Free Republic

Ever since the introduction of Windows Vista in early 2007, Microsoft has enforced the rule that Windows drivers must carry digital signatures by default. Any software that runs in kernel mode, in fact, has to be signed by the company. This is a security measure that should prevent malicious software from digging its claws in too deep. However, what happens when Microsoft gives its blessing to a rootkit? That's what happened a few months ago and was just now discovered thanks to G DATA Software security analyst Karsten Hahn. Initially, the company received a false-positive alert from a driver that...

Cybersecurity specialist Check Point has been tracking the malware called HummingBad since its discovery in February and claim there has been a spike in infected devices. In a new report, Check Point said the malware was a multistage attack chain with two main components, which first infected Androids when people visited certain websites. “The first component attempts to gain root access on a device with a rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device,” the report read. “If rooting fails, a second component uses a fake system update notification, tricking users into granting...

My copy of google chrome is not running as it dont fully finish launching on my launch attempt . I can not force quit it from the force quit applications window.. because its nt running. I can not launch it as the Icon in my dock seems inert. there are a couple of forums I NEED my password for and they were available immediately using chrome. At Wits End, M.M.

... So what are the most common types of malware? They fall into two main categories: those that are basically no more than a nuisance, and those that are aimed at getting money from the victim. Perhaps the most common example of nuisance malware is adware. According to Oh, this is typically delivered along with free software or by compromised or malicious web sites. Adware rarely does any real damage, but some examples are hard to remove. The term was once applied to 'advertising supported software.' In return for getting a useful application at no charge, you accept that it...

CSO - Apache servers are being ambushed by a particularly pernicious malware program called Linux/Cdorked.A that's infecting visitors to the sick machines with the Blackhole malware kit. Discovered by security researchers at Sucuri and Eset, they describe the malware a a sophisticated and stealthy backdoor meant to drive traffic to malicious websites. Eset explained in a blog post that the malware is one of the most sophisticated Apache backdoors it has seen so far. So far, hundreds of servers have been compromised, it said. The backdoor leaves no traces of compromised hosts on the hard drive other than a modified...

ZeroAccess is a sophisticated kernel-mode rootkit that is quickly becoming one of the most widespread malware threats.In a new technical paper from SophosLabs, malware researcher James Wyke explores the ZeroAccess threat, examines how it works and looks at what the malware's ultimate goal is.ZeroAccess has a resilient peer-to-peer command and control infrastructure, runs on both 32-bit and 64-bit versions of Windows, and has been constantly updated with new functionality, allowing it to thrive on modern networks and operating systems.From the distribution mechanisms used to spread it, through the installation procedure, memory residence and payload, the technical paper offers a deep...

A security researcher, Trevor Eckhart, recently made a startling discovery. Hidden inside every Android and iPhone is a program called Carrier IQ (CIQ), which is capable of monitoring virtually everything you do on a SmartPhone. And then it has the ability to send all that data back to your wireless carrier and then who knows where it will wind up and how it will be used. Perhaps these phones have become too Smart for our own good. This is our worst nightmare potentially being realized. With our freedoms being eroded at a rapid rate, this is a biggie. A cellphone...

Blogger and iPhone hacker Chpwn believes that the controversial Carrier IQ software isn’t confined to Android devices. In this blog post, he says a look at the /usr/bin folder reveals Carrier IQ’s agent software, identified as IQAgent in iOS 3, and either awd_ice2 or awd_ice3 on iOS 4 or iOS 5 devices. At this point, Chpwn believes the daemon does not have access to the UI layer, which means it may not be able to capture the kind of data exposed in Android devices. While Chpwn states that he is not certain the software is launched except when the phone...

An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users. In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged...

When I perform a search [Google, Bing, etc.], I get the search list. BUT, when I click on an URL in the list - its NOT taking me to the desired page. It takes me somewhere else [various other web pages, including ASK.com] - WHAT KIND OF HIJACK IS THIS?

Rootkit writers have started exploiting a loophole that lets them write malware able to bypass the PatchGuard driver signing protection built into 64-bit versions of Windows, Kaspersky Lab has reported. A product of the BlackHole Exploit Kit, a hugely successful kit for building malware to hit specific software vulnerabilities, the first element of the attack on a system is straightforward enough, using a downloader to hit the system through two common Java and Adobe Reader software flaws. On 64-bit Windows systems open to these exploits, this calls a 64-bit rootkit, Rootkit.Win64.Necurs.a., which executes the 'bcdedit.exe -set TESTSIGNING ON command, normally...

