Tuesday, February 27, 2007

New threat - Zlob variant or Trojan.popuper spreading via Myspace.com

Popups









F-secure reported that there is new variant of zlob spreading through Myspace.com forcing visitors to install MS viewer to read adult consent, instead they are actually installing zlob.
Article Link here.



Thursday, February 22, 2007

New threat ! - Malicious Website / Malicious Code: Trojan Crimeware using Google Maps

A fake breaking news report claiming that Australia's Prime Minister Mr. John Howard had a heart attack is being circulated by spammers in an attempt to hijack Australians' computers.

Article:- Link here

Cyberattacks Up 50% By 2010, VeriSign Says

VeriSign's unveiling Thursday of Project Titan, which seeks to expand the capacity of its global Internet infrastructure by 10 times by 2010, will be both a blessing and a bane to Internet users, creating a wider freeway for access to revolutionary new multimedia content while at the same time creating a greater number of targets for malicious attackers.
Cyberattacks will increase by 50% between now and Project Titan's completion, VeriSign CEO and chairman Stratton Sclavos said Thursday during his RSA Conference keynote. As long as cybercrime continues to grow as an industry, don't count on malicious attacks to abate on their own. "Where the money goes, so do the threats," he added.
While it's easy, not to mention good business, for security vendors to predict gloom and doom for the IT industry, Sclavos' point was punctuated by
Tuesday's massive denial-of-service attack against the 13 servers that help manage worldwide Internet traffic. This was a sophisticated attack consisting of "very, very large packets," Sclavos said. "Every request [made by those packets] was bogus, and every [packet] source was false."
Even worse, it was a sophisticated attack that "was very simple to deploy and scales phenomenally well," Sclavos said. "In fact, we're convinced that the perpetrators didn't even know how well it scales."
But the VeriSign CEO pointed the finger at himself and his colleagues in the security space, rather than dwelling on the attackers.
"Shame on all of us in this room who are security vendors," he said. "If we force our customers to choose between ease of use and better security, they will always choose simplicity. We have the security technology and have had it for years. Yet our consumers feel more vulnerable today than they've ever felt."
Still, it's not impossible for organizations to beat back the bad guys. Sclavos pointed to
PayPal, one of the companies most targeted by attackers, as a company that has had some security success because it's taken the threats seriously.
"They are using (
Extended Validation SSL Certificates) to be sure users don't make a phishing site for PayPal's site," he added.
Microsoft announced that it has enabled support for these certificates in Internet Explorer 7. When a user visits a site with a valid EV SSL Certificate, IE 7 alerts the user to the available identity information by turning the background of the address bar green and displaying identity information. Twelve certificate authorities, including VeriSign,
Cybertrust, and Entrust, issue EV SSL Certificates.
Certificate authorities won't issue EV SSL Certificates without first making the organization go through a stringent sign-up process, says Michael Barrett, PayPal's chief
information security officer. In addition, PayPal next week will begin offering certain clients, businesses, and possibly those who've been the victim of past fraud pass code-generating tokens for securely logging on to their PayPal accounts.
Barrett admits there's no easy way to keep bogus e-mailers (known as phishers) and other bad elements at bay, but that's no excuse for not trying, even if it means forcing cybercriminals to change their tactics. "There's no silver bullet," he says. "It's how much lead can you get in the air from a shotgun."

Wednesday, February 7, 2007

PC Tools Cracks Hacker Code in Seconds With New Secret Weapon -- Threat Expert(TM)

PC Tools claimed that they have new & better automatic malware analyzer.
This Threat Expert is similar to Norman's Sandbox & Sunbelt's CWSandbox.

By looking at their sample report I guess PC Tool's TM is better than Norman's Sandbox. I haven't tried Sunbelt's CWSandbox yet, but I guess they are also similar.

The PC Tool's TM report is a lot easy to follow but their tool is not free for everyone. You will need to talk to their marketing department in order to gain access to their utility that allows users to submit their sample file(s) [malware] to be analyze, which in return receives full detailed report about submitted file.

