The Darling Malware of May

Crypto-currency is used to battling an ever-increasing surge of malware infiltration, but now a ‘light-hearted’ example has been causing some Microsoft Security Essentials (MSE) users some heartache.

8 Total views
0 Total shares
The Darling Malware of May

Crypto-currency is used to battling an ever-increasing surge of malware infiltration, but now a ‘light-hearted’ example has been causing some Microsoft Security Essentials (MSE) users some heartache.

While the Norwegian-spawned crypto mining virus spreads through the community, now the ghost of viruses past has surfaced to add some (non-lethal) panic to the mixture.

Block chain headache

MSE forums user edc678 voiced concern last week over a signature from veteran DOS/STONED virus being added to the block chain. “It appears to be a joke or prank, simply because this particular virus does nothing more than periodically show "YOUR COMPUTER HAS BEEN STONED" on one out of every eight computer boot-ups,” the user wrote.

While only the signature was uploaded and not the virus itself, there is no threat to users of any sort. The problems arise, however, when MSE flags up the signature as a potential threat, resulting in the need for users to cleanse the ‘infected’ file, which in this case means the block chain file.

With the block chain history gone, users would need to re-download it, which requires some time as it is currently 17,405 megabytes, according to Blockchain.info.

“…its constant alerts of finding threats in the blockchain is not only worrisome, but can create panic and a negative perception of Bitcoin as a whole, damaging its reputation and annoying users,” edc678 continues.

The threat for the meantime appears to be contained and reported only by a small number of MSE clients, however. The DOS/STONED virus first surfaced in 1987, making it an unlikely cause of today’s block chain insecurity.

Crude masquerade

Meanwhile, while reporting that Bitcoin malware has increased by 25% since 2013, Internet Security provider Kaspersky Labs has fallen foul of its own adversary, PCWorld.com reports.

Albeit not a mining app like those found and removed from Google Play earlier this month, the fake app impersonates Kasperksy’s security product, while in fact offering no protection whatsoever to the paying user.

“This app, which also had to be paid for up front, went by the name of Kaspersky Mobile. The fact that there is no program with that name in Kaspersky Lab’s product line didn’t deter the fraudsters – they obviously didn’t expect anyone to notice,” a blog post from Kaspersky expert Roman Unuchek further notes.

“The fake app, which was available for 149 rubles or around $4, used Kaspersky’s logo and other branding elements and even pretended to scan files when run.”

While relatively harmless compared to mining malware, the app itself was new in being listed on Windows Phone Store, Kaspersky says, as Google Play was previously the venue of choice for scammers.