Virus Updates

[Digital Guerrilla]

Flux is the name of a new pest spreading covertly through the internet. Flux is a trojan that is making the life of most anti malware vendors much harder.

Flux is a reverse backdoor type of trojan. Reverse means that rather than the infected machine waiting for a connection to be made from outside, the infected machine trys to make the connection itself. Standard trojans are made up of two parts - the server and the client.

The client is downloaded to infect the machine. The server is another pc somewhere in the world that then tries to communicate with the client. The problem with standard trojans is that if the infected machine has a good firewall, then the server cannot connect to the client. So although the machine is infected, no data is transferred to the server from the client.

To overcome the blocked connection, malware writers now use this reverse logic to make the client machine responsible for the connection. Many standard firewalls will block requests coming in from the internet to connect, but do not block about outgoing requests to connect. Trojans like flux can therefore operate even through most firewalls.

The really dangerous thing about Flux is not its ability to use this reverse connection feature, but the way that feature is implemented. Flux introduces a new technique of code injection. Code Injecting is a term that describes ways to execute code in other processes. Until now Code Injection worked by loading a DLL file into a foreign process - much like the cookoo lays an egg in another birds nest. This method (called DLL Injection) is quite easy to detect as the anti-malware program just asks the process which DLLs it uses - a trojan DLL is one that is not on the list generated.

Flux doesn't use a DLL. Flux writes its connection code directly into a host process and executes it there. Apart from the fact that this behaviour would circumwent several Desktop Firewalls, it also makes Flux nearly invisible to current anti malware software because the Flux code isn't linked to any module or DLL of the process and will be simply overlooked by anti malware software. That makes complete cleaning very difficult.

[erjin999]

Does antivirus work not by asking about DLLs but by scanning for recognisable code ? So as long as the code is recognisable, why should Antivirus proggies have difficulty ?

[Digital Guerrilla]

The latest version of the windows worm Sober-K is being spread by a fake FBI notice (sent in German or English). The faked emails a sent from false @fbi.gov address. Beware if you recieve such an email. Also worth mentioning is the fake download of American celeb Paris Hilton the subject line will read "Paris Hilton...download it!" and an attached file called "ParisXXX.zip". This ruse contains the Ahker-C worm that tries to disable anti-virus and firewall software on the computer that it is attacking.

In case you have friends at the FBI do not open the email and if you are a fan boy of Paris Hilton this is one download that you do not want to see.

[Digital Guerrilla]

Virus Alert for PSP owners

This particular malware (trojan) passes itself off as from the "PSP team".

It seems so far that you can only get the malware if the device is patched or modified using malicious code usually in conjuction with "homebrewd apps" and "pirated games". What the code does is remove important systmes files in flash making the device unbootable. Beware when downloading software in gaming forums.

[Digital Guerrilla]

Virus Alert Nintendo DS owners!

No doubt the same virus writers (or inspired by others) did not want Nintendo owners to feel left out of the fun. This malware (trojan) is simular to the one invented for the Sony PSP handheld device.

Beware of files with the following names:

r0mloader.zip and taihen.zip

Quick reminder if you mod your device you are at risk and so is your warranty.

[Digital Guerrilla]

Sony has updates I am not sure about Nintendo. 

[gryphon]

it's non-Sony software which is affecting the PSP. In a way Sony isn't obligated to realy any fix for it. Just send it back to tech-support and pay the price.

[Digital Guerrilla]

Updates yes, but have they released a fix for a bricked psp?

"a bricked DS can be restored by loading up the DS off of a flash card with the DS firmware" from gamespot.

Info about restoring an Nintendo DS

"It is apparently possible to fix the DS if you have FlashMe but otherwise you will be left with a brick. To fix if you have FlashMe hold A+B+SELECT+START when switching on the DS, you can then run the original FlashMe updater to restore the DS. There are also reports that it will erase G6, M3, gbamp and SuperCard firmware as well as deleting anything found on the CompactFlash card in the gbamp.

"

Sorry Spec but ATM no software fix for the PSP but at XboxRepairGude.com you can purchase another motherboard for about $99 (USD).

Just a little note Spec

Sony is not resposible for any security hole in the device really because you can only have your device bricked if you "mod" it and run "homebrewed apps". Read what I posted about the sitution.