Which is great if you need to check the file to see if file is malicious or not.

Article Link: http://www.tmcnet.com/usubmit/2007/02/01/2303824.htm
PC Tool's TM Link: http://www.pctools.com/threat-expert/
Submit sample file: http://www.pctools.com/threat-expert/submit/

Other competitors sanbox links:-
http://sandbox.norman.no/
http://research.sunbelt-software.com/Submit.aspx (more info: http://www.cwsandbox.org/)

Free public Online scanners:- (No analyzer but just command line scanners)
http://virusscan.jotti.org/
http://www.virustotal.com/



Tuesday, February 6, 2007

The 16th annual RSA Conference is being held this week at the Moscone Center in San Francisco



I won't able to make it to this event, some day I will.
Here is direct link to RSA Conference:
http://www.rsaconference.com/2007/US/

Conference theme: "It is said that man can what he will. If you apply yourself with all your strengths and arts you will reach the foremost and supreme degree of perfection and fame in any effort."– Leon Battista Alberti

About him: http://en.wikipedia.org/wiki/Leon_Battista_Alberti

The first keynote of the day was delivered by Microsoft's Bill Gates and Craig Mundie, who naturally drew a big crowd. Throughout the day you could see lots of familiar names on stage, including crypto-legends Whitfield Diffie, Ron Rivest, Adi Shamir and Martin Hellman in the Cryptographers Panel.

Monday, February 5, 2007

Meeting the Swedish bank hacker - The author of Haxdoor

Another great article on interview with Haxdoor author.
Direct link: http://computersweden.idg.se/2.139/1.93344

For malware analyst like me, it's like having interview with vampire (me as vampire slayer).

Attack on Virtual machine

Here is good reading material for people interest in Virtual machine and malware.
It's pdf file, so you will need Adobe reader or free PDF reader.

Link: http://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf

Sunday, February 4, 2007

Funny Mr. Bill Gate's saying about Steve Job's new marketing campaign

Ha ha, I personally never met Bill & Steve, but I think they are bunch of hypocrites, just want to make $$$ by selling second/third grade products. They never improve their previous product, just keep on selling NEW PRODUCT !

They don't really care about people or this planet earth. They use cheap advertising campaign to fool us.

The fact is over 90% of desktop computers & notebooks come with pre-loaded MS Windows and god know's how many mobile phones will come with standard Windows OS. :(

In other hand, Mac OS probadly only covers less than 2% of world computers, and rest are covered by other non MS or Mac OS such as Linux.

Apple's Mac targets consumer & specialists, MS's Windows targets commercial & dumb pc users and both targets entertainment market, but truth is their products are not so good or nor specialize compare it to other companies anyway. :)

Product Quality & features & prices & marketshare:
----------------------------
Apple's ipod vs iRiver's player (& other 3rd party players)->(3rd party players beats Apple)
MS's Xbox vs Sony's PS2/3 ->(PS3 beats xbox)
Ms's Windows vs Apple's iMac -> (Windows beats iMac)
MS's Zune player VS ipod -> (ipod beats Zune)
Sony's PSP vs Nintendo portable -> (nintendo beats Sony)
Nokia vs Blackberry -> (Nokia beats Blackberry)
Toyota VS Ford -> (Toyota beats Ford)
so on on on .. blah blah blah...


Link: http://blogs.siliconvalley.com/gmsv/2007/02/quoted_1.html

Found one coolest blog - very useful info & links for useful tools you can keep

Claus Valca posted a comprehensive list of online security scanners.

