A new type of malware distributes itself by silently overwriting the update function for popular applications like Flash and Adobe Acrobat. While malware masquerading as software updates is very common, this is the first time it’s been seen overwriting the auto update functions of legitimate software. Written in Visual Basic and called W32.Fakeupver.trojan, it looks exactly like a legit updater right down to the version number and updater-in fact it’s so convincing that even anti-virus software is fooled.

Once installed it opens DHCP and DNS clients along with a network share and port in order to communicate with its command server and presumably adds the system to a botnet.

What makes the malware particularly dangerous is that once the malware is detected and removed, it leaves the legitimate app it infected without its auto update feature, and that could leave it vulnerable to future attacks if it’s left unable to download critical updates. The user would have to completely re-download and reinstall the affected software, and likely wouldn’t know they had to.

Since many software apps like Adobe, Java, Flash, and Windows itself receive near constant updates and patches, having the update function removed could be disastrous. Scammers have exploited Flash, and Java many times and malicious PDFs are a popular distribution method. 56% of all malware currently comes from malicious PDFs. Experts recommend disabling Javascript when visiting unfamiliar websites to help protect yourself, but an even better idea is to avoid visiting unfamiliar websites all together. It’s also a good idea to manually check your apps on a regular basis to make sure they’re properly updated.

Security experts say that the current financial crisis even has scammers worried. The recent rollercoaster on Wall Street has cybercriminals scrambling to find other sources of income believing their pool of targets is shrinking. Instead of going after banking information, passwords and credit card numbers, new spam campaigns are focusing on tricking people into purchasing fake antivirus programs and downloading ransomware.

Continue reading Even Scammers Are Affected By Credit Crisis»

A new phishing attack has been launched and this time the scammers are exploiting a troubled bank. The spams being sent are purportedly a “Wachovia Corporation Notice” and ask for personal information such as social security numbers and bank account info in order for them to send a “Wachovia Security Plus” certificate. The link in the email redirects to a malicious site that downloads the Gozi Trojan that scans the infected PC for personal info and sends it to the scammers. Experts worry that jittery Wachovia customers, already reeling from the bank’s collapse and takeover by CitiGroip, may fall for the scam.

It’s expected this won’t be the last phishing scam exploiting the current economic crisis. Remember that banks never ever ask for personal info via email, so delete any emails asking for it!