|
Archive for November, 2008
Thursday, November 20th, 2008
When federal government systems are hit with malware, the incidents often receive no public reporting. However, the slew of infections from removable drive based worms have become so bad on the U.S. Dept of Defense’s infrastructure that they’ve banned usb drives altogether, according to Wired’s reporter Noah Shachtman. It’s unfortunate that these drives are not being properly scanned, and that doing so must not be a part of process to this point.
The military’s policy decision is somewhat unsurprising, considering that the Gammima worm that made it onto the international space station this past August also spread using the Usb autostart technique. Worms have been very effectively spreading using this technique to deliver password stealing components since early 2007, and it’s about time policies are clamping down on the slack. Quick releases of worm variants evading anti-virus scanners continue to use the same autostart technique today. Of course, users running ThreatFire have been protected from these AV-evading autostart worms since they installed it.
Update (11/25/2008): The US-CERT posted information about what they are calling two popular “methods”. Basically, the post describes removable drive-based infection vectors — both to the removable drives, when worms copy themselves to the media from an infected system, and from the removable drives, when a worm abusing Windows’ autoplay functionality executes itself on the system. Nice to see awareness increasing — Autoplay can be dangerous!
It’s not always a waste of time anymore. In addition to running TF, you can scan your usb drives on a system with Autoplay disabled with your anti-virus scanner. The scanning solutions have, for the most part, caught up with the two year old technique.
Posted in Disclosure, Password stealing, Undetected malware, Worm | No Comments »
Wednesday, November 19th, 2008
Robert Vamosi has a nice writeup on the antivirus market following Microsoft’s entrance into it. It’s interesting that the massive company, with its marketing prowess along with the advantage of its desktop dominance, still gives anything away for free. But the security space is an unusual one:
‘McAfee and Symantec both had something Microsoft did not: effectiveness.
Almost two years ago, independent antivirus-testing organizations faulted OneCare for missing known malware. Andreas Clementi of AV-Comparatives.org wrote in his February 2007 report (PDF) that OneCare did not meet the minimum requirements for participation. “Due (to) that, its inclusion in future tests of this year (will) have to be re-evaluated.’
It seems that effectiveness and innovation still matter. While there may be a stripped-down free version of OneCare, the resource intensive app most likely still will not be picked up by users.
One of their statements has been that there are too many systems out there without security software, so they want to make it free. But that’s why Microsoft started the Malicious Software Removal Tool and its updates years ago. Their OneCare project, to this point, failed.
Our free behavioral-based ThreatFire continues to prevent two year old Parite variant infections on real users’ machines on a regular basis, so we certainly see and have been meeting the need to provide protection to users from systems that are unprotected. And its performance can’t be beat.
Posted in AntiMalware Solutions | 2 Comments »
Monday, November 17th, 2008
…from all sorts of bad things. We know.
However, you may be seeing this mis-spelled message, which has changed a little bit over the past few months:
“ATTENTION! If your computer is struck by the spyware, you could suffer data loss, erratic PC behaviour, PC freezes and creahes.”
By the spyware? Creahes? Who writes this stuff?
“Detect and remove viruses before they damage your computer!
Antivirus 2009 will perform a 100% FREE and quick scan of your computer for Viruses, Spyware and Adware.
Do you want to install Antivirus 2009 to scan your computer for malware now? (Recommended)”
Please be wary of this sort of scheme through the end of the year. A number of banner ads on very popular web sites have been redirecting users to sites serving up this garbage. This rogueware “Antivirus 2009″ ad in particular will re-direct your browser to a web site using only javascript to mis-represent a common online malware scan of your windows system. As we’ve discussed before and at Virus Bulletin (slides on flash here), this stuff will attempt to shock you with a number of malware detections that are not really present on your computer, coercing you to pay for phony AV software. They detect the make-believe “Spyware.IEMonster.b”, “Zlob.PornAdvertizer.Xplisit”, and “Trojan.Infostealer.Banker.s”, made-up names which unsurprisingly do not change:
Posted in Adware, Rogueware | 5 Comments »
|
|
|
|
