While there are quite a few applications on the market that have the code in question on them at this point, and at least 1 million but up to 5 million users have already downloaded it in one way or another, there’s nothing to fear. As Symantec notes, this software is only capable of doing a few disagreeable things to your Android device instead of a whole lot, the latter being the one that gets a code into the “malware” category. Instead, we’re only talking about the following:

“In general, it’s changing the home page of the [smartphone's] browser, adding additional shortcuts to the desktop, adding and even removing bookmarks. … It took a while for some consensus then about what was adware or spyware, and what wasn’t, but eventually that consensus was reached.” – Kevin Haley of Symantec

Check the timeline below for more information on which applications have the Counterclank software on them, and avoid them if you must – but don’t worry, they’re safe! What’s considered safe now, that’s what’s up for debate. Haley continued:

“We’re going to see app vendors experiment with how to monetize their apps on Android phones, more so on mobile than on the PC, because mobile apps are sold at very inexpensive prices or given away for free. It’s understandable that we’ll see some pushing the boundaries, or even going beyond them.” – Haley

[via Symantec]

It’s just as basic as that, when it comes down to it: if you’ve picked up a tablet for the first time, or a smartphone for the first time, and you want to grab some apps, you just head to the market and start downloading like a maniac. The step that exists between here and there that, unfortunately, is the only real level of security that exists for Android today is this: reviews by people like your humble narrator. And I don’t do that many reviews of applications. Consumers must trust in well-known publications to tell them if applications are safe to use or not if they’re on Android, giving them the links they need to find apps that don’t cause havoc on their devices – but they don’t, and therein lies the problem with Google’s system.

Google has provided an awesome system in which developers do not need their permission to publish an application, allowing the open market to thrive and grow rampantly. The bad thing about this is that the warning that are embedded in every download, the gates that Google has actually put up to defend against malicious software, are not working. When a consumer downloads an app, there’s a warning that comes up when they’re about to install which tells them what the app is capable of. Have you seen it? Likely if you’re an average citizen, you’ve pushed right past it and installed with fury.

There’s a South Park episode about this situation, in a way, though it uses Apple and their iTunes user agreement as an example instead. The lesson they teach the character Stan in that episode is that you should always, always read the user agreement before agreeing to it. What the agreement amounts to though, instead of it being there for the consumer to know their rights, is a safeguard for the company that placed it – in this case, Google is not to blame as the text they’ve freely given consumers which says things like “Malicious applications can use this to erase or modify your Browser’s data” has rid them of all legal blame.

NOTE also that this newest attack titled Android.Counterclank has been classified as several things: the first as a malware attack, but the most recent, listed by Lookout Mobile Security, as “an aggressive form of an ad network.” Attaching to your device after it explicitly warned you that it was going to do so – fair deal!

[via Lookout]

What we’re looking at here is a fellow by the name of Andrey N. Sabelnikov from the Russian Federation who worked most notably with antivirus vendor Agnitum. Once he began his work on this Kelihos operation, he embedded debug codes into the source of the virus which then allowed the software to download and install the Kelihos machine. It’s undoubtably clear that the fellow in question here got his knowhow from working with the firms he’d worked with in the past whose main goal it is to do away with the viruses he now slung. His LinkedIn page also noted that he’d worked for security vendor Returnil between 2008 and 2011, his stint with Agnitum taking place between 2005 and 2008.

Microsoft wrote the following in a US District Court complaint against Sabelnikov:

“Defendant Andrey N. Sabelnikov is an individual residing in St. Petersburg, Russian Federation. Defendant currently works on a freelance basis for a software development and consulting firm. Prior to his current employment, Defendant worked as a software engineer and project manager at a company that provided firewall, antivirus and security software. [With Kelihos botnet he] used the software to control, operate, maintain and grow the Kelihos botnet, by among other things, infecting innocent users’ computers.” – Microsoft

Harsh words, but certainly not unwarranted. How many hackers do you think studied with the protection agencies they’d hope to bypass in the future? Imagine the ease!

