Social engineering has sunk really low…
Someone could think that the strategies currently executed by cyber-criminals to extort personal information are sophisticated, dangerous and antivirus software-proof. Maybe it’s just like this, however it’s as much true that next to the fine technique the aforementioned criminals still use dirt cheap tricks against which there wouldn’t theoretically be any need for the antivirus at all. It would be enough to have one’s own brain always turned on when in front of the screen.
W32.Changeup, the eMule-aided worm
File sharing platforms abuse by malicious code is a fashionable habit since years now. A malware usually just checks if the infected machine hosts a peer-to-peer software, but the W32.Changeup worm detected by Symantec (among the others) goes beyond and rather than searching for a P2P tool it installs its own “private” eMule copy to replicate itself. The malware is noteworthy for its ability to “assist” downloading and spreading of additional computer threats.
Sality, the virus that turned into the ultimate malware
Computer threats are continuously evolving, and there is who would even pretend that they did the leap from the machine to man by infecting RFID microchips installed under the skin. But even though they remain a “simple” IT issue, some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design capable of constantly putting security companies under pressure. A remarkable “intelligent” threat is for instance Sality, the new generation file virus that according to Symantec has practically turned into an “all-in-one” malware incorporating botnet-alike functionalities as well.
“Solo” the Pentagon cracker very close to extradition to USA
Gary McKinnon lost another battle in his long legal war against the extradition to United States when, some days ago, Home Secretary of United Kingdom refused to examine the new medical evidence submitted by the defendant. In a letter dated November 26 and directed to lawyer Karen Todner, Secretary Alan Johnson expressed his “firm view that McKinnon’s extradition would not be incompatible with his human rights“, therefore “his extradition to the United States must proceed forthwith“.
New proactive test by AV-Comparatives: are false positives really that important?
The AV-Comparatives Austrian labs have just released their antivirus test for November. Following the usual practice of alternating (during the year) the analysis of the known malware detection rates and that on the antivirus software proactive capabilities, report n.24 follows the previous one related to the malware test-bed collected between January and August 2009 but, contrariwise to this last one, compares the same products to more than 23,000 new samples gathered within the week following the antivirus signatures update.
AV-Comparatives feels the pulse of the IT security
During the past weeks AV-Comparatives released the results of its latest antivirus software tests. Report n.23 follows the previous one released in May but it tackles, as the Austrian experts usually do, malware detection rates achieved by the antivirus programs when confronting a test bed of known threats.
AntiVir Personal is 10 years old and Avira gives its customers a gift
It’s celebration time for Avira, the German security company headquartered in the little town of Tettnang best known for its renowned antivirus software. AntiVir Personal, the free antivirus offered by Avira to its customers has recently marked its tenth anniversary, and to properly celebrate the occasion the company prepared a special offer for who decided to purchase one of its commercial products within the next few days.
How the security industry reacts to a bootkit maker
Austrian eighteen years old Peter Kleissner recently become famous for being the author of Stoned, the tool which exploits Master Boot Record rootkits techniques to bypass Microsoft operating systems protections and allow the execution of unauthorized code - be it legit or not. But the popularity the young programmer gained thanks to Stoned caused disagreeing reactions by security market companies.
Induc, the silent Beast that puzzles antivirus companies
In the last part of August, the malware known as Induc was the subject of reports and alerts from the main antivirus and security software manufacturers. Kaspersky, the Russian company that claims to have been the first to detect and report it, returns to look more closely at the issue revealing some important details on what seems like a unique case in the recent malicious software landscape.
The 5 all-time worst malware according to Trend Micro
Trend Micro, a Tokyo-based security enterprise with over 4,000 employees in more than 30 countries, has recently asked the experts from TrendLabs (its global research organization) to make an updated list of the worst computer plagues ever. The resulting list includes 5 noteworthy examples of widespread infections which represented, during their respective period of wider circulation, the most dangerous security threats users and companies could have faced.
New tricks for file viruses
File viruses are only a small part of nowadays malicious code diversified landscape, and yet these ancient malware designed to infect legitimate software by parasitizing its executable routines continue, every now and then, to hit the headlines with news worth the attention. The latest couple of examples of this remarkable endurance ability affects an old but still popular development environment and the most known among CAD (Computer Aided Design) programs.
From the past to the future, the new bootkits menace
As security experts have already highlighted in this months and years, the trend of the most sophisticated malicious code is to be able to reach the lowest levels of the machine to infect, putting out of the game all the security mechanisms and gaining full control of the PC and the operating system. This trend embraces more and more the term “bootkit”, literally a bootable rootkit, on which the attentions of researchers and Assembly code enthusiasts have recently focused uncovering new, potential threats with an ancient heart and dangerous security flaws sold as malware-proof security measures.
AV-Comparatives tests antivirus software proactive defenses
With the usual punctuality from which I should learn something, at the end of May the Austrian labs of AV-Comparatives released the second part of the first antivirus comparative of 2009, comparing the previously tested security software with unknown threats for which there still is no specific signature. In such a scenery malware detection rates tend to drop drastically, and only the most advanced engines are able to succeed by obtaining the best results.
AV-Comparatives releases a new round of antivirus tests
After having crowned AVIRA AntiVir the best antivirus of year 2008, in these weeks the team of AV-Comparatives experts has returned to prove the security IT industry by arranging a new antivirus comparative. Report n.21 is the first made during 2009, follows the previous one released in November but unlike the latter aims at verifying the antivirus capability of detecting known viral samples.
Klaatu, barada, nikto, Conficker!
More than a week after the 1st of April, the day when the Internet stood still because according to the press the Conficker/Downup/Downadup/Kido worm could have destroyed the net, the infrastructures, civilized mankind and the entire planet things are going more or less as usual: Internet remains a dangerous place but it hasn’t exploded like a supernova, and bits are flowing quickly from a part to another one of the planet. The true novelty is that the botnet built up by one of the most complex malware ever finally shows what its true purpose is.
Rootkits penetrate the heart of the machine
Since, in 2005, the nasty commercial policies of Sony BMG uncovered the possibility to seize control on the operating system to hinder the normal working of the PC and peripherals, the evolution of rootkit software went through an unparalleled acceleration. The interest for the matter rose in research and among cyber-criminals gangs, with the result that can be esteemed in these days: rootkits have reached the lowest levels of electronic devices circuitry by infecting network routers, the BIOS and even the most privileged working mode of the x86 processors.
Conficker worm asks for instructions and gets an update
Conficker/Downup/Downadup/Kido malware, Symantec writes in the first edition of The Downadup Codex, “is, to date, one of the most complex worms in the history of malicious code“. At first spread through a flaw within the Windows Server service, the threat has grown immensely because of a combination of elements that facilitated its diffusion and drove the IT industry to unite in the attempt to block its further proliferation.
Conficker, it’s open war between the industry and malware writers
Conficker (also known as Downup, Downadup or Kido) is the worm that first, after the Sasser outbreak in 2004, was able to exploit a flaw in a Windows remote service, and due to this unusual ability the malware became in turn the target of a large part of the IT industry that, leaded by Microsoft, is trying in these days to defuse the time bomb of an enormous botnet yet with unknown practical outcomes.
File viruses, the outbreak goes on
As previously highlighted, traditional viruses, the ones that nowadays are generally defined as “file viruses” and target executable programs parasitizing and exploiting them as a medium for their propagation, even though reduced to a marginal component of the crowded zoo of beasties making up modern malware aren’t vanished at all. A confirmation of this is the fact that, after the Sality case, new parasitic viruses families have in the past days caught the attention of experts and security firms.
Sality virus, the species evolution
The numbers clearly demonstrate it, nowadays the main threats to computer security are those coming from worms, trojans, backdoors, malicious code categories that have nothing to do with the historical “viruses”. But those digital parasites which travelled from file to file (and from floppy to floppy), hunting for new habitats and new victims to infect still survive today when malware is a business and the worm-based botnets have a scary amount of zombie-PC to use against institutions, firms or the network infrastructures of entire nations.
-
· Subscribe to Sir Arthur's Den ·
-
· © Some Rights Reserved ·
The exclusive contents of Sir Arthur's Den are distributed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License, and must be ascribed to Alfonso Maruccia as the sole owner of the related copyrights.
