|
Updates
 A
compilation of the latest information about viruses and worms, security issues
and patches to rectify the same
Rogue Microsoft update site
F-Secure recently spotted a rogue Microsoft update site that resembles the original
Microsoft site. There are certain flaws in the spoof site that end users need
to be aware of. Note the URL in the address bar (cfm48.com) and the spelling
errors (“Please intall”). On this site, on clicking the ‘Urgent
Install’ button, a file named ‘Windows UpdateAgent30-x86-x64.exe’
opens. This is not signed by Microsoft. This is a fast flux site and it uses
a wide range of IP addresses. Users should be careful white using the Microsoft
Website for updates. The dropper is now detected as Trojan-Dropper:W32/Agent.DYD,
and the dropped malware was already detected as Backdoor:W32/Agent.CVU; this
is functionally the same as the earlier Backdoor:W32/Agent.CTH.
MBR/Rootkit virus
|
Trojan:W32/Agent.DXH
Trojan-Downloader:W32/Agent.ICF
Trojan:W32/Delf.AOO Trojan:W32/Delf.AOO Worm:SymbOS/Beselo.B worm:SymbOS/Beselo.A
Backdoor:PHP/Obfu
Trojan-Spy:W32/Zbot.GO
Trojan-Downloader:W32/Agent.BRK
Trojan-Downloader:W32/Small.HSG
Source: F-Secure
|
When a user has a computer infected with an MBR/Rootkit virus, it is difficult
to detect the same as there are no specific indicators. This evolution of malware
is less detectable and harder to clean and it is expected to become prevalent.
Users can apply prudent principles of safe computing in depth in order to temporarily
safeguard their computer.
One defense method that software security firms are studying is a combination
of white lists and black lists to improve protection. According some security
experts, it is easier to lock out untrusted programs from running on a computer
than to detect and remove malware. IT managers need to find and prevent these
possible intruders at the outer bounds of their networks.
Identity fraud goes down
According to a study, the rate of identity fraud dropped for the second straight
year in a row, and fraudsters relied on offline channels for their attacks.
The 2008 Identity Fraud Survey Report, found that the incidence of identity
fraud fell 12%. The damages per incident increased, however, by a quarter to
$691. In addition to this, thieves appeared to fall back to old methods of stealing
identity information, using mail and telephone fraud 40% of the time, while
online attacks accounted for only 19% of cases.
Many businesses are taking steps to educate consumers about ID fraud risk
factors and the effort seems to be paying off. Despite that fraudsters are becoming
creative and leveraging new techniques to commit fraud. Therefore, one needs
to be as attentive as ever in rotecting personal information.
Anti-virus Web site hacked
Indian anti-virus company AvSoft Technologies’ Web site has been hacked.
Instead of offering protection from viruses, the site started downloading a
virus to users’ machines. AvSoft is a security company that offers two
products, SmartCOP and SmartDOG. It also offers a service for recovering data
after a virus attack has occurred
The infiltration has been identified by third-party security researchers. The
vulnerability has been exploited on the download page of the AvSoft S-Cop site
and manages to open an invisible window, which loads to an alternative server
and downloads the malicious software–all without a user’s knowledge
or consent.
The attack is known as an iFrame injection, and the software used is of the
Win32/Virut family. It is not yet clear that how the malicious code got on to
the site. It may just come down to programming error in the SQL or PHP code
used on the site which would yet again prove that how bad code can lead to a
vulnerable system.
|