[via Ars Technica]

While a refrigerator magnet has never been hacked and an online virus has never attacked a cork board, I’d wager USPS doesn’t attribute most of its revenue to either one of those tiny bits of in-home convenience. As you’ll see in the video below, USPS instead wants you to understand that the Internet is nothing compared to the “added feeling of security” that a printed statement or receipt adds. The commercial ends with a call for you to visit their webpage telling you how not to use the internet because it is evil.

While USPS is speaking here about “the value of mail to both businesses and consumers,” as they write on their page, we’ve got to ask: why make a video? Why not send a letter to all of your customers in the mail? Have a look at the video and let us know what you think about this new punch to the gut of the internet, and also, if you can remember, let us know the last time you sent a letter.

The announcement came from Chief Cabinet Secretary Osamu Fujimura this week. Computers in the Japanese House were infected in late August according to Fujimura. The computers in the overseas Foreign Affairs offices handle low security information and the separate network that handles high security information was not infected according to officials.

Fujimura is specific in pointing out that there was no leak of confidential information. However, he declined to comments on the specific locations and nature of the attack. If the attack was from emails as previously stated, the source was likely infected file attachments. The computers in the House that were infected in August were identified and cut off from the network. PC World reports that local Japanese media are saying the attacks were malicious and claim that logins and passwords to protect email and other private data were stolen in the attacks.
[via PC World]

The virus first decrypts the paths of the XProtectUpdater plist files and unloads the XProtectUpdater daemon. It then overwrites the XProtectUpdater files with a blank character and also overwrites the plist and binary for the XProtectUpdater.

This process wipes out certain files and prevents XProtect from automatically receiving updates in the future. This makes your computer vulnerable to future attacks since definitions cannot be updated. Although it’s common for viruses to attempt to disable anti-malware safeguards, this may be the first Mac-oriented malware that targets XProtect.

[via MacNN]

About two week ago, the Airforce discovered that the computers at Nevada Creech Air force Base where the pilots of drone missions control their craft from were infected. The military claims that no classified information has been leaked outside the network; however, the virus had survived more than one attempt to remove it.

One source claims that each time the virus is wiped, it comes back. The virus is believed to have infected the classified and non-classified machines at Creech. The full scope of the infection is unknown. The virus is suspected to have been introduced to the network by flash drives used to move data about missions between computers.

[via Physorg]

The system relies on Websense’s ThreatSeeker Cloud system, which rather than use a blacklist of sites deemed unsafe, actually promises to scan the page to figure out whether or not it can be trusted. That, the company reckons, is a more thorough way of doing it, and allows them to check not only for viruses and malware but other content deemed inappropriate, such as racism.

In that way, it’s a marked difference from Google’s blocking system, which warns about potentially dangerous pages using a list of pre-approved sites. Facebook has already implemented a crowd-sourced link checking system, called Web of Trust, which will continue to operate in addition to Websense’s offering.

Among the issues the engineer spotted during reverse-engineering the Sophos software was a short-sightedness in how the app attempts to identify malware and block its installation. Only a small number of potential exploits are examined, Ormandy discovered – it’s unclear if this is intended to reduce the time it takes to scan, so as not to frustrate the user, or for some other reason – and so minor tweaks to standard malware code could allow the app to be loaded.

“Only the most standard, non-modified payloads could be intercepted by this … It’s ridiculously weak” Tavis Ormandy, security researcher

Other potential defects that could be exploited by malware relied on how the security software could react to false-positives and frustrate users to the point where they deactivated it. Ormandy was able to fake the verification signatures Sophos uses to identify malicious code and use it to create a storm of groundless warnings.

Most dangerous, perhaps, was Sophos’ attitude to cryptography. In some cases the encryption key the company used was stored alongside the data it had been used on; if misused, that could allow malware to remain undetected despite the software performing regular scans.

Although Ormandy works at Google, where he is a security engineer, he claims to have completed the research into Sophos in his own time and without either the knowledge or support of his employer. He also gave Sophos a heads-up on his announcements, and the company’s representative at Black Hat, Vanja Svajcer, confirmed that the criticisms were valid and said that efforts to address them were underway.

