malware

New malware exploiting Java 7 in Windows and Unix systems

A new Trojan horse called Mal/JavaJar-B has been found that exploits a vulnerability in Oracle's Java 7 and affects even the latest version of the runtime (7u10).

The exploit has been described by Sophos as a zero-day attack since it has been found being actively used in malware before developers have had a chance to investigate and patch it. The exploit is currently under review at the National Vulnerability Database and has been given an ID number CVE-2013-0422, where it is still described as relatively unknown:

"Unspecified vulnerability in Oracle Java 7 Update 10 and earlier allows … Read more

TwitPic snared by Google's malware detector

Google's Web site malware checker identified TwitPic as a security threat today, a classification that has the popular photo site baffled.

Instead of the usual archiving and sharing tools they are used to, users attempting to visit TwitPic today are being greeted by a message informing them that the site has been blocked because "visiting it now is very likely to infect your computer with malware."

TwitPic denied on Twitter that it was a malware threat and said it was trying to contact Google to resolve the issue:

Working to fix the google chrome malware notice when … Read more

The top threats for 2013, as seen by McAfee

In the coming year, the world will see increases in mobile cyberattacks, ransomware, and "hacking for profit," as well as the decline of hacktivist groups such as Anonymous, according to McAfee Labs' 2013 Threat Predictions.

The security firm's research report, released today, predicts that cybercriminals and hacktivists are going to refine and "evolve" techniques and tools used not only to steal from our wallets, but also to take advantage of our personal data. Along with a likely rise in cyberattacks that take advantage of the explosion in mobile technology, McAfee warns of threats based on … Read more

F-Secure gets an A in protection

Review: The Finnish security firm F-Secure gains a large percentage of its business from corporate accounts and platform operators, but that doesn't mean that it treats its consumer security suites as a ginger-haired child of indeterminate parentage and poor temperament. F-Secure 2013 focuses on keeping its security ahead of the curve, along with some ease-of-use improvements. However, as other suites emphasize their engine improvements along with an ever-expanding feature set, F-Secure Anti-Virus 2013 ($39.99) and F-Secure Internet Security 2013 ($59.99) remain steadfastly lean while still providing top-rated security.

Installation Unlike last year, where F-Secure 2012 had a … Read more

New Trojan attempts SMS fraud on OS X users

The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud.

The new malware is a Trojan horse, dubbed "Trojan.SMSSend.3666," and is part of a family of Trojan malware for Windows and other platforms that have affected Windows users for years.

As with all Trojans, these pose as legitimate programs that are made available for download from a number of underground Web sites, with this current one for OS X appearing to be an installer for a program called VKMusic 4, a utility whose … Read more

Facebook helps FBI take down $850M botnet crime ring

Facebook helped the FBI take down an international crime ring that used a botnet to infect 11 million computers and steal more than $850 million, one of the largest cybercrime hauls in history.

The FBI announced today that with the social-networking giant's assistance, it had arrested 10 people from countries around the world who it said used the Yahos malware and Butterfly botnet to steal victims' credit card, bank account, and personal information.

"Facebook's security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by … Read more

Flashback malware hits Macs

Newsflash: Macs do have security vulnerabilities. While people who understand how viruses and malware work have understood this for ages, Mac vulnerabilities became big news as the Flashback malware tore through the Apple community. At its peak, Flashback and its variants had infected an estimated 1 percent of the worldwide Mac population.

This one was a particularly nasty wake-up call known as a drive-by download, as it required only that you go to a Web page to become infected. Apple malware could be unusually lucrative for malware makers because Apple owners have been told implicitly for years that Macs don'… Read more

Cyberwarfare gets real

For nearly a decade, think tanks and government officials in Washington, D.C., have been wrestling with the question of what cyberwar will look like.

In 2012, we learned the answer: Stuxnet, the malware that infected Iran's Natanz plant in a bid to slow the nation's nuclear effort, which was developed by the U.S. and Israel. Security researchers had speculated those governments were the most likely Stuxnet suspects, and a New York Times report in June confirmed it.

Flame, the name given network-sniffing, audio-recording, keystroke-logging malware that infected Iranian oil ministry computers, was discovered in May. At … Read more

Bitdefender 2013: Excellent security for your bits and bytes

The bottom line: Bitdefender Total Security 2013 remains one of the best high-end security suites around. This update gives you a fully isolated Web browser for secure financial transactions.

Review: Bitdefender Total Security 2013 presents a convincing alternative to its better-known competitors. It's a strong program, with all the major tools that users expect, and some additional useful tricks in its arsenal. When it comes to efficacy, Bitdefender isn't the best in every area, but it's definitely competitive.

Editors' note: Portions of this review are based on CNET's review of Bitdefender Total Security 2012.

Installation Bitdefender … Read more