC22293613/INTCODEC-V6.766%5B1%5D.EXE.html but I do not know anything about prevx.com or the free removal tool for this trojan. Does anyone know if prevx is legit, and does anyone know of any other ways to remove this trojan? Thanks for the help.

Websense raises the alarm about a phishing Trojan that uses a new technique to cloak its activity. The Web security company said that the Trojan, which installs itself as an Internet Explorer helper object, waits for the user to enter information in specific Web site forms -- particularly online banking sites -- then zaps the stolen data back to the attacker. What's unique about the new Trojan, said Websense, is that it delivers that data via ICMP packets. Keylogging Trojans usually transmit purloined usernames and passwords via e-mail or a HTTP POST command. Both can be easily spotted. "Instead, this...

An identity-stealing keylogger that disguises itself as a Firefox extension and installs silently in the background was discovered Tuesday by security vendor McAfee. According to the Santa Clara, Calif.-based company, the "FormSpy" Trojan horse monitors mouse movements and key presses to steal online banking or credit card usernames and passwords, other login information, and URLs typed into Firefox, the popular open-source browser. Another component of the Trojan sniffs out passwords from ICQ and FTP sessions, and IMAP and POP3 traffic, said McAfee. All collected information is sent to an IP address hard-coded into the Trojan. The scam starts with spam...

New Trojan asteroid hints at huge Neptunian cloud 19:00 15 June 2006 NewScientist.com news service Kelly YoungThe four known Neptune Trojans are shown in their position 60 degrees ahead of Neptune. The known clusters of Trojan asteroids on either side of Jupiter are also shown (Illustration: Scott Sheppard) A newly discovered asteroid in Neptune's orbit indicates the existence of a much larger, but as-yet-unseen, cloud of rocks in that region. The asteroids in Neptune's orbit might even outnumber those in the main asteroid belt between Mars and Jupiter, the new research suggests." The asteroid was discovered by Scott Sheppard of...

VIENNA - The night air in Vienna has finally turned warm, filling the city's trams with visitors. On the Ringstrasse, tourists take in the city, pointing out the City Hall and the parliament. ADVERTISEMENT "Did you see that one girl - so young! And wearing a veil," a woman clucks in lightly accented English, staring out the window of tram D. "They will form a separate culture." The sentiment isn't isolated. Earlier this month, Austria's Interior Minister Liese Prokop announced that 45 percent of Muslim immigrants were "unintegratable," and suggested that those people should "choose another country." In the Netherlands,...

A new kind of malware circulating on the Internet freezes a computer and then asks for a ransom paid through the Western Union Holdings money transfer service. A sample of the Trojan horse virus was sent to Sophos, a security vendor, said Graham Cluley, senior technology consultant. The malware, which Sophos named Troj/Ransom-A, is one of only a few viruses so far that have asked for a ransom in exchange for releasing control of a computer, Cluley said. The new Trojan falls into a class of viruses described as "ransomware." The schemes had been seen in Russia, but the first...

Excerpt - LAKE BUENA VISTA, Fla. — In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation. "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at...

This Worm Is Nasty, Brutish, And Sneaky As a data security specialist, Jeremy Pickett sees all kinds of digital tricks. So on Mar. 20, when he was tracing the origins of a computer worm that had been blocked the night before from entering a client's computer network, Pickett wasn't too surprised that it tried to connect with four sleazy Web sites, most of them, he believes, in Russia. Or that it then tried to load victims' PCs with as many as 30 new pieces of "malware," ranging from spam programs to those that automatically dial in to expensive phone-sex services....

A dangerous new exploit in Internet Explorer could put PCs and data at risk, Microsoft has admitted. The flaw, for which code has already been published on the internet, could be exploited to set an email-borne virus free on the unsuspecting public. Potential viruses could come as an attachment that conceals the code, or could possibly redirect users to a site that will unleash the code on the user's machine, leaving the computer open to remote attack. Once the PC is being controlled by a malicious user, it can then be used to launch attacks on other PCs. Even supposedly...

In May 2005, a trojan called PGPcoder was discovered in the wild by Websense Security Labs. The trojan's purpose was to encrypt a user's files, then demand a ransom for their decryption. Although this scheme seemed novel, it is actually predated by over 15 years, by a similar scam in 1989. LURHQ's Threat Intelligence Group has now discovered a third such scheme involving ransomware which we are calling Cryzip. Unlike PGPcoder, which used a custom encryption scheme (which was subsequently reverse-engineered by LURHQ), Cryzip uses a commercial zip library in order to store files inside a password-protected zip. Although the...

New virus seeks 'ransom' for computer files Wed Mar 15, 12:56 PM ET WASHINGTON (AFP) - In the equivalent of a holdup in cyberspace, a new computer bug locks up a user's file with encryption and demands a 300-dollar "ransom," security experts say. The so-called "ransomware" Trojan was discovered Saturday by the security firm LURHQ, which said it was based on a similar scheme perpetrated 15 years ago. Users whose computers are infected receive an e-mail stating that their files have been encrypted and will not be unlocked unless they transfer 300 dollars to a special account. In poorly written...