However, Svajcer also insisted that no evidence that any of the loopholes had been used maliciously had come to light, and suggested that the work involved in tailoring malware to target Sophos’ software specifically would likely be too involved for most authors.

The malware mimics legitimate apps, but once installed, it secretly records all of your phone calls in stores them on your handset’s SD card. It also inserts a configuration file with parameters for a remote server, suggesting that malware can also upload recorded conversations to a remote server.

It’s recommended that Android users exercise more caution and install only apps from trusted sources. Non-market apps can also be blocked by unchecking “Unknown Sources” in your Android device’s Application settings. Anti-virus type of apps for Android devices can also be used to help detect and prevent malware.

[via CA Security]

The memo also insists that AppleCare staff should neither confirm nor deny that the malware has been installed, should not attempt to assist customers in removing it, and should not escalate cases to Tier 2 support. Neither should they be referred to the Apple Store, which “does not provide any additional support for malware.”

Apple is yet to comment on the leak, though it certainly looks like the company is attempting to tread water while it investigates the malware. Despite growing popularity of OS X, the platform is still in the minority when it comes to the attentions of virus and other malware authors. That privileged position may well have left the company wrong-footed today.

Hypponen remembers working on Brain back in the 80’s and when he reversed engineered it, the code revealed the names, address, and phone numbers for the brothers near Lahore Railway Station in Lahore, Pakistan. Hypponen travels to visit the Farooq brothers in Pakistan and interviews them about the story behind “Brain”.

The brothers said they wrote Brain to explore the security holes of operating systems, but did not make it a malicious virus. They called it a “friendly virus” and that it would only detect if there was enough space on the floppy, and then only goes to that particular floppy. They could also see if the code was spreading or if it stayed within a small circle. Brain is named after the brother’s own company, Brain Telecommunications Ltd., in Pakistan and the virus was written in the same building that the company is still in today. At the end of the short documentary Hypponen gives Brain back to its original creators some 25 years after they created it in the same building.

[via USA Today]

As Ben Bajarin suggested back in August 2010 when the deal was first announced, such a strategy will allow Intel to load in extra protection for embedded devices, including Atom-based STBs like the Logitech Revue. It may also reduce system load, by offsetting anti-virus protection to dedicated silicon. McAfee will continue to sell its own security products and services using the existing brand.

Press Release:

Intel Completes Acquisition of McAfee

SANTA CLARA, Calif., February 28, 2011 – Intel Corporation today announced the acquisition of McAfee, Inc. is complete.

McAfee will continue developing and selling security products and services under its own brand. Intel and McAfee plan to bring the first fruits of their strategic partnership to market later this year, with the intent of tackling security and the pervasive nature of computing threats in an entirely new way.

Intel and McAfee believe today’s approach to security does not adequately address the billions of new Internet-ready devices, including PCs, mobile and wireless devices, TVs, cars, medical devices and ATM machines. With the surge in cyber threats, providing protection to a diverse online world requires a fundamentally new approach involving software, hardware and services. Together the two companies will work to help people more securely take full advantage of the potential of computing and connectivity.

As a wholly-owned subsidiary of Intel, McAfee reports into Intel’s Software and Services Group. The group is managed by Renée James, Intel senior vice president, and general manager. McAfee’s president, Dave DeWalt, will report to James.

“In the past, energy-efficient performance and Internet connectivity have defined computing requirements,” said James. “Intel has added security as a third pillar of what people demand from their experiences with personal computers and other connected devices. Security challenges put the future potential of computing at risk. The acquisition of McAfee adds not only world-leading security products and technologies to Intel’s computing portfolio, but also brings incredibly talented people focused on delivering products and services that help make connecting to the mobile Internet safer and more secure.”

Intel’s updated Business Outlook for Q1 2011 and full year 2011, published on January 31, 2011, reflected the impact of the closing of the McAfee transaction. The press release, including the Outlook and related risk factors, can be found at http://sec.gov/Archives/edgar/data/50863/000005086311000020/exh991.htm.

