Anti Virus Blog

A new Internet worm - W32.Allim.A - was discovered April 26, with its first reported on-campus attack a day later. According to the Information Resource and Technology Department’s Web site, the virus is considered a serious threat.

It spreads a variation of the W32.Spybot.Worm through the America Online Instant Messenger program with an infection length of 28,160 bytes that quickly compromises the affected computer.

The systems potentially affected are Microsoft Windows 95, 98, ME, NT, 2000, XP and Server 2003 operating systems.

All AIM users are urged to follow general precautions and not open any links in messages or follow addresses of Web sites that are unfamiliar.

The virus is characterized ‘Wild’ by the Symantec Anti-Virus center and IRT advises all students and faculty to run the Live Update feature through the Symantec Antivirus protection program or from the Symantec Antivirus Center Intelligent Updater immediately.

(more…)

Announcing McAfee’s first quarter earnings, which impressed and beat Symantec on some growth metrics, George Samenuk sang the praises of the “new McAfee”, which has been stripped of non-core businesses.

“We believe a standalone security company (and you know the sins of the past with Magic and Sniffer) is the right way to go,” Samenuk said, referring to recently divested helpdesk and network management offerings.

“So you’re not going to see us going into storage or any other area,” he said. “We like being a standalone security company with some great new internally developed products and maybe some products we acquire through small acquisitions.”

Symantec is buying Veritas Software Inc, and is trying to persuade skeptical shareholders and analysts that merging a company that makes most of its money from antivirus and one that makes most of its money from storage management is a good idea.

(more…)

The Prime Minister’s email account is the subject of a spam scam that can infect computers with Trojan horses. Don’t fall for it

Cybercriminals claimed on Friday that the Prime Minister’s email account has been hacked, in the latest attempt to attack PCs with malware.

On the same day Tony Blair won a third term in government, a spam message was sent out stating that malicious hackers had penetrated his email account.

The email contains a link to a Web site that can infect computers that accessed it with password-stealing Trojan horses, antivirus company Sophos claimed.

“Clicking on the link takes users to a Web site which invisibly installs a Trojan horse on the victim’s computer,” said Graham Cluley, senior technology consultant for Sophos. “This then attempts to install other malicious code onto the infected computer [including] a password stealer which can be used by hackers for grabbing sensitive information.

(more…)

Whether you are the CTO or the IS manager responsible for ensuring the availability of your enterprise network, you will likely ask some of these questions: How much should I spend on security? Am I more secure today than I was yesterday? What metrics can I use to measure whether my security is improving or not? When can I stop patching so I can get back to real work?

None of these questions are easy to answer but they all reflect real concerns today as we are faced with a new breed of faster-spreading, nastier malware.

Until quite recently, security technology was usually reactive. When malware was identified, the security companies would write a code (or “signature”) and distribute this to customers as quickly as possible, for deployment on all their PCs.

Over time, we have improved each step in this process to become more effective and timely in dealing with malware that intrudes into the network. But will we ever be fast enough or clever enough to keep up with the new generation of malware?

(more…)

Every year, ICSA publishes the results of a survey about the prevalence of viruses in companies. This survey always tends to throw up the odd surprise, and this year has been no exception. The companies asked about their experiences with viruses have painted a picture of the world of malware as well as of their own weaknesses.

One thing in particular caught my eye: the answers to the question about which systems companies have installed to protect their networks. Companies responded overwhelmingly that they have anti-malware protection installed in their email gateways. No surprise there, as once again according to the results of the survey 92 percent of viruses responsible for some kind of infection entered via email (how things have changed since the 9 percent recorded in 1996!).

But taking a closer look, there is a great contradiction here. If 97 percent of companies have their email gateways protected, why are viruses causing problems? Is the protection installed deficient? Or is it the system administrators who don’t know how to handle the protection?

(more…)

The recent Internet attacks that invaded business networks and installed a barrage of adware and spyware on vulnerable computers may have been a smoke screen put up by a new generation of sophisticated hackers out to make money rather than cause trouble, security analysts say.

Only a handful of companies are still being hit by the DNS poisoning attacks that hijack companies’ Internet connections, according to the Internet Storm Center. With a tie-in to pay-per-click advertising and revenue-generating adware, security experts say, the widespread assault is part of an ongoing trend. But some analysts warn that the 18MB of malware, or malicious software, the attacks pushed onto each victimized computer may have been only a diversion.

That huge payload may have been meant to disguise a small “Easter egg,” says Shane Coursen, senior technology consultant for Kaspersky Lab, a Moscow-based company that writes antivirus software and tracks Internet attacks. Amidst all the well-known threats like the Krepper Trojan horse and the Coolwebsearch browser hijackers, he says, the attackers could have slipped in a small new program that anti-spyware and antivirus programs don’t yet catch.

(more…)

The SANS Institute this week provided its first quarterly update to its closely watched annual list of the most dangerous Internet threats.

New vulnerabilities on the SANS Institute Top 20 Most Critical Internet Vulnerabilities List include seven flaws affecting Microsoft products and problems with products from Computer Associates, Oracle, antivirus companies and media player companies.

Each October, the SANS Institute updated its list. According to the organization, the first three months of 2005 brought more than 600 new Internet security vulnerabilities.

“Threats are evolving at a much faster rate, necessitating regular updates to the list to ensure organizations have the most current information possible on critical security vulnerabilities,” said Qualys CTO Gerhard Eschelbeck, a member of the industry and government team that collaborated with SANS to compile the quarterly update.

To make the list, a vulnerability has to affect large numbers of users, be unpatched on many systems, allow unauthorized users to take over a system remotely and have enough information in the public domain for attackers to exploit them.

New problems with Microsoft products meeting those criteria involve the Windows License Logging Service, Microsoft Server Message Block, Internet Explorer, two ActiveX controls, cursor and icon handling and PNG file processing. All the flaws have Microsoft patches available, although the SANS Institute is concerned that the patches aren’t generally applied.

(more…)

Panda Software had introduced TruPrevent 2.0, an anti-virus and security technology that it claims can identify and remove new viruses and spyware without depending on signature files or databases of known threats.

According to the company TruPrevent can recognize and eliminate viruses, spyware, adware, Trojans, worms, “bots” and even hacker attempts, yet it requires no tuning, training or updates.

“The traditional signature- and rules-based products from competitors like Norton and McAfee were adequate back when they were invented in the era when viruses took days, weeks or even months to propagate on floppy disks and ’sneaker-nets,’ but now malware can travel around the world in minutes on the Internet,” said Patrick Hinojosa, CTO of Panda Software USA, in a statement. “Panda Labs developed TruPrevent to protect users from this new kind of malware threat — ‘flash’ viruses and ‘zero day attacks’ — malicious software that can attack instantaneously and globally.”

(more…)

Antivirus software developer Central Command (centralcommand.com) announced late last week that it had upgraded antivirus, anti-spam and spyware protection for its Vexira Antivirus for Mail server solution.

The company says the new security suite increases the overall protection capabilities of Vexira on Linux-based mail servers. The solution can be integrated with email systems or act as its own SMTP relay server, shielding the email server itself from attack. Central Command says the solution is designed for email service providers and enterprise requiring extended service and security levels.

(more…)

Computer security companies report an upswing in e-mail messages containing variants of malicious code or malware.

“During 2004, and into 2005, we have seen a large increase in malicious code such as worms, spyware, keyloggers and Trojan horses,” said Dan Hubbard, senior director of security and technology research for Websense, an employee Internet management solutions company in San Diego.

“The threat of malicious code keyloggers and behavior-based malicious code that tracks surfing habits and potentially even correlates the habits to build profiles continues,” Hubbard told United Press International. “With that, the promise of increased monetary gain by attackers has resulted in a more sophisticated network of perpetrators and improved delivery methods for malicious code.”

Websense warned last month that hackers are increasingly exploiting blogs as a way to distribute malware and keylogging software, which tracks a user’s Net-surfing habits. The company said blogs have become attractive vehicles for hackers for several reasons: They offer large amounts of free storage, they do not require any identity authentication to post information, and most blog-hosting facilities do not provide antivirus protection for posted files.

Scott Berinato, senior editor of CSO (Chief Security Officer) magazine, echoed the warnings.

“From a year ago, there has been a jump in the sophistication of the attacks,” Bernato told UPI. “Since that time, it’s gotten intense (in sophistication and numbers).”

(more…)

A report issued by the Anti-Phishing Working Group (APWG) states that, while phishing attacks continue to grow worldwide, phishers are now employing newer technologies to attack susceptible PCs.

Phishers are now using phishing sites to secretly download criminal malware, “crimeware”, onto consumer PCs to capture login and password credentials and other personal information.

The number of email-based phishing attacks, according to Tumbleweed Communication’s report, has grown around 2%, though the servers supporting those attacks surged by nearly 7%.

Phishers continue to focus on financial institutions with twelve new hijacked brands in March - nine of which were financial institutions.

(more…)

While the number of mass mailer viruses dwindle, malware-related threats are projected to stay at the higher growth end in 2005.

Intrusion prevention and risk management solutions provider McAfee, Inc. reported today while announced the most commonly reported malicious threats and potentially unwanted programs (PUPs) affecting enterprises and consumers in the first quarter of 2005.

According to Mcafee AVERT, the company’s anti-virus and vulnerability emergency response team, mobile viruses, phishing, and exploited vulnerabilities are quickly becoming the predominant threats affecting consumers and enterprises alike. It noted a steady increase in Trojans and ‘BOTs, while mass mailer viruses taper off.

(more…)