Feeds

Articles about Trojans

Monty Python's singing Vikings

Oi, bank manager. Only you've got my email address - where're these TROJANS coming from?

Santander customers are continuing to complain about receiving trojans and other junk to email addresses exclusively used with the bank. The reports began last month, prompting promises of an investigation by Santander. It's still unclear whether email addresses leaked from the bank or one of its affiliates. Independent experts …
John Leyden, 19 Dec 2013
The Register breaking news

Frenchie bean-counters sweet-talked into slipping on Trojans

Crooks hoping to empty company bank accounts are calling up the firms' bean-counters to chase invoices packed with hidden malware. Finance staff are tricked into opening the booby-trapped messages in phone calls from con men, who claim to have emailed in legit paperwork that needs urgent attention. The documents instead include …
John Leyden, 14 May 2013
The Register breaking news

Israeli cops penetrated by army of fake generals with trojans

Israeli police departments were pulled offline last Thursday following the discovery of a Trojan especially targeted at law enforcement networks in the Jewish state. The malware was distributed using spammed messages, spoofed so that they appeared to come from the head of the Israel Defense Forces, Benny Gantz. The malicious …
John Leyden, 30 Oct 2012
The Register breaking news

Wave of Trojans breaks over Android

Fraudsters have cranked up production of malware targeting Android devices with with a rash of Trojans, many of which apply tricks long used against Windows PCs. F-Secure reports that a rogue developer has modified a harmless app that displays pictures of bikini-clad babes into a tool that secretly establishes a rudimentary …
John Leyden, 01 Jun 2011
The Register breaking news

Trojans target pro-Tibet organisations

Security experts are warning of yet another targeted malware campaign using socially engineered emails to infiltrate pro-Tibet organisations in a bid to covertly nab sensitive files. Trend Micro threat research manager Ivan Macalintal explained in a blog post that the attacks are linked to the same command and control server …
Phil Muncaster, 11 Apr 2012
The Moon

German space centre endures cyber attack

Germany’s space research centre in Cologne has been the victim of a co-ordinated and covert targeted attack carried out by state-sponsored hackers, according to a Der Spiegel report. The paper's report says that last Sunday the German Aerospace Centre (DLR) contacted the National Cyber Defence Centre in Bonn after it found …
Phil Muncaster, 15 Apr 2014
An alternative Yahoo! logo, courtesy of a Flickr user

Malware! tainted! ads! infect! thousands! of! Yahoo! users!

Thousands of Yahoo! users have been exposed to malware through malicious advertisements over the past few days, according to research by Dutch security firm Fox-IT. Malware-tainted ads served from ads.yahoo.com were shown to victims in Romania, Great Britain and France, infecting tens of thousands every hour. The first infection …
John Leyden, 06 Jan 2014
The Register breaking news

Biz urged to blast DNSChanger Trojans before safety net comes down

Half of all Fortune 500 companies still contain computers infected with the DNSChanger Trojan, weeks after a FBI-led takedown operations targeting the botnet's command-and-control infrastructure. DNSChanger changed an infected system's domain name system (DNS) resolution settings to point towards rogue servers that redirected …
John Leyden, 03 Feb 2012

NBN Co hoses down 'scary Russian crackers' report

NBN Co, the company building Australia's National Broadband Network, has found itself having to refute reports in the finance press that its networks had been “penetrated” by “cyber gangs”. While attacks and scans are the lot of any and every network administrator, the company says the reported Trojan infections never got past a …

Google teaches Chrome Canary to sing when it sniffs dodgy downloads

Google has equipped its experimental "Canary" distribution of the Chrome web browser with a malware-spotting capability to protect users from malicious downloads. The security upgrade was announced by Google on Thursday and means the browser will scan downloaded executable files for the presence of viruses and Trojans, and …
Jack Clark, 01 Nov 2013
The Register breaking news

Trojans likely to follow Win 7 activation hack

Trojan attacks are likely in the wake of the Windows 7 product activation system cracks developed last week, less than a month after the release of Microsoft's latest operating system. The RemoveWAT (and the similar ChewWGA) utility allow a prospective Windows 7 user to bypass the Windows Genuine Advantage registration procedure …
John Leyden, 17 Nov 2009
Targeted Spam

Spam drops as legit biz dumps mass email ads: Only the dodgy remain

Spam email was down in volume last year, but junk mail messages still comprise two in three items of electronic communication sent over the interwebs. Kaspersky Lab reports the portion of spam in email flows was as high as 69.6 per cent in 2013 – which is 2.5 percentage points lower than 2012. The biggest sources of spam were …
John Leyden, 24 Jan 2014
Iphone_hard_case

