Anti Virus Blog

US non-profit IT company MITRE today announced the Common Malware Enumeration Initiative. Headed by the United States Computer Emergency Readiness Team (US-CERT) and supported by an editorial board of anti-virus vendors and related organizations it should provide a neutral, shared identification method for malware outbreaks.

During a virus outbreak, participants on the CME board request an identifier from an automated system by providing a sample of the virus and as much additional information as possible. An identifier in the format ‘CME-N’ where N is an integer between 1 and 999 is generated and distributed to the other participants. The participants then disseminate the CME identifier to their contacts in the industry and reference the CME identifier on their web pages, in their product, or when speaking to the press.

(more…)

Kaspersky Lab confirmed Tuesday that a potentially serious flaw exists in its antivirus software, but said a fix is on the way.

The security software maker said it had offered preliminary protection to customers last week and that a permanent patch will be available on Wednesday.

Kaspersky also said that the vulnerability is limited to Microsoft Windows-based versions of its products. Additionally, while it does license the vulnerable component to some third parties, most partner products that use Kaspersky code are not affected, the Moscow-based company said in a statement.

(More…)

MessageLabs Ltd. announced today the release of new security software that scans Web traffic for viruses, detects spyware and filters content to enforce company Internet policies.

The company’s Web Protect service’s antivirus functionality uses a heuristics approach with multiple virus-scanning engines, while its antispyware features scans in real time. Incoming and outgoing Web traffic is scanned for malicious code, spyware, adware and phishing attacks, it said. The services are administered through MessageLabs’ portal.

Its Web Control product includes address filtering that allows companies to be in control of how its employees use the Internet.

“We started to see an increasing amount of spyware and malware in the Web browsing area,” said Mark Sunner, chief technology officer for MessageLabs. “We’ve realized there’s quite an unplugged gap here.”

(more…)

InfoWorld has an in depth article about enterprise spyware including reviews of 10 applications. F-Secure Anti-Virus Client Security 6 and Webroot Spy Sweeper Enterprise 2.5 come out on top of a strong field of competitors.

Whether you call it adware, malware, or spyware, these malicious programs are not only capable of tracking where a user goes on the Internet, but they’re capturing sensitive information such as user names, passwords, and customer data, such as credit card information.

Fortunately, vendors are working to provide smarter and better antispyware tools to help protect against these digital sneak attacks. I recently took ten enterprise antispyware operatives and put them through a series of real-world tests to see how good they are at intercepting malicious programs and protecting end-users computers and sensitive company information.

Hackers are beginning to attack applications on desktops rather than making multipurpose attacks on enterprise perimeters, according to a new report that analysed the source of Internet threats in the world between January 1 to June 30, 2005.

The Internet Security Threat Report, provided by Symantec, which provides security solutions for individuals and enterprises, also reveals that there is a rise in the exposure of confidential information, resulting in significant financial loss, particularly if credit card information or banking details are exposed.

These are also worrying, since online shopping and Internet banking are on the rise, and during the first half of 2005, malicious code that exposed confidential information represented 74 percent of the top 50 malicious code samples reported by Symantec, up from 54 percent in the previous six months.

(more…)

SurfControl announced the Company’s Internet Threat Database — a core component of SurfControl’s Adaptive Threat Intelligence(TM) Service — has grown to more than 12 million URLs. SurfControl has added more than one million new URLs over the past 30 days. This growth has been driven by the increasing use of blended internet threats by cyber criminals. Deployed in conjunction with the SurfControl Enterprise Protection Suite, SurfControl’s Internet Threat Database is the most accurate, current and relevant set of URLs that helps protect enterprises against data theft, productivity loss, legal liability risks and network abuse.

(more…)

Tech Tips has a wide range of tips and tricks from the battle front that is Help Desk technical support. Check out the Tech Tips Malware section; there’s some good information for removing adware, spyware, and viruses. The software section will keep you up to date on the latest helpful applications, with special emphasis on free programs.

Anti-virus maker F-Secure warned mobile phone users about a slippery new trojan disguising itself as an antivirus application.

Although the worm, dubbed Skulls.L, is similar to the Skulls.C trojan, writers have added a new wrinkle that differentiates it from previous variants: It’s advertised with a name used for F-Secure’s Mobile Anti-Virus installation package.

