Anti Virus Blog

Symantec has published a report about two software flaws in its antivirus product that could crash users’ computers.

One of the vulnerabilities caused Norton AntiVirus 2004 and 2005 to freeze when scanning a particular file type for viruses. This would ultimately cause the system to hang and require a reboot.

The second flaw occurred in Norton AntiVirus 2005 when a file name was changed on a network shared disk. Under certain circumstances this would result in excess CPU consumption and ultimately a system crash.

The security software company lists the threat as low risk, and to its knowledge no live systems have been affected by the flaws. Users running Symantec’s LiveUpdate service have already received a patch that fixes the problem.

The company advises any users not using LiveUpdate to manually update their antivirus software. Unpatched systems are vulnerable to attack through the web or email.

Still trying to figure out how to safeguard your personal computer against malicious programs designed for snooping and stealing? Then imagine the fun you’ll have configuring and managing security software for your mobile phone.

The alternative, according to experts at security software giant Symantec Corp., may be a virus infection that allows someone to download contact information from your address book, read your calendar appointments or snoop through your stored text messages. Someone could even plant phony text messages in your phone’s memory, use your phone as an electronic eavesdropping device, dial expensive overseas phone-sex numbers or remotely control your phone’s camera.

So far, though, most of the discovered threats have been limited in how much damage they can do and how quickly and widely they can spread, said Oliver Friedrichs, a senior manager with Symantec Security Response.

(more…)

MSN Messenger has been added to the list of instant messenger programs which require heightened vigilence.

Two security companies have discovered that there are two worms, one old and revised, and one new, which are targetting MSN Messenger users. As if we don’t have enough to worry about with phishers targetting Yahoo Messenger, and a security hole in Trillian.

The first is a variation on the Kelvir worm (Win32.Kelvir.a), and the latter is a brand new worm which as been dubbed by security company Aladdin Knowledge Systems “Win32.Serflog.a”, and which F-Secure is calling Sumom. Both worms are considered to be medium-to-high risk.

The Kelvir worm spreads itself by sending a message to an MSN Messenger user which contains a link. When the user clicks on the link, a program is downloaded to the user’s computer which, when executed, attempts to install multiple copies of itself on the user’s computer.

(more…)

On March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to addresses it dug out of infected machines, swept the Internet. Six years later, mass-mailed worms have reached their peak, said the researcher who led authorities to the hacker who wrote Melissa.

Jimmy Kuo, a research fellow with McAfee, was in on the first discussions as samples of the still-not-named virus were captured and put under the forensics microscope.

Melissa, which was a Word macro virus — a form rarely seen these days — was most distinguished by its propagation technique, which involved grabbing the first 50 addresses from Microsoft Outlook, then sending itself to those recipients.

Kuo argued that the propagation scheme would quickly spread, and even flood mail servers with a deluge of messages, predictions that were borne out by events but at first resisted by fellow researchers.

“The first discussions were that the virus wouldn’t get very far because it would end up mailing itself, over and over, to essentially the same 50 people within an organization,” said Kuo. “But I made the assertion that that wasn’t true, because mailing lists were typically among that first 50 due to their spelling — like ‘All’ — or other factors.

“This thing is out there and it’s going to get huge,” Kuo remembered telling the McAfee team.

(more…)

Beijing Rising, a leading seller of antivirus software in China and Japan, wants to break into the U.S. market. Larry Glover and four fellow graduate students at the University of Tampa have a few words of advice:

Don’t bother targeting the personal computer market. It’s taken.

Change your name.

And be ready to spend millions.

The UT students learned about Beijing Rising’s U.S. aspirations last summer, when their classmates met with company executives during a study trip to China led by UT professor Glen Taylor.

Taylor asked the students, who are in a master’s degree program in technology and innovation management, to formulate a marketing plan and present it to Beijing Rising when a group returns to China in May.

Glover, at 43 one of the older UT grad students, is used to pitching projects to Chinese clients. From 2001 to 2003, he and a partner were consultants on credit card and Internet security for a number of Asian clients, including several companies in China. Family matters - he has two young daughters - made him decide to limit grueling overseas trips, so two years ago he joined HSBC, one of the world’s largest financial service organizations. In April, he moved to the bank’s technology offices in Tampa, which it acquired when it bought Household Finance in March 2003.

(more…)

Today, DVForge, Inc. announced the Mac OS X Virus Prize 2005, where the company is openly challenging all of the computer coders of the world to go after the $25,000 cash prize that they are offering to the first person to successfully create and deploy an “in the wild” active virus for the Mac OS X operating system.

For the contest, a ‘virus’ is defined as executable code that attaches itself to a program or file so that it can spread from one computer to another, leaving infections as it travels between computers.

For the contest, an ‘in the wild’ virus is defined as one that is able to spread as a result of normal day-to-day usage onto two or more randomly selected computers that are connected only via the internet.

Are you a clever software geek, bored, looking for a challenge for your immense skills? Would you like world-reaching fame, and, a $25,000 cash prize? Well, here’s your chance for fame and fortune. All you have to do is put a virus into circulation that makes its way onto two totally unprotected Mac OS X computers we have running in Hendersonville, Tennessee. No trick, no hidden barriers… just two open internet connections to two non-firewalled, unmodified, bone-stock OS X 10.3 Panther systems, each tied directly to the ‘net by a T-1 line. According to the PC press, picking up this 25-grand should be child’s play.

(more…)

Microsoft Corp.’s Internet Explorer was vulnerable to known security issues for an astonishing 358 days of 2004, security consultancy ScanIT has claimed.

