Archive for category Anti-Viruses
Symantec: Tapsnake Game Tracks Your Location
Posted by Mourad Ben Lakhoua in Anti-Viruses, News, Software Security on August 18, 2010
Symantec researchers reported a new malicious application in the virtual store Android Market, this application can determine users location in real time on AndroidOS.
Tapsnake is the name of the game which is a version of the popular game “Snake”. Game developers did not provide any information that the application sends each 15 minute victims specific location to a special server without the knowledge of user.
According to Symantec Developers describe the application as follows:
“Download and install the free Tap Snake game app from the Market to the phone you want to spy on. Press MENU and register the app to enable the service. Use the GPS Spy app with the registered email/key on your own phone to track the location of the other phone. Shows the last 24 hour of trace in 15 min increments.”
While the Trojan uploads the GPS data every 15 minutes to an application running on Google’s free App Engine service. GPS Spy then downloads the data and uses this service to conveniently display it as location points in Google Maps.
Well to have Tapsnake working attacker’s needs to have access to smartphones what is difficult and Android installation program notify users about any suspicious activities on the smartphone which is also a very good security measures.
For the best protection it is important to be careful during installing any third-party application on your mobile devices.
make sure you subscribe to my RSS feed!
Zeus Grabbing Kaspersky’s Digital Signatures
Posted by Mourad Ben Lakhoua in Anti-Viruses, Cybercrime, News on August 6, 2010
Trend Micro threat researchers has reported detecting several malicious web files that are using a strange digital signature which looks like be signed by antivirus company Kaspersky.
After analyzing the files and there signatures there has been a clear difference between the legitimate signature and fake one, the fake copy includes wrong hash values, and the signature has been expired.
This is not all what has been observed but after examining these web files it has been identified as a malicious ZeuS (ZBOT) variants detected as TSPY_ZBOT.BWP, TROJ_ZBOT.BYM, and TROJ_ZBOT.KJT.
This is not the first case that criminals use the Certificates to sign their web malwares. There has been another case about STUXNET malware that was also signed with a certificate from Realtek Semiconductors Corp. which has been later changed to JMicron Technology.
Now Trend Micro has notified Kaspersky Lab about this incident, while you can read more about Zeus here.
make sure you subscribe to my RSS feed!
Spreading Ghosts Attacks
Posted by Mourad Ben Lakhoua in Anti-Viruses, Vulnerabilities & attacks, hacking on July 23, 2010
Leonardo Da vinci is widely considered to be one of the greatest painters of all time, and perhaps the most diversely talented person ever to have lived. Leonardo said that there are three types of people that one may encounter: “Those who see. Those who see when they are shown. Those who do not see.”
But here I want to add a class of people who see even if they are prevented – we are talking about the Hacker class.
One of the first things an attacker will do to compromise a remote system is use a Backdoor. I am referring to a ghost – a piece of software that by running it an attacker can have access to a remote system and collect all activities on the targeted machine.
USBsploit is a tool that is still in beta version and has been created by an Infosec researcher and owner of the popular portal Secubs. This tool makes it simple for any person looking to generate Backdoors within a few steps.
First, you need to start with choosing the right distribution, this can be Backtrack/Debian or Ubuntu with the original dependency from Metasploit, than you can follow the clear and easy steps mentioned on the official website.
When you run USBsploit you will find a menu with the list of action you are looking to perform:
1. Create a Backdoor
2. Create a Backdoor and launch a Listener only for the USB Dump attack
3. Launch a Listener for the USB Dump attack from the last Dump configuration file
4. Update the USBsploit Framework
5. Edit the last Dump configuration file (needs vi)
6. Edit the global options (needs vi)
7. Edit the file extensions set to dump (needs vi)
If you choose to create a Backdoor you will be asked to select the IP address of the listener, and by default it will detect local machine IP.
Next you will be asked to select the kind of backdoor you are looking to deploy, depending on victim’s Operating system:
1. Windows Meterpreter Reverse_TCP Spawn a shell on victim and send back to attacker.
2. Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64)
3. Windows Meterpreter Egress Buster Spawn a shell and find a port home via multiple ports
And here an important step you will be choosing the kind of encodings to try and bypass weak Antiviruses.
Select one of the below, Backdoored Executable is typically the best.
1. shikata_ga_nai (Very Good)
2. Multi-Encoder (Excellent)
3. Backdoored Executable (BEST)
After encoding you will find the executable file in “/opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe”
This amazing tools helps to create a backdoor that can bypass most popular antiviruses in just a few steps.
