Software antivirus company Kaspersky Lab has spotted the first Trojan that is targeted towards Smartphones running the Google Android operating system.

Kaspersky Lab is one of the largest software antivirus companies operating in the computer security sector and has named the Trojan SMS.AndroidOS.FakePlayer.a. This particular Trojan has played havoc with a number of mobile phone devices, and the efforts of Kaspersky Lab is in the hope that fewer users will be affected in the future.

The Trojan runs under the disguise as a media player application; for users this seems harmless and so once they are prompted to download it, the file is installed with what is known as the standard Android extension: .APK. However, harmless it is now. Once it is on the phone, the Trojan starts to send SMSs to premium rate numbers. This all done without the user’s knowledge, and this means money is passed from their account to the account of a cybercriminal.

With Smartphones becoming more and more popular, this kind of SMS category of Trojan has become more and more prolific. This specific Trojan is the first to target the Android platform, however, and spyware has also been detected in some devices that run Android in the past.

Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab, says “The IT market research and analysis organisation IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform.

“Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011.”

As with any computer, users have been encouraged by software antivirus company Kaspersky Lab to check out any download that an application may request.

Guest Article by Neil Camp

The latest list of gremlins from security antivirus company Sunbelt Software has been released and shows that throughout July, it was the march of the Trojans that was causing the trouble.

Security antivirus company Sunbelt Software is now part of GFL Software and still publishes a round-up of the most prevalent forms of malware that are threatening people’s computers month to month. The material is gathered from the company’s anti-malware solution, VIPRE Antivirus, and its antispyware tool, CounterSpy.

The month of July heralded an attack by Trojans, as well as the Downad/Conficker worm. A startling 29.08% of the total Trojans detected was the Trojan.Win32.Generic!BT; this isn’t the first month this one has topped the list. It crowned the list in June and in May with similar percentage totals.

Others that have been repeatedly cropping up on this black list are Trojan.Win32.Meredrop, Trojan.Win32.Generic!SB.0 and Trojan.Win32.Malware. Trojan.Win21.Meredrop causes a whole host of problems for the victims it targets; they are a number of Trojans that can install and run different kinds of malware on a machine, often with multiple Trojans and worms. Trojan.Win32.Generic!SB.0 is known for password-stealing, installing keyloggers to that they can identify users’ most personal of passwords.

Francis Montesino, manager of Sunbelt’s malware processing team, said: “Trojan.Win32.Generic!BT is a generic risk that covers a lot of malicious applications. About 120,000 traces are identified under that detected by VIPRE’s signature-based, heuristic or behavioral mechanisms.

“Very often is identifies the downloaders that are used with rogue security programs. These are also called ‘scareware’. Once they get downloaded, the rogues pretend to scan your computer for malware then display false warnings that the machine is infected. They try to convince victims to purchase useless security software.”

The top 10 results are calculated by detecting the number of times a piece of malware infection has been found during scans by VIPRE and CounterSpy technology; these report back to ThreatNet, security antivirus company Sunbelt Software’s community of users. Here, they are given a classification, which can range from moderate all the way up to the very severe. A good look at the list helps internet users to understand the risks they run when surfing the web.

Guest Article by Neil Camp

Its been reported that a Trojan Horse attack has been mounted on Google’s Chrome browser.

The warning that the Trojan Horse attack is being perpetuated by cyber criminals intent on exploiting Google’s increasing popular Chrome browser was posted in a BitDefender blog.

The blog, called Malware City, regularly updates people on virus trends and BitDefender, like most of the computer security companies, see it as their role to alert computer users worldwide to threats and trends.

The Trojan Horse attack is based on the virus posing as a Google Chrome extension. It has been circulated by invidious hackers who now see Chrome as a very viable target. The method of the Trojan Horse attack is via an email which falsely claims that Google has launched a new Chrome extension which helps the user to better organise documents received in emails.

BitDefender discovered that the link that this spurious email contained was back to a fake page posing as a genuine Google Chrome extension page. And this page contained a download which contained an executable file contained the malware, the Trojan Horse attack.

Once downloaded, the Trojan Horse actually blocks attempts by the user to access Google and Yahoo websites, sending them instead to other websites which are loaded with other malicious files and content.