“The trojan obviously does not contain pirate copied version of anti-virus, it breaks the system applications on the phone, so that none of the smartphone functions of the phone are (sic) as long as the phone is infected,” Jarno Niemela, a virus researcher, wrote on the company’s weblog.

(more…)

Analysts at Gartner have warned that security threats on the Internet were being exaggerated. They have also compiled a list of five IT risks that they believe were being magnified by security experts.

Gartner has released the following list of the supposedly grave risks at the IT Security Summit in Washington, D.C.,

* IP telephony is unsafe
* Wireless hotspots are unsafe
* Regulatory compliance equals security
*’Warhol’ worms will make the Internet unreliable for business traffic and VPNs
* Mobile malware will cause widespread damage

Lawrence Orans, principal analyst at Gartner, explained why the firm considered that these risks were overblown, “Many businesses are delaying rolling out high productivity technologies, such as wireless local area networks and IP telephony systems, because they have seen so much hype about the potential threats,” he said.

(more…)

Rob Franco, Lead Program Manager for Internet Explorer Security at Microsoft posted a missive to the IEBlog hoping to dissolve the confusion surrounding a planned security future that will be found in IE7. IE7 will run in a reduced privilege mode called “Low-Rights IE” that will limit the actions of malware.

But the safeguard will not be available to everyone - only users that upgrade to Longhorn will be protected. And even Longhorn users may be vulnerable at another well known exposure point: Microsoft will not modify the default security settings for ActiveX and scripting, which account for a large number of known vulnerabilities.

Microsoft has programmed Longhorn to make it possible for users to have normal Windows sessions while having reduced user account privileges - making the browser safer to use than when it ran with full administrative privileges.

Longhorn’s predecessor, Windows XP, does not have this capability and cannot offer users the protection of Low-Rights IE. Users that do not upgrade to Longhorn will remain vulnerable to malware that can hijack default settings, modify system files and install malicious software.

(more…)

Security experts at UK firm Sophos are warning of a spam email that claims to have news of a suicide attempt by pop star Michael Jackson.

They say that the email directs recipients to a website for more information. If a victim visits the site, they are told that the site is busy. But in the background, the website triggers a download that places code for a Trojan horse on the PC.

The malicious code allows the infected PC to be used as a proxy through which spam mail can be sent by a

remote user. It also connects to IRC channels through which it can receive commands or further malicious code can be installed.

‘The sick minds behind viruses and other malware often exploit celebrity names and news stories in an attempt to infect as many people as possible,’ said Carole Theriault, security consultant for Sophos. ‘All computer users should be very careful about clicking on weblinks in unsolicited email or launching unknown attachments.’

(more…)

An online business based in Russia is paying Web sites 6 cents for each machine they infect with adware and spyware, according to security researchers who call the practice “awful.”

IframeDollars.biz says it pays Webmasters to place a one-line exploit on their sites. The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven’t been updated would be vulnerable to the exploit. According to analysis done by the SANS Institute’s Internet Storm Center, the exploit drops at least nine pieces of malicious code–including back doors, other Trojans, spyware, and adware–on any PC whose user surfs to a site that hosts the exploit code.

IframeDollars says it pays $61 per thousand unique installations, or 6.1 cents per compromised machine, to any site that signs up as an affiliate.

“It’s very clever,” says Richard Stiennon, the director of threat research at anti-spyware software vendor Webroot Software Inc. “And very brazen. This is new in that they’re taking an existing business model–an affiliate-style program–to exploit a [Windows] vulnerability to plant their code.”

(more…)

A spam e-mail that promises pictures of a captured Osama bin Laden but carries a malicious attachment has failed to spread widely, security experts said Friday.

Millions of copies of various versions of the e-mail were mass-mailed on Thursday, representatives from F-Secure and McAfee said. All versions of the message announced that the al-Qaida leader had been seized and included an attachment called “pics” that, when opened, attempted to download a worm to the victim’s PC, the antivirus companies said.

If the download is successful, the worm will attempt to start propagating by e-mailing itself, said Craig Schmugar, virus research manager at McAfee. It can also set the victim’s computer up to be used as a relay for spam, he said.

Part of one of the spam messages seen by F-Secure read: “Turn on your TV. Osama Bin Laden has been captured. While CNN has no pictures at this point of time, the military channel (PPV) released some pictures. I managed to capture a couple of these pictures off my TV. Ive attached a slideshow containing all the pictures I managed to capture.”

(more…)