Anti Virus Blog

An antivirus software program update that caused widespread computer problems over the weekend was not thoroughly tested prior to its release, maker Trend Micro Inc. admitted Sunday.

A bug in the Virus Buster software caused computer operations to loop, causing affected machines to slow down or crash.

The glitch paralyzed rail, media and other online networks for hours in Japan on Saturday. After tens of thousands of computers downloaded and installed the upgrade, their operating systems began experiencing the problems.

Tokyo-based Trend Micro admitted the faulty update file was distributed worldwide from its virus research and analysis center in the Philippines without required testing.

“Our investigation found that an essential test was skipped,” Akihiko Omikawa, Trend Micro senior vice president for Japan sales and marketing, said early Sunday morning in apologizing for the trouble.

Omikawa pledged the company would make all-out efforts to repair damages and to ensure thorough predistribution testing in the future.

Most of the damage was reported in Japan, where Virus Buster is estimated to have around 40 percent of the market.

The update file was made available for online download around 7:30 a.m. Saturday.

(more…)

Hackers will continue to launch known viruses and other forms of malware because more than half the PCs on the internet today remain unpatched, according to security solutions firm McAfee.

In a quarterly security report, McAfee also said mobile viruses and new forms of phishing were the main threats internet users had to watch out for in the coming months.

Like rival security company Kaspersky, which has also just published a quarterly threats report, McAfee said mass mailer worms were starting to taper off in the threat stakes, but that there had been a big increase in bots - zombie PCs controlled by remote hackers - and trojans.

Trojans are increasingly being distributed by phishing e-mails, along with keylogging programs that can send keyboard strokes to remote fraudsters.

“Although we saw a steady decline in the rate of viruses produced from 2000 to 2004, down to a 5% year over year growth, we’ve seen a 20% increase in malware-related threats between 2004 and 2005, and anticipate that these numbers will stay at the higher rate of growth for the immediate future,” said Vincent Gullotto, vice-president of McAfee’s security lab Avert.

(more…)

SurfControl on Monday said that early next month it plans to ship a new product that thwarts spyware and other malware threats plus helps enforce corporate controls for applications such as instant messaging.

Called SurfControl Enterprise Threat Shield, the software provides features and signature databases for protecting against known malware, but it also can be custom-programmed by solution providers to adapt and respond to new threats on the fly, said Jim Murphy, director of product marketing at SurfControl, Scotts Valley, Calif.

SurfControl Enterprise Threat Shield fits into the vendor’s broad Enterprise Protection Suite. It costs $30 per user per year in deployments of 100 users, and the price drops to $17 per user per year for a 1,000-user installation, Murphy said.

(more…)

Unpatched computers continue to represent the IT world’s biggest security problem, keeping threats that target software vulnerabilities at the top of McAfee’s latest industry analysis.

In its report covering security threats during the first quarter, McAfee’s Anti-virus and Vulnerability Emergency Response Team (AVERT) said Monday that more than 1,000 new attacks aimed at software vulnerabilities emerged in the first three months of this year. The total amounts to a roughly 6 percent increase, compared with the same period last year. McAfee also noted that it received word of more than 200,000 vulnerability-oriented attacks during the first quarter.

McAfee said that while software makers have improved their ability to respond to vulnerabilities as the flaws are discovered, it found that at least 50 percent of computers connected to the Internet remain improperly protected by product updates or patches.

Vincent Gullotto, vice president of AVERT, said that malicious-code writers are finding ways to make a buck off unprotected PCs, which is driving greater numbers of vulnerability-based attacks.

(more…)

Internet Security Systems Inc. this week will unveil its Proventia Desktop intrusion prevention system offering and introduce a virus-fighting technology that does not rely on digital audiotape files or signatures to detect malware.

Known as the Virus Prevention System, the feature employs virtual-machine technology to prevent viruses from executing on PCs. When the Proventia software detects a potentially malicious attachment, the system executes the attachment inside a virtual-machine environment and observes its behavior.

If the program exhibits malicious behavior, such as attempting to harvest addresses from the Microsoft Corp. Outlook contact list or trying to kill anti-virus software, Proventia quarantines the message and attachment.

If there is no malicious behavior, the software allows the attachment to execute on the user’s PC. But in both cases Proventia creates a fingerprint of the attachment for future reference.

(more…)

Extensible Markup Language (XML), which is aiding e-commerce services on the Web, can now sport a firewall to dissuade hackers and viruses. Security giant Forum Systems has joined hands with Computer Associates to integrate its XWall Web Services Firewall with the latter’s eTrust Antivirus software to prevent worms, viruses, and malicious codes from infecting networks through XML codes.

“Virus attackers are looking for other ways of getting into the organization. Email and the Web are the two dominant forms now and are well protected. But XML isn’t really protected at the moment,” said Bill Mann, vice president, product management, Computer Associates.

(more…)

Symbian anti-virus specialist SimWorks announced that it has identified 52 previously unknown trojans for the Symbian platform, more than all of the trojans and other malware for Symbian based devices combined identified to date.The trojans appear to be cracked versions of popular Symbian applications such as BitStorm, BugMe!, Cosmic Fighter, 3D Motoracer and SplashID. In addition to the installation files for the application itself, the files also include various versions of previously known malware such as Cabir and Locknut.

