05/12/2010

Trojan in So-Called Windows 7 Compatibility Checker

Antivirus firms BitDefender and Sunbelt Software, among others, have identified new malware they're calling, "Trojan.Generic.3783603"

According to Sunbelt, The malware immediately creates a backdoor to the user's system, which then allows remote access for cyber-criminals to obtain confidential information or install more malicious software.

While the delivery vehicle isn't unique, it targets its victims randomly through spam emails, this appears to be the first one disguised as a so-called, "Windows 7 Compatibility Checker." Even though Windows 7 has been widely available since October 2009, here we are over six months later with unsuspecting users now being duped into installing this scumware.

BitDefender says in their notice,

The infection rates reflected by the BitDefender Real-Time Virus Reporting System indicate the beginning of a massive spreading of Tojan.Generic.3783603.

"Although this phenomenon has just started, it seems that it’s just a matter of time before the cybercriminals control a huge number of systems.

"Infection rates are also expected to boom because of the effective social engineering ingredient of this mechanism, namely the reference to the highly popular Microsoft® Windows® OS.

While security professionals shouldn't have to keep saying it, evidently it needs to be said:

  1. Never, ever open an attachment from unknown contacts
  2. Be wary of opening an attachment sent from someone you know when you're not expecting it first. (Many computers have been infected when one person's computer gets infected then the virus emails itself to everyone in the infected person's address book.)
  3. Install, run, and keep updated the best antivirus firewall software or Internet security suite you can afford.

08/17/2009

Antivirus Software: What's Real? What's Fake?

One of the growing concerns for many security and antivirus professionals is the dramatic growth of fake antivirus software.

The idea behind fake A/V software is to trick unsuspecting consumers into downloading and installing their fake software in an effort to get trojans, viruses, spyware, and other malware installed onto PCs in the process.

There's nothing real about the fake software, except the threat it poses.

The process works like this:

  1. Trick consumer with a real looking, real sounding ad on an (often unsuspecting) legitimate website
  2. Get consumer to install the phony (but very real looking) antivirus application
  3. Stuff any number of trojans, keyloggers, spyware, and other evil applications into the fake antivirus program
  4. Use the newly infected computer to do their bidding, including (among other things):
    1. identity theft
    2. credit card fraud
    3. bank theft
    4. infecting other computers
    5. spamming

Solution to the Fake Antivirus Software Problem

Word is filtering out today about a way to tell fake antivirus software from legitimate ones.

A new site from security and SSL vendor Comodo of a project they're backing called, "Common Computing Security Standards Forum," aims to help consumers figure out what's real and what's not.

In their list of all known legitimate antivirus software vendors, they hope to help put an end to the dummy antivirus programs out there and to help consumers stay clear of the crap.

In addition to thanking them for their efforts, here is a complete list of current antivirus vendors known to Comodo to be the real deal:

Legitimate Antivirus Software Vendors
  • AhnLab
  • Aladdin
  • ALWIL
  • Antiy
  • Authentium
  • AVG Technologies
  • Avira GmBH
  • BitDefender (BitDefender Antivirus & Internet Security)
  • BullGuard
  • CA Inc (CA Anti-Virus)
  • Checkpoint
  • Cisco
  • ClamAV
  • Comodo
  • CSIS Security Group
  • Drive Sentry
  • Dr.Web
  • Emsi software
  • ESET
  • F-Secure
  • Fortinet
  • Frisk Software
  • G Data Software
  • GFI/Sunbelt Software (VIPRE Antivirus & Internet Security)
  • Ikarus Software
  • Intego
  • iolo
  • IObit.com
  • Kaspersky Lab (Kaspersky Anti-Virus & Internet Security)
  • Kingsoft
  • Malwarebytes
  • McAfee McAfee VirusScan Plus & Internet Security)
  • Norman
  • Panda (Panda Antivirus Pro & Internet Security)
  • PC Tools
  • Prevx
  • Rising
  • Sophos
  • SuperAntispyware
  • Symantec (Norton AntiVirus & Internet Security)
  • Trend Micro (Trend Micro AntiVirus & Internet Security)


  • You'll note, every one of the programs (reviews linked above) are included in our antivirus reviews since day one of our site are included on the list.

    If you know of other legitimate A/V software not on the list, please contact us so that we can share your insight with the folks at Comodo.

    07/15/2009

    Microsoft ActiveX Bug Targets Internet Explorer & Excel

    Sad to say, the bad guys are at it again.

    Computerworld brings news of a new, as yet unpatched ActiveX bug that's being exploited to compromise PCs.

    Already because of these attacks, threat conditions have been raised by several antivirus vendors including, Sunbelt, makers of VIPRE; Symantec, makers of Norton AntiVirus; and makers of McAfee VirusScan.

    Antivirus Vendor Threat Details Page
    Sunbelt Sunbelt Security Blog
    Symantec Symantec ThreatCon
    McAfee McAfee Avert Labs



    Additionally, SANS.org's ISC (Internet Storm Center), temporarily went to condition yellow, with the release of this ISC Diary Entry called, Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution.

    Here are some key highlights from ISC's Diary entry,

    • "The vulnerability is being actively exploited on web sites."
    • "One other obvious mitigation step is to use an alternate web browser (as in other than IE) that does not make use of ActiveX." [AVR Editor's Note: If you haven't already tried Mozilla Firefox, we recommend you download Firefox and give it a try.]
    • Attack vectors include,

      "A .cn [Chinese] domain using a heavily obfuscated version of the exploit." [AVR Editor's Note: The key word here is "obfuscated." You may not even know you're on a Chinese domain being infected with this virus when it happens.]
    • Another attack vector mentioned was, "A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML.

      "This one was particularly nasty, it was specifically crafted for the target - with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient.

      "Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim's domain/IP range would not reach with the server."

    Regrettably, as with many things, the bad guys beat Microsoft to the punch, and a patch for the security vulnerability hasn't yet been released.

    In the mean time, Microsoft has a manual Active X Vunlerability Workaround [AVR Editor's Note: Look for 'Enable workaround' beneath the 'Fix it for me' section'.]

    Here are further details of Microsoft Security Advisory on the MS Office ActiveX Vunerability.

    01/05/2009

    This Year's Resolution: Get Antivirus Software

    A good reminder came by way of a Montreal Gazette article on antivirus software, one of the fine newspapers published by our Neighbors to the North: "Okay, okay, this year, I’ll get anti-virus software.' Say it and mean it."

    Marc Saltzman, who penned the piece, brings up a great point: since buying a new PC (given the state of the economy for many people) is perhaps not a priority, protecting the one you have should be.

    He talks about five of the six things we urge everyone to do. Here's our list (in order):

    1. Run antivirus software
    2. Run antispyware
    3. Keep your OS and the software you run updated
    4. Perform backups
    5. Defragment your hard drive

    The only thing missing:

    Run firewall software.

    The default one built into Windows doesn't count. It stinks. In overall importance, we'd put firewall software at the top of the list tied for first for number 1 with antivirus software.

    While you're running through this checklist yourself, take a look at our new antivirus reviews for 2012. You'll see the "best antivirus software" on our list for 2012, and it has built-in antispyware and offers an optional firewall software, too, in the VIPRE Internet security version.

    With our coupons you can have a complete PC security solution and be out the door for under $30, and you'll be three steps closer to keeping the bad guys out and protecting your computer.

    Bear this in mind, too, the most important thing on your computer probably isn't the computer itself. It's the data.

    And even if by some strange chance you put zero value on the data on your computer, there's still the cost--both in time spent and actual cash spent--to get your computer fixed if it gets infected.