Consoleman Blog - Data forensic & QA

AV Industry: Trend Micro buys Third Brigade

2009-04-30T18:53:00.000-07:00

Trend Micro buys Third Brigade
http://www.itnews.com.au/News/102128,trend-micro-buys-third-brigade.aspx
By Shaun Nichols
30 April 2009 01:46PM

Security giant Trend Micro is aiming to increase its enterprise security presence by acquiring enterprise specialist Third Brigade for an undisclosed sum.

The companies said that the deal was made with server security in mind.

Third Brigade specialises in datacentre security and Trend hopes that the deal will bolster its arsenal in both the physical and virtualised server markets.

"Trend Micro has been a pioneer and global leader in server protection software for over ten years," said Trend chief executive Eva Chen.

"This acquisition underscores our commitment to maintaining that leadership position, and accelerates our ongoing efforts to deliver innovative new solutions that are uniquely suited to dynamic datacentres, as they expand from physical to virtual and public/private cloud-computing environments."

The company said that it also hopes to parlay Third Brigade's intrusion prevention systems (IPS) into its own enterprise offerings.

The two companies have previously had a deal which includes embedding the Third Brigade IPS in Trend Micro's Intrusion Defense Firewall product.

The two companies said that they hope to finalise the deal by the end of June.

Third Brigade specialized in Host Intrusion Prevention Systems (HIPS).

Enrique Salem takes over at Symantec

2009-04-07T22:57:00.000-07:00

By Shaun Nichols
7 April 2009 02:16PM

Symantec's new chief executive has officially taken over..

The security and storage firm said that former chief operating officer Enrique Salem had formally assumed the chief executive and company president roles.

Outgoing chief John Thompson is remaining with the company as board chairman.

The move was first announced in November, but the official transition was delayed until the end of the company's fiscal year on April 4.

"Through that process, Enrique emerged as the right person to lead the company and I am confident in his ability to continue to drive the success of our team," Thompson was quoted as saying in November.

Salem will be the company's first new chief executive in more than ten years, rising to the position from the chief operating officer role.

Salem had first joined Symantec as a lead engineer when the company acquired Norton Computing in 1990. He later became the company's first chief technology officer before leaving in 1999 to join Ask Jeeves.

Salem returned to the company in 2004 when Symantec purchased Brightmail.

Copyright © 2009 vnunet.com

New BIOS attack renders antivirus useless

2009-04-01T23:13:00.000-07:00

By Iain Thomson
27 March 2009 10:45AM
A new form of attack that installs a rootkit directly onto a computer’s BIOS system would render antivirus software useless researchers have warned.

Alfredo Ortego and Anibal Sacco of Core Security Technologies explained that the attack was possible against almost all types of commonly used BIOS systems in use today.

The two devised a 100 line Python script that could be flashed onto the BIOS to install a rootkit. Because the BIOS software activated before any other program on a computer when it starts up then normal antivirus software would be unable to detect it.

“We tested the system on the most common types of BIOS,” said Ortega.

“There is the possibility that newer types of Extensible Firmware Interface (EFI) BIOS may be resistant to the attack but more testing is needed.”

The attack is only possible if the attacker already has full administrative control of the target PC, but this is possible through a standard virus infection. Once that is achieved the malware operator would be able to flash a rootkit directly onto the BIOS.

Even if the initial virus was detected and removed the computer would still be under remote control. Even a full wipe of the hard drive and complete reinstallation of the operating system would not remove it they warned.

If a sophisticated rootkit was put onto the BIOS it could be even more difficult for an administrator to debug the system, said Ivan Arce, chief technology officer at Core Security Technologies.

“You’d need to reflash the BIOS with a system that you know has not been tampered with,” he said.

“But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the BIOS chip.”

The attack vector is also usable against virtual systems the researchers said. The BIOS in VMware is embedded as a module in main VMware executable and thus could be altered.

However it is possible to protect against this attack by locking down the BIOS chip from flash updates, either by password protecting the system against unauthorised changes or physically.

“The best approach is prevention, preventing the virus from flashing onto the BIOS,” said Sacco.

“You need to prevent flashing of the bios, even if it means pulling out jumper on motherboard.”

Copyright © 2009 vnunet.com

Conficker worm threatens April Fools' chaos

2009-03-30T15:43:00.000-07:00

March 30, 2009

Article link
The fast-moving Conficker computer worm, a scourge of the internet that has infected at least 3 million PCs, is set to spring to life in a new way on Wednesday - April Fools' Day.

That's when many of the poisoned machines will get more aggressive about "phoning home" to the worm's creators over the internet. When that happens, the bad guys behind the worm will be able to trigger the program to send spam, spread more infections, clog networks with traffic, or try and bring down websites.

Technically, this could cause havoc, from massive network outages to the creation of a cyberweapon of mass destruction that attacks government computers. But researchers who have been tracking Conficker say the date will probably come and go quietly.

More likely, these researchers say, the programming change that goes into effect April 1 is partly symbolic - an April Fools' Day tweaking of Conficker's pursuers, who for now have been able to prevent the worm from doing significant damage.

"I don't think there will be a cataclysmic network event," said Richard Wang, manager of the US research division of security firm Sophos. "It doesn't make sense for the guys behind Conficker to cause a major network problem, because if they're breaking parts of the internet they can't make any money."

Previous Internet threats were designed to cause haphazard destruction. In 2003 a worm known as Slammer saturated the internet's data pipelines with so much traffic it crippled corporate and government systems, including ATM networks and 911 centres.

Far more often now, internet threats are designed to ring up profits. Control of infected PCs is valuable on the black market, since the machines can be rented out, from one group of bad guys to another, and act as a kind of illicit supercomputer, sending spam, scanning Web sites for security holes, or participating in network attacks.

The army of Conficker-infected machines, known as a "botnet," could be one of the greatest cybercrime tools ever assembled. Conficker's authors just need to figure out a way to reliably communicate with it.

Infected PCs need commands to come alive. They get those commands by connecting to websites controlled by the bad guys. Even legitimate sites can be co-opted for this purpose, if hackers break in and use the sites' servers to send out malicious commands.

So far, Conficker-infected machines have been trying to connect each day to 250 Internet domains - the spots on the internet where websites are parked. The bad guys need to get just one of those sites under their control to send their commands to the botnet. (The name Conficker comes from rearranging letters in the name of one of the original sites the worm was connecting to.)

Conficker has been a victim of its success, however, because its rapid spread across the Internet drew the notice of computer security companies. They have been able to work with domain name registrars, which administer website addresses, to block the botnet from dialing in.

Now those efforts will get much harder. On April 1, many Conficker-infected machines will generate a list of 50,000 new domains a day that they could try. Of that group, the botnet will randomly select 500 for the machines to actually query.

The bad guys still need to get only one of those up and running to connect to their botnet. And the bigger list of possibilities increases the odds they'll slip something by the security community.

Researchers already know which domains the infected machines will check, but pre-emptively registering them all, or persuading the registrars to neutralise all of them, is a bigger hurdle.

"We expect something will happen, but we don't quite know what it will look like," said Jose Nazario, manager of security research for Arbor Networks, a member of the "Conficker Cabal," an alliance trying to hunt down the worm's authors.

"With every move that they make, there's the potential to identify who they are, where they're located and what we can do about them," he added. "The real challenge right now is doing all that work around the world. That's not a technical challenge, but it is a logistical challenge."

Conficker's authors also have updated the worm so infected machines have new ways to talk to each other. They can share malicious commands rather than having to contact a hacked Web site for instructions.

That variation is important because it shows that even as security researchers have neutralised much of what the botnet might do, the worm's authors "didn't lose control of their botnet," said Michael La Pilla, manager of the malicious code operations team at VeriSign's iDefense division.

The Conficker outbreak illustrates the importance of keeping current with Internet security updates. Conficker moves from PC to PC by exploiting a vulnerability in Windows that Microsoft Corp. fixed in October. But many people haven't applied the patch or are running pirated copies of Windows that don't get the updates.

Unlike other internet threats that trick people into downloading a malicious program, Conficker is so good at spreading because it finds vulnerable PCs on its own and doesn't need human involvement to infect a machine.

Once inside, it does nasty things. The worm tries to crack administrators' passwords, disables security software, blocks access to antivirus vendors' websites to prevent updating, and opens the machines to further infections by Conficker's authors.

Someone whose machine is infected might have to reinstall the operating system.

AP

2009-03-29T23:06:00.000-07:00

Massive Chinese cyber hack revealed

Reports reveal over 1000 computers were hacked

Phil Muncaster
vnunet.com, 29 Mar 2009

Chinese PCs conducted the cyber espionage

Canadian researchers have revealed an extensive Chinese spying operation, which involved the hacking of over 1000 computers in 103 countries, according to reports in several leading newspapers today.

The new report from the Information Warfare Monitor, a group comprising researchers from Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies, was originally set up to investigate allegations of Chinese snooping on Tibetan exiles.

However, the research ended up uncovering a much larger scale operation, eventually taking ten months to complete.

According to a report in The Independent, the researchers uncovered a network involving 1,295 compromised computers from the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, and others, and embassies including India, South Korea, Indonesia, Germany and Pakistan.

Computers in the offices of the Dalai Lama in India, Brussels, London and New York, were also compromised.

The network, dubbed GhostNet, used malware to penetrate PCs, conduct covert monitoring and steal files, according to the reports. The malware could also switch on the audio and camera equipment sometimes built-in to PCs in order to monitor those in the same room as those computers, the reports said.

"This report serves as a wake-up call... these are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly,” the researchers are quoted as saying in The Guardian.

Althought GhostNet is thought to have been controlled from Chinese PCs, the researchers were not able to make any firm link to Chinese government agencies. The team has now notified law enforcement agencies, including the FBI, according to reports.

CA cuts one third of its Melbourne developers

2009-03-25T16:10:00.000-07:00

By Brett Winterford
25 March 2009

International software vendor CA will make just under one third of its Australian R&D staff redundant as a result of recent acquistions.

Some 31 of the 103 security experts at its Melbourne R&D Lab will be offered alternative positions, outplacement services or severance packages.

CA's Melbourne research and development lab has been responsible for the development of several IAM (Identity and Access Management) solutions including CA Identity Manager and CA Directory, core components of the vendor's IAM portfolio.

The Melbourne Lab has developed new technologies for CA that are patented on a global basis.

CA says the 31 developers are no longer required due to three new acquisitions.

CA acquired ID Focus in October 2008, Eurikify in November 2008 and Orchestria in January 2009.

A spokesperson for CA said these acquisitions created some duplicate roles within the vendor's global R&D operations.

The spokesperson said the Melbourne development labs will continue to develop CA's IAM solutions after the restructure.

Kaspersky failed to protect their own website from hackers

2009-02-08T19:37:00.000-08:00

Full article: Link

Kaspersky is one of the leading companies in the security and antivirus
market. It seems as though they are not able to secure their own data
bases.
Seems incredible but unfortunately, its true.
Alter one of
the parameters and you have access to EVERYTHING: users, activation codes, lists
of bugs, admins, shop, etc.

Why RFID is not suitable for ID card/Passport?

2009-02-08T19:31:00.000-08:00

Here is why.

Hackers clone passports in drive-by RFID heist
By Iain Thomson 4 February 2009

A British hacker has shown how easy it is to clone US passport cards that use
RFID by conducting a drive-by test on the streets of San Francisco.
Chris
Paget, director of research and development at Seattle-based IOActive, used a
US$250 Motorola RFID reader and an antenna mounted in a car’s side window and
drove for 20 minutes around San Francisco, with a colleague videoing the
demonstration.
During the demonstration he picked up the details of two US
passport cards, which are fitted with RFID chips and can be used instead of
traditional passports for travel to Canada, Mexico and the Caribbean.
“I
personally believe that RFID is very unsuitable for tagging people,” he
said.
“I don’t believe we should have any kind of identity document with RFID
tags in them. My ultimate goal here would be, my dream for this research, would
be to see the entire Western Hemisphere Travel Initiative be scrapped.”
Using
the data gleaned it would be relatively simple to make cloned passport cards he
said. Real passport cards also support a ‘kill code’ (which can wipe the card’s
data) and a ‘lock code’ that prevents the tag’s data being changed.
However
he believes these are not currently being used and even if they were the radio
interrogation is done in plain text so is relatively easy for a hacker to
collect and analyse.
The ease with which the passport cards were picked up is
even more worrying considering that less than a million have been issued to
date.
Paget is a renowned ‘white hat’ ethical hacker and has made the study
of the security failings of RFID something of a speciality.
In 2007 he was
due to present a paper on the security failings of RFID at the Black Hat
security conference in Washington but was forced to abandon the plans after an
RFID company threatened him with legal action.
He points out that RFID tags
are increasingly being used in physical security systems such as building access
cards and the technology needs significant security adding before it could be
considered safe for commercial use.

Another big updates from Microsoft

2008-12-11T19:41:00.000-08:00

Microsoft issues mammoth security update, biggest in five years
Fixes 28 flaws in Windows, Office, IE, ActiveX development tools and more

By Gregg Keizer
December 9, 2008 (Article from: Computerworld)

Microsoft Corp. today patched 28 vulnerabilities, nearly all of them marked "critical," in the biggest batch of fixes it has issued since it switched to a regular monthly update schedule more than five years ago.

Of the 28 bugs quashed today, Microsoft ranked 23 of them critical, the top rating in its four-step scoring system. Of the five others, three were judged to be "important," the next step down, and two were pegged as "moderate." The patches were issued in eight updates for Windows, Internet Explorer, Office, SharePoint, Windows Media, and the company's most popular development tools, Visual Basic and Visual Studio.

Researchers agreed that one of the Windows updates should be tops on everyone's to-do list. "There are a few that will stick out for a lot of people," said Andrew Storms, director of security operations at nCircle Network Security Inc. "The GDI is one."

MS08-071, which contains two separate vulnerabilities, both critical, updates the Graphics Device Interface (GDI), the core graphics rendering component of Windows. GDI has been repeatedly patched by Microsoft, most recently in September.

"This looks very similar to MS08-021," said Storms, referring to an April update that patched two other GDI bugs. Like that earlier fix, as well as the one in September, hackers could exploit the vulnerabilities by duping users into opening or viewing malicious Windows Metafile (WMF) images.

"[MS08-071] is something similar to what we saw with WMF files once before this year, and once last year, too," said Amol Sarwate, manager of Qualys Inc.'s vulnerability lab. "It's in the core kernel, it's always there, it's in all versions of Windows and the attack vector is pretty high." Like Storms, Sarwate put the update at the top of his list.

The long-running patch job on GDI will, said Storms, inevitably prompt some to ask whether Microsoft's vaunted Security Development Lifecycle (SDL) process, under which it scrutinizes code as its written for bugs, really works. "Is SDL functioning? I don't know," Storms admitted. "Without seeing the code analysis, it's difficult to presume it's not."

