Kapersky Labs have uncovered a malware that exists on hard drives. They say it’s a piece of work by a group called the Equation group. Or it could be the work of NSA. The malware is so sophisticated that there’s no known tool to remove them. The malware can rewrite the firmware of hard drives. They are impossible to detect, let alone remove. The Equation group has been known as far back as 2001.
PC World has a very interesting article entitled, “Unveiling ‘The Mask’: Sophisticated malware ran rampant for 7 years.” It’s also known as Careto, a sophisticated malware that ran rampant and undetected for 7 years. It has infected hundreds of government and private organizations in more than 30 countries. Kapersky Lab, an antivirus firm believes the virus could be state sponsored. Excerpt of the article from PC World:
“When active in a victim system, The Mask can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyze WiFi traffic, fetch all information from Nokia devices, screen captures and monitor all file operations,” the Kaspersky researchers said in the research paper. “The malware collects a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys and RDP [remote desktop protocol] files. There are also several extensions being monitored that we have not been able to identify and could be related to custom military/government-level encryption tools.”
Read the rest of the PC World article.
An estimated 275,000 computers are infected by the DNSChanger malware. Users who have the five year old malware may lose their Internet connection on Monday, July 9. If access to the Internet is ok, the other scenario is, they could be redirected to another website.
So, how do you know if your computer is infected by the DNSChanger malware? There is an organization called DNS Changer Working Group (DCWG) which launched a new tool to check if your computer is infected or not.
Just go to http://www.dns-ok.us/ to check if your PC’s health.
If the box in the resulting website is green, your computer is ok. If the box is red, your computer is infected by DNSChanger. Now, it’s highly unlikely that my Ubuntu desktop contains the DNSChanger malware. Here’s the snapshot of my result.
If you have the malware, you can run any of these free tools to remove DNSChanger.
I was working with a client on Friday to remove a nasty malware called Antivirus Live. This rogue and fake antivirus program disables the browser from accessing the internet. It prevent users from launching or installing applications. The virus hijacks the computer with popups telling the user the computer is infected with many viruses, although they are not really there. The fake antivirus program recommends that a user buy their antivirus program to remove the viruses.
A year ago, I posted an article documenting how to remove the Antivirus Pro virus. It’s similar to Antivirus Live, in that it fakes the user there are viruses on the computer and recommend users to buy their own solution. Battling Antivirus Live is a bit more involved because the tools and processes I use before were ineffective with Antivirus Live. I ran Malwarebytes but it did not detect any malware or viruses.
So, I searched the internet for Antivirus Live and came across this website. It recommends that you use SuperAntiSpyware, MalwareBytes and Microsoft Security Essentials to remove Antivirus Live virus. The SuperAntiSpyware program turned out to be the super star. It was able to remove Antivirus Live as well as a few more. In the end, it found 67 items, in which 2 were viruses, and the rest were tracking cookies. I was disappointed with MalwareBytes. I’m not convinced with Microsoft Security Essentials either, but I left it on the computer.
If you ever face the Antivirus Live virus, just follow the instructions here.
One thing I forgot to mention. I had to boot into Windows Safe Mode (Press F8 on boot up) to perform all the drive scans. Otherwise, it would be impossible to launch any program in normal Windows mode since the computer is hijacked.
PCMag.com just published a new article entitled, “Best Antivirus Software for 2011.” The title was a bit misleading because it focuses only on antivirus software that were recently released. There are a number of antivirus software suites that were ommitted, and were not included in the test, since they haven’t been released yet. One area that I really want to focus on, is in the area of free antivirus software. We all love free stuff.
Panda Cloud Antivirus 1.1 gets the Editor choice award. Not bad for a fairly new product. What are the pros and cons of Panda? The good. It’s great a keeping malicious software from installing on your clean computer. The bad. It’s not as effective at removing viruses. The author recommends another antivirus software for malware removal.
I think Panda Cloud Antivirus 1.1 deserves a try. If it does a great job of protection, there’s no really need for removal. After all, what else can you ask for a free product.