Anti Virus Blog

IF you are planning to buy the latest mobile phone or a Bluetooth-enabled device, ensure that the mobile vendor loads the anti-virus software, lest your new handset crashes due to virus or phishing attack.

The threat of mobile phone malwares, though not pronounced still, is expected to become a nightmare for mobile phone users in the not too distant future. While vulnerability of the mobile device to such attack could be an issue, there appears to be no solution to this as long as mobile vendors provide only repair service for phone functions and not Trojan removal service.

A report from Trend Micro’s TrendLabs indicates that mobile malwares not only advanced at a rapid rate in the last three months (in terms of technology and range of infection) but caught the users off-guard.

(more…)

Symantec has patched a security hole which it found in its anti-virus software.

The vulnerability exists in the Windows version of the Symantec Antivirus component which tests RAR files for viruses.

Symantec has said that the security consequences of the hole are small. All it does is cause the decomposer component to crash when a unique RAR file is received for decomposing and scanning.

(more…)

What if the bad guys found ways to infiltrate your computer through the very antivirus software that you thought was protecting you? Recent discoveries suggest that this scenario isn’t so far-fetched.

If you have the latest antivirus definitions, aren’t you protected? Not necessarily. Most programs have an automatic update feature that’s turned on by default, but the tool may update only the definitions, not other software modules such as the scanning engine. The good news: Several antivirus software companies have patched their programs to fix this vulnerability.

McAfee, for example, updated the scanning engine of its VirusScan software to block a hole that could let a cracker control your PC while the engine appears to be scanning for viruses. The vulnerability affects all versions of VirusScan and Internet Security Suite that run on all versions of Windows from 98 through XP.

(more…)

A pair of research reports have explored the long-running Bagle worm and laid out a chronology that points to a professional developer who, like counterparts in the commercial software world, is constantly testing, tweaking, and improving his code for profit, not pride of ownership.

The Bagle worm debuted in mid-January 2004, and according to most anti-virus firms, has been spotted in 60 to 100 variations since then. It’s also usually credited with starting the malware-for-profit movement among hackers, who prior to the ground-breaking worm, typically were motivated by notoriety.

Jason Gordon, an analyst with security research firm infectionvectors.com by night, a security consultant to Department of Defense clients by day, spent the last year watching each edition of Bagel, and recently completed the final third of a three-part report.

“In the year since its release,” he wrote in that report, “Bagle has had a major impact on the Internet” primarily because it was, and remains, “a leader in the nefarious Web economy of spamming, phishing, and stealing passwords.”

(more…)

Stop and think that every term you use has both a denotation (its actual meaning) and a connotation (all of the other meanings that ‘ride along’ with our perception of that term.) The study of semantics is concerned with this to a very deep level.

It is possible for a word to completely lose its meaning in the wash of assigned meanings (or connotations) it can pick up along the way. This is one of the major problems in computer security. Our expectations are based on image-laden terms that very few of us understand.

Lacking even the most basic understanding of what is really going on with security, users fall to the best model they have available, and that model comes not from research or reason, but from science fiction. The original virus came to us in science fiction (Shockwave Rider, a story written by John Brunner in 1975) and many of our expectations come to us from movies and television. Think of a computer virus and the image probably springs from a motion picture. A fiendish hacker has created a virus that is going to tip over an ocean liner (open a bank vault, destroy a nuclear targeting system, or bring a flying saucer down to earth.) When that virus is launched against its targeted victim, an image appears on the screen: a frog, a bomb, a bold message, a cookie monster, or a picture of DaVinci’s man. Then the real fun begins when smoke and fire pours out of the back of the infected computer system before the fiendish plot is executed.

That’s a great dramatic image, but it’s just that—a dramatic image. Viruses are seldom targeted; instead, they infect everybody and everything in their path. Rarely do viruses display any graphics at all. That was more common a decade ago, and even then it represented only a small proportion. But the most amazing little known fact is this: Very few viruses contain any destructive payload at all.

(more…)

A lawsuit filed in New York City accuses Los Angeles-based Intermix Media of being a major spyware distributor.

After a six month investigation into the practice of secretly installing advertising software on personal computers, the Attorney General’s office filed suit against Intermix.

“Spyware and adware are more than an annoyance,” Mr. Spitzer said. “These fraudulent programs foul machines, undermine productivity and in many cases frustrate consumers’ efforts to remove them from their computers. These issues can serve to be a hindrance to the growth of e-commerce.”

(more…)

A malicious website has been detected by F-secure, that utilizes a spelling error when typing the name of popular search engine - ‘Google.com’. If a user opens a malicious website, his/her computer gets hijacked.

The name of the malicious website is ‘Googkle.com’. F-secure advises users to strictly stay away from this site, since simply accessing it allows a lot of different malware to get automatically downloaded and installed. Trojan droppers, trojan downloaders, backdoors, a proxy trojan and a spying trojan are some of the malware that get installed. A few adware-related files are installed.