"Yes, I think that's a fair question," said Wolfgang Kandek, chief technology officer at Qualys. "But is it realistic to expect Microsoft to find everything? No, it's not."

Storms said the IE update, MS08-073, would be his next highest update priority, simply because of the number of vulnerabilities it fixes -- four, all critical -- and because of the dominance of Microsoft's browser. After that, it gets murkier. "GDI and IE are certainly top of the list, but beyond that it's a toss-up," he said. "It's going to be difficult for people in the trenches to understand what to go after the first and second."

Qualys' Sarwarte and Kandek, meanwhile, staked out MS08-070 as the second-most-interesting update among today's eight. "This is a far-reaching vulnerability," said Kandek, who noted that while end users won't be installing this update for Visual Basic, it can potentially affect anyone who browses the Internet with IE.

"Microsoft's telling developers that they need to update their development system and the Visual Basic runtimes, then notify users of the ActiveX controls that they've created," said Kandek, talking about the technology that provides IE with add-on functionality. "And again, all [hackers] have to do is just come up with a malicious Web site with vulnerable ActiveX controls."

The Visual Basic update patches a total of six bugs, all ranked critical.

Other bulletins include updates that patch Microsoft Word's file format (MS08-072, with a total of eight vulnerabilities), Microsoft Excel's file format (MS08-074, three vulnerabilities), Windows Media (MS08-076, two vulnerabilities), SharePoint (MS08-077, one bug) and Windows Search (MS08-075, which deals with two vulnerabilities).

Some caught the eye of researchers. "The reason why I'm expecting questions about whether SDL is working is because of MS08-076," said Storms, referring to the two-patch update for Windows Media. "Both those bugs are very similar to what we've seen before in other Microsoft products."

Eric Schultze, the chief technology officer at Shavlik Technologies LLC, agreed. "This is closely related to a security patch from last month -- MS08-068," said Schultze in an e-mail today. That bug, which Microsoft fixed in November, was in how the Server Message Block (SMB) protocol handled credentials when a user connected to an attacker's SMB server. At the time, Schultze and others claimed that the bug went back at least seven years.

"It's similar to the MS08-068 attack, but uses different communication mechanisms to log on to the computers," Schultze added. "Microsoft says that Windows Media Player doesn't play by the same rules as the operating system, and that's why this issue wasn't fixed in November. I'd get this one patched right away.

Storms, however, pointed to MS08-075, which patches Windows Search, the integrated desktop search function, in Windows Vista and Windows Server 2008. He found the update interesting, not so much because it only affects Microsoft's newest operating system, but because one of its two patches fixed a flaw in yet another protocol, this time "search-ms."

"There have been issues prior with protocol handlers in Windows," said Storms. "Why would Microsoft make it possible for a protocol handler to call my local file system? What's the validity of that?"

As Storms said, Microsoft has had to patch several protocol handler vulnerabilities in the last 13 months, starting with one in November 2007 in Windows XP and Server 2003 that the company argued for months was not its responsibility to fix.

This month's eight security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

This must be one of busiest month before the X-mas break.
I've notice my Vista computer wanting me to install around 8 updates last night.

More scary news before the X-mas from Antivirus vendors

2008-12-10T16:11:00.000-08:00

Computer threats becoming more sophisticated

By Computing staff
11 December 2008

The scale and sophistication of IT security threats increased at an unprecedented rate during 2008, according to a series of end-of-year research studies published last week.

Anti-virus vendor Kaspersky Lab said that 15 million new forms of malware will have been detected by the end of this year up from just two million in 2007.

IBM said data from its 3,700 managed security services customers worldwide showed that the number of security events rose from 1.8 billion to 2.5 billion per day over the past four months alone.

And security firm F-Secure said the level of malware detections trebled over the year to equal the total amount accumulated over the previous 21 years.

“It would be no surprise if the cyber-crime business [in 2008] was worth not less than US$100bn, said Kaspersky Lab chief executive Eugene Kaspersky. “Unfortunately, the anti-malware industry is in a panic. It has finally recognised that it needs to invest more in technology.”

Kaspersky estimated that there are “tens of thousands of people in the cyber-crime business”, and that security vendors are engaging in technical espionage and battling with each other to recruit the best engineers to keep up.

Mikko Hyppönen, chief research officer at F-Secure, said online crime is now more prevalent and more professional than ever before, and put the blame on the inability of national and international authorities to catch, prosecute and sentence computer criminals.

“The bottom line is that too few of the perpetrators of internet crime are either caught or punished,” he said. “If no action is taken it sends the message to these criminals that internet crime is an easy way to make a lot of money and they will never be caught or punished.”

Copyright © 2008 Computing

As expected from every year's end of the year reports by AV vendors, in another words it's expected numbers as number of computers are increasing as well as market competitions becoming difficult and these AV vendors are scared of financial meltdown may led to slow sale.
So this may help them to stay.

VMware: New VMware 3.0

2008-12-02T21:00:00.000-08:00

VMware View 3 enhances virtual desktops
By Daniel Robinson 3 December 2008

VMware has updated its virtual desktop product with enhancements that
make it easier to provision and manage virtual clients, and new capabilities
that support mobile workers on laptops.Released today, VMware View 3 is a
rebranding of the firm's Virtual Desktop Infrastructure (VDI) but with several
new features.
Key among these is View Composer, which can provision virtual
machines by combining a fixed master image with changeable user data stored
separately, dramatically cutting the storage required for virtual
clients.
The second key feature is Offline Desktop, which lets a worker
download their corporate virtual client onto a laptop and take it out of the
office.
Tommy Armstrong, VMware's senior marketing manager for enterprise
desktops, explained that the development is about broadening out virtual
desktops for customers looking at more strategic deployments.
"The number one
thing customers told us they need for virtual desktops is to bring down the
initial capital investment, for example in storage requirements," he
said.
View Composer addresses this by splitting each virtual client into the
operating system, applications and user data such as files and
settings.
"Firms can manage lots of clones linked back to a single master
image. Any commonality - Windows XP, service packs - is in that 'golden master'.
The deltas [differences], which contain anything unique, can be much smaller,"
Armstrong said.
This can reduce storage requirements by up to 90 per cent
compared with traditional virtual desktop deployments, VMware claimed, as well
as enabling centralised patching and backup of the virtual
clients.
Meanwhile, Offline Desktop enables firms to implement a virtual
desktop strategy even if they have roaming users or some workers connected via a
high latency connection. It combines VDI with another VMware product, ACE, that
lets firms distribute virtual machines with corporate policy mechanisms applied
to them.
"We're bringing these together so users can connect to their virtual
desktop over the network as usual, but if a user wants to run their virtual
machine locally they can 'check out' their desktop and run it on the local
machine," said Armstrong.
Users can check their desktop back in when they
reconnect to the network, or check in a backup, a delta file that just updates
the datacentre image with any changes.
This will also allow users to make use
of local resources for demanding applications, such as those that are
graphics-intensive, according to Armstrong.
"It's about being able to run
apps where it makes most sense, being able to move the virtual machine between
datacentre and the client itself, the access device, if necessary," he
said.
View Manager 3, VMware's connection broker (previously called Virtual
Desktop Manager) can now connect users to a Terminal Services session or to
physical PCs, such as blade workstations, as well as virtual clients.
Other
enhancements address the end-user experience with virtual printing support,
better USB redirection and improved multimedia handling.
Virtual printing
lets the user print to whichever printer is currently attached to their access
device, whatever or wherever that may be, according to VMware. USB redirection
now allows for a broader range of peripherals to be connected to the access
device and used with the virtual desktop.
With View 3, VMware has licensed
Wyse's TCX technology for better media handling. This recognises media files,
such as music and video, and sends them to the endpoint access device to be
played locally.
VMware View 3 currently supports only Windows, but Armstrong
strongly hinted at future Mac support, enabling users to check out their
Windows-based corporate virtual client to an Intel-based Mac laptop, for
example.
Copyright © 2008 vnunet.com

Great news for these virtual machine users.
Link: http://www.vmware.com/products/view/whatsincluded.html

Report: Symantec Report on the Underground Economy: November, 2008

2008-12-02T20:09:00.000-08:00

Secrets of the underground economy
By Kathryn Small 1 December 2008 01:11PM

In IRC channels and web-based forums, the underground economy is thriving, according to the latest year-long report by Symantec. Find out how much a botnet or a set of credit card details would cost you.

The ‘underground economy’ refers to commercial cybercrime activity – specifically, the purchase and sale of fraudulent goods and services. Items for sale might include sold credit card data, bank account credentials, email accounts, and other data.
Services might include cashiers who can transfer funds from stolen accounts into true currency, phishing and scam page hosting, and job advertisements for roles such as scam developers or phishing partners.

The value of the total advertised goods on underground economy servers during the twelve-month period was more than US$276 million.
Information is bought and sold on IRC channels and web forums. Sometimes sellers set up shop on legitimate servers, which makes it harder for police to shut them down.

The underground economy is highly diverse. “The top ten servers control the top 11 per cent of the revenue,” said Craig Scroggie, VP and MD of Symantec Asia Pacific.
Sixty-three (63) per cent of sellers were offering online credit as payment, using wire transfers, or funnelling money through online currencies such as Linden dollars or World of Warcraft gold.

Credit card information was the most highly prized data, accounting for 31 per cent of everything that was sold during the survey period. That included credit card numbers, credit cards with CVV2 numbers, and credit card dumps. It was also the most requested category, making up 24 per cent of all goods requested.

Credit card details might be as cheap as US$0.10 per card, ranging up to US$25, while credit cards with CVV2 numbers ranged from US$0.50 to US$12.
“The thing about credit cards is that it could cost you as little as 10 cents, but the average advertised stolen credit card limit observed by Symantec is more than US$4,000. So it’s an incredible return on investment,” said Scroggie.

“We calculated that the potential worth of all credit cards advertised during the reporting period was US$5.3 billion.”

Credit card information is popular because it’s easy to obtain and easy to use for fraud, explained Scroggie.

“Credit cards are easy to use for online shopping, and it’s often difficult for merchants or credit card providers to identify and address fraudulent transactions before fraudsters complete these transactions and receive their goods.”

Australia has a disproportionately high number of credit card transactions every year. Scroggie explained that in Australia there are 14 million credit cards in circulation, performing 1.4 billion transactions in the last year. By contrast, the UK is three times as large, but had less than 1.8 billion transactions.

“Australia’s always been an early and strong adopter of technology, and we’re an early adopter from a market stand-point. We have high credit card usage relative to other strong economies.”Next, fraudsters traded in financial accounts, at 20 per cent of the total. Stolen bank account information sells for between $10 and $1,000, but the average advertised stolen bank account balance is nearly $40,000. Symantec calculated that the total value of bank accounts advertised as US$1.7 billion.
The average price of a botnet was $25, while the price of phishing scam hosting, keystroke loggers or screen scrapers was $10.

Desktop computer games made up 49 per cent of pirated software, which Scroggie said directly correlated to retail sales in the legitimate market. Following that was commercial software suites such as Adobe’s Creative Suite. “There was a large number of pirated games but the average retail price of games is low – around $50. So there’s a large amount of piracy, but not a large amount of money.”
The underground economy is spread out across the world, ranging from loose collections of individuals to organised and sophisticated groups. North America hosted the largest number of servers, with 45 per cent of the total; Europe/Middle East/Africa hosted 38 per cent; Asia/Pacific with 12 per cent; and Latin America with 5 per cent.

The report noted that the geographical locations of underground economy servers are constantly changing to evade detection.
Scroggie said businesses and individuals could take simple steps to protecting themselves from online fraud.

“They can protect themselves by ensuring they have messaging filtering, a defensive depth strategy, multiple mutual overlapping or complementary software, such as anti-viral, anti-spyware, anti-malware and anti-phishing.
“You can buy a combination of these technologies from reputable security vendors.”

Symantec report page : Link
Actual download link for report: Here (PDF file)

Does Microsoft's free AV will put cloud over the current AV Industry?

2008-11-23T16:58:00.000-08:00

AVG Sees Uphill Battle for Microsoft in Its Launch of Free Anti-Virus Software

AVG Replies to Announcement of Competitor's Replication of Its Anti-Virus Software Offering

Last update: 9:22 a.m. EST Nov. 21, 2008
AMSTERDAM, Netherlands, Nov 21, 2008 /PRNewswire via COMTEX/ -- AVG, a global anti-virus and Internet security software provider with over 85 million users in 167 countries, today responded to Microsoft's announcement of a free anti-virus software product slated to appear in mid-2009.
AVG, which for eight years has offered free anti-virus software to users worldwide, noted the multiple challenges Microsoft faces in supporting a free anti-virus software product -- chief among them the enormous overhead costs it will incur for customer service and support issues, as well as for ongoing product management and upgrades.
Microsoft will also likely contend with a severe backlash from dissatisfied channel partners, whose margins and unit sales will be negatively impacted as a result of the free product offering, AVG believes.
"For over eight years, AVG has recognized and responded to the growing global threat of malware by offering a free and comprehensive tool to combat computer viruses, spyware, malware and online threats," said J.R. Smith, the company's CEO. "Microsoft is clearly following our lead, which will certainly help combat basic and less sophisticated threats. But the real threat in this scenario is to Microsoft's own profitability and channel partner relations."
AVG also highlighted the challenges facing Microsoft to keep pace with the growing proliferation of new and increasingly onerous online threats. Microsoft often relies on its monthly "patch Tuesday" updates to refresh its current anti-virus product, leaving computer users vulnerable to botnets and other malicious attacks. Importantly, the free Microsoft anti-virus software will have even less protective features than its current OneCare offering - further heightening computer users' vulnerability to fast-spreading viruses and other threats.
Statistics highlight the escalating problem. Computer infections from malware are increasing exponentially. AVG's in-house research team notes that 50,000 variants are being issued every day - further pointing up the need for real-time protection.
AVG's LinkScanner feature provides up-to-the-minute protection against the very latest threats. What's more, AVG's award-winning anti-virus products have long been recognized for providing maximum computer security and online protection with minimal resource strain.
From a global protection perspective, AVG has a strong presence in established and emerging markets. The company's strategic growth plan includes the introduction of several new native-language versions of its anti-virus programs in the coming weeks. Moreover, the company's worldwide user-support community -- with people and small businesses from 167 countries -- continues to grow as the industry's only truly "self-help" network.
"The exceptional ease of use and simplicity of AVG's products have long been a strong sell for the channel, providing more security strength and functionality at a much lower cost than Microsoft's anti-virus offerings," added Mr. Smith. "Given these tough economic times, our resellers appreciate the robust product margins we offer and the vitality of our end-user community to help drive future sales."