Put down that iPad! Snoopware RECORDS your EVERY gesture, TAP on iOS, Android

A security researcher has developed a proof-of-concept malware capable of capturing the actions of users on touchscreen devices. Senior security consultant Neal Hindocha and his colleagues at Trustwave were able to brew up similar strains of prototype malicious code for both rooted Android and jailbroken iOS devices. The line of …
John Leyden, 05 Feb 2014

Scared yet, web devs? Google smears malware warnings over PHP.net

Google's Safe Browsing technology is blocking access to PHP.net as a precaution, after apparently detecting that some of its pages were booby-trapped with links to malicious software. The move put warning blocks in the way of accessing a site that's widely used by web developers. Google didn't specify the types of Trojans …
John Leyden, 24 Oct 2013

Ethiopian journos hit by Hacking Team spyware, say infosec bods

Ethiopian journalists in the US were targeted by malware sold exclusively to governments by the Hacking Team company, according to security researchers. Staffers at Ethiopian Satellite Television Service (ESAT), an independent TV, radio, and online news outlet run by Ethiopian ex-pats, was targeted repeatedly by spyware in late …
John Leyden, 13 Feb 2014

China's mobile underground revealed in new report

China plays host to a vast and highly sophisticated “mobile underground” where cyber criminals can buy the tools to launch attacks for as little as 100 yuan (£9.70), according to a new report from security vendor Trend Micro. The Mobile Cybercriminal Underground Market in China is the firm's follow up to two separate reports on …
Phil Muncaster, 04 Mar 2014

Your browser may be up to date: But what about the PLUGINS?

Two in five (39 per cent) of computers submitted for testing to a free browser security test from Qualys were affected by critical vulnerabilities, mostly related to browser plug-ins. The findings, based on 1.4 million BrowserCheck computer scans, paint a picture of e-commerce buyers left wide open to attacks by cybercriminals …
John Leyden, 02 Dec 2013

When ZOMBIES go shopping: 40m Target customer breach? That's NOTHING!

Malware linked to fraud in the retail sector may be a bigger problem than even the recent revelation about the compromise of systems US retailer Target suggests. Shopping giant Target and luxury retailer Neiman Marcus both announced significant data breaches during the 2013 holiday shopping season. The Target breach at least …
John Leyden, 23 Jan 2014
NSA's Fort Meade headquarters

Does F-Secure's antivirus turn a blind eye to spook spyware? CEO hits back

Antivirus maker F-Secure has responded to privacy campaigners' concerns over the handling of spook-grade surveillance malware – by insisting its security software slays government spyware wherever it can. In an open letter to the Bits of Freedom team, F-Secure president and chief exec Christian Fredrikson said his firm stands by …
Shaun Nichols, 07 Nov 2013

IBM snaps up banking security biz Trusteer, won't say what it paid

IBM has announced a deal to acquire transaction security firm Trusteer and open a new cybersecurity lab in Israel. Financial terms of the buyout, announced Thursday, were not disclosed. Big Blue said the deal would allow it to offer improved cloud-delivered software and services to defend against advanced security threats to its …
John Leyden, 15 Aug 2013
The Register breaking news

Card-sniffing trojans target Diebold ATM software

Security researchers from Sophos have discovered sophisticated malware that siphons payment card information out of automatic teller machines made by Diebold and possibly other manufacturers. Sophos researcher Vanja Svajcer found three samples after combing through VirusTotal and a similar online database earlier this month. If …
Dan Goodin, 17 Mar 2009
The Register breaking news

Regional banking Trojans sneak past security defences

Cybercrooks have developed regionally-targeted banking Trojans that are more likely to slip under the radar of anti-virus defences. Detection rates for regional malware vary between zero and 20 per cent, according to a study by transaction security firm Trusteer. This company markets browser security add-ons to banks, which …
John Leyden, 01 Jul 2010
The Register breaking news

PrevX piles in against bank Trojans, phishing

The fight against banking Trojans and phishing attacks has stepped up a gear with the launch of a new product on Wednesday targeted at securing online transactions. PrevX SafeOnline, a client-side security software package that isolates transactions from everything else on a user's Windows PC, is designed as an added layer of …
John Leyden, 04 Nov 2009
The Register breaking news

Child abuse ransomware tweaked to tout bogus antivirus saviours

Cybercrooks have found another application for ransomware, the horrible software that locks up a PC until money is handed over: it's now being used to push fake antivirus onto victims. Reveton - a widespread piece of ransomware that infects machines, falsely accuses marks of downloading images of child abuse and demands a fine …
John Leyden, 08 Aug 2013