BitDefender has identified this Trojan Horse attack. It’s called Trojan.Agent.20577 and it’s one most definitely to be avoided at all costs.

How to Protect Against Trojan Horse Attacks

Don’t get careless; even if you have the best antivirus software that is always up to date Trojans can still attack. To prevent getting attacked by a Trojan horse before you download a file and open it. Ensure you are confident you know the source and the content of the file. You can protect yourself from Trojans by only downloading files from websites you are certain are 100% genuine.

Trojan attacks can also come from friends, via email or instant messenger, as many Trojan attacks are designed to spread automatically. If the email looks suspicious with spammy content then do not click on the attachment. If in doubt you can always ask the recipient if the attachment is genuine. You can also use antivirus software to scan the file.
 

Guest Article by Neil Camp

BitDefender, which claims to develop and market the industry’s most effective line of international certified software, has issued warnings that a particular nasty Trojan is being downloaded by people in the mistaken belief that it is an application which will unlock their iPhone.

iPhone owners are receiving emails that contain a link which leads to a download which claims will open and run a new version of an iPhone unlocking application. And this application, falsely claims the hackers, will undo the vendor instigated network restrictions.

Those unfortunate enough to get taken in and click the link, are sent to a web page which then tells them how to download the malware laden application. And BitDefender has named the Trojan within the application as Trojan.BAT.AACL.

Mihai Andrei Livadaru, a BitDefender virus researcher, said:
“After being urged to connect their iPhone to a PC, the victims are then instructed to download the application and run it on the iPhone. However, once installed the executable file causes a Trojan virus to be infected in the PC.”

The Trojan.BAT.AACL is malware code that arrives as a Windows batch file which sits alongside the unlocking application for the iPhone.

Once the Trojan is downloaded, it begins its insidious work to change the preferred DNS server address on the violated computer. This might involve several possible connections and the server address is changed to 188.210.[REMOVED].

Once this has taken place, the user’s computer is effectively in the hands of the hackers. And once the server address has been changed, it means that the creator of the malware programme can literally monitor the users’ attempts to reach the websites in question, and rather than allowing them to connect, redirect them to other websites. These other websites of course will facilitate the insertion of other malware code, or allow the perpetrator to steal vital bits of information including username and passwords.

So, as always, beware of emails promising gifts – they mostly deliver a whole lot more and none of it fun.

If you receive an email with a nasty Trojan such as the fake iPhone unblocker you do not need to worry if you have your computer sufficiently protected with antivirus software. If your computer does not have an antivirus program installed, then you will continue to experience difficulties and are placing yourself in financial danger. This is because the hackers who have infected your system are trying to get hold of your personal information which could lead them to gaining access to your online banking account.

Guest Article by Neil Camp

Taking spot in BitDefender’s monthly hall of shame is the malware Trojan.AutorunInf.Gen.

BitDefender, a company which produces anti-malware security solutions, produces a monthly e-threat report in which it lists the latest malware baddies.

And top throughout February was the Trojan.AutorunInf.Gen which is what’s known as a generic mechanism which uses removable devices – including external hard-disks, memory cards and flash drives – to spread malware between devices.

Removable devices are the theme of BitDefender’s February e-report and they warn against the ease by which these handy aids can be compromised. Indeed, say BitDefender, they are responsible for around 9% of global infections.

Catalin Cosoi, BitDefender’s senior researcher, said:
“External devices should be scanned on a regular basis. This safe practice should be used especially when these devices have been plugged into library computers, copy shops, and other public locations that are known to be likely sources of infection.”

Conficker, or Kido, or to give its correct title, Win32.Worm.Downadup.Gen, is proving very resilient, appearing regularly in the nasties line-up.

Catalin Cosoi, BitDefender’s senior researcher, added:
“The continuous presence of Win32.Worm.Downadup.Gen — also known as Conficker or Kido — in our monthly e-threat lists proves most users are reluctant to update their operating system and locally-installed antimalware solution, in addition to installing the security fixes issued by Microsoft more than a year ago. Newer variants of the worm also install rogue antivirus applications, amongst others.”