At present, Geinimi has been observed stripping the handset’s IMEI and SIM’s IMSI and sending them to a remote server, along with location information. It’s also capable of initiating the download of an app, though user acknowledgement is still required in order to install it. Software in the official Android Market is clean; only those side-loading apps onto their devices are currently at risk, though Lookout does say that this new trojan raises the bar for the complexity of Android malware.

[via Android Community]

“The popularity of iPads and iPhones in business environments,” McAfee suggests, “combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.” It’s the end of Apple devices flying under the radar when it comes to malware and virus authors, the security firm believes, and a similar warning is issued for Apple TV and other internet-connected TV platforms. They could be harnessed as new botnet systems, it’s suggested, with users unclear on what the new wave of applications are capable of, and that confusion taken advantage of by cybercriminals.

Privacy and data theft are also big watchwords of 2011, with geolocation services like Foursquare and Facebook Places potentially being used to create “targeted attacks”. As for government- and business-level threats, McAfee claims state-funded attacks – such as China has been accused of – will proliferate in the new year.

Press Release:

McAfee Labs Predicts Geolocation, Mobile Devices and Apple Will Top the List of Targets for Emerging Threats in 2011

McAfee Researchers Also Foresee Attackers Targeting Shortened URL Services and Internet TV Platforms; Increase in Politically Motivated Hacktivisim

SANTA CLARA, Calif.–(BUSINESS WIRE)– McAfee, Inc. (NYSE:MFE) today unveiled its 2011 Threat Predictions report, outlining the top threats that researchers at McAfee Labs foresee for the coming year. The list comprises 2010′s most buzzed about platforms and services, including Google’s Android, Apple’s iPhone, foursquare, Google TV and the Mac OS X platform, which are all expected to become major targets for cybercriminals. McAfee Labs also predicts that politically motivated attacks will be on the rise, as more groups are expected to repeat the WikiLeaks paradigm.

“We’ve seen significant advancements in device and social network adoption, placing a bulls-eye on the platforms and services users are embracing the most,” said Vincent Weafer, senior vice president of McAfee Labs. “These platforms and services have become very popular in a short amount of time, and we’re already seeing a significant increase in vulnerabilities, attacks and data loss.”

McAfee Labs Threat Predictions for 2011:

Exploiting Social Media: URL-shortening services
Social media sites such as Twitter and Facebook have created the movement toward an “instant” form of communication, a shift that will completely alter the threat landscape in 2011. Of the social media sites that will be most riddled with cybercriminal activity, McAfee Labs expects those with URL-shortening services will be at the forefront. The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites. With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes.

Exploiting Social Media: Geolocation services
Locative services such as foursquare, Gowalla and Facebook Places can easily search, track and plot the whereabouts of friends and strangers. In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using. This wealth of personal information on individuals enables cybercriminals to craft a targeted attack. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2011.

Mobile: Usage is rising in the workplace, and so will attacks
Threats on mobile devices have so far been few and far between, as “jailbreaking” on the iPhone and the arrival of Zeus were the primary mobile threats in 2010. With the widespread adoption of mobile devices in business environments, combined with historically fragile cellular infrastructure and slow strides toward encryption, McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

Apple: No longer flying under the radar
Historically, the Mac OS platform has remained relatively unscathed by malicious attackers, but McAfee Labs warns that Mac-targeted malware will continue to increase in sophistication in 2011. The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.

Applications: Privacy leaks—from your TV
New Internet TV platforms were some of the most highly-anticipated devices in 2010. Due to the growing popularity among users and “rush to market” thinking by developers, McAfee Labs expects an increasing number of suspicious and malicious apps for the most widely deployed media platforms, such as Google TV. These apps will target or expose privacy and identity data, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps, eventually raising the effectiveness of botnets.

