While checking your bank account from your computer has become a generally accepted means of banking a security firm in Israel is now warning customers that such actions could drain their bank accounts.

According to the firm a new virus known as the “SpyEye Trojan” is able to capture a users bank login information as they type in their username and password and then use that information to make fraudulent purchases.

If the program ended there it would be nothing more than a typical keylogger virus, however creators of the new virus have figured out how to also trick the user by hiding any fraudulent transactions they have made.

The sophisticated virus program basically hides transactions when a user logs into their bank account from the infected computer. For example if you have $1000 in your account and the fraudster makes a $500 purchase that transaction is hidden via your online banking account and you are still shown to have $1000.

The next time you log in from another non-infected computer or check your balance at the bank or an ATM however you will quickly discover that your money is missing.

According to the security firm responsible for the find, the virus is already being used in real world situations and until banks figure out how to stop the program it is expected to spread rapidly.

Sometimes an ATM balance check or a balanced ledger just makes more sense. Do you take extra precautions to secure your computer when it comes to viruses such as the SpyEye Trojan?

[Image via ShutterStock.com]

New ‘SpyEye Trojan’ Banking Virus Steals Your Money, Hides Fraudulent Transactions is a post from: The Inquisitr

A new weapon has been created in the fight against HIV.  Researchers have developed a vaccine that protects rhesus monkey from an extremely virulent form of  simian immunodeficiency virus (SIV), which is distantly related to the virus that causes AIDS in humans.

This is not the first time that SIV vaccines have been successful, but scientists are hoping that when combined with data learned from a current human trial that is being conducted, they will be able to develop a vaccine for human HIV.

Bruce Walker, a virologist at the Ragon Institute of MGH, MIT and Harvard University told Nature Magazine. “To me, if it’s possible in monkeys it’s got to be possible in humans,”

The vaccine is a two stage virus blocker, where the first stage protects against the common (read easy to kill) strains of the virus followed by a boost vaccine which teaches the antibodies to fight the more virulent strains.

Of the monkeys who were given the vaccine, 12% developed SIV, while the ones who were untreated contracted the disease 74% of the time.

Interestingly enough, the team of scientists continued to inject the monkeys every week with the virus and eventually all the monkeys contracted it, but the vaccine prevented SIV after a single exposure by more than 80%

Dan Barouch, a virologist at Beth Israel Deaconess Medical Center in Boston and the head of the study team said.”Because HIV does not cause disease in monkeys, SIV is the best model for evaluating vaccines before they are tested in humans”.

Researchers have told people to be cautious in evaluating the results of the trial as it has not been done in humans, but there is some cause for optimism.

If there were an HIV Vaccine on the market, would you take it?

HIV Vaccine Protects Monkeys from the Virus is a post from: The Inquisitr

Duqu is one of the most intricate, mysterious viruses to be released in several years, matched only in complexity by its predecessor, Stuxnet, but there’s apparently a lighter side to the virus hidden away in the code.

When digging about the source code of an earlier version for clues on how Duqu works and who made it, Moscow-based Kaspersky Lab discovered an “easter egg” of sorts: a reference to Showtime’s hit television show Dexter.

One of the lines of code, referencing a fake font that is utilized in the attack, reads:

“Copyright 2003 Showtime Inc. All rights reserved. Dexter Regular version 1.00. Dexter is a registered trademark of Showtime Inc.”

That the creators have a sense of humor (and a love for Dexter) wasn’t the only thing Kapersky Lab learned about Duqu in their digging, however. When investigating an earlier variant of the virus, researchers discovered a driver signed in 2007, suggesting that development on Duqu could have begun as early as four years ago.

“We can’t be 100% sure [of that date], but all the compiled dates of other files seem to match to attacks,” said Roel Schouwenberg, a senior researcher with Kaspersky, in an interview today (via Computer World). “So we’re leaning towards that date as correct.”

Microsoft has yet to release a patch, but in the interim they’ve offered a temporary fix for the vulnerability. You can find out more about that at this link.

Duqu creators apparently have a thing for Dexter is a post from: The Inquisitr

Symantec announced that a new, malicious virus, called Duqu, has been discovered, and it may have ties to the Stuxnet virus.

Symantec made the discovery alongside an unnamed research lab. The company states that it appears whoever wrote Duqu had access to the source code of the Stuxnet virus. Whereas Stuxnet was designed to infiltrate and destroy industrial software, however, Duqu is an intelligence-gatherer. Researchers say that Duqu may be looking for intelligence to launch an even larger, more successful attack.

“Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT),” the company said. The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.”

The report goes on to say that the Duqu virus was digitally signed using a stolen key from a legitimate, Taiwan-based company, allowing relatively easy infection of the virus’ targets when combined with exploitation of a number of system vulnerabilities. Symantec owns the VeriSign authentication service that controlled the stolen certificate, so Symantec was able to revoke its security privileges (via Tech News World).

“It’s an intelligence operation,” Michael Sconzo, a senior security officer at RSA, told Fox News. “We still aren’t sure of all the things it looks for yet but it is a likely precursor to an attack. It is a Trojan horse.”

Source: Symantec

Stuxnet creators suspected to be behind new Duqu virus is a post from: The Inquisitr

While Mac users like to brag on and on about how they don’t get viruses and other types of malware on their shiny objects of perfection recent events are proving otherwise, and to the degree that Apple has started to include their own anti-malware scanning engine as part of OS X.

The problem is that as smart as apple might think it is at catching all those nasties flocking to infect those awesome Mac machines the people writing the current crop of Mac oriented malware files are just as smart, as evidenced by their newest tactic to infect Mac machines.

Taking a note out of the old Windows malware writers guide the newest Mac trojan, which is actually just a variation of one already out in the wild, will nuke the built-in XProtectUpdater files.

The trojan, called Trojan-Downloader:OSX/Flashback.C, is delivered through a fake Flash Player installer and once the admin passwords are entered as a part of the install Flashback.C hunts down its prey by decrypting the paths within XPathUpdater and unload the XProtectUpdater daemon. Once that is done it overwrites those files with blank space, which in turns nukes the key files that XProtect needs so it can get regular updates.

The trojan can be removed using malware/ virus scanning software. You can find more information on F-Secure’s page for Flashback.C.

via Ars Technica

Mac trojan now equipped with OS X anti-virus nuking ability is a post from: The Inquisitr

This is a little scary- a spike in type 1 diabetes in very young children could be in part due to a strain of the common cold.

An article posted in BMJ Online First says kids with type 1 diabetes are nearly ten times more likely to have been infected with enterovirus strains than children who have not been. A link has long been suspected, and Maria E. Craig, PhD, of the University of New South Wales in Sydney commented on the findings:

“We saw a very strong association between enterovirus infection and type 1 diabetes,.. Obviously studies like the ones we looked at cannot prove cause and effect, but the findings make a strong case for this association.”

Children with symptoms of pre-diabetes were found to be three times as likely to have been infected with enterovirus. Also linked to the findings is what is known as the “hygiene hypothesis,” in which improved sanitization methods are thought to have some possible negative health consequences:

The thinking is that improved hygiene has left babies more vulnerable to assaults from viruses like enterovirus because mothers today pass on fewer protective antibodies than were passed on by past generations of mothers.

If enteroviruses play a big role in type 1 diabetes, the so-called “hygiene hypothesis” could explain why disease rates have not risen in poorer, less industrialized countries, [Virologist Didier Hober, MD, PhD, of France’s University Lille stated.]

Early exposure to common allergens such as gluten and cow’s milk has also been cited in possibly affected increased rates of type 1 diabetes in children.

Cold virus in kids could trigger type 1 diabetes is a post from: The Inquisitr

While it might not seem to be a subject to write and perform a rap song about a flu virus that hasn’t stopped Jerome Clark, medical director of the Long Island Railroad,from applying his skills to creating one. With a track record of doing the same thing for asthma and diabetes his latest creation is being entered in a contest the Department of health and Human Services is sponsoring to select the best swine-flu public service announcement.

Rappin’ Doc warns about H1N1 virus is a post from: The Inquisitr

Yesterday Twitter was hit by a worm. This is the first serious worm attack on Twitter. At first the reports were very mixed, some said you got infected by visiting StalkDaily, others if you visited a Twitter profile page. The affected Twitter accounts would tweet this message:

Hey everyone, join www. StalkDaily. com. It’s a site like Twitter but with pictures, videos, and so much more!

It turns out the worm can be contracted by visiting affected Twitter profile pages. The symptom was the above mentioned tweet. The StalkDaily Worm is just as easy to remove as it is to contract it. You have to make sure that the URL in your Twitter profile page is as it should be.

It could look like this:

• Name gangsterboy
• Location Google
• Web http://”>

If you are using a Twitter client you should be safe, but if you use a web-client stay away from suspicious looking profile pages until they look safe.

Twitter closed the security hole (cross-site scripting vulnerability) 3 hours ago and are assuring us that no vital information was lost. Twitter also recommends that you reset your password. @spam says:

If you have been locked out of your acct due to the StalkDaily issue, pls do a p/w reset; we may have reset your p/w for safety.

According to BNO News Mickeyy Money from StalkDaily has admitted responsibility for the Twitter worm.

I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website.

Contrary to what some sites might say, StalkDaily has claimed full responsibility for the attack.

Twitter infected by StalkDaily Worm is a post from: The Inquisitr

According to a report surfacing on CBS news station WBZ children’s toy maker Fisher-Price decided to send along some extra goodies with one of their cameras for children. The FP Kid-Tough digital camera is infecting the computers that connect to it via the USB cable supplied with the toy.

Anna Tapper couldn’t wait to tear open and try out her favorite present.

"I take pictures of lots of things," Anna said.

