News tagged ‘virus’

A security firm Sophos, released a report which claims that a new Trojan horse was found to be hidden in a Mac OS X application, Graphic Converter 7.4.

The new Trojan called DevilRobber can steal sensitive user data, usernames and passwords, and take control of the computer’s GPU to generate Bitcoins, a form of currency used online, and is capable of spying on users by taking screenshots of their activity and sending the images online. DevilRobber, also known as "OSX/Miner-D," also runs scripts that can copy information “regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history” to a dump.txt file. The malware is also able to search for “pthc” files (the term means pre-teen hardcore pornography). And probably that is one of its secondary features to find traces of child abuse on affected computers that could be used against owners of such computers, for example.

Sophos suggests that users may notice that their computers have been attacked by the Trojan. This may affect overall computing performance when the Trojan steals GPU resources. The company asks users not to download software from unreliable sources. Though, common anti-virus programs are able to detect the Trojan.

Apple has released a software update that is able to automatically find and remove known variants of the MacDefender malware. The company added a “OSX.MacDefender.A” definition to the malware check  and while installation the malware should be find and removed, then users should be notified that the MacDefender is removed.

Apple maintains a list of known malicious software that is used during the safe download check to determine if a file contains malicious software. The list is stored locally, and with Security Update 2011-003 is updated daily by a background process.

Read the rest of this entry »

Intego, antivirus firm, has discovered a new variant of the"MacDefender" malware that not requires an administrator password for installation.

Unlike the previous variants of this fake antivirus, no administrator's password is required to install this program. Since any user with an administrator's account - the default if there is just one user on a Mac - can install software in the Applications folder, a password is not needed. This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.

Read the rest of this entry »

Apple will release a Mac OS X software update in the next few days that will automatically find, block and remove the popular Mac Defender malware from infected OS X machines.

A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender “anti-virus” software to solve the issue. This “anti-virus” software is malware (i.e. malicious software).  Its ultimate goal is to get the user’s credit card information which may be used for fraudulent purposes. The most common names for this malware are MacDefender, MacProtector and MacSecurity.

Read the rest of this entry »

The iPhone OS is a great operating system and is also one of the safest. That's why Apple rejected the anti-virus application developed by Kaspersky Lab. Such app will never make it to AppStore, just because users don't need it.

Some users who run the jailbreak might catch a virus. However if they do everything right - there will be no troubles and no viruses.

Another popular antivirus program is eset nod32 antivirus.

This week Steve Jobs answered an email question from Sweden. The question was from Jezper Söderlund:

I'll keep it short.

I'm Jezper from Sweden, a long time Apple fan, currently about to replace the very last computer at home with a brand spanking new iMac i7. I'm also awaiting the release of the iPad. However, I have one question:

Will the wifi-only version somehow support tethering thru my iPhone?

Two devices, based on the same OS, with already built-in technology to share one data plan suggests a secondary contract could possibly be redundant.

From the look of your keynote, where the iPad sits well between my MacBook Pro and my iPhone, I was hoping the three of them could interact as seamless as possible.

All the best,
Jezper Söderlund

This is a very interesting question, since iPad's network settings with tethering were found recently. Here is Jobs' answer:

Read the rest of this entry »

The number of jailbreak utilities for iPhones and iPod Touches with the latest iBoot is dramatically increasing. All of them are FAKE. Some of them will fill your computer with viruses, which is not good.

gull1hack, spartanbr3ak, br0k3n_appl3 are just some of these new programs that in one way or another deceive the user and then run malicious code. We therefore ask you to stay away from ANY such software. Some time in the future GeoHot or DevTeam will release new jailbreak and unlock software. Other than that is fake and dangerous. Install only programs you trust or the ones recommended by iPhoneRoot.

Here is a twitter comment from DevTeam:

A second iPhone worm virus has been found by security company F-Secure. It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING.

It redirects the bank's customers to a site with a log-in screen (phishing). The worm attacks "jailbroken" phones - a modification which enables the user to run non-Apple approved software on their handset. Only handsets with installed SSH (secure shell) are at risk. SSH is a file-transfer program that enables users to remotely connect to their phones. It comes with a default password, 'alpine' which should be changed.

Here is a tutorial how to change the default SSH password and minimize the risk.

This is quite simple. If you did a jailbreak on your iPhone you need to change the default password. Why? Because hackers can access your phone, read your mail, sms, download other data. The second reason is because there are already several viruses (worms) that use these default passwords.

Here's a quick step-by-step tutorial.

1. If you don't have MobileTerminal application installed: for 4.х and 5.x firmwares we have a good step-by-step tutorial, for 3.x just run Cydia, search for MobileTerminal and install.
2. Run MobileTerminal.
3. Type passwd and press return.
4. Enter the default user password alpine and press return.
5. Enter a new password and press return.
6. Enter a new password again and press return.
7. Congratulations, you changed it for default mobile user. Let's do the same for root user.
8. Login as root user: type su root and press return.
9. Type alpine for password
10. Type passwd and press return.
11. Enter a new password and press return.
12. Enter a new password again and press return.
13. That's it!

The passwords are now changed, and your jailbroken iPhone or iPod Touch is now a bit more secure than it was before and less vulnerable to the worm detected recently.

Update: Step-By-Step Tutorial: How to install MobileTerminal on iPhone with iOS 4.x and 5.x

The new ad called Top of the Line features actor Patrick Warburton who is best known for his portrayal of David Puddy from the Seinfeld sitcom. It focuses on potential viruses and other "headaches" that may affect PCs, but not Macs. A second ad called Surprise was also posted today delivering a similar message:

Read the rest of this entry »

If you have updated AVG to the latest version, your antivirus may indicate the presence of a Trojan virus inside the iTunes directory. Files iTunes.dll and iTunesRegistry.dll are mistaken as Trojan horse Small.BOG.

This problem was found by many people, Apple support forum is full of similar reports. If you use Windows and have encountered the same problem, just wait for a patch to antivirus software and delete the iTunes directory from scanning with AVG.

It is reported today that Cydia could be affected by a virus. The package "snes4iphone" in the repository "zottd" may contain malicious code. The package would not lead to serious damage, but executes a script that installs an advertisement in all the html pages of Cydia, including the initial one.

If any of you thisnk your Cydia is affected, simply reinstall it via this route:

“Manage” -> “Package” -> “Cydia Installer” -> “Modify” -> “Reinstall”