About AVG Technologies
AVG is a global security solutions leader protecting more than 85 million consumers and small business computer users in 167 countries from the ever-growing incidence of web threats, viruses, spam, cyber-scams and hackers on the Internet. Headquartered in Amsterdam, AVG has nearly two decades of experience in combating cyber crime and one of the most advanced laboratories for detecting, pre-empting and combating Web-borne threats from around the world. Its free online, downloadable software model allows entry-level users to gain basic anti-virus protection and then to easily and inexpensively upgrade to greater levels of safety and defense in both single and multi-user environments. Nearly 6,000 resellers, partners and distributors team with AVG globally including Amazon.com, CNET, Cisco, Ingram Micro, Play.com, Wal-Mart, and Yahoo!. More information is available at http://www.avg.com.
SOURCE AVG Technologies

http://www.avg.com

Just recently Microsoft announced that they will offer free AV for Windows users, and so does this mean everyone will use Microsoft's free Antivirus instead of paid Antivirus software?
The real question is why Microsoft is offering FREE AV? If Microsoft's AV was great Antivirus software would Microsoft give it away for FREE? Their Microsoft's Office is NOT FREE, because they know they can make profit. The bottom line is Microsoft's AV is simply not the worthy competitor in AV Industry.

Microsoft was trying to persuade Windows users to use their Antivirus program for years and failed miserably; very few customers out there will use Microsoft's OneCare as its rated one of worse performing AV.

Even AVG's free AV don't detect much as some of the paid Antivirus like Norton, McAfee, Trend Micro, Kaspersky etc.. These free AV users out there are NOT using AVG free AV or free Microsoft's AV because they want to use it but rather they have to, they wants FREE AV and don't want to pay for it. Average computer users know that AVG or Microsoft's AV is not good as others that they can buy from computer shops or Internet.

Freebie users often don't pay for other software that they are using, therefore having freebie users as main market is No good for the software company.

I remember the free Antispyware companies like Adaware and Search & Destroy; both companies are now selling their software; and they are not doing well on their sale because their initial offerings were FREE base software. Once a free, then it will have to be remain as FREE otherwise average computer users will not use them again. Why would you pay for second graded software where you can get the best available software on the market for same price?

These freebie users will use other free softwares when free versions ceased, simply means freebie users will always wants freebies. Going from freebie to pay versions is not a good marketing strategy.

If you don't make any profit then you are out of the business is fundamental law of the business

Microsoft dumps OneCare

2008-11-19T15:14:00.000-08:00

Article: Microsoft scraps OneCare security suite

By Daniel Robinson
20 November 2008 06:10AM

Microsoft is to replace Windows Live OneCare with a free security service from the second half of 2009.
The company said that the replacement, codenamed Morro, will provide comprehensive protection from malware including viruses, spyware, rootkits and Trojans.

It will also be less demanding on system resources, making it suitable for low bandwidth connections or less powerful PCs.

Morro will be available as a download for users running XP, Vista and Windows 7. OneCare will continue to be available through retail for XP and Vista until 30 June 2009, and will be gradually phased out when Morro becomes available.

At the time of writing, Microsoft had not responded to inquiries regarding the reasons for dropping OneCare. Some commentators have speculated that the service has not been doing as well as the company had hoped, while others believe that Microsoft is trying to get a foothold in emerging markets.

"This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware," said Amy Barzdukas, senior director of product management for online services at Microsoft.

Other security vendors appeared unfazed by Microsoft's announcement, at least publicly.

AVG sees the move as a positive step in the anti-malware landscape, according to head of global communications Siobhan McDermott, who said that AVG did not feel threatened by Microsoft's entering the market.

"Our free product competes with most paid-for products from other vendors. We see no need to change our product at this time, based on what Microsoft has announced so far," she said.

Symantec warned that Morro would probably offer less protection than currently provided by OneCare.

"The security business is fundamentally different from any other market Microsoft plays in, and consumers are encouraged to consider how they will protect themselves, their identities and their families online," said Tom Powledge, vice president of Symantec's consumer business.

McAfee was even more scathing, suggesting in a statement that Microsoft was effectively exiting the security market because OneCare had failed.

"Microsoft has given up. They have now defaulted to a dressed-down freeware product that does not meet consumers' security needs. With more malware attacks than ever before, consumers require a trusted advisor and expert in security like McAfee," it said.

Copyright © 2008 vnunet.com

OneCare security suit have been scoring one of lowest detections from various independent virus samples testers. And despite the effort from MS marketing team, OneCare wasn't selling well; may be this made the decision to dump the OneCare.

Joke: Man tries to pay bill with spider drawing

2008-11-18T19:53:00.000-08:00

Australian man, David Thorne tries to pay his over due bill with his spider drawing.
So funny! Read the email

Importance of QA in Antivirus Industry: Case 1 - False positive detection

2008-11-18T19:37:00.000-08:00

Just recently AVG offered infected customers with free one year license or update.
Read the article:

AVG offers infected users free year of service

By Emma Hughes
17 November 2008 07:06AM
Security

AVG announced yesterday that it would be offering a free year of service after its antivirus software got confused and misidentified a key Windows system file as malware.

The problem affected non-English versions of XP.

The security vendor identified earlier this week that user32.dll was coming up as a generic Trojan which caused a warning pop-up asking if the user wanted to delete it – unfortunately for those who say ‘yes’ they were stuck in an endless reboot cycle.

Once the floods of complaints began, AVG identified the mistake and began offering workarounds for affected users – which is fine if you’ve got someone else to look it up for you.

Yesterday however, AVG announced, "As a follow-up to the rapid distribution of recovery instructions and repair CDs, AVG Technologies is offering all affected users a free license or license extension as follows.”

This basically means a free year of AVG 8.0 service, or a free upgrade for AVG 7.5 users.

The upgrade also includes users of the free AVG antivirus service.

Once the company began apologising, it seemed to be unable to stop, "AVG Technologies apologises again for the inconvenience caused to our customers and wishes to assure our users worldwide that the company is actively putting new processes in place to avoid similar occurrences in the future.”

AVG has said that it will begin contacting affected customers beginning November 24 in order to give further instructions on this service.

Look how important is QA testing for false positive in AV Industry; not only AVG have lost revenue for little mistake, it also created unwanted media attraction.

Few years ago and only few months ago, Symantec had exactly same thing when Norton AV was deleting part of Windows. It's all fixed up and updated now, but if these companies have done proper scanning testing before the release of their anti virus definitions or database then this wouldn't happened.

False positive detection must be cleared before the release of the anti virus definition/database, if only AV companies properly implemented QA testing lab to perform FP detection at least on popular operating systems like Windows XP/Vista then AV Industry won't spend their time & money on patching or fixing their mistakes.

Security giants propose new testing standard

2008-11-11T15:02:00.000-08:00

By Shaun Nichols 12 November 2008

A group of leading security firms has proposed a new standardised system for testing security software.Symantec, McAfee, F-Secure and Kaspersky are among the names that have pledged support for the project, which boasts more than 40 security vendors and media groups as part of the Anti-Malware Testing Standards Organisation.

The new system would provide guidelines as to how a test should be conducted, including the types of malware used, method of analysis and accurate support for a conclusion.
The guidelines will also outline procedures for studying and disclosing new malware samples.
Security vendors and experts have long called for an updated standard for testing.

Current security tests, such as the Virus Bulletin 100 system, have been criticised for their procedures and what some say is an inability accurately to access certain types of anti-malware programs.
The new group hopes that its outlines will allow security firms and independent testing groups to research the effectiveness of anti-malware solutions with better accuracy and a built-in neutrality.

"While there have been many great security software reviews in the past, many poor reviews have confused or misled people," said McAfee senior vice president Jeff Green.
"This is a significant milestone that should skew the balance towards fair and scientific testing, providing users with a true viewpoint on the security protection vendors provide."

Copyright © 2008 vnunet.com

Symantec adds Messagelabs to Christmas shopping basket

2008-10-30T22:29:00.000-07:00

Symantec to acquire MessageLabs, bolster SaaS
by David M Williams Thursday, 09 October 2008

Symantec Corporation, producer of the popular Symantec Anti-Virus corporate suite and of the less-than-popular Norton consumer product, has today announced its intention to acquire global e-mail-filtering company MessageLabs. The move signals Symantec's growth as a provider of SaaS. Symantec has been on the acquisition trail for several years with other notable purchases being Veritas - of backup fame - and Altiris - known for their enterprise network management and help-desk suite.
MessageLabs differs from the products Symantec is best known for due to its Software as a Service (SaaS) model. That is, MessageLabs requires no infrastructure or maintenance within your network save to redirect your incoming mail to hit their servers, not your own.
The MessageLabs machinery scrubs and cleans your inbound e-mail stream, delivering a spam- and virus-free feed to your corporate mail server.
MessageLabs report their customers include major financial institutions and legal firms as well as governments.
Additional MessageLabs services include a web proxy element and e-mail archiving.
In one sense MessageLabs was a competitor to Symantec's existing mail security product. Yet, the acquisition appears little to do with shutting down a competitor and more about bolstering Symantec's overall presence in the growing cloud space.
The CEO of MessageLabs, Adrian Chamberlain, said the interest by Symantec proved MessageLab's SaaS model worked and that the company was a leader in its field.
Chamberlain stated at the close of the acquisition Symantec would launch a new SaaS arm which combined MessageLabs and the existing Symantec solutions for online storage, online backup and remote access. This new arm will be lead by the MessageLabs management team thus giving their division a stronger product from day one.
The purchase price will be $USD 695 million but at this time the expected completion date has not been advised, no doubt with due diligence still in progress.

Messagelabs Link

Symantec is expanding is's business but downsizing its workforce.

Seeing Tough Times Ahead, Symantec Plans Layoffs
Robert McMillan, IDG News ServiceThursday, October 30, 2008 6:10 PM PDT

Anticipating a slowdown in IT spending, Symantec expects to begin laying off employees next month.
Symantec isn't saying exactly how many jobs it will cut, but on Wednesday Chief Financial Officer James Beer said that the company is looking to trim about 4.5 percent of the cost of its workforce. Separately, Symantec is also outsourcing some of the work done by its IT and finance departments, he said during a conference call with financial analysts.
Symantec has not yet determined how many cuts it will make to its workforce of 17,800 employees, but the layoffs will affect staff in all regions, said Cris Paden, a company spokesman. "We'll be notifying employees next month," he said.
On Nov. 1, Hewlett-Packard's EDS division will start taking over some of the company's IT operations, and IT and finance employees will be moved off the company payroll over the next 12 months, Paden said. Those reductions have been planned for months, and are separate from the cuts announced Wednesday.
Symantec's stock [SYMC] dropped nearly 18 percent Thursday on the company's sober economic outlook and its reduced earnings expectations.
Starting in the last weeks of September, Symantec saw some "hesitation from some of our customers when it came to finalizing commitments," Beer said in an interview.
"We did see some pulling back," he added. "It was an effect that we saw in different parts of our customer base around the world."

Human error and hardware theft are the two main causes of data breaches

2008-10-21T16:32:00.000-07:00

Data breaches caused by human error, hardware theft

By Kathryn Small
21 October 2008 05:00PM
Human error and hardware theft are the two main causes of data breaches, according to Symantec’s recent survey into Data Loss Prevention.
The global security, storage and systems management company surveyed 156 Australian companies with 100 or more employees. Results were sent in from IT managers and C-level executives. The majority of respondents represented businesses with a financial turnover of $10-$500 million.

The survey’s headline result is that 79 per cent of respondents have experienced some form of data breach, and 40 per cent have experienced anywhere from six to 20 known data breaches in the past five years.

Further, 59 per cent of respondents suspect that they have experienced undetected data breaches, with many considering it “impossible” to catch every attempted breach.

Respondents lost different kinds of data, including customer records (55 per cent); employee records (48 per cent); intellectual property (43 per cent); commercially sensitive information (35 per cent); bank and credit card details (21 per cent) and financial information (20 per cent).

Lost or stolen laptops were the top cause of data breaches, at 45 per cent. “Respondents estimated that the average cost of a data breach was the same as replacing a lost laptop,” said Steve Martin, Mid Market Manager Pacific. “But I believe that’s too low, since it doesn’t take into account the potential value of the data.”

Lost mobile phones or portable devices also weighed in at 30 per cent. “A phone is the easiest thing to lose, and the easiest thing to steal,” said Martin. “Whenever I ask groups if they have email access on their phones, and whether their phone is password protected, the second number is always very low.”

The other key cause of data breaches was accidental human error (42 per cent). Craig Scroggie, VP and MD Pacific, cited the case of a restaurant which accidentally emailed 3,500 customers a copy of their client database, containing names, addresses and dates of birth.

Malicious attacks included hacked systems (29 per cent), malicious insiders (28 per cent), paper records being smuggled out of an organisation (26 per cent) and malicious code infiltrating systems (24 per cent).

“Today’s organisations have no walls and information can be anywhere, so securing the perimeter is no longer adequate. Additionally, many organisations believe that confidential information is most at risk from malicious acts when employees are mobile and not connected to the corporate network,” said Scroggie.

Among intentional security breaches of company secrets or intellectual property, 77 per cent said that data was copied to removable storage devices, and 51 per cent said that printed paper records were removed from the premises.

Other methods of moving stolen data included email or instant messaging (41 per cent), posting to public websites (26 per cent) and copying or photographing confidential data onto mobile phones or PDAs (21 per cent).

Scroggie emphasised that Data Loss Prevention required a holistic approach to protect customers, brands and intellectual property.

“We can stop these problems today,” said Scroggie. “We have the ability to discover, monitor and protect confidential data.”

PC Tools to be poor man's Norton

2008-10-07T22:09:00.000-07:00

Liam Tung, ZDNet.com.au
28 August 2008 04:16 PM

Computer security giant Symantec said it would not integrate the software of recent acquisition PC Tools into its mainstream Norton suite, instead using the products as its low-cost option for countries such as India and China.
"The goal right now is to look at emerging markets. We'd like to see PC Tools take emerging markets — countries like Brazil, Russia, India, China," said Symantec's VP of consumer engineering, Rowan Trollope.
"They have been very successful at selling to a very specific segment of the market place that is more interested in lower price solutions."
The Australian security vendor is reported to have cost Symantec AU$300 million, and according to Trollope, gives it an avenue to target these countries without needing to drop its prices for Norton.
Asia Pacific is Symantec's fastest growing region, however, it generates the least revenue of its global operations, netting the company US$231 million, or about 14 per cent, of its total revenues for Symantec's first quarter 2009 earnings.
"I think price is an important component of the offering you bring to an emerging market. Some require lower prices, some accept higher prices, but with India and China in particular, you have to go in with lower prices," the executive told ZDNet.com.au.
While Norton Antivirus 2008 costs AU$59.00, and its Internet Security suite costs AU$99.00, PC Tools' equivalents respectively cost AU$49.95 and AU$79.95.
At the time of the acquisition, technology analysts at Gartner and Intelligent Business Research Services struggled to explain why Symantec would buy PC Tools, which had similar products to its own and added just 200 staff to Symantec's ranks of 17,000.
Trollope said that PC Tools did offer it some new technologies. Registry Mechanic, PC Tools Utility Suite, Threat Fire, and Browser Defender are considered "complementary" to Symantec's products.
While Symantec planned to run PC Tools as a "completely independent company", he said some products would be assessed for overlaps with Symantec's existing products.
"[PC Tools] have Spyware Doctor and they've got some other products that are similar to our products where we will be certainly interested in looking at how do they overlap and who provides which service," he said.
Trollope declined to confirm whether it had paid AU$300 million for PC Tools.

