Entries with tag malicious software.

Opera Says Network Attack Lets Hackers Certify Malware

Browser maker Opera Software says an attack on its internal network took advantage of its update service and led to the theft of at least one old and expired code-signing certificate that hackers used to sign malware, making it look legitimate to victims and thus safe to use. This has allowed them to distribute malicious software that incorrectly appears to have been published by Opera Software or appears to be the Opera browser, Opera stated. The company released no other details. Because of the scheme, any Windows user who downloaded the malware thinking it was the Opera browser and tried to install the browser on 19 June 2013 may have installed the malicious software instead. This is an example of how hackers are increasingly focusing attacks on software firms’ internal networks -- which allows them to have the ability sign files and to escalate their own privileges in order to move more freely within the network --  rather than individual users, according to security experts. (SlashDot)(Security Week)(The Opera Security Group)

New Malware Spreads Via Virtual Machines

New malicious software that infects four different computer platforms may be the first malware to use virtual machines (VMs) to spread. The rootkit, known as Crisis or Morcut, reportedly works with social engineering. A user is persuaded to install a file that purports to be an Adobe Flash Player installer but which actually infects the machine. The malware looks for a VMware virtual machine and copies itself to the VM image, also known as a VM appliance. Symantec security researchers note that the vulnerability is not in the software, but rather Crisis “takes advantage of an attribute of all virtualization software: namely that the virtual machine is simply a file or series of files on the disk of the host machine. These files can usually be directly manipulated or mounted, even when the virtual machine is not running.” They also say the malware can spread to systems using Windows, Windows Mobile, Mac OSX, or VMware VMs. The malware recordsSkype conversations, monitors instant-messaging programs, and tracks websites that users visit via Firefox or Safari browsers. So far, Symantec said, the malware has infected less than 50 machines. (PhysOrg)(ZDNet)(Symantec)

Showing 2 results.