The securityfix has a post on the “dirty little secret” about antivirus. Eugene Kaspersky of Kaspersky antivirus has posted an introspective article on the antivirus industry and it’s current problems. The biggest problem with antivirus is that it’s always one step behind the virus writers. Antivirus software only can prevent you being infected by those viruses that the antivirus software knows about. In other words a quick, fast spreading infection can hit you anywhere between hours-days before your AV vendor has an update.
Category: Viruses
-
Ooops… hard drive maker ships trojan on storage media
Oooops… According to the Sunbelt blog a Japanese storage maker (I-O Data Device) has offered to exchange drives that were discovered to have been shipped out with the Tompai-A, a worm which would give a cracker backdoor access to a machine. It affects portable hard drive’s in the companies HDP-U series.
-
FBI / CIA virus
Well… the media has taken the drab name of w32sober.X@mm or w32sober.x or w32sober.y, W32/Sober.AD-mm or any of those other drab names that we’ve been looking at the last week and dubbed the latest big virus, the FBI/CIA virus…. and it’s gotten a lot of press the last few days. I suspect as people head back to work from Thanksgiving, we may see a slight bump in traffic. (Bringing infected laptops into the network maybe? or just home/office users getting back to work…)
-
New Beagle/Bagle variant?
So, I submitted the suspicious attachment I received to virustotal (scan@virustotal.com with SCAN in the subject and suspicious file as attachment.) What follows below is the report I received. It looks like some of the big names (Symantec, McAfee are not finding anything wrong with it at this point, with the hodge-podge of names it will take me a bit to investigate and see if the other vendors are tagging it as new.)
-
New Sober variants..
Ok – there are some new variants on the Sober worm circulating. I received one on an address that’s unfiltered (no virus/spam filtering) and must say, I can see people being duped into looking at the attachment. Sans has a post on it.. Sarc is calling it W32sober.x@mm and rates it at a threat level of three. I’ve seen many outlets tag it as sober.y
-
Keyloggers a growing problem
It’s interesting some years ago when viruses on Windows machines were SOOOO plentiful it seemed like that’s all I spent my time cleaning up, I thought… “you know, most viruses are prankster-ish programs. They rearrange icons, maybe cause Windows to crash, or send random files out to others, but they could be MUCH worse.” Since then, we’ve seen viruses used as delivery tools for mail relays (so that spammers can have more “safe havens”, we’ve seen viruses bring in spyware, both of the last two for “fun and profit”. I don’t know that we’ve really seen the WORST that a virus could be designed to do. However, I’m afraid we’re getting there.
-
New Sober virus variant coming
This is unusual, but there is advance notice from the Bavarian Police warning about a new variant on the Sober worm which will be released tomorrow. More information can be found at f-secure, as well as sunbeltblog.
-
Sony BMG is still having a bad week….
Unfortunately a LOT of people that have bought Sony-BMG cds (or borrowed, whatever…) are going to have some headaches too. By stock in Tylenol or Aleve or something…. anyway… here’s todays roundup of Sony Rootkit news. Including a virus borrowing the gift of SONY…
First up is some “backstory” that reminds us of Sony’s attitudes in the past on the issue of piracy and what should be done about it, along with the precient “I think most people don’t know what a rootkit is” satatement.
-
MS05-053 Microsoft Windows Image Viewing Vulnerability
Two notes on the Windows vulnerability patched day before yesterday. There is a trojan in the wild exploiting it and Symantec’s AV definition to detect such an exploit is a bit too paranoid and flags lot’s of emf files as having an exploit for the same. The workaround is to disable emf files from virus scans.
-
XML RPC worm new variant
There seems to be a new variation on the xml rpc worm spreading about, so patch patch patch. If you have php and vulnerable software on a web facing server, patch.