{"id":16589,"date":"2012-08-23T00:03:00","date_gmt":"2012-08-23T05:03:00","guid":{"rendered":"http:\/\/quotulatiousness.ca\/blog\/?p=16589"},"modified":"2012-08-22T12:45:22","modified_gmt":"2012-08-22T17:45:22","slug":"crisis-malware-is-particularly-capable-of-damage","status":"publish","type":"post","link":"https:\/\/quotulatiousness.ca\/blog\/2012\/08\/23\/crisis-malware-is-particularly-capable-of-damage\/","title":{"rendered":"Crisis malware is particularly capable of damage"},"content":{"rendered":"<p><a href=\"http:\/\/www.theregister.co.uk\/2012\/08\/22\/malware_crisis\/\" target=\"_blank\">John Leyden<\/a> in <em>The Register<\/em>:<\/p>\n<blockquote><p>Security watchers have discovered a virus strain that compromises VMware virtual machines as well as infecting Mac OS X and Windows computers and Windows Mobile devices. It demonstrates previously unseen capabilities in the process.<\/p>\n<p>The Crisis malware typically arrives in a Java archive file (.jar) and is typically installed by posing as a Flash Player Java applet to trick a victim into opening it.<\/p>\n<p>The archive contains executable files targeting Apple and Microsoft operating systems; the malware is able to detect which platform it is running on and serve up the correct variant.<\/p>\n<p>Once launched, the worm puts in place a rootkit to hide itself from view; installs spyware to record the user&#8217;s every move on the computer; and opens a backdoor to the IP address 176.58.100.37, allowing miscreants to gain further access to the machine, according to a write-up of the threat by Kaspersky Lab. The malicious code also, unsurprisingly, survives across reboots.<\/p>\n<p>The Windows variant can kill off antivirus programs, log keypresses, download and upload files, take screengrabs, lift the contents of the user&#8217;s clipboard, record from the computer&#8217;s webcam and mic, and snoop on these applications: Firefox, Internet Explorer, Chrome, Microsoft Messenger, Skype, Google Talk and Yahoo! Messenger.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>John Leyden in The Register: Security watchers have discovered a virus strain that compromises VMware virtual machines as well as infecting Mac OS X and Windows computers and Windows Mobile devices. It demonstrates previously unseen capabilities in the process. The Crisis malware typically arrives in a Java archive file (.jar) and is typically installed by [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[15],"tags":[109,58,385],"class_list":["post-16589","post","type-post","status-publish","format-standard","hentry","category-technology","tag-computers","tag-internet","tag-malware"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2hpV6-4jz","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/16589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/comments?post=16589"}],"version-history":[{"count":1,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/16589\/revisions"}],"predecessor-version":[{"id":16590,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/16589\/revisions\/16590"}],"wp:attachment":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/media?parent=16589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/categories?post=16589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/tags?post=16589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}