Half a million Macs may be infected with Flashback botnet.

Dr. Web Anti Virus says 300,000 infected Macs are located in the United States.

The Flashback trojan is designed to steal personal information according to Russian anti-virus company Dr. Web. The company reported approximately 600,000 Macs are infected.

The malware originally looked like an Adobe Flash Player update but can exploit Java updates as well. When visiting a website that contains Flashback a prompt will appear asking for your password so that a package of code can be installed into the Applications folder.  Once it is installed it will begin harvesting passwords for websites and social media accounts.

If you need help removing any Mac malware give us a call 916-987-5474 or email.

Source: BitWise Computer Repair

A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it.

The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams.

But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a “sinkhole,” or a computer they controlled.

But the computers that comprised Kelihos were still infected with its code. Researchers knew that it would only be a matter of time before its controller used the botnet’s complex infrastructure of proxy servers and communication nodes to regain control.

In fact, it happened shortly after the researchers intervened. Sinkholing the botnet was only a temporary solution.

“We could have issued an update to those machines to clean them up, but in several countries that would be illegal,” said Ram Herkanaidu, security researcher and education manager for Kaspersky Lab.

(more…)

An investigation by Jan Drömer, independent researcher,
and Dirk Kollberg, SophosLabs.

On 17 January 2012, The New York Times revealed that Facebook plans to name five men as being involved in the Koobface gang. As a result of the announcement, we have decided to publish the following research, which explains how we uncovered the same names.

Introduction: there ain’t no perfect (cyber)crime

The Koobface botnet – a product of the self proclaimed “Ali Baba & 4″ or “Koobface Gang” – has been terrorizing millions of internet users since mid 2008 and continues to do so up to the present day, despite multiple takedown efforts.

The research below, conducted by independent researcher Jan Drömer and Dirk Kollberg of SophosLabs, is focused on the suspects behind one of the largest cybercrime threats in recent years and the process of their identification.

Research into the suspects was mainly conducted from early October 2009 until February 2010 and has since been made available to various international law enforcement agencies.

As in real life, a perfect (cyber)crime is something of a myth. The simple truth is that today’s cybercrime landscape is aimed at achieving maximum revenue with minimal investment, and that implies a certain level of accepted imperfection.

It is this imperfection, paired with a sense of “criminal arrogance” and an uncontrollable threat environment such as the internet, that ultimately led to the identification of multiple suspects forming the “Koobface gang”. (more…)