Time for a new FreeRepublic folding@home thread. Our FreeRepublic team of 300+ members comprised primarily of Free Republic members in good standing have banded together to donate their excess CPU cycles to a worthy cause. Via distributed computing, millions of computers around the world, contribute directly to scientific research, in the quest for a greater understanding of diseases such as Alzheimer's, Cancer, and Mad Cow (BSE). Currently, the team is in 164th place (with 992 CPUs - nearly 19,000 completed Work Units and 2,982,241 points) This is an entirely voluntary program, and if you want to learn more, please see...

On the evening of the 13th, an unknown user posted an external link to a file on MacRumors Forums claiming to be the latest Leopard Mac OS X 10.5 screenshots. The file was named "latestpics.tgz" The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but is actually a compiled Unix executable in disguise. An initial disassembly (from original discussion thread) reveals evidence that the application is virus-like or was designed to give that impression. Routines listed include: _infect: _infectApps: _installHooks: _copySelf: The exact consequences of the application are unclear, but according to...

LOS ANGELES, CA, USA -- A US computer hacker on Monday pleaded guilty to hijacking around 400,000 computers, including military servers, and infecting them with malicious software. In the first such prosecution of its kind, "botmaster" Jeanson Ancheta, 20, admitted infecting the computers with software that caused them to send spam, show ads and launch crippling attacks on Internet sites. In federal court in Los Angeles, Ancheta admitted conspiring to violate both the Computer Fraud Abuse Act and an anti-spam law, to causing damage to US defense computers and to hacking into computers to commit fraud. His plea comes after...

This is a transcript from a show Steve Gibson did with Leo LaPorte. The link to the audio is at the above link. Also, I will excerpt a little of the relevant information here.Steve: And so, you know, because I'm a developer when I'm not being a hacker, I wanted to understand - oh, and the other thing is, I want to write a robust testing application, you know, that always works all the time. So I wanted to know, like, okay, what bytes have to be set which way, what matters, what doesn't. Because, you know, that's the way...

Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us." I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.

Excerpt - NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain. "Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence." "It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team. SANS Institute, via its Internet Storm Center, has taken the unusual...

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using...

This alert is a follow-up to a post made yesterday on our blog: http://www.websensesecuritylabs.com/blog/ Websense® Security Labs™ has discovered numerous websites exploiting an unpatched Windows vulnerability in the handling of .WMF image files. The websites which have been uncovered at this point are using the exploit to distribute Spyware applications and other Potentially Unwanted Soware. The user's desktop background is replaced with a message warning of a spyware infection and a "spyware cleaning" application is launched. This application prompts the user to enter credit card information in order to remove the detected spyware. The background image used and the "spyware...

Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied.

This small body, known as 2001 QR322, leads Neptune around its orbit in such a way as to maintain, on average, approximately equal distance from Neptune and the Sun. As such, it mimics the Trojan asteroids of Jupiter which orbit the Sun in two clouds approximately 60 degrees ahead of and behind Jupiter. The first Jovian Trojan was discovered in 1906 and approximately 1,560 such objects are known today. However, until the discovery of 2001 QR322, Trojan-like objects associated with other giant planets had not been found.

I hate vanity posts, but I am wondering if anyone in FR land knows anything about the Spy Axe 3.0 virus. It has set up shop in my toolbar and has hijacked my home page. eTrust isn't touching it. Help?!?!

My computer apparently picked up a virus from spyaxe.net. I have a pop-up window saying I have spyware and "it is recommended to use antispyware tools to prevent data loss." Everytime I close the popup it pops up again. I got tired of closing it and installed it then removed it with "Add/Remove Software" in the control panel. The pop-up is back. Can anyone help?

The release of a Trojan that exploits an unpatched IE hole has prompted speculation that Microsoft may release an emergency out-of-cycle security patch. The Delf-DH Trojan downloader uses an Internet Explorer vulnerability to infect unprotected Windows users who stray onto maliciously constructed websites. Delf-DH downloads other malware onto infected machines changing settings in order to monitor user activity and redirect surfers onto porn sites. The attack relies on a flaw in the way IE handles requests to the window() object, highlighted by proof-of-concept code last week and now used in anger by VXers. Even fully patched Windows 2000 and Windows...

Sony's controversial copy-protection scheme had been in use for seven months before its cloaking rootkit was discovered, leading one analyst to question the effectiveness of the security industry. "[For] at least for seven months, Sony BMG Music CD buyers have been installing rootkits on their PCs. Why then did no security software vendor detect a problem and alert customers?" asked Joe Wilcox, an analyst with JupiterResearch. "Where the failure is, that's the question mark. Is it an indictment of how consumers view security software, that they have a sense of false protection, even when they don't update their anti-virus and...

When the news first broke in the mainstream press that Windows expert and blogger Mark Russinovich (he wrote a book about Windows for Microsoft) had found that Sony's anti-piracy efforts had gone too far and that Sony's DRM was installing an undetectable rootkit on customers' computers which they couldn't safely remove, the first reaction from Microsoft was guarded. They were concerned, they said, and were evaluating what, if anything, to do: Microsoft, which also ships an anti-spyware program, recently renamed "Windows Defender," hasn't yet decided whether it will also flag the Sony DRM software as malicious code, the spokesperson said....

More than one-half million networks infected by Sony including U.S. military and various countries. Dan Kaminsky, http://www.doxpara.com/ ,is the expert who broke this and did the work. His U.S. and Europe infection maps are shown below and are frightening. Dan did a hell of a good job. Search Google News for "sony numbers trouble" for more in an excellent article today that is very worth reading.