|
|
|
|
Security News Updates |
| |
| Super Trojan For Sale. |
| Jul 20th 2008. One of the players in the burgeoning malware industry has apparently crafted itself a new "super" Trojan, and is offering it up for sale as a guaranteed detection evader; or your money back. |
| The new Trojan itself is known as Limbo 2, and has been designed for both customization and variation. Prevx, the company that first detected it, reports that hackers are selling custom-designed variations of the Trojan to customers anxious to avoid detection. If a variant of Limbo 2 is detected, the Trojan can be shifted to a new, undetected approach. The payload itself remains unchanged throughout this process. The actual infection at the heart of Limbo 2 is also a bit fancier than your average keylogger. Not only will it save and transmit any data you enter as part of a normal logon process, the Trojan will also display spoofed information boxes when users touch on a login page the Trojan finds interesting. Visit Arstechnica for more on this.. |
|
| The Relevance Of VB100 certification. |
| Failure to find all malware in the famous WildList can cause an anti-malware product to fail VB100 certification. Sometimes this is scandalous, as when Microsoft's OneCare failed WildList testing last year to widespread derision. But what does the WildList really prove? |
| In fact, insiders in the anti-virus industry, especially vendors, are widely derisive of the WildList, looking on it as an outdated burden on their development. The malware in it is outdated and not representative of the true threats facing users. There is an extraordinary amount of malware that was making headlines in 2004, back in the heyday of the mail worm. There's one of two Windows 95 viruses on the list. |
| Virtually all malware of consequence in the wild are Trojan horses that get installed through social engineering. This includes the Storm worm, the only family of malware in the last few years that one could call an outbreak. From what one can see, no variant of it is in the WildList. Of course, any anti-malware product worth its salt would be working hard to keep up with Storm, and not just by following the thousands of variants. By now all decent anti-malware products have some level of heuristic detection to look more generically for the major malware families. |
| These Windows 95 viruses almost certainly don't run on those Windows XP and Vista platforms. According to Symantec, only the 9x kernel Windows versions are affected. Yet AV vendors need to spend time and bloat up their products detecting old stuff like this. This really puts a question mark on the relevance of the VB100 certification process. |
|
| Battle of the 6 Online Malware File Scanners. |
| There are 6 good online malware scanners avilable on the net. VirusTotal, Jotti’s Malware Scanner, VirSCAN, Virus.org Malware Scanner, VirusChief & FilterBit. Of these I personaly prefer to use VirusTotal & Jotti’s. |
| However Raymond.cc has made an interesting study and comparision between these 6 scanners to see which offers the best results and features. He has compared the number of antivirus engines used to scan an uploaded file, time taken to upload and scan, extra file upload methods, file information, upload progress meter and report page & tested the accuracy of the antivirus engines by scanning it with a detected version of Bifrost trojan. |
|
| His results:
All 6 online file scanner websites don’t require Java or ActiveX. From the test, VirusTotal is clearly the winner because it surpasses other websites in every part of the test! It is able to archive 100% detection rate for Bifrost trojan with 32 antivirus engine in the fastest time. VirSCAN easily taken the second place because of the features and also amount of antivirus engines. However, the only thing I don’t like about it is the slowness in uploading and scanning which I could live with it. |
| Jotti’s Malware Scanner with Virus.Org is a very very close one. I could not decide which would be better so I would say that it is a draw. Jotti archived 100% in detection rate, supports 10MB upload, and fast scanning time. It would be better than Virus.Org if it has report page. Details at Source. |
| Freeware AVG 8.0 now has protection from spyware too. |
| AVG 8.0 Free now has the basic antivirus and antispyware protection for Windows available to download for free. It now offers protection against viruses, worms, trojans, spyware, adware and identity-theft. |
| AVG Free 8 doesn't have all of the features you get in the commercial version of the application. There's no rootkit protection or linkscanner. And there's no email or instant messaging integration, however. Visit Grisoft. |
| avast! 4.8 is out ! |
| Favourite freeware anti virus now has anti spyware protection too ! The latest version of avast! antivirus 4.8, contains the following key enhancements and features listed below: |
Anti-spyware built-in
Anti-rootkit built-in
Strong Self-protection |
| More at Avast. |
| RealPlayer goes BAD ! |
| Feb 6th, 2008. "We find that RealPlayer 10.5 is BADWARE because it fails to accurately and completely disclose the fact that it installs advertising software on the user's computer. We additionally find that RealPlayer 11 is BadWare because it does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled. |
| We currently recommend that users do not install the versions of RealPlayer software that we tested, unless the user is comfortable with the software behaviors we identify or until the application is updated to be consistent with the recommendations contained in this report." Source: StopBadware.Org. |