Poker ace's vanishing hotel laptop WAS infected by card-shark – F-Secure

A laptop apparently stolen from a top-flight poker pro's hotel room and mysteriously returned while he played in a card tournament was infected by spyware. That's according to security firm F-Secure, which today said it had analyzed the computer, owned by ace player Jens Kyllönen. The Java-written malware on the machine could …
Shaun Nichols, 11 Dec 2013
Linux mascot Tuz

Linux backdoor squirts code into SSH to keep its badness buried

Security researchers have discovered a Linux backdoor that uses a covert communication protocol to disguise its presence on compromised systems. The malware ‪was used in an attack on a large (unnamed) hosting provider ‬back in May. It cleverly attempted to avoid setting off any alarm bells by injecting its own communications …
John Leyden, 15 Nov 2013
The Register breaking news

Computer forensics tool for banks aims to trace Trojans

Transaction security firm Trusteer has launched a remote forensics service designed to allow banks to diagnose if a client's PC has been infected with malware following incidents of suspected fraud. The Flashlight service is designed to allow strains of malware to be quickly identified without having to physically examine a …
John Leyden, 16 Mar 2010
Q and Bond, Skyfall

JUST LIKE US: Hackers who work for gov seem almost... ORGANISED

State-sponsored hackers are looking less like traditional hacking crews and more like military units as they share infrastructure and adopt strict hierarchies, according to new research. Infosec firm FireEye has identified links between 11 APT campaigns, including use of the same malware tools, shared code, binaries with the …
John Leyden, 14 Nov 2013

ZeuS KICKS that SaaS: Trojan raids Salesforce.com accounts

Miscreants have forged a variant of the infamous ZeuS banking Trojan that targets enterprise data held by clients of CRM giant Salesforce.com. The ZeuS variant does not exploit a vulnerability in the Salesforce.com platform itself but rather penetrates the insecure devices of corporate workers accessing Salesforce.com. The …
John Leyden, 26 Feb 2014
Targeted Spam

ICO decides against probe of Santander email spam scammers

Santander customers say they are continuing to be deluged with Trojans and other junk to email addresses exclusively used with the bank months after the problem first surfaced back in November. At least two Reg readers have put in complaints to the Information Commissioner's Office. But the data privacy watchdog told us that it …
John Leyden, 21 Mar 2014

Ex-Google, Mozilla bods to outwit EVIL BOTS with 'polymorphic' defence

Startup Shape Security is re-appropriating a favourite tactic of malware writers in developing a technology to protect websites against automated hacking attacks. Trojan authors commonly obfuscate their code to frustrate reverse engineers at security firms. The former staffers from Google, VMWare and Mozilla (among others) have …
John Leyden, 21 Jan 2014

Darknet: It's not just for DRUGS. Ninja Banking Trojan uses it too

Russian-speaking virus writers have brewed up a stealthy strain of banking Trojan that communicates over peer-to-peer networks using an encrypted darknet protocol that's arguably even stealthier than TOR: I2P. The i2Ninja malware offers a similar set of capabilities to other major financial malware such as ZeuS and SpyEye – …
John Leyden, 21 Nov 2013
Roaring lynx

Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks

Security researchers have linked the “Hackers for hire” Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009. Hidden Lynx is a sophisticated hacking group based in China and …
John Leyden, 17 Sep 2013
The Register breaking news

Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000

Cybercrooks have put on sale a new professional-grade Trojan toolkit called KINS that will pose plenty of problems for banks and their customers in the months and years ahead. KINS promises the ease of use of bank-account-raiding software nasty ZeuS combined with the technical support offered by the team behind Citadel (which …
John Leyden, 25 Jul 2013
The Register breaking news

Banking Trojans double as scareware runs wild

The prevalence of scareware packages has reached epidemic proportions, with 485,000 different samples detected in the first half of 2009 alone. The figure is more than five times the combined figure for the whole of 2008, according to statistics from the Anti-Phishing Working Group (APWG). The huge figures are explained by the …
John Leyden, 02 Oct 2009
The Register breaking news

Data-sniffing trojans burrow into Eastern European ATMs

Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months. The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the …
Dan Goodin, 03 Jun 2009

Spies and crooks RAVAGE Microsoft's unpatched 0-day HOLE

Both cybercrooks and cyberspies have seized on a recently discovered and as-yet-unpatched Microsoft vulnerability to run attacks. Hackers have seized on the zero-day vulnerability, starring a buggy Microsoft graphics component, to run attacks featuring malicious Word documents. Microsoft issued a temporary workaround last week …
John Leyden, 08 Nov 2013

