Feeds

Articles about Trojans

The Register breaking news

Banking Trojans double as scareware runs wild

The prevalence of scareware packages has reached epidemic proportions, with 485,000 different samples detected in the first half of 2009 alone. The figure is more than five times the combined figure for the whole of 2008, according to statistics from the Anti-Phishing Working Group (APWG). The huge figures are explained by the …
John Leyden, 02 Oct 2009
Linux mascot Tuz

Linux backdoor squirts code into SSH to keep its badness buried

Security researchers have discovered a Linux backdoor that uses a covert communication protocol to disguise its presence on compromised systems. The malware ‪was used in an attack on a large (unnamed) hosting provider ‬back in May. It cleverly attempted to avoid setting off any alarm bells by injecting its own communications …
John Leyden, 15 Nov 2013

Poker ace's vanishing hotel laptop WAS infected by card-shark – F-Secure

A laptop apparently stolen from a top-flight poker pro's hotel room and mysteriously returned while he played in a card tournament was infected by spyware. That's according to security firm F-Secure, which today said it had analyzed the computer, owned by ace player Jens Kyllönen. The Java-written malware on the machine could …
Shaun Nichols, 11 Dec 2013
Q and Bond, Skyfall

JUST LIKE US: Hackers who work for gov seem almost... ORGANISED

State-sponsored hackers are looking less like traditional hacking crews and more like military units as they share infrastructure and adopt strict hierarchies, according to new research. Infosec firm FireEye has identified links between 11 APT campaigns, including use of the same malware tools, shared code, binaries with the …
John Leyden, 14 Nov 2013
channel

Trojans are the New Model Army

Amateur virus writers are going the way of amateur athletes, morris dancing and the May Pole, according to a survey by Panda Software. Seventy per cent of malware detected by the developer’s scanning service in the first quarter had a cybercrime or financial motive. Forty per cent of malware detected was spyware, the firm said …
Team Register, 08 May 2006

ZeuS KICKS that SaaS: Trojan raids Salesforce.com accounts

Miscreants have forged a variant of the infamous ZeuS banking Trojan that targets enterprise data held by clients of CRM giant Salesforce.com. The ZeuS variant does not exploit a vulnerability in the Salesforce.com platform itself but rather penetrates the insecure devices of corporate workers accessing Salesforce.com. The …
John Leyden, 26 Feb 2014

Got your NUDE SELFIES in the cloud? Two-factor auth's your best bet for securing them

Bill Gates in 2004 predicted the death of the password over time. “They just don’t meet the challenge for anything you really want to secure,” Gates said. Ten years on, passwords haven’t gone anywhere and as the recent nude-celeb-pics-on-iCloud proved, the medium is still not up to muster yet is in widespread use in scenarios …
Stuart Burns, 16 Sep 2014

Ex-Google, Mozilla bods to outwit EVIL BOTS with 'polymorphic' defence

Startup Shape Security is re-appropriating a favourite tactic of malware writers in developing a technology to protect websites against automated hacking attacks. Trojan authors commonly obfuscate their code to frustrate reverse engineers at security firms. The former staffers from Google, VMWare and Mozilla (among others) have …
John Leyden, 21 Jan 2014
Windows XP

Cyber crims smash through Windows into the great beyond

Windows has been a beleaguered piece of software over the years. That is because malicious hackers, like everyone else, want to walk the simplest path to the greatest glory. Microsoft’s operating system has been the most popular one for the past 20 years, so it has attracted the most malware. One IT professional told The …
Tom Brewster, 29 May 2014
Targeted Spam

ICO decides against probe of Santander email spam scammers

Santander customers say they are continuing to be deluged with Trojans and other junk to email addresses exclusively used with the bank months after the problem first surfaced back in November. At least two Reg readers have put in complaints to the Information Commissioner's Office. But the data privacy watchdog told us that it …
John Leyden, 21 Mar 2014

Darknet: It's not just for DRUGS. Ninja Banking Trojan uses it too

Russian-speaking virus writers have brewed up a stealthy strain of banking Trojan that communicates over peer-to-peer networks using an encrypted darknet protocol that's arguably even stealthier than TOR: I2P. The i2Ninja malware offers a similar set of capabilities to other major financial malware such as ZeuS and SpyEye – …
John Leyden, 21 Nov 2013

TomTom includes Trojans with satnav device

A small number of satellite navigation devices manufactured last year by TomTom were shipped containing malware, the company confirmed in a terse statement that raised more questions - and user ire - than answers. An "isolated, small number" of TomTom's GO 910 models produced in September and November may be infected with a …
Dan Goodin, 29 Jan 2007
arrow pointing up

Get your Mac, it's raining Trojans

Security firm Sophos has issued a call for home computer users to ditch the Windows operating system and switch to Macs for the sake of their safety online. The call came as part of a report detailing the main trends in malicious software so far this year. The main finding was that all of the top ten threats to online users …
Lucy Sherriff, 05 Jul 2006
The Register breaking news

Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000

Cybercrooks have put on sale a new professional-grade Trojan toolkit called KINS that will pose plenty of problems for banks and their customers in the months and years ahead. KINS promises the ease of use of bank-account-raiding software nasty ZeuS combined with the technical support offered by the team behind Citadel (which …
John Leyden, 25 Jul 2013
Roaring lynx

Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks

Security researchers have linked the “Hackers for hire” Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009. Hidden Lynx is a sophisticated hacking group based in China and …
John Leyden, 17 Sep 2013

Android malware spotted hitching a ride on mobile botnet

Kaspersky Lab has reported the first sighting of mobile malware (Android, of course) that piggybacks on the back of a separate mobile botnet and uses the resources of other malware once it's installed. "For the first time malware is being distributed using botnets that were created using completely different mobile malware," …
Iain Thomson, 06 Sep 2013

Spies and crooks RAVAGE Microsoft's unpatched 0-day HOLE

Both cybercrooks and cyberspies have seized on a recently discovered and as-yet-unpatched Microsoft vulnerability to run attacks. Hackers have seized on the zero-day vulnerability, starring a buggy Microsoft graphics component, to run attacks featuring malicious Word documents. Microsoft issued a temporary workaround last week …
John Leyden, 08 Nov 2013
The Register breaking news

Malware-flinging Winnti crew has been RIPPING OFF gaming firms for YEARS

Security researchers have discovered an active cyber-crime campaign that targets online gaming companies worldwide. According to Kaspersky Lab, the Winnti crew has been attacking companies in the online gaming industry since 2009, stealing digital certificates signed by legitimate software vendors in addition to intellectual …
John Leyden, 11 Apr 2013
The Register breaking news

'Chinese hack' scoops plan to Oz spook HQ

Australia is in the grip of a hacking scare, with its national broadcaster airing claims that Chinese attackers obtained copies of the plans for its new spooks' headquarters. According to the Australian Broadcasting Corporation's Four Corners program, copies of plans for the Australian Security Intelligence Organisation's new …
bug on keyboard

Remember Anna Kournikova? Come with us on a tour of bug-squishing history

Brain. No, it’s not some Skynet AI drone, nor is it the blob that was always out to get the Teenage Mutant Hero Turtles. It is the name of the first PC virus, dating back to 1986. The two Pakistani brothers, Basit and Amjad Farooq Alvi, who wrote it did not have malicious intentions: they simply wanted to scare people running …
Tom Brewster, 03 Jun 2014
unhappy

Trojans fuel ID theft boom

Identity theft, both offline and online, is on the rise with keylogging Trojan software often forming the weapon of choice for would-be fraudsters, according to a new study by net security firm McAfee. McAfee reckons the number of keylogging malware packages increased 250 per cent between January 2004 and May 2006. The number …
John Leyden, 16 Jan 2007
Screengrab of a New York Times article about Syria, that appears to illustrate the story with a stil from a Game

Syrian Electronic Army no longer just Twitter feed jackers... and that's bad news

The Syrian Electronic Army is starting to pose a serious risk to enemies of the Assad regime in both Syria and further afield, according to security watchers. Reports that the SEA managed to take over three personal email accounts of White House employees remain unconfirmed. However, recent worrying attacks on VoIP apps Viber …
John Leyden, 01 Aug 2013
balaclava_thief_burglar

Stolen CREDIT CARD details? Nah... crooks desire your PRIVATES

Prices on underground cybercrime marketplaces are dropping, with credit card details now in less demand than the personal data of individuals, according to a new study. And even personal details and bank account credentials are getting cheaper to buy on underground hacker markets, according to a study by Dell SecureWorks’ …
John Leyden, 22 Nov 2013

Easily picked CD-ROM drive locks let Mexican banditos nick ATM cash

Lax security at Mexican banks has allowed cybercriminals to put their own malware-ridden CDs into ATM machines in order to gain control of the easily-compromised cash machines. The Ploutus malware was installed after "criminals acquired access to the ATM’s CD-ROM drive and inserted a new boot CD into it". The ruse was possible …
John Leyden, 11 Oct 2013

Hackers just POURING through unpatched Internet Explorer zero-day hole

An as-yet-unpatched zero-day vulnerability affecting Internet Explorer is being abused much more widely than analysts had previously suspected. The vulnerability first came to public attention last week with the Operation DeputyDog attacks against targets in Japan, as first reported by net security firm FireEye. Websense, …
John Leyden, 01 Oct 2013
The Register breaking news