Link: http://grandstreamdreams.blogspot.com/2007/02/online-system-security-scanners.html

From his blog:-

Primarily virus/trojan related online scanners
Authentium - ThreatMatrix - (ActiveX required) - Free system virus scan
Arcabit Online Scanner - (ActiveX required) - Free system virus scan
BitDefender Free Online Virus Scan - (ActiveX required) - Free system virus scan of memory, files, folders, and drives' boot sectors with cleansing option.
Computer Associates eTrust Antivirus Web Scanner - (ActiveX required) - provides virus scanning, curing and deletion support.
Dr.WEB Anti-Virus - upload a file to scan for malicious software (look on page's sidebar)
F-secure Online Virus Scanner - (ActiveX required) - Free system virus scan
Freedom Online Scanner - Free system anti-virus scanner. I cannot tell if it will also remove identified files.
eTrust Antivirus Scanner (requires MS Internet Explorer)
HouseCall (Trend Micro) Online Scanner - (Java or ActiveX) - Checks for viruses, spyware or other malware/grayware. Also performs additional security checks and assists with detected item removal. (Windows, Linux, Solaris systems supported.)
Kaspersky On-line Scanner - (ActiveX required) - Does not remove threats, only alerts user to the presence of a malicious file.
McAfee Free Scan - (ActiveX required) - Free system virus scan
Microsoft: Windows Live OneCare Free Online Scanner - (ActiveX required) - scans for and removes viruses, spyware and other potentially unwanted software and vulnerabilities.
Panda Active Scan Online Scanner - (ActiveX required) - Scans for viruses, trojans, spyware, malware and provides support for removal of virus, worms and Trojans.
Panda SpyXposer - (ActiveX required) - Scans for malware presence. Does not offer removal support.
Symantec Security Check: Virus Detection - (ActiveX required) - "Virus Detection checks for known threats, including top threats identified by Symantec Security Response. Virus Detection provides an analysis of your results and offers suggestions for further action. It does not examine compressed files." -- from Symantec's service description.
Single-File Upload Scanners
avast! OnLine scanner - upload a single file to check.
CWSandbox - Laboratory for Dependable Distributed Systems University of Mannheim, upload a single file to check file behavior in a "sandboxed" system. Very cool behavior reporting. More information at the CWSandbox.org site. (added to list 02/07/2006)
FORTINET - Online virus center - submit a single file for review.
FRISK (f-prot) Software virus lab - submit a single file for review.
IKARUS Software Vienna - Upload sample file for analysis and response is via email.
Kaspersky File Scanner - upload a single file to check.
Norman SandBox Information Center - SandBox Live - Upload sample file for analysis and response is via email.
Sophos - Sample submission form - Upload sample file for analysis and response is via email.
Sunbelt CWSandbox - Sunbelt Software's free automated malware analysis. Upload a single file to check file behavior in a "sandboxed" system. From website description, "CWSandbox not only analyzes the given malware, but also all other processes that are started or infected by the malware." Note: at time of posting, reporting "service not available." (added to list 02/07/2006)
Virusbuster - submit file to VirusBuster labs for review and feedback.
Malware (spyware/adware/etc.) Online Scanners
a-squared Web Malware Scanner - (ActiveX required) - Free system scans for trojans, backdoors, worms, dialers, keyloggers, rootkits, hack-tools, riskware, tracking cookies.
eTrust (Computer Associates) PestScan - (ActiveX required) - Free system malware scan and removal tool.
ewdio (Grisoft) Anti-Spyware Scanner - (ActiveX required) - Free system malware scan and removal tool.
Tenebril - Free Spyware Scan - (ActiveX required) - Free system spyware scan
X-Cleaner Micro Edition - (ActiveX required) - FaceTime Security Labs malware scanner.
ZoneAlarm Security Scanner (Check Point) - (ActiveX required) - ZoneAlarm Labs malware scanner--will not remove any malicious files by itself.
Online "single-file" Multi-Scan Test Websites
Jotti's Malware Scan - Utilizing 15 different scan engines: AntiVir, ArcaVir, Avast, AVG Antivirus, BitDefender, ClamAV, Dr.Web, F-Prot Antivirus, F-Secure Anti-Virus, Fortinet, Kaspersky Anti-Virus, NOD32, Norman Virus Control, VirusBuster, VBA32.
