malware

In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem.

In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet.

Even though … Read more

Less than two weeks after 30,000 computers at a Saudi oil company fell prey to a virus, a Qatari gas firm's Web site and corporate network are also down because of a virus.

An unknown virus has affected office computer systems since Monday, a spokesman for RasGas, the second largest producer of liquified natural gas in the world, told Arabian Oil and Gas.com today. The company's Web site, Rasgas.com, remained down, as well.

The virus has not impacted production operations or cargo deliveries, said the unidentified RasGas spokesman. The company is a joint venture between … Read more

A new vulnerability was found last week in the latest Java 7 runtime from Oracle. The vulnerability is currently being used by malware developers to exploit systems with runtime installed.

Similar to the Flashback malware seen affecting Mac systems with unpatched versions of Java installed, this latest threat uses a drive-by attack in which simply visiting a malicious Web page will result in the Java applet running and compromising the system.

When the exploit loads, systems may see a blank Web page with no activity, but may also see a brief Java icon with "Loading" text before this … Read more

Saudi Arabia's oil company, Saudi Aramco, says its main internal network is back up after a virus affected 30,000 work stations in mid-August, but the source of the attack remains unclear.

Saudi Aramco said all of the affected workstations have all been cleaned and restored to service and normal business resumed on Saturday when employees returned to work following the Muslim Eid holidays. The primary enterprise systems of hydrocarbon exploration and production were unaffected because they are kept on isolated network systems. Meanwhile, remote Internet access to online resources has been restricted, the statement said.

Saudi Aramco blamed … Read more

Editor's note: This story and its headline have been updated and corrected to reflect new information provided by the researchers that completely changed their conclusions.

Researchers today said that hackers behind the Gauss cyber-espionage malware targeting banks in the Middle East were directing infected computers to connect to a command-and-control server used by the Flame spyware. However, later in the day they said they were mistaken and that other researchers had control of the server instead.

"In our post earlier today, we concluded that there was some sort of relationship between the Gauss and Flame malware actors based … Read more

Security researchers have discovered a single piece of malware that is capable of spreading to four different platform environments, including Windows, Mac OSX, VMware virtual machines, and Windows Mobile devices.

First uncovered last month by security company Integro, Crisis was originally described as a Mac Trojan capable of intercepting e-mails and instant messages and tracking Web sites visited. Additional scrutiny by Symantec has found that the malware targets both OSX and Windows users with executable files for both operating systems.

Crisis is distributed using social engineering techniques designed to trick users into installing a JAR, or Java archive, file masquerading … Read more

As the Syrian civil war continues to escalate, pro-government forces are allegedly carrying out a cyberwar against local dissidents.

Syrian activists, journalists, and government opposition groups are under a barrage of targeted malware attacks, according to the watchdog group Electronic Frontier Foundation. What this malware does is deceptively install surveillance software into a computer under the guise of protecting the computer from viruses. Its name is AntiHacker.

Once the malware is installed in the computer, with promises to "Auto-Protect & Auto-Detect & Security & Quick scan and analysing [sic]," it actually begins to spy on the user. Using … Read more

Two labs are offering ways to check if your system is infected by Gauss, the new malware software from the Middle East.

Kaspersky Lab -- which recently released information identifying Gauss -- posted the tools today after receiving inquiries about detecting the new malware. Gauss has been dubbed a "cyberespionage toolkit" that can steal sensitive data, including browser passwords, online banking accounts, cookies, and system configurations.

Folks can download the Kaspersky virus removal tool, or use a Web page provided by Hungarian research lab CrySyS to scan for the virus. The CrySyS page will check your system for … Read more

Gauss, a new "cyber-espionage toolkit," has emerged in the Middle East and is capable of stealing sensitive data such as browser passwords, online banking accounts, cookies, and system configurations, according to Kaspersky Lab. Gauss appears to have come from the same nation-state factories that produced Stuxnet.

According to Kaspersky, Gauss has unique characteristics relative to other malware. Kaspersky said it found Gauss following the discovery of Flame. The International Telecommunications Union has started an effort to identify emerging cyberthreats and mitigate them before they spread.

In a nutshell, Gauss launched around September 2011 and was discovered in June. … Read more