SimWorks CEO Aaron Davidson says “This is a significant development as until now we’ve usually found mobile trojans two or three at a time at the most. It would be easy for a malware writer to create 1 trojan and give it 52 different names however this is not the case here where we have 52 separately cracked and infected applications. Somebody has gone to an awful lot of time and effort to turn these out.“Previous mobile viruses have either been able to spread but cause no harm or alternatively have been able cause significant harm but not able to spread. It may be that producing large numbers of harmful trojans such as those we discovered today is a reaction by the writers to their inability to produce destructive viruses that can effectively spread.

(more…)

A Japanese news service and several national dailies were struck with a network problem Saturday, apparently caused by an antivirus software fault.

Hit with system problems were Kyodo News and the Asahi Shimbun, Yomiuri Shimbun, Nikkei Shimbun and Shinano Mainichi Shimbun newspapers. East Japan Railway Co. (JR East) also reportedly faced trouble with its local area network (LAN) system.

Kyodo News officials said a problem occurred with editing terminals at its headquarters in the Tokyo Metropolitan area at about 8:20 a.m. on Saturday, preventing it from sending articles to 57 newspapers and subscribing firms. The problem was fixed about 2 hours, 40 minutes later. Fax transmissions were used as an emergency measure during the time the articles couldn’t be sent.

(more…)

E-mailed worms pose less of a threat and Microsoft has been lucky so far, said a virus researcher Friday in explaining why 2005 has been relatively quiet on the security front.

“2004 was distinguished by a number of major epidemics caused by e-mail worms such as MyDoom, NetSky, Bagle, and Zafi,” said Alexander Gostev, a senior analyst with Moscow-based Kaspersky Labs, in a report he authored on the security situation for the first quarter of the year.

“However, late 2004 and early 2005 were free of such outbreaks, with nothing on the scale of even the mid-sized outbreaks of 2004,” Gostev added.

The decline in destructive power of e-mailed worms may be due to anti-virus vendors developing new technologies to address them, including detecting worms in compressed .zip files and pre-scanning messages with executable attachments, but he also gave credit to Microsoft for patching several Outlook and Outlook Express vulnerabilities. He even tipped his hat at the press for banging the security drum.

(more…)

Some 52 previously unknown trojans targeting mobile phone operating system Symbian appeared in the 24 hours ending 20 April, a security firm said.

Aaron Davidson, chief executive at mobile phone-focused anti-virus vendor SimWorks, said the company had identified 52 previously unknown Symbian trojans in one day — twice the number of all malware targeting Symbian identified to date.

“Until now, we’ve usually found mobile trojans two or three at a time at the most,” he said.

Although a malware writer could create one trojan and give it 52 different names, that wasn’t what had happened here, he said.

“This is not the case here, where we have 52 separately cracked and infected applications. Somebody has gone to an awful lot of time and effort to turn these out,” Davidson said.

The trojans appeared to be cracked versions of popular Symbian applications such as
BitStorm, BugMe!, Cosmic Fighter, 3D Motoracer and SplashID. The files also included various versions of previously known malware such as Cabir and Locknut, he said.

All 52 trojans targeted Series 60 phones running Symbian’s version 6 operating system. None targeted UIQ-based Symbian phones such as the SonyEricsson P900/910 and Motorola A925/1000, Davidson said.

“Previous mobile viruses have either been able to spread but cause no harm or have been able cause significant harm but not able to spread,” he said.

Davidson speculated that the large number of harmful trojans found in one day meant malware writers wanted to improve the odds of someone actually downloading and installing the trojans.

(more…)

E-mail worms are falling out of favor with the hacking community, according to a report investigating malicious Internet activity.

Instead, malware authors are increasingly subverting vulnerable instant messenger (IM) systems and using network viruses that do not require user interaction to spread.

Other threats identified include botnets and increasingly intrusive adware.

The report, “Malware Evolution: January-March 2005,” from security Latest News about Security firm Kaspersky Labs, notes that viruses for IM systems started to appear late last year but are only now appearing in volume.

(more…)

XML is becoming the great enabler for E-commerce. Years of proprietary and expensive connections between companies are being replaced by XML transactions over the Internet. But while companies use XML to exchange goods and currency at unprecedented rates, the information is at risk from virus attacks.

Two vendors on Monday will try to reduce such threats by combining antivirus software for XML with firewall protection at the edge of the network. Forum Systems Inc. will integrate Computer Associates’ eTrust Antivirus software with its Forum XWall Web Services Firewall to fight viruses, worms, and other malware entering networks via XML, Simple Object Access Protocol, and attachments. The vendors hope to cut down on the threats that can damage IT infrastructure, degrade network performance, and hurt business apps that use XML as a standard data format.

(more…)

Vigilante virus writers have launched an offensive against file traders with the release of a worm that deletes MP3 files on infected PCs.

The Nopir-B worm, which appears to have originated in France, poses on P2P networks as a program to make copies of commercial DVDs. In reality the application offers no such function. Instead it attempts to delete MP3 music files on infected PCs. Nopir-B also attempts to disable various system utilities and wipe .COM programs whilst displaying an anti-piracy graphic. Nopir-B only infects Windows machines.

(more…)