Virus Total Scan - Utilizing 28 different scan engines: Aladdin (eSafe), ALWIL (Avast! Antivirus), Authentium (Command Antivirus), Avira (AntiVir), Cat Computer Services (Quick Heal), ClamAV (ClamWin), Computer Associates (Iris, Vet), Doctor Web, Ltd. (DrWeb), Eset Software (NOD32), ewido networks (ewido anti-malware), Fortinet (Fortinet), FRISK Software (F-Prot), Grisoft (AVG), Hacksoft (The Hacker), Ikarus Software (Ikarus), Kaspersky Lab (AVP), McAfee (VirusScan), Microsoft (Malware Protection), Norman (Norman Antivirus), Panda Software (Panda Platinum), Prevx (Prevx1), Softwin (BitDefender), Sophos (SAV), Sunbelt Software (Antivirus), Symantec (Norton Antivirus), UNA Corp (UNA), VirusBlokAda (VBA32), VirusBuster (VirusBuster)
Software or System Security Vulnerability Scanners
Dr. Web Link checkers service - plugin for Opera/Firefox/Internet Explorer. Scans file or web-page prior to opening to verify it is not malicious.
McAfee WiFiScan - "McAfee Wi-FiScan surveys your current Wi-Fi® connection, your wireless equipment, and local environment to assess security risks introduced by your wireless network." - from McAfee's service description.
Secunia's Software Inspector - "Detects insecure versions of applications installed, verifies that all Microsoft patches are applied, assists you in updating your system and applications, runs through your browser. No installation or download is required." - from Secunia's service description.
Symantec Security Check: Security Scan - (ActiveX required) - "Hacker Exposure Check - Checks whether your computer allows unknown or unauthorized Internet communications; Windows Vulnerability Check - Checks whether basic information about your computer, including your PC's network identity, is exposed to hackers; Trojan Horse Check - Checks whether your computer is safe from Trojan horses; Antivirus Product Check - Checks whether you're protected by a commonly-used virus protection product; Virus Protection Update Check - Checks whether you're safe from the latest viruses. Applicable if you have a virus protection product." -- from Symantec's service description.
Not Quite "Fully-Online" Based Software or System Security Vulnerability Scanners
A few of the products/services noted on other lists are included in their online scanner lists, but actually require download and execution of a exe (executable) based file on the local pc or download and running of exe (executable) based file from memory. While technically these might be considered "on-line" scanners, they are not so in the manner of the ones listed above.
I have chosen to include some of these products in this post, as they may be otherwise beneficial for interested parties to explore further;
Aluria Software (EarthLink) Spyware Scanner - scans and identifies malware on the local pc.
Computer Associates's Resource Center: (eTrust Pest Patrol, Optimization Scan, Privacy Scan) - download the appropriate tool and execute.
Microsoft: Malicious Software Removal Tool (for Windows XP and 2K) - targets only specific threats, included in Microsoft Critical Updates, so you may already have the file (MRT.exe) on your system: It is usually located in the C:\Windows\System32\ folder on XP systems or in the C:\WINNT\System32\ folder on Windows 2000 systems.
Webroot Enterprise Spy Audit - Generate a unique code, download the audit tool executable, find results.
Primary Sources:
I did quite a bit of work hunting these tools down, and then checking the links to get more information about the conditions they ran under and what category they would best be placed under. However, these links were the most helpful in providing me the services noted.
Computer Cleanup : Free Online Scanners
MikeAlao's Blog: Free Online Virus and Spyware Scanners (including updated links)
NIST IT Security: Free Online Antivirus, Spyware, and Firewall Scanners Review
VIRUSTOTAL - Hispasec Sistemas's list of participating companies
jotti - list of participating companies
Just another class of security tools to keep you safe!
--Claus
Post updated on 02/07/2007 where noted. Big Thanks to
Computer Defense blog for pointing out the additional scanner links!
Posted by Claus at
Sunday, February 04, 2007

Global Virus Map