My experience was interesting because when testing the generated executable file that had been encoded by msfencode, only 10 out of 42 antiviruses detected it as a Trojan.
You can run the .exe file on a windows machine even if it contains one of the Antiviruses that was not able to detect the malicious code, even with the latest definition such as Kaspersky and activate the listener.
Here you will access all activities on the target machine and have total visibility of the whole system.
make sure you subscribe to my RSS feed!
McAfee 2010 First Quarter Threat Report
Posted by Mourad Ben Lakhoua in Anti-Viruses, News on May 19, 2010
McAfee has issued the regular quarterly Threat report, which pointed to major network threats in the first quarter of this year, during this period the biggest threat to computers was USB malicious software. Attackers continue to enjoy the ability to launch applications automatically from external devices.
The report also stated the increasing of fake AV products with expanding their activities in this period. As for Spam the detected number for this part is about 139 billion spam messages, which mean about 89% of the total email number. 71% of emails are related to medical spams, 10 % for general category and 2% of spams for fake educational diploma or degrees. The leaders of these spams are China, South Korea and Vietnam.
McAfee also said that malware and spam in Thailand, Romania, the Philippines, India, Indonesia, Colombia, Chile and Brazil had surged with the increasing number of internet usage.
Comparing to the last two years the total number of malicious program for this period has decreased, however they expect that for next part the number of viruses will remain the same as last year.
make sure you subscribe to my RSS feed!
Symantec Detects WoW Game as a Malware
Posted by Mourad Ben Lakhoua in Anti-Viruses, News on May 18, 2010
A New update for Symantec Antivirus released by this weekend detects the popular game World of Warcraft as a malicious application.
Instead of playing users were forced to post their issue on the game forum with a description that Symantec AntiVirus takes scan.dll.new as a Trojan for stealing user’s data. A number of posts revealed that the problem remains not solved.
According Internet Storm Centre specialists, in last month’s there has been detected a lot of false positive despite the continues improvement of algorithms ,programs and accuracy of Anti-Virus products to protect users from malicious applications and this is due to the explosive growth of different viruses.
Some reports revealed that on a daily bases there is about 50 000 new malware samples, which forces Malware lab to accelerate updating their signature, and sometimes affects the quality of this update as the case of Symantec.
make sure you subscribe to my RSS feed!
F-Secure: Innovating to Protect the Irreplaceable in 2010
Posted by Mourad Ben Lakhoua in Anti-Viruses on February 4, 2010
In addition to an array of threats F-Secure’s Labs predict that there will be more attacks on social networks such as Facebook, Twitter, Myspace, Linkedln, etc. The 350 million people on Facebook, for instance, obviously represent a concentration of people, data and trust far too tempting for cyber-criminals to ignore. And these networks invite users to blur the lines between business and pleasure, creating new risks for PCs both at work and at home.
Meanwhile, hackers are looking to exploit new technologies—such as real-time and location-based search—and scammers are figuring out even craftier ways to exploit the information we reveal in our Tweets, updates and profiles.
F-Secure is dedicated to creating products that protect your irreplaceable data, content and time, so you don’t have to worry about all of these endlessly evolving threats on the web.
We want to thank Mourad for this chance to lay out some of the security solutions we’re offering for 2010.
F-Secure Internet Security 2010 includes comprehensive anti-virus, anti-spyware and firewall along with several breakthrough technologies. DeepGuard 2.0 uses “in-the-cloud” computing to provide instant protection against new threats. Browsing Protection reveals dangerous and corrupted sites while Exploit Shield blocks suspected malicious activity. The Exploit Shield technology in Internet Security 2010 would have helped Google block the recent Aurora attacks . Internet Security is available for Windows XP, Windows Vista and Windows 7 operating systems.
Anti-Virus 2010 is based on same technologies as F-Secure Internet Security. It offers enhanced protection against viruses, spyware, infected e-mail attachments, and other malware. F-Secure Anti-Virus is also available on Windows XP, Windows Vista and Windows 7 operating systems.
Data that exists inside only one internet-connected PC is always at risk—especially as new threats threats like ransomware emerge. F-Secure Online Backup creates unlimited online copies of the important files on your computer. F-Secure Online Backup gives you safe and easy access to your backed-up pictures, documents and other digital content anywhere over the Internet. It’s available Windows XP, Windows Vista, Windows 7 and Mac OS X operating systems.
In addition to our premium personal and business tools, F-Secure will update many of the free technologies we’ve created to protect users and minimize the spread of threats.
