Posts tagged as:

trojan

The Best Antivirus Software in 2011

Best Antivirus Software, 2011

Antivirus vendors have included “2011″ in their product names since the summer of 2010. Now that the year 2011 has actually arrived it’s time for a new look at the whole collection. Several of the latest additions attempt to crank up protection by running two different antivirus engines, and some actually succeed. This batch also brings a new Editors’ Choice for free antivirus and a new shared Editors’ Choice for commercial antivirus.

As always, when I say “antivirus” I mean a utility that protects against all kinds of malicious software, not just viruses. Trojans, spyware, rootkits, keyloggers, adware, scareware – a proper antivirus must handle all of these.

Standalone or Suite?
Many of this year’s products blur the line between standalone antivirus and security suite. In the past the presence of a personal firewall has been one defining suite element; not any more. There’s a fully-functional firewall inside Panda Antivirus Pro 2011. eScan Anti-Virus 11 and McAfee AntiVirus Plus 2011 also offer firewall protection. Norton AntiVirus 2011 doesn’t include a complete firewall, but its intrusion prevention feature is more effective against exploits than most full-blown suites.

Spam filtering is another component typically found in a suite. The spam filter built into BullGuard Antivirus 10 is reasonably accurate and unusually helpful at setup time. eScan also offers a spam filter, but it’s not something you’d want to inflict on your Inbox.

StopSign Internet Security 1.0 includes an optional firewall with spam filtering built in. None of the independent labs have tested it, though, and its performance in my own malware blocking and removal tests was so poor that I didn’t bother evaluating those optional features.

BitDefender Antivirus Pro 2011 offers full remote management of other BitDefender installations across the network. McAfee can monitor other installations remotely and fix problems. Panda and Norton can at least let you know when another installation has problems, though they won’t fix those problems remotely.

BitDefender includes a very effective phishing prevention tool, as does G Data AntiVirus 2011. The LinkScanner component in AVG Anti-Virus Free 2011 also works to block phishing sites, as does McAfee’s SiteAdvisor. AVG and Norton both scan the links on your Facebook pages to protect you from Facebook scams and viruses. BitDefender and Kaspersky Anti-Virus 2011 both check your system for security vulnerabilities, though BitDefender takes the concept a bit farther.

Outpost Antivirus Pro 7.0 and BitDefender can block transmission of user-defined private data, a feature usually found only in suites. Ad-Aware Pro Internet Security 9.0, AVG, Kaspersky, and McAfee will tune system performance and wipe out traces of computer and Internet use. Sometimes it’s hard to remember that the product is “only” an antivirus, not a full suite.

The true standalone antivirus isn’t dead, however. For example, F-Secure Anti-Virus 2011 sticks to the business of virus protection without any sign of morphing into a mini-suite.

Twin-Engine Trend
Several late-season additions aim to double your protection by using two antivirus engines, with varying degrees of success. G Data’s dual scan doesn’t take much longer than the average single-engine product, and it includes powerful phishing protection. However, it doesn’t thoroughly clean up the threats it detects, and a failed cleanup effectively killed one test system. TrustPort Antivirus 2011 ran a bit slower than G Data and failed significantly in my testing. After its alleged removal some threats were still running. In the malware blocking test a few threats that it claimed to block managed to install and launch anyway.

Double Anti-Spy Professional v2 turned in the best performance of the twin-engine antivirus tools. It scans first with one engine, then with the other, and it also requires two separate updates. It’s noticeably slow, but effective enough that it’s worth waiting for.

Adjustable Interfaces, Built-in Support
Some users want to hear about every little security event, but most prefer a product that just does the job, without making a fuss. Ad-Aware Pro appeals to both with a choice of simple or advanced mode. BitDefender goes even further. Not only can its users choose basic, intermediate or expert view, they can build a personal collection of their most-used tools.

Webroot AntiVirus with Spy Sweeper 2011 totally focuses on keeping everything as simple as possible. It updates automatically, scans while the system is idle, and interacts with the user through a completely redesigned interface. All the detail a tech-savvy user might want is available, but hidden when not needed.

The user interface for Trend Micro Titanium Antivirus + 2011 discards the standard landscape-orientation window for a skinny vertical panel that takes up minimal space. McAfee, too, has switched to a vertical interface.

Norton reserves a panel across the bottom of its main window for interaction and communication with other security components. Initially the panel shows an interactive world map of security activity, but it can also connect with Norton Safe Web for Facebook or with your Norton Online Backup account.

Built-in and automated support features grace many of these tools. BitDefender includes a search box for help topics right on its main screen; a built-in tool will gather system information and contact an agent for chat-based support. Norton’s one-click support system gathers diagnostics and offers relevant FAQs or chat-based support. Kaspersky’s built-in support tool can send diagnostic reports to the company and process purpose-built scripts to fix specific problems. Panda’s PSCAN lets remote analysts request samples and push fixes without requiring full chat-type interaction. BullGuard offers built-in access to e-mail and live chat support with a message center to manage your support interactions. eScan links to live chat and online help.

[click to continue…]

{ Comments on this entry are closed }

Top Ten Security Threats - 2011

Top Ten Security Threats

Imperva announced their predictions for the top ten security trends for 2011 which have been compiled to help IT security professionals defend their organization against the next onslaught of cyber security threats.

The trends have been detailed below:

1. Nation-sponsored hacking: When APT meets industrialization
Nation-sponsored hacking specifically-targeted cyber attacks will incorporate concepts and techniques from the commercial hacker industry. These campaigns will contain a different malware payload than the traditional attacks conducted for monetary gain. However, these attacks will use similar techniques. These Advanced Persistent Threat (APT) attacks will borrow techniques, such as automation and viral distribution, making them all the more powerful and potentially more successful. An example of such an attack is Stuxnet, which was not searching for data to monetize, rather it was focused on gaining control of crucial infrastructure.

Both classes of attack (hacker industry and APT) are going to use some of the same techniques so some security controls are applicable to both. On the positive side, given you’re covered against the cyber mafia you should have some of the controls to be protected from certain APT attacks. As APT is persistent, if a certain attack does not succeed, another one will come into play. The traditional security controls do not deter these relentless, state-sponsored hacker organizations. For the enterprise as well as government, this means increasing monitoring of traffic and setting security controls across all organization layers.


2. The insider threat is much more than you had imagined
In this upcoming year, we expect to see a growing awareness to security incidents of an “insider job” nature. Attention will grow as a consequence of an increased flow of incident reports where data theft and security breaches are tied to employees and other insiders. The cause of this trend will be the emphasis put on new regulations covering the act of notification and disclosure (rather on the actual protection of data).

To deter insider threats, organizations should therefore:

  • Enforce access controls such that access is based only a business need-to-know level. This includes eliminating excessive privileges.
  • Provide the proper access auditing tools to data centers. These auditing tools should monitor who accesses what data

3. Man in the Browser attacks will man up
Man in the Browser (MitB) attack sophistication is going to increase, as well as moving forward to more types of online applications. As a consequence, more online service providers are going to include this in their list of priorities for 2011, shifting the responsibility for mitigating the risk from the consumers to the service providers.

While avoiding infection by proxy Trojans is presumably the responsibility of consumers, MitB attacks are quickly becoming a concern of online service providers. The actual rate of infection and the proliferation of the many types of MitB malware suggest that providers must be able to serve (and protect) customers who might be infected with one type of malware or another. Just as the evolution of vehicle safety drove manufacturers to include device such as ABS, Air Bags and ESP, rather than rely on us to drive carefully, so will online service providers need to invest in mechanisms that allow them to conduct business with allegedly infected consumers. Among the technologies that we foresee as helpful are strong device identification, client profiling, fast security code evolution, session flow tracking and site-to-client authentication.

[click to continue…]

{ Comments on this entry are closed }

Amazon Web Services used to spread malware

Amazon Web Services used to spread malware

A Kaspersky researcher spies some malware hosted on AWS targeting bank data.

Cyber criminals have used Amazon Web Services (AWS) accounts to spread financial data-stealing malware, a security researcher has discovered.

The malware, hosted on AWS, appeared to have emanated from Brazil, as banks within the country were targeted, said Kaspersky Lab expert Dmitry Bestuzhev.

“The evidence indicates that the criminals behind the attack are from Brazil and they used several previously registered accounts to launch the infection,” Bestuzhev said in a blog post.

The malware spotted on AWS was able to do a variety of nasty things. As a rootkit, it attempted to disable four different anti-virus programs and a special security application used by Brazilian financial institutions for online banking.

It also attempted to steal financial data from nine Brazilian and two international banks, as well as acquire Microsoft Live Messenger credentials.

At the time of publication, Amazon had not confirmed whether the accounts used to spread the malware had been deactivated.

The findings came after some reports indicated hackers who hit Sony in April had used AWS as a platform.

Last month, Citrix chief technology officer (CTO) Simon Crosby claimed the public cloud was a safer place to store data than the private cloud.

The public cloud may also be a safer place for cyber criminals to operate, however.

“I believe legitimate cloud services will continue to be used by criminals for different kinds of cyber-attacks,” Bestuzhev added.

“Cloud providers should start thinking about better monitoring systems and expanding security teams in order to cut down on malware attacks enabled and launched from their cloud.”

Hackers could do well from using well known cloud services, as using a server with good repute will mean malware is less likely to be blocked by web filters.

From http://www.itpro.co.uk/634021/aws-used-to-spread-bank-data-malware

{ Comments on this entry are closed }

Donbot dumps fake AV spam – pitches gambling site instead

Botnets pitching online casinos

Donbot – aka Bachsoy and Buzus – is known to be capable of generating an incredible volume of spam. At its height in the summer of 2009, the swarm was noted as generating around 800 million spam messages a day from around 125,000 infected PCs.

This equates to around 1.3% of global spam volumes, although some reports have noted spikes reaching the 4.0% mark.

According to David Broome, a researcher with M86 Security, Donbot’s spam deluge paused recently for 15 minutes and came back with a gambling pitch.

The pitch, he says in his latest security blog, is one his security colleagues have seen for over a year on and off in their spam traps.

“It is designed to encourage the reader to gamble money on roulette with what is presented as a winning strategy. Conveniently, a link to an online casino is provided to the user in order to use this strategy and make easy money”, he reports.

Following the link, says Broome, leads to a web splash page where clicking any button on the page – including the language flags at the top – starts a download of Casino-Online.exe.


The WHOIS information for the casino domain lists it as having been registered at namecheap.com on the 24th of May 2011.

“So, if there was any doubt to the possible legitimacy of this casino, here’s the proof that it is in fact an illegitimate operation. The domains that lead to the casino software are changing regularly and being spammed out fresh”, he said.

After downloading the Casino-Online.exe binary and scanning it through the VirusTotal test site, 4 of 42 anti-virus packages detected it as various malware executables.

“When we ran the Casino-Online.exe in our environment and set up an account, no unusual traffic was seen going out. While it may not be malware in the traditional sense, it’s certainly operating in a highly dubious fashion. We normally advise against clicking links in spam messages, so downloading and executing arbitrary executable files is a definite no-no”, he said.

The information gathered during the account creation process, he explained, is quite thorough, which is also concerning given what data could be collected and used for future spam campaigns, or sold.

“Assuming the casino isn’t rigged, the odds are still stacked in favour of the house. Despite their description of the strategy, the odds for Red/Black in roulette are not actually 50/50, instead being 48.6/48.6/2.8 – the 2.8% being for the 0 that is also on the wheel”, he observes.

This means, he goes on to say, that regardless of a bet on red or black, you have a 51.4% chance of losing the bet.

Whilst this may seem reasonable odds, he adds, it gives the casino enough of a winning margin that – given enough time they will eventually come out on top.

“Using the strategy outlined in the spam message of multiplying a bet 2.5 times after every loss, it would take only 10 losses in a row for you to have lost $6,000, and 13 losses in a row for you to have lost just shy of $100,000″, he says.

“Without an unlimited bankroll you will surely come to grief at some point”, he adds.

from http://www.infosecurity-magazine.com/view/18297/donbot-dumps-fake-av-spam-pitches-gambling-site-instead/

{ Comments on this entry are closed }

Watch out for fake anti-virus alerts

Scareware: FBI Warns That Those Pop-Up Security Warnings Pose a Threat to Your Computer

I have a friend in the real estate business who told me that he wanted to pick up his computer and hurl it through a window.

The cause of his frustration was an incessant series of pop up messages on his computer screen that warned he had a virus on his computer. He could not figure out how to make the pop ups go away and eventually his computer ceased working.

He presumed that the warnings were legitimate, but he later learned that he was the victim of “scareware.”

He didn’t know that the FBI put out a warning this month about the threat of pop up security warnings.

The FBI states that pop up messages claiming that you have a virus and you are in need of anti-virus software may, ironically, actually contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft.

The FBI states that those pop up messages contain “scareware”, fake or rogue anti-virus software that looks authentic, but they are not.

Scareware is sold to unsuspecting computer users who fear viruses on their computers. The scareware is either useless or contains damaging malware programs. The cyber criminals convince users that he or she has a virus that has infected their computer and then offers anti-virus software to remove it. The virus does not in fact exist until the user downloads the scareware
The term scareware describes software products that often generates a bombardment of pop up warning messages that makes using your computer difficult.

The message may display what appears to be a real-time, anti-virus scan of your hard drive. The scareware will show a list of reputable software icons; however, you can’t click a link to go to the real site to review or see recommendations. The FBI says that cyber criminals use botnets —collections of compromised computers — to push the software, and advertisements on websites deliver it. This is known as malicious advertising or “malvertising.”

Once the pop-up warning appears, it can’t easily be deleted by clicking on the “close” or “X” buttons. If you click the pop-up to purchase the software, a form to collect payment information for the bogus product launches. In some instances, the scareware installs malicious code onto your computer, whether you click the warning or not. This is more likely to happen if your computer has an account that has rights to install software.

The FBI says that downloading the software can result in viruses, malicious software called Trojans, and/or keyloggers— hardware that records passwords and sensitive data —being installed on your computer. This malicious software can cause severe damage and the inability to use your computer.

The Federal Trade Commission (FTC) notes that the scareware scam has many variations, but there are some telltale signs. For example:

  • You may get ads that promise to “delete viruses or spyware,” “protect privacy,” “improve computer function,” “remove harmful files,” or “clean your registry;”
  • you may get “alerts” about “malicious software” or “illegal pornography on your computer;”
  • you may be invited to download free software for a security scan or to improve your system;
  • you could get pop-ups that claim your security software is out-of-date and your computer is in immediate danger;
  • you may suddenly encounter an unfamiliar website that claims to have performed a security scan and prompts you to download new software.

The FTC reports that scareware schemes can be quite sophisticated. The cyber criminals purchase ad space on trusted, popular websites. Although the ads look legitimate and harmless to the website’s operator, they actually redirect unsuspecting visitors to a fraudulent website that performs a bogus security scan. The site then causes a barrage of urgent pop-up messages that pressure users into downloading worthless software.

Fake anti-virus example screenshots

Example screenshots of fake anti-virus alerts

The FTC suggest that if you’re faced with any of the warning signs of a scareware scam or suspect a problem, shut down your browser. Don’t click “No” or “Cancel,” or even the “x” at the top right corner of the screen. Some scareware is designed so that any of those buttons can activate the program. If you use Windows, press Ctrl + Alt + Delete to open your Task Manager, and click “End Task.” If you use a Mac, press Command + Option + Q + Esc to “Force Quit.”

Lastly, make it a practice not to click on any links within pop-ups.

The FBI recommends that you take precautions to ensure your operating systems are updated and your legitimate security software is current. If you receive these anti-virus pop-ups, close the browser or shut down your computer system. Run a full anti-virus scan whenever the computer is turned back on.


Call me today at 262-203-4459 and I will clean up, tune up and speed up your entire system so your computer can run like new again. Guaranteed.

{ Comments on this entry are closed }

What is Fake AV?

What is Fake AV?

Find out how criminals lure users to malicious sites and scare them into paying for fake threat removal tools.

What is Fake AV?

FakeAV, or Fake Anti-Virus, is one of the most frequently-encountered and persistent threats on the web. This malware, with over half a million variants, uses social engineering to lure users onto infected websites with a technique called blackhat Search Engine Optimization.


Once the FakeAV is downloaded onto the user’s computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats. The FakeAV will continue to send these annoying and intrusive alerts until a payment is made.

The great threat of FakeAV is the risk to victims’ personally identifiable information, which is extracted and exploited by the affiliate networks that publish this malware. [click to continue…]

{ Comments on this entry are closed }

Avoid

Avoid Fake Anti-Virus Software Scams

Some simple tips to help you avoid fake anti-virus software scams

Fake Virus Scam Tactics

Fake virus alerts are usually generated by a Trojan — a program that takes control of your computer — after you open an email attachment, click on a pop-up advertisement or visit a particular website. (Adult sites are special favorites.)

If you run programs that provide file-sharing information — including LimeWire,FrostWire, and some instant messenger (IM) applications — your computer might be remotely accessed by scammers, hackers and identity thieves.

Sometimes, the Trojan creates “false positive” readings, making you think viruses and spyware have infected your computer, even though nothing has. In other cases, scam software actually implants malicious code into your computer, especially if you request a “free virus scan.”

In other words, some peddlers of fake anti-virus software actually design the viruses, spyware and malware that their software is supposed to detect.

Rogue Spyware: What to Look For

  • Rogue anti-virus/spyware programs often generate more “alerts” than the software made by reputable companies.
  • You may be bombarded with pop-ups, even when you’re not online.
  • High-pressure sales copy will try to convince you to buy RIGHT NOW!
  • If you’ve been infected, your computer may dramatically slow down.
  • Other signs of infection include: new desktop icons; new wallpaper, or having your default homepage redirected to another site.

(Mac users: if you run Windows using Boot Camp, Parallels or VMWare, these tips apply to you. However, at the time of this writing, Mac OSX does not have these problems.)

Fake Anti Virus Prevention Tips

1. Use Firefox or Google Chrome as your browser rather than Internet Explorer.

2. Keep your computer updated with the latest anti-virus and anti-spyware software, and be sure to use a good firewall.

3. Never open an email attachment unless you are POSITIVE about the source.

4. Do NOT click on any pop-up that advertises anti-virus or anti-spyware software, especially a program promising to provide every feature known to mankind. (Also remember: the fakes often mimic well-known brands such as Grisoft AVG, Norton and McAfee.)

5. If a virus alert appears on your screen, do NOT touch it. Don’t use your mouse to eliminate or scan for viruses, and DON’T use your mouse to close the window. Instead, hit control + alt + delete to view a list of programs currently running. Delete the “rogue” from the list of running programs, and call your computer maker’s phone or online tech support service to learn if you can safely use your computer.

6. Do not download freeware or shareware unless you know it’s from a reputable source. We use Download.com and VersionTracker.

Unfortunately, freeware and shareware programs often come bundled with spyware, adware or fake anti-virus programs.

7. Avoid questionable websites. Some sites may automatically download malicious software onto your computer.

8. Reset your current security settings to a higher level.

9. Although fake software may closely resemble the real thing, it’s rarely an exact match. Look for suspicious discrepancies.

10. Check out this list of rogue/fake anti-virus and anti-spyware products.

If your computer is infected by rogue software, stop work and contact your computer manufacturer’s tech-support hotline. Don’t keep using the computer. This may further damage your machine and provide identity thieves with more information about you.

Use of fake anti-virus, anti-spyware software is a fast-growing scam, especially as more people become aware of the dangers of spyware, adware and malware. By following the tips above, however, you’ll better protect yourself from becoming the next victim of scammers, identity thieves and hackers.

{ Comments on this entry are closed }

Malware, Spyware, Everywhere

Malware Spyware Everywhere

The top 10 malware threat list from Sunbelt Software has provided further proof of the rise of fake anti-virus software.

While Trojans and bots are the most prevalent forms of malware circulating the web, cyber criminals’ use of rogue anti-virus software is steadily increasing.

So claims Sunbelt Software, which released its list of the top 10 malware threats in April. The rankings were largely unchanged from March apart from the entry of a loader for a rogue security product named SecurityTool.

The FraudTool.Win32.SecurityTool (v) threat took the final place in the top 10, removing Virtumonde from the list.

A recent report from Google claimed that fake anti-virus software now accounts for 15 per cent of all malware on the web.

“Trojans and bots are very prevalent. We also have an indication that rogue security products continue to spread,” said Sunbelt Software research centre manager Tom Kelchner.

“In recent months many security researchers at antivirus companies have been noticing a slow but steady increase in rogue activity. It’s becoming a very significant source of income for the bad guys,” he added in a statement.

Trojan.Win32.Generic!BT was ranked as the most prevalent form of malware threat by Sunbelt, with a 33.74 share, far ahead of Exploit.PDF-JS.Gen in second place on 3.41 per cent.

from ITPro » www.itpro.co.uk

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? You can contact me here.

{ Comments on this entry are closed }

Fake Anti-Virus on the Rise

Google researchers have uncovered a significant spike in fake anti-virus software circulating the web.

“Once it is installed on the user system, it’s difficult to uninstall, you can’t run Windows updates anymore or install other antivirus products.”

There has been a rise in the prevalence of fake antivirus (AV) software, which now accounts for 15 per cent of all malware on the web, a report by Google researchers has shown.

The team claimed that fake AV software is responsible for half of all malware delivered through online adverts, representing a 500 per cent rise in a year.

In their analysis of 240 million web pages collected by Google’s malware detection infrastructure over 13 months, the researchers found that more than 11,000 domains were involved in distributing fake AV.

Back in January last year, the team identified only 93 unique fake AV domains, but this rose to 587 in the final week of January 2010.

“As users are becoming increasingly aware of the need to secure their computers, attackers have been leveraging this awareness by employing social engineering techniques to distribute fake AV software,” the researchers said.

“Fake AV attacks continue to persist, demanding increased awareness and broader response from the research community at large.”

from ITPro » www.itpro.co.uk

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? You can contact me here.

{ Comments on this entry are closed }