ADTMAG.com has an interesting article talking of the convergance of spyware and more sophisticated phishing attacks. They talk about the convergance of viruses and spam engines that happened in 2003 as a real shift in the dynamic of WHERE junk mail was coming from. Today botnets account for about 90% of the spam online, and of course, the botnets are the zombie armies that can be (and are being) utilized to bully web pages off the net, or extort large amounts of $$ due to denial of service attacks.
Category: Viruses
-
Big trouble – you don’t have any viruses….
You know, I’ve seen soooo many antivirus vendors that are somewhat ethically challanged claim that cookie files are a big threat, or in worse cases files that the “free” antivirus test downloaded are dangerous “you should be glad we got here in time – where’s our $30 to fix things…” kind of message, but from a mainline, well known antivirus vendor you expect better…. Over at Spyware Confidential, after an online scan at a leading AV vendor, they’ve received a couple of emails explaining the great danger their computer is in after the scan turned up 0 viruses and 0 infected files.
-
New malware sightings
Incidents.org had an entry in the last couple days on a malware infestation that was interesting and showed a couple things. 1) You can’t bet on antivirus to keep you safe (the initial installer was not detected by most AV vendors – suspicious by 1.) (If you think about it, this makes perfect sense – antivirus is reactionary and needs to have seen a bug once to recognize it again.) 2) Malware, once in the system, can bring all their friends.
-
Circuit City Support forum serving up trojan….
Embarrasing…. and a big pain in the neck for any of their visitors… It seems as though if you’ve visited Circuit City’s Support Forum with an unpatched Internet Explorer, you likely have a trojan/backdoor of some sort on your pc. (Assuming Explorer hasn’t been patched since January. In reality – if you haven’t updated explorer since then, there are likely SEVERAL backdoors. Call someone to work on it….)
-
Symantec Antivirus Remotely Exploitable Vulnerability
This is bad – whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they’re waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus package out there. It looks as though, from Symantec’s advisory, that the Norton Antivirus product line is not affected, ONLY “Symantec Client Security 3.1” and “Symantec Antivirus Corporate Edition 10.1”
They have released IDS updates to try to detect attempted exploits of this….
-
Zero-day ( 0-day) Microsoft Word exploit
There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that’s dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit file dropped as of yesterday, although it’s looking like f-secure now has detection and I would suspect other AV vendors.
Essentially, one organization reported in to incidents that they were receiving emails with MS Word attachments. One user noticed that a domain name in the email wasn’t exactly correct…
-
Nugache the latest in bot-net technology… and why you should care about botnets…
To show you where the threat with bot networks is going there’s a story today on Nugache (Symantec summary) which is a bot that takes advantage of a number of clever tricks to avoid having the whole bot net shut down, allow command and control on an encrypted channel and essentially have no “human readable strings” in any of it’s communications. The encryption of it’s connections makes it harder for IDS to catch it (as they rely on signatures of traffic.
-
Multi-OS virus?
The multi-OS virus may be a proof of concept, but it could be a sign of bad things to come. Let’s face it, there have been viruses that have taken advantage of multiple ways of spreading (email/open network shares/instant messengers…) It would almost make sense that even though it’s POC…. it may be quickly incorporated into future virus strategies….
-
The Blackworm, Nyxem, KamaSutra Worm…
Lot’s of news following up on the Nyxem worm in the last few days. It’s currently going under a number of names, the Kama Sutra Worm, Blackworm are some of the more common names. Sans has a page for information on the worm here. Microsoft has detailed manual removal instructions. The counter that logs the worms infections, is close to 2 million. That last note might be taken with a grain of salt, as the counter is tracking all visits to the page, even curious security researchers. Why all the big fuss?
-
A Deeper look at Nyxem
First I should raise an alarm of warning on this one, this virus is supposed to overwrite all accessible document files (network shares too) on the 3rd of the month, so February 3rd we may be seeing some problems. Don’t wait until then to make sure you have current antivirus definitions. The Nyxem virus though does something else interesting.