Mac OS and Malware Issues

Leave a comment

Two new Mac OS malware variants have been discovered as soon as the FlashBack Trojan issue is staring to decline. Discovered by Kaspersky, they are versions of SabPub – an information-stealing Trojan.

Mac OS is starting to get it’s own share of malware attacks now that it has grabbed a big marketshare. But still, Apple continues the won’t-get-infected-by-virus  proposition about the OS. And this is one of the features that PC consumers are anticipating everytime they buy these machines/devices. And that they’re safe from malwares without anything to be done.

Yes it won't get infected by Windows-based viruses.

It’s misleading. Macs won’t really get infected by malwares/viruses that are Windows-based. But they may get infected by those that are made for Macs. Even if those malwares attack third-party softwares (Java, Flash, etc.), it’s just inevitable to install them because they are part of everyday browsing and other computer tasks. Once they’re infected, Mac users would also be exposed to what their Windows counterparts are experiencing, e.g. stolen credentials and the like.

Apple should start educating its consumers about computer security on Macs. There’s nothing wrong on telling your users to install an anti-virus or that they should be extra careful when browsing the web. They should stop this misleading information about a virus-free Mac OS.

Enigma’s Conficker Removal Tool

Leave a comment

The Conficker worm, also known as Kido and Downadup, is set to attack on a hard-coded date – April 1. The worm started to creep onto Windows-based computers in November 2008. And now, on its third variant, it has grown more sophisticated and powerful. Yet, nobody is quite sure what will really happen on April 1.  Nobody knows if it’s a real threat or it’s just one of those April Fools tricks that could disrupt work or even the Internet. What’s known so far is that infected computers will try to connect to 50,000 domains and receive updates of the worm or other malwares and be under the control of a master computer. And from that point, anything is possible. Security experts think that the worm will be used to create a botnet that will be controlled by the worm’s creators so that they can steal information from infected computers, launch attacks on particular websites, or even direct infected machines to send out spam emails.

Symptoms of being infected:

1. Conficker blocks access to a number of security web sites – Try browsing Symantec’s website (http://www.symantec.com). An infected machine would bring up a “Cannot display webpage” error.

2. Conficker turns off the ability to change settings to view hidden files and folders – Open “My Computer”. From the menu, select Tools>Folder Options. Select the View tab. Select the “Show hidden files and folders” option. Click Apply then Ok. Repeat the process to check if the change took place. If it didn’t, your computer is infected.

How you get infected:

1. Conficker attacks a Windows vulnerability called MS08-067. If you haven’t updated or patched your PC, Conficker may have installed itself quietly on your system.

2. The worm copies itself on shared network folders and thumb drives.

If you think your Windows machine is infected, you can download the removal tool created by Enigma. After downloading, run the application and select Proceed to begin the worm removal. Your computer will be rebooted during the process and Conficker will be automatically removed. You may also download the removal tool from my online drive.

Sources

Snopes
Yahoo! Tech
Microsoft Technet
PC1News
Symantec
Enigma

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

Viruses, Spywares, & Malwares: Threats to Computer/Network System

Leave a comment

Making Things Clear…

Virus
According to Wikipedia, a virus is a self-replicating/self-reproducing-automation program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an infection and the infected file (or executable code that is not part of a file) is called a host.

A virus has to be run before it can infect your computer. This means that they wait for user intervention, like double-clicking the infected file, before executing.

Spywares
The term spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer’s operation without the informed consent of that machine’s owner or legitimate user. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer’s operation for the benefit of a third party, usually advertisers.

Spyware differs from viruses and worms in that it does not usually self-replicate. Like many recent viruses, however, spyware – by design – exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites.

What do they do?
1. Delete data – Worms like Sircam or Nyxem attempts to delete or overwrite data on a specified date.
2. Corrupt data – Some computer viruses tend to change data on certain office application.
3. Play pranks – Me.Exe copies itself from one floppy to another and resides to the computer system. It makes the floppy drive active even there is no diskette inserted which damages the drive after a period of time.
4. Steal data – The Bugbear-D records the users’ keystrokes, including passwords, and gives the virus writer access to them.
5. Let other users hijack your computer – A hijacked computer system refers to a system that is taken control by another user via the network or the web.
6. Slow down your computer – Viruses run on the background unnoticed by the users. These viruses utilize computer resources like memory or CPU making your computer function at a snail’s pace.
7. Make your system unstable – Other computer viruses that go with spywares, disable ports that prevent you from opening webpages.
8. Make the network run slow – Sometimes your internet connection would run slow. Others blame the network topology or even applications/softwares that were included in the network system. But one of the main reasons is that there are present spywares and viruses residing in some computer units and these would creep inside the network and look for other possible host targets. Sometimes they use your bandwidth just to download other softwares and the like.

What should we do?
1. Install and update anti-virus and anti-spyware utilities – An anti-virus doesn’t detect spywares and anti-spywares don’t detect viruses. It’s better if you have both installed in your system. There are companies that offer free versions of their anti-virus and anti-spyware. There’s AVG and Avira for anti-virus and Lavasoft Ad Aware for anti-spyware. There are free anti-virus also like PC Tools Anti-Virus and ClamWin. PC Tools Spyware Doctor is a free antispyware also.
2. Do not click pop-ups – Pop-ups are those annoying windows that pop whenever we visit or open certain websites. They advertise products, like screensavers, smilies or cursors, or make warnings about the presence of computer threats. DO NOT CLICK THEM! Close the window by clicking the X button on the top-right corner. They themselves are spywares. Installing them would just create problems.
3. Be extra careful with e-mail attachments – If you receive an e-mail with attachments, scrutinize it first. Do you know who sent you that attachment? Were you asking for a certain file from someone? Or were you informed by someone that they will be sending you a file? Check also the extension name of the file. Extension names are strings of characters beginning with a period and followed by one to three letters. Examples are .doc, .xls, .ppt, etc. If you receive a file with an extension name like .bhx, .pif, .vbs or those that are unknown to you or not related to your field, delete them right away. Another is, if you receive attachments with double extension names like filename.pif.vbs, move the e-mail to the trash folder. It’s a possible virus-infected attachment.
4. Know your files and their extension names – Sometimes viruses would disguise themselves using icons and would look like a normal windows or office file like a Microsoft document or even a folder. If you found a new file in your My Documents folder or the Desktop, check its extension name. You can also check a file’s type by right-clicking the file and selecting Properties. Check the Type of File field. If you are trying to inspect a Microsoft office file like Word, or Excel, and found that its Type of File is Application, delete the file. It’s a virus.
5. Be updated and be aware – Prevention is always better than cure. Keep yourself updated with the latest IT news. Know the threats and know how to avoid them.

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

%d bloggers like this: