My Antivirus Solutions

Virus Found in Some Best Buy Digital Frames

2008-01-27T20:25:00.000+08:00

Barry Levine
News Factor Network
Website: http://www.newsfactor.com

You can add to the growing list of things you need to do to keep your computer safe -- scan the digital picture frame.

Best Buy has confirmed that some units of its Insignia 10.4-inch Digital Picture Frame, purchased over the holidays, had a computer virus. Last weekend, the retailer noted an advisory from its private label, Insignia, which stated that "a limited number" of the frames, model number NS-DPF-10A, were "contaminated with a computer virus during the manufacturing process."

According to news reports, Best Buy is not recalling the frames, but it has pulled the remaining units. It said this was the only Insignia frame product affected, and the product has been discontinued.

Precautionary Measure

The company said that once it was informed of the contamination, it "immediately" withdrew the product from stores and Web sites "as a precautionary measure to protect our customers." Best Buy did note that "some affected units" were purchased from either its brick-and-mortar stores or from the retailer's Web site before the virus was detected.
Best Buy reportedly learned of the infection after customer complaints, but there is no indication of how the virus was acquired during manufacturing, or what the consequences may have been for customers.

The company pointed out that the virus can only get to a computer if the digital frame is connected. The frames connect to PCs as well as cameras so photos can be downloaded for display. But Best Buy said cameras, USB drives and memory cards cannot be infected by the virus.

Use Up-to-Date Protection

Even if a consumer does attach a contaminated frame to a computer via a USB cable, Best Buy said, any up-to-date antivirus software, such as Norton, McAfee or Trend Micro, should be able to detect and remove the infection. It added that the units contained "an older virus which is easily identified and removed by current antivirus software."

The specific virus was not identified by either Best Buy or the manufacturer, although there are reports on the Web that it was a Trojan that could induce a crash on Windows machines.
Macintosh-owning picture lovers can rejoice, at least temporarily, because the virus only affects Windows operating systems. Similarly, Linux-based systems are also immune to this particular infection.

Virus-infected products may be the next frontier for consumer caution.

Last year, Seagate admitted that some of its 500-GB Maxtor hard drives had a Trojan house that could swipe online passwords for games, and some Apple iPods were infected with a virus in 2006. Other consumer products that have reportedly had viruses include GPS devices, digital cameras, memory cards, MP3 players and other brands of digital picture frames.

Worm fears shut down Skype video feature

2008-01-27T13:15:00.000+08:00

Robert McMillan
InfoWorld
Website: http://www.infoworld.com

San Francisco - Skype has been forced to turn off a video-sharing feature in its software because it could be misused to launch a self-copying worm attack against Skype users, security researchers said Tuesday.

A bug in the software, which was first reported last Thursday by security researcher Aviv Raff, stems from the way Skype uses an Internet Explorer component to render HTML.
Skype's video-sharing feature allows users to share videos hosted on two sites -- Dailymotion.com and Metacafe.com -- while chatting with other Skype users.

Last week Raff showed how attackers could exploit the bug to run unauthorized software on a Skype user's PC. But on Tuesday, the security researcher said the flaw was more serious than he'd first thought. It can "be triggered by simply visiting a Web site, or clicking on a link from your instant messaging application," he wrote in a blog posting, "Which basically means that this vulnerability is now wormable."

Skype appeared to have pulled the video feature from its client software on Tuesday as a result of the bug. Users who attempted to click on the "videos" button within a chat window were greeted with a message that the feature was unavailable "because of some security concerns."
"Our brightest engineers are rattling their wrenches to make things all right and bring the beloved videos back. Soon," the message read. "Sorry about this."

Skpe representatives did not return calls seeking comment. Last week, Skype spokesman Villu Arak confirmed that there was a security problem for Skype 3.5 and 3.6 users who visited the Dailymotion.com Web site, but users were still able to share videos using Metacafe.com.
On Tuesday, however, Skype pulled the video feature altogether after being informed of the new problem, Raff said.

Because Metacafe had a cross-site scripting flaw, a common type of programming error, Raff was able to run JavaScript on Metacafe.com, which could then be used to run unauthorized software on the victim's computer. Attackers could then forward a link to the malicious Web page to all of the Skype contacts in the victim's computer, spreading the infection.

For Raff's attack to work, an attacker would have to post a maliciously encoded video file to either of the Metacafe or Dailymotion Web sites. Metacafe said Tuesday that it's "highly unlikely" that this kind of malicious video would make it through the site's content-filtering process.

In a statement, the company said it expects Metacafe videos to be available to Skype users as early as Wednesday morning.

Raff said that because the attack could lead to a widespread worm outbreak, it would be better for Skype to fix the underlying problem before bringing Metacafe back online.

Raff believes that Dailymotion was probably susceptible to this type of attack as well, although he was unable to confirm this after Skype cut off access to the Web site.

The problem lies in the fact that Skype uses a Windows Internet Explorer component with inappropriate security settings, researchers say. Instead of processing pages it renders with the more secure "Internet Zone" security setting, Skype uses IE's "Local Zone" security setting, usually reserved for more trustworthy content.

Until Skype engineers make some changes to their software, more of these problems will continue to pop up, Raff said.

Another security researcher who has been studying the flaw agreed.
"If they keep their Skype client running in the Local Zone of IE, we will see more of these," said Petko Petkov of GNU Citizen via instant message. "Before killing Metacafe, anyone who owns the server would have been able to own every Skype user on the planet."

Apple growth will draw malware attacks

2008-01-27T13:05:00.000+08:00

Matt Hines
InfoWorld
Website: http://www.infoworld.com

San Francisco - As Apple continues to grow its worldwide market share and the company's products find their way into more business environments, attackers are certain to follow and create greater volumes of exploits aimed at vulnerabilities in the company's software, security experts contend.

According to industry analyst firm Gartner, Apple shipped just over 1 million Mac OS X-based computers during the fourth quarter of 2007, a gain of 227,000 over the fourth quarter of 2006. The analyst firm reported that Apple's U.S. market share for 2007 jumped by 28 percent compared to 2006, rising to just over 6 percent.
And with Apple CEO Steve Jobs stating at last week's Macworld Expo and Conference that the company has already sold 4 million iPhones and 5 million copies of Leopard (Mac OS X 10.5), its latest OS, since launching the products last year, the company's prospects look stronger than ever.

However, malware researchers and industry analysts warn that as the sheer number of Apple end-point devices in use worldwide rise, so will the security concerns tied to the company's products.

"It's hard to get around market share. At the end of the day, malware writers don't care what operating system you are using; it's about whether or not you have valuable information on your machine and whether there is an opportunity to take advantage of it," said David Marcus, security research manager for McAfee's Avert Labs group.
"Microsoft Windows has been targeted so aggressively because it has a much broader deployment than the Mac OS," he said. "But the malware authors watch trends just like everyone else, and they know more people are considering a move to Apple, including government institutions and businesses; if it makes financial sense to go after that opportunity at some point, they will move in that direction."

The Mac's vulnerabilitiesIn some cases, attackers will seek to exploit vulnerabilities such as currently unpatched flaws in Apple's QuickTime multimedia player application. In other cases, malware writers will use threats based more on social engineering, such as with the MacSweeper rogue cleanup tool that appeared during Macworld Expo, the researcher said.
MacSweeper serves as evidence that developers -- both credible and not -- have already begin to turn more of their attention to Apple platforms, anticipating Mac users' security fears, Marcus said. Although MacSweeper is pitched by its creators as a utility for cleaning malware programs and other unwanted software off of Mac OS computers, it has proven to do almost nothing of the sort, despite its $40 asking price.

David Maynor, chief technology officer of research and consulting firm Errata Security, said that one area where attackers may seek to assail the Mac OS is via flaws found in some of the older open source libraries of software code used in the platform.
Apple also typically lags in patching issues found in those code libraries, such as with the Samba networking protocol used in the company's Mac OS X.
Even when the Samba open source community has created a fix for a known security issue, it often takes Apple three to four months to introduce a related patch for its products, giving any attackers looking to subvert Mac systems a lengthy window of opportunity to do so, Maynor maintained.

"If someone has a list of these open source security issues in the projects included in Mac OS, they could use that against OS X users," said Maynor. "Samba is a perfect example, as there is generally a large window there."

A rise in underground malware activityMaynor said that he observed an increase in Apple-related activity in the underground malware research community last year around several previous QuickTime vulnerabilities.
"It's not that the number of Mac vulnerabilities is rising. If you look at their own security archives, you'll see that there were always a lot that were reported, but no one cared in the past," Maynor said. "One of the problems is that a lot of users buy into the misconception that Mac OS is more secure because of Apple's development process, but that's not really the case. Some people also feel that they are protected by Apple's smaller market share, but with more of these computers out there, more attention is being paid to it."

According to officials with Lumension, a software vendor that specializes in vulnerability scanning and patching, Mac OS has actually had far more security flaws reported in the last year than Microsoft Windows. Don Leatham, director of solutions and strategy at Lumension, formerly known as PatchLink, said that Mac OS X had nearly five times as many vulnerabilities reported than Windows during 2007. He noted, however, that many of those issues were considered minor, and that the Microsoft Windows security problems were notably more critical.
But Leatham agreed that publicly reported holes in Mac OS products tend to stay unaddressed longer than their Windows counterparts. "It's not always about the sheer number of exploits anyways; it's more about the speed at which real exploits are being created. That's what people will need to be worried about going forward," Leatham said. "If you get to the point where you have professional malware development kits being sold on the underground, as we have today for Windows, that's when there could be real problems for Mac. But we haven't seen any of those just yet."

Leatham added that, as with other mobile devices, Apple's iPhone has yet to see any truly dangerous malware attacks. However, when Apple releases its mobile applications development toolkit for the handhelds in February, he said it will be interesting to see if anyone tries to take advantage of the package to aim new threats at the phones.
"It would obviously still be a bigger deal if someone created a successful attack that targeted the Research in Motion BlackBerry platform, because those are the devices of choice in most businesses, but with 4 million devices sold by Apple, some of these handhelds are already finding their way into the enterprise," said Leatham. "iPhone has been considered very safe thus far because of Apple's rigorous applications white-listing approach, but we'll be curious to see the security features open to developers in the new toolkit and whether it will attract the interest of any malware writers."

Short-term safety, longer-term concernFor now, Apple users likely have little to worry about, the industry watchers agreed. Even with Apple's dramatic market share gains, the majority of its computers are being purchased by consumers, and malware professionals are more concerned with trying to exploit Windows vulnerabilities to steal valuable data from business users, experts contend.
"We're nowhere near a tipping point where, from an economic standpoint, it will be a better strategy for attackers to target Macs vs. PCs," said Andrew Jaquith, an analyst with the Yankee Group. "People who write malware for a living are professionals, they want to get the best return on investment from their work, and there are still much higher returns to be found in the Windows space.
"We will probably see some opportunistic things being developed on the Mac side as the market share numbers increase, but it's still nowhere near the epidemic we've experienced with Windows," Jaquith said. "Mac is still a safer platform, although not necessarily a more secure one."

Reached for comment, an Apple spokesman said that the company takes security "very seriously" and defended that the company has "a great track record of addressing potential vulnerabilities before they can affect users." However, the spokesman reiterated that the firm always welcomes feedback on how to improve security on the Mac.

Shell, Rolls Royce reportedly hacked by Chinese spies

2007-12-04T11:56:00.000+08:00

Jeremy Kirk
InfoWorld
Website: http://www.infoworld.com

San Francisco - Britain's domestic intelligence agency is warning that cybercrime perpetrated by China is on the rise following hacking attacks against Rolls-Royce and Royal Dutch Shell.

The agency, known as MI5, recently sent letters to some 300 banks, accounting and legal firms warning that "state organizations" of China were plying their networks for information, according to the Times of London on Monday.

The U.K. government refused on Monday to confirm the letters. However, the reported correspondence comes just a month after the U.K.'s top domestic intelligence officer warned of "high levels" of covert activity by at least 20 foreign intelligence agencies, with Russia and China as the most active.

"A number of countries continue to devote considerable time and energy trying to steal our sensitive technology on civilian and military projects, and trying to obtain political and economic intelligence at our expense," said Jonathan Evans, director general of MI5, in Manchester, U.K., on Nov. 5.

"They do not only use traditional methods to collect intelligence but increasingly deploy sophisticated technical attacks, using the Internet to penetrate computer networks," he said.

The Times, quoting an unnamed source, reported that Rolls-Royce's network was infected with a Trojan horse program by Chinese hackers that sent information back to a remote server. Dutch Shell uncovered a Chinese spying ring in Houston, aimed at pilfering confidential pricing information for the oil giant's operations in Africa, the paper said, citing "security sources."

Representatives for both companies contacted in London on Monday did not return calls for comment.

The rise in hacking originating in China and Russia has been well-documented by security researchers. But its been harder to distinguish between state-sponsored hackers and those just operating in the same geographic region, said Graham Cluley, senior technology consultant for security firm Sophos PLC.

Some 30 percent of the malicious software created is written by Chinese, Cluley said. But about 17 percent of those programs are designed to steal the passwords of users who play online games rather than intended for industrial espionage, he said.

"It's not all James Bond," Cluley said.

Hackers are also tough to trace since they can often control networks of other computers, called botnets, which can be used to carry out commands and attacks.

Botnet investigations are time-intensive and difficult for law enforcement since the computers are often in different countries, requiring international legal cooperation.

Spying to gain an advantage over a commercial competitor is nothing new, and it's hard to definitively blame China for it, said Peter Sommer, who teaches information systems security at the London School of Economics and also wrote "The Industrial Espionage Handbook."

The job of an industrial spy has also become a lot easier with the advent of the Internet, Sommer said. About 90 of intelligence collected by agents is "open source," or already public information.

"You no longer have to get into buildings and try and meet people," Sommer said.

Public Web sites of companies are rife with e-mail addresses of employees who can be "spear-phished," or sent e-mail with a malicious software such as a keystroke logger. The hacker uses social-engineering tricks in order to get the worker to open the attachment, opening up access to a company's network.

McAfee: Vista Likely a Hacker Target in 2008

2007-12-04T11:46:00.000+08:00

Jennifer LeClaire
News Factor Network
Website: http://www.newsfactor.com

Windows Vista is being relegated to the doghouse again this week for being slower than XP, and security experts are warning that Vista might face more serious malware in the upcoming year.

New tests show that Windows XP, coupled with the forthcoming Service Pack 3, performs twice as well as Vista with SP1. Devil Mountain Software discovered that a preview version of SP3 for Windows XP offered a 10 percent performance boost. The software development firm said that performance gains with SP1 for Vista were negligible.

However, slower speed is one issue, security is another. Considering the probability that more businesses will begin migrating to Vista in 2008, security analysts say that the security of Microsoft's latest operating system might be a larger problem than performance.

Vista Migration Mixed with Danger?

The release of Service Pack 1 for Windows Vista is likely to accelerate the adoption rate of Redmond's latest operating system and have a corresponding impact on the bottom lines of malware writers, who have largely continued to target Microsoft's earlier operating systems. According to McAfee, if professional malware authors begin to see an impact on their businesses as Vista becomes more popular, they might expand their efforts to find holes in the new operating system.

Of course, the antivirus firm added, that doesn't mean older threats to Windows XP will disappear. It was several years after the Java vulnerability named in Microsoft Security Bulletin M503-011 was patched before exploits targeting that vulnerability fell off the list of McAfee Avert Labs top 10 threats to consumers. The old threats will persist, McAfee warned, but a new crop is on its way.

The National Vulnerability Database reported 10 Vista vulnerabilities in the first nine months after the OS was released. This compares with 16 XP vulnerabilities during the same length of time. The number of reported Windows XP vulnerabilities more than doubled in the following 12 months. If history repeats itself, McAfee cautioned, businesses can expect far more than 20 Windows Vista vulnerabilities to be reported in 2008.

2008: A Year of Security Challenges?

The way iSight Partners' Director of Global Response Ken Dunham sees it, 2008 is a significant year for Windows Vista. On the business side, he noted, 2008 marks the year when many corporations will start to consider Vista seriously.

Dunham also said that 2008 presents new opportunities for hackers who are looking for corporate assets to attack while companies migrate to Vista. "Vista contains many new important security updates but is not invulnerable to attack," Dunham argued. "Hackers are actively looking for ways to exploit Vista, Internet Explorer 7, and other new features for maximum profit."

Of course, Vista isn't the only software system facing security threats. McAfee said there's a target on Web 2.0, online gaming, and instant messaging. "Threats are increasingly moving to the Web and migrating to newer technologies such as VoIP and instant messaging," Jeff Green, senior vice president of McAfee Avert Labs, said in a statement.

"Professional and organized criminals continue to drive a lot of the malicious activity," Green said. "As they become increasingly sophisticated, it is more important than ever to be aware and secure when traversing the Web."

Google Purges Malware Sites Targeting Searchers

2007-12-04T11:42:00.000+08:00

InformationWeek
Website: http://www.informationweek.com

In response to a concerted effort by cybercriminals to infect the computers of Google users with malware and make them unwitting partners in crime, Google apparently has purged tens of thousands of malicious Web pages from its index.

In a blog post on Monday, Alex Eckelberry, CEO of Sunbelt Software, noted that many search results on Google led to malicious Web pages that expose visitors to exploits that can compromise vulnerable systems.

"We're seeing a large amount of seeded search results which lead to malware sites," said Eckelberry. "These are using common, innocent terms -- one researcher landed on a malware site through searching for alternate firmware for a router."

Sunbelt published a list of search terms that returned malicious pages, the result of search engine optimization campaigns by cybercriminals to get their pages prominently ranked in Google -- Sunbelt refers to this as "SEO poisoning." The list includes hundreds of search strings containing the words "Microsoft Excel," along with a number of other popular technology-oriented terms, products, and companies.

On Tuesday, the SANS Institute said that the number of vulnerabilities in Microsoft Office had grown by 300% from 2006 to 2007, particularly in Excel.

A Microsoft spokesperson wasn't immediately available.

Sunbelt researcher Adam Thomas in a blog post attributes the thousands of pages to a bot net designed "to post spam links and relevant keywords into online forms (typically comment forms and bulletin board forums)," in order to place prominently in Google searches for those terms.

Those duped into visiting malicious Web pages from Google search results could, if their systems are vulnerable, acquire malware known as Scam.Iwin, which is designed to use the victim's computer to defraud Google and its advertisers. "With Scam.Iwin, the victim's computer is used to generate income for the attacker in a pay-per-click affiliate program by transmitting false clicks to the attacker's URLs without the user's knowledge," explained Thomas in a blog post. "The infected Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the Internet."

Google didn't respond to a request for comment.

But it appears Google has deleted the malicious pages from its index. "Google took action on these domains and you won't find them anymore in Google," said Eckelberry.

According to Trend Micro, cybercriminals have been planning for the holiday online shopping season for months.

"Since September, cybercriminals have been boosting their search engine rankings using a variety of methods such as 'comment spam' and 'blog spam' in preparation for the Christmas period," said Raimund Genes, CTO of Trend Micro, in an e-mailed statement. "With shoppers visiting these sites likely to purchase goods online after infection, their credit card details become a main target for cybercriminals looking for financial gains this season."

Eckelberry credits the cybercriminals responsible with being particularly crafty because they attempt to conceal their malicious Web pages from certain types of searches favored by malware researchers.

See original article on InformationWeek.com

Virus Definition Updates 22/11/2007

2007-11-22T21:20:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.16.4.1
Download AVG AVI:269.164 .2
Download AVG AVI:269.16.4 .3
Download AVG IAVI:1145
Version: -
Date: 22/11/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 7.00.00.248
Date: 22/11/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 071121-0
Date: 21/11/2007

Symantec
Download Norton VDU
Version: 91121b
Date: 21/11/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Firefox 2 Security Update Coming

2007-11-22T21:16:00.000+08:00

InformationWeek 21/11/2007
Website: http://www.informationweek.com

Even as Firefox 3 moves into beta, Firefox 2 is getting a security makeover.

The Mozilla Quality Assurance Community has called for volunteers to help test Release Candidate Builds of Firefox 2.0.0.10, which is expected to be released next week, following the Thanksgiving holiday.

Firefox 2.0.0.10 addresses a Java Archive handling bug that was first reported back in February. The vulnerability allows a malicious attacker to conduct a cross-site scripting attack by hiding exploit code in a Java Archive (.jar) file. This is because the .jar protocol is not restricted to .jar files and will open .zip files, which can be malicious.

"In simple terms, [this] means that any application which allows upload of .jar/.zip files is potentially vulnerable to a persistent cross-site scripting," said Petko Petkov, founder of security consultancy gnucitizen.org, in blog post earlier this month. "Potential targets for this attack include applications such as Web mail clients, collaboration systems, document sharing systems, almost everything that smells like Web 2.0, etc., etc., etc."

The browser update also addresses a redirection bug related to .jar/.zip files.

