Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
A common tactic used by malware is to block the infected computer from connecting to the Web sites of antivirus and security companies. Such blocks are meant to prevent you and your antivirus program from getting help in removing the infection. The Conficker worm and many other types of malware take this step, and one good thing that came out of all the hype and drama surrounding last week's April 1 doomsday for Conficker was this little gem from the Conficker Working Group, an industry coalition formed to fight the worm. The group's "Conficker Eye Chart" pulls images from three sites that Conficker is known to block and displays them in a box. Below the box is a guide to interpreting how you see the images -- if they all show up you're in good shape, but if one or more doesn't display it could indicate a Conficker (or other malware) infection. It's a smart and near-instantaneous test that couldn't be any easier, but keep in mind that if your computer uses a proxy server for Web traffic, which can be the case in some companies, you might be infected and still be able to see the images.
The amount of spam being sent via email rose by a third last month, with fake invoices among the most popular ways of infecting users with malware, according to the latest research. MXLogic's Threat Forecast and Report revealed that the total spam volume climbed 34 per cent between February and March. As a percentage of all email traffic, junk messages also rose to 84.8 percent from 83 per cent in February, highlighting the need for adequate security protection, which may require London IT support. Social networking sites are increasingly being used to trick people into downloading malicious content, according to the report. MXLogic says it expects this trend to continue in the future, which could suggest the need for adequate internet security policies in the workplace. Recently, security experts have expressed concerns about the Conficker virus and Microsoft has offered a substantial reward for information about the programmer.
Spam levels rose by a third last month to reach nearly 85 per cent of all email traffic, the highest since the McColo shutdown last year, according to the Threat Forecast and Report (PDF) from email and web security firm MXLogic. Healthcare promotions were the most prevalent type of spam in March, and some spammers used cutting-edge geo-location techniques to localise the message for specific recipients. The trend of using social networking sites to persuade users to click on links in messages continued, and many unwanted messages appeared to come from Facebook or Classmates.com, according to MXLogic. "The messages included a link to an adult video of a friend named 'Amanda'. Of course, this was simply an attempt to trick users into downloading malicious malware," the report said. "We expect to see more and more of this in the future, although with some slight changes in the form of new social engineering tactics, or even changes in traffic volume, as we saw in March."
When Congress passed the CAN-SPAM Act in 2003, it included cell phones by banning the sending of spam e-mail to cell phones. At the time, no one contemplated the phenomenal growth of Short Message Service text messaging, or SMS. By 2007, more than 1.1 million wireless spam text messages were delivered in the United States. Hoping to curb that trend, Sens. Olympia J. Snowe (R-Maine) and Bill Nelson (D-Fla.) have introduced legislation that would strictly prohibit commercial text messages to wireless numbers listed in the Federal Trade Commission's Do Not Call registry. "Mobile spam invades both a consumer's cell phone and monthly bill," Snowe said in a joint statement with Nelson. Snowe added that mobile spam text messages often contain viruses and malicious spyware. "This significant and looming threat must be addressed in order to protect consumers and vital wireless services," Snowe said. Mobile spam jumped 38 percent from 2006 to 2007 and similar increases are expected in the future. Moreover, spam text messages cost consumers money: Wireless subscribers typically are charged for receiving text messages as well as sending them, sometimes as much as 20 cents per message. "Spam e-mail is bad enough," Nelson said. "Now, we are seeing a proliferation of unwanted text messages—and consumers are getting stuck paying."
Microsoft is working with Facebook to keep the persistent Koobface virus off the popular social-networking site, the companies said on Thursday. "In working with Facebook, we were able to add detection of Koobface to our Malicious Software Removal Tool (MSRT), which checks computers running Windows software to detect and remove viruses," Jeff Williams, a principal group program manager for the MRST, wrote in a guest post on the Facebook Blog. The MSRT has removed Koobface nearly 200,000 times from more than 133,600 computers around the world just in the past two weeks, he wrote. Koobface is a mass-mailing virus that arrives in Facebook users' in-boxes announcing a message like "You look funny in this new video." Clicking on the link takes recipients to a Web site where they are prompted to download a Trojan masked as an Adobe Flash update. The Trojan could allow an attacker to remotely steal a victim's Facebook password and other information or even use the computer to launch attacks on other computers. Koobface has been around since August mostly targeting social networks, and a variant that targets only Facebook users surfaced in December. Facebook has been hit by at least one other version since then. Details on how to protect against Koobface are on Facebook's security page.