----------------------------------

Symantec have acquired PC Tools because of Threatfire engine (formerly Cyberhawk, Zero-day behavior based anti-malware) and ThreatExpert (PC Tools's sandbox automation tool for threat analysis).

Furthermore, because AV market is increasingly becoming competitive and narrower, it’s very important to acquired competitors to stay competitive in the market place.
Both Symantec, McAfee and Trend Micro have been acquiring third party anti-malware and security product vendors in order to acquire newly developed technology or destroy possible competitors, it’s usual Art of War strategy in ever competitive business world.

Single Trojan accounts for 60 per cent of September attacks

2008-10-06T15:48:00.001-07:00

By Lain Thomson 1 October 2008

A single family of Trojans has accounted for over 60 per cent of malware infections in September, according to Fortinet. The RogueSecurity Trojan and its variants accounted for 61.5 per cent of all malware attacks in September the company claims. The Trojan and its varients took the top four positions of the company’s malware list.“Not since the start of this year when the notorious Storm virus made a continuous run of devastating attacks has any comparison been seen with this level of activity,” said the company.“However where the Rogue security applications excel is the accumulated volume: maintaining these extreme levels of activity for at least six days, not to mention the other variants. “The bulk of malware activity occurred in the second and third week of the month, with the W32/Inject.GZW!tr.bdr Trojan peaking at nearly two million in the middle of the month.

Virustotal report from two samples:

Sample 1 Sample 2

This is usual Fakealert trojan that have capability to inject it's own dll process to any executable (PE) files that alerts users being danger of "new bogus" infection or actually telling user that their PC is compromised and buy their Anti-virus or Anti-Spy product.

Symantec acquires Sydney's PC Tools

2008-08-19T00:58:00.000-07:00

Symantec acquires PC Tools

Mahesh Sharma | August 19, 2008

SYMANTEC has bolstered its consumer product portfolio with the acquisition of Australian security software developer PC Tools.

The value of the deal wasn’t disclosed. It is expected to be finalised by the end of the year.

PC Tools is headquartered in Sydney, with offices in US, Britain, Ireland and Ukraine. Symantec said the acquisition expands its reach in emerging regional markets.

PC Tools has over 200 staff globally and will remain a separate entity in the security giant’s consumer business.

Chief executive Simon Clausen will report to Symantec’s group president of consumer products, Janice Chaffin.

Symantec will not rebrand PC Tools’ products and will maintain existing partners and channels.

While there is significant overlap with Symantec’s security offerings, PC Tools also has a range of PC utility products to maintain, repair and optimise Windows operating environments.

PC Tools also recently released anti-virus software to protect the Mac OS X operating system.

Vista Service Pack 1 isn't actually SP1

2008-08-05T05:30:00.000-07:00

Microsoft Alerts Users about Vista SP1 Bug

It appears that Microsoft's woes with Vista aren't quite over yet. According to the company's official Windows Vista blog, a bug in the SP1 update is the latest in a mounting load of blunders.

A number of users reported problems resulting from the service pack prerequisite KB937287. After receiving reports of the error, Nick White, Microsoft's Product Manager, quickly responded by notifying customers that a decision has been made to "temporarily suspend automatic distribution of the update to avoid further customer impact while we investigate possible causes." Microsoft says that only a small number of users has been effected and that the company is presently working to crack the problem and put the update back online as soon as possible.

Also, if your Vista PC have installed SP1, makesure you have done all the critical Windows Updates upto late June's update. Apparently there are two major critical updates relating to Windows stability and performance issues.

Trend, Sophos and McAfee flunk Vista SP1 anti-virus tests

2008-04-08T04:57:00.000-07:00

Trend, Sophos and McAfee flunk Vista SP1 anti-virus tests
That would be a FAIL, then
By John Leyden â†’ More by this author
Published Thursday 3rd April 2008 16:52Â GMT
Article from: http://www.theregister.co.uk/2008/04/03/vista_sp1_av_tests/

Top tier anti-virus vendors including McAfee, Trend Micro, and Sophos all failed to secure Windows Vista SP1 in recent independent tests.
Virus Bulletin, the independent security certification body, said 17 of 37 anti-virus products tested failed to reach the VB100 certification standard. McAfee VirusScan, Trend Micro Internet Security and Sophos Anti-Virus overlooked threats known to be in circulation. Other vendors whose products failed to make the grade included Alwil, BitDefender, Norman, PC Tools, and VirusBuster.
Some of the ignored threats - largely polymorphic file infectors - have been in circulation for months. "It is disappointing to see so many products tripping up over threats that are not even new - computer users should be getting a better service from their anti-virus vendors than this," Virus Bulletin technical consultant John Hawes said.
Products from Symantec, Microsoft (which has problems in the past in previous VB100 tests), AVG, and Kaspersky Lab all passed.
Although still lagging behind Windows XP, Vista is likely to see more widespread use with the introduction of its first service pack, making it more important for anti-virus vendors to deliver dependable protection for the platform. Vista SP1 came out in mid March.
Virus Bulletin's VB100 tests pit each anti-virus product against a set of viruses from the WildList, a publicly available up-to-date list of viruses known to be circulating. To earn VB100 certification, products must be able to detect all the viruses contained in the WildList test set without generating false alarms when scanning a set of clean files.
Unlike other certification schemes, Virus Bulletin tests all products free of charge and does not allow re-testing. Virus Bulletin's comparative reviews also cover detection rates against a selection of zoo viruses (those not seen outside the laboratory), scanning speeds, and computational overheads.
Test results are here (free registration required). ®

Top Spam Botnets Exposed

2008-04-08T04:50:00.000-07:00

SrizbiEstimated # of bots: 315,000Alternate names: Cbeplay, ExchangerSMTP engine: Template-basedTotal botnet spam-sending capacity: 60 billion spams/dayControl: encrypted, UDP and TCP ports 4099Rootkit-enabled: YesIdentifying strings: \SystemRoot\Minidump\%s, Udp6, Tcp6, MachineNumNotes: With the combination of stealth and an efficient SMTP engine, Srizbi is a highly capable botnetspamming machine. However, Srizbi is not a monolithic botnet - it is split between several customers ofReactor Mailer, with over a dozen control servers. Because of this, a wide variety of spam can be seencoming from Srizbi at any given time. In addition, Srizbi is one of the most active botnets attempting toseed new infections by advertising links to porn-related video files of different celebrities, which areactually new copies of Srizbi.
Srizbi has emerged over the past year as the distributed part of the long-established Reactor Mailerweb-based spam tool. Reactor may have used proxy servers in the past, but at some point a re-write of thesoftware was commissioned by the head of the company, known only as “spm”. The author who did there-write of the backend is a contract programmer living in Smila, Ukraine. It is unclear as to whether ornot he wrote the Srizbi trojan also, but it is a likely possibility.
BobaxEstimated # of bots: 185,000Alternate names: Bobic, Oderoor, Cotmonger, Hacktool.Spammer, KrakenSMTP engine: Template-basedTotal botnet spam-sending capacity: 9 billion spams/dayControl: encrypted, TCP port 447Rootkit-enabled: NoIdentifying strings: cCdipsuxX%, w:\projects\b3\release\core.pdbNotes: Despite reports of its demise, Bobax continues to be a strong player in the spam arena. At onetime, Bobax was solidly in the business of sending mortgage spam, but lately has been seen mailing lowinterestloan spam.
RustockEstimated # of bots: 150,000Alternate names: RKRustok, CostratSMTP engine: Template-basedTotal botnet spam-sending capacity: 30 billion spams/dayControl: HTTP with encryption, TCP port 80Rootkit-enabled: YesIdentifying strings: tmpcode.bin, unluckystrings, filesnamesNotes: Although Rustock started out in the stock spam business, it has branched out, and can currently beseen sending out pharmaceutical spam.
CutwailEstimated # of bots: 125,000Alternate names: Pandex, Mutant (related to: Wigon, Pushdo)SMTP engine: Template-basedTotal botnet spam-sending capacity: 16 billion spams/dayControl: HTTP with encryption, TCP port 4080Rootkit-enabled: YesIdentifying strings: Poshel-ka ti na hui drug averNotes: Cutwail is the most common spambot installed by the Pushdo malware installer system, but it'snot the only one. We've also seen Srizbi, Storm, Xorpix and Rustock installed on the same host togetherwith Pushdo and Cutwail.Canadian Pharmacy spam is one of the things we most commonly see withCutwail, but other types of spam are sent. Sometimes the botnet is used to send social-engineering emailsin order to seed more infected hosts with Cutwail.
StormEstimated # of bots: 85,000 (only 35,000 send email)Alternate names: Nuwar, Peacomm, ZhelatinSMTP engine: Template-basedTotal botnet spam-sending capacity: 3 billion spams/dayControl: HTTP on random ports with base64/zlib encoding, P2P-based server directoryRootkit-enabled: YesIdentifying strings: [blacklist], [peers]Notes: Although Storm has been rumored to be quite large in the past, it has dropped to a morereasonable size. In addition only Storm bots behind NAT firewalls actually send spam. This makes thecapacity of the spam-sending part of the Storm botnet smaller than most of the other lesser-knownbotnets. However, those other hosts don't go to waste, they are used as fast-flux HTTP and DNS hosts forthe spam system. Storm spent a lot of time sending pump-and-dump stock spam in the past, butoccasionally will send pharmaceutical spam and job-offer (phishing mule) emails. When it's notspamming, Storm is sending links to fake greeting card sites which use browser exploits and socialengineeringto infect more users with Storm.
GrumEstimated # of bots: 50,000Alternate names: None known, except for generic/misassignedSMTP engine: Template-basedTotal botnet spam-sending capacity: 2 billion spams/dayControl: HTTP on TCP port 80Rootkit-enabled: YesIdentifying strings: Hi all, Already start, $TO_HEXMAIL, /spm/s_alive, /spm/s_tasksNotes: Although little-known, Grum has accumulated a seizable botnet over the past year by sendingspam with supposed porn URLs which actually point to browser exploiting pages. This botnet usuallysends URLs hidden in non-related HTML, so it may be the botnet referred to by anti-spam vendorMarshal as “HTML”. Ultimately the links lead to Canadian Pharmacy sites.
OneWordSubEstimated # of bots: 40,000Alternate names: UnknownSMTP engine: Template-basedTotal botnet spam-sending capacity: UnknownControl: UnknownRootkit-enabled: UnknownIdentifying strings: UnknownNotes: Although we see a significant amount of spam emanating from this botnet, as of yet the malwarebehind it has yet to be identified. Due to the format of the spam it is sending, we believe this is the samebotnet which anti-spam vendor Marshal refers to as "One Word Sub". This botnet has been seen sendingCanadian Pharmacy spam.
OzdokEstimated # of bots: 35,000Alternate names: Mega-DSMTP engine: Template-basedTotal botnet spam-sending capacity: 10 billion spams/dayControl: encrypted, TCP port 443Rootkit-enabled: NoIdentifying strings: KILL_LAZZY_ON_CONNECT, KILL_LAZZY_MXNotes: Although Ozdok has a relatively small set of bots compared to some of the other botnets listedhere, it is quite capable of pumping out a generous amount of spam, most of it related to enlargementproducts, but designer knock-offs and other spam are frequently seen.
NucryptEstimated # of bots: 20,000Alternate names: Loosky, LockskySMTP engine: Template-basedTotal botnet spam-sending capacity: 5 billion spams/dayControl: HTTP with encryption, TCP port 3133Rootkit-enabled: YesIdentifying strings: 1f34ff45, taskmon.sys, /synctl/updNotes: Relatively small yet capable botnet - may have been evolving for a few years. Last seen sendingCanadian Pharmacy spam.
WoplaEstimated # of bots: 20,000Alternate names: Pokier, SloggerSMTP engine: Template-basedControl: encrypted, TCP port 8080Total botnet spam-sending capacity: 600 million spams/dayRootkit-enabled: YesIdentifying strings: %sxtempx.xxx, %.250s.lzo, ctxlsp.dll, psrip.dat, mailgrab_emails.dat, OEMSO2000Notes: Wopla is frequently installed by drive-by exploits in the same way as Srizbi, Rustock and Cutwail,although it doesn't appear to have been spread as widely. An interesting feature – Wopla can send spamdirect-to-MX or by logging into at least one public webmail service. Bots which send spam throughwebmail providers will probably continue to increase in number, since the spam can evade IP-basedblocklisting, and must rely solely on content-detection (or fingerprinting/anomaly detection at thewebmail provider). Wopla seems to be primarily dedicated to porn spam.
SpamthruEstimated # of bots: 12,000Alternate names: Spam-DComServ, Covesmer, XmilerSMTP engine: Template-basedTotal botnet spam-sending capacity: 350 million spams/dayControl: encrypted, multiple TCP portsRootkit-enabled: NoIdentifying strings: hs5p, XSMTPXNotes: Another botnet which cut its teeth mailing stock spam in 2006 and 2007, nowadays can be seensending pharmaceutical spam.
Other SpambotsIn addition to these bots, there are several other template-based spam botnets, and still many more proxybasedbotnets. Creating network-based fingerprints for proxy botnets is much more difficult, becauseultimately you are fingerprinting the mailer engine, not the bot itself. In the case where the same spamtool might utilize multiple proxy botnets, it would greatly skew the results.One template-based botnet (Warezov/Stration/Opnis) that was a major player six months ago hascompletely dropped off of the radar. Warezov was known for sending Chinese pump-and-dump stockspam. Perhaps it is no coincidence that in the same time frame that we stopped seeing Warezovspam/malware, the notorious spam kingpin Alan Ralsky was arrested and charged (among other things)with sending pump-and-dump stock spam for Chinese companies.