| ZoneAlarm succumbs to Ask.com toolbar temptations. |
| After Webroot, it is now the turn of another security company to succumb to the temptation of foisting Ask.com toolbar. ZoneAlarm 7.0.462.000 installation does so now, too ! Sure the option to not-install the toolbar is there; but what makes this case stand out is the fact that the option in the dialog window comes pre-checked; and then gives the option to uncheck the box, if you do not want to install it. |
|
| The installation asks you if you want to install the Spy Blocker, a browser toolbar. The box is pre-checked, with an option to uncheck. On installation, the unsuspecting user finds that ALONG with the Spy Blocker, Ask.com's 'search web' is ALSO installed ! There is no option to just install the Spy Blocker. Incidentally, this is not the full Ask Toolbar but only offers the search and pop-up blocking options. |
| Ask.com has been following various routes, rather aggressively, to have its toolbar installed on browsers. This article on the Current Practices of IAC/Ask Toolbars makes an interesting read. |
| Microsoft passes latest VB100 virus test; Some security giants fail ! |
| The December 2007 edition of the VB100 test subjected security software to 100 Windows 2000 viruses collected from labs and websites. Researchers at Virus Bulletin have released the results of the latest VB100 computer security test, highlighting failures at a number of leading security vendors. |
| Products from Kaspersky, Sophos, Trend Micro, Norman, Avast and Avira were among those that failed to protect fully against a collection of outdated viruses. |
| Companies whose products passed the test included Microsoft, NOD32, AVG, BitDefender, Symantec, McAfee, Sunbelt and QuickHeal. |
| To see the Summary of the Dec 2007 test results click here.
To see the the results of the most recent comparative reviews for each platform tested click here. You will be required to register for free at virusbtn, to see them. Should you wish to see the full report, you can request for one and it will be sent to you by mail. |
| Boom-time for Malware Economy ! |
| Dec 16th, 2007. The Malware Economy is turning into a recognizable traditional IT economy. Leasing botnets? Malware support? Safe Hosting? Laundering Money? All is possible ... and easily available, for a price ! |
| Ready-made tools for creating phishing emails, such as fake requests for bank details, are fairly easy to buy, with many independent vendors selling them. Bulletproof hosting is also easily available, while phishers engage spam services to lure users to their sites. In the 2007 black economy, everything can be outsourced. |
| From Trojan creation sites out of Germany and the Eastern bloc, you can purchase kits and support for malware in yearly contracts. |
| The price quoted on malware sites for the Gozi Trojan, which steals data and sends it to hackers in an encrypted form, was between $1,000 and $2,000 for the basic version. Buyers could purchase add-on services at varying prices starting at $20. |
| Scammers use a variety of ways to launder cash. Compromised bank accounts can be used to launder funds, or struggling companies can be bribed to turn the money into ready cash. Scammers can find businesses with a debt of $10,000 (£5,000), and agree to pay them $20,000 (£10,000) if they agree to cash out 50 percent of the funds. Dedicated cashiers, also known as "money mules", can also take up to 50 percent of the funds to move the money via transfer services. Sourced from ZDNet. |
| “Malware 2.0” : Zero-'Minute' Threats Set To Explode ! |
| Malware 2.0 was the key focus of discussion at the Black Hat conference in Las Vegas, help in Aug 2007. Malware writers are making it more and more AND more difficult to detect their malware. Security companies now need to arm themselves to deal with Zero-Minute, rather than just Zero-Day Exploits ! Malware 2.0, Zero-minute threats, Micro-malware now appear to be the buzz-words as per a study conducted by PCTools, the makers of SpywareDoctor. |
|
| Three key trends identified include: |
| Malware variants are now released at immense rates, driving up sample volumes and making it almost impossible for researchers to keep on top of updates using manual analysis. |
| New compilers and other techniques are being used to make threats more difficult, if not impossible; to detect with traditional signature-based systems. |
"Micro-Malware" - thousands of malware variants - are in circulation, but are focusing attacks on smaller groups of PCs, making it less likely to attract the attention of security vendors. As a result, malware is spreading in epic proportions and security vendors are being forced to triage the samples. |
| The computer virus turns 25 years old this year. |
| The computer virus conception story begins in 1981, when a tech-savvy 9th grader named Richard Skrenta got an Apple II for Christmas. Over the following few months he began cooking up ways to trick his friends using the machine. "I had been playing jokes on schoolmates by altering copies of pirated games to self-destruct after a number of plays," Skrenta once told the tech news site Security Focus. "I'd give out a new game, they'd get hooked, but then the game would stop working with a snickering comment from me on the screen." More here. |
| |
These Links may Interest You:
How To Plan Your Internet Defense System.
Troubleshooting : If You Are Unable to open a particular website. |
|
|
|
| |
| |
