This new (old) trojan, according to Sophos, is a variant of the old backdoor trojan that has haunted Windows users and goes by the name of: darkComet, a Remote Access Trojan (RAT). The creator of the version targeted for OS X is apparently calling his version Blackhole RAT.

From the blog post at Sophos:

The Mac OS X version is very basic and there appears to be a mix of German and English in the user interface. Its functions include:

* Placing text files on the desktop
* Sending a restart, shutdown or sleep command
* Running arbitrary shell commands
* Placing a full screen window with a message that only allows you to click reboot
* Sending URLs to the client to open a website
* Popping up a fake “Administrator Password” window to phish the target

Old Windows trojan being re-worked for Mac OS X is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Watch out for the Energizer Bunny he might be carrying a trojan
2. A nasty ransomware trojan making the rounds
3. Zune Desktop 4.7 hits Windows Update
4. Vote on your favorite wishlist items for Windows 8

Viruses, trojans, spyware, malware. All terms that have specific meaning and none of it good for you or your computer. However it is really important for people using computers, especially new users, to understand them.

In his new book Windows 7 Annoyances: Tips, Secrets, and Solutions, David A. Karp has put together some really good and easy to understand explanations of these nasty things out to get you. The following can be found on Page 344 of his book.

Viruses

A virus is a program or piece of code that “infects” other software by embedding a copy of itself in one or more executable files. When the software runs, so does the embedded virus, thus propagating the infection. Viruses can replicate themselves, and some (known as polymorphic viruses) can even change their virus signatures each time to avoid detection by antivirus software. Unlike worms, next, viruses can’t infect other computers without assistance from people(a.k.a. you), a topic discussed in detail in the next section.

Worms

A worm is a special type of virus that can infect a computer without any help from its user, typically through a network ir Internet connection. Worms can replicate themselves like ordinary viruses, but do not spread by infecting programs or documents. A classic example is the W32.Blaster.Worm which exploited a bug in Windows XP, causing it to restart repeatedly or simply seize up.

Trojan horses

A Trojan horse spreads itself by masquerading as a benign application (as opposed to infecting an otherwise normal file), such as a screensaver or even, ironically, a virus removal tool.

Rootkits

A rootkit is a form of malware designed to conceal the fact that your computer has been infected. By their very nature, rootkits are particularly difficult to remove, let alone find. To hide its presence, a rootkit must be in memory, so the best means of detection and removal is to access the compromised drive from a different operating system, either using a dual-boot setup or by removing the drive from the PC and plugging it into another PC. GMER – http://www.gmer.net – can also be used to detect and remove rootkits.

Spyware and adware

Spyware is a little different that the aforementioned viruses and worms, in that its purpose is not necessarily to hobble a computer or destroy data, but rather something much more insidious. Spyware is designed to install itself transparently on your system, spy on you or your employer, and then send the data it collects back to an Internet server. This is sometimes done to collect information about unsuspecting users (automated identity theft), but also can serve as a conduit for pop-up advertisements (a.k.a. adware).

Aside from the ethical implications, spyware can be particularly troublesome because it’s so often very poorly written, and as a result, ends up causing error messages, performance slowdowns, and seemingly random crashing. Plus, it uses your computer’s CPU cycles and Internet connection bandwidth to accomplish its goals, leaving fewer resources available for the applications you actually want to use.

Confused about what viruses, malware or spyware means? Here’s some help. is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. System Restore and malware – a piece of advise
2. New rogue spyware app: Antivirus Pro 2010
3. Malware writers fine-tuning their nasties to specific OS versions
4. Hard drive jargon got you confused? Here’s some help

Thanks to a post by Ed Bott we find out that one of the stalwart Linux IRC (Internet Relay Chat) servers, Unreal IRC, has been infected with with a backdoor trojan. Now this may not seem all that important in this Facebook social media day and age but the Unreal IRC server is one of the most widely used IRC servers in the world.

It would seem that one of the mirrors download sites started hosting and infected package almost 8 months ago which means the proliferation could be quite extensive. From the official announcement:

Hi all,

This is very embarrassing…

We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it.

This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn’t allow any users in).

As Ed points out it is additionally funny given that the replacement happened back on November of 2009 and no-one noticed. Not only that but the Windows (SSL and non-ssl) version of the same software wasn’t affected.