Article: A walk on the dark side

2007-08-30T23:01:00.000-07:00

Found interesting article on one of the world's worse company that caters crackers and spammers.
Article link from: economist.com
=============================================

A walk on the dark side

Aug 30th 2007
From Economist.com

These badhats may have bought your bank account

ACCORDING to VeriSign, one of the world’s largest internet security companies, RBN, an internet company based in Russia’s second city, St Petersburg, is “the baddest of the bad”. In a report seen by The Economist, VeriSign’s investigators unpick an extraordinary story of blatant cybercrime that implies high-level political backing.

In one sense, RBN (Russian Business Network) does not exist. It has no legal identity; it is not registered as a company; its senior figures are anonymous, known only by their nicknames. Its web sites are registered at anonymous addresses with dummy e-mails. It does not advertise for customers. Those who want to use its services contact it via internet messaging services and pay with anonymous electronic cash.

But the menace it poses certainly exists. “RBN is a for-hire service catering to large-scale criminal operations,” says the report. It hosts cybercriminals, ranging from spammers to phishers, bot-herders and all manner of other fraudsters and wrongdoers from the venal to the vicious. Just one big scam, called Rock Phish (where gullible internet users were tricked into entering personal financial information such as bank account details) made $150m last year, VeriSign estimates.

Plenty of other internet companies sail close to the wind—hosting unregulated online gambling for example. But according to a VeriSign investigator, “the difference is that RBN is solely criminal”. The pricing depends on the level of complaints. A discreet organisation pays little; one that attracts a lot of unwelcome attention, forcing RBN to take expensive countermeasures, has to pay more.

Despite the attention it is receiving from Western law enforcement agencies, RBN is not on the run. Its users are becoming more sophisticated, moving for example from simple phishing (using fake e-mails) to malware known as “trojans” that sit inside a victim’s computer collecting passwords and other sensitive information and sending them to their criminal masters.

A favourite trick is to by-pass the security settings of a victim's browser by means of an extra piece of content injected into a legitimate website. An unwary user enters his password or account number into what looks like the usual box on his log-in page, and within minutes a programme such as Corpse’s Nuclear Grabber, OrderGun and Haxdoor has passed it to a criminal who can empty his bank account. When VeriSign managed to hack into the RBN computer running the scam, it found accumulated data representing 30,000 such infections. “Every major trojan in the last year links to RBN” says a VeriSign sleuth.

RBN even fights back. In October 2006, the National Bank of Australia took active measures against Rock Phish, both directly and via a national anti-phishing group to which the bank’s security director belonged. RBN-based cybercriminals replied by crashing the bank’s home-page for three days.

What can be done? VeriSign has tracked down the physical location of RBN’s servers. But Western law enforcement officers have so far tried in vain to get their Russian counterparts to pursue the investigation vigorously. “RBN feel they are strongly politically protected. They pay a huge amount of people. They know they are being watched. They cover their tracks,” says VeriSign. The head of RBN goes under the internet alias “Flyman”; his uncle is thought to be a senior St Petersburg politician. Repeated e-mails to RBN’s purported contact addresses asking for comment have gone unanswered.

Companies can simply block access to any site registered at an RBN IP address. But that will not help most victims, such as those who receive infected e-mails. VeriSign says only strong political pressure on Russia will make the criminal justice system there deal with this glaring example of cyber-illegality.

Top 5 malwares

2007-08-26T17:39:00.000-07:00

Current HOT malwares:-

1. Virtumonde - This is well known mystery little sucker that gives users with Fake Alert and popups with rogue antispyware product advertisements like Winantispyware 2007, DriveCleaner etc.. informing users that their computer is not protected from bogus virus.

The big issue with this Virtumonde (aka; Vundo, FakeAlert, Conhooks) is very users have differnt sets of Virtumonde which means threats can change file names and it's content to avoid detection. I've heard Virtumonde can re-generates every hour into newer variants.

2. Adware.Agent variants - This is very similar to Virtumonde in behavior, this threat also causes popups informing users to buy some bogus programs to clean out computer problems.

3. Maxifies & PurityScan - Also causes popups, usually hijacks wedsite to some bogus sites like "Test your Internet Speed" or some "dating sites" - then when user clicks to continue to test speed of their Internet or to find cyber lovers - then user's computer will be hijacked and start downloading hips of malware on to their computers. I usually find them through many freebie sites such as downloading ringtone, screensavers, wallpapers, games and mp3s etc..

4. Trojan.Popuper - This threat disguise itself as video or audio codec, usually invites users to some porn or dating or free music/movie trailers sites then informing users that their Windows is missing some essential video codecs to display their videos, after user clicks to install codecs, their PC gets hijacked and displays hips of popups - some what similar to Virtumonde stuffs (and they usually are bundled with Adware.Agents as well).

[Myspace.com] had this ealier, which many hackers can setup bogus profile on myspace.com and invites users to be friend.

5. Free game trojan - This can be very risky as I have seen so many trojans that bundled with free games & screensaver, I had few MDT logs showing no sign of malware but had free Porn games or poker games. many users with repeat detection also suffers from their istalled programs that keeps re-inserting trojans on to user's computer after scan & fix. This sort of problem can't be fix completely without uninstalling risky games.

Hackers Can Now Deliver Viruses via Web Ads

2007-07-19T00:26:00.000-07:00

Want to know why you gets trojans by just visiting legitimate web sites? Well, this is how myspace.com, ebay.com, youtube.com, and many popular domain sites such as torrent sites are being hijacked to host tones of malwares.

Here is Wallstreet article on Tom's hardware case: Link

Antivirus firm gets graphical to fight malware

2007-07-09T00:33:00.001-07:00

Have you guys wonder how malware looks like from inside your computer. Well, F-Secure have developed 3D animation work that shows how malware infection works.

It's great, this may be the next data forensic tool.

See the vid from F-Secure site or from ZDnet Vid

The evolution of self-defense technologies in malware - Report! from Kaspersky

2007-07-03T21:54:00.000-07:00

Have you ever experience malware or trojans that won't get rid off or just simply don't even get detected by your Antivirus or Antispyware programs?

Here is good report on current & new emerging self-defence mechanisms in malware from Kaspersky explained in details.

Direct link

Analyzing (malicious) SWF file actions

2007-06-20T17:52:00.000-07:00

Here is interesting article about malicious SWF file (Flashplayer media file).
It's possible to create malicious SWF file and embedded into html code.

For info visit: Sans.org page

Top10 malware registry launchpoints

2007-06-20T17:39:00.000-07:00

You guys want to know most common places where Trojans & other nasties loves to live on your Windows OS?

More info please visit below link from F-Secure.
Link: Here

Browser war is on the way - New Safari 3 Browser for Windows

2007-06-20T17:30:00.000-07:00

Howdy, check out the new Safari Browser for Windows. This Apple's own browser were only available for mac users, now they have released beta version for Windows.

Link: http://www.apple.com/safari/

According to Apple, Safari 3 is faster than any browsers on Internet. Hmmm, I though K-Meleon browser was fastest & smallest browser.

K-Meleon browser can be download from: http://kmeleon.sourceforge.net/

Most popular browsers are: AOL, , Firefox, Internet Explorer, Opera, Netscape

Watch out for fake Winrar - they are Trojans

2007-06-20T17:24:00.000-07:00

If you guys want to download popular zip utility like Winrar then you should visit eaither download.com or actual vendor site http://www.rarlab.com/

Do not visit fake Winrar site called http://www.winrar(dot)com/

For more info visit Trend Micro's article: http://blog.trendmicro.com/a-winrar-lose-situation/

Zango was denied by US court

2007-06-20T17:11:00.000-07:00

Good news guys ! Zango was denied by US court early this month. I hope Zango learnt their lesson from this stupid lawsuite.

PC Tools wins fight against Zango
From: http://www.pctools.com/news/view/id/176/

Kaspersky wins fight against Zango
http://spamnotes.com/2007/06/06/zango-update--no-tro-against-kaspersky.aspx

Good news ! - Hurray! Robert Alan Soloway is arrested

2007-05-31T16:41:00.000-07:00

Good news for global Internet users, one of the worst email spammer is arrested.
Check out below articles:
http://www.solowaysucks.net/

More Info about him: Link

Watch this funny clips from Novel - PC, Mac... meet Linux

2007-05-30T18:05:00.000-07:00

Both PC and Mac is meeting Linux.
Direct lnk: Here

Pirates of the Carribean Trojan - has anyone seen this??

2007-05-30T18:02:00.000-07:00

Pirates Trojan keel-hauls surfers
Spam messages exploiting the publicity surrounding the release of the latest instalment of the Pirates of the Caribbean film franchise are being used to trick users into installing Trojan horse malware.
The junk mails feature a message that resembles promotional material for the film alongside links that supposedly point users towards trailers for Pirates of the Caribbean: At World’s End. Prospective marks are also offered the chance to win “free tickets”.
Users attempting to download this trailer are, in reality, only offered the Pirabbean-A ( Yar-A) Trojan.
The malware attempts to switch victims' dial-up connections onto a premium-rate number.
The Pirabbean-A Trojan uses a number of social engineering tricks in a bid to avoid detection.
When the Trojan is run, it shows an error message, claiming that the clip failed to load because a user's PC lacks the necessary codecs. Fans are pointed towards the film's official site. The tactic is an attempt to stop users from suspecting that something amiss may have happened to their machines, making it less likely that users will run an anti-virus check. To make doubly sure, the Trojan also attempts to disable anti-virus software.
The Trojan edits some Internet Explorer settings as well, adding two URLs to a user's Favorites. These maliciously constructed sites are designed to seed other forms of dialler software onto the PCs of prospective marks.
The attack is far from the first time that hackers have used interest in Hollywood's produce to punt their wares. Previous malware strains have posed as clips from Harry Potter movies or targeted fans of such favourites as Kill Bill and Star Wars.
Pirates of the Caribbean: At World’s End opened worldwide this weekend and is likely to do very well at the box office, despite the best efforts of critics such as the BBC Five Live's Mark Kermode. ®

New Windows problem with Windows Installer

2007-05-23T00:46:00.000-07:00

Did you guys had any problem with Windows lately?
Check out this info on Microsoft Security Advisory KB927891 - fix for Windows Installer (MSI) problems

Analyzing an obfuscated ANI exploit

2007-05-23T00:45:00.000-07:00

Check out this detailed work on ANI exploit from this link.

Adware.Zango sues PcTools's Spyware Doctor

2007-05-23T00:40:00.000-07:00

This is very interesting developing lawsuit against major Antispyware company.
Check out the story:Link

How can this Zango be legitimate media company? After all they actually installs bunch of Trojans automatically.

Check out new graphical spam

2007-05-14T05:39:00.000-07:00

I've received few spams today with graphical & refined spam.

Spams today are getting new looks.

Watch out for New threat! - USB Worm

2007-05-14T05:32:00.000-07:00

This new threat targets Firefox/Orkut/Youtube.
Check out the full description from:

Watch out for new variant of Trojan.PWSteal.BS or aka Trojan.Kardphisher

2007-05-06T23:39:00.000-07:00

There is new trojan that appears Windows Activation asking for credit card details, it's fake.More detailed info can be found from Symantec blog page.

Or look at Trojan.Kardphisher [Symantec]
or Trojan.PWSteal.BS [PCTools]

AntiSpy VS AntiSpy - AntiSpyware market news

2007-04-29T17:32:00.000-07:00

Article link: http://reviews.cnet.com/4520-3513_7-6729554-1.html

Found aternative tools for Antivirus protection.

2007-04-26T21:32:00.000-07:00

There are many alternative protection tools are available to purchase or try for free.
Go ahead try test driving some of them.
They all claimed to be non signature type of Antivirus tools, but what happens when malware can bypass them?

o Signacert
o Robotgenius
o Cyberhawk

For home user visit Cyberhawk.

Custom Packer ! Article "Packers, Packers, Packers for sale !"

2007-04-26T21:28:00.000-07:00

Has anyone noticed that some of the malware are packed with some weird packers?

For detailed information visit Websense link.

I wish I can obtain this packer.. ;)

Tale of 2 ANI attacks

2007-04-26T21:22:00.000-07:00

Check out the two very different continental ANI exploit from Websense.

Detailed explaination can be locate here.

Also see the map provided by Google on the report.

New approaches to malware detection coming into view

2007-04-26T17:39:00.000-07:00

The major AV vendors like Symantec, McAfee & TrendMicro is seeking new ways to detect Malware or viruses.
Detailed article can be found here.

JOKE! If Operating Systems Ran The Airlines...

2007-04-26T17:29:00.000-07:00

Different operating systems. Different styles. But what if the quirks and styles of the different operating systems were applied to AIRLINES? What if airlines ran things the way operating systems do? This humorous analogy, applying operating system philosophies as if they were airlines, is a long-standing much-circulated amusing story, and we'd credit the author if we knew who wrote it!

If Operating Systems Ran The Airlines...

UNIX Airways
Everyone brings one piece of the plane along when they come to the airport. They all go out on the runway and put the plane together piece by piece, arguing non-stop about what kind of plane they are supposed to be building.

Air DOS
Everybody pushes the airplane until it glides, then they jump on and let the plane coast until it hits the ground again. Then they push again, jump on again, and so on...

Mac Airlines
All the stewards, captains, baggage handlers, and ticket agents look and act exactly the same. Every time you ask questions about details, you are gently but firmly told that you don't need to know, don't want to know, and everything will be done for you without your ever having to know, so just shut up.

Windows Air
The terminal is pretty and colourful, with friendly stewards, easy baggage check and boarding, and a smooth take-off. After about 10 minutes in the air, the plane explodes with no warning whatsoever.

Windows NT Air
Just like Windows Air, but costs more, uses much bigger planes, and takes out all the other aircraft within a 40-mile radius when it explodes.

Windows XP Air
You turn up at the airport,which is under contract to only allow XP Air planes. All the aircraft are identical, brightly coloured and three times as big as they need to be. The signs are huge and all point the same way. Whichever way you go, someone pops up dressed in a cloak and pointed hat insisting you follow him. Your luggage and clothes are taken off you and replaced with an XP Air suit and suitcase identical to everyone around you as this is included in the exorbitant ticket cost. The aircraft will not take off until you have signed a contract. The inflight entertainment promised turns out to be the same Mickey Mouse cartoon repeated over and over again. You have to phone your travel agent before you can have a meal or drink. You are searched regularly throughout the flight. If you go to the toilet twice or more you get charged for a new ticket. No matter what destination you booked you will always end up crash landing at Whistler in Canada.