The only period when it could have been considered “secure” was the week of October 12 to October 19, when patches were available for all its known problems. This contrasts embarrassingly with rival Mozilla’s browser, Firefox, which managed to remain secure from equivalent holes for all but 56 days of the year.

The company gleaned this dramatic statistic from the 195,000 Internet users who tested their browsers for security holes using the company’s online security checker. A browser version was considered “unsafe” on a particular day if a patch fix had not been made available for a known remote execution problem.

“This means fully patched IE was known to be unsafe for an incredible 98 per cent of 2004,” ScanIT’s CEO David Michaux commented. “And for 200 days in 2004 there was a worm or virus exploiting one of those unpatched vulnerabilities.”

(more…)

Adware rather than spyware is the most common problem code on PCs, according to a recent survey of infected PCs.

The research, conducted by privacy company Webroot, found that seven of the top 10 types of malware were related to advertising, usually redirecting searches or monitoring user activity to display targeted advertising. Two of the 10 are re-diallers and one is a key-logger for stealing security codes.

“Our most recent research shows that spyware writers are continuing to innovate and find new, more deviant ways to infiltrate systems,” said Richard Stiennon, vice president of threat research at Webroot.

(more…)

There has been a sharp increase in spam messages purporting to offer the details of women looking for casual sex in recent weeks. But surfers hoping to hook up to swingers are actually directed to pornographic websites, which often harbour spyware, email security firm Clearswift warned Tuesday.

The ruse is one of the latest additions to the spammers’ armoury, and has led to a rise in sex-themed spam from 10 in January to 18 per cent in February 2005. “Aside from the fact that these mails are bogus, clicking on any link within a spam mail can lead to a whole host of unwanted problems. They frequently contain malicious programs including spyware or rogue internet diallers which can run up huge, unexpected bills,” said Alyn Hockey, Clearswift’s Director of Research.

Sex-themed emails have risen in prominence at the expense of a range of bizarre products seen post-Christmas - including a dog-translator and a device which turned a coffee table into a kennel - which has completely dried up. The direct products category has declined slightly from an estimated 17.85 per cent of junk mail messages in January to 14.47 per cent in February 2005, with software product spams occupying the lion’s share of the segment. One new arrival, however, is phoney Sony PSP giveaways.

(more…)

More than half of recent major Internet threats tried to harvest personal information, a sign that financial gain is behind the attacks, according to a Symantec study.

Identity theft features were found in 54 percent of the top 50 malicious codes detected between July and December last year, the security company said in a report released on Monday. That marks an increase on the 36 percent found during the same period in 2003.

“This represents a clear trend that attackers have gone from seeking fame to seeking fortune,” said Oliver Friedrichs, a senior manager with Symantec Security Response.

Computers are increasingly coming under attack from Trojan horses, worms and viruses that attempt to glean users’ cached log-on data and passwords to financial information. This trend is not likely to slow down soon, Friedrichs noted.

(more…)

A man who sent e-mails containing malicious programs to users of Microsoft’s WebTV internet service, reprogramming their computers to dial emergency services, has been sentenced to six months in prison, according to reports.

David Jeansonne, 44, of Metairie, Louisiana, pleaded guilty in February to two charges of intentionally damaging protected computers and causing a threat to public safety.

According to prosecutors, Jeansonne admitted that he had sent an e-mail with an attachment to approximately 20 subscribers of the WebTV (now known as MSN TV) service in July 2002. The message claimed that the attachment was a harmless computer program that, when executed, changed the display colours seen by the WebTV user on the television screen.

However, said prosecutors, the attachment actually contained a hidden computer script that reset the dial-in telephone number in the user’s WebTV box to 9-1-1. Accordingly, the next time the user attempted to log in to WebTV, the computer dialled the emergency services instead of the local modem telephone number supplied to the user by WebTV to access its servers in Santa Clara.

This prompted unnecessary emergency police dispatches at numerous locations around the country, with at least 10 WebTV users reporting that the local police either called or visited their residences in response to the unnecessary 9-1-1 calls.

According to Reuters, Jeansonne was sentenced on Monday to six months in prison, followed by an additional six months home detention. Jeansonne must also pay Microsoft more than $27,100 in damages.

A new study released by the Information Technology Solution Providers Alliance (ITSPA) reveals that small and medium businesses (SMB) are more vulnerable to security attacks than larger companies, due mainly to the lack of adequate anti-virus strategies.

To help to limit this threat, Trend Micro Middle East, a leading global provider of network anti-virus and Internet security software services, is launching a campaign to educate businesses with simple steps they can take to protect IT systems from virus attack.

Trend’s own research, targeting organisations with 500 employees or fewer, has shown that 56% of participants have been victims of a virus attack in the last 12 months – even though 77.5% already have a security policy in place.

The research also shows that participants reported costs of between US$15,000 and US$200,000 for repairing systems after a serious attack. Trend’s ‘Security Solutions’ campaign aims to provide expert advice to small businesses that operate with limited inhouse IT resources.

(more…)

You’re probably aware that Microsoft is working on branding its antivirus and antispyware solutions. The company has already released an antispyware solution into public beta testing and has acquired well-established GeCAD Software and Sybari Software antivirus products.

Some industry analysts think that the most logical way to address spyware is to evolve antivirus solutions to incorporate that ability to prevent spyware from infecting systems in the first place. That’s a reasonable approach, even though it’s another step towards a single point of failure, which many security administrators try to avoid.

(more…)