Ed goes on to say that Mac users shouldn’t be high-fiving each other too much

Meanwhile, Mac users shouldn’t get complacent either. Intego has reported two in-the-wild outbreaks of a Trojan horse program found on game sites and a gruesome piece of spyware that tags along with screen savers and other freebie apps. (And Intego says they found copies of the unwanted software even after the original distributor claimed to have removed it.)

Would you like a bottle of ketchup to go with that crow?

I love it when a Linux or Mac balloon gets busted is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. OMG! It must be the end of the world as we know it
2. Vista/XP update and love of community
3. Windows 7 Search – Start Menu a hidden gem

There is a new one according to a report from Symantec called Ramvicrype Trojan that well encrypt your files and then when you are search for a fix you find yourself directed to a website that will sell you some software to fix the problem. The search will yield the expected results because of the unique file extension the malware uses on the encrypted files.

Using the file extension – *.vicrypt it takes short order to find the solution but Symantec has published a specific utility program to help any victims hit by this trojan.

Symantec virus researcher Shunichi Imano said in a blog entry that Ramvicrype victims will see some files on the computer with a vicrypt extension.

Entering the term ‘vicrypt’ into a search engine leads us to a company offering a fix, which of course is a charged service. So, there was a reason for that file extension after all.

The security vendor has developed a Symantec Ramvicrype removal tool for victims to decrypt the files.

The one other solution is to make sure you have a current image file of your system and then restore if hit by crippling malware such as this one.

hat tip to the Security Bytes team.

A nasty ransomware trojan making the rounds is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Search for news on wildfires could land you a trojan
2. System Restore and malware – a piece of advise
3. Software Review: Unlocker
4. Easeus Partition Manager

I have seen this in the past when working on client’s machines where malware scans have shown viruses and trojans hiding out in both System Restore and the $Recycle Bin folders. Even from there as Chun Feng, a Microsoft virus specialist, speaking at the Virus Bulletin conference in Geneva pointed out the known trojan Dogrobot can survive and re-infect your machine.

So while I am an advocate of using System Restore I also suggest that you clean out your system restore on a regular basis using the following steps

1. Before you clean out your system restore cache make sure that you first clean out your Recycle Bin. The reason for this is if there is any malware you might have hiding in there it will get deleted but remember these files will also be a part of your System Restore cache as well. By deleting these files you remove the surface threat of them still being able to re-infect your machine.

2. Once you have done that it is time to delete all the System Restore files you have collected. This is a pretty simple procedure which you can start by clicking on the Start button and the right click on the Computer menu item

That will bring up your System Information dialog where you select System Protection

This will display the System Properties dialog with the System Protection tab selected. There you will see a list of drives that have System Restore enabled on them.

Select the drive your want to turn System Restore off on (you should actually do it for all drives where it is enabled) and then select the Configure button which will display the following dialog window

Select the Turn off protection option and then click Okay on the confirmation dialog that will pop up.

3. Once you have done that for all the drives re-boot your machine. This will clear out all the files in the System Restore cache.

4. After rebooting repeat the process above and re-enable System Restore on your drives and then create a fresh restore point.

This process will always make sure that any baddies that might be hiding in places you would think are safe are actually gone for good.

System Restore and malware – a piece of advise is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. System Restore – the life saver everyone suggests you disable – Wrong!
2. New rogue spyware app: Antivirus Pro 2010
3. Search for news on wildfires could land you a trojan
4. The most secure browser? Not who you think.

The lastest case is the wildfires creating havoc in California as malicious sites are serving some nasty trojans up to surfers trying to find all the news they can on the disaster. As Steve Bass, who is near Altadena, California, writes to the guys at Sunbelt Software

“We’ve discovered that if you conduct an "Altadenablog" search on Google right now, it will point you to several sites that will try to load malware on your computer. It’s pretty insidious — it will not allow you to surf away nor shut off the browser unless you click the "Yes" button on the "Download antivirus software now!" box. We have a Mac and know a few hacker tricks to shut down a recalcitrant browser, but others might not be so lucky.”
Another dangerous search string is: "Altadena Fire Hottest Info" Steve said.

Another reader of the Sunbelt Software blog sent in a screen capture of one such site

So as much as you might want to find out what is going on in California this is no time to let your guard down, or you’ll find yourself having to do a system rebuild instead of keeping up on the news.

Search for news on wildfires could land you a trojan is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Search Twitter from Windows 7 Explorer
2. RogueWare Warning: PC Antispyware 2010