OSX Air
You enter a white terminal, and all you can see is a woman sitting in the corner behind a white desk, you walk up to get your ticket. She smiles and says "Welcome to OS X Air, please allow us to take your picture", at which point a camera in the wall you didn't notice before takes your picture. "Thank you, here is your ticket" You are handed a minimalistic ticket with your picture at the top, it already has all of your information. A door opens to your right and you walk through. You enter a wide open space with one seat in the middle, you sit, listen to music and watch movies until the end of the flight. You never see any of the other passengers. You land, get off, and you say to yourself "wow, that was really nice, but I feel like something was missing"

Windows Vista Airlines
You enter a good looking terminal with the largest planes you have ever seen. Every 10 feet a security officer appears and asks you if you are "sure" you want to continue walking to your plane and if you would like to cancel. Not sure what cancel would do, you continue walking and ask the agent at the desk why the planes are so big. After the security officer making sure you want to ask the question and you want to hear the answer, the agent replies that they are bigger because it makes customers feel better, but the planes are designed to fly twice as slow. Adding the size helped achieve the slow fly goal.Once on the plane, every passenger has to be asked individually by the flight attendants if they are sure they want to take this flight. Then it is company policy that the captain asks the passengers collectively the same thing. After answering yes to so many questions, you are punched in the face by some stranger who when he asked "Are you sure you want me to punch you in the face? Cancel or Allow?" you instinctively say "Allow".After takeoff, the pilots realize that the landing gear driver wasn't updated to work with the new plane. Therefore it is always stuck in the down position. This forces the plane to fly even slower, but the pilots are used to it and continue to fly the planes, hoping that soon the landing gear manufacturer will give out a landing gear driver update.You arrive at your destination wishing you had used your reward miles with XP airlines rather than trying out this new carrier. A close friend, after hearing your story, mentions that Linux Air is a much better alternative and helps.

Linux Air
Disgruntled employees of all the other OS airlines decide to start their own airline. They build the planes, ticket counters, and pave the runways themselves. They charge a small fee to cover the cost of printing the ticket, but you can also download and print the ticket yourself.
When you board the plane, you are given a seat, four bolts, a wrench and a copy of the seat-HOWTO.html. Once settled, the fully adjustable seat is very comfortable, the plane leaves and arrives on time without a single problem, the in-flight meal is wonderful. You try to tell customers of the other airlines about the great trip, but all they can say is, "You had to do what with the seat?"

JOKE! Micro$oft & Unix joke qoutes

2007-04-26T17:28:00.000-07:00

To err is human, but to really foul things up requires a computer.

Any sufficiently advanced bug is indistinguishable from a feature.
The UNIX philosophy basically involves giving you enough rope to hang yourself. And then a couple of feet more, just to be sure.

Those parts of the system that you can hit with a hammer (not advised) are called hardware; those program instructions that you can only curse at are called software.
The difference between Microsoft and Jurassic Park?In one, a mad businessman makes a lot of money with beasts that should be extinct.The other is a film.

The gates in my computer are AND, OR and NOT; they are not Bill.

Nobody will ever need more than 640k RAM!?Bill Gates, 1981Windows 95 needs at least 8 MB RAM.?Bill Gates, 1996Nobody will ever need Windows 95.?Logical conclusion

Those who can't write, write manuals.

You have moved the mouse. NT must be restarted for the changes to take effect.

A computer without any MS Windows is like a fish without a bicycle.
UNIX is user friendly. It's just selective about who its friends are.

If all else fails, read the documentation.

Unix, MS-DOS, and Windows NT (also known as the Good, the Bad, and the Ugly).
Those who don't understand Unix are doomed to reinvent it, poorly.

You may not understand what I'm installing, but that's not my job. I just need to click Next, Next, Finish here so I can walk to the next system and repeat the process?
Gates' Law: Every 18 months, the speed of software halves.

MCSE == Minesweeper Consultant / Solitaire Expert

Press any key to continue, or any other key to cancel.

The only place for 63,000 bugs is a rain forest?

Of course I use Microsoft. Setting up a stable unix network is no challenge ;p

If the ancients were right and to think is to exist, does Microsoft exist?

The BeOS takes the best features from the major operating systems. It's got the power and flexibility of Unix, the interface and ease of use of the MacOS, and Minesweeper from Windows.
Everyone has a photographic memory. Some don't have film.

A Law of Computer Programming:Make it possible for programmers to write in English and you will find that programmers cannot write in English.

Mosher's Law of Software Engineering:Don't worry if it doesn't work right.If everything did, you'll be out of a job

Real programmers don't write in BASIC. Actually, no programmers write in BASIC after reaching puberty.

Premature optimization is the root of all evil.
Voodoo Programming: Things programmers do that they know shouldn't work but they try anyway, and which sometimes actually work, such as recompiling everything.
Eagleson's Law:Any code of your own that you haven't looked at for six or moremonths, might as well have been written by someone else.

A programming language that is sort of like Pascal except more likeassembly except that it isn't very much like either one, or anything else. It is either the best language available to the art today, or it isn't.
If the code and the comments disagree, then both are probably wrong.?

/* Halley */(Halley's comment.)

Never attribute to malloc that which can be adequately explained by stupidity.
C is a language that combines all the elegance and power of assembly language with all the readability and maintainability of assembly language.

If it wasn't for C, we'll be using BASI, PASAL and OBOL

99 little bugs in the code, 99 bugs in the code,fix one bug, compile it again?101 little bugs in the code?

#define QUESTION ((bb) !(bb)) /* Shakespeare */

Give a man a computer program and you give him a headache, but teach him to program computers and you give him the power to create headaches for others for the rest of his life?
Bus error - driver executed.

0wning Vista from the boot

2007-04-25T22:56:00.000-07:00

Read full article from here.
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM.

MicroSoft's own detailed threats listing site!

2007-04-25T22:54:00.002-07:00

Checkout MS's threat listing, wow are they going to be full Antivirus company?
http://www.microsoft.com/security/portal/

Anatomy of Clickbot.A

2007-04-25T22:54:00.001-07:00

Get PDF report from: http://www.usenix.org/events/hotbots07/tech/full_papers/daswani/daswani.pdf

JOKE! Some social mathematics for you

2007-04-25T22:46:00.000-07:00

ROMANCE MATHEMATICS
Smart man + smart woman = romance
Smart man + dumb woman = affair
Dumb man + smart woman = marriage
Dumb man + dumb woman = pregnancy
`````````````````````````````````````
OFFICE ARITHMETIC
Smart boss + smart employee = profit
Smart boss + dumb employee = production
Dumb boss + smart employee = promotion
Dumb boss + dumb employee = overtime
```````````````````````````````````````
SHOPPING MATH
A man will pay $2 for a $1 item he needs.
A woman will pay $1 for a $2 item that she doesn't need.
``````````````````````````````````````````````````
GENERAL EQUATIONS & STATISTICS
A woman worries about the future until she gets a husband.
A man never worries about the future until he gets a wife.
A successful man is one who makes more money than his wife can spend.
A successful woman is one who can find such a man.
````````````````````````````````````````````````
HAPPINESS
To be happy with a man, you must understand him a lot and love him a little.
To be happy with a woman, you must love her a lot and not try to understand her at all.
`````````````````````````````````````````````````````````````````````````````
LONGEVITY
Married men live longer than single men do, but married men are a lot more willing to die.
``````````````````````````````````````````````````````````````````````````````
PROPENSITY TO CHANGE
woman marries a man expecting he will change, but he doesn't.A man marries a woman expecting that she won't change, and she does.
```````````````````````````````````````````````````````````````````````````````
DISCUSSION TECHNIQUE
A woman has the last word in any argument.Anything a man says after that is the beginning of a new argument.
````````````````````````````````````````````````````````````````````````````````
HOW TO STOP PEOPLE FROM BUGGING YOU ABOUT GETTING MARRIED
Old aunts used to come up to me at weddings, poking me in the ribs and cackling, telling me, "You're next." They stopped after I started doing the same thing to them at funerals.

Adware poses as ActiveX control

2007-04-25T22:45:00.000-07:00

Article can be found here.

Security researchers have discovered samples of adware posing as ActiveX controls that allow voyeurs to watch online smut.
The ploy used by ImageAccesActiveXObject represents a new tactic in the battle to infect users' PCs, according to anti-virus firm Panda Software. The malware infects Windows PCs when users visit hacker-controlled websites posing as repositories of porn. When users visit these sites a window opens offering "erotic pictures". If the user agrees, another window informs that an ActiveX has to be installed. This control, however, is really the adware ImageAccesActiveXObject as demonstrated in a video produced by Panda on the threat.
document.write('\x3Cscript src="http://ad.uk.doubleclick.net/adj/reg.security.4159/antivirus;'+RegExCats+GetVCs()+'ptype='+RegPage+';maid='+maid+';pf='+RegPF+';dcove=d;test='+test+';sz=336x280;tile=3;ord=' + rand + '?" type="text/javascript">\x3C\/script>');
“Before now we had seen adware disguised as codecs to see videos, but never as ActiveX controls for viewing pictures. This is another strategy for tricking users. They think they are giving their consent to the installation of a legitimate tool when really they are allowing adware to be installed”, explained Luis Corrons, technical director of PandaLabs.
Once installed, the adware takes users to a page - which is currently unavailable - hosting smutty pictures. Meanwhile, malicious code is surreptitiously loaded onto compromised PCs. Among the sample of malware loaded onto PCs is SpyLocked, adware warning users that their computer is infected, and detectingImageAccesActiveXObject. The "scareware" posing as security software will not allow computers to be disinfected unless users register the product. ImageAccesActiveXObject also downloads the Securitytoolbar adware, which installs a toolbar and displays intrusive pop-up pages when users visit certain websites. ®

Webroot's disgrace action

2007-04-25T22:43:00.000-07:00

Checkout the post messages as well!
http://sunbeltblog.blogspot.com/2007/04/this-is-just-weird.html

Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert say

2007-04-25T22:40:00.000-07:00

Article can be found here.

VANCOUVER, B.C.--Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said Wednesday.
Increasingly the actual code, often JavaScript, used to attack PCs is hidden in Flash animations or scrambled so that anyone who examines the source of a page can't easily identify it, said Jose Nazario, a senior software engineer at Arbor Networks, in a presentation at the CanSecWest security confab here.
"Their obfuscation tools are primitive but effective," Nazario said. "They use obfuscation to avoid simple signatures," he said, referring to security techniques based on signatures to detect malicious Web sites. Signatures are fingerprints of known attacks.
Web attacks have become commonplace. Tens of thousands of Web sites attempt to install malicious code, according to StopBadware.org. The sites, the bulk of which are compromised sites, often drop a Trojan horse or other pest onto a PC through a security hole in the Web browser.
Many attacks use JavaScript. Initially miscreants used plain JavaScript in their attacks, but that has changed, Nazario said. He has spotted an encoded script function called "makemelaugh" that downloads a Trojan horse that captures bank information and a Paris Hilton Flash animation that installs a tool that makes a PC part of a botnet.
Attackers also are trying to outsmart security pros by programming malicious sites to load their malicious code only once on the same PC, Nazario said. Furthermore, a new toolkit called NeoSploit identifies the browser and is packed with security exploits to launch the proper attack, he said.
There are things security professionals can do to investigate attacks, Nazario said. "Bad guys are limited by the fact that JavaScript has to be decoded to be used by the browser. As long as you can analyze it outside the browser, you can figure out what it is going to do," he said.
The scrambled code can be made legible since it typically uses simple Base64 encoding for obfuscation and not actual encryption, Nazario said. He suggested NJS, SpiderMonkey and Rhino as tools to investigate script code. Flash files can be analyzed using a program called Flasm, he said.
Malicious JavaScript can be embedded in a Web page and will typically run without warning when the page is viewed in any ordinary browser. Attackers could try to lure you to their own, rigged Web site. But an attack could also lurk on a trusted Web site by exploiting a common flaw known as cross-site scripting.
To shield against malicious JavaScript, Web surfers can disable JavaScript, but that can impact the functionality of many Web sites. An alternative is to use security tools that have blacklists of known bad sites such as McAfee's SiteAdvisor or Google's Toolbar or Desktop software.
Another alternative is Exploit Prevention Labs' LinkScanner, which monitors traffic going into a PC and blocks known exploits.

Check out the TrendMicro answer to McAfee's SiteAdvisor

2007-04-25T22:30:00.000-07:00

TrendMicro is following footstep of McAfee's popular SiteAdvisor.

Want to see their newest tool "TrendProtect"?
Here: Link

Future Soldier - Robotcop look alike bodysuit

2007-04-11T23:03:00.000-07:00

Check out cool Future Worrior's bodysuit, look just like from Robotcop movie.

Battlefiled 2025 style

Direct link: http://soldiermagazine.co.uk/mag/feature1.htm

* Super-strength soldiers
* Water-tight design
* Head start on the enemy
* Bullet-proof bootnecks
* Robo-Rangers

New threat - Windows's ANI exploit

2007-04-02T17:49:00.000-07:00

Cnet security site is reporting Window's animated cursor exploit.
Direct link: http://reviews.cnet.com/4520-6600_7-6722377-1.html

If you happend to be received some spam emails with free Windows animated cursors attached, then do Not installs them! and run Windows update to obtain security patch from Microsoft.
Microsoft security pacth for animated cursor vulnerabilities Download link: here

From Cnet Security Center:-

Windows animated cursor attackThe way Microsoft Windows handles animated cursors on Web sites puts PCs at risk.By Robert Vamosi (March 30, 2007)(revised 4/2/07)
QUICK FACTS
Name: Windows animated cursor attack Date first reported: 03/29/07 CVE Number: CVE 2007-0038 Vulnerable software: Microsoft Windows 2000, SP1 through Windows Vista. What it does: Causes a denial of service attack (persistent reboot) or could allow remote access. Recommendations: Use an Internet browser other than Microsoft Internet Explorer, such as Firefox or Opera. Exploit code available: Yes Vendor patch available: Expected April 3, 2007.

8out of 10INTERNET THREAT RATINGHow we rate There's a new Microsoft Windows vulnerability being exploited across the Internet on over 100 Web sites, according to security vendor Websense. The vulnerability is caused by an unspecified error in the way Windows 2000, XP, and Vista handles animated cursors. Animated cursors allow a mouse pointer to appear animated on a Web site. The feature is often designated by the .ani suffix, but attacks for this vulnerability are not constrained by this file type so simply blocking .ani files won't necessarily protect a PC. Users need not do anything but visit a compromised site to become infected. Antivirus vendor F-Secure reports there's also a worm associated with this vulnerability.
Successful exploitation can result in memory corruption when processing cursors, animated cursors, and icons. According to Arbor Networks, the malicious code on compromised Web sites exploiting this flaw appears to be originating from the following sites, which you may want to block:
wsfgfdgrtyhgfd.net
85.255.113.4
uniq-soft.com
fdghewrtewrtyrew.biz
newasp.com.cn
To become infected, users must be using Internet Explorer 6 or 7; there is no need to click, just visiting an infected site is enough for an infection. The flaw does not affect Firefox or Opera Internet Browsers. Microsoft will release a patch on April 3, 2007. Until a patch is released, users should browse the Internet using a non-Internet Explorer browser. There is also a third-party (non-Microsoft) patch available here from the Zeroday Emergency Response Team (ZERT), however, this patch is offered "as is" and will need to be manually removed when Microsoft issues the official patch tomorrow.
Additional Resources
Microsoft: Advisory 935423
Zeroday Emergency Response Team (ZERT): Unofficial patch
NIST: CVE-2007-0038
Arbor Networks: Any Ani file could infect you
Websense: Alert
F-Secure: Blog post

Fake Internet Explorer 7 beta discovered !!!