Phishers use less strident subject lines to deliver new cunning attacks

The use of exploit kits is allowing phishing fraudsters to develop scams that only rely on tricking prospective marks into clicking a link, rather than submitting all their details to a bogus website. Many recent phishing runs spotted by Trend Micro have made use of the notorious Blackhole Exploit kit. The hacker favourite is …
John Leyden, 13 Jul 2012
The Register breaking news

Sneaky new Android Trojan is WORST yet discovered

Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified. In a post to Kaspersky Lab's Securelist blog, security expert Roman Unuchek describes the malicious program, dubbed Backdoor.AndroidOS.Obad.a or "Obad" for short, as being …
Neil McAllister, 07 Jun 2013

Beware the ad-punting crapware-laden Firefox, warn infosec bods

Internet users looking for a US Green Card are at risk of being conned by a fake advert into installing an adware-laden version of Firefox, security researchers have warned. The ruse was spotted over the weekend after it began appearing in online ads peddling supposed US Green Card lotteries. Regardless of what make or version …
John Leyden, 13 Aug 2013
The Register breaking news

Trojans exploit Windows DRM loophole

Virus writers have subverted digital rights management features in Windows Media Player to spread Trojans and other malware. License-protected movie (.wmv) files infected with the WmvDownloader-A or WmvDownloader-B Trojans have entered circulation on P2P networks, reports Madrid-based antivirus firm Panda Software. Normally …
John Leyden, 13 Jan 2005

Microsoft seizes Chinese dot-org to kill Nitol bot army

Microsoft has disrupted the emerging Nitol botnet - and more than 500 additional strains of malware - by taking control of a rogue dot-org website. The takedown is the latest in Microsoft's war against armies of hacker-controlled PCs. The Windows 8 giant's Operation b70 team discovered crooks were selling computers loaded with …
John Leyden, 13 Sep 2012
Greg Chamitoff in the ISS's Destiny lab

The TRUTH about mystery Trojan found in SPAAACE

The mystery malware inadvertently brought into space by scientists which then infected the International Space Station has been identified as a gaming Trojan. The historical infection actually happened five years ago in 2008 but was propelled back into the news again last week as the result of a recent speech by Eugene Kaspersky …
John Leyden, 13 Nov 2013
Facebook logo

Crims take to Facebook to flog ZeuS kits

Not content with hawking their wares in underground forums and other insalubrious parts of the darknet, criminals are now advertising their wares on Facebook, says RSA. The Facebook page in question is now unavailable, but appears to have been packed full of handy info for the budding cyber criminal, according to Limor Kessem, …
Phil Muncaster, 29 Apr 2013
The Register breaking news

Camby cash crypto-coders Cronto chomped on pronto by Vasco

Swiss software firm Vasco has bought Cambridge-based banking security specialist Cronto in a deal valued at up to £14.5m. Vasco will pay $19.3m (€15m, £12.7m), and a further $2.6m (€2m, £1.8m) depending on future earnings, to get its hands on the British upstart's malware-defeating technology. Its software attempts to shield …
John Leyden, 22 May 2013
The Register breaking news

'World's BIGGEST online fraud': Suspect's phone had 'location' switched on

Two Russians arrested over their suspected involvement in the largest online fraud in US history were tracked down by analysing photos they posted to social media sites and tracking the location of one suspect's mobile phone, Reuters reports. Four Russians and a Ukrainian national were named as suspects in a credit card hacking …
John Leyden, 29 Jul 2013
The Register breaking news

REVEALED: Cyberthug tool that BREAKS HSBC's anti-Trojan tech

Cybercrooks on an underground forum have developed a technique to bypass anti-Trojan technology from Trusteer used by financial institutions worldwide – including HSBC and Paypal – to protect depositors from cybersnoopers. Trusteer has downplayed the vulnerability and said it's in the process of rolling out beefed-up protection …
John Leyden, 06 Aug 2013
The Register breaking news

The Pirate Bay's new censorship-dodging browser 'not secure'

The Pirate Bay has released a bundle of add-ons to help people search for and access bits of the internet that governments and ISPs have locked away. The only hitch is: despite the fact that it contains a Tor client, security experts have said that it doesn't completely anonymise internet traffic. This has raised concerns about …
Jasper Hamill, 12 Aug 2013
The Register breaking news

5 Tokyo devs cuffed over 'The Movie' Android app scam

Japanese cops have arrested five developers accused of planting malware in smartphone applications. A video app for Android phones created by the group allegedly harvested information from 90,000 smartphones. Details in early reports are sketchy but thehackernews.com reports that the apps were marketed to customers by adding the …
John Leyden, 01 Nov 2012
The Register breaking news

Patch often: Cyber-crim toolkits love stinky old gaping holes

More than two in three exploits kits that attempt to inject malware into web surfers' computers were developed in Russia - and at least one in two exploit rather old vulnerabilities. Blackhole 2.0 is the most often used hacking toolkit - installed on websites to attack and take over visitors' computers - but it targets fewer …
John Leyden, 28 Jan 2013
Licensed under creative commons (Kafa4Prez) http://creativecommons.org/licenses/by-sa/2.0/deed.en