Sophistication Mimics Legitimacy: Your next computer virus could be from a friend
Malicious content disguised as personal or legitimate emails and files to trick unsuspecting victims will increase in sophistication in 2011. “Signed” malware that imitates legitimate files will become more prevalent, and “friendly fire,” in which threats appear to come from your friends but in fact are viruses such as Koobface or VBMania, will continue to grow as an attack of choice by cybercriminals. McAfee Labs expects these attacks will go hand in hand with the increased abuse of social networks, which will eventually overtake email as a leading attack vector.

Botnets: The new face of Mergers & Acquisitions
Botnets continue to use a seemingly infinite supply of stolen computing power and bandwidth around the globe. Following a number of successful botnet takedowns, including Mariposa, Bredolab and specific Zeus botnets, botnet controllers must adjust to the increasing pressure cybersecurity professionals are placing on them. McAfee Labs predicts that the recent merger of Zeus with SpyEye will produce more sophisticated bots due to improvements in bypassing security mechanisms and law enforcement monitoring. Additionally, McAfee Labs expects to see a significant botnet activity in the adoption of data-gathering and data-removal functionality, rather than the common use of sending spam.

Hacktivism: Following the WikiLeaks path
Next year marks a time in which politically motivated attacks will proliferate and new sophisticated attacks will appear. More groups will repeat the WikiLeaks example, as hacktivism is conducted by people claiming to be independent of any particular government or movement, and will become more organized and strategic by incorporating social networks in the process. McAfee Labs believes hacktivism will become the new way to demonstrate political positions in 2011 and beyond.

Advanced Persistent Threats: A whole new category
Operation Aurora gave birth to the new category of advanced persistent threat (APT)— a targeted cyberespionage or cybersabotage attack that is carried out under the sponsorship or direction of a nation-state for something other than pure financial/criminal gain or political protest. McAfee Labs warns that companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous APT attacks that go after email archives, document stores, intellectual property repositories and other databases.

For a full copy of the 2011 Threat Predictions report from McAfee Labs, please visit: http://www.mcafee.com

The scientists took a small implantable ID chip similar to the type used to identify pets. He infected the chip with a specific sort of computer virus and then implanted the chip into his hand. The chip used allows the scientists to pass through security doors and activate his mobile phone.

The virus the researcher introduced to the chip also passes copies of itself to external control systems as the chip is read. That means that each security door he goes though is infected with the virus. The researcher is Dr. Mark Gasson form the University of Reading, and he admits that his test is merely a proof of concept. Proving that the implanted device can infect other systems has some serious implications for the future of implantable chips for medical monitoring and other uses.

It’s debatable if Apple (and Steve Jobs, incidentally) is admitting or suggesting that Apple is just as capable of receiving malicious content as Microsoft’s Windows, and one that we’re sure will be going on for quite some time. Either way, Apple’s erected the first wall in defending against it, but as it turns out, that wall might be made of sticks, rather than stone. The included scanner can only detect two Trojan horses apparently, and both of them are quite old. “RSPlug.a” was first seen back in October 2007, and “lservice” which first came about in January. The shocking part is that the Snow Leopard anti-virus checker identifies these two Trojans as being brand new. In 2007, “RSPlug.a” made it to the news because it changed a machine’s DSN (Domain Name System) settings, and redirected users to false sites. And lservice made its appearance on pirated copies of iWork ’09, Apple’s suite of productivity software. The first Trojan is old enough that it is hardly ever seen in the wild anymore.

Of course, due to software updates, Apple will be able to update the virus checker whenever they see fit, through their Software Update Service. Apple hasn’t confirmed this to be a possibility, or an option, and there isn’t any word on what this could cost. If it costs something at all, it would be quite the slap in the face to the consumer. Keeping your users safe, especially by a company that strives for usability and user experience, would be paramount to keeping Apple’s squeaky-clean image amongst computer users.

[via TG Daily]

The functionality has been confirmed by other users, apparently, though it’s still unclear how Apple might be managing such aspects as antivirus updates and the like.  If this all pans out to a new security feature in Snow Leopard, it’s possible that Apple will be making regular antivirus log downloads available much in the same way that Microsoft’s Defender automatically gets new rules.