2007-03-29T18:39:00.000-07:00

There are report of fake IE7 beta download via spammer.

Please do NOT install or download IE7 beta as Microsoft never sends emails out about their new release softwares.

The spam email looks like the one shown on this blog, it comes with legitimate looking IE7 logo.

This spam email contains illegal link to download trojan Virus.Win32.Grum.a

Detailed workout of Gozi the Russian Trojan

2007-03-26T00:18:00.000-07:00

If you guys wants to read through very detailed work on Gozi, please click the below link.
It shows advanced research work done in detailed documental format.
This is sort of work I do as well.

Link: http://www.secureworks.com/research/threats/gozi/
Info on Gozi: http://blogs.zdnet.com/security/?p=133

F-Secure posted Youtube vid on Targeted Attacks.

2007-03-21T23:05:00.000-07:00

Watch and learn about Targeted Attacks from F-Secure Youtube video.
Direct link: http://www.youtube.com/watch?v=nFw9ZHy0V3c

Anti-Spyware Coalition released reports

2007-03-21T23:00:00.000-07:00

On March 15th, the Anti-Spyware Coalition released the finalized versions of two documents. One is titled Best Practices Suggestions and the other is on the topic of Conflicts Resolution.

Download reports from: http://www.antispywarecoalition.org/documents/

Microsoft's search excels in spreading malware

2007-03-21T22:57:00.000-07:00

It seems Italian Gromozon is over taking MS live search site.
More reading from: http://www.theregister.co.uk/2007/03/20/windows_live_malware/

Some Microsoft & GM joke

2007-03-15T16:26:00.000-07:00

At a recent computer expo (COMDEX), Bill Gates reportedly compared the computer industry with the auto industry and stated, "'If GM had kept up with technology like the computer industry has, we would all be driving $25.00 cars that got 1,000 miles to the gallon.'

In response to Bill's comments, General Motors issued a press release stating:

If GM had developed technology like Microsoft, we would all be driving cars with the following
characteristics (and I just love this part):

1. For no reason whatsoever, your car would crash........ Twice a day.

2. Every time they repainted the lines in the road, you would have to buy a new car.

3. Occasionally your car would die on the freeway for no reason. You would have to
pull to the side of the road, close all of the windows, shut off the car, restart it, and
reopen the windows before you could continue. For some reason you would simply
accept this.

4. Occasionally, executing a maneuver such as a left turn would cause your car to shut
down and refuse to restart, in which case you would have to reinstall the engine.

5. Macintosh would make a car that was powered by the sun, was reliable, five times
as fast and twice as easy to drive - but would run on only five percent of the roads.

6. The oil, water temperature, and alternator warning lights would all be replaced by
a single 'This Car Has Performed An Illegal Operation' warning light.

7. The airbag system would ask 'Are you sure?' before deploying.

8. Occasionally, for no reason whatsoever, your car would lock you out and refuse to
let you in until you simultaneously lifted the door handle, turned the key and grabbed
hold of the radio antenna.

9. Every time a new car was introduced car buyers would have to learn how to drive all
over again because none of the controls would operate in the same manner as the old car.

10. You'd have to press the 'Start' button to turn the engine OFF.

Interesting reading from McAfee's SiteAdvisor

2007-03-13T17:57:00.000-07:00

Some interesting report cameup from Siteadvisor, check it out

Direct link: http://www.siteadvisor.com/studies/map_malweb_mar2007.html

Watch Winfixer lawsuit video

2007-03-11T04:54:00.000-07:00

Feb. 26, 2007 Special Report on a lawsuit involving Beatrice Ochoa, whose computer was infected by the notorious Winfixer

http://www.youtube.com/watch?v=zBUZHiKhsog

New threat arlert: Warezov email worm

2007-03-05T19:13:00.000-08:00

F-Secure blog reported new Warezov email worm with attachment is going around, please be careful, the spam email looks like below:-

Do not reply to this message
Dear Customer, Our robot has fixed an abnormal activity from your IP address on sending e-mails. Probably it is connected with the last epidemic of a worm which does not have patches at the moment. We recommend you to install a firewall module and it will stop e-mail sending. Otherwise your account will be blocked until you do not eliminate malfunction. Customer support center robot

The attachment is a ZIP file which contains a static EXE file. The name varies, but it's always something like Update-KB[random numbers]-x86.exe.

AV Comparative February 2007 is out now !

2007-03-01T01:55:00.000-08:00

AV-comparatives.org is European based AV software certifier that test many popular & well known Antivirus software against to their extensive malware collection.

Obviously they are using European virus honey pod as result shows favourable to European based AV vendors.

You can view online result on ths link or download actualy report on PDF file from here.

New threat - Zlob variant or Trojan.popuper spreading via Myspace.com

2007-02-27T17:01:00.000-08:00

Popups

F-secure reported that there is new variant of zlob spreading through Myspace.com forcing visitors to install MS viewer to read adult consent, instead they are actually installing zlob.

Article Link here.

New threat ! - Malicious Website / Malicious Code: Trojan Crimeware using Google Maps

2007-02-22T03:02:00.000-08:00

A fake breaking news report claiming that Australia's Prime Minister Mr. John Howard had a heart attack is being circulated by spammers in an attempt to hijack Australians' computers.

Article:- Link here

Cyberattacks Up 50% By 2010, VeriSign Says

2007-02-22T02:56:00.000-08:00

VeriSign's unveiling Thursday of Project Titan, which seeks to expand the capacity of its global Internet infrastructure by 10 times by 2010, will be both a blessing and a bane to Internet users, creating a wider freeway for access to revolutionary new multimedia content while at the same time creating a greater number of targets for malicious attackers.
Cyberattacks will increase by 50% between now and Project Titan's completion, VeriSign CEO and chairman Stratton Sclavos said Thursday during his RSA Conference keynote. As long as cybercrime continues to grow as an industry, don't count on malicious attacks to abate on their own. "Where the money goes, so do the threats," he added.
While it's easy, not to mention good business, for security vendors to predict gloom and doom for the IT industry, Sclavos' point was punctuated by Tuesday's massive denial-of-service attack against the 13 servers that help manage worldwide Internet traffic. This was a sophisticated attack consisting of "very, very large packets," Sclavos said. "Every request [made by those packets] was bogus, and every [packet] source was false."
Even worse, it was a sophisticated attack that "was very simple to deploy and scales phenomenally well," Sclavos said. "In fact, we're convinced that the perpetrators didn't even know how well it scales."
But the VeriSign CEO pointed the finger at himself and his colleagues in the security space, rather than dwelling on the attackers.
"Shame on all of us in this room who are security vendors," he said. "If we force our customers to choose between ease of use and better security, they will always choose simplicity. We have the security technology and have had it for years. Yet our consumers feel more vulnerable today than they've ever felt."
Still, it's not impossible for organizations to beat back the bad guys. Sclavos pointed to PayPal, one of the companies most targeted by attackers, as a company that has had some security success because it's taken the threats seriously.
"They are using (Extended Validation SSL Certificates) to be sure users don't make a phishing site for PayPal's site," he added.
Microsoft announced that it has enabled support for these certificates in Internet Explorer 7. When a user visits a site with a valid EV SSL Certificate, IE 7 alerts the user to the available identity information by turning the background of the address bar green and displaying identity information. Twelve certificate authorities, including VeriSign, Cybertrust, and Entrust, issue EV SSL Certificates.
Certificate authorities won't issue EV SSL Certificates without first making the organization go through a stringent sign-up process, says Michael Barrett, PayPal's chief information security officer. In addition, PayPal next week will begin offering certain clients, businesses, and possibly those who've been the victim of past fraud pass code-generating tokens for securely logging on to their PayPal accounts.
Barrett admits there's no easy way to keep bogus e-mailers (known as phishers) and other bad elements at bay, but that's no excuse for not trying, even if it means forcing cybercriminals to change their tactics. "There's no silver bullet," he says. "It's how much lead can you get in the air from a shotgun."

PC Tools Cracks Hacker Code in Seconds With New Secret Weapon -- Threat Expert(TM)

2007-02-07T22:09:00.000-08:00

PC Tools claimed that they have new & better automatic malware analyzer.
This Threat Expert is similar to Norman's Sandbox & Sunbelt's CWSandbox.

By looking at their sample report I guess PC Tool's TM is better than Norman's Sandbox. I haven't tried Sunbelt's CWSandbox yet, but I guess they are also similar.

The PC Tool's TM report is a lot easy to follow but their tool is not free for everyone. You will need to talk to their marketing department in order to gain access to their utility that allows users to submit their sample file(s) [malware] to be analyze, which in return receives full detailed report about submitted file.

Which is great if you need to check the file to see if file is malicious or not.

Article Link: http://www.tmcnet.com/usubmit/2007/02/01/2303824.htm
PC Tool's TM Link: http://www.pctools.com/threat-expert/
Submit sample file: http://www.pctools.com/threat-expert/submit/

Other competitors sanbox links:-
http://sandbox.norman.no/
http://research.sunbelt-software.com/Submit.aspx (more info: http://www.cwsandbox.org/)

Free public Online scanners:- (No analyzer but just command line scanners)
http://virusscan.jotti.org/
http://www.virustotal.com/

The 16th annual RSA Conference is being held this week at the Moscone Center in San Francisco

2007-02-06T22:00:00.000-08:00

I won't able to make it to this event, some day I will.
Here is direct link to RSA Conference:
http://www.rsaconference.com/2007/US/

Conference theme: "It is said that man can what he will. If you apply yourself with all your strengths and arts you will reach the foremost and supreme degree of perfection and fame in any effort."– Leon Battista Alberti

About him: http://en.wikipedia.org/wiki/Leon_Battista_Alberti

The first keynote of the day was delivered by Microsoft's Bill Gates and Craig Mundie, who naturally drew a big crowd. Throughout the day you could see lots of familiar names on stage, including crypto-legends Whitfield Diffie, Ron Rivest, Adi Shamir and Martin Hellman in the Cryptographers Panel.

Meeting the Swedish bank hacker - The author of Haxdoor

2007-02-05T22:22:00.000-08:00

Another great article on interview with Haxdoor author.
Direct link: http://computersweden.idg.se/2.139/1.93344

For malware analyst like me, it's like having interview with vampire (me as vampire slayer).

Attack on Virtual machine

2007-02-05T22:19:00.000-08:00

Here is good reading material for people interest in Virtual machine and malware.
It's pdf file, so you will need Adobe reader or free PDF reader.

Link: http://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf

Funny Mr. Bill Gate's saying about Steve Job's new marketing campaign

2007-02-04T22:17:00.000-08:00

Ha ha, I personally never met Bill & Steve, but I think they are bunch of hypocrites, just want to make $$$ by selling second/third grade products. They never improve their previous product, just keep on selling NEW PRODUCT !

They don't really care about people or this planet earth. They use cheap advertising campaign to fool us.

The fact is over 90% of desktop computers & notebooks come with pre-loaded MS Windows and god know's how many mobile phones will come with standard Windows OS. :(

In other hand, Mac OS probadly only covers less than 2% of world computers, and rest are covered by other non MS or Mac OS such as Linux.

Apple's Mac targets consumer & specialists, MS's Windows targets commercial & dumb pc users and both targets entertainment market, but truth is their products are not so good or nor specialize compare it to other companies anyway. :)

Product Quality & features & prices & marketshare:
----------------------------
Apple's ipod vs iRiver's player (& other 3rd party players)->(3rd party players beats Apple)
MS's Xbox vs Sony's PS2/3 ->(PS3 beats xbox)
Ms's Windows vs Apple's iMac -> (Windows beats iMac)
MS's Zune player VS ipod -> (ipod beats Zune)
Sony's PSP vs Nintendo portable -> (nintendo beats Sony)
Nokia vs Blackberry -> (Nokia beats Blackberry)
Toyota VS Ford -> (Toyota beats Ford)
so on on on .. blah blah blah...

Link: http://blogs.siliconvalley.com/gmsv/2007/02/quoted_1.html

Found one coolest blog - very useful info & links for useful tools you can keep

2007-02-04T22:12:00.000-08:00

Claus Valca posted a comprehensive list of online security scanners.