'Hand of Thief' banking Trojan reaches for Linux – for only $2K

Cybercrooks have created a banking Trojan that targets Linux users, which is been touted for sale on underground cybercrime forums for just $2,000 a pop. The "Hand of Thief" malware is a rare example of malicious code written especially to target the open-source operating system. The digital nasty includes form-grabbers for HTTP …
John Leyden, 08 Aug 2013
The Register breaking news

Earn £8,000 a MONTH with bogus apps from Russian malware factories

Just 10 professionally run malware-making workshops in Russia are responsible for 30 per cent of the Trojans, spyware and other nasties infecting smartphones globally. That's according to a study by mobile security outfit Lookout. These underground crime labs churn out DIY kits ideal for scriptkiddies looking to make a fast buck …
John Leyden, 05 Aug 2013
The NSA Unchained

NSA tactics no better than a CYBERCRIME GANG, says infosec'er

The NSA operates like a state-sponsored cybercrime gang using much the same tools and techniques as miscreants slinging banking trojans, one cynic has suggested. Anyone following the Snowden revelations knows by now that the NSA uses exploits and malware to spy on the online activities of targets, but ponytailed infosec expert …
John Leyden, 11 Oct 2013
The Register breaking news

Trying to kill undead Pushdo zombies? Hard luck, Trojan is EVOLVING

The crooks behind the Pushdo botnet agent have developed variants of the malware that are more resistant to take-down attempts or hijacking by rival hackers. Dell SecureWorks and Damballa warned (PDF) on Wednesday that the latest variant of Pushdo comes packed with a fallback mechanism for cases where zombie clients are unable …
John Leyden, 17 May 2013
The Register breaking news

Adobe Reader 0-day exploit surfaces on underground bazaars

Miscreants have reportedly discovered a zero-day vulnerability in latest version of Adobe Reader. Exploits based on the vulnerability, which circumvents sandbox protection technology incorporated into Adobe X and Adobe XI, are on sale in underground forums. Pricing starts at a hefty $30,000 but the exploit has already made its …
John Leyden, 08 Nov 2012
The Register breaking news

New Google Play terms ban non-store app updates

Google has amended the policies of its Play app store for Android to prohibit third-party app update mechanisms, in a move seemingly designed to put the kibosh on a contentious feature being tested by Facebook. As of Friday, the "Dangerous Products" section of the Chocolate Factory's Google Play Developer Program Policies - …
Neil McAllister, 26 Apr 2013
The Register breaking news

Android Trojan distracts Japanese with anime and porn

Security experts are warning of yet more malicious applications found on Google’s official online apps market Play, this time designed to steal personal data in the background while promising to show trailers for Japanese anime, video games and porn. McAfee malware researcher Carlos Castillo explained in a blog post that the new …
Phil Muncaster, 16 Apr 2012
Smartphone user on Tube

Don’t let mobile malware steal your company data

The mobile malware landscape is changing. Standardisation might be a good thing for building ecosystems and making phones more useful, but the emergence of Android and iOS as leaders in the operating-system wars makes life easier for those who would target the data on your corporate devices. It also means there is more to steal …
Simon Rockman, 16 Oct 2013
The Register breaking news

Trojans as spam robots: the evidence

German magazine c't says it has evidence that virus writers are selling the IP addresses of PCs infected with Trojans to spammers. Spammers use these infected systems to unlawfully distribute commercial email messages, without the knowledge of their owners. The Trojan involved was spread by a virus called Randex. This small …
Jan Libbenga, 22 Feb 2004
The Register breaking news

2 in 3 Android anti-malware scanners not up to the job

Two-thirds of Android anti-malware scanners failed to protect against a range of malware in independent tests. AV-Test put 41 different virus scanners for Android through their paces. Almost two-thirds of these scanners are not yet suitable for use as reliable products, identifying less than 65 per cent of the 618 types of …
John Leyden, 07 Mar 2012
The Register breaking news

RAT-flingers target human right activists in watering-hole attack

The Reporters without Borders website was compromised on Tuesday to run a watering-hole attack. Researchers speculated that the attackers were likely targeting the human rights activists who visit the NGO's online address. So-called watering hole attacks are named for the passive technique of injecting malicious code where its …
John Leyden, 24 Jan 2013
The Register breaking news

SourceForge pulls off fake, 'Trojan-wrapped' Anonymous OS tool

Prominent members of Anonymous have said that a open-source distro bearing the hacktivist group's moniker is nothing to do with them and is likely to be riddled with Trojans. Anonymous OS Live – supposedly an Ubuntu-based OS, which advertises itself as being pre-loaded with various hacking tools and utilities (Tor, John the …
John Leyden, 16 Mar 2012