Kapersky Labs have uncovered a malware that exists on hard drives. They say it’s a piece of work by a group called the Equation group. Or it could be the work of NSA. The malware is so sophisticated that there’s no known tool to remove them. The malware can rewrite the firmware of hard drives. They are impossible to detect, let alone remove. The Equation group has been known as far back as 2001.
PC World has a very interesting article entitled, “Unveiling ‘The Mask’: Sophisticated malware ran rampant for 7 years.” It’s also known as Careto, a sophisticated malware that ran rampant and undetected for 7 years. It has infected hundreds of government and private organizations in more than 30 countries. Kapersky Lab, an antivirus firm believes the virus could be state sponsored. Excerpt of the article from PC World:
“When active in a victim system, The Mask can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyze WiFi traffic, fetch all information from Nokia devices, screen captures and monitor all file operations,” the Kaspersky researchers said in the research paper. “The malware collects a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys and RDP [remote desktop protocol] files. There are also several extensions being monitored that we have not been able to identify and could be related to custom military/government-level encryption tools.”
Read the rest of the PC World article.
An estimated 275,000 computers are infected by the DNSChanger malware. Users who have the five year old malware may lose their Internet connection on Monday, July 9. If access to the Internet is ok, the other scenario is, they could be redirected to another website.
So, how do you know if your computer is infected by the DNSChanger malware? There is an organization called DNS Changer Working Group (DCWG) which launched a new tool to check if your computer is infected or not.
Just go to http://www.dns-ok.us/ to check if your PC’s health.
If the box in the resulting website is green, your computer is ok. If the box is red, your computer is infected by DNSChanger. Now, it’s highly unlikely that my Ubuntu desktop contains the DNSChanger malware. Here’s the snapshot of my result.
If you have the malware, you can run any of these free tools to remove DNSChanger.