The Mozilla Security Blog notes that this exploit has been demonstrated to work against Gmail as a way to access the victim's stored contacts.

"In future versions Firefox will only support the jar scheme for files that are served with the correct application/java-archive MIME type," says the Mozilla Security Blog. "Firefox will also adjust the security context to recognize the final site as the source of the content. This will be addressed in Firefox 2.0.0.10, which is currently in testing."

MySpace Hacker Tells His Story

2007-11-22T21:12:00.000+08:00

PC World 20/11/2007
Website: http://www.pcworld.com

If Samy Kamkar plays his cards right, he may be allowed to visit MySpace again in just a few months. For the time being, however, he's not even allowed to touch a computer, following a January 2007 guilty plea for creating what many consider to be the first Web 2.0 worm: the Samy worm.

Samy's worm wasn't malicious, but it did force News Corp.'s MySpace social-networking site to shut down in late 2005 after forcing more than 1 million users to declare Samy a "hero" on their profile pages.

Last week, Samy, who is now 21, made his first public appearance since his conviction, attending the OWASP App Sec 2007 conference, hosted by eBay, in San Jose, California. He was treated like a celebrity at the show, but there were some complications. Under the terms of his plea agreement, he can only use computers for work, so he was forced to show slides that he'd dictated to a friend on a computer that was operated by a conference staffer.

It's not easy being a computer geek cut off from computers, but if Samy remains a model parolee, he could be allowed to use computers again in a couple of months. He talked to IDG News Service about what life has been like since his arrest and what he plans to do as soon as he's online again.

IDGNS: What were you thinking when you wrote the Samy worm?

Kamkar: When I wrote the worm, it initially wasn't a worm. Initially I was just trying to spruce up my MySpace profile. I also wanted to show off to a couple of friends, so I thought 'wouldn't it be cool if I did this? What if I made some of these people add me as a friend automatically?' Then I figured, 'what if I made them add me as a hero?' So I wrote a little code and what ended up happening is whenever someone viewed my profile, they would automatically add 'But most of all, Samy is my hero' at the end of their hero section on their profile. And after that, I thought, 'If I can make this person my friend, if I can make myself their hero, couldn't I just copy this code onto their profile?'

I didn't think this would be a big deal, so I tried it out. I thought maybe I'll get one friend tomorrow and a few in maybe a few days. It went quickly. Apparently, MySpace is a bigger place than I assumed.

IDGNS: How hard was it to write the worm?

Kamkar: I'm not a Web application security expert, but I'm into security and I'm into Web applications. As a programmer, it wasn't too much to learn how to use AJAX, which really helped make the worm work and proliferate really quickly. It only took a few days to write the thing from start to finish and it was only in the last day that I thought that this could be a worm.

IDGNS: Do you think it would be easy to write another MySpace worm now?

Kamkar: It would be much harder to write a MySpace worm right now just because they've added so many restrictions, but it's always possible and there are so many other sites that these exploits are available on. So it could still happen.

I think that more worms are going to come out. I've heard of more worms trying to take off using the same code base that I wrote, and just changing a few things. Luckily restrictions have really prevented those from working out too well. But yeah, from here on out, I think worms are only going to get more advanced.

IDGNS: What's your life been like since you pleaded guilty in this case last January?

Kamkar: My life has been a bit different. I have computer restrictions now, so I can only use computers for work purposes. I also serve community service and I'm on probation. So on top of the restitution, it's a little more than a slap on the wrist.

IDGNS: The worm you wrote was fairly innocuous. It just made you really popular on MySpace. How do you feel about being indicted for this?

Kamkar: Well, I didn't have malicious intent writing the worm. I understand that it was a big example of what you shouldn't be doing, so I think if I were in their shoes, maybe I'd do the same thing. Maybe I'd say, 'Well that guy got a lot of press. He's showing, this is how you hack a Web site and this is how you write a worm, and we want to make sure people don't do that.'

And I agree that people shouldn't be doing that and I shouldn't have released that. So I sort of see it on both sides.

IDGNS: Do you regret doing it?

Kamkar: I wish I could take it back.

IDGNS: What's the first thing you're going to do when you're free to use a computer again?

Kamkar: The first thing I'm going to do when I can use a computer again is probably just get back into development on the site and write projects that are interesting to me and non-malicious. No more worms.

IDGNS: Would you work for MySpace if they wanted you to?

Kamkar: I think in the future, I'd be happy to help out because they actually provide a pretty cool site. Right now, I'm involved in one project with one company, but in the future, that's definitely an option.

MySpace Still Denies Security Holes

2007-11-13T13:50:00.000+08:00

News Factor Network 12/11/2007
Website: http://www.newsfactor.com

Alicia Keys' MySpace page isn't the only profile to be hacked with malware. Some 8,000 band profiles have been hacked in the exact same way -- and many of those profiles are still linked to malware sites, according to security researcher Chris Boyd, who first posted information about the attack on October 31.

MySpace has denied that there is a security problem with the social-networking site, saying that the bands that were hacked fell victim to phishing attacks, which compromised their profile passwords.

Writing on his VitalSecurity blog, Boyd said MySpace's explanation defies rational thinking. "This is patently nonsense," Boyd wrote. "What -- an endless stream of bands, record labels, music newspapers, and producers all woke up yesterday and forgot what the real MySpace Web site looks like? Give me a break."

'Bubbling Scum of Malware'

The fact that Keys' profile was rehacked after MySpace announced it had been cleaned belies the notion that phishing is responsible, said Andrew Storms, director of security operations for nCircle. "I tend to agree that there is a yet-to-be-reported problem with MySpace," Storms said. "MySpace has gotten a bad rep as a bubbling scum of malware," he added. "It's where people go to incubate their malware."

In the so-called Alicia Keys hack, malware authors inserted a very large transparent background image on the site, linked to the malware being hosted in China. "It's a classic drive-by attack," Storms said. "The user doesn't even have to click." Simply by mousing over the page, users are inviting the malware onto their system.

"The first attempt is to install it automatically," Storms said. If that doesn't work, the malware presents a prompt, saying that a new codec is needed to play a video. By default, browsers are set to prompt the user before installing software, but they also present an option to download automatically, which many users choose, Storms said.

"You know a site has got problems when the only surefire solution to not be subjected to hack attacks and dubious redirects is to not use it. But that's currently where we are. Well played, MySpace," Boyd wrote on his blog.

MySpace Should Act Soon

Making matters worse, MySpace has simply deleted many affected bands' profiles, including their content and friend information, without so much as a warning, according to press reports. Vaughn Atkinson, guitarist with the British band JetKing, said MySpace deleted the band's profile and has refused to restore it from backup. Many little-known bands are in similar straits, Boyd said.

"So you can imagine how angry a lot of these bands are when they've gone and built that complex network of friends, people who spread the word about their music, promoters, upcoming shows, and a lot more besides and then -- whoops. No more MySpace page."

As this story continues to grow, Storms said, MySpace will have to take action. "MySpace is going to have to come out soon with some more information, he said. "They're going to have to say we've identified the security problem and it's been fixed or we've reset all these profiles -- or both."

While to some degree bands "get what they pay for" -- nothing, in this case -- MySpace should treat all users the same, Storms added. "If this kind of hacking continues, they're going to have to offer some sort of user-initiated rollback," he said.

Some Ad Networks Are Bad News

2007-11-13T13:46:00.000+08:00

By Larry Seltzer - eWEEK

You wouldn't go surfing to just any site. You're careful about where you go. You only go to sites you trust.

But who are you trusting? A series of recent attacks has resulted in seemingly respectable news sites serving malware and redirecting users to sites that serve malware.

The problem is in the ads on those news sites. The ads are served by advertising networks that weren't careful enough with their own security. When you trust a Web site you have to trust everyone it's in bed with.

The first one I became aware of was YNet, an Israeli news site. Don't go to that site just yet. The Ynetnews.com site I read is in English. The Hebrew site at ynet.co.il is far more popular, in fact the most popular news site in Israel. It is the Internet site for Yedioth Ahronoth, a very large Israeli newspaper.

About two weeks ago I noticed that after going to the page from a bookmark that had only the domain name in it I was redirected to a different site on the domain malware-scan.com, a classic "rogue anti-spyware" site that I recognized from prior experience. There are a variety of scams that come from this domain, but this one said that my system was infected with malware and that they could scan it. The browser window shrinks down to dialog box size to give the appearance of a dialog box. You can't cancel out; no matter what you do (other than killing the process in Task Manager) you are brought to the "scanning" Web site, where your system is faux-scanned, and lots of malware is found on it.

I've observed this attack many times now, both through up-to-date versions of Internet Explorer and Firefox. Sometimes the "app" being pushed is a "performance optimizer" rather than a malware scanner, but in any event it's malware. Kaspersky Antivirus on my system recognized it as "not-virus.Hoax.Win32.Renos.kd." I got a lot of analysis help from the ubiquitous Gadi Evron, from independent analyst Thor Larholm and from Adam Thomas of Sunbelt Software.

The redirect came from code in one of the many ad sections in the Ynetnews.com home page. The code in this page is disturbingly complex and contains a large number of IFRAME tags, many to other domains. An IFRAME tells the browser to go to some other site and read in the HTML from there. This is an example of what is called transitive trust: I trusted Ynet, it trusted its ad providers, therefore I trusted those ad providers. Big mistake. The attack is still up and running as of Sunday, Nov. 11. Incidentally, the actual attack came through Flash code on one of the ad domains (adtraff.com) that performed the redirect.

And Ynet isn't the only news site to be infected with this plague. It's spreading. Tucson Newspapers had a similar attack. That attack, according to a report, was on the site for 10 to 18 days. They say, "Our people reacted very quickly," which seems to be a contradiction.

A third attack, on the Boston Herald, was reported to have come in through a Flash ad on advertising.com. I've confirmed that the attack is still on the advertising.com site, although it's not clear that that specific flash movie is actually being served on any advertising.com customer sites.

The malware-scan.com attack itself is interesting enough (yawn!), but I'm basically interested in how legitimate news organizations got to include such obviously undesirable content on their sites. Not only does the attack itself subject the user to malware, but it takes them away from the news site. And yet Ynet hasn't bothered yet to do anything about it, at least as far as I can tell.

In all of these news site cases, I've seen the redirect performed through the same Flash movie mechanism, but I think the movie was served from three different sources: advertising.com, adtraff.com and in the Tucson Newspapers site all of the ad content appears to be served from tucson.com through Akamai. Ad networks have complicated relationships, but I'm definitely confused. Someone is selling this dirty ad, and legitimate sites are getting scammed.

And then, just as I was finishing up this column, we found another one on an even more significant site: MLB.com, the site of Major League Baseball. It's not clear yet where the redirect is coming from, but it goes through newbieguide.com, which hosts what seems to be the same malicious Flash movie, to adverdaemon.com and on to the fake anti-malware ad, which we've seen both at longlifepc.com and fixthemnow.com.

BTW, yes, of course even eWEEK has ads from outside ad networks such as DoubleClick, recently bought by Google. Is this a risk? At some level yes, of course it is. Both DoubleClick and eWEEK have no history of problems in this regard that I can recall, and I wouldn't tell you to avoid any specific sites, except maybe YNetnews.com.

The point is that Web sites that have content relationships with outside sites need to scrutinize the content coming from those sites. They need accountability from those partners, and they need contingency plans for taking the content down in case there's a problem with it. And someone needs to investigate these malware ad attacks further to find out how legitimate sites can avoid them.

Security Center Editor eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack

Hacker Pleads Guilty to Spreading Botnets

2007-11-10T22:59:00.000+08:00

PCWorld 10/11/2007
Website: http://www.pcworld.com

A hacker has pleaded guilty to infecting hundreds of thousands of computers with malware in order to steal money from Paypal accounts. He could spend 60 years in prison and face a US$1.75 million fine.

John Schiefer, 26, admitted that he and some associates developed malware that allowed them to create botnet armies of as many as 250,000 computers. Schiefer was able to collect information sent from the infected computers, including usernames and passwords for Paypal accounts. He and his associates were then able to make purchases using the Paypal accounts. They also shared the password information with others.

This is the first prosecution of a hacker for this type of activity, according to the United States Attorney's Office for the Central District of California. The Federal Bureau of Investigation pursued the case.

Schiefer says he also found Paypal usernames and passwords using malware that could access usernames filed in a secure storage area on the computers. The malware would send that information to Schiefer, who used it to access the accounts.

Schiefer also acknowledged fraudulently earning more than $19,000 from a Dutch Internet advertising agency that hired him as a consultant. He was supposed to install the company's programs on computers after receiving consent from computer owners. Instead, he and his associates installed it on 150,000 computers that were infected with his malware.

Schiefer is scheduled to appear in the U.S. District Court in Los Angeles on Nov. 28 and be arraigned on Dec. 3.

Virus Definition Updates 10/11/2007

2007-11-10T22:46:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.15.28.1
Download AVG AVI:269.15.28 .2
Download AVG AVI:269.15.28 .3
Download AVG IAVI:1122
Version: -
Date: 10/11/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 7.00.00.197
Date: 9/11/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 071109-0
Date: 9/11/2007

Symantec
Download Norton VDU
Version: 91109q
Date: 9/11/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Malware Planted on MySpace Once Again

2007-11-10T15:54:00.000+08:00

News Factor Network 9/11/2007
Website: http://www.newsfactor.com

Attackers are piggybacking on the fame of R&B recording artist Alicia Keys to spread their malware over the Web. Keys' MySpace page has been infected with malicious software.

Exploit Prevention Labs discovered the attack, one of several targeted MySpace pages. French funk band Greements of Fortune and Glasgow rock band Dykeenies were also targets of the Web-based attack.

"When a visitor visits the infected page, they're first hit by an exploit which installs malware in the background if they're not fully patched against the latest security vulnerabilities, and next they're presented with a fake codec which tells them they need to install a codec to view the video," said Roger Thompson, CTO at Exploit Prevention Labs. "So even if they're patched, they can fall victim to the exploit."

One Hack After Another

Specifically, visitors to these MySpace pages are directed to co8vd.cn/s. This appears to be a Chinese malware site. If the visitors accept the code installation, the site installs malicious software. You can view a video demonstration of the attack on YouTube.

The hack has some interesting characteristics, Thompson explained. "Perhaps most interesting, the bad guys are using a creative hack we haven't seen before: The HTML in the page contains some sort of image map, which basically makes it so you can click on anything over a wide area on the page and your click is directed to the malicious hyperlink," he said. "We tested it and even the ads were affected."

MySpace officials could not immediately be reached for comment, but Thompson reported that the popular social-networking site fixed the pages in question within hours of the discovery. However, yet another hack was discovered just a few hours later, and a new image code has appeared that Thompson warned could be coming online soon.

Reviewing the History

MySpace is no stranger to malware writers. In March, McAfee reported the site is increasingly becoming an unhealthy breeding ground for the "scum of the Internet" by luring surfers to sexually explicit Web sites or trying to capture personal information from members that could lead to identity theft.

The rock band attack theme remains popular. In March, it was the French rock band MAMASAID that was used as a vehicle to download Trojans to unsuspecting members' computers. The Trojan JS/SpaceStalk worked through a feature in QuickTime that opens links automatically when a movie is run.

For its part in the security equation, Apple released an update to QuickTime earlier this week that fixed several security bugs. The 7.3 update plugs seven holes in the software, six of which could allow an attacker to run unauthorized software on a victim's PC.

Moving Forward

The Keys page hack on MySpace doesn't rely on QuickTime, but Thompson said the fact that the social-networking site is media-rich, with lots of sound and videos, makes the fake codec trick effective. The victim is likely to think he or she legitimately needs to download software to view the rich media.

"What's not clear at this point is how they're doing it, and how widespread it is. Neither Google nor MySpace seems to be indexing the critical bit of html," Thompson concluded. "If you search for the exploit site, the only results seem to be victims, or people talking about victims."

Need mobile spyware? Look on eBay

2007-11-10T15:42:00.000+08:00

InfoWorld 9/11/2007
Website: http://www.infoworld.com

San Francisco - Think your wife may be cheating on you? Wondering who your boss might be talking to? "Learn the truth. Spy today."

So reads an ad for "Bluetooth Spy Pro-Edition," one of nearly 200 mobile phone spyware products currently listed for sale on eBay.

The software, which costs as little as $3.99, can be used to view photographs, messages, and files on the phone, listen into phone conversations, and even make calls from the phone being spied upon.

Security experts are concerned because while these products aren't illegal, installing them without authorization to spy on someone else most definitely is.

And that's exactly what some of these products seem to be advertising. "You can now easily find out who your partner, business associates, friends have been in contact with," reads the Bluetooth Spy ad. "Whether you are suspicious of an affair or would just like information that will help progress your career, you can now do all of the following using your mobile phone, and the person you are targeting will not suspect a thing. Guaranteed!"

Another spellcheck-free ad claims that "You will now be able to establish who your freinds associates and husband/wife have been conversating with, you can read messages, even download them to your own phone or laptop, view their information and pictures."

This type of mobile spy software has been available for several years now, sold by companies like Flexispy and Neo-Call. Typically, however, it is much more expensive, and these companies are generally careful to promote only their legal uses such as monitoring corporate equipment, said Mikko Hyppönen, CTO with F-Secure. But the software is often used for nefarious purposes, such as industrial espionage and spying, Hyppönen said.

According to him, eBay shouldn't be selling this software; it is simply too dangerous.

Another security expert said that this type of software may even be harmful to the buyer. "You're certainly at a higher risk with the software of there being additional functionality that is not advertised and potentially malicious," said Craig Schmugar, virus research manager at McAfee's AVERT labs. "In general, when you see the advertising claims made and the types of pages represented, you should approach them with some skepticism."

This software can be installed via a Bluetooth connection and typically runs on both Windows Mobile and Symbian operating systems, McAfee said.

eBay representatives could not immediately be reached for comment on this story.

Apple Patches QuickTime Holes, Microsoft Warns Of Macrovision Driver Flaw

2007-11-07T19:52:00.000+08:00

InformationWeek 6/11/2007
Website: http://www.informationweek.com

Apple on Monday released QuickTime 7.3 for Mac OS X and Windows XP SP2 to patch seven vulnerabilities in its multimedia software.

All seven of the vulnerabilities have the potential to allow arbitrary code execution by an attacker if the user visited a site with certain maliciously crafted movie or image files, or a maliciously crafted Java applet.

Apple updated QuickTime to version 7.2 in July, when it fixed eight security problems with the software.

Microsoft meanwhile warned Monday that a flaw it the Macrovision secdrv.sys driver in Windows Server 2003 and Windows XP is actively being exploited. An attacker making use of the vulnerability potentially could gain elevated privileges to the affected system.

"This vulnerability does not affect Windows Vista," Microsoft said. "We are aware of limited attacks that try to use the reported vulnerability. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary."

Macrovision, which provides Microsoft with digital rights management (DRM) technology, is offering a driver update to address the vulnerability.

Microsoft expressed concern that the vulnerability had been made public rather than first disclosed to the company in private.

"We continue to encourage responsible disclosure of vulnerabilities," Microsoft said. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed."

Microsoft said that it plans to address the issue as part of its regularly scheduled patch plan.

Microsoft to patch software driver vulnerability

2007-11-07T19:50:00.000+08:00

InfoWorld 6/11/2007
Website: http://www.infoworld.com

San Francisco (IDGNS) - Microsoft has warned that a faulty driver used for copy protection could allow a hacker to gain high-level access to a PC.

The problem lies with a driver called secdrv.sys, which is part Macrovision's SafeDisc software included with Windows Server 2003 and Windows XP. The software, which can block unauthorized copying of some media, also ships with Windows Vista, but that OS is not affected.

Microsoft said it knows of "limited attacks" that try to use the vulnerability, in an attack known as an elevation of privilege. The vulnerability could allow a hacker with local access to a machine to elevate his access rights and gain administrator rights, for example, allowing him to install software.

Microsoft said it was concerned that the vulnerability had been disclosed before it had a chance to fix it, which puts people at greater risk. "We continue to encourage responsible disclosure of vulnerabilities," it said.

Macrovision has issued an update for the driver. Microsoft said it also plans to issue a fix as part of its monthly patch cycle.

Danish security vendor Secunia said the vulnerability was first reported as a zero-day about two weeks ago, meaning the problem was being exploited by hackers as it became known.The company rated the vulnerability as "less critical," it's second lowest risk ranking for a vulnerability.

Mac Users Targeted with Nasty Malware

2007-11-02T16:51:00.000+08:00

News Factor Network 1/11/2007
Website: http://www.newsfactor.com

So much for Mac users avoiding bugs, worms, and other security nuisances. A Trojan targeting Macs is on the loose, and it's hanging out on porn sites, according to security researchers.

The incident was first reported by Intego, a Mac security software vendor. Sunbelt Software, the SANS Institute's Internet Storm Center (ISC), Sophos, and McAfee have confirmed the Trojan. Dubbed "OSX.RSPlug.a," the Trojan changes the Mac's Domain Name System (DNS) settings to redirect unsuspecting users to different sites.

"The whole Trojan is relatively simple and works almost exactly the same as its brother for Windows," said ISC analyst Bojan Zdrnja in a warning the center posted on Thursday. "The bad guys are taking Mac seriously now. This is a professional attempt at attacking Mac systems, and they could have been much more damaging."

Porn Opens the Door

The family of malware that is targeting Macs is called "Puper." It's been plaguing Windows users since 2005. One of the most notable cases of Puper attacks was exploits on infected MySpace pages.

In the Mac attack, people who are searching for porn on the Internet may find it. But they may also find a nasty payload when they encounter a popup window instructing them that QuickTime needs to install new software so they can view the videos. If the user tries to install the codec, a script then creates a scheduled task to change the Mac's DNS to point to a malicious server.

"In effect, instead of getting valid entries for Web sites like you would expect, you're now getting whatever this malicious site decides to point you to. That could be a phishing site, that could be more malicious files, you can no longer trust that the URL you expected to get will be what is delivered to you," Allysa Myers, part of the computer search research team at McAfee Avert Labs, wrote on the company's blog.

Mac Malware Short List

The OSX/RSPlug.a Trojan is on a very short list of malware that's been specifically designed to target Mac OS X, according to Graham Cluley, senior technology consultant for Sophos. The motive of this particular Trojan could be for the purposes of phishing, identity theft, or simply to drive traffic to alternative Web sites, he said.

The good news is the Trojan doesn't exploit a vulnerability in Leopard, Tiger, or any Apple code. This Trojan exploit depends on a user to take actions to open the door to the nasty payload.

"This is not a red alert, but it is a wake-up call to Mac users that they can be vulnerable to the same kind of social engineering tricks as their Windows cousins," Cluley said. "The truth is that there is very little Macintosh malware compared to Windows, but clearly criminal hacker gangs are no longer shy of targeting the platform."

Keeping It in Perspective

In February 2006, in the wake of the discovery of the first Mac OS X worm, Sophos released research that showed 79 percent of computer users believed Macs would be targeted more in the future. However, over half of those polled said they did not believe the problem would be as great as for Windows. Still, Sophos experts are urging Macintosh users to keep the threat in perspective.

Cluley said the latest version of Mac malware is making headlines because it is so rare. A Trojan like this for Windows would be unlikely to generate as many column inches because such Trojans are encountered every day. Nevertheless, he said, it obviously makes sense for Mac users to ensure that they are protected.

"People have been predicting that as soon as financially motivated malware came to the Mac neighborhood, its denizens could no longer be so smug about security issues," McAfee Avert Labs' Myers wrote. "This is a very simple piece of malware, and yet it works. Time will tell if this family will wreak as much havoc as it has on Windows."

Fortress Mac Is Gone

2007-11-02T16:44:00.000+08:00

eWeek 1/11/2007
Website: http://www.eweek.com

Several pornography sites are loading a Trojan disguised as a video codec required to view content on Macs—the first Mac-targeted malware exploit to be spotted in the wild and validation of security researchers' long-maintained prediction that, sooner or later, the rationale for Mac security smugness would rub off.

"[Users infected by visiting questionable Web sites] began using Macs as most malware target the Windows operating system. Well, soon enough, it may not matter which OS you are using," said Symantec's Joji Hamada in a Nov. 1 posting.

Sunbelt Software and Intego, a maker of Mac security software, are warning that a mother lode of spam has been posted to many Mac forums in an attempt to trick users into visiting sites with rigged porn photos. The photos are from reputed porn videos. If Mac users click on the stills to view the videos, they're taken to a site that informs them that the QuickTime Player is unable to play the movie file. They're then instructed to click to download a new codec.

Sunbelt reports that the fake codec is a variant of Trojan.DNSChanger, malware that's been plaguing Windows users for some time. Symantec Security Response has confirmed the finding and has added detection for the threat as OSX.RSPlug.A.

Intego says that after the page loads, a disk image (.dmg) file downloads to users' Macs. If users have checked "Open 'Safe' Files After Downloading' in the General preferences of their Safari browser—or similar settings in other browsers—the disk image mounts. The .dmg file contains an installer package that then launches.

Otherwise, if users wish to install the codec, they double-click the .dmg file, then double-click the package file, which is named install.pkg.

If users continue with the installation, a Trojan program installs. Installation requires an administrator's password, which grants the Trojan full root privileges. No video codec is actually installed. If users return to the purported porn site, they just receive the download anew.

The Trojan uses a sophisticated method, via the scutil command, to change the Mac's DNS server. When the new, malicious DNS server is active, it hijacks some Web requests, leading users to phishing Web sites that are after account information for sites such as eBay, PayPal and some banks, or simply to pages displaying ads for other porn sites. "In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked. In the latter case, it seems that this is being done solely to generate ad revenue," Intego said in its release.

Running Mac OS X 10.4, the GUI has no way to display the changed DNS server. Running Mac OS X 10.5, it can be seen in the Advanced Network preferences, Intego officials said. However, Trojan-installed DNS servers are dimmed and can't be removed manually. Intego said it's now testing previous versions of Mac OS X and that they're likely vulnerable as well, given that they all have the scutil command.

The malware also installs a root crontab that checks every minute to ensure that its DNS server is still active. Since changing a network location could change the DNS server, this added touch ensures that, in such a case, the malicious DNS server remains the active server, Intego officials said.

Heise Security's Juergen Schmidt told eWEEK that this malware is related to the security company's recent findings on holes in Leopard's firewall. If a user were to install the fake video codec, it could install a backdoor on a Leopard system that can let in remote attackers, even if the Leopard firewall has been configured to block all incoming connections, if there isn't a hardware firewall in front of the Leopard system.

Schmidt noted that this Trojan also provides different versions of itself, perhaps according to the country in which the user is located to provide country-specific spoofing. "Repeated downloads of the disk image show that there are several different versions," he said.

To see an eWEEK Labs' walk-through of Leopard, click here.

Tom Ptacek, founder of Matasano Security, told eWEEK that the threat to Macs is real, although it's not a huge one—just the same old scenario Windows users face every day.

It is an interesting story, however, given that it's the first OS X malware to be "weaponized." Unlike prior OS X malware, which was all about ego, this one's out to make money, Ptacek said—again, same old, same old in the world of Windows.

Unsurprisingly, there are more than a few I-told-you-sos ensuing in security circles. "For years, we've heard snorts of derision from Mac users about the poor security of PCs. Yet that supercilious attitude (as we know from our history books) is patently dangerous, because it creates a false sense of security. Now, Mac users will need to be a bit more careful out there ('cause when Joey wants his pr0n, he wants it now!). On the heels of the poorly-secured release of Leopard, we now find that there is no perfect protection against human stupidity social engineering, even for a Mac user," said Alex Eckelberry, Sunbelt president, in an Oct. 31 eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.

Researchers dig for hidden links in spam

2007-11-02T16:40:00.000+08:00

InfoWorld 1/11/2007
Website: http://www.infoworld.com

San Francisco (IDGNS) - Filtering spam messages is a thankless job for software. For every 100 spam e-mails, one message usually gets through, an irritating pitch with links to Web sites selling questionable drugs or sketchy Rolexes.

The links contained within spam are one indicator in determining whether it should be blocked. Often after a large spam run, the addresses of spammy Web sites will be added to blocklists that are used by antispam software to cull future messages with those links.

To get around it, spammers construct e-mails with links that can't be identified by filters but still are valid in the messages, said Christopher Fuhrman, a professor of software engineering in the Department of Software and IT Engineering at the University of Quebec.

Spammers do this by "munging" the HTML -- adding backslashes, taking out tags -- so that the message and its links are still readable by the rendering engines of browsers or e-mail clients but appear as a garble of nonsense to filters. The technique is also known as obfuscation.

It's a trial-and-error process because spammers don't read HTML Web standards. "Spammers just want to get the cash," Fuhrman said.

Tamper with the HTML too much, and the message won't render at all. Too little, and filters snare the message.

So spammers aim for a narrow gap: Most browsers and e-mail clients can render a certain amount of munged HTML, although the tolerances vary depending on the application.

Fuhrman theorizes that spammers test their messages using Microsoft's widely used Outlook program, which uses the same HTML rendering engine as its IE (Internet Explorer) browser.

So Fuhrman and one of his graduate students, Hicham El Alami, are writing a program to use that IE's rendering engine as a way to "parse" messages, or extract the links.

Services such as SpamCop already do this. SpamCop -- part of IronPort Systems, a subsidiary of Cisco -- has a Web-based service that uses algorithms to parse links out of spam messages submitted by users.

Those algorithms are hard to write, although SpamCop's is pretty good, Fuhrman said. Fuhrman and El Alami are interested in creating an alternate way to do that same parsing without needing to consistently tweak an algorithm to keep up with new tricks used by spammers.

It's hard to write a parser that will read links the same way IE's rendering engine does since Microsoft's source code is secret, Fuhrman said. So a better idea would be just to use that engine as part of a program to parse messages. A variety of tools exist to manipulate IE's rendering engine through APIs, Fuhrman said.

The links that IE's engine renders would be reported to a blocklist service. Fuhrman wrote a model version of his idea that works in Java, but El Alami is now working on one for .NET, Microsoft's application development framework.

"I want to ultimately get it as a Web-based engine so that users can paste spam, and when it comes out, it will reveal the links," Fuhrman said.

Storm Worm Sent 15 Million Pump-And-Dump E-Mails Last Month

2007-11-02T16:37:00.000+08:00

PCWorld 30/10/2007
Website: http://www.pcworld.com

The Storm Worm botnet network may be shrinking in size, but it has managed to send out 15 million annoying audio spam messages in October, according to antispam vendor, MessageLabs.

It's hard to believe that the Storm messages were effective. Recipients had to first click on an attachment-- usually given a misleading name like beatles.mp3 or Britney.mp3-- to hear the stock pitch, which featured a warbly robotic woman advising people to invest in online car seller, Exit Only.

This kind of scam, called "pump-and-dump", tries to nudge up the price of penny stocks by a cent or two, giving the spammers a way to make a quick buck by selling the stock before it crashes. Spammers have been delivering their messages in different formats, including.pdf and Excel files, over the past few years as part of a cat-and-mouse game with spam blockers. This latest move to MP3 spam is the latest development in this battle, observers say.

Spam watchers say that pump-and-dump schemes are the hottest and most lucrative area for spammers today.

The spam run began on Oct. 17, and lasted about 36 hours, using infected computers in the Storm Worm network to send out the mails, MessageLabs said in a statement released Tuesday. The spam sounded strange and warbly because the voice in the message was "synthesized using a very low compression rate of 16K Hz to keep the overall file size small, at around 50 KB, to avoid detection," the company said.

Storm is thought to have landed on as many as 15 million PCs over the past year, but recently its network of infected PCs has been shrinking. University of California, San Diego, researchers recently pegged it at about 160,000 computers, only 20,000 of which are accessible at any one time.

Exit Only said it was not involved in sending the spam. Its stock was trading around US$0.41 on Oct. 18, the day after the Storm spam started. On Tuesday it closed at $0.20.

Virus Definition Updates 2/11/2007

2007-11-02T16:04:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.15.18.1
Download AVG AVI:269.15.18 .2
Download AVG AVI:269.15.18 .3
Download AVG IAVI:1104
Version: -
Date: 1/11/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 7.00.00.163
Date: 2/11/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 071102-0
Date: 2/11/2007

Symantec
Download Norton VDU
Version: 91101p
Date: 1/11/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

FTC: More spyware-fighting tools needed

2007-10-30T10:40:00.000+08:00

InfoWorld 29/10/2007
Website: http://www.infoworld.com

San Francisco (IDGNS) - Organizations and law enforcement agencies fighting spyware are making progress, but new tools in an antispyware bill stalled in the U.S. Congress could improve the efforts, a member of the U.S. Federal Trade Commission said Monday.

One of the spyware bills passed by the House of Representatives earlier this year, the Spy Act, would give the FTC authority to impose civil fines on companies that distribute spyware to consumers' computers. The bill, along with the Internet Spyware Prevention (or I-SPY) Act, have stalled in the Senate since passing the House in May and June.

The FTC has the authority to collect profits from spyware operations and collect money for consumer redress, but it lacks the authority to impose other fines, as it does when going after spammers, said Commissioner Jon Leibowitz, speaking at a spyware forum in Washington, D.C.

Assigning a dollar figure to consumer harm is tricky in many spyware cases, especially when the spyware delivers pop-up advertisements to computers, Leibowitz said. It's sometimes difficult to get courts to assign large consumer damages to pop-up cases, he said.

In some cases, spyware damages are assessed by judges "who don't even use computers," said Dave Koehler, with the FTC's Bureau of Consumer Protection.

The Spy Act would allow the FTC to fine spyware vendors up to $3 million for hijacking computers, delivering unwanted adware, and other violations, and $1 million for collecting personal data without permission, in addition to going after the vendor's profits and seeking consumer redress.

Additional authority to impose civil fines would give the FTC "an enormous deterrent," Leibowitz said.

"Right now, companies know that the worst they can do is lose their profits," he added. "They're not going to get fined on top of that."

The FTC has brought several spyware actions against companies. In February, the agency settled a case against adware distributor DirectRevenue. In that case, DirectRevenue settled for $1.5 million, based on its profits, but the founders of the company had received more than $20 million in venture-capital funding, Leibowitz said.

While participants in the spyware forum said there continue to be many challenges, including a growing trend of foreign spyware vendors, the cost of spyware to U.S. consumers seems to be falling. Consumer Reports estimated that spyware cost U.S. consumers $2.6 billion in 2006, but only $1.7 billion in 2007, noted Ari Schwartz, deputy director of the Center for Democracy and Technology, a supporter of StopBadware.org, a consumer-protection effort aimed at spyware and other malicious code.

The drop in the cost of spyware can be attributed to a number of factors, Schwartz said. Antispyware technology is getting better, the FTC has taken action against spyware vendors, and StopBadware.org has distributed a list of malicious Web sites, he said. In addition, some states have taken action against spyware, and cybersecurity groups' public education programs seem to be working, he said.

But Ron Teixeira, executive director of the National Cyber Security Alliance (NCSA), noted that consumers may know more about spyware, but they aren't always acting on their knowledge. A survey released by the NCSA and McAfee earlier this month found 78 percent of respondents' computers didn't have all three of what the NCSA calls the "core protection" software: anti-virus, antispyware, and firewall.

"We're not seeing a huge increase in the actual behavior change," he said.

Attack code out for critical Kodak bug in Windows

2007-10-30T10:34:00.000+08:00

InfoWorld 27/10/2007
Website: http://www.infoworld.com

San Francisco (IDGNS) - A hacker has released attack code that could be used to exploit a critical bug in some versions of the Windows operating system.

Microsoft patched the flaw, which affects older versions of Windows, on Oct. 9. When the Image Viewer tries to open a maliciously encoded TIFF file, it can be tricked into running unauthorized software on the PC.

A sample of the exploit was posted Monday to the Milw0rm Web site. The code has not yet been used in online attacks, according to Symantec, which issued an alert Monday.

Symantec recommends that Windows users install the MS07-055 update as quickly as possible.

Microsoft took the unusual step of issuing its own security update for Kodak's software, because the image viewer (formerly known as the Wang Image Viewer) had shipped in Windows 2000 systems by default.

Still, many Windows users are not affected by the problem. Windows XP and Windows Server 2003 users should not have the software installed on their PCs, unless they downloaded it directly or upgraded from Windows 2000. Windows Vista users are not affected by the bug.

Also, users would have to open the TIFF file using the Kodak Image Viewer for the attack to work. Because most PCs are set to automatically open TIFFs using some other piece of software, it is unlikely that an attack would succeed.

"Its not a huge deal, though, we don't think," said Marc Maiffret, chief technology officer with eEye Digital Security, via instant message. "You probably have some other program that defaults to open TIFFs like QuickTime or Photoshop."

The sample attack code affects the Korean language version of Windows, but it could be easily modified to affect other versions of the software, Maiffret said.

PDF files used to attack computers: security firm

2007-10-27T20:01:00.000+08:00

Reuters 27/10/2007
Website: http://www.reuters.com

HELSINKI (Reuters) - Emails containing malicious PDF files have been putting computers at risk since Friday, Finnish security software firm F-Secure said on Saturday.

"The emails sent in bulk looked like credit card statements, and contained an attachment called 'report.pdf'," its chief research officer Mikko Hypponen said in a statement.

When such PDF files are viewed on vulnerable machines, they start downloading software from servers in Malaysia or Sweden, which are now being cleaned, he said. "There will be more such attacks."

"We are worried about this case, as PDF attachments are typically not filtered at email gateways."

A security update for Acrobat Reader, which opens PDF files, was made available a few days ago, but many users have not updated the program yet, Hypponen said.

Adobe Patches Critical PDF Vulnerability

2007-10-25T13:07:00.000+08:00

News Factor Network 24/10/2007
Website: http://www.newsfactor.com

Adobe patched its Acrobat and Reader programs on Monday. The fix plugs a hole that exposed Windows XP users to attackers sending PDF files containing malware. According to various reports, exploits are running rampant around the Internet in search of unpatched applications.

"Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system," Adobe said in a security bulletin. "A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities."

Windows XP users who also run Internet Explorer 7 are at risk. Adobe first admitted to the bug about two weeks ago and posted a complex workaround that required users to edit the Windows registry. The flaw was first discovered on September 20 by "pdp" on the Gnucitizen Web site.

Anatomy of the Attack

Attackers are still hoping to find unpatched systems. Security firm iSIGHT Partners discovered new Russian Business Network spam containing a hostile PDF file designed to exploit the flaw. Successful exploitation lets attackers download code from a remote server to the victim's machine.

This code installs two rootkit files that sniff and steal financial and other valuable data from the computer. The files are installed in the Windows directory as 9129837.exe and new_drv.sys.

Noteworthy is the fact that the code and servers used in the attack are nearly identical to September 2006 Vector Markup Language (VML) zero-day attacks. Servers used in the attack have a history of malicious abuse, including VML attacks, animated cursor exploitation, and CoolWebSearch installations, according to iSIGHT Partners.

The Hostile e-mails with a malicious PDF exploit file are circulating with subject lines that read "STATEMET indigene." The e-mail attachments are called "YOUR_BILL.PDF" and "INVOICE.PDF."

"Antivirus detection is extremely poor for the exploit files and payloads involved in this attack, averaging only 26 percent out of 39 updated programs tested during the time of attack," said Ken Dunham, director of global response for iSIGHT Partners and a former director at VeriSign's iDefense.

Symantec Antivirus Protection

In addition, Symantec is reporting that its researchers have their eyes on a Trojan, called Trojan.Pidief.A, that is designed to exploit this PDF vulnerability.

Symantec Security Response's Hon Lau said it is likely that the Trojan has been spammed out in targeted attacks on specific businesses. Symantec is assuring its antivirus customers that those with definition sets of October 23 revision 008 or greater are protected.

"This mass mailing of exploit files may be an attempt to leverage the exposure window between patch release and widespread adoption of the fix," said Symantec in a warning to customers of its DeepSight threat intelligence network.

Security researchers recommend treating PDF documents with extreme caution.

Evil PDF Exploiting Windows-IE Flaw in the Wild

2007-10-24T16:20:00.000+08:00

eWeek 23/10/2007
Website: http://www.eweek.com

A malicious PDF is exploiting a URL-handling flaw in Windows XP and Windows Server 2003 running IE7.

A PDF Trojan horse is spreading malware by exploiting a URL-handling vulnerability in Windows XP and Windows Server 2003 running Internet Explorer 7, Symantec warned customers of its DeepSight Alert Services on Oct. 23.

On Oct. 10, Microsoft released Security Advisory 943521 about this vulnerability and public reports of remote code execution. At the time, it said a patch was in the works.

The vulnerability is caused by insufficient validation of URLs. Attackers can leverage the flaw to execute arbitrary commands via maliciously crated URLs.

Symantec noted in its advisory that the issue was originally disclosed in July but initially received scant attention. In light of new research, public exploits and Microsoft's advisory, Symantec considers the problem to be more severe.

"With the ease of exploitation, the availability of public proof-of-concept code, and further attention that this vulnerability is receiving, we will likely begin to see more exploitation of this issue in the wild," the company, based in Cupertino, Calif., said in its advisory.

Symantec is calling the malware Trojan.Pidief.A. The rigged PDF file is using the "mailto: option" vulnerability to install a Trojan that in turn is downloading a file that the security firm is detecting as "Downloader." That document is delivered as a piece of spam with a file name such as "BILL.pdf" or "INVOICE.pdf."

Upon execution, the malicious code attempt to disable the Windows Firewall with a "netsh firewall set opmode mode=disable" command, and then downloads a remote file via FTP from 81.95.146.130. Symantec says the remote file is "ldr.exe" and is a Downloader Trojan. As of the afternoon of Oct. 23 when Symantec posted its advisory, the host 81.95.146.130 was alive and still serving "ldr.exe" over FTP.

"This server is known for hosting malicious software," Symantec warned.

The DeepSight Threat Analyst Team is advising users to block delivery of PDF files in e-mail. The team is also advising organizations to tell employees not to read or execute PDF files from unknown or untrusted sources.

In addition, Symantec is advising users and companies to block access to the network and IP address involved in this attack, as given above, and to apply the patches outlined in Adobe Advisory APSB07-18 as soon as possible. Adobe released fixes on Oct. 22.

In lieu of providing a timetable for the delivery of a patch, Mark Miller, director of Security Response Communications for Microsoft, headquartered in Redmond, Wash., issued a statement explaining that creating security updates is complicated.

"Once the MSRC knows the extent and the severity of the vulnerability, it works to develop an update for every supported version affected. Once the update is built, it must be tested with the different operating systems and applications it affects, then localized for many markets and languages across the globe. In some instances, multiple vendors are affected by the same or similar issues, which require a coordinated release," Miller said.

Virus Definition Updates 24/10/2007

2007-10-24T16:10:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.15.8.1
Download AVG AVI:269.15.8 .2
Download AVG AVI:269.15.8 .3
Download AVG IAVI:1089
Version: -
Date: 23/10/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 7.00.00.126
Date: 24/10/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000783-1
Date: 22/10/2007

Symantec
Download Norton VDU
Version: 91023p
Date: 23/10/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Spammers turn to MP3s to deliver pitches

2007-10-24T16:01:00.000+08:00

Associated Press 22/10/2007
Website: http://www.ap.org

SAN JOSE, Calif. - Spam is now being served in audio form.

The latest in unwanted electronic communication is an MP3 file that began landing in inboxes around the world last week. It features a spooky, synthesized Darth-Vader-sounding female voice touting the stock of Exit Only Inc., traded on the lower-standard Pink Sheets.

"Hello, this is an investor alert!" the halting, at times unintelligible voice says. Her pitch invokes the growth prospects of Exit Only, a Web site operator that runs Text4Cars.com, which links auto buyers and sellers via text messages.

Computer security researchers say the audio blasts — MP3 files with misleading names attached to spam e-mails — reflect spammers' need to slip their messages through increasingly sophisticated e-mail filters.

The MP3s masquerade as cell phone ringtones or carry names like "bartsimpson.mp3" and "justintimberlake.mp3," said Keith Crosley, director of market development for Proofpoint Inc., which sells e-mail security software and hardware.

Spammer have had to change tactics as the filters have gotten smarter at blocking traditional text-based spam, spam sent as image attachments — such as GIFs or JPEGs — and even the latest rage, spam hidden inside attachments created with Adobe Systems Inc.'s ubiquitous Portable Document Format, or PDF.

Santa Monica, Calif.-based Exit Only said the e-mails are being sent by someone trying to pump up the company's stock before dumping it.

"It's very disheartening," said Exit Only Chief Executive David Dion. "I have enough to do on a daily basis trying to run Text4Cars. I really don't need this."

The company hired investigators to trace the origin of the e-mails, which appear to be coming from "ghost servers" in Russia, Dion said.

"Someone is trying to manipulate my stock for some kind of gain," he said. "What I can say is they have been very unsuccessful so far."

Just $2,500 worth of stock was traded in the two days after the messages appeared, and the stock price remained even, he said.

This new form of spam can be difficult to detect because each one is slightly different from the last, Crosley said.

"This new form of spam shows a new level of sophistication for spammers and the power of the botnets," Crosley said, referring to networks of hijacked computers that are linked together without their owners' knowledge and turned into spam-sending machines.

Avira warns against spam emails with MP3 files

2007-10-20T20:31:00.000+08:00

AVIRA
Website: http://www.avira.com

Tettnang, 19 October 2007 – Computer users are confronted with a new spam method: they become the unwilling recipients of emails with attached audio files. Whoever opens them - they can be played with any Windows Media Player - hears advertising messages in English. The mails do not contain a subject or a text. The MP3 files have many different names that appear to refer, for example, to a well-known pop star or important information. The problem with this spam method is that users do not yet know about it and therefore react without suspicion. Spam filters are generally ineffective, but above all the size of the mass MP3 mails places a heavy strain on mailboxes, especially those of businesses. So called “stock spam” has already spread in other file formats, for instance, in the form of image files (PDF).

AVG Anti-Virus Free is the Most Popular Program on CNET Download.com

2007-10-20T20:28:00.000+08:00

AVG Anti-Virus and Internet Security 19/10/2007
Website: http://www.grisoft.com

AVG Anti-Virus Free and Anti-Virus Pro ranked as number one and number three antivirus programs on download.com

Orlando, F.L. - October 17, 2007 – GRISOFT, the developer of AVG Internet security software, today announced that AVG Anti-Virus Free is the number one downloaded program on all of CNET Download.com. Additionally, AVG Anti-Virus Free is the first most popular and Anti-Virus Pro is the third most popular antivirus based on Editor’s Choice. CNET Download.com is a well-referenced site and is part of CNET Networks, an internationally established online publication and host to technology news and reviews.

AVG security products, for the home and office, are popular among CNET.com reviewers and users alike. AVG Anti-Virus Free holds an editor rating of five out of five, in addition to a user rating of four stars out of five. CNET.com reports that the latest version of AVG Anti-Virus Free, for private, non-commercial use, has earned more than 38 million total downloads, and over 922,600 downloads just last week. AVG Anti-Virus Pro software, GRISOFT’s commercial edition anti-virus, has been downloaded over two million times overall and earned a five of five star editor rating and a user rating of four stars out of five.

“The combination of a 5-star rating from CNET editors and being the most popular download on CNET Download.com emphasizes the value of providing comprehensive security that is not only low on system resources, but most importantly, user-friendly,” explains Rick Carlson, GRISOFT’s managing director of the Americas. “AVG is always designed with the user in mind and we are pleased to see that CNET visitors worldwide appreciate our ongoing efforts to make our software efficient, unobtrusive and easy-to-use.”

Both AVG Anti-Virus Free and Anti-Virus Pro have been engineered to use minimal resources, while still providing strong protection against viruses, worms, Trojans and potentially unwanted programs that infect computers. AVG Pro, a commercial product for home or small business use, provides users more benefits including free 24/7 technical support, multiple operating system compatibility and high-speed downloads, while AVG Free, for personal, single computer use, does not.

In addition to CNET Download.com, GRISOFT offers products through its website and in national leading retailer chains. All commercial versions of AVG products including AVG Anti-Virus Pro, include free updates and 24/7 technical support throughout the two- or one-year license duration. Commercial offerings include AVG Anti-Virus, Anti-Spyware, Anti-Malware and Internet Security.

About GRISOFT

GRISOFT is a leading developer of antivirus, firewall protection and Internet security solutions for consumers and SMEs. It is one of the fastest growing companies in the industry with more than 50 million protected computers around the world.

Established in 1991, GRISOFT employs some of the world’s leading experts in Internet security, specifically in the areas of virus analysis and detection, software development, and security research. GRISOFT’s award-winning products are distributed globally through its 12,000 resellers and the Internet as well as via AVG Anti-Virus Software Developer’s Kit (SDK) to interested partners.

Virus Definition Updates 20/10/2007

2007-10-20T20:15:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.15.3.1
Download AVG AVI:269.15.3 .2
Download AVG AVI:269.15.3 .3
Download AVG IAVI:1081
Version: -
Date: 19/10/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 7.00.00.111
Date: 19/10/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000782-3
Date: 19/10/2007

Symantec
Download Norton VDU
Version: 91019i
Date: 19/10/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Exorcize PC Demons for Free on Halloween

2007-10-20T20:03:00.000+08:00

PC Magazine 19/10/2007
Website: http://www.pcmag.com

Two vendors want to know: "Is your computer possessed? Does it seem like your hard drive's haunted?"

If so, they're offering a day of free technical support to cleanse PCs from evil and help users rid themselves of zombies, botnets, viruses and other malware on Halloween.

CyberDefender, an Internet security company that uses a client-to-client distributed network to scare off spyware, viruses, phishing and dangerous spam, and tech support provider Quatrro will be offering remote scans and remote repairs to any home or office user who calls (877) 377-3765 on Oct. 31.

Storm botnet kits loom. Click here to read more.

According to a release, the free goodies will include anything from repairing malware damage, speeding up system performance or even making sure that competitors' security solutions are working.

Generally, CyberDefender says, tech support calls cost between $50 to $100. The giveaway is to promote a new offering, Premium Tech Support 24/7/365.

CyberDefender recently released Complete and Ultimate security suites that already include free phone and remote support for one year, on top of support for competitors' security solutions.

CyberDefender's support program is powered by Quatrro.

Attackers produce new RealPlayer threat

2007-10-20T19:55:00.000+08:00

ComputerWorld UK 19/10/2007
Website: http://www.computerworlduk.com

Symantec is warning RealPlayer users to be particularly vigilant at the moment.

The compnay's Security Response team uncovered new attack code that affects the RealPlayer 11 beta and RealPlayer 10.5 software on the Windows platform, according to Ben Greenbaum, a senior manager with the group. Symantec has already confirmed that the attack code works on Windows XP Service Pack 1 running Internet Explorer 6. Tests for the more-recent XP service pack 2 and IE 7 browser were ongoing.

For the attack to work, the criminal would have to trick the victim into playing a maliciously encoded web page. The flaw lies in a browser helper object, software that RealPlayer uses to help users who are experiencing technical difficulties.

Once the exploit is run on the victim's machine, the attacker can download and install whatever software he wants, Greenbaum said.

So far, Symantec has just seen the one sample of the attack code, submitted by a customer in the US, but Greenbaum expects it quickly to become more widespread. Symantec has not yet seen the code posted to public hacker forums, he added.

Symantec's products are now protecting its customers from the attack, but other users can protect themselves by disabling JavaScript and ActiveX in their browsers and by being careful about the sites they visit, Greenbaum said.

Greenbaum did not know whether the flaw also exists on Linux and Mac OS versions of RealPlayer, but he said that even if they were vulnerable, the attack code that Symantec has seen would probably need to be rewritten for those platforms.

RealPlayer's maker, RealNetworks, did not immediately respond to requests for comment on this issue.

Comcast blocks some Internet traffic

2007-10-20T19:49:00.001+08:00

Associated Press 19/10/2007
Website: http://www.ap.org

NEW YORK - Comcast Corp. actively interferes with attempts by some of its high-speed Internet subscribers to share files online, a move that runs counter to the tradition of treating all types of Net traffic equally.

The interference, which The Associated Press confirmed through nationwide tests, is the most drastic example yet of data discrimination by a U.S. Internet service provider. It involves company computers masquerading as those of its users.

If widely applied by other ISPs, the technology Comcast is using would be a crippling blow to the BitTorrent, eDonkey and Gnutella file-sharing networks. While these are mainly known as sources of copyright music, software and movies, BitTorrent in particular is emerging as a legitimate tool for quickly disseminating legal content.

The principle of equal treatment of traffic, called "Net Neutrality" by proponents, is not enshrined in law but supported by some regulations. Most of the debate around the issue has centered on tentative plans, now postponed, by large Internet carriers to offer preferential treatment of traffic from certain content providers for a fee.

Comcast's interference, on the other hand, appears to be an aggressive way of managing its network to keep file-sharing traffic from swallowing too much bandwidth and affecting the Internet speeds of other subscribers.

Comcast, the nation's largest cable TV operator and No. 2 Internet provider, would not specifically address the practice, but spokesman Charlie Douglas confirmed that it uses sophisticated methods to keep Net connections running smoothly.

"Comcast does not block access to any applications, including BitTorrent," he said.

Douglas would not specify what the company means by "access" — Comcast subscribers can download BitTorrent files without hindrance. Only uploads of complete files are blocked or delayed by the company, as indicated by AP tests.

But with "peer-to-peer" technology, users exchange files with each other, and one person's upload is another's download. That means Comcast's blocking of certain uploads has repercussions in the global network of file sharers.

Comcast's technology kicks in, though not consistently, when one BitTorrent user attempts to share a complete file with another user.

Each PC gets a message invisible to the user that looks like it comes from the other computer, telling it to stop communicating. But neither message originated from the other computer — it comes from Comcast. If it were a telephone conversation, it would be like the operator breaking into the conversation, telling each talker in the voice of the other: "Sorry, I have to hang up. Good bye."

Matthew Elvey, a Comcast subscriber in the San Francisco area who has noticed BitTorrent uploads being stifled, acknowledged that the company has the right to manage its network, but disapproves of the method, saying it appears to be deceptive.

"There's the wrong way of going about that and the right way," said Elvey, who is a computer consultant.

Comcast's interference affects all types of content, meaning that, for instance, an independent movie producer who wanted to distribute his work using BitTorrent and his Comcast connection could find that difficult or impossible — as would someone pirating music.

Internet service providers have long complained about the vast amounts of traffic generated by a small number of subscribers who are avid users of file-sharing programs. Peer-to-peer applications account for between 50 percent and 90 percent of overall Internet traffic, according to a survey this year by ipoque GmbH, a German vendor of traffic-management equipment.

"We have a responsibility to manage our network to ensure all our customers have the best broadband experience possible," Douglas said. "This means we use the latest technologies to manage our network to provide a quality experience for all Comcast subscribers."

The practice of managing the flow of Internet data is known as "traffic shaping," and is already widespread among Internet service providers. It usually involves slowing down some forms of traffic, like file-sharing, while giving others priority. Other ISPs have attempted to block some file-sharing application by so-called "port filtering," but that method is easily circumvented and now largely ineffective.

Comcast's approach to traffic shaping is different because of the drastic effect it has on one type of traffic — in some cases blocking it rather than slowing it down — and the method used, which is difficult to circumvent and involves the company falsifying network traffic.

The "Net Neutrality" debate erupted in 2005, when AT&T Inc. suggested it would like to charge some Web companies more for preferential treatment of their traffic. Consumer advocates and Web heavyweights like Google Inc. and Amazon Inc. cried foul, saying it's a bedrock principle of the Internet that all traffic be treated equally.

To get its acquisition of BellSouth Corp. approved by the Federal Communications Commission, AT&T agreed in late 2006 not to implement such plans or prioritize traffic based on its origin for two and a half years. However, it did not make any commitments not to prioritize traffic based on its type, which is what Comcast is doing.

The FCC's stance on traffic shaping is not clear. A 2005 policy statement says that "consumers are entitled to run applications and services of their choice," but that principle is "subject to reasonable network management." Spokeswoman Mary Diamond would not elaborate.

Free Press, a Washington-based public interest group that advocates Net Neutrality, opposes the kind of filtering applied by Comcast.

"We don't believe that any Internet provider should be able to discriminate, block or impair their consumers' ability to send or receive legal content over the Internet," said Free Press spokeswoman Jen Howard.

Paul "Tony" Watson, a network security engineer at Google Inc. who has previously studied ways hackers could disrupt Internet traffic in a manner similar to the method Comcast is using, said the cable company was probably acting within its legal rights.

"It's their network and they can do what they want," said Watson. "My concern is the precedent. In the past, when people got an ISP connection, they were getting a connection to the Internet. The only determination was price and bandwidth. Now they're going to have to make much more complicated decisions such as price, bandwidth, and what services I can get over the Internet."

Several companies have sprung up that rely on peer-to-peer technology, including BitTorrent Inc., founded by the creator of the BitTorrent software (which exists in several versions freely distributed by different groups and companies).

Ashwin Navin, the company's president and co-founder, confirmed that it has noticed interference from Comcast, in addition to some Canadian Internet service providers.

"They're using sophisticated technology to degrade service, which probably costs them a lot of money. It would be better to see them use that money to improve service," Navin said, noting that BitTorrent and other peer-to-peer applications are a major reason consumers sign up for broadband.

BitTorrent Inc. announced Oct. 9 that it was teaming up with online video companies to use its technology to distribute legal content.

Other companies that rely on peer-to-peer technology, and could be affected if Comcast decides to expand the range of applications it filters, include Internet TV service Joost, eBay Inc.'s Skype video-conferencing program and movie download appliance Vudu. There is no sign that Comcast is hampering those services.

Comcast subscriber Robb Topolski, a former software quality engineer at Intel Corp., started noticing the interference when trying to upload with file-sharing programs Gnutella and eDonkey early this year.

In August, Topolski began to see reports on Internet forum DSLreports.com from other Comcast users with the same problem. He now believes that his home town of Hillsboro, Ore., was a test market for the technology that was later widely applied in other Comcast service areas.

Topolski agrees that Comcast has a right to manage its network and slow down traffic that affects other subscribers, but disapproves of their method.

"By Comcast not acknowledging that they do this at all, there's no way to report any problems with it," Topolski said.

___

Associated Press Writers Ron Harris, Brian Bergstein, Deborah Yao and Kathy Matheson contributed to this story.

___

On the Net:

http://www.comcast.com

http://www.bittorrent.com

http://www.sandvine.com

Virus Definition Updates 8/10/2007

2007-10-09T13:27:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.14.5.1
Download AVG AVI:269.14.5.2
Download AVG AVI:269.14.5.3
Download AVG IAVI:1058
Version: -
Date: 8/10/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 7.00.00.63
Date: 8/10/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000779-0
Date: 8/10/2007

Symantec
Download Norton VDU
Version: 91008p
Date: 8/10/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Microsoft offers Internet Explorer 7 to pirates

2007-10-09T10:38:00.000+08:00

ComputerWorld UK 9/10/2007
Website: http://www.computerworlduk.com

Users running pirated or counterfeit copies of Windows XP or Windows Server 2003 can now download Internet Explorer 7, Microsoft has announced.

From the moment it released the program almost a year ago, Microsoft has restricted the browser to users who can prove they own a legitimate copy of the operating system. Before Microsoft allows the browser to download, it runs the user's PC through a Windows Genuine Advantage (WGA) validation test, a prime part of XP's antipiracy software.

When it instituted the requirement in 2006, Microsoft said rights to IE7 were one of the rewards for being legal. But it has now changed its mind, saying the move is in users' best interest.

"Because Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, we're updating the IE7 installation experience to make it available as broadly as possible to all Windows users," said Steve Reynolds, an IE program manager in a posting to a Microsoft company blog.

Microsoft has consistently touted IE7 as a more secure browser, and post-launch patch counts back that up. In the past 11 months, IE6 for Windows XP SP2 has been patched for 22 vulnerabilities, 20 of them rated critical. IE7 for XP SP2, however, has been patched only 13 times and 10 of those fixes were ranked critical.

In fact, when Microsoft announced that IE7 would not be offered to users running illegal copies of XP, some analysts questioned the company's commitment to security.

This is the first time that Microsoft has removed a WGA check for a major product. Among those that still require validation are Windows Defender, the company's antispyware software, and Windows Media Player 11.

Several people who left comments on Reynold's post wondered if there was more to the decision than meets the eye. "I am guessing that this is in reaction to Firefox's growing market share," said someone identified as Dileepa. "I am not surprised at this at all."

Mozilla’s Firefox has gained some ground on Internet Explorer since IE7's launch. According to Net Applications, a web metrics company, Firefox's share is up by about two percentage points since October 2006, while IE's total slipped by more than three points.

IE7's uptake was dramatic late last year, when it went from about a 3% share in October to 18% in December, but growth has slowed. Since April, for instance, it has increased its share by four percentage points, almost all of it at the expense of the older IE6.

Users can download IE7 from Microsoft's site immediately or wait for it to appear in Windows Update as a high priority item. It will take several months for Windows Update to roll out IE7 to all XP customers.

Spam and the Housing Bust

2007-10-09T10:35:00.000+08:00

PCMagazine 9/10/2007
Website: http://www.pcmag.com

If nothing else, spammers are good at following the news.

Symantec's October State of Spam report found spammers were using homeowners' concerns about the real estate market as part of recent spam campaigns. The idea, researchers said, was to steal victims' personal information by tricking them into believing they were being evaluated for an equity loan, refinancing or a house.

Such efforts were part of the reason spam rose to account for 70 percent of all e-mail traffic in September, according to experts at Symantec, based in Cupertino, Calif. Though that amount represents an increase of about only 1 percent from August, the spam landscape continues to undergo noticeable change.

For example, image spam, once a regular visitor to e-mail inboxes around the world, has continued to fall out of favor with spammers, dropping from 10 percent of all spam in August to 7 percent in September, according to the report.

What would it take to stop spam? Click here to read more.

"This is really driven by economics, and spammers are in this to make money," said Doug Bowers, senior director of messaging security for Symantec. "The life span of spam attacks generally correlates to how much effort is required by spammers to circumvent anti-spam filters. At the end of the day, the aim of spammers is to peddle their wares and they will explore any and all avenues, including text-based spam, to realize this goal."

At its peak in January 2007, image spam accounted for nearly 52 percent of all spam, according to estimates from Symantec. It soon began dropping, to 37 percent in March, 27 percent in April and 16 percent in May. However, in its place, new attacks began emerging—text and HTML-based attacks are picking up the slack, the report said.

"In June and July, Symantec saw PDF spam make a splash. Spammers also began testing other types of attachment spam, such as excel and .zip files," he said. "At its peak, Symantec estimated that PDF spam accounted for nearly 20 percent of all spam. But by the end of August, a dramatic decline of PDF spam was recorded, [so that PDF spam was] accounting for less than 1 percent of all spam."

The United States remains the primary region of origin for the world's spam. According to Symantec's recently released ISTR (Internet Security Threat Report), the United States has the highest number of bot command-and-control servers, accounting for 43 percent of the worldwide total.

This is largely the result of the United States' Internet and technology infrastructure, Bowers said, noting that as of June 2006, more than 58 million broadband Internet users were located in the United States—the highest number in the world.

"As we enter the last months of 2007, it is interesting to reflect on the spam attacks that have passed, but it's a good reminder that we must remain vigilant against spam attacks that are currently in the cooking pot as well," he said.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.

Security researchers look beyond Vista

2007-10-04T11:48:00.000+08:00

from ComputerWorld UK 4/10/2007
Website: http://www.computerworlduk.com

The improved security in Microsoft's newest software products may leave some security researchers looking elsewhere for work.

That was the message that some security professionals took away from BlueHat, an event last week on Microsoft's campus that allows security researchers to mingle with Microsoft developers.

"One of the messages we got was to look in the future for [our products] to not be so successful," said Pedram Amini, manager of security research at 3Com Corp.'s Tipping Point division. That's because Microsoft is applying a lot of the technologies used by security researchers in house, making the third-party techniques not as effective, he said.

For example, he said that Microsoft Office has been susceptible to fault by fuzzing, an automated technique for finding software faults when access to the code isn't available. But Microsoft has recently put more effort into using fuzzing itself, so now third-party fuzzing technologies are unlikely to be as necessary for Office 2007.

One well-known researcher who goes by the name Halvar Flake called Vista "arguably the most secure closed-source OS available on the market," in a blog post about BlueHat. "As a result I think that most of the security researchers will move on to greener pastures for a while. Why try to chase a difficult overflow out of Vista when you have Acrobat Reader installed, some antivirus software with shoddy file parsing, and the latest iTunes?"

But the security researchers don't expect to have time on their hands just because Vista and Office 2007 are more secure than their predecessors. "It's not like our industry is done now," said Dan Kaminksy, director of penetration testing services for IOActive. He pointed to weaknesses in Web-based services and technologies like virtualisation.

Others agreed. "There's always something that can be improved on," Amini said. Some researcher will come up with a new approach to bug hunting or they'll focus on different technologies, he said.

While the advent of the first BlueHat event in 2005 marked a shift at Microsoft to become more open to the security research community, this BlueHat, only the second since the release of Vista, reflected another shift, Kaminsky said.

He has seen a change in Microsoft toward considering security as an engineering problem. "If you look at security as an engineering problem, then the message from the security researchers stops being 'you bad horrible people, you write bad code,' and starts becoming 'here are changes in the engineering landscape that you need to be aware of,'" he said.

That attitude change was apparent at the conference last week, he said. At some earlier BlueHat's, there was some antagonism among the researchers and Microsoft employees. Kaminsky remembers a presentation at the first event that took Microsoft to task for learning about certain bugs in one piece of software and then failing to prevent the same bugs in different applications. He didn't see those types of presentations this time.

Neither did Amini. "Everyone appreciated what everyone else is doing," he said.

BlueHat typically happens twice a year and Microsoft does not allow members of the press to attend.

Malicious code infects Chinese security site

2007-10-04T11:40:00.000+08:00

from InfoWorld 3/10/2007
Website: http://www.infoworld.com

San Francisco (IDGNS) - The Web site of one of China's Internet security organizations has been laced with malicious code.

At least three pages on the Chinese Internet Security Response Team's (CISRT) Web site are rigged with a malicious "iframe," a hidden window on a Web page that can allow code such as JavaScript to run on a visitor's PC, according to Trend Micro's malware blog.

CISRT said the attack takes advantage of vulnerabilities associated with an ActiveX control in the BaoFeng Storm multimedia player. The iframe loads scripts that download more malicious code to a victim's machine, Trend Micro said. One of the downloaders is named "sms.exe."

CISRT apologized for the problems on its blog. "We are very sorry that when sometimes visiting our ... pages, malicious codes are inserted," it said.

How the code appears on CISRT's Web site was unclear. CISRT said it may be an Address Resolution Protocol attack, where data sent from a server to a PC can be manipulated or tainted.

Curiously, the attack appears to affect visitors to the site only intermittently, according to the security company Sûnnet Beskerming.

"This is actually quite an interesting method that will extend the useful life of a hack by making it harder to isolate and investigate," the company said in its blog. "With intermittent attacks on visitors, it also means that investigators need to look at all of the intermediate connections between site visitors and the Web site."

China has been accused by the West of state-sponsored hacking, although government officials have denied it and said they also have been under attack. Security analysts have warned of China's highly skilled hacking community.

Malware is Getting Sneakier

2007-10-04T11:12:00.000+08:00

from PCWorld 3/10/2007
Website: http://www.pcworld.com

It's getting harder and harder to know who to trust on the World Wide Web, according to online safety advocates StopBadware.org.

On Tuesday, the group released its 2007 Trends in Badware report, saying the bad guys are finding new ways to place their malicious software on our computers-- often by compromising Web sites that we trust.

With the help of one of its sponsor companies, Google Inc., StopBadware maintains a list of 200,000 Web sites that are known to be associated with malicious downloads. According to Max Weinstein, a project manager with StopBadware, more than half of these sites have been hacked and don't even realize it.

In fact, this move to delivering malicious software on legitimate sites has been a disturbing trend over the past year, he said.

"It used to be that the advice to the end-user was 'keep your software up to date and then don't go to bad Web sites,'" he said. "You still don't want to go to those sites, but what we seen now is that you can be on a very legitimate site and have a problem."

Web surfers know that visiting gambling or pornographic sites could harm their computers, but lately attack code can be downloaded from almost anywhere.

In January, for example, the Web sites of Dolphin Stadium and the Miami Dolphins, hosts to the 2007 Super Bowl U.S. football championship, were found to have been hacked and were serving up malicious software, just days before the Super Bowl.

And the bad guys are even sneakier than you might imagine. In June and July, Web sites that had been linked on the popular Boing Boing blog were compromised, a tactic called 'linkjacking.'

Weinstein says criminals don't necessarily have to hack a site to have it serve up malicious software. Part of the problem is in the Web 2.0 world, where sites are built up of many different components pulled from different parts of the Web, it's becoming easier to sneak badware onto a legitimate site.

StopBadware has seen this happening with Web advertising networks, which can easily be subverted by attackers to serve up maliciously encoded scripts and images, he said. "What we're seeing is a lot of cases where a legitimate Web site has an ad network, and that ad network itself, or sometimes even a subcontractor of that ad network, contains an ad that is providing badware."

"It's certainly something we are seeing in increasing numbers, probably in the past several months," Weinstein said.

eBay Inc. is looking into ways of curbing a similar problem. The online auction giant allows users to put their own images and HTML code on its site, but sometimes this leads to "bad code," said eBay Chief Information and Security Officer Dave Cullinane, speaking at an online security symposium held Tuesday at Santa Clara University. The company is looking at including security ratings for users as part of its reputation system to help prevent novice users from accidentally putting malicious or unwanted code on the site. "One of the things we are looking at bundling in is your level of security. As a user goes up, we'll allow you to do more things."

Under the proposed system, eBay power sellers with good security ratings would be given more free rein on the types of features they could add to their stores, Cullinane said.

Another growing source of concern is social networking.

Users should also be wary of fake accounts set up on legitimate social networking sites, which are often designed with one thing in mind: to lure unsuspecting users to malicious Web sites, Weinstein said.

So with all this badware, is the Internet a more dangerous place to be?

It's a tough question, Weinstein says, but he believes things are getting better, largely because people are getting smarter about what they do online. "I think the bad guys are always trying to stay a step ahead of the average users," he said. However, "people are learning, and I think that is having an effect."

"I'd like to think that our effort, and other efforts like ours, are actually making a substantial difference."

Virus Definition Updates 30/9/2007

2007-09-30T22:32:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.13.35.1
Download AVG AVI:269.13.35.2
Download AVG AVI:269.13.35.3
Download AVG IAVI:1039
Version: -
Date: 29/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 7.00.00.33
Date: 28/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000777-1
Date: 26/9/2007

Symantec
Download Norton VDU
Version: 90929g
Date: 29/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

UK PCs Have Least Malware

2007-09-29T22:24:00.000+08:00

from PCWorld 29/9/2007
Website: http://www.pcworld.com

An online malware measuring tool has unexpectedly rated U.K. PCs as having the lowest level of infection in Europe.

The Nanoscan tool, which can be downloaded as a plug-in from the site of owner Panda Software, put the U.K. in bottom spot last week, with only 8.1 percent of those scanned showing active malware. By a separate measure, that of 'latent' or inactive malware, however, the U.K. fared less well, reaching 20.7 percent.

Top of the infection list for active malware was France (28.2 percent), Mexico (23.1 percent), Brazil (18 percent), the U.S. (17.8 percent), and Argentina (17.4 percent).

The figures appear to show very high levels of infection, but the results only rate those who visited the site and asked to be scanned. These individuals would be expected to show a bias towards having infected PCs. The company has created its own global malware map from the data, which is collected from thousands of mostly consumer PCs every 15 minutes.

Interestingly, almost 8 percent of those scanned and who showed active threats also had anti-virus software installed, which appears to support the company's controversial view that conventional signature-based malware detection is no longer enough to protect PCs.

"These figures prove that it must be complemented with online tools such as Nanoscan and Totalscan, which are capable of detecting more malicious codes than the solutions installed on users' computers" said Luis Corrons of Panda Software.

Nobody knows for sure how many PCs are infected with malware at any one time, though last year Microsoft came up with the more optimistic figure of one in 300 Windows PCs in its own research.

Critics might point out that, flawed though anti-virus systems might be, they are no worse than online scanning tools, which are often promoted as marketing tools for paid-for products. This is the case with Nanoscan. Anyone passing the malware test with Nanoscan is invited to try the more advanced but paid-for Totalscan software.

McAfee: Most Consumers Overestimate PC Safety

2007-09-29T13:50:00.000+08:00

from PCWorld 28/9/2007
Website: http://www.pcworld.com

It's self-serving, but a new study by McAfee Inc. and the National Cyber Security Alliance has found that 78 percent of consumer PCs in the U.S. are not protected (defined as having up-to-date AV, spyware and a properly configured firewall).

What's interesting, though is how many people think they are protected: 93 percent according the survey, which is set to be released Monday.

"There's... a troubling perception among the vast majority of consumers that they're well protected. And they're not. " McAfee says. Translation: buy more of our products. :-)

Maybe on Monday we'll learn then what percentage of the people who are not protected *think* they're safe.

By the way, the percentage of protected computers hasn't improved much over the past two years. In 2005, the study found that 81 percent of PCs were not protected.

These are big numbers and the fact that not a lot more people are becoming protected seems to show that consumers feel they're doing all they can to be safe.

Virus Definition Updates 27/9/2007

2007-09-27T23:42:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.13.32.1
Download AVG AVI:269.13.32.2
Download AVG AVI:269.13.32.3
Download AVG IAVI:1033
Version: -
Date: 26/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 7.00.00.26
Date: 27/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000777-1
Date: 26/9/2007

Symantec
Download Norton VDU
Version: 90926u
Date: 26/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Gmail accounts threatened by vulnerability

2007-09-27T23:39:00.000+08:00

from ComputerWorld UK 25/9/2007
Website: http://www.computerworlduk.com

Google's Gmail can be easily hacked, allowing any past and future emails to read by hackers, according to a vulnerability researcher.

A "cross-site request forgery" (CSRF) bug was disclosed by Petko Petkov, a UK-based web vulnerability tester who has made a name for himself of late. In the past two weeks, Petkov has publicly posted information about critical, zero-day bugs in Apple's QuickTime, Microsoft's Windows Media Player and Adobe's Portable Document Format (PDF).

According to Petkov, who declined to release details about the vulnerability, attackers can use Gmail's filtering feature to exploit the bug. An attack, he said, would start with a victim visiting a malicious website while also still logged into his Gmail account. The malicious site would then perform what Petkov called a "multi-part/form-date POST" - an HTML command that can be used to upload files - to one of the Gmail application programming interfaces, then inject a rogue filter into the user's filter list.

Petkov posted a series of screenshots on the Gnucitizen.org site that illustrated one possible attack. "In the example, the attacker writes a filter, which simply looks for emails with attachments and forwards them to an email of their choice," Petkov said. "This filter will automatically transfer all emails matching the rule.

"Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google," he added.

Google did not immediately reply to questions about whether it had confirmed the vulnerability, and if so, when it would patch the problem.

As he did last week when he disclosed a major bug in Adobe's pervasive PDF file format, Petkov again defended his decision to post information about the Gmail flaw without first reporting the vulnerability to Google. The reasoning, however, was oblique: "Let's say that it is just one of my social experiments."

Jeremy Grossman, the chief technology officer at WhiteHat Security, said that the Gmail flaw is "especially scary." In an entry to his blog, Grossman wrote: "Webmail accounts are in many ways more valuable than a banking account because they maintain access to many other online accounts (blog, banking, shopping, etc.). [Attacks exploiting this vulnerability would be] simple, silent and extremely clever."

Petkov added his own two cents on the bug's implications. "In an age where all the data is in the cloud, it makes no sense for the attackers to go after your box," he said. "It is a lot simpler to install one of these persistent backdoor/spyware filters. Game over! They don't own your box, but they have you, which is a lot better."

US video shows simulated hacker attack

2007-09-27T23:34:00.000+08:00

from Associated Press 27/9/2007
Website: http://www.ap.org

WASHINGTON - A government video shows the potential destruction caused by hackers seizing control of a crucial part of the U.S. electrical grid: an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down.

The video, produced for the Homeland Security Department and obtained by The Associated Press on Wednesday, was marked "Official Use Only." It shows commands quietly triggered by simulated hackers having such a violent reaction that the enormous turbine shudders as pieces fly apart and it belches black-and-white smoke.

The video was produced for top U.S. policy makers by the Idaho National Laboratory, which has studied the little-understood risks to the specialized electronic equipment that operates power, water and chemical plants. Vice President Dick Cheney is among those who have watched the video, said one U.S. official, speaking on condition of anonymity because this official was not authorized to publicly discuss such high-level briefings.

"They've taken a theoretical attack and they've shown in a very demonstrable way the impact you can have using cyber means and cyber techniques against this type of infrastructure," said Amit Yoran, former U.S. cybersecurity chief for the Bush administration. Yoran is chief executive for NetWitness Corp., which sells sophisticated network monitoring software.

"It's so graphic," Yoran said. "Talking about bits and bytes doesn't have the same impact as seeing something catch fire."

The electrical attack never actually happened. The recorded demonstration, called the "Aurora Generator Test," was conducted in March by government researchers investigating a dangerous vulnerability in computers at U.S. utility companies known as supervisory control and data acquisition systems. The programming flaw was quietly fixed, and equipment-makers urged utilities to take protective measures.

There was no evidence any U.S. utility company suffered damage from hackers or terrorists using this technique, U.S. officials said. But these officials cautioned that affected systems are not routinely monitored as closely as many modern corporate computer networks, so there would be little forensic evidence to study after such a break-in.

Industry experts cautioned that intruders would need specialized knowledge to carry out such attacks, including the ability to turn off warning systems.

"The video is not a realistic representation of how the power system would operate," said Stan Johnson, a manager at the North American Electric Reliability Corp., the Princeton, N.J.-based organization charged with overseeing the power grid.

A top Homeland Security Department official, Robert Jamison, said companies are working to limit such attacks.

"Is this something we should be concerned about? Yes," said Jamison, who oversees the department's cybersecurity division. "But we've taken a lot of risk off the table."

President Bush's top telecommunications advisers concluded years ago that an organization such as a foreign intelligence service or a well-funded terror group "could conduct a structured attack on the electric power grid electronically, with a high degree of anonymity, and without having to set foot in the target nation." Ominously, the Idaho National Laboratory — which produced the new video — has described the risk as "the invisible threat."

Experts said the affected systems were not developed with security in mind.

"What keeps your lights on are some very, very old technology," said Joe Weiss, a security expert who has testified before Congress about such threats. "If you can get access to these systems, you can conceptually cause them to do whatever it is you want them to do."

The Homeland Security Department has been working with industries, especially electrical and nuclear companies, to enhance security measures. The electric industry is still working on their internal assessments and plans, but the nuclear sector has implemented its security measures at all its plants, the government said.

In July the Federal Energy Regulatory Commission proposed a set of standards to help protect the country's bulk electric power supply system from cyber attacks. These standards would require certain users, owners and operators of power grids to establish plans and controls.

Symantec backtracks on Internet meltdown warning

2007-09-25T23:27:00.000+08:00

from ComputerWorld UK 25/9/2007
Website: http://www.computerworlduk.com

Symantec's early-warning system gave its enterprise customers a brief scare last Friday (21 September) when it erroneously sent an alert that said an Internet-crippling attack was in progress.

The message, which went out to users of Symantec's DeepSight advanced alert system around 8:40 pm US Eastern time, had a subject head that simply read: "DeepSight Increased ThreatCon from 1 to 4 Alert."

ThreatCon uses a 1-4 scoring system, with 1 being the least alarming threat level and 4 the most dire, to indicate Symantec's take on the current state of Internet security.

According to the company's own definition, Level 4 is regarded as a "Full alert" and is reserved for those times when "extreme global network incident activity is in progress." The definition goes on to say that "implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure."

Symantec has never set ThreatCon to Level 4. In fact, even a Level 3 is rare. One of the last times the security company issued a Level 3 alert was in May 2004, when the Sasser worm was on the rampage.

In the body of the e-mailed alert, however, careful readers found the words "Summary: threatcon test threatkhanh otrs" buried among several links.

The alert was a false alarm, and Symantec sent out a correction just over an hour later.

Virus Definition Updates 25/9/2007

2007-09-25T22:56:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.13.30.1
Download AVG AVI:269.13.30.2
Download AVG AVI:269.13.30.3
Download AVG IAVI:1030
Version: -
Date: 23/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 7.00.00.13
Date: 25/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000776-1
Date: 24/9/2007

Symantec
Download Norton VDU
Version: 90924s
Date: 24/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Virus Definition Updates 22/9/2007

2007-09-22T20:58:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.13.28.1
Download AVG AVI:269.13.28.2
Download AVG AVI:269.13.28.3
Download AVG IAVI:1021
Version: -
Date: 21/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.164
Date: 21/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000775-6
Date: 22/9/2007

Symantec
Download Norton VDU
Version: 90921s
Date: 21/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

PluggedIn: Hackers control PCs while users unaware

2007-09-21T10:54:00.000+08:00

from Reuters 21/9/2007
Website: http://www.reuters.com

BOSTON (Reuters) - A few weeks ago Candace Locklear's office computer quietly started sending out dozens of instant messages with photos attached that were infected with malicious software.

She was sitting at her desk, with no sign that the messaging software was active. By the time she figured out what was going on, several friends and colleagues had opened the attachments and infected their computers.

It took eight hours for a technician to clean up her computer. But because the malicious software worked so secretly, she's still not convinced that all's clear.

"I'd like to think that it's gone. But I just don't know," said Locklear, 40, a publicist in San Francisco. "That's what is so frustrating."

Computer security experts estimate that tens of millions of personal computers are infected with malicious software like the one that attacked Locklear's machine. Such programs, generally classified as malware, attack companies along with consumers.

Some are keyloggers, recording every key stroke that the user enters -- sending valuable bank account information, passwords and credit card numbers to hackers.

In July, hackers used keylogging software to gather passwords to databases at the U.S. Department of Transportation, consulting firm Booz Allen, Hewlett-Packard Co and satellite network company Hughes Network Systems, according to British Internet security software maker Prevx Inc.

And other malware programs turn PCs into "zombies," literally giving hackers full control over the machine. The zombies can be instructed to act as servers, sending out tens of thousands of spam emails promoting counterfeit medications, luxury watches or penny stocks without the PC owner ever knowing about it.

The computer that controls the zombies -- known as the command and control center -- is able to change the text of the spam depending on what his or her customer wants to sell.

Monster Worldwide Inc said last month that confidential contact information of millions of its job seekers was stolen by criminals who used zombies. Contact data for 146,000 job seekers using the official U.S. government jobs Web site was also taken.

Monster said it would beef up its security, but even with enhanced protection there are no guarantees.

Security experts say that while companies and consumers need to be vigilant to protect themselves against Internet-borne threats, determined criminals are hard to beat.

"I hate to scare people, but there is never 100 percent (security)," says Gadi Evron, a researcher with Internet security firm Beyond Security. "If you want to know for sure, never do anything with your computer and never connect to the Internet."

Evron has organized conferences between government and industry researchers to fight hackers who set up botnets, or networks of millions of zombies. He said the picture painted by some presenters was depressing.

"The problems are not getting solved. They are getting worse," he said. "The bad guys are making a lot of money."

Still, he and other security experts recommend that PC users take basic precautions, including installing up-to-date security software, keeping current with updates that software providers distribute over the Web, and backing up files.

There's a wide range of PC security software available, including ones that were recently updated or about to be introduced by BiDefender, CA Inc, Check Point's Zone Alarm, F-Secure Corp, Kaspersky Labs, McAfee Inc, Microsoft Corp, Prevx Corp, Symantec Corp's Norton Security and Trend Micro Inc.

More important than security software, users need to monitor their own behavior. The bulk of malware is installed on computers by users who either click on a Web link or on a file that is attached to an email or instant message.

PC users can greatly reduce the risk of infection by only visiting familiar Web sites and avoiding unknown attachments.

"You won't know you are infected until one day your ISP turns you off or restricts access or money starts disappearing from your bank account," said Adam O'Donnell, a senior research scientist with Cloudmark, which sells anti-spam software.

CleanUp! Home

2007-09-21T10:31:00.000+08:00

Introducing Windows CleanUp!, the quickest and easiest way to delete temporary files from your system.

CleanUp! is a powerful and easy-to-use application that removes temporary files created while surfing the web, empties the Recycle Bin, deletes files from your temporary folders and more.

CleanUp! frees disk space and reduces the "clutter" on your computer helping it to run more efficiently. It also can be used as a way to protect your privacy on the Internet. You can even instruct CleanUp! to securely delete files making it impossible to retrieve their contents using lower-level disk tools - just another way of protecting your privacy.

No gimmicks here, CleanUp! is so easy to set up and use that you'll have a lean, clean, mean machine in minutes.

Developer: Steven Gould

Website: http://www.stevengould.org

Download it HERE!

Virus Definition Updates 20/9/2007

2007-09-20T13:25:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.13.25.1
Download AVG AVI:269.13.25.2
Download AVG AVI:269.13.25.3
Download AVG IAVI:1018
Version: -
Date: 19/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.154
Date: 19/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000775-3
Date: 19/9/2007

Symantec
Download Norton VDU
Version: 90919ak
Date: 19/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Not all Malware is Equally Evil, Researchers Say

2007-09-20T13:22:00.000+08:00

from PC World 19/9/2007
Website: http://www.pcworld.com

Two senior security veterans from Trend Micro Inc. are trying to get the industry to change how it classifies malicious software.

They argue that today's classification system, which tends to focus on the technical way the software works, neglects a far more important metric that matters more to users: how it tries to steal your money.

"This is my pet bugaboo-- the unclear language," said David Perry, global director for education at Trend. "I come from 26 years of technical support, and it irks me that we protect people against things and they don't know what we're protecting them against."

Perry and Anthony Arrott will present their paper, "New approaches to categorizing economically-motivated digital threats," on Friday at a security conference in Vienna.

Take the term "virus." The proper definition of virus is a piece of software that replicates or makes copies of itself and attaches itself to other pieces of software.

But for nonsecurity professionals, it's "taken to mean the universal indication that there is something wrong with their computer, no matter what the cause," Perry said. Toss in relatively newer terms such as "Trojan horse," "dialer" and "adware" and the situation becomes a mix of confusing vocabulary.

Perry and Arrott stop short of proposing a new taxonomy. However, they do detail some parameters that should be considered when building a new framework to categorize Web threats.

Although malware categorization systems exist, a new one is necessary because of the focus on economic crime. The "business" models behind the malware are far easier to define than the infinite technical variations that the malware can take, they write.

Malware can then be classified into fewer, overlapping categories would help deflect "the endless efforts to determine the exact definitions of the boundaries between categories," Perry said.

The new groupings would ideally take into account how a threat is installed, its economic purpose, how it exploits a host computer as well as how it hides itself from detection, the paper said.

Another new metric that could be considered is the persistence of threats, since it may more accurately frame the scope of an ongoing fraud. The antivirus industry has tended to focus on "top 10" lists, which indicate the most frequent recent threats but not the most successful attacks over time, the paper said.

Trend Micro researched over time fraudulent antispyware programs that were most persistent on computers. This research indicated the diversity and depth of fraudulent programs such as Winfixer or the Zlob Trojan, which purport to fix security problems but install advertising software instead.

"Rogue antispyware is just on example of economically-motivated threats where chronic persistence is more significant than acute outbreaks," the authors wrote.

Perry is hoping for fruitful discussions on taxonomy, although he said the security industry is notoriously fractured and not exactly known for working well together. "There are no grown-ups in this industry," he said.

Ultimately, Perry believes the proposal is "a bid toward accuracy and to deconflict the issues that face us as an industry."

Hacker finally publishes notorious Apple Wi-Fi attack

2007-09-19T10:13:00.000+08:00

from InfoWorld 19/9/2007
Website: http://www.infoworld.com

San Francisco (IDGNS) - More than a year after claiming to have found a way to take over a Macintosh computer using a flaw in the system's wireless card, David Maynor has published details of his exploit.

The details were included in a paper published in the September issue of Uninformed.org, an online hacking magazine. The lengthy paper describes how to run unauthorized software on a Macintosh by taking advantage of a flaw in Apple's AirPort wireless drivers.

Apple patched the bug in September 21 without crediting Maynor for discovering the problem. Instead, Apple's engineers found the bug during an internal audit, the company said.

Maynor and researcher Jon Ellch first described this type of problem during an August 2006 presentation at the Black Hat security conference in Las Vegas. He was widely criticized by the Apple community for failing to back up his claims with technical details and for presenting a video demonstration that used a third-party wireless card instead of the one that ships with the Mac.

On Tuesday, Maynor said that at the time of the Black Hat demonstration, he had found similar wireless bugs in a number of wireless cards, including Apple's AirPort and that he had been told to use the third-party card in the video because it was deemed "the least offensive to people."

So why publish the Mac hack now?

Maynor said that he had been under a nondisclosure agreement, which had previously prevented him from publishing details of the hack. The security researcher wouldn't say who his NDA was with, but that agreement is no longer in force, allowing him to talk about the exploit. "I published it now because I can publish it now," he said.

By going public with the information, Maynor hopes to help other Apple researchers with new documentation on things like Wi-Fi debugging and the Mac OS X kernel core dumping facility. "There's a lot of interesting information in the paper that, if you're doing vulnerability research on Apple, you'd find useful."

Maynor will soon publish a second paper on Uniformed.org explaining how to write software that will run on a compromised system, he said.

As for his detractors, who will say that this disclosure comes too late, Maynor says he just doesn't care what they think. "Let them tear me apart all they want but at the end of the day the technical merit of the paper will stand on its own."

Infrastructure threats: Botnets show DoS who's boss

2007-09-19T10:09:00.000+08:00

from InfoWorld 19/9/2007
Website: http://www.infoworld.com

San Francisco (InfoWorld) - Malware-infected botnet PCs have overtaken DoS attacks as the top security issue facing Internet service providers and other Web infrastructure hosting players, according to a new survey of the organizations.

Arbor Networks published the results of its third-annual Infrastructure Security Report on Monday -- a survey of 75 large ISPs, hosting companies, and other providers -- which found for the first time that botnets currently outrank DoS threats as the most serious concern for the firms.

Tens of millions of PCs are likely infected with botnet programs worldwide, according to survey results, and Arbor researchers said the ISPs they questioned admitted to spending more time and resources battling botnets than ever before.

Infrastructure providers are finding botnets hard to pin down, as the people responsible for controlling the zombie machines are increasingly employing more advanced detection evasion techniques, said Craig Labovitz, chief scientist at Arbor. As they can't accurately gauge the size of the problem, he said, infrastructure providers are afraid they're only scraping the tip of the iceberg in taking on the botnet phenomenon.

"ISPs are spending a lot of time trying to measure, and there's a lot of subjective data, but there are such widely different qualities to the various bots that it's a real challenge to get any strong metrics," Labovitz said. "We are seeing a widening separation between the pros and the amateurs, but as easy as it is to infiltrate and measure the less sophisticated botnets, the pro grade stuff is far more problematic and harder to trace."

By using the same peer-to-peer botnet propagation strategy that has made the so-called Storm worm a recurring problem in terms of generating subsequent infections, the sophisticated sect of the botnet community is moving forward at a rapid pace, according to Arbor.

In eliminating the need for traditional botnet command and control centers using P2P techniques to distribute the threats, the attackers have also removed the most efficient place to attempt to take down the attacks, the researcher said.

At the same time, DoS attacks -- which have long-ranked as the primary concern of ISPs and their brethren -- have not disappeared, but rather become more targeted and efficient in the application of their resources, making them even more damaging to their individual targets, according to the report.

Labowitz said that while a traditional distributed DoS threats have measured at under 10GB, newer DoS attacks are reaching as high as 24GB -- enough to completely shut down a smaller ISP or Web server farm.

As the attacks are getting more powerful, they are also being concentrated on smaller groups of individual targets, or groups of sites, versus being unleashed to the Internet at large. In one such situation just last week, Labowitz said, an unnamed gambling site was taken offline for a number of hours.

"For the most part, if you read the press you don't hear about DoS as much, so people jump to the conclusion that it's not happening. But it's still out there," said the researcher. "The attacks may only be targeted at a small group of sites, but that can also help to increase the significance of the impact to the provider involved based on the more narrow focus."

Despite the lingering threat of DoS, ISPs have become better equipped at warding off the attacks and protecting their customers, and often times have begun charging for premium services to address the issue, according to Arbor.

As opposed to five years ago, when infrastructure players often had to scramble to respond to DoS campaigns as they emerged, Labowitz said most sizable companies now have appropriate procedures and equipment to at least partially deflect the assaults.

"Even though 90 percent of the attacks are a soft threat at this point, some of those remaining attacks are bigger than anyone can handle easily -- even some of the big guys," said Labowitz.

Arbor predicts attacks on Internet telephony services will represent one of the next immediate pain points for infrastructure players. Only 20 percent of the companies surveyed for the report said they had any gear in place to detect VoIP threats. Only 11 percent reported that they had any plans or tools in place to mitigate VoIP-based attacks.

"We haven't seen many of these threats yet, but we know the proof-of-concepts are out there," said Labowitz. "With the amount of VoIP infrastructure that is being deployed, the ISPs and telephony providers will need to ensure that they have something in place to protect those networks from attack."

Symantec Warns of Clever New Hacks

2007-09-18T10:23:00.000+08:00

from NewsFactor.com 17/9/2007
Website: http://www.newsfactor.com

According to Symantec's latest Internet Security Threat Report, online criminals are getting more sophisticated -- even commercial -- in the development, distribution, and use of malicious code.

Symantec said that while financial gain continues to drive Internet crime, criminals are now using even more professional attack methods, tools, and strategies to conduct malicious activity online.

"The Internet threats and malicious activity we are currently tracking demonstrate that hackers are taking this trend to the next level by making cybercrime their actual profession, and they are employing businesslike practices to successfully accomplish this goal," said Arthur Wong, senior vice president of Symantec Security Response and Managed Services, in a statement.

Sophisticated Toolkits

During the reporting period of Jan. 1, 2007 to June 30, 2007, Symantec detected an increase in Internet criminals leveraging sophisticated toolkits to carry out malicious attacks. The company pointed to MPack as one example of this strategy.

MPack is a professionally developed toolkit available for sale in the underground economy. Attackers can purchase and deploy MPack's collection of software components to plant malicious code on computers around the world, then monitor the effectiveness of their nefarious activities through various metrics. Phishing toolkits, which are a series of scripts that allow an attacker to set up phishing Web sites that spoof legitimate Web sites, are also available for sale.

In addition, Symantec reported a rise in multistage attacks in which the initial hack opens the door for attackers to deploy subsequent attacks. One example of a multistage attack is a downloader that allows an attacker to change the downloadable component to any type of threat that suits the attacker's objectives. According to Symantec, 28 of the top 50 malicious code samples were multistage downloaders.

"While mass spam e-mail phishing is likely to be detected quickly through automated and manual controls, targeted attacks are much more likely to bypass e-mail filters and be successful in their attempt to social engineer victims into opening attachments or clicking on links," said Michael Sutton, a security evangelist at SPI Dynamics.

Social Network Attacks

Symantec observed that 61 percent of all vulnerabilities discovered were in Web applications. While Internet criminals have many targets, such as financial and recruitment sites, social networks are becoming more popular venues for attack.

Social-networking sites, Symantec noted, are particularly valuable to attackers because they provide access to a large number of people, many of whom trust the sites and their security. These Web sites can expose a lot of confidential user information that can then be used in attempts to conduct identity theft or online fraud, or to provide access to other Web sites from which attackers can deploy further attacks.

"We as a population are slowly increasing our public footprint through social networking sites such as MySpace and Facebook," said Sutton. "We must be aware that in doing so we are also providing important information to attackers who are leveraging that information to conduct targeted attacks."

Malware is Getting Smarter, IBM Warns

2007-09-18T10:18:00.000+08:00

from Computerworld UK 17/9/2007
Website: http://www.computerworlduk.com

IBM has reported an increase in malware volume and sophistication as part of its security statistics report for the first half of the year.

So far this year, its X-Force research and development team has identified and analyzed more than 210,000 new malware samples, which is more than the total number of malware samples observed over the entirety of last year.

According to IBM, the "exploits as a service" industry continues to thrive, with the new practice of "exploit leasing" added to the repertoire of criminals. By leasing an exploit, attackers can now test exploitation techniques with a smaller initial investment, making this underground market an even more attractive option for malicious perpetrators.

According to the report, Trojans (seemingly legitimate files that are actually malware) are the most common form of malware this year, accounting for 28 percent of all malware. Last year, by contrast, Downloaders was the most common category-- a low-profile piece of malware that installs itself so that it can later download and install a more sophisticated malware agent.

"The X-Force security statistics report for 2006 predicted a continued rise in the sophistication of targeted, profit-motivated cyber attacks," said Kris Lamb, director of X-Force. "This directly correlates to the rise in popularity of Trojans that we are witnessing this year, as Trojans are often used by attackers to launch sustained, targeted attacks."

But running counter to historical trends, X-Force reports a slight decrease in the overall number of vulnerabilities uncovered in the first half of 2007 versus the first half of 2006. A total of 3,273 vulnerabilities were identified in the first half of this year, down 3.3 percent year-on-year. However, the percentage of high impact vulnerabilities has gone up since 2006 from 16 percent to 21 percent for the first half of 2007.

A similarly unexpected trend in the report is the decrease in spam message size. IBM said the fall corresponded with a decrease in image-based spam.

"The decrease in spam message size and image-based spam is a result of spammers adopting and experimenting with newer techniques, such as PDF- and Excel-based spam, as a means to more successfully evade detection by anti-spam technologies," said Lamb.

Virus Definition Updates 18/9/2007

2007-09-18T10:11:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.13.22.1
Download AVG AVI:269.13.22.2
Download AVG AVI:269.13.22.3
Download AVG IAVI:1013
Version: -
Date: 17/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.141
Date: 17/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000775-1
Date: 17/9/2007

Symantec
Download Norton VDU
Version: 90917i
Date: 17/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Hacked GOP Site Infects Visitors with Malware

2007-09-15T17:02:00.000+08:00

from Yahoo News 14/9/2007
Website: http://news.yahoo.com

A Republican Party Web site has been hacked, and for some time it has been spreading a variation of the long-running Storm Trojan horse to vulnerable visitors, a security researcher said Friday.

This is the first time that Storm has taken to the Web for its victims, said Dan Hubbard, head of research at San Diego-based Websense Inc. "The big news is that Storm has added infecting sites to its arsenal," said Hubbard.

Storm debuted in January but only cracked the top malware lists early this summer, and has become infamous for its ability to adapt its infection strategies.

"They have a knack for latching onto the latest newsworthy events and capitalizing on the public interest in them," Symantec Corp. researcher Hon Lau said last month. "And if no newsworthy events are happening at the time, then they will just make them up."

Until now, Storm has infected users via files attached to e-mail or through links embedded in spam. The change noticed by Websense's scanners, however, means that Storm's backers have moved to other attack vectors-- in particular, compromised Web sites that sport malicious IFRAMEs. Users visiting such sites are instantly infected with the Trojan if their browsers are not patched against whatever exploit the IFRAME code is throwing out.

According to Hubbard, several hundred sites have been compromised by Storm's makers, then seeded with IFRAMES that can inject the Trojan into vulnerable PCs.

One such site was a Republican Party Web site for the 1st Congressional District of Wisconsin. Within hours after Websense notified the site's owners, however, it had been purged of the dangerous IFRAME code. By mid-morning Friday, it was safe to visit. Hubbard did not know how the site was compromised.

The motive behind Storm's continued attacks, and its expansion into new areas like this, said Hubbard, is a never-ending appetite for bots-- compromised computers that can be used for spamming or other criminal activities, either by the original attackers or by others who lease sections of the botnet.

"Storm's botnet is clearly the biggest around," said Hubbard, who estimated its size as "conservatively, in the hundreds of thousands, although some people have thrown out numbers like 1 million or 2 million or even 4 million." Earlier this month, in fact, MessageLabs Ltd. pegged the botnet at 2 million machines.

In the last few weeks alone, Storm has spread through e-mails touting a real-time scoreboard site for National Football League games, spam hyping a Web site that wished Americans a happy Labor Day holiday and more mail that used YouTube videos as bait.

Virus Definition Updates 14/9/2007

2007-09-14T10:35:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.13.18.1
Download AVG AVI:269.13.18.2
Download AVG AVI:269.13.18.3
Download AVG IAVI:1007
Version: -
Date: 13/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.128
Date: 13/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000774-5
Date: 13/9/2007

Symantec
Download Norton VDU
Version: 90913q
Date: 13/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Hackers update malware tool kit with zero-day code

2007-09-14T10:29:00.000+08:00

from Yahoo News
Website: http://news.yahoo.com

San Francisco (InfoWorld) - A new version of the IcePack hacker exploit tool kit has been released, security researchers warned Tuesday, and for the first time it includes attack code designed to exploit an unpatched, or zero-day, Microsoft vulnerability.

Three of IcePack's eight exploit tools are new, said Roger Thompson, chief technology officer at Exploit Prevention Labs. That's noteworthy in and of itself, Thompson said. "The mix of old and new exploits is to be expected, but three new ones in one update is pretty impressive," he noted.

But the new tool kit also sports a first. "The latest iteration has done something original," said Thompson, pointing to an exploit that attacks a zero-day vulnerability in Microsoft's DirectX software development kit (SDK). "The closest to a tool-kit zero-day exploit [before] was for the ANI [animated cursor] vulnerability."

He was referring to a Windows bug that surfaced in early April. By the time that Mpack, an IcePack predecessor, added the ANI exploit, however, Microsoft had patched the vulnerability with an emergency out-of-cycle update.

The DirectX SDK bug was disclosed by Polish researcher Krystian Kloskowski in a post to the milw0rm.com site in mid-August.

Microsoft did not release a fix for the flaw in the regularly scheduled updates issued earlier Tuesday.

IcePack is only one of several click-to-attack malware tool kits in circulation. Derived from the earlier Mpack, IcePack joins others boasting monikers such as NeoSploit and WebAttacker that cater to what Thompson called "lazy crooks."

"Originally there was just WebAttacker, but they screwed up and then NeoSploit came along," Thompson said as he rattled off the exploit tool kit genealogy. "Then there was Mpack, which everyone at first thought was just WebAttacker, but it wasn't. Now there's IcePack." He estimated that nine to 12 malware tool kits are currently in use.

"They all use very similar code, and they're all trying to make a buck out of selling to lazy crooks," said Thompson.

Even though the just-updated IcePack features the first zero-day attack code seen in a malware kit, Thompson downplayed the threat. Sort of. "This is not an end-of-the-world kind of thing, since not many people will have the [DirectX] SDK. But no one knows what other software packages use that [vulnerable] ActiveX control. It's a little like Russian roulette that way."

Other researchers confirmed Thompson's assessment. Symantec, for instance, warned customers of its DeepSight threat network that it had spotted in-the-wild attacks using the DirectX exploit. Symantec's researchers also confirmed that the other two exploits new to IcePack target vulnerabilities in Yahoo Messenger and Yahoo Widgets. Both of those bugs, however, have been patched.

Taking aim at patched vulnerabilities is a common characteristic of multistrike kits, even though it might seem counterintuitive, said Thompson. "They usually go after lesser-known vulnerabilities," he said.

Virus Definition Updates 11/9/2007

2007-09-11T21:43:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.13.14.1
Download AVG AVI:269.13.14.2
Download AVG AVI:269.13.14.3
Download AVG IAVI:999
Version: -
Date: 10/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.116
Date: 11/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000774-1
Date: 10/9/2007

Symantec
Download Norton VDU
Version: 90910v
Date: 10/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Skype warns users of Windows worm

2007-09-11T12:08:00.000+08:00

from Yahoo News 10/9/2007
Website: http://news.yahoo.com

San Francisco (IDGNS) - Skype users are under attack from a new worm that spreads through the peer-to-peer Internet phone application's chat feature.

The attack begins when a user receives an instant message containing a link from someone in their contact list or an unknown Skype user, said Villu Arak, a Skype spokesman based in Tallinn, Estonia.

There are several versions of the chat messages, which are "cleverly written" to fool users, Arak wrote on the Skype heartbeat blog. The link appears to contain a JPEG photo file, but if clicked causes the Windows run/save dialog box to appear, which asks whether the user wants to save or run a ".scr" file.

The file is malicious software that can then access a user's PC via Skype's API (application programming interface). The malicious file has been named W32/Ramex.A.

"Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a web link that can infect" their computers, Arak wrote.

To avoid trouble, users should not download the file. At least two security vendors, F-Secure and Kaspersky Lab, have updated their software to detect the worm, Arak wrote.

Instant message programs are another way hackers can try to gain control over PCs. Access to one person's instant messenger or e-mail account can mean contact details for many others, allowing hackers to use malicious e-mails or instant messages to lure victims into downloading malicious software.

China hosts nearly half of all malware sites

2007-09-11T12:01:00.000+08:00

from CNet News 4/9/2007
Website: http://www.cnet.com

China is host to almost half of the world's malware-infected Web sites.

According to a report released Monday by antivirus company Sophos, China--including Hong Kong--hosted 44.8 percent of the world's infected sites in August. The U.S. ranked a distant second, hosting 20.8 percent of sites that contain malicious code.

The number of infected Web pages has also grown. Sophos said it detected an average of 5,000 new infected pages each day in the month of August.

The company warned that simply staying clear of sites hosted in the top three countries of China, the U.S. and Russia is not an effective method of avoiding malware.

"Hackers are hijacking Web sites around the world to make them point to malware on sites based in China, the U.S. and Russia," Carole Theriault, Sophos senior security consultant, said in a statement.

Sophos also warned about a sharp rise in spam pointing people to these infected sites. Malicious senders, in an attempt to bypass attachment virus scanners, are using messages that direct people to Web sites with malicious code. Computers get infected when people click on the links in the e-mail message.

"Most malware writers...are using spam and the Web to infect users," Theriault said. "Criminals are hard at work trying to slip past filters at the corporate gateway."

June saw a spike in spam hosted on Chinese domains, when the figure rose from almost zero to 450 spam domains.

Victoria Ho of ZDNet Asia reported from Singapore.

Virus Definition Updates 9/9/2007

2007-09-09T20:24:00.000+08:00

AVG Anti-Virus Free Edition 7.5

Download AVG AVI:269.13.12.1
Download AVG AVI:269.13.12.2
Download AVG AVI:269.13.12.3
Download AVG IAVI:997
Version: -
Date: 9/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.106
Date: 8/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000773-3
Date: 8/9/2007

Symantec
Download Norton VDU
Version: 90908h
Date: 8/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Avira at Systems 2007: professional virus protection for any size of business

2007-09-09T20:16:00.000+08:00

from Avira News 6/9/2007
Website: http://www.avira.com

At the Systems fair, which takes place from October 23 to 26 in Munich, the German IT security expert Avira presents new features of the AntiVir virus protection. The software for professional use can now be managed more efficiently and more easily via the new Avira Security Management Center 2.0 with integrated Internet Update Manager (IUM). The IUM automates distribution of Avira updates and thus ensures a uniformly high security level in the managed system. A visit to the Avira stand in hall B3, booth 318 is also worthwhile in terms of protecting mobile phones and pocket PCs against digital viruses. Avira is equipping the mobile phones of all trade fair visitors with a free version of Avira AntiVir Mobile with a license period of six months.

With the Avira Security Management Center 2.0, businesses can keep management and monitoring expenses for the distributed security solutions as low as possible. With the management software, small and medium-sized businesses in particular are able to achieve the balancing act of guaranteeing a consistently high security level on all clients and servers even without an IT administrator. As the main settings are pre-configured, an automatic update infrastructure is immediately available with the integrated IUM.

For varying security requirements, resulting for example from field service and in-house sales staff, individual directives can be centrally defined with the Avira management tool. The new Management Center is particularly interesting for IT service providers and computer retailers. As they frequently manage the IT environment of many customers via remote access, they can guarantee maximum protection of all dangers from the Internet at all times with the IUM without travel times. The Avira Security Management Center is included free with the current software for small and medium-sized businesses, the Avira SmallBusiness Suite.

In addition to the Systems fair, Avira is also represented at the Internet World in Munich. The congress takes place for the first time from October 23 to 24 in the ICM (International Congress Center Munich). The industry event for Internet professionals offers a five-pronged congress program and many workshops on the latest solutions, trends and strategies with many practical examples for the Internet business. Rainer Witzgall, Executive Vice President of Avira,
will be giving a report on the subject of “Free is not for nothing” on October 24 at 1.45 p.m.

For details on the new product features or other subjects relating to IT security, Rainer Witzgall, Executive Vice President, is available for personal discussions. Please contact Elisabeth Rothbart on +49 (0) 89 17 30 19 33 or at avira@lewispr.com to arrange an appointment.

About Avira

Avira is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than twenty years of experience, the company is one of the pioneers in this field.

The security expert has several locations in Germany and partnerships in Europe, Asia and America. At its headquarters in Tettnang near Lake Constance, Avira is one of the region’s largest employers with more than 180 employees. Worldwide more than 250 persons are employed and their work regularly wins awards. Avira AntiVir Personal, used by millions of private users, represents a significant contribution to security.

Avira’s national and international customers include renowned corporations listed on the stock exchange but also educational institutions and public authorities. In addition to protection of the virtual environment, Avira also provides for more protection and security in the real world by supporting the Auerbach Foundation. Established by the founder of the company, the Auerbach Foundation promotes charitable and social projects as well as the arts, culture and science.

Press Contact:

Elisabeth Rothbart
LEWIS Global PR
Baierbrunner Str. 15
D-81379 München
Telefon: +49 (0) 89 1730 19 33
Telefax: +49 (0) 89 1730 19 99
Email: avira@lewispr.com

Virus Definition Updates 7/9/2007

2007-09-07T20:43:00.000+08:00

AVG Anti-Virus Free Edition 7.5

Download AVG AVI:269.13.8.1
Download AVG AVI:269.13.8.2
Download AVG AVI:269.13.8.3
Download AVG IAVI:993
Version: -
Date: 6/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.102
Date: 7/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000773-1
Date: 6/9/2007

Symantec
Download Norton VDU
Version: 90906ax
Date: 6/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Chinese hackers cyber-attacking British government networks

2007-09-06T23:00:00.000+08:00

from Yahoo News 6/9/2007
Website: http://news.yahoo.com

Chinese computer hackers are infiltrating British government networks, giving them access to secret information, according to media reports on Thursday.

The reports in The Times and The Independent newspapers come a day after US President George W. Bush said he may bring up the issue of suspected Chinese cyber-attacks on the US defence department in a meeting with China's President Hu Jintao.

"China is engaged in hostile intelligence activities, and instead of using the old-fashioned methods, they are focusing on electronic means to hack into systems to discover Britain's defence and foreign policy secrets, and they are technologically pretty advanced and adept at it," an unnamed government source told The Times.

Another senior government source, meanwhile, told The Independent: "Governments throughout the West have been aware of this for a number of years. It has been an ongoing practice by the Chinese. They are trying it all the time. The firewalls that need to go in are going in."

Both the Foreign Office and the Ministry of Defence have declined to comment on the reports.

In Washington, the Pentagon said Tuesday that several nations and groups were trying to break into the US military's computer system after the Financial Times reported China's military had successfully hacked into the network in June.

Unanmed officials told the Financial Times the attack was by China's People's Liberation ArmySecretary Robert Gates. (PLA) and that it led to the shutdown of a computer system serving the office of Defense

Virus Definition Updates 5/9/2007

2007-09-05T12:32:00.000+08:00

AVG Anti-Virus Free Edition 7.5

Download AVG AVI:269.13.5.1
Download AVG AVI:269.13.5.2
Download AVG AVI:269.13.5.3
Download AVG IAVI:990
Version: -
Date: 4/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.87
Date: 4/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000772-3
Date: 4/9/2007

Symantec
Download Norton VDU
Version: 90904h
Date: 4/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Cyber crime tool kits go on sale

2007-09-05T10:13:00.000+08:00

from BBC News 4/9/2007
Website: http://news.bbc.co.uk

Hacking tools compete with legitimate software

Malicious hackers are producing easy to use tools that automate attacks to cash in on a boom in hi-tech crime.

On sale, say security experts, are everything from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks.

The top hacking tools are being offered for prices ranging up to £500.

Some of the most expensive tools are sold with 12 months of technical support that ensures they stay armed with the latest vulnerabilities.

Tool time

"They are starting to pop up left and right," said Tim Eades from security company Sana, of the sites offering downloadable hacking tools. "It's the classic verticalisation of a market as it starts to mature."

Malicious hackers had evolved over the last few years, he said, and were now selling the tools they used to use to the growing numbers of fledgling cyber thieves.

When it comes to the hacking industry and level of business acumen there's no limit to what your money can buy

Paul Henry, Secure Computing

Mr Eades said some hacking groups offer boutique virus writing services that produce malicious programs that security software will not spot. Individual malicious programs cost up to £17 (25 euros), he said.

At the top end of the scale, said Mr Eades, were tools like the notorious MPack which costs up to £500.

The regular updates for the software ensure it uses the latest vulnerabilities to help criminals hijack PCs via booby-trapped webpages. It also includes a statistical package that lets owners know how successful their attack has been and where victims are based.

MPack has proved very popular with criminally minded groups and in late June 2007 managed to subvert more than 10,000 websites in one attack that drew on the tool.

Hacking groups also operate volume pricing schemes and discounts for loyal customers, he said.

"It's almost a play-by-play of good business practices of software marketing," he said. "When it comes to the hacking industry and level of business acumen there's no limit to what your money can buy."

Paul Henry, vice president of technology evangelism at Secure Computing, said the numbers of downloadable hacking tools was growing fast.

According to Mr Henry there were more than 68,000 downloadable hacking tools in circulation. The majority were free to use and took some skill to operate but a growing number were offered for sale to those without the technical knowledge to run their own attacks, he said.

But, he added, many hacking groups were offering tools such as Mpack, Shark 2, Nuclear, WebAttacker, and IcePack that made it much easier for unskilled people to get in to the hi-tech crime game.

Mr Henry said the tools were proving useful because so many vulnerabilities were being discovered and were taking so long to be patched.

Little risk

"MPack used more than 12 different vulnerabilities that were launched against any web browser that visited any compromised site," he said.

Many hacking groups were attracted to selling the kits because it meant they took little risk themselves if the malicious software was used to commit crimes.

"The only thing you are going to find is a disclaimer that this was distributed for educational purposes and the user accepts any responsibility for any misuse," he said.

The only risk the hacker groups faced in making the tools available was in having someone else steal them and offer them at a lower price. Already, he said, the sheer number of tools for sale was driving down prices.

Garry Sidaway, a senior consultant at security firm Tricipher, said the success of MPack and the attendant publicity was rumoured to be worrying its creators.

"It was made by a group of friends and they all have regular jobs," he said.

Mr Sidaway said the group would not lose much money if they did stop selling it because they made much more from other lines of business.

In particular, he said, the groups can sell information about unpatched or unknown vulnerabilities in software for thousands of pounds per bug.

Sony confirms security problem

2007-09-04T13:43:00.000+08:00

from BBC News 3/9/2007
Website: http://news.bbc.co.uk

Electronics giant Sony has confirmed a recently discovered security flaw in some of its products that could leave PCs vulnerable to attack by hackers.

The firm said that the fault, which affected software packaged with memory sticks, was developed by a third-party.

Sony said it was conducting an internal investigation into the problem and would offer a fix "by mid-September".

The vulnerability, found by security firm F-secure, was similar to one found on CDs sold by Sony BMG in 2005.

That led to the discs being recalled and several lawsuits against the record label.

A Sony spokesperson said of the latest vulnerability: "While relatively small numbers of these models were sold, we are taking the matter seriously and conducting an internal investigation. No customers have reported problems related to situation to date."

Surprise flaw

The flaw affects three models of Sony's MicroVault USB sticks with fingerprint readers.

Security flaws were also discovered on Sony BMG CDs in 2005

Although the spokesperson said that the models have now been discontinued, they are still available to purchase through several websites.

The flaw was in software that came bundled with the USB devices. The program used virus-like techniques to create a hidden directory on a computer's hard drive.

Researchers at F-secure said that a hacker could then infect a computer as any files stored on the hidden directory would be invisible to the user and also from some virus scanners and security software.

"The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives," said researchers at security firm McAfee, who also investigated the flaw.

"However, in this case the authors apparently did not keep the security implications in mind."

Researchers at both F-secure and McAfee expressed surprise at the flaw, as Sony has faced similar problems in the past.

In 2005, Sony BMG sold CDs bundled with XCP digital-rights management (DRM) software, installed as an anti-piracy measure. It also left machines open to exploit by malicious programmers and computer virus writers.

In addition, researchers found vulnerabilities in another program, known as MediaMax, used by the firm on other CDs. In all, millions of discs sold in North America were thought to have been sold that used the controversial programs.

Quick fix

However, security researchers said that latest flaw was not as serious.

"In a nutshell, the USB case is not as bad as the XCP DRM case," said a blog entry on the F-secure website.

As well as differences in how the software was installed and operated, the researchers said there was a legitimate case for having the software on the USB sticks

"Sony is attempting to protect the user's own data. In the DRM case, Sony was attempting to restrict you - the user - from accessing the music on the CD you bought.

"So their intent was more beneficial to the consumer in this case."

F-secure is assisting Sony with their investigation.

The Sony spokesperson said: "While the software at the issue was developed by a third-party vendor in conjunction with our outsourced device manufacturer, as a precaution and to alleviate any potential concerns, we will be issuing a downloadable software to address the situation by mid-September."

Virus Definition Updates 3/9/2007

2007-09-03T23:29:00.000+08:00

AVG Anti-Virus Free Edition 7.5

Download AVG AVI:269.13.3.1
Download AVG AVI:269.13.3.2
Download AVG AVI:269.13.3.3
Download AVG IAVI:986
Version: -
Date: 3/9/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.81
Date: 3/9/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000772-0
Date: 3/9/2007

Symantec
Download Norton VDU
Version: 90902f
Date: 2/9/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Virus Definition Updates 31/8/2007

2007-08-31T20:02:00.001+08:00

AVG Anti-Virus Free Edition 7.5

Download AVG AVI:269.13.1.1
Download AVG AVI:269.13.1.2
Download AVG AVI:269.13.1.3
Download AVG IAVI:981
Version: -
Date: 31/8/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.70
Date: 31/8/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000770-0
Date: 30/8/2007

Symantec
Download Norton VDU
Version: 90830i
Date: 30/8/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

AVG Free Edition 7.5

2007-08-29T20:12:00.000+08:00

Updated:

AVG Free Edition
Version : 7.5.503
Date: 22/10/2007

AVG Free Edition has spearheaded the company's growth. According to Grisoft, over 40 million users have AVG Anti-Virus protection, including users of the Free Edition.

The AVG Free Edition is similar to the Anti-Virus Professional product, but does not have all the features. It lacks the fine-grained control over how scans are conducted, and it receives lower priority (than the paid-for products) when downloading updates from Grisoft's servers. The language interface cannot be customised, and English is the only available language.

Technical Support is not available for the Free Edition, whereas support is available to users of the Professional, paid for products.

Grisoft announced that AVG Anti-Virus Free Edition version 7.1 ended in February 18, 2007. Users were required to upgrade to AVG Anti-Virus Free Edition version 7.5. Users are being encouraged to move to the commercial version of AVG, particularly the AVG Anti-Malware and AVG Internet Security products as they protect against spyware as well as viruses. In the last two years the increase in infections has been spyware rather than viruses. AVG Anti-Virus Free (including the 7.5 edition) does not include a firewall, anti-spam nor detect spyware. However, Grisoft does provide a free version of AVG Anti-Spyware - based upon the former Ewido engine.

Developer: Grisoft

Website: http://free.grisoft.com

Download it HERE!

Virus Definition Updates 29/8/2007

2007-08-29T18:01:00.000+08:00

AVG Anti-Virus Free Edition 7.5

Download AVG AVI:269.12.10.1
Download AVG AVI:269.12.102
Download AVG AVI:269.12.10.3
Download AVG IAVI:977
Version: -
Date: 27/8/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.58
Date: 29/8/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000769-1
Date: 28/8/2007

Symantec
Download Norton VDU
Version: 90828q
Date: 28/8/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Undelete Plus 2.91

2007-08-28T12:33:00.000+08:00

Undelete Plus is a quick and effective way to retrieve accidentally deleted files, files removed from the Recycle Bin, in a DOS window, from a network drive, from Windows Explorer with the shift key held down.

Undelete Plus supports all Windows file systems for hard and floppy drives including FAT12/16/32,NTFS/NTFS5 and image recovery from CompactFlash, SmartMedia, MultiMedia and Secure Digital cards. Version 2.83 has clean disk feature added, Czech language support (by Dom), multilanguage support updated, small interface improvements, and small bugs fixed.

Download it HERE!

Pandora Recovery v1.2.23

2007-08-28T12:19:00.000+08:00

Pandora Recovery is a powerful free tool that provides its users an effective way to attempt recovery of permanently deleted files. And that does not mean restoration of a file from Recycle Bin. Pandora Recovery actually recovers files permanently removed from Recycle Bin, files originally deleted using Shift + Delete keys bypassing Recycle Bin and files deleted from DOS prompt.

Pandora Recovery is not a backup tool - it can recover files that have been deleted months before Pandora Recovery was installed. And while the likelihood of successful recovery is negatively affected by the time passed since the deletion of files Pandora Recovery users were able to recover files deleted more than five years after deletion and from re-formatted drives!

Download it HERE!

Virus Definition Updates 27/8/2007

2007-08-27T13:23:00.000+08:00

AVG Anti-Virus Free Edition 7.5

Download AVG AVI:269.12.9.1
Download AVG AVI:269.12.9.2
Download AVG AVI:269.12.9.3
Download AVG IAVI:975
Version: -
Date: 26/8/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.45
Date: 26/8/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000768-5
Date: 27/8/2007

Symantec
Download Norton VDU
Version: 90826p
Date: 26/8/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

The New Virus Threat

2007-08-25T16:59:00.000+08:00

By Rajesh Menon

Now that the OS is getting patched up, virus writers have a new target:- Device Drivers and Application Software (including Middleware products) The shift was bound to happen. Did not think that our vicious brothers would give up the fun part of OS screwing so easily.

Let’s try to understand what these nut cases do. But before that, we need to understand viruses. So here we go down nostalgia lane.

A virus is a small piece of software that has just two purposes

Survival
Replication/ Proliferation

These are the generic reasons. In this way, computer viruses are very similar to their biological counterparts. Both get a free ride at others expense. (A hitchhiker, a dangerous and unwelcome one) A biological virus steals the food (protein) that the host cell makes and uses it to strengthen itself, multiply, and rupture the host, after having used him up. I call him a thankless scum.

Now you may ask me what about the damage that it does? Well, of course, from a novelistic point of view, the virus has to do something (it’s called payload), and this is where the plot begins to unfold. You see, if the virus was just to do point 1. and 2. given above, I would never come to know that a virus is lurking in the innards of my immaculate machine. But like a thief who leaves a trail behind, so does a virus. There are some smart viruses which erase these bread crumbs, still their effect shows up somewhere. For e.g: say your machine has slowed down, your keyboards acting witty etc. But always remember Rule No.1 : Don’t judge a virus by its’ effect.

Sometimes people ask me a silly question like ‘Can the virus be sitting inside the image that I downloaded from the net yesterday?’ My answer is both Yes and No. Yes, because the image file might have arrived as a executable file, and if you have hidden the extension that appears when you list the file (Windows only) then God Help. It’s a good practice to run an updated anti-virus on these pests before you try to open them up. Now think about this, can there be a virus in a notepad file or any text file? Of course not! Can there be a virus inside a word file? Sure, if you have turned on the macros. (macros are simple programming language equivalents existing for power users). Now we come to Rule No. 2 : A data file cannot have a virus.

So far so good. There is a whole bunch of different kinds of viruses called worms, Trojan horses, and other funny sounding ones that are vying to get our attention, I mean illegally. We will not worry about these, for the time being. There are variants like adware and spyware, not as harmful as the mainstream, but still pester us. The best way to prevent them is to be cautious about what goes inside and outside the machine. Install an anti-virus and the Spyware / Adware Cleaner and regularly (say once or twice a week) run a scan. People talk of stealth viruses, PDA and mobile phone viruses etc. Yes the threat exists but sooner or later they will be vanquished. You know why? Good always wins over the Bad, finally. If you think, I’m giving you a one-liner from a movie, tell me a good reason why the electron is so far away from the nucleus of an atom, whereas a proton (positive charge) is inside the nucleus so close to the neutron (the meditating monk). The tools that we use for detecting viruses may not detect some of these new breeds of viruses, but the antidote is to fireproof your machine with the best antivirus that is out there and keep it updated daily. (Why doesn’t a company, insure us for virus attacks). So here’s Rule No. 3 : Never think that you are 100% safe even if you run the latest antivirus.

But remember there is hope. Recently, I read about a honey-pot concept where we catch the viruses by deliberately making a target machine vulnerable. The virus thinks that it’s a hit, but actually it’s a bait. Let’s see if the cops can run faster than the thieves. Only time will tell …

Now about the people who write viruses. They need to measure up. See the damages that they afflict on people like us. For what? Some cruel streak or a negative belief or some other reason that we need to really understand before it’s too late. I prescribe the following for these deranged people:

A trip to a shrink
Spiritual cleansing.
Community Service.

We could jail them, like we did some of them. But let’s forgive and forget and usher them into a future where these very people would be the cops or designers of Anti-Virus (and other anti-malware software) and would outrun the other ‘sick’ fellows lurking out there, preparing the next paralyzing strike against the human race.

Guru30 is the nickname of Rajesh Menon, a veteran of the IT industry with 18 years of experience, co-author of a book on 'C' language and published author. He writes on spirituality, management and technology. Either solo subjects or fusion of these streams. The author strongly believes that the real knowledge of the scriptures must be integrated with technology pardigms.

Rajesh Menon is also into music and poetry. You may go to his website =>http://www.guru-30.com or reach him on rajesh.menon@guru-30.com

Article Source: http://EzineArticles.com/?expert=Rajesh_Menon

Virus Definition Updates 24/8/2007

2007-08-24T16:19:00.000+08:00

AVG Anti-Virus Free Edition 7.5
Download AVG AVI:269.12.4.1
Download AVG AVI:269.12.4.2
Download AVG AVI:269.12.4.3
Download AVG IAVI:969
Version: -
Date: 23/8/2007

AntiVir PersonalEdition Classic
Download AntiVir IVDF
Version: 6.39.01.40
Date: 24/8/2007

Avast! 4 Home Edition
Download Avast VPS
Version: 000768-1
Date: 24/8/2007

Symantec
Download Norton VDU
Version: 90823u
Date: 23/8/2007
Supports the following versions of Symantec antivirus software:
Norton AntiVirus 2003 Professional Edition
Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2004 Professional Edition
Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
Norton AntiVirus for Microsoft Exchange (Intel)
Norton SystemWorks (all versions)
Norton Utilities for Windows 95/98 (all versions)
Symantec AntiVirus 3.0 for CacheFlow Security Gateway
Symantec AntiVirus 3.0 for Inktomi Traffic Edge
Symantec AntiVirus 3.0 for NetApp Filer/NetCache
Symantec AntiVirus 8.0 Corporate Edition Client
Symantec AntiVirus 8.1 Corporate Edition Client
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
Symantec AntiVirus 10.1 Corporate Edition Client
Symantec AntiVirus 10.2 Corporate Edition Client
Symantec Mail Security for Domino v 4.0
Symantec Mail Security for Domino v 5.0

Virus Definition Updates 22/8/2007

2007-08-22T20:24:00.000+08:00

AVG
Download AVG IAVI:966
Version:
Date: 22/8/2007

AntiVir
Download AntiVir IVDF
Version: 6.39.01.33
Date: 22/8/2007

Avast
Download Avast VPS
Version: 000767-3
Date: 21/8/2007

Norton
Download Norton VDU
Version: 90821i
Date: 21/8/2007

BitDefender 10 Free Edition

2007-08-21T23:27:00.000+08:00

BitDefender 10 Free Edition is your chance to use one of the world's most effective antivirus engines for free! BitDefender 10 uses the same ICSA Labs certified scanning engines found in other BitDefender products, allowing you to enjoy basic virus protection for no cost at all. BitDefender 10 Free Edition is an on-demand virus scanner, which is best used in a system recovery or forensics role.

Features:
Virus scanning and removal
On demand scanning - Powerful scan engines ensure detection and removal of all viruses in the wild every time you need it.

Scheduled scanning
The Scheduler lets you plan ahead, and schedule full system/drive scans in the off hours, when you won’t be using your computer.

Immediate scanning
With just a right click you can check your files and folders.

Skinable interface
You can express yourself, designing new interfaces, or you can use those drawn by others.

Quarantine
By isolating the infected files in quarantine, the risk of getting infected diminishes. You also have the possibility to send these files for further analysis to BitDefender Labs.

Reports
When launching a scan you may choose to create a report file where you can see statistics about the scan process.

Download it HERE!

Virus Definition Updates 21/8/2007

2007-08-21T16:55:00.000+08:00

Hello guys,

Starting today we will provide you latest virus definition updates from various antivirus software such as AVG, Antivir, Avast and Norton. To make you easier, you can subscribe our email subscription for FREE and get FREE virus definition updates directly from your email!

We will update our virus definition updates regularly to make sure you get the latest updates and protecting your computer from latest virus threat. No more obsolete or out-dated virus definition.

AVG
Download AVG IAVI:963
Version:
Date: 20/8/2007

AntiVir
Download AntiVir IVDF
Version: 6.39.01.27
Date: 21/8/2007

Avast
Download Avast VPS
Version: 000767-2
Date: 20/8/2007

Norton
Download Norton VDU
Version: 90820av
Date: 20/8/2007

PC Inspector File Recovery 4

2007-08-20T12:58:00.000+08:00

PC Inspector File Recovery is a data recovery program that supports the FAT 12/16/32 and NTFS file systems. Finds partitions automatically, even if the boot sector or FAT has been erased or damaged (does not work with the NTFS file system). Recovers files with the original time and date stamp. Supports the saving of recovered files on network drives.

Here are some of the new features in PC INSPECTOR™ File Recovery 4.x
• Finds partitions automatically, even if the boot sector or FAT has been erased or damaged
• Recovers files with the original time and date stamp
• Supports the saving of recovered files on network drives
• Recovers files, even when a header entry is no longer available.

Download it HERE!

Web Security Guard

2007-08-19T21:24:00.000+08:00

Web Security Guard alerts helps you to prevent entering potentially dangerous Web sites that may cause adware, viruses, spyware, or spam. Free for home and office, it uses growing database of Web site ratings. Crawler Toolbar comes with Web Security Guard keeping it up to date and providing combined search results from major Internet search engines. Protect your data and privacy, review Web site's contents and threat level before you enter a site. Version 4.5 may include unspecified updates, enhancements, or bug fixes.

Download it HERE!

Crawler Parental Control

2007-08-19T21:18:00.000+08:00

Crawler Parental Control's easy-to-use application provides you with comprehensive control of user activity on your computer. Crawler Parental Control gives you a perfect overview of your children's activity on your computer and allows you to individualize and restrict their actions and time spent at the computer. Features: content control, time control, usage logging and email notifications, application usage restrictions, and system restrictions.

Download it HERE!

Recuva - File Recovery

2007-08-19T17:16:00.000+08:00

Recuva (pronounced "recover") is a freeware Windows utility to restore files that have been accidentally deleted from your computer. This includes files emptied from the Recycle bin as well as images and other files that have been deleted by user error from digital camera memory cards or MP3 players. It will even bring back files that have been deleted by bugs, crashes and viruses!

Download it HERE!

CCleaner

2007-08-19T16:54:00.000+08:00

Cleaner is a system optimization and privacy tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It's fast (normally taking less that a second to run). It cleans: Internet Explorer (Temporary files, URL history, cookies, Autocomplete form history, index.dat); Firefox (Temporary files, URL history, cookies, download history); Windows (Recycle Bin, Recent Documents, Temporary files, and Log files); Registry cleaner (Advanced features to remove unused and old entries, including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts. So comes with a comprehensive backup feature.) Version 1.41.544 includes several changes such as fixing IE7 history cleaning in Vista, adding Safari cleaning, updating translations, and other improvements

Download it HERE!

MicroWorld Free AntiVirus Toolkit Utility (MWAV)

2007-08-12T22:30:00.000+08:00

MWAV provides you with a FREE utility to enable you to scan for any virus, spyware, adware or any other malware from your computer. MWAV requires no installation and can be run directly from any where on your computer or from a CD ROM. It can also be run even if you have any other antivirus software installed on your computer.

The detection database will constantly be kept updated on a daily basis to detect newer spyware and adware, plus the engine is constantly being improvised for faster and intelligent detections.

Download it HERE!

R-Firewall

2007-08-12T19:48:00.000+08:00

R-Firewall is an effective and easy-to-use solution to secure your on-line activity. It protects a computer connected to a local network and/or to the Internet against any intrusions, attacks, trojans, spyware, and other external and internal threats. R-Firewall also filters out inappropriate Internet pages content and blocks dangerous active components you may get while browsing over the Internet or receiving e-mail massages.

Automatic configuration during setup allows you securely surf the Internet right after the software installation. Mobile users can create multiple and easily switchable configurations for specific network environments (Internet surfing at home, office local networks, or public Wi-Fi spots).

Download it HERE!

Protect Your Notebook from Spyware and Viruses

2007-08-12T15:38:00.000+08:00

By Tim Childree

Notebook computers bring a tremendous convenience to personal computing. Just sit within range of a wireless hotspot and you can connect to your office or home network, access your email, and complete important projects for work. However, roaming from one unsecured wireless network to another can leave your computer vulnerable to malicious software attacks.

Spyware and Viruses

If you are connected to a wireless network without its own firewall, hackers can easily intercept the signals you send and receive across the airwaves. Malicious individuals can also install spyware and viruses on your computer.

Spyware refers to an application designed to track a computer user's internet activities, keep note of sites visited, and gather other information. The term, "spyware," can also refer to any non-viral malicious software, including software that takes over your internet connection, pops up unwanted advertisements, or even blocks your internet connection. A tracking program is technically labeled as spyware only if the computer user does not consent to the download or installation.

Spyware collects information and sends it back to the spyware controller. The owner of the spyware program usually sells gathered information to marketers. For instance, spyware can get a computer user's email information, using that information to bombard the user with advertisements and spam. Spyware is also known as "malware" (Malicious Software), as it can be used to aid identity theft and fraudulent activities (some spyware programs mine credit card information and other sensitive financial information). Keylogging programs, used to steal credit card information and passwords by monitoring everything a user types, fall under the umbrella of spyware/malware.

Viruses are another type of malicious software. A virus is a piece of code that attaches itself to a program, a file, or your boot sector. These malicious programs are called viruses because they work much like a viral infection – they spread to other files, programs, and even computers, and they are designed explicitly to damage your files and destroy your applications.

Protecting Your Notebook from Spyware and Viruses

Protecting your notebook computer from spyware and viruses protects you against fraud and protects your privacy, too.

The first thing that you need to do is install a secure web browser. Internet Explorer is particularly vulnerable to unauthorized scripts which could be run and installed on your computer without your knowledge. Instead of using Internet Explorer, you can try using Mozilla Firefox, one of the most secure web browsers around. Firefox will always inform you about any download or installation, inform you about suspect sites, and update your browser automatically to continually improve security.

Aside from using Firefox, it is important that any computer user install a personal firewall to block unauthorized access attempts. For Windows XP users, Comodo Personal Firewall is a free option (there is an Alpha version of Comodo Personal Firewall Version 3, which adds Vista support, but this would not be a stable option until they reach the final release). Even the best firewall can sometimes allow spyware through, however, so scan your computer with a free program like Spybot: Search & Destroy or Ad-Aware SE, two of the very best anti-spyware programs available. You should not neglect to install anti-virus software, too. If you have an anti-virus program you already use, stick with it, but the free home edition of Avast and the open-source (free) anti-virus product ClamWin are two excellent options. Be sure to keep your security software updated (most programs will automatically update themselves, but they will sometimes prompt you for your permission) to give yourself the very best protection against malicious software.

MALIBAL is the Home of the World's Fastest Laptop Headquartered in Las Vegas, this groundbreaking company has transmuted the world of mobile computing with its nonpareil laptops and unrivaled 24-hour USA-based support.

Please, check out these recommendations for the best notebook computers

Article Source: http://EzineArticles.com/?expert=Tim_Childree

What Damage Spyware Can Cause? - Symptoms

2007-08-12T15:30:00.000+08:00

By Sanjay Kak

You must be wondering, what is Spyware or Spyware Anti-Virus, and why it is important to have your computer scanned and updated with Spyware Antivirus software. With the rise of internet more and more users came on internet and gave rise to e-commerce benefiting users and commerce industry. With this it created problems related to user profiling and in some cases malicious attempts to intercept login and passwords for financial institutions. The word Spyware surfaced in mid 1990, right before dot com boom, it saw its use only when dot com boom created tons of companies on net and millions of user got hooked to internet.

In essence Spyware is computer program, job of this program is to collect information about user. The program is used for collecting information about users without their consent.The computer program secretly records user's actions, while user is surfing on internet. The recorded actions can range from his/her key strokes, internet page history, which site he/she frequently visits, in some cases scanning users' data stored on computer.

As said in the beginning, the purpose ranges from recording users taste for sites, where he shops, on which site he spends more time. All these parameters will help Internet marketers in targeting ads to his/her interest. Worst of all such information can be used or accessed by phisers, who are after peoples financial details, either they sell these information or simple use themselves. This is the most dangerous attempt on your computer you can have.

To spare users from onslaught of advertising agency and phisers, lot of companies have come up with Spyware Antivirus or Spyware Anti-Virus products protecting them from malicious attack. Infect there is whole Spyware Antivirus industry operating for internet users.

Again Spyware Antivirus is computer program and job of Spyware Antivirus is to remove or disable existing Spyware on the computer. Spyware Antivirus also prevents further attack and stops further installation of Spyware on computer. Spyware Antivirus programs watchs and observer for such spyware programs and stop them from installing on host's computer.

You are receiving bounced e-mails in high volume, good chances of trojan spamware running show in your computer.

You have downloaded music online

Your system is extremely slow, it is using your PC's resources, internet bandwidth, modify, delete files, or goes after window registry to change important window programs.

You are being bombarded by those horrible popup ads.

Have you noticed your homepage keeps changing.

Even when your computer offline, your external modem shows lcd light blinking for data transfer.

Malicious attempt to record your keystrokes, sell your financial details to others. They can capture your credit card details or your personal information such as SSN (Social Security Number), birthrate, address etc that can be used to steel identity of person. Well, what does it imply to you - data loss, identity theft, and amount of time put in your work, damage to software on your computer and not to mention it degrades your productivity and loss of investment.

Can create your PC as zombie to let virus, worms and Trojans open computer to act as host for collecting and sending information all over the world.

For more information please visit www.spywareantivirus.info

http://www.spywareantivirus.info

Article Source: http://EzineArticles.com/?expert=Sanjay_Kak

Eliminate Adware and Spyware

2007-08-12T15:25:00.000+08:00

By Gary Gresham

Everyone should eliminate spyware and adware from your hard drive for your computer privacy protection. Spyware and adware programs also slow down the speed of your computer by cluttering your hard drive with annoying programs. Once you eliminate adware and spyware, your computer speed will improve immediately.

Spyware compromises the security of your personal information because the creators of these hidden programs can get access to your desktop even while you are offline.

Adware creates annoying pop ups while you use the Internet. It can change your home page and even hijack certain pages to display their own messages, which are sometimes obscene.

One of the most effective ways to stop spyware and adware is the use of computer firewall protection. These programs eliminate incoming spyware and adware that is attached to the legitimate data that you download when surfing the web.

Some computer firewall protection programs display the number of attempted 'hacks', which includes any illegitimate programs or data: spyware, adware, or other potentially harmful files such as viruses.

It is not unusual for computer firewall protection software to block hundreds of 'hacks' per day. Some users are more exposed than others to the negative effects of spyware, adware, and viruses.

One important factor is the type of connection that your computer has to the Internet. For example, DSL 'cable' connections are replacing the old 'dial-up' connections that run over a household's normal phone lines.

With a DSL connection, your computer can be connected to the Internet all day, every day. This increases the likelihood of your computer becoming infected with spyware and adware.

With today's Internet, there's no such thing as too much computer privacy protection. It's important to find and eliminate spyware and adware from your hard drive because computer security is as important as the lock on your front door.

Article Source: http://EzineArticles.com/?expert=Gary_Gresham

AS3 Personal Firewall

2007-08-06T23:31:00.000+08:00

AS3 Personal Firewall is device designed to prevent outsiders from accessing your network. The unit serves as the single entry point to your network and evaluate all TCP connections requests as they are received comparing them with each rule in the policy.

AS3 Personal Firewall is an easy to use, advanced software that offers you the ability to watch for all ports on your system without listening. Activity provides a real-time view
of the open connections through the firewall. The rules editor is used to define a security policy where connections requests from unauthorized ip addresses and ports are rejected. The log viewer provides data connection notes that can be used for prosecuting the potential attackers.

Use the rules editor to specify the destination and service for each rule with the required action. For example, if you don't want someone connecting to your network, you can bar his access by blocking connection request from his ip address or port number. On his end, he see a message that responds "Connection failed" or "Connection terminated".

Once defined the firewall provides control of how the policy is distributed to all TCP connections through your network.

Download it HERE!

Filseclab Personal Firewall Professional Edition

2007-08-06T22:47:00.000+08:00

Filseclab Personal Firewall Professional Edition is one of the best free firewall, it is not only very easy to use, and also very powerful. It can prevent most attacks from worm viruses and Trojans, it can also block some main Adware and Spyware. It offers double filter system for double-layer protection. The digital signature verification can automatically trust the well-known program. Built-in 7 big modes for all kinds of requirements. It also supports realtime monitor, interactive rules creator, password protection, log, live update, traffic graph, privacy protection, Windows Security Center, balloon message alert and more unique features. It can provide the best protection for your network.

Download it HERE!

Ashampoo FireWall 1.2

2007-08-06T22:14:00.000+08:00

The Ashampoo FireWall makes it easy for anyone to set up an effective, free firewall. Its Configuration Assistant guides you through every step of the the setup process. Easy Mode makes using it a breeze. You dont need any special technical knowledge, and everything is explained clearly. Even with its additional security tools, Ashampoo Firewall is a tiny program that uses very little memory and computer resources. You get heavy-duty protection without a heavyweight load on your system. The Ashampoo FireWall user interface explains itself every step of the way. The information is right there on the screen where you need it so that most users will never need to consult the help files.

Download it HERE!

Don't Pay A Fortune For Antivirus Software

2007-08-05T23:54:00.001+08:00

By Josh Sommers

As a computer technician one thing I am constantly harping on is the absolute need for Antivirus software and Antispyware software on every computer. No exceptions. There are so many issues I fix on a daily basis that could easily be prevented with these simple tools!

No one likes paying for insurance, and that is just what Antivirus software is. It is to protect against something that "might, or might not" happen. What If I told you that the number one antivirus tool I use and recommend as a computer technician is free? Yep, free. And free does not mean cheap!

The best time to install anti-virus software is when you first get your computer. Before anything even has a chance to compromise your system. Here are the steps I recommend taking as soon as possible on your own system to save you time and the inevitable headache.

Step One: Update your computer as much as possible. Go to http://www.windowsupdate.com and update everything you can. This will help patch potential exploits virus’ use in the first place.

Step Two: Remove any "about to expire" anti-virus software on your computer. And if your system is running slow due to the system resource hogs such as Norton Antivirus or McAfee Antivirus go ahead and remove those too.

Step Three: Download and install AVGFree from http://free.grisoft.com and configure it to run automatic updates. (For a step by step video guide to this process, signup at http://www.compmaui.com and I will send you the full video series absolutely free.)

Step Four: Do a full system scan to try to weed out any virus’ that may be on your system already. This is rare on a newly installed version of windows or a new computer, but if you are following this guide several months out, chances are you are already infected.

Step Five: Download, install, update, and immunize your system using Spybot Search & Destroy. You can find this tool at www.safer-networking.org (For a step by step video guide to this process, signup at http://www.compmaui.com and I will send you the full video series absolutely free.)

Step Six: Restart your system and rest assured you are doing more to secure your computer than nearly every home user and client I run into.

Article Source: http://EzineArticles.com/?expert=Josh_Sommers