Snow Leopard is on course for a release on Friday, with pre-orders of the OS X 10.6 update already being taken.  Apple have previously said that the update is more secure and stable than previous iterations, but it has failed to mention any active antivirus protection that might be preloaded.

The main goal of this software is to remove trojans, spyware and viruses. That’s it. It’s currently undergoing testing and is likely to see a beta very soon for the public. What’s interesting, is this antivirus software will be free for Windows users, which is likely to stick a thorn in the side of its competitors.

Microsoft tried the antivirus market before with their OneCare bundle, though it required an annual fee. It never really took hold, so now the free price tag is likely to bring in added interest.

Anecdotal research suggests that it is the English-language build of Windows XP Home that Viliv have used on some models that is tainted.  The install is a custom mixture of the Microsoft OS and Viliv’s own modifications, which offer things such as an on-screen keyboard.

The viruses in question include kinza.exe, win32.QQrob-32 and ActMon-Pro.  Current advice is to run a virus scan as soon as possible if you pick up an S5, preferably before connecting it to your home network or attempting to synchronize data between it and an existing system.

[via Pocketables]

Use of such a feature is generally considered counterproductive to a botnet user’s primary goal, which is to acquire as many passwords, credit card details and internet banking credentials as possible, without the computer’s owner being aware.  Security experts are now debating why this recent botnet – which consisted of PCs primarily in Poland and Spain – self-destructed.

One theory is that it was done to delay individuals from discovering their accounts had been compromised.  S21sec’s Jozef Gegeny suggests that the self-destruct in effect “[takes] the victim away from [their] Internet connection – before the unwanted money transfer is realized and further actions could be taken.”  Another possibility is user error: Roman Hüssy, who oversees botnet-tracker site Zeustracker, described the typical user of such a malware network as “not very skilled”.

The “kos” command is confirmed to be present in the latest versions of the Zeus trojan.  For more details on the malware – which offers hackers access to the compromised computers for just $700 – check here.

[via Slashdot]

The advice is, as always, make sure to corroborate the MD5 checksum on your ISO download with the known, safe MD5, and if the two don’t match then don’t run any of the downloaded files.  The good news is that anti-virus software appears to be catching the trojan before it installs, but better to be forewarned than rely on software.

While SlashGear doesn’t advocate installing leaked, unofficial software such as this Windows 7 RC, we recognize some users will continue to do so.  In the interest of security, the MD5 for the “safe” Windows 7 RC Build 7100 ISO x86 ISO is 8867C13330F56A93944BCD46DCD73590, while the MD5 for the x64 ISO is 98341af35655137966e382c4feaa282d.  Far safer, however, is to wait for the official RC build, which is reportedly imminent.

[via freitasm; image via Frank Fontaine]

While the copy of Photoshop in the torrent is legitimate, the crack application accompanying it – which offers illegal serial numbers for CS4 - is not.  After asking for the user’s administrator password, it saves those credentials, installs itself and notifies at least two IP addresses.  Since it also cracks the Photoshop security protection, the user can be left none the wiser that their Mac has been compromised.

The first version of the trojan, OSX.Trojan.iServices.A, was used to download software and launch a DDoS attack on several sites.  Intego believe this new version will do the same.  As ever, the advice is to not give out your admin password to random apps and not download illegal software.

[via Macenstein]

The trojan was spotted by Intego, the company behind the Mac security app VirusBarrier, who are describing it as a high-risk issue and warn that “users may face extremely serious consequences” if their Macs become compromised by the third-party behind the malware.  Although it cannot spread from computer to computer by itself, given the allure of free software it’s likely that OSX.Trojan.iServices.A will affect significantly more people than the initial 20,000 estimates.

“The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password. This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely” Intego security alert

Unfortunately, the safest way to clean an infected Mac is to completely reinstall OS X, making sure to do so from the original discs and not backups, which the trojan could have tampered with.  Unfortunately, this just underscores the need to be careful if downloading unofficial software – and to have an up-to-date anti-virus app running if you insist on doing so.

