In association with heise online

30 July 2012, 10:27

Lost+Found: Virus pick 'n' mix, worm plays AC/DC, Flame secrets revealed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Lost+Found icon Too short for news, too good to lose; Lost+Found is a roundup of useful security news. This time: App Store malware that can't actually do anything malicious, a Mac trojan that is not in the wild, a worm that plays AC/DC songs, a false alarm from F-Secure, another password leak, and more Flame secrets revealed.

  • An Apple forum user has reported an interesting find – an iPhone app that apparently contains a Windows virus. Contrary to initial assumptions, this was no false alarm. The Instaquotes Quotes Cards for Instagram application, which was being distributed via the App Store, was indeed infected with the antique worm Mal/CoiDung-A. This is rather puzzling, however, since there is usually no way of accessing the malware in this installation package. It also can not actually escape the package. It may be that one of the application developer's computers was infected, or it could be that it was some sort of experiment.

  • Anti-virus company Intego has also discovered something very interesting – a Mac trojan which is not actually present in the wild. The company did not reveal exactly where they found it.

  • F-Secure Chief Research Officer Mikko Hypponen has apparently received emails from the Atomic Energy Organization of Iran (AEOI). The emails contain complaints from a scientist who claims that another worm is on the loose in Iranian nuclear facilities and that one of its tricks is to play AC/DC's Thunderstruck at full volume in the middle of the night.

  • Readers have been complaining that, when they visit The H's associates at, F-Secure reports a malicious URL from an ad server and displays the following warning: "This website is harmful. F-Secure has found evidence of harmful behaviour on this website." When heise Security enquired about this, it was told that, "we're afraid it is in fact a false alarm" – once again.

  • Online shop csv.deGerman language link is sending its customers emails warning that there has been a "security incident in which some users' email addresses and passwords have been compromised". We feel like we're in Groundhog Day.

  • Eset has published a detailed analysis of the main module in Flame, mssecmgr.ocx.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit