The” average Joe” probably sees the word "virus" as a generic term for all current threats out there in the wild. The reality is much different. There are a lot of categories which must be mentioned in this context. The word "virus" should not be used as a catchall term for malicious infections. A virus is actually a malicious file which has the ability to infect/add malicious code to other files; we currently see a downward trend of this type of infections.
Strasbourg is not only the capital principal city and the capital of the Alsace region in France - it’s also the seat of the European Parliament. Yesterday, March 26, it was the place where the privacy of Internet users and the fundamental freedoms on the Internet was subjected to voting.
If you follow online security news, there’s little chance that you haven’t heard about Conficker – a new worm that has received extensive media coverage in the past weeks, due in part to Microsoft’s offer of a $250,000 bounty in return for information leading to the arrest of the malware’s perpetrators.
Lavasoft Malware Labs recently had a closer look on an IP range full of hoax sites. Reverse IP on 78.129.142.235 will reveal around 200 fraudulent domains which are hosted in United Arab Emirates. Most of the sites hosted under 78.129.142.235 will use and take advantage of already existing products from the security industry and other popular software. The examples below display their way to make illegal domains look reliable.
hxxp://7zip-2009.info
hxxp://Directx-full.info
hxxp://Icq-full.info
hxxp://Messengerplus-2009.info
hxxp://Safari-full.info
hxxp://Winrar-2009.com
hxxp://Www-kaspersky.info
Some new rogue anti-virus programs to be aware of...First out is XPVirusProtection with a standard looking website.
Antispyware3000 is a typical rogue. It shows a lot of false positives for files that do not even exist on the drive. However, for some reason, their full scan does not show these hits.
XP Police Antivirus is a new rogue anti-spyware application. It will give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove threats which don't exist.
Win32.Worm.Waledac spreads itself using Valentine's Day "advertising" as the distribution method. It can be found on a website full of hearts with the text Guess, which one is for you? as picture 1 shows.
With the new version of Ad-Aware, comes a new classification: Potentially Unwanted Program, or "PUP". Why classify something as a "potentially unwanted application"?
In case you missed this bit of security news last week, according to Heise Security -
"A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn't as invulnerable as it once seemed."
Analysts attempting to traverse the Storm botnet without being detected has proven it to be complex - discovery usually leads to a DDOS attack on the researcher. Having carried out such research covertly and claiming that the botnet can be rapidly taken down is highly significant in terms of the resultant reduction in spam levels and ability to carry out DDOS attacks.
Microsoft's attempts to disrupt the botnet with the Malicious Software Removal Tool, while not definitive, are proving successful. Malware analysts and observers far and wide welcome the news that these researchers have gone one step further by announcing it is theoretically possible to fatally damage the Storm botnet with a single strike.
But, the researchers have noted that there are legal concerns involved in the solution. It's ironic that a single strike that has the potential to take the Storm botnet down from the inside is punishable under German law (and the same may be true in other parts of the world, as well). The Storm botnet is so significant that most people would agree that, when it comes to permanently disrupting it, the end justifies the means. This particular situation gives rise to an ethical dilemma but, ultimately, using illegal methods is not acceptable, however frustrating it may be. Still, even if the researchers are not able to deploy this solution, the data gathered from this research will take us a significant step towards combating and defeating Storm.
The business-oriented social networking site, LinkedIn, has had a recent bout with malware, as you may have seen by all of the buzz this week in the news headlines. As most of you who use them know, social networking sites, while having many advantages to users, have long been targeted by socially engineered scams - meaning you need to take care when roaming around on these types of sites.
In terms of the issues seen lately on LinkedIn - profiles on the site were created to act as a staging point for the distribution of 'FakeAlert' software. This malware serves typical scareware messages claiming that your machine is infected and that you should install the rogue anti-malware application that the warning message is peddling. Despite the FTCs recent efforts in tackling the scourge of rogueware, the fact that these applications continue to proliferate proves they still provide a significant return of investment for malware authors.
The LinkedIn profiles themselves consisted of links that claimed to lead to pornographic images/video content of various celebrities. Upon landing at these sites, victims were invited to install a codec to allow them to view the (non-existent) video; the file was not a video codec, but malware. This method of attack continues to prove to be extremely effective. The social engineering technique being applied is, sociologically, extremely interesting; despite users increasing awareness of Internet safety (i.e. maintaining download discipline, avoiding untrustworthy sites, and generally being aware of the pitfalls when navigating the seedier side of the 'net), using a combination of celebrity and sex to entice continues to be effective.
On the plus side, LinkedIn.com has worked very quickly to deal with this threat - it's encouraging to observe the site's administrators' rapid response time. When the scam first became apparent, many profiles were removed immediately. Currently, all of the malicious profiles that we located have now been cleaned up.
Microsoft is releasing another "out of band" update tomorrow. This update is to fix a recently discovered zero day vulnerability in Internet Explorer 7 that is actively being exploited.
More information about the vulnerability can be found at Microsoft's Security Advisory page.
- 1 of 3
- ››
You Should Know...
Subscribe to Blog
Categories
- Beta Testing (27)
- Comment (1)
- Definition File Updates (1)
- Developer Comments (15)
- Everyday Life at Lavasoft (87)
- Industry and Security News (189)
- Lavasoft Products (107)
- Law Enforcement and Legal Action (42)
- News about Lavasoft (61)
- Researcher Comments (36)
- Riff Raff (18)
- Rogues (20)
- Security Alert (16)
- Security Alerts (60)
- Security Tips (72)
- Website News (11)
Archives
- November 2009 (5)
- October 2009 (14)
- September 2009 (11)
- August 2009 (15)
- July 2009 (12)
- June 2009 (16)
- May 2009 (15)
- April 2009 (20)
- March 2009 (16)
- February 2009 (11)
- January 2009 (11)
- December 2008 (14)
- November 2008 (12)
- October 2008 (15)
- September 2008 (12)
- August 2008 (11)
- July 2008 (14)
- June 2008 (15)
- May 2008 (15)
- April 2008 (15)
- March 2008 (16)
- February 2008 (16)
- January 2008 (13)
- December 2007 (9)
- November 2007 (13)
- October 2007 (13)
- September 2007 (14)
- August 2007 (15)
- July 2007 (11)
- June 2007 (12)
- May 2007 (10)
- April 2007 (15)
- March 2007 (21)
- February 2007 (15)
- January 2007 (15)
- December 2006 (9)
- November 2006 (9)
- October 2006 (11)
- September 2006 (5)
- July 2006 (4)
- April 2006 (1)
- March 2006 (2)
- November 1999 (1)
Social Web