Anti Virus Blog

Computer security software company Trend Micro Inc. said Friday that an International Trade Commission judge will recommend the agency bar the import of Fortinet Inc.’s antivirus software because of patent infringement.

The Tokyo-based company said the judge determined that Fortinet’s FortiGate firewall software violates a 1997 patent held by Trend Micro covering server-based antivirus technology. The patent describes technology that has the computer remotely scan e-mail and Internet data for viruses before it reaches the desktop.

The company said the judge will recommend that the ITC issue an order banning the import of Fortinet products which infringe Trend Micro’s patents, along with a cease-and-desist order.

(more…)

Microsoft said Friday it will begin an in-house test of Windows OneCare, the firm’s PC security and maintenance subscription service.

The software giant said it will distribute the product, which offers automated antivirus updates and periodic PC tune-ups, to 60,000 of its employees.

The Redmond-based company plans to widen its circle of beta testers beyond its employees this summer, with an eye to extending to a complete testing by year’s end.

OneCare is a collection of services readily available from PC security firms such as Symantec, McAfee, and TrendMicro. It includes automatic antivirus and anti-spyware updates, along with two-way firewall protection, scheduled disk cleanup, disk defragmentation, and file backup and repair.

“Once a product or service offering hits the market, customers will be able to decide the best product to suit their needs,” Symantec said in a statement. “We are prepared to compete on a combination of technology and the back-end infrastructure required to support it (and) the strength of our relationships with our channel partners.”

(more…)

The longevity of the current Sober worm may be largely due to a new technique it uses to evade virus scans, according to antivirus firm Kaspersky Labs.

The worm, variously labelled Sober.P, Sober.S, Sober.O and Sober.V by different companies, continues to circulate in large amounts, making up 84% of all virus traffic as of Monday, according to Sophos. While researchers have attributed its success to the fact that it circulates in both English and German, and to its use of free World Cup tickets as a lure to users, social engineering is only part of the equation, Kaspersky says.

The new variant used a refined mechanism for blocking input/output access to its files by other programs, says Kaspersky senior research engineer Roel Schouwenberg in an alert posted this week. Previous variants used a similar technique, but didn’t succeed in blocking programs running in the System account.

Sober.P does what the others didn’t do and blocked the System account as well, Schouwenberg says. That meant no other programs, including antivirus scanners, could detect Sober.P while it was resident in memory, he says.

(more…)

The creator (or creators) of the Mytob worms are continuing in their attempt to spread as many malicious code across the Internet as possible. With the detection of the new CU and CX variants, there are now 103 members of this family of worms.

The great danger of the Mytob worms lies in the fact that they have backdoor characteristics, allowing remote control of the computers that they infect. According to Luis Corrons, director of PandaLabs: “The real intention of the creators of these worms is to form a network of infected computers, obeying their orders in unison. This will allow them, for example, to install the same spyware program on hundreds of computers at the same time. Any of these actions could generate significant financial income for the creators”.

(more…)

Sophos is advising customers to upgrade their antivirus applications after a flaw was found in an old version of the security firm’s software.

The vulnerability was highlighted on the Bugtraq mailing list, and concerns how a potentially infected file could be hidden on a hard drive without being scanned by Sophos’ software.

One of the dangers is that, after a reboot, the infected file could be activated before the antivirus engine starts to function.

The flaw affects version 3.93 of Sophos’ antivirus engine and users are advised to upgrade to version 5.0.1.

(more…)

In a move to improve the security of applications running in Linux environments, Novell has acquired Immunix Inc. and its AppArmor software. Novell announced the deal Tuesday, but didn’t disclose how much it paid for Immunix.

AppArmor is used to prevent applications operating in the Linux environment from being co-opted by viruses, worms, and other malware into doing things they shouldn’t. Using application-containment technology, AppArmor keeps applications from “masquerading,” or using ill-gotten permissions to do malicious things, says Ed Anderson, VP of product marketing for Novell’s platform group.

That complements Novell’s existing Linux security, Anderson says. Novell’s SuSE Linux Enterprise Server 9 already has a Common Criteria Evaluation Assurance Level security certification of 4+, out of a possible 7, which reflects the operating system’s access controls and password protections. AppArmor offers a layer of protection if those protections are compromised.

(more…)

Look beyond the bells and whistles, and make sure the security’s tough.

That’s the attitude of operating system makers, who aren’t just focusing on features such as snazzy graphics and better networking tools when revamping products. Now they’re also providing sturdier defenses.

The new generation of OSes includes improvements aimed at keeping data more safe. Microsoft, long the target of hackers’ efforts and resulting customer ire, has promised anti-spyware and other tools in the upcoming version of Windows, code-named Longhorn. And while they aren’t as aggressive about marketing their security efforts, Apple Computer and Linux-seller Novell recently released updates with an eye to stronger defenses.

(more…)

A false positive in Norton AntiVirus (NAV) for Macintosh left many Apple fans fearful that their machines had become infected with a Trojan last week. The glitch - triggered by a rogue virus definition update - left Mac users running various versions of NAV for Mac under the false impression that their swap files were infected with malware called “Hacktool.Underhand”. The bogus warnings were frequently accompanied by system crashes on machines running Mac OS X.

Symantec quickly released updated definition files to resolve the problem but not before the SNAFU severally inconvenienced a significant number of Mac fans, who have vented their frustration on online discussion forums or by mailing El Reg. “I personally had to rebuild my machine as a result of instruction from Symantec staff,” Mac user James Hackett from South Australia writes. “I’m not happy about losing three days work and having to do a full rebuild but am somewhat amused by the irony. As a long-term Mac user and previous net admin, who can’t remember seeing a malicious Apple virus/Trojan ever it seems only right that I should be exposed to this trauma as a result of poorly written [anti-]Virus software.”

(more…)

Symantec Corp. on Tuesday announced its new Norton AntiVirus 10.0 for Macintosh. The new release offers new features as well as compatibility with Mac OS X v10.4 “Tiger.” Symantec expects the software to be widely available in May for US$69.95. A US$30 mail-in rebate is available for users of competitive products and for current Norton users as well.

New features in this release include the Global Threat Assessment Dashboard, a Dashboard widget for Tiger which provides information on local virus protection and an overview of global threats. Users can connect to Symantec’s Security Response servers to download the most recent virus threat info.

(more…)

Symantec senior regional product manager Norm Kohlberger believes there is little difference between enterprise and consumer antivirus products.

With an eye on the lucrative SMB and consumer space, Kohlberger says consumers face just as many threats as their enterprise counterparts.

Releasing the results of a study of 300 users in Australia and 200 in New Zealand, he said concerns about the level of online security risks are increasing.

More than 50 percent of respondents believe the amount of spyware, adware, spam and phishing scams on the Internet has increased, with 85 percent affected by adware and 77 percent exposed to viruses.

From a live update point of view, he said it no longer really matters who or where you are, or the level of protection you demand, because consumers have just as many issues when dealing with online security as enterprises.

(more…)

Research out this week from antivirus giant Symantec suggests users are wising up to a growing threat of mobile phone viruses. But one company which handles support for major mobile operators claims the threat is being blown well out of proportion and the latest figures reveal a gulf between “perception and reality”.

Symantec claims 73 per cent of smart phone users are aware of viruses and attacks aimed at their handsets and while that may be encouraging in a ‘better safe than sorry’ way, Doug Overton head of communications at WDSGlobal believes we shouldn’t lose sight of the fact such problems are very few and far between.

WDSGlobal handles data support calls for HP, Nokia, Orange, Sony-Ericsson and T-Mobile, and Overton said in the last quarter it received just 10 end user enquiries about smart phone viruses, out of the 275,000 calls it fielded - that equates to 0.0036 per cent of all calls.

According to Symantec, which polled a fairly small sample of 300 smart phone users, nearly 70 per cent of respondents are worried about virus writers stealing confidential information contained on their phones.

(more…)

Whoever wrote the Sober.P worm is persistent. The worm, which raced around the Internet this week, is the 18th version of a worm that first made it appearance two years ago. This one first surfaced in Western Europe on Monday and began to infect computers, but it fizzled out when it crossed the ocean and hit the United States. Today, security analysts and vendors are helping companies to clean up the mess Sober.P left behind and are reminding businesses how to prevent such worms from causing damage.

This version of Sober offered of tickets for next year’s World Cup soccer championship, taking place in Germany, in an effort to get users to click on an attachment to unleash the worm, which then looked for E-mail addresses so it could send itself to other computers, according to McAfee Security. The worm doesn’t delete information or damage computers. It mainly affects the bottom line because it consumes network bandwidth and requires time and effort to remove it from computers.

While the creators of Sober.P may be persistent, they aren’t very creative, according to security experts. The main change from one version to the next has been the use of different file names for the attachment and different body text in the E-mail, according to Lysa Myers, virus research engineer at the antivirus and vulnerability emergency response team at McAfee. “This is pretty well par for the course for what changes we see between one variant in a family and the next,” she says. “Changing text is much simpler than changing functionality.”

(more…)

BitDefender for Samba Linux File Servers was upgraded to version 1.6.2 today, and parts of it have been released under an open-source license. The antivirus for Samba shares is capable of scanning and disinfecting shared files and folders on access and on demand, and can be installed easily alongside BitDefender for Linux Mail Servers.

“We are releasing the Samba integration module (vfs) as open source for two main reasons: first, and least important, because we want to provide more choice to our customers: the module can be compiled against any version of Samba, past and present.

Second, we, as a company, have been using and profiting for long from Open Source software, and I think it’s high time to start giving back to the community” declared Alexandru Balan, BitDefender Product Marketing Manager.

BitDefender for Samba Linux file servers has recently acquired a new VB100% certification, just prior to the version change. It also has been tested to work on all popular linux distributions. A fully functional evaluation version of BitDefender for Samba can be downloaded from http://linux.bitdefender.com