Her father, Jeff Tapper, said she had a big smile on her face the minute she knew what it was.
"She was glad to have her own camera and she didn’t have to ask mom and dad for theirs and she could take as many pictures as she wanted," Tapper said.

When Tapper went to download her work, he found her camera had two viruses. Luckily, his anti-virus software spotted them before he downloaded them onto his computer. Without an up-to-date virus-fighter, his laptop could’ve been infected.

"Especially since it’s a kid’s digital camera it’s the last thing you’d expect to have a virus on it," Tapper said.

Source: WBZTV

Google is already showing a number of hits on the Fisher-Price camera virus

[hat tip to the Consumerist]

[graphic courtesy of CBS]

Thanks for the virus Fisher-Price is a post from: The Inquisitr

The program, called Trojan.PWS,ChromeInject.A, looks like a regular Firefox plug-in once it gets into your system. In fact, it’ll show up in the browser as part of Greasemonkey, the fully legit and quite handy customization tool.

This bad boy, though, won’t do you any good. Researchers at BitDefender found the malware will automatically run every time you start Firefox, then use JavaScript to identify any of about 100 different banking and financial sites you might surf to. Bank of America, Wachovia, and even PayPal are said to be included. Once it sees you on one of those sites, it’ll snag your login info and password, then send it all to a server in Russia.

Most people are being bitten by the ChromeInject bug by either downloading a program they think is legit, or by the phenomenon known as “drive-by download,” in which an e-mail or Web site installs the program without the user’s knowledge.

Antivirus programs will likely add protection against the bug before long — BitDefender says it already has — but in the meantime, the smartest thing to do is to keep up your own safeguard. Mozilla’s official add-on site has no instances of the bug, researchers say. Mozilla has been extra vigilant in its add-on scanning since some questionable code was found in a Vietnamese language pack on its site back in May.

Firefox Threat: “Rare” Malware Targeting Browsers is a post from: The Inquisitr

The unwanted addition to the factory fresh computer is from the W32/Usbalex family which is triggered by a file called recycle.exe that sits on the D: drive. the moment you access the D: drive on an infected machine this recycle.exe is launched which then tries to infect the main C: drive. Additionally another worm called W32.Gammima.AG has been found on some machines.

The following models are believed to be the bearer of this wormy goodness

Model: EEEBOXB202-B UPC:610839761807

Model: EEEBOXB202-W UPC:610839761814

Model: EBXB202BLK/VW161DUPC: 610839530526

Model: EBXB202WHT/VW161D-W UPC: 610839531202

Model: EBXB202BLK/VK191T UPC: 610839547753

Now Asus has confirmed that some machines have been shipped that contain these additional goodies and in the press release about this incident (translated from Japanese) they have apologized for this happening. Granted apologies are good and they are doing what they can via their support site but come on guys two incidents like this is just unacceptable. I think Asus is going to have to do some serious work on their quality control but even still this isn’t going to be very helpful to their brand name.

Asus Messes Up – Again is a post from: The Inquisitr

The data shows more malicious messages sent in July than in any other month so far this year. The worst was on July 24, when 10 million infected e-mails went out around the world.

Google says a UPS scam accounted for much of the traffic. The e-mails had what looked like a link to package tracking information but ended up being a link to malware instead. Another offender was a fake CNN newsletter, also containing dangerous links.

For August, the team has found a shift to infected file attachments — a phenomenon that had been decreasing in recent months. The particular case cited uses encrypted RAR files.

Update: Moments after publishing this, I received a virus-linked message myself. Good timing.

Dear valued PayPal member:
Due to concerns, for the safety and integrity of the paypal
account we have issued this warning message.
It has come to our attention that your PayPal account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.

However, failure to update your records will result in account suspension.
Please update your records on or before August 14, 2008.
Once you have updated your account records your paypal account
service will not be interrupted and will continue as normal.
To update your PayPal records click on the following link:

Thank You.
PayPal UPDATE TEAM

Of course, the links led to nonsense domains that had nothing to do with PayPal.

July Sets E-Mail Virus Record is a post from: The Inquisitr

First up, Mozilla is admitting it made a major mistake. The Firefox developers sent out a warning today that one of the browser’s language plug-ins is infected with malicious code. The Vietnamese language pack has been found to contain the adware as a result of a virus that may have been on the developer’s network, unbeknownst to him.

“This code is the result of a virus infection, but does not contain the virus itself,” explained Mozilla Security Chief William Snyder.

“This usually results in the user seeing unwanted ads, but may be used for more malicious actions,” he added.

The bug is believed to be from the Xorer Trojan. Mozilla says it did conduct an initial scan of the program but did not catch the issue until now.

“We are also adding after-the-fact scans of everything to address this sort of case in the future,” Snyder said.

At the same time, McAfee is cautioning that it’s seen an increase in fake MP3 files being used to carry dangerous code. A security expert with the company claims 360,000 users have had problems in the past days. You can find a list of the problematic filenames to avoid on the McAfee Labs Blog.

Viruses Hit Mozilla, MP3s is a post from: The Inquisitr