ZeroAccess appeared in the wild in early 2012 and shows no signs of slowing down. This insidious malware is part of a botnet which is apparently focused on clickfraud: infected computers simulate clicking on web advertisements, thereby generating ad revenue for the botnet’s perpetrators and their customers.
What makes ZeroAccess particularly nasty is that it can use a lot of bandwidth, causing infected computers to reach and surpass bandwidth caps. Unsuspecting users may find bandwidth overage charges on their ISP’s bills.
Most up to date anti-malware software can detect and remove ZeroAccess, so if you’re not already using such software, you should start. If you’ve noticed a spike in your Internet bandwidth usage, you should scan your computer immediately. Free on-line scanners such as Housecall, as well as free offline scanners like Microsoft Security Essentials will do the job.
One of the world’s largest spam botnets has finally been eradicated. At its peak – as recently as January 2012 – the Grum botnet was the largest spamming network in the world.
Spam levels worldwide are expected to drop as a result, although it seems probable that newer, more sophisticated botnets will rise to take Grum’s place. Enjoy the respite while you can.
Credit goes to several dedicated security researchers and anti-spam companies, including FireEye researcher Atif Mushtaq, researchers from anti-spam organisation Spamhaus, the Russian Computer Security Incident Response Team and other experts in the field.
Techweek Europe has all the details in their article on Grum’s demise.
DNSChanger is a nasty piece of malware that – according to the FBI – still infects more than four million computers worldwide.
When the FBI arrested the people responsible for creating and controlling DNSChanger, they realized that taking down the servers controlling the malware would interrupt Internet access for computers still infected. So they left the DNSChanger servers up, but disabled the malware’s ability to spread further. They issued warnings to the general public, stating that they intended to shut down the DNSChanger servers on July 9, 2012. That day is approaching.
To avoid having your computer essentially cut off from the Internet on Monday, you should use one of the many available DNSChanger detection sites to determine whether your computer is infected. In the unlikely event that your computer is found to be infected, instructions and tools for removal of DNSChanger are available.
VRT reports on a phishing campaign seen recently. This particular phishing attempt arrives as an unsolicited email that appears to be from UPS, about a delivery failure.
As with all phishing attempts, the goal is to trick the email recipient into thinking that this is a legitimate email from UPS. Once the user has been tricked into clicking one of the embedded links, software is installed surreptitiously. This software then attempts to steal usernames, passwords and banking information.
Other phishing attacks may use slightly different approaches, such as tricking the user into entering their banking information onto a malicious web page.
There are very few anti-malware packages that can prevent this sort of attack. The exceptions are typically expensive and geared toward corporate clients. Average users must rely on their own common sense to detect these attacks and simply delete the offending email.