Link: http://grandstreamdreams.blogspot.com/2007/02/online-system-security-scanners.html

From his blog:-

Primarily virus/trojan related online scanners
Authentium - ThreatMatrix - (ActiveX required) - Free system virus scan
Arcabit Online Scanner - (ActiveX required) - Free system virus scan
BitDefender Free Online Virus Scan - (ActiveX required) - Free system virus scan of memory, files, folders, and drives' boot sectors with cleansing option.
Computer Associates eTrust Antivirus Web Scanner - (ActiveX required) - provides virus scanning, curing and deletion support.
Dr.WEB Anti-Virus - upload a file to scan for malicious software (look on page's sidebar)
F-secure Online Virus Scanner - (ActiveX required) - Free system virus scan
Freedom Online Scanner - Free system anti-virus scanner. I cannot tell if it will also remove identified files.
eTrust Antivirus Scanner (requires MS Internet Explorer)
HouseCall (Trend Micro) Online Scanner - (Java or ActiveX) - Checks for viruses, spyware or other malware/grayware. Also performs additional security checks and assists with detected item removal. (Windows, Linux, Solaris systems supported.)
Kaspersky On-line Scanner - (ActiveX required) - Does not remove threats, only alerts user to the presence of a malicious file.
McAfee Free Scan - (ActiveX required) - Free system virus scan
Microsoft: Windows Live OneCare Free Online Scanner - (ActiveX required) - scans for and removes viruses, spyware and other potentially unwanted software and vulnerabilities.
Panda Active Scan Online Scanner - (ActiveX required) - Scans for viruses, trojans, spyware, malware and provides support for removal of virus, worms and Trojans.
Panda SpyXposer - (ActiveX required) - Scans for malware presence. Does not offer removal support.
Symantec Security Check: Virus Detection - (ActiveX required) - "Virus Detection checks for known threats, including top threats identified by Symantec Security Response. Virus Detection provides an analysis of your results and offers suggestions for further action. It does not examine compressed files." -- from Symantec's service description.
Single-File Upload Scanners
avast! OnLine scanner - upload a single file to check.
CWSandbox - Laboratory for Dependable Distributed Systems University of Mannheim, upload a single file to check file behavior in a "sandboxed" system. Very cool behavior reporting. More information at the CWSandbox.org site. (added to list 02/07/2006)
FORTINET - Online virus center - submit a single file for review.
FRISK (f-prot) Software virus lab - submit a single file for review.
IKARUS Software Vienna - Upload sample file for analysis and response is via email.
Kaspersky File Scanner - upload a single file to check.
Norman SandBox Information Center - SandBox Live - Upload sample file for analysis and response is via email.
Sophos - Sample submission form - Upload sample file for analysis and response is via email.
Sunbelt CWSandbox - Sunbelt Software's free automated malware analysis. Upload a single file to check file behavior in a "sandboxed" system. From website description, "CWSandbox not only analyzes the given malware, but also all other processes that are started or infected by the malware." Note: at time of posting, reporting "service not available." (added to list 02/07/2006)
Virusbuster - submit file to VirusBuster labs for review and feedback.
Malware (spyware/adware/etc.) Online Scanners
a-squared Web Malware Scanner - (ActiveX required) - Free system scans for trojans, backdoors, worms, dialers, keyloggers, rootkits, hack-tools, riskware, tracking cookies.
eTrust (Computer Associates) PestScan - (ActiveX required) - Free system malware scan and removal tool.
ewdio (Grisoft) Anti-Spyware Scanner - (ActiveX required) - Free system malware scan and removal tool.
Tenebril - Free Spyware Scan - (ActiveX required) - Free system spyware scan
X-Cleaner Micro Edition - (ActiveX required) - FaceTime Security Labs malware scanner.
ZoneAlarm Security Scanner (Check Point) - (ActiveX required) - ZoneAlarm Labs malware scanner--will not remove any malicious files by itself.
Online "single-file" Multi-Scan Test Websites
Jotti's Malware Scan - Utilizing 15 different scan engines: AntiVir, ArcaVir, Avast, AVG Antivirus, BitDefender, ClamAV, Dr.Web, F-Prot Antivirus, F-Secure Anti-Virus, Fortinet, Kaspersky Anti-Virus, NOD32, Norman Virus Control, VirusBuster, VBA32.
Virus Total Scan - Utilizing 28 different scan engines: Aladdin (eSafe), ALWIL (Avast! Antivirus), Authentium (Command Antivirus), Avira (AntiVir), Cat Computer Services (Quick Heal), ClamAV (ClamWin), Computer Associates (Iris, Vet), Doctor Web, Ltd. (DrWeb), Eset Software (NOD32), ewido networks (ewido anti-malware), Fortinet (Fortinet), FRISK Software (F-Prot), Grisoft (AVG), Hacksoft (The Hacker), Ikarus Software (Ikarus), Kaspersky Lab (AVP), McAfee (VirusScan), Microsoft (Malware Protection), Norman (Norman Antivirus), Panda Software (Panda Platinum), Prevx (Prevx1), Softwin (BitDefender), Sophos (SAV), Sunbelt Software (Antivirus), Symantec (Norton Antivirus), UNA Corp (UNA), VirusBlokAda (VBA32), VirusBuster (VirusBuster)
Software or System Security Vulnerability Scanners
Dr. Web Link checkers service - plugin for Opera/Firefox/Internet Explorer. Scans file or web-page prior to opening to verify it is not malicious.
McAfee WiFiScan - "McAfee Wi-FiScan surveys your current Wi-Fi® connection, your wireless equipment, and local environment to assess security risks introduced by your wireless network." - from McAfee's service description.
Secunia's Software Inspector - "Detects insecure versions of applications installed, verifies that all Microsoft patches are applied, assists you in updating your system and applications, runs through your browser. No installation or download is required." - from Secunia's service description.
Symantec Security Check: Security Scan - (ActiveX required) - "Hacker Exposure Check - Checks whether your computer allows unknown or unauthorized Internet communications; Windows Vulnerability Check - Checks whether basic information about your computer, including your PC's network identity, is exposed to hackers; Trojan Horse Check - Checks whether your computer is safe from Trojan horses; Antivirus Product Check - Checks whether you're protected by a commonly-used virus protection product; Virus Protection Update Check - Checks whether you're safe from the latest viruses. Applicable if you have a virus protection product." -- from Symantec's service description.
Not Quite "Fully-Online" Based Software or System Security Vulnerability Scanners
A few of the products/services noted on other lists are included in their online scanner lists, but actually require download and execution of a exe (executable) based file on the local pc or download and running of exe (executable) based file from memory. While technically these might be considered "on-line" scanners, they are not so in the manner of the ones listed above.
I have chosen to include some of these products in this post, as they may be otherwise beneficial for interested parties to explore further;
Aluria Software (EarthLink) Spyware Scanner - scans and identifies malware on the local pc.
Computer Associates's Resource Center: (eTrust Pest Patrol, Optimization Scan, Privacy Scan) - download the appropriate tool and execute.
Microsoft: Malicious Software Removal Tool (for Windows XP and 2K) - targets only specific threats, included in Microsoft Critical Updates, so you may already have the file (MRT.exe) on your system: It is usually located in the C:\Windows\System32\ folder on XP systems or in the C:\WINNT\System32\ folder on Windows 2000 systems.
Webroot Enterprise Spy Audit - Generate a unique code, download the audit tool executable, find results.
Primary Sources:
I did quite a bit of work hunting these tools down, and then checking the links to get more information about the conditions they ran under and what category they would best be placed under. However, these links were the most helpful in providing me the services noted.
Computer Cleanup : Free Online Scanners
MikeAlao's Blog: Free Online Virus and Spyware Scanners (including updated links)
NIST IT Security: Free Online Antivirus, Spyware, and Firewall Scanners Review
VIRUSTOTAL - Hispasec Sistemas's list of participating companies
jotti - list of participating companies
Just another class of security tools to keep you safe!
--Claus
Post updated on 02/07/2007 where noted. Big Thanks to Computer Defense blog for pointing out the additional scanner links!
Posted by Claus at Sunday, February 04, 2007

Fox news on Julie Amero scandal story

2007-01-29T16:22:00.000-08:00

Fox news link here

New technology of rootkits: Unreal

2007-01-21T18:18:00.000-08:00

There is report of new Rootkit technology that can bypass all known Anti-Rootkit. This rootkit can be downloaded for testing.

Check out the forum site from Sysinternal:
http://forum.sysinternals.com/forum_posts.asp?TID=9630&PN=1&TPN=1

Review on 6 Rootkit revealers from Informationweek

2007-01-18T16:59:00.000-08:00

Check out full review from Informationweek.

They gives you some good background information that normal people can understand and reveals 6 well known Rootkit revealers. But they missed one more good program Sophos Anti-Rootkit (Which is best out of 6 rootkit revealers reviewed on below link).

Six reviewed anti-rootkit products:-
• F-Secure BlackLight• IceSword• RKDetector• RootkitBuster• RootkitRevealer• Rootkit Unhooker

Sophos Anti-Rootkit can be download from http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

Full review from Informationweek:-
Link: http://www.informationweek.com/shared/printableArticle.jhtml?articleID=196901062

Spyware causing your PC to host porn materials

2007-01-18T16:10:00.000-08:00

Here is the video for untrained people on how spyware can turn your PC into porn host.

Link: http://www.youtube.com/watch?v=gSMz2aEXj8M

Remember, once your PC is turned into Porn junk or zombie, you can't stop them until your totally disable all infected spyware or malware. Try using PC Tools's Spyware Doctor, Webroot's SpywareSweeper and combination of some rootkit revealer from Sophos and good Antivirus software like Kaspersky/McAfee/Symantec/TrendMicro.

Porno popups - Big deal?

2007-01-15T18:50:00.000-08:00

You guys recall report of school teacher was busted for 40 years in prison because of some spyware caused porno popups during class session.

Big deal, we all know all popups are caused by adware & spyware or even cookies & scripts that cause automatic popups by just visiting legitimate web sites. And porno popups are no exception, they are just another popups with porno pictures.

Even I gets porn popups just visiting some blogs and webcasting sites.

Links:
Teacher get busted - http://www.computerworld.com/blogs/node/4346
Some examples of popups - http://www.benedelman.org/news/062206-1.html

Saddam malware

2007-01-10T20:54:00.000-08:00

Have seen this Saddam's malware?, if you have copy of this virus file please send me a copy zip & encrypt it before you pasting to me directly or to http://www.pctools.com/mrc/submit/

More info on this w32/bandload virus:-
http://antivirus.about.com/b/a/257788.htm?nl=1
http://www.f-secure.com/weblog/archives/archive-012007.html#00001071

Macworld 2007: Steve Jobs keynote

2007-01-10T20:42:00.000-08:00

Apple computer have launch new iPhone, check out Steve Jobs keynote

Links: http://www.engadget.com/2007/01/09/live-from-macworld-2007-steve-jobs-keynote/

New sophisticated phishing tool

2007-01-10T20:37:00.000-08:00

Zdnet reported that there is new sophisticated phishing tool use by cybercrooks. Check out the link below.

From Zdnet January 10, 2007, 11:47 AM PT

Security experts at RSA have come across a new tool that automatically creates sophisticated phishing sites, a sign that cybercrooks are getting increasingly professional.
The tool, which RSA calls the "Universal Man-in-the-Middle Phishing Kit," is available on underground online marketplaces for about $1,000, Jens Hinrichsen, RSA's product marketing manager for fraud auction, said in an interview Wednesday.
"Unlike other phishing kits which have been in existence for quite some time, this kit is unique because with a very simple user interface you can choose whatever site you'd like to spoof," Hinrichsen said. "The arms race continues; we on the security side have to continue to escalate resources and invest in technology."
Phishing scams are a prevalent online threat that typically use fraudulent Web pages and spammed e-mail messages to trick people into giving up personal information such as user credentials or credit card data.
Using the new kit, a fraudster only has to enter variables such as which site should be spoofed and where the fraudulent page will be hosted. The tool then produces a dynamic Web page in the PHP (hypertext preprocessor) scripting language. The fraudster hosts this page somewhere on the Web, typically on a compromised Web server or a free Web host, and lures people to it with spammed e-mail messages or other links.
Unlike traditional phishing Web sites that have static Web pages designed to look like a real online bank or other trusted site, the dynamic page created by the phishing kit actually pulls in the current Web site of the target organization and displays it. However, any data entered is captured by the miscreants, Hinrichsen said.
"Once you enter your credentials, it would be intercepted by that server where the PHP file is hosted," he said. At the same time, the victim is actually logged in to the legitimate site and may never know he's been phished.
Shrewd phishers monitor the log-in process to validate that the data they capture is legitimate, Hinrichsen said. An incorrect username and password combination would be discarded. Also, the man-in-the-middle-style attack lets the miscreants continue to eavesdrop on the victim's interactions with the legitimate Web site, according to RSA.
The most popular phishing targets are banks and online payment services such as PayPal. Auctioneer eBay is also a common target. Fraudsters run phishing scams to collect personal information that can be used for identity fraud.

Link: http://news.zdnet.com/2100-1009_22-6149090.html

Another Antivirus music band !

2007-01-04T14:44:00.000-08:00

SecuriTeam blog reported another AV music band, it's from BitDefender, it's funny how Antivirus companies are trying to brain wash people with their music ;)

Check out their music from Youtube links;
http://www.youtube.com/results?search_query=bitdefender
And specifically:
http://www.youtube.com/watch?v=XLfNeYkgjpI
http://www.youtube.com/watch?v=NLHQknOP90c
http://www.youtube.com/watch?v=g-0IqmHiLRw
http://www.youtube.com/watch?v=-dhGZwinLrY

Now, go and watch the Symantec version: http://www.youtube.com/watch?v=x-UnYm6qfy8

The TV 24 series: Jack Bauer - the next Chuck Norris?

2007-01-03T18:33:00.000-08:00

Check out the top 100 facts about Jack Bauer (Fictional character from TV Series called 24 - season 6 ~will air on 14.15 January 2007). It's pretty funny :)

Link: http://www.notrly.com/jackbauer/index.php?tophundred

TV link: http://www.fox.com/24/Info
link: http://en.wikipedia.org/wiki/24_(TV_series)

Sunbelt blog's report on Gromozon.com

2007-01-03T15:34:00.000-08:00

Sunbelt blog reported Gromozon attack, here is more info from Symantec.

Link:
http://www.symantec.com/enterprise/security_response/weblog/2006/08/gromozoncom_and_italian_spaghe.html

Looks like LinkOptimizer and Trojan.Gromp is back again. Did you know both LinkOptimizer & Trojan.Gromp is actually same threat?

The latest LinkOptimizer files are detected as Trojan.Gromp by most European AV vendors where as US vendors such as Symantec & Spysweeper detected as LinkOptimizer.

Just like Deluxe Communication & SurfSideKick (another same threat, just different names).
Links:
http://www.pchell.com/support/surfsidekick.shtml
http://affiliatefairplay.com/newsblog/2006/08/28/surfsidekick-now-dxcdirect/
http://www.anti-spyware-101.com/remove-deluxecommunications/

Removal info for Deluxe Comminication & SurfSideKick:
http://www.spywareremove.com/removeDeluxeCommunications.html

Rockband for Checkpoint, Symantec & IBM

2007-01-03T15:30:00.000-08:00

Check out another Rockband for company.
Link: http://www.ranum.com/editorials/corporate-songs/index.html

Including
The Checkpoint song
Symantec Revolution
Ever Onward I.B.M

Followup from Symantec Rockband http://www.rockdotrock.com/

Happy New Year ! The year of the Golden Pig ! Wow

2007-01-02T22:43:00.000-08:00

According to Chinese mythology, which is also believed by Koreans, the year of the golden pig arrives every 600 years, and it is considered extremely propitious, especially in terms of monetary wealth. Thus, couples all across Asia are giving it their best to bring in babies within the next lunar year which starts on Feb. 18, 2007.
Granted, folklore scholars dispute the existence at all of a golden pig year. They say that further research will likely debunk the myth just as it did the myth of 2006 as the "year of the two springs," an extremely favorable year for marriages, according to The Korea Times, an English-language newspaper published out of Seoul.
But the legend has gained widespread popularity, regardless, especially among young couples looking to have their first or second child. South Korea, for example, is expected to see a 10 percent increase in the birth rate, primarily because of the rumor, according to The Korea Times.
Retailers are also capitalizing on the trend by printing golden-pig-year calendars, baby clothing and a whole array of toys to meet the sudden demand. Marriage halls during 2006 saw just as significant an increase in business last year, because of the myth about that propitious year.

Mark Russinovich's video on malware detection and cleaning!

2007-01-02T22:27:00.000-08:00

Check out some interesting video on Rootkit hunting

http://www.microsoft.com/emea/itsshowtime/sessionh.aspx?videoid=359