A friend has an ACER Laptop running Windows Vista. It came up with a screen saying "the computer is infected witha virus, and is sending out spam emails, if you don't want to be a spammer click here", which opens a window to register foir something. Even in safe mode the computer opens to this screen only. There is no ability to close the window or to use ctrl alt delete. In regular startup it didnt fill the screen, but now the computer is staying black in regular start up after it says welcome, and then eventually shuts down on...

The presence of a hard-to-detect rootkit may have caused Windows XP machines to freeze up after applying a patch from Microsoft last week, according to preliminary analysis of the problem from Microsoft's security team. Microsoft's users forums filled up with reports of Windows XP users experiencing the dreaded Blue Screen of Death (BSOD) after applying the 13 patches released by Redmond last week. The problem was later linked to one specific update - MS10-015 - a patch for an "important" kernel flaw - and it was discovered that uninstalling this package unfroze affected machines. The Blue Screen problem affected a...

I have a rootkit trace that refuses to go away. Macafee can't delete it. Malwarebytes Antimalware claims to delete it but it's right there as soon as it closes. I find hundreds of references to it via Google but nobody says how to get rid of it and nobody even discusses what it does besides annoy you. My cd burning programs have been disabled so I can't make an alternative OS like BartPE. I can boot off the Windows CD and get into the Recovery console. I use DOS commands to delete the files but they come right back again....

This is the scariest, stealthiest, and most dangerous exploit I've seen come around since the legendary Blue Pill! No, I'm not just trying to sensationalize this or spread fear, uncertainty and doubt. This is serious and represents a massive new security threat for us all. Security Researchers Joanna Rutkowska and Loic Duflot are planning to release a research paper + exploit code for a new SMM (System Management Mode) exploit that installs via an Intel® CPU caching vulnerability. Joanna, of blue pill fame, reported this on her blog Joanna cleared it up for me that they are not releasing a...

Sony has begun offering Fresh Start, a controversial practice to clean its systems of unnecessary software. Initially available only with the VAIO TZ ultraportable, the option removes both VAIO-specific programs as well as games and other trial software. The practice is meant to "free up valuable hard drive space and conserve memory and processing power" before the system ever leaves the factory, according to Sony. However, the offer has already received criticism for its $50 cost, which lifts the price of the system despite restoring the performance that would be present with a default installation of Windows. The practice has...

According to a press release issued earlier this month by Finjan, a security research firm, compromised Web servers are infecting thousands of visitors daily with malware that turns their Windows machines into unwitting bots to do the bidding of an as yet unidentified criminal organization. Security firms ScanSafe and SecureWorks have since added their own takes on the situation, though with varying estimates on the number of sites affected. All reports thus far say the compromised servers are running Linux and Apache. According to an article on ServerTune.com, the exploit involves a rootkit installed on the compromised server that replaces...

The security firm Finjan says it has discovered a major new type of malware that has infected more than 10,000 Web sites in December alone. Deemed "random js toolkit," it is a Trojan that infects end users' PCs and sends data from the infected machine to the "master" hacker. It can be used to steal passwords, documents and other sensitive information. The malware dynamically creates and changes JavaScript code every time it is accessed, Finjan said. Thus, traditional anti-malware programs can't identify it. Finjan CTO Yuval Ben-Itzhak said in a release, "Signaturing a dynamic script is not effective. Signaturing the...

Sony can't catch a break after its infamous rootkit scandal back in 2005. In fact, we know from talking to security researchers and black hats alike that Sony is under the careful eye of many as a result of that major screwup. Now, a new story has come out involving Sony's biometric Micro Vault USM-F thumb drive, which apparently contains a rootkit that could potentially allow hackers to compromise users' PCs. The presence of the rootkit was first discovered by F-Secure, and was confirmed by Aditya Kapoor and Seth Purdy, researchers at McAfee, and posted on their blog. FTC finally...

Excerpt - A security researcher with expertise in rootkits has created a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems. Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD's SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system. Rutkowska plans to discuss the idea and demonstrate a working prototype for Windows Vista x64 at the end at the SyScan Conference in Singapore on July 21 and at...