Trojans besiege online gamers

Online games have become a major target for fraud in recent years. A study from Kaspersky Labs, published today, dissects the techniques and targets used by hackers to make "easy money" by selling stolen login credentials of users or in-game items on the black market. Online games and fraud: using games as bait by Sergey …
John Leyden, 11 Sep 2007

Android malware spotted hitching a ride on mobile botnet

Kaspersky Lab has reported the first sighting of mobile malware (Android, of course) that piggybacks on the back of a separate mobile botnet and uses the resources of other malware once it's installed. "For the first time malware is being distributed using botnets that were created using completely different mobile malware," …
Iain Thomson, 06 Sep 2013
The Register breaking news

Malware-flinging Winnti crew has been RIPPING OFF gaming firms for YEARS

Security researchers have discovered an active cyber-crime campaign that targets online gaming companies worldwide. According to Kaspersky Lab, the Winnti crew has been attacking companies in the online gaming industry since 2009, stealing digital certificates signed by legitimate software vendors in addition to intellectual …
John Leyden, 11 Apr 2013
The Register breaking news

'Chinese hack' scoops plan to Oz spook HQ

Australia is in the grip of a hacking scare, with its national broadcaster airing claims that Chinese attackers obtained copies of the plans for its new spooks' headquarters. According to the Australian Broadcasting Corporation's Four Corners program, copies of plans for the Australian Security Intelligence Organisation's new …
Screengrab of a New York Times article about Syria, that appears to illustrate the story with a stil from a Game

Syrian Electronic Army no longer just Twitter feed jackers... and that's bad news

The Syrian Electronic Army is starting to pose a serious risk to enemies of the Assad regime in both Syria and further afield, according to security watchers. Reports that the SEA managed to take over three personal email accounts of White House employees remain unconfirmed. However, recent worrying attacks on VoIP apps Viber …
John Leyden, 01 Aug 2013
balaclava_thief_burglar

Stolen CREDIT CARD details? Nah... crooks desire your PRIVATES

Prices on underground cybercrime marketplaces are dropping, with credit card details now in less demand than the personal data of individuals, according to a new study. And even personal details and bank account credentials are getting cheaper to buy on underground hacker markets, according to a study by Dell SecureWorks’ …
John Leyden, 22 Nov 2013

Easily picked CD-ROM drive locks let Mexican banditos nick ATM cash

Lax security at Mexican banks has allowed cybercriminals to put their own malware-ridden CDs into ATM machines in order to gain control of the easily-compromised cash machines. The Ploutus malware was installed after "criminals acquired access to the ATM’s CD-ROM drive and inserted a new boot CD into it". The ruse was possible …
John Leyden, 11 Oct 2013

Hackers just POURING through unpatched Internet Explorer zero-day hole

An as-yet-unpatched zero-day vulnerability affecting Internet Explorer is being abused much more widely than analysts had previously suspected. The vulnerability first came to public attention last week with the Operation DeputyDog attacks against targets in Japan, as first reported by net security firm FireEye. Websense, …
John Leyden, 01 Oct 2013
channel

Trojans are the New Model Army

Amateur virus writers are going the way of amateur athletes, morris dancing and the May Pole, according to a survey by Panda Software. Seventy per cent of malware detected by the developer’s scanning service in the first quarter had a cybercrime or financial motive. Forty per cent of malware detected was spyware, the firm said …
Team Register, 08 May 2006

Beware the ad-punting crapware-laden Firefox, warn infosec bods

Internet users looking for a US Green Card are at risk of being conned by a fake advert into installing an adware-laden version of Firefox, security researchers have warned. The ruse was spotted over the weekend after it began appearing in online ads peddling supposed US Green Card lotteries. Regardless of what make or version …
John Leyden, 13 Aug 2013
The Register breaking news

Sneaky new Android Trojan is WORST yet discovered

Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified. In a post to Kaspersky Lab's Securelist blog, security expert Roman Unuchek describes the malicious program, dubbed Backdoor.AndroidOS.Obad.a or "Obad" for short, as being …
Neil McAllister, 07 Jun 2013
Greg Chamitoff in the ISS's Destiny lab

The TRUTH about mystery Trojan found in SPAAACE

The mystery malware inadvertently brought into space by scientists which then infected the International Space Station has been identified as a gaming Trojan. The historical infection actually happened five years ago in 2008 but was propelled back into the news again last week as the result of a recent speech by Eugene Kaspersky …
John Leyden, 13 Nov 2013

TomTom includes Trojans with satnav device

A small number of satellite navigation devices manufactured last year by TomTom were shipped containing malware, the company confirmed in a terse statement that raised more questions - and user ire - than answers. An "isolated, small number" of TomTom's GO 910 models produced in September and November may be infected with a …
Dan Goodin, 29 Jan 2007