According to the FTC’s complaint, the defendants used an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements. The defendants falsely claimed that they were placing Internet advertisements on behalf of legitimate companies and organizations. But due to hidden programming code that the defendants inserted into the advertisements, consumers who visited Web sites where these ads were placed did not receive them. Instead, consumers received exploitive advertisements that took them to one of the defendants’ Web sites. These sites would then claim to scan the consumers’ computers for security and privacy issues. The “scans” would find a host of purported problems with the consumers’ computers and urge them to buy the defendants’ computer security products for $39.95 or more. However, the scans were entirely false.

The products that are responsible for the scam include, WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. We are told that over one million users have been “duped” by the programs listed above. The bottom line is, you need to get this software off of your computer if you happen to be one of these people. We suggest that you get a good reliable anti-virus program as soon as possible to prevent any further damage.

Google still has a cached version of the page, viewable here.  You can see a screenshot in the gallery below.

Apple has historically suggested that Mac computers do not require antivirus protection as malware is generally aimed at Windows-based PCs.  To some, then, the advice was seen as a backtrack on this stance.  The document, however, appears to have been the reminents of old advice, now removed as a result of the confusion to customers.

Edit: Apple has made the following statement: “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box”.

[Thanks Tony!]

The document goes on to recommend three commercial anti-virus applications for Mac: Intego VirusBarrier X5, Symantec Norton Anti-Virus 11 for Macintosh and McAfee VirusScan for Mac, the former two with links to the Apple Store.  Although the company has not officially commented on what prompted the advice, industry analysts are suggesting that the rise in internet trojans and other malware intending data theft has left Mac users just as great targets as their Windows counterparts.

Apple’s “immunity” to viruses has been a longstanding refrain used in Mac/PC arguments, with the company itself fuelling the debate through its own adverts.  Of course, the lasting message here should really be that no internet user should venture online without taking precautions to protect their personal data.

[via ZDNet]

This new release uses 80% less memory than your average antivirus software. In fact, it gives you the the option to lower the security parameters, making it so it uses even less memory and your gaming experience is elevated.

In addition to these perks, there is a Gamers Mode that puts a halt to downloading updates automatically so you don’t have a sudden latency issue in the middle of an epic battle! Antiviral notifications are also put on hold while in this mode.

ASUS are yet to confirm exactly how the virus found its way onto the brand new machines, but given its apparent presence on all Eee Box PCs it could suggest an infected version of the imaging software the company uses to factory-install the OS.  Virus experts Symantec claim the virus is most likely the W32/Usbalex worm, which it rates low for damage level.

However UK site The Register has found a virus – in this case the W32/Taterf worm, which attempts to identify users’ gaming passwords – on their Eee Box review sample, on the test bench this week.  They are uncertain as to whether the virus was left on there from a previous reviewer or came from ASUS themselves.

You know the Antivirus software company tends to exaggerate the state of urgency when it comes to viruses, but it’s not worst than some of them with antivirus suite for OSX. Nevertheless, any malicious self-propagated worm that has been spreading worldwide with variants over 67,500 kinds is not to be taken lightly.

The Mocmex was first identified as a Trojan horse that collected online games passwords, further studies has revealed its ability to get around more than hundred antivirus vendors and Windows security layers. The malware infected PC only ( Winblow !, what else?), and known to download files and hid them randomly with hard to trace patterns, it would then propagated to another PC or other portable storage device as a shelter as soon as it’s plugged into one. CA says Mocmex’s strength is more than just a simple game-password collector, it has the potential for a much bigger attack with its nature to collect personal and private data.

According to SANS, they have found more than four other trojans in different brand of photo frames sold at Best-buy, Costco, Target, and Sam’s Club. Computer Associates also has traces of the virus backdoored to a specific group in China. If you have concerns with recent purchase of your digital photo frames, I suggest you read the report the how-to and SANS contact information from San Francisco Chronicle.