When ‘googkle.com’ is opened in a browser, it shows 2 popup windows that are linked to the ntsearch.com and toolbarpartner.com. The ‘ntsearch.com’ website downloads and runs the ‘pop.chm’ file and the ‘toolbarpartner.com’ website downloads and runs the ‘ddfs.chm’ file. Both files are downloaded using exploits and they contain exploits themselves to run embedded executable files. One of the webpages of the ‘toolbarpartner.com’ website downloads a file named ‘pic10.jpg’ using an exploit. This JPG file is actually an executable that replaces Windows Media Player application.

(more…)

Stronger authentication, better firewalls and use of the latest software are needed to battle an expanding Internet threat environment.

At least that is the view of Microsoft’s David Aucsmith, architect and CTO, Security Business & Technology Unit. Malware, spam, phishing, spyware, bots and root kits are raking in big bucks and fighting them effectively is a huge challenge, Aucsmith said in a presentation at the Windows Hardware Engineering Conference in Seattle Wednesday.

“We’ve seen an explosion of criminal enterprise moving onto the Net in the last 18 months or so,” he said in describing hacker motivation trends. “It’s no longer just for kicks. It is for making money.”

Aucsmith offered a bleak prognosis for the future of spam, suggesting that it’s become so profitable for the spammers that there’s no end to it in sight. Among other ills, spam serves as a gateway for artificially generated web traffic, phishing, identity theft and credential theft. “People are making a lot of money with spam,” he said flatly.

(more…)

Users of the latest 64-bit version of Microsoft’s Windows XP Professional x64 Edition operating system will not have the option to install Norton or McAfee antivirus software, vnunet.com can reveal.

Users trying to install the Norton Internet Security 2005 security suite for consumers on the 64-bit version of Windows see an error message stating that the product can not be installed.

They are referred to a web page which states: “Symantec currently does not sell any consumer products that are certified to be compatible with 64-bit processors and operating systems.”

A similar error message pops up when trying to install McAfee security products.

Spokespeople for Symantec and McAfee did not respond to requests for further information in time for this story’s posting.

Symantec has previously stated that it will support 64-bit Windows in its corporate antivirus product, but does not list an expected release date.

(more…)

Antivirus company Trend Micro plans to tackle the growing problem of spyware by cutting the communication link between hackers and the computers they have compromised.

Spyware, such as password-stealing keyloggers, secretly reports information back to whoever planted it. Such software has been used to steal identity and banking information, and was implicated in a foiled bank robbery earlier this year.

But Trend Micro claims that a new beta version of InterScan Web Security Suite (2.5) includes a feature that will prevent spyware from reporting back to the author.

“It stops the call-home process,” said Raimund Genes, European president of Trend Micro. “We will be able to highlight which computers are infected and provide a management report.”

(more…)

Central Command, Inc., a provider of antivirus solutions, announced the availability of Vexira Antivirus for Linux-based Mail server with upgraded antivirus, antispam, and spyware protection.

According to Central Command, the new email security suite provides scalable protection from viruses, spam, spyware and other malicious applications. The software provides protection in a single application framework to defend today’s businesses from attack. Vexira contains embedded email defense, email modification technology, email archival and real-time statistics. Pricing starts at $299.95 for a single domain, single server license.

(more…)

Intense Integrations Inc. has released a software program called Intense Internet Security Pro 2005, designed “to change the way we think about security,” the company says.

“It provides real-time advanced protection from online threats such as drive-by virus attacks, spyware, adware, worms, identity theft, email virus attacks, ActiveX triggered virus attacks, Java triggered virus attacks, tracking cookies, browser hijackers, sex dialers, and more,” the company said in its official statement.

Intense Internet Security Pro 2005 protects computers from online attacks without the use of virus or spyware definitions, “a limitation of current virus and spyware protection on the market” the company said.

Company spokesperson Edward Hester told the ISSJ News Desk that “the main difference between our product and AdAware (and others) is that those other methods of defense rely on virus and spyware definitions or class ID numbers to identify and defend against malicious files. This leaves them vunerable to attacks that they have not made a definition for, such as newly released malware and certain variants.”

In contrast, Hester said, “our product uses what we call ‘File Firewall Technology,’ which eliminates, or prompts to eliminate, all incoming files that are of a type that may present a threat. This provides protection from identified and non-identified malware attacks.”

(more…)

A SOFTWARE update released to prevent variants of a new type of malware from infecting PCs has disabled hundreds of thousands of PCs the world over.

Trend Micro’s update signature pattern file, Official Pattern Release 2.594.00, was touted to be “the antidote to malware threats — viruses and worms and bots”, but resulted in performance issues on systems with versions 7.5 and above of its Scan Engine software.

Most of the impact was felt in Japan, where more than 300,000 users called after experiencing system slowdowns, following the release of the update on Saturday morning. The company replaced the faulty file with another version minutes after. Several reports were also filed by customers in the United States and Europe.

(more…)