April 3, 2009 (Computerworld) For the second time in five weeks, Microsoft Corp. warned that hackers were exploiting a critical unpatched bug in its popular Office application suite. In a pre-patch security advisory issued late yesterday, Microsoft confirmed that attackers were using rigged PowerPoint files to trigger the vulnerability in older editions of the presentation maker. In fact, several different exploits are on the prowl, said company researchers Cristian Craioveanu and Ziv Mador in a posting to the Microsoft Malware Protection Center's blog. Microsoft spokesman Bill Sisk downplayed the threat. "At this time, Microsoft is only aware of limited and targeted attacks that attempt to use this vulnerability," he said in an e-mail. Unlike five weeks ago, when Sisk said the same thing about a "zero-day" flaw in Excel, Microsoft's spreadsheet software, he didn't explicitly promise that the company would patch the problem. "Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," he said Thursday. The Excel vulnerability has not yet been patched. Yesterday's bug affects PowerPoint 2000, PowerPoint 2002 and PowerPoint 2003 on Windows, and the edition included with Office 2004 for Mac.
So my phone bring-brings that I have a message. I pick up the phone and I see a message that someone is trying to send me an MP3 and do I want to accept it? Hell, no. Other times, I just plain get unsolicited messages and these I pay for on my bill. It’s not an indiret cost like email spam (I don’t pay more to get more email) - it’s a direct friggin’ 10 cents on my phone bill. Sens. Olympia Snowe (R-ME) and Bill Nelson (D-FL) have teamed up to introduce a bill that will attack this problem of mobile spam. Called the mSpam Act, the bill would empower the FTC and FCC to punish those who send text messages to wireless numbers on a “do not call” registry, according to a statement. “Mobile spam invades both a consumer’s cell phone and monthly bill,” Senator Snowe said. “There is also increasing concern that mobile spam will become more than just an annoyance—the viruses and malicious spyware that are often attached to traditional spam will most likely be more prevalent on wireless devices through m-spam. This significant and looming threat must be addressed in order to protect consumers and vital wireless services.” Mobile spam in 2007 was at 1.1 million mesages, up 38 percent over 2006 levels. Those 2008 numbers should be interesting.
Spam levels have finally bounced back to levels seen prior to the shutdown of notorious Web hosting provider McColo in November of last year, at least from the vantage point of Postini, Google's e-mail security provider. Postini said its measure of the seven-day average spam volume didn't return to pre-McColo measurements until March 23. "What we have seen in Q1 is a slow but steady return to before-McColo" spam levels, said Adam Swidler, Postini's product marketing manager. Still, just as some anti-spam hardware and software vendors saw anywhere from a 50 percent to 75 percent drop in spam after McColo was shuttered, depending on their view, I should note that some e-mail security providers cited a resumption of pre-McColo spam levels as early as December. As far as spam trends in first quarter 2009, the spammers appear to be dusting off tried-and-true infection and distribution methods, Postini reports. Virus-laden e-mail attachments fell out of style for a while, but in February the number of viruses sent as e-mail attachments increased nine-fold compared to the same time in 2008. According to Postini, spammers also have been finding success with location-based services that customize e-mails so that they appear to be about local news events that are geographically close to the recipient.
Webroot has uncovered adware that targets the Firefox platform. The malware resembles DNSChanger, a common DNS hijacking threat, but operates differently. Instead of hacking the registry to change DNS, the new variant throws a DLL into the C:\Program Files\Mozilla Firefox\components directory and therefore runs inside the browser. This is not a vulnerability in Firefox in any sense; in order for this to happen the user has to run a malicious program as Administrator or some other privileged account. But it does show that some malware authors see enough potential in Firefox to write special malware for it. The use of a DLL does make the malware specific to Windows, although it may be possible to write versions for other platforms as well. Like DNSChanger it intercepts certain operations, like search requests, and redirects them through a Ukrainian host previously used by DNSChanger. A second piece of Firefox adware came bundled with the installer for a 3rd party Firefox plugin called PlayMP3z. The terms of service agreement that everyone just clicks through explicitly permits the software. It's called Foxicle and it generates popup and popunder ads. Once again this isn't Firefox's fault; you chose to install it, you got what you asked for. Success for the early entries in the Firefox malware market could set a signal for other IE-only players that it's time to go cross-platform.
Malicious web sites and emails have reached their highest levels in months, according to a recent report from Symantec. The security firm's March 2009 MessageLabs Report found that the number of new sites harbouring malware jumped by 197 per cent over the past month, at a rate of 2,797 new sites every day. Levels of malicious spam have also risen to their highest levels since the fourth quarter of 2009, when spam traffic was dramatically reduced by the shutdown of McColo. The attacks continued to follow popular trends, according to the Symantec researchers. Events such as Saint Patrick's Day and the NCAA basketball tournament were popular lures, and attackers continued to exploit the economic crisis. The report also identified new infection techniques. Recent attacks have favoured tactics such as injecting malicious script code into images, and targeting security flaws in web browsers.