Health Check is a free browser-based solution that can be used to check that your computer has up-to-date internet security product and that your applications doesn’t contain any known vulnerabilities. It will also assist the customer to solve any problems it might find. F-Secure Health Check works on Windows XP and Vista machines with Microsoft Internet Explorer 6/7 or Mozilla Firefox 3.0.
Online Scanner is a free browser based solution that can be used to scan your computer for malware. Online Scanner works on Windows XP and Vista machines with Microsoft Internet Explorer 6/7 or Mozilla Firefox 3.0.
The links posted on social networks create the greatest threat to users’ safety. Our newest free tool, Browsing Protection is a way to check if a website is dangerous so you can protect your identity as you visit new sites. It’s available though any web-connected browser.
In just a few years, more people will access the web from mobile devices than from conventional PCs. F-Secure is dedicated to securing smartphones as they become more connected, smarter and contain crucial more business and financial data.
Our newest mobile product protects against the most immediate threat to your phone—theft or loss. With Anti-Theft for Mobile, you can remotely lock the phone and protect the information it contains with a single SMS message. Even if a thief changes the SIM card, the Theft Control feature locks the phone and informs you of the new number. As an ultimate safety measure, you can erase all the data on the phone with Remote Wipe.
Mobile Security includes anti-virus, anti-spyware, a firewall along with anti-theft. It operates seamlessly with automatic updates keep the phone constantly protected. F-Secure released its first mobile security product ten years ago this February.
For information about our business solutions, please check out our site. We also invite you to follow our regular updates @FSecure on Twitter and Facebook.
make sure you subscribe to my RSS feed!
Panda Cloud Protection Secure Endpoints and Emails
Posted by Mourad Ben Lakhoua in Anti-Viruses, News on November 11, 2009
Panda Security software company has released a new solution aims to protect email and computers from Today’s major threats including spyware, rootkits and viruses.
Panda Cloud system has been firstly introduced as a beta version in the beginning of April. It was the first AV solution that are based on the concept of software as a service to address many key issues in the small and medium businesses like eliminating the traditional costs and time associated with the antivirus implementation (Hardware and software) and no additional money for maintaining the AV solution.
The Cloud Antivirus works by classifying threats into executables that must be scanned immediately, and non-executables that are checked at a lower priority usually when the machine is idle this help in treating a great amount of data without consuming the memory resources during the work.
you can find more details here.
make sure you subscribe to my RSS feed!
Microsoft Security Essentials First Week
Posted by Mourad Ben Lakhoua in Anti-Viruses, News, Tools on October 20, 2009
Microsoft security Essential the new antivirus solution has been downloaded during the first week by 1.5 million users.
The Free Antivirus has been able to detect 4 million malicious software during the period of 29 September to 6 October on 535,752 PC. Majority of these infected computers are running Windows XP while we find less infection on Windows Vista and Windows7.
According to Microsoft AV computers reporting the most common Infections at the United states were Trojans, while in China computers are more infected by several Malicious application including Adware, spyware and in Brazil the main Malware are worms especially Conficker.
Here you can find Microsoft presentation that lists the malware statistics but at AV-Test.org which is an independent organization has listed Microsoft Security Essentials in better position among other free antiviruses including AVG and Avast in terms of scanning speed and level of threat detection .on the other hand the AV still require improvement on the Malware behavioral analysis.
make sure you subscribe to my RSS feed!
Microsoft AV will be out soon!
Posted by Mourad Ben Lakhoua in Anti-Viruses, News on September 23, 2009
Microsoft has released an announcement that the free anti-virus package Security Essentials is now reached the final phase.
Microsoft Security Essentials will have the basic requirements for competition among some major security software companies like Symantec and McAfee with a low price AV solution. The new product is designed to protect computers with Windows XP, Windows Vista and Windows 7 operating system from viruses, Trojans, spyware, rootkits, etc.
Security Essentials Beta Testing version has been issued last summer: the package was downloaded by 75 thousand users from all over the globe. Reviewer’s opinion generally was positive. In particular, there has been user-friendly interface and a fairly wide range of settings.
As described in the announcement Microsoft Security Essentials (MSE) final version will be presented in the coming few weeks. It sounds like the package will be released on the Windows 7 presentation , which will be held on October 22.
Minimum requirements to run the Security Essentials are: 500 MHz CPU and 256 MB RAM with Windows XP and processor at 1 GHz and 1 GB of RAM for Windows Vista or Windows 7.
This appears very attractive especially that Microsoft is trying to integrate all the protective measures in the whole infrastructure but what about non windows platform.
make sure you subscribe to my RSS feed!
-
You are currently browsing the archives for the Anti-Viruses category.
SUBSCRIBE
Latest Comments