Coming third and fourth in the list is to gain access to a computer via manipulated PDF files and various vulnerabilities found in the Adobe PDF Reader JavaScript engine. Once they have compromised a computer, malicious code is then executed from the ‘dirty’ machine.

The complete list is made up of:

1. Trojan.AutorunINF.Gen 9.09
2. Win32.Worm.Downadup.Gen 6.24
3. Exploit.PDF-JS.Gen 5.13
4. Exploit.PDF-Payload.Gen 4.21
5. Trojan.Wimad.Gen.1 3.37
6. Win32.Sality.OG 2.77
7. Trojan.Autorun.AET 1.92
8. Worm.Autorun.VHG 1.85
9. Exploit.Comele.A 1.48
10. Trojan.SWF.HeapSpray.B 1.40

BitDefender was particularly keen to highlight the invidious threat called Trojan.Wimad.Gen.1, sitting at number five. This is one Trojan that likes to hide in favourite downloadable television series and movies.

Guest Article by Neil Camp

Trojans dominated the top ten e–threats for September according to a top security software company.

BitDefender, creator of one of the industry’s fastest and most effective lines of internationally certified security software, produce a table of malware that represents the biggest threat on a month to month basis.

And in number one spot for September is the Trojan.Clicker.CM. The reason for this, ponder BitDefender, may be due to Tojan.Clicker’s popularity as a weapon of choice amongst purveyors of "warez." This a term used by malware developers to describe compromised software.

In second place is Trojan.AutorunINF.Gen and this is a generic detection for Trojans that use Autorun. Number three spot in this line-up of nasties goes to the Trojan.Wimad.Gen.1.

The infamous Conficker is never far away from any malware list and in this particular chart it occupies the fourth slot. BitDefender labels Conficker, in all its various guises, as Win32.Worm.Downadup.Gen.

At number five is an exploit which uses a vulnerability in the way some versions of the Adobe PDF reader parse embedded JavaScript is gaining popularity again. Exploit.PDF-JS.Gen is one to be careful of.

Trojan.Exploit.JS.Y slots into the number six position. It’s a malicious piece of JavaScript, usually found on compromised or malicious websites.

In the number seven spot, down from number five, and a long-time star of the BitDefender’s Top 10 E-Threat is Win32.Sality.OG. It’s an encrypted, polymorphic file infector and appears set for a very long cybercrime "career".

In the eight and nine slots are two threats which use the Autorun security loophole found in older versions of Windows. BitDefender point out that the lower-spreading of the two threats is actually a downloader component used to spread the ever-present Conficker, or Kido worm (aka Downadup).

Bringing up the rear in tenth is Trojan.Skintrim.HTML.A, a type of HTML page usually found associated with adware programs such as Navipromo.

BitDefender’s September 2009 Top 10 E-Threat list is made up of:

1. Trojan.Clicker.CM 10.98%
2. Trojan.AutorunINF.Gen 9.58%
3. Trojan.Wimad.Gen.1 5.52%
4. Win32.Worm.Downadup.Gen 4.68%
5. Exploit.PDF-JS.Gen 4.09%
6. Trojan.Exploit.JS.Y 3.44%
7. Win32.Sality.OG 2.75%
8. Trojan.Autorun.AET 2.27%
9. Worm.Autorun.VHG 1.78%
10. Trojan.Skintrim.HTML.A 1.49%
11. Others 53.41%

Guest Article by Neil Camp

A new virus is in town and this time it’s got a specific target: online banking customers. Known as the Clampi virus, it represents a major threat to those that bank via the internet.

The Clampi virus is whats known as a Trojan, mainly because of its ability to secretly penetrate a computer, wait patiently until needed, then report bank to its creator, or indeed, take instructions from its creator.

And the cyber criminals behind the Clampi virus have on objective in mind: to steal personal details from a computer.

It is spreading rapidly through the US and UK, infecting computers and then waiting until the time is right to strike. When the user of the computer logs into their bank account for example, the Clampi virus makes a note of the username, password and other pertinent details, which are then sent back to the hackers.

These details are then used by the hackers to enter financial sites and either transfer money, change account details, or set-up frauds.

It is believed that people behind the Clampi virus monitor in the region of 5,000 financial websites and amongst these are most of the UK high street banks. But it’s not just banks; sites run by mortgage lenders, online casinos, shopping operations and email providers are also targeted.

In the US the Clampi virus has already been responsible for thefts of thousands of dollars and its been reported that many schools and businesses have been affected.

The Clampi virus is not new, having been around since 2005, but computer security experts think that this is a new, more virulent strain and poses a major threat to online banking. And they believe it attacks in waves, the UK banks being a major target.

They are unsure as to the true extent of the damage caused in the UK, especially given the covert nature of Clampi’s operation, but think that over 1,000 computers have already been affected. And those running Microsoft Windows operating systems seem to be more vulnerable than most.

And the computer security experts are warning again that people should remain vigilant at all times, reiterating the fact the such viruses are usually distributed embedded in emails, website downloads and instant messages, as attachments and links. They urge anyone not to open links, or attachments, from sources they cannot trust.

What’s more, they remind computer users that they should never send emails, or surf the web, without an up-to-date anti-virus software application on their machines.

Guest Article by Neil Camp

Proof that porn sites are often used to infect unwary surfers has been reinforced again with news that a new virus attack aimed at MAC users, as well as Windows operating systems.

Visitors to a certain porn site are invited to install an ActiveX object to be able to watch a video. What they actually download though is a Trojan computer virus. It’s called OSX/Jahlavc and once installed, can be a difficult pest to get rid of.

Another porn site has been identified as downloading malware which targets both PCs and MACs. It’s believed to be a new version of the MAC operating system X Tored worm and those infected get redirected to a page called pagemac.php page, which then downloads a QuickTime.dmg file.

Computer security experts are again warning that porn sights often harbour a whole range of virus nasties and that hackers are getting increasingly clever in getting unsuspecting users to download all manner of malicious code. And they are starting to use techniques used on social networking sites to good effect.

Guest Article by Neil Camp

Seattle based software giant Microsoft has reportedly developed an antivirus programme that it will give away free, alarming certain computer security experts that it will fall short of a number of key features and expose users to attacks.

Believed to be called Morro, the software will initially only take on viruses, and not offer such additional features as parental controls for surfing.

The irony is of course, that many virus attacks come about because of holes (‘bugs’) in such operating systems as Microsoft’s Windows, hence the need for constant patching (in the form of Service Packs) after the release of the product.

This will be Microsoft’s second foray into the highly competitive world of computer security. Its first, called the Windows Live OneCare, made little impression on the overall market for sophisticated security products. It is thought that Live OneCare will be dropped once Morro is ready for release (a Beta version will come first).

Morro has been created to tackle viruses in the shape of spyware, rootkits and trojans.

But, as many computer security experts fear, this is not enough to counter attacks from modern day hackers who employ a whole raft of viruses and techniques in order to attack people’s computers. The danger many feel is that many computer users will be lulled into a false sense of security by using such a package as Morro. And they will eventually discover that they need a more sophisticated programme in order to keep them safe from viruses.

Guest Article by Neil Camp

Computers in the National Health Service (NHS) have been hit by 8,000 viruses in the last year alone.

More4News instigated A Freedom of Information investigation which discovered the extent of the virus attacks which have included all sorts of malicious code including worms, Trojans and spyware. This has in some cases caused havoc within some departments of the NHS, causing postponed appointments, diverted ambulances and staff being locked out of their computers.

Apart from the widespread inconvenience, this has caused one department to suffer a three-week back-log of appointments.

One virus was caused Mytob and was a worm which caused chaos throughout London hospitals in November, 2008. Mytob quickly infiltrated networks and computers and simply overloaded systems.

But far from indicating a complete failure of the NHS computer systems, security experts say that it comes down to NHS IT staff not updating their systems properly. In other words, most of the virus attacks could have been prevented with effective IT management.

And for those that are concerned that such a lack of security might mean that their personal records might one day appear on the internet for all to see, the NHS point out that electronic records are protected by the highest levels of security.

After suffering 8,000 virus attacks in on year, that might be hard for